Artifact [a70a50af88]

Artifact a70a50af88ae9581fdc066f856a988ae451d9966:


"filed" is a simple HTTP server for serving local static files over HTTP from
Linux. It does the least amount of effort possible to get to the point of
handing the actual transfer over to the kernel.

It is multithreaded where every thread services a single concurrent client.
It attempts to reduce latency by caching open file descriptors as well.

It has no configuration file and supports only minimal configuration.
Operation is described in the manual page.

The simplest usage of "filed" is to run it with no arguments.  This will start
up an HTTP server listening on port 80 and sharing out the root filesystem for
the system as the current user.  You probably do not want to share out your
root filesystem since that will expose information such as "/etc/passwd" to
anonymous access.  You probably also don't want to do that as root since then
sensitive information such as "/etc/shadow" could be used to compromise the

Therefore, the "--user" and "--root" options should be used to specify a user
for "filed" to run as in addition to a directory to change root (chroot(2)) to
prior to serving out files.

Example 1, insecure file sharing:
	$ filed

Example 2, sharing sensitive information:
	# filed

Example 3, sharing only a specific directory:
	# filed --root /www --user nobody

Example 4, running as a daemon:
	# filed --root /www --user nobody --daemon

Build Time Considerations
In general, it is best to leave all configuration to run-time so that a
compiled binary can do as much as possible without needing to be recompiled.
However, there are some things that are best done at compile time for
various reasons, especially in the name of performance or executable size.

filed admits those trade-offs are occasionally required and offers the
following tunables that can only be toggled during compile-time:

   1. Logging (CFLAGS, -DFILED_DONT_LOG=1)
	It is possible to disable ALL logging from filed.  When logging is
	completely disabled interlocks (mutexes) for the logging pointer are
	not engaged and the logging functions are not compiled at all.
	This results in a slightly smaller and faster binary

   2. Debugging (CFLAGS, -DFILED_DEBUG=1)
	This is an internal option and should only be used during development.

   3. Differing HTTP semantics (CFLAGS, -DFILED_NONBLOCK_HTTP=1)
	It is possible that some HTTP clients may not process the HTTP stream
	being delivered if they cannot write to the HTTP stream itself.  This
	has not been observed yet, but it is possible.  If these semantics are
	needed (and they should not be) then they can be enabled with this
	flag at the cost of performance.

   4. Differing chroot() semantics (CFLAGS, -DFILED_FAKE_CHROOT=1)
        In some cases it is desirable to mangle paths with a path prefix
        rather than call chroot() at startup.  This is less secure and slower
        and should be generally avoided -- however it may be necessary to do.
        In these cases the executable may be compiled with the
        FILED_FAKE_CHROOT C preprocessor macro defined and instead of calling
        chroot() all HTTP requests will have the root suffix specified as the
        argument to the "-r" or "--root" option prepended to them.

   5. Differing "index.html" handling (CFLAGS, -DFILED_DONT_REDIRECT_DIRECTORIES=1)
        Normally "filed" redirects users who request a directory to the
        index.html file in that directory so that no memory allocations are
        required;  This option lets the server generate the new path.

   6. Enable seccomp (CFLAGS, -DFILED_DO_SECCOMP=1)
        Linux supports limiting the system calls that a process can make.
        This is called seccomp (SECure COMPuting).  Currently not all
        platforms have been tested with this so it is disabled by default.

   6. MIME Types (MIMETYPES)
	For single-file convenience "filed" compiles the mapping of file
	extensions (the string in the filename following its last dot ("."))
	into the executable.  This mapping comes from a file in the format of
		type1   type1_extension1 type1_extension2...
		type2   type2_extension1 type2_extension2...
	However it may not be desirable to include this mapping, or it may be
	desirable to use your own mapping rather than the default one.  This
	can be done by specifying the MIMETYPES macro to "make".  If no
	mapping is desired, "/dev/null" may be specified.

Log Files
Because "filed" relies on chroot(2) and setuid(2), log files cannot reliably
be re-opened.  If you need log rotation then a second process, which can close
and re-open log files, must be used.  Any process may be used for writing logs
but if the process does not support log rotation then it will not provide that
benefit.  For example, if you wish to write logs to syslogd(8) you can use
logger(1), such as:
	# ./filed --root /www --user nobody --log '|logger -t filed' --daemon