3 kHTTPd - Kernel httpd accelerator
5 (C) 1999 by Arjan van de Ven
6 Licensed under the terms of the GNU General Public License
13 kHTTPd is a http-daemon (webserver) for Linux. kHTTPd is different from
14 other webservers in that it runs from within the Linux-kernel as a module
17 kHTTPd handles only static (file based) web-pages, and passes all requests
18 for non-static information to a regular userspace-webserver such as Apache or
19 Zeus. The userspace-daemon doesn't have to be altered in any way.
21 Static web-pages are not a very complex thing to serve, but these are very
22 important nevertheless, since virtually all images are static, and a large
23 portion of the html-pages are static also. A "regular" webserver has little
24 added value for static pages, it is simply a "copy file to network"-operation.
25 This can be done very efficiently from within the Linux-kernel, for example
26 the nfs (network file system) daemon performs a similar task and also runs
29 By "accelerating" the simple case within the kernel, userspace daemons can
30 do what they are very good at: Generating user-specific, dynamic content.
32 Note: This document sometimes uses "Apache" instead of "any webserver you
33 ever might want to use", just for reasons of readability.
39 1) compile and load the module
40 2) configure the module in /proc/sys/net/khttpd if needed
41 3) echo 1 > /proc/sys/net/khttpd/start
45 echo 1 > /proc/sys/net/khttpd/stop
46 echo 1 > /proc/sys/net/khttpd/unload
58 There are two recommended modes of operation:
60 1) "Apache" is main webserver, kHTTPd is assistant
62 serverport -> 8080 (or whatever)
64 2) kHTTPd is main webserver, "Apache" is assistant
65 clientport -> 8080 (or whatever)
72 Before you can start using kHTTPd, you have to configure it. This
73 is done through the /proc filesystem, and can thus be done from inside
74 a script. Most parameters can only be set when kHTTPd is not active.
76 The following things need configuration:
78 1) The port where kHTTPd should listen for requests
79 2) The port (on "localhost") where "Apache" is listening
80 3) The location of the documents (documentroot)
81 4) The strings that indicate dynamic content (optional)
82 [ "cgi-bin" is added by default ]
84 It is very important that the documentroot for kHTTPd matches the
85 documentroot for the userspace-daemon, as kHTTPd might "redirect"
86 any request to this userspace-daemon.
88 A typical script (for the first mode of operation) to do this would
93 echo 80 > /proc/sys/net/khttpd/clientport
94 echo 8080 > /proc/sys/net/khttpd/serverport
95 echo /var/www > /proc/sys/net/khttpd/documentroot
96 echo php3 > /proc/sys/net/khttpd/dynamic
97 echo shtml > /proc/sys/net/khttpd/dynamic
98 echo 1 > /proc/sys/net/khttpd/start
100 For the second mode of operation, this would be:
104 echo 8080 > /proc/sys/net/khttpd/clientport
105 echo 80 > /proc/sys/net/khttpd/serverport
106 echo /var/www > /proc/sys/net/khttpd/documentroot
107 echo php3 > /proc/sys/net/khttpd/dynamic
108 echo shtml > /proc/sys/net/khttpd/dynamic
109 echo 1 > /proc/sys/net/khttpd/start
111 In this case, you also have to change the configuration of the
112 userspace-daemon. For Apache, you do this by changing
124 In order to change the configuration, you should stop kHTTPd by typing
125 echo 1 > /proc/sys/net/khttpd/stop
128 If you want to unload the module, you should type
129 echo 1 > /proc/sys/net/khttpd/unload
130 after stopping kHTTPd first.
132 If this doesn't work fast enough for you (the commands above can wait for
133 a remote connection to close down), you can send the daemons a "HUP"
134 signal after you told them to stop. This will cause the daemon-threads to
137 Note that the daemons will restart immediately if they are not told to
144 The security model of kHTTPd is very strict. It can be, since there is a
145 userspace daemon that can handle the complex exceptions.
147 kHTTPd only serves a file if
149 1) There is no "?" in the URL
150 2) The URL starts with a "/"
151 3) The file indicated by the URL exists
152 4) The file is world-readable (*)
153 5) The file is not a directory, executable or has the Sticky-bit
155 6) The URL doesn't contain any "forbidden" substrings such as ".."
157 7) The mime-type is known (*)
159 The items marked with a (*) are configurable through the
160 sysctl-parameters in /proc/sys/net/khttpd.
163 In all cases where any of the above conditions isn't met, the
164 userspace-daemon is handed the request.
170 The following parameters are settable through /proc/sys/net/khttpd:
172 Name Default Description
174 serverport 8080 The port where kHTTPd listens on
176 clientport 80 The port of the userspace
179 threads 2 The number of server-threads. Should
180 be 1 per CPU for small websites, 2
181 per CPU for big (the active files
182 do not fit in the RAM) websites.
184 documentroot /var/www the directory where the
187 start 0 Set to 1 to start kHTTPd
188 (this also resets "stop" to 0)
190 stop 0 Set to 1 to stop kHTTPd
191 (this also resets "start" to 0)
193 unload 0 Set to 1 to prepare kHTTPd for
194 unloading of the module
196 sloppymime 0 If set to 1, unknown mime-types are
197 set to text/html. If set to 0,
198 files with unknown mime-types are
199 handled by the userspace daemon
201 perm_required S_IROTH Minimum permissions required
202 (for values see "man 2 stat")
204 perm_forbid dir+sticky+ Permission-mask with "forbidden"
206 (for values see "man 2 stat")
208 dynamic cgi-bin .. Strings that, if they are a subset
209 of the URL, indicate "dynamic
212 maxconnect 1000 Maximum number of concurrent
217 More information about the architecture of kHTTPd, the mailinglist and
218 configuration-examples can be found at the kHTTPd homepage:
220 http://www.fenrus.demon.nl
222 Bugreports, patches, etc can be send to the mailinglist
223 (khttpd-users@zgp.org) or to khttpd@fenrus.demon.nl