----==================================================================----
THIS IS VERY SPECIAL AMINET UPLOAD SINCE SOME FILES DISAPPEARED FROM BTTR
AFTER THE DISK ARRAY CRASH...
----==================================================================----
hiawatha-6.12
--------------
---
Hiawatha is a secure webserver for Unix(and Amiga of course). It has been
written with 'being secure' as its main goal. Hiawatha has lots of features
that no other webserver has. This and the fact that Hiawatha's source code
is free of security-bugs, makes Hiawatha the most secure webserver available.
(Hiawatha v6.12, cache, CommandChannel, SSL, URL toolkit, XSLT)
---
NEWS:
[31-May-09] 6.12 * Added AmiSSL support(more in PROBS).
* Compiled with XSLT support.
* Linked against 'mst' - new single tasking/
multi-node signal ticker(turn on by def.)
* Fixed nasty IXPIPE issues.
* AmigaDOS and ARexx scripts are treated
like binaries(execution timeouts allowed).
[18-Oct-08] 6.9 * This port does not use signal ticker by
default to circumvalent signal clobbering
issue, but it is still available - just
in case(btw it uses much better impl. now).
* File sizes are displayed correctly now
in directory listings.
* 'PUT' method should now work properly.
* 'TimeForCGI=time' can be set per 'Virtual
host' and 'Directory' as well.
* Increased stacksize of a thread to 80 k.
---
NOTES:
[*]
All builds require 68020+(no FPU), OS 2.04+, 2(4 recommended)+ MiB of
free memory, ixemul 48+, ixnet 48+, bsdsocket 3+, ixpipe-handler 1.1 plus
in case of 'hiawatha[ssl]' AmiSSL 3.5+ has to be installed and properly
configured, and libxml2.ixlibrary, libxslt.ixlibrary and libgcrypt.ixlibrary
(relies on 'RANDOM:'(random-handler)!) must be present.
[*]
Important! 'ixpipe-handler' in 'ixemul' 48.0 and probably less is broken.
[*]
The server works excellent, is stable, very responsive, has working Common
Gateway Interface that allows AmigaShell/Arexx to be utilised, cache
facility, command channel, ssl support, xslt support, and most important
thing, it is both user and cpu friendly. I have squeezed ~600 kilos per
second from my 68040/33 equipped Miggy and OS was still quite responsive.
[*]
This server has working CGI with AGI facility(see 'var/www/hiawatha/cgi-bin/'
directory to get familiar with AGI and 'etc/hiawatha.conf' for config
details). Older scripts can be found in version 6.7 of the server.
[*]
This server is customized to be usable from under one directory(dont copy
anything to your 'gg:'!!!) Just unpack, assign, configure and launch.
You have to assign 'hiawatha:' to the directory where the server is.
[*]
Available native extensions(hardcoded!): .rx, .xgi, .rgi, .bgi and .agi .
To use binaries as CGI add new entry like this one 'CGIhandler = <none>:rgi'
to the config. Difference between (.rx, .xgi, .rgi) and (.bgi, .agi.) is that
that to the first group such template is passed: <sessionport> <method> <contlen>
<rootpath> <uri> <remoteip> <query>, and to the second only <query> with
'&' translated to ' '. This is because ARexx cant read environment variables.
Chars '`', '|' and ':' are always translated to '_' in <query> for security
reasons.
[*]
When using Amiga native applications through BGI make sure they react to
Control-C, it is quite important because you can then use timeout handler
which will terminate lenghty process freeing memory, which is needless to
say precious where its amount is low. Generally you should use BGI for
large projects where signalling is important, otherwise use scripts.
[*]
When making your own AmigaDOS or ARexx scripts, remember to 'protect' them
with '+se' flags('protect <script> +se')!
[*]
To improve performance of your AGI, place it in 'RAM:' along with its
childern(if possible). You can use 'assign' to create assign tree. For
example:
; our base: hiawatha:var/www/hiawatha/cgi-bin/
makedir ram:hiawatha ram:hiawatha/www ram:hiawatha/www/hiawatha ram:hiawatha/www/hiawatha/cgi-bin
copy myscript.agi ram:hiawatha/www/hiawatha/cgi-bin/
assign hiawatha: ram:hiawatha add
Now your script will be acting as a ghost, you wont see it in the 'Index of',
but it is there :)
[*]
Memory consumption of a thread is something like 80 kilos, plus if you spawn
some new process through CGI you need to add amount of stack 'hiawatha' was
launched with - by default 32 kilos, so 80 + 32 = 112 kilos per thread without
any extra memory allocations. At most ~128 kilos per thread is needed. In
practise each thread consumes ~180 kilos.
[*]
'RunOnAlter' related program/script should not block as there is no timeout
handler and we must get rid of zombie(nothing bad will happen if it blocks
but this will cause memory not to be returned after request, so you may run
out of free memory pretty quick if someone calls it frequently) If you need
to do anything in the background then call 'agirun' along with your script
or binary and 'run' that something from under it with lower 'stack', or use
'SystemTagList()' with 'SYS_Asynch' turned on.
[*]
SIGKILL has been turned into SIGINT in timeout handlers, so no brutal process
removal can take place. But that is not all, signalling tasks is also improved.
From now on you start anything(scripts, bins) and it can be safely terminated.
[*]
'cgi-wrapper' and 'php-fcgi' are not tested!
[*]
'Broken pipe' or 'The requested document contains no data.' messages you will
be receiving if there is not enough memory, 'MaxRequestSize' is smaller than
request or if there is no sockets left.
[*]
Be extremally careful with req. size value, its amount of memory that will be
allocated each time someone POST/GET something to your server. Its best to keep
it low and hook up a script-daemon that can handle POST at other port.
[*]
There are two new command line options:
-s <num>: set new stack size for threads(def:80, 64-512 k).
-D <num>: set new mst(signal ticker) delay(def:8, 0(off)-60 s).
First is to set new stack for threads, it was fixed value of 512 k, but 80 k
is fair enough imo, at least watchdogs of any kind remain silent - no memory
trashes detected.
The second one is to activate/set MasterSignalTicker delay. What is MST?
Its a handler that is able to emit signals to the tasks, in this case we
want to receive 0x80000000 signal every 8 seconds to get rid of possible
thread lockups. What the hell are thread lockups? These occur mostly
with emulated by 'pthread' system timers used in functions like 'sleep()',
'usleep()', 'nanosleep()', 'select()' and so on. MST is a kind of watchdog
that helps to resume the scheduler. Altough, i have minimised the risk of
thread lockups to nearly zero i cant predict everything, so this option
is still of help.
[*]
As to 'CommandChannel' you need 'md5' utility to generate password(letters
in hex string must be lower case), the def. password is "hctrl". 'hctrl'
utility can be in your 'c:' for more comfortable use.
[*]
If you can not afford multiple domains, then you can use 'ln' to add symbolic
links(known to work well on latest FFS and SFS), thus make possible to map
every drawer anywhere to the one where the root directory is. You may try to
put some names bound to '127.0.0.1' in file 'hosts' of your TCP/IP stack
as well.
[*]
When you do mods to the configuration files you should invoke the server
directly instead of using control utility to be able to see potential errors.
[*]
Changing process priority of server to 1 and up is not recommended, not even
if your Amiga acts as a server only. It best to keep it on 0 or minus value.
[*]
By default server listens on any interface on port 8008. '127.0.0.1' and any
other interface is bound to weclome site and 'localhost' gives listings.
[*]
In order to configure Ami(Open)SSL, copy 'openssl.cnf' to 'AmiSSL:'!
[*]
Please dont bother Hugo Leisink(the author) about Amiga specific stuff, but
send your questions directly to me(email at the end of this file).
---
PROBS:
[*]
Avoid programs who read data only from standard input and do not quit peacefully
on error but wait for input on 'Input()' or 'stdin' - this will hang CGI process,
unless there is a way to send EOF('FIFO:' is the most powerful and allows lots of
tricks to be performed thru it) to such proggy.
[*]
Remember! When making your own CGI in C avoid 'Write()' to 'Output()' - this is
evil, so use 'FWrite()' or everything that is buffered. If you need to sync.
the unbuffered output with buffered one, use call to some buffered function in
the process that typically uses unbuffered ones. Yes, i know this might be
difficult to do, so it will probably work for scripts only.
[*]
AmiSSL is not thread-safe, but i have solved the problem of stealing the time by
one thread, however there are drawbacks anyway... First is, AmiSSL is slow with
long keys(heavy cpu load). Second, AmiSSL connections slow down non-AmiSSL ones
considerably when they are not throttled. 5 KiB/s per thread on 68040 is perhaps
reasonable value. What i recommend is to use SSL only for login purposes and
then use standard protocol.
---
USAGE:
Usage: bin/hiawatha [options]
Options: -c <path>: path to where the configrationfiles are located.
-s <num>: set new stack size for threads(def:80, 64-512 k).
-D <num>: set new mst(signal ticker) delay(def:8, 0(off)-60 s).
-h: show this information and exit.
-k: check configuration and exit.
-v: show version and compile information and exit.
---
EXAMPLES:
; out of the box usage(http://127.0.0.1:8008, http://localhost:8008)
cd hiawatha-6.12-bin-m68k/
assign hiawatha: hiawatha/
hiawatha:bin/hctrl start
; add new drawer(s) to the 'filesystem' directory
hiawatha:bin/ln -s /ram /hiawatha/var/www/hiawatha/filesystem
hiawatha:bin/ln -s /fonts /hiawatha/var/www/hiawatha/filesystem
; give yourself some more comfort while others download a lot
ktm [hiawatha:bin/hiawatha] -1
; stopping the server
hiawatha:bin/hctrl stop
---
SSL(key and cert generation):
; dont forget to setup proper SSL binding in the config!
cd hiawatha-6.12-bin-m68k/etc/
openssl genrsa -out privkey.pem 512
openssl req -new -x509 -days 365 -key privkey.pem -out privcert.pem
type >serverkey.pem privcert.pem
echo >>serverkey.pem ""
type >>serverkey.pem privkey.pem
echo >>serverkey.pem ""
---
megacz@usa.com
|
aminet net>