3 kHTTPd - Kernel httpd accelerator
5 (C) 1999 by Arjan van de Ven
6 Licensed under the terms of the GNU General Public License
13 kHTTPd is a http-daemon (webserver) for Linux. kHTTPd is different from
14 other webservers in that it runs from within the Linux-kernel as a module
17 kHTTPd handles only static (file based) web-pages, and passes all requests
18 for non-static information to a regular userspace-webserver such as Apache
19 or Zeus. The userspace-daemon doesn't have to be altered in any way.
21 Static web-pages are not a very complex thing to serve, but these are very
22 important nevertheless, since virtually all images are static, and a large
23 portion of the html-pages are static also. A "regular" webserver has little
24 added value for static pages, it is simply a "copy file to network"
26 This can be done very efficiently from within the Linux-kernel, for example
27 the nfs (network file system) daemon performs a similar task and also runs
30 By "accelerating" the simple case within the kernel, userspace daemons can
31 do what they are very good at: Generating user-specific, dynamic content.
33 Note: This document sometimes uses "Apache" instead of "any webserver you
34 ever might want to use", just for reasons of readability.
40 1) compile and load the module
41 2) configure the module in /proc/sys/net/khttpd if needed
42 3) echo 1 > /proc/sys/net/khttpd/start
46 echo 1 > /proc/sys/net/khttpd/stop
47 echo 1 > /proc/sys/net/khttpd/unload
60 There are two recommended modes of operation:
62 1) "Apache" is main webserver, kHTTPd is assistant
64 serverport -> 8080 (or whatever)
66 2) kHTTPd is main webserver, "Apache" is assistant
67 clientport -> 8080 (or whatever)
74 Before you can start using kHTTPd, you have to configure it. This
75 is done through the /proc filesystem, and can thus be done from inside
76 a script. Most parameters can only be set when kHTTPd is stopped.
78 The following things need configuration:
80 1) The port where kHTTPd should listen for requests
81 2) The port (on "localhost") where "Apache" is listening
82 3) The location of the documents (documentroot)
83 4) The strings that indicate dynamic content (optional)
84 [ "cgi-bin" is added by default ]
86 It is very important that the documentroot for kHTTPd matches the
87 documentroot for the userspace-daemon, as kHTTPd might "redirect"
88 any request to this userspace-daemon.
90 A typical script (for the first mode of operation) to do this would
95 echo 80 > /proc/sys/net/khttpd/clientport
96 echo 8080 > /proc/sys/net/khttpd/serverport
97 echo /var/www > /proc/sys/net/khttpd/documentroot
98 echo php3 > /proc/sys/net/khttpd/dynamic
99 echo shtml > /proc/sys/net/khttpd/dynamic
100 echo 1 > /proc/sys/net/khttpd/start
102 For the second mode of operation, this would be:
106 echo 8080 > /proc/sys/net/khttpd/clientport
107 echo 80 > /proc/sys/net/khttpd/serverport
108 echo /var/www > /proc/sys/net/khttpd/documentroot
109 echo php3 > /proc/sys/net/khttpd/dynamic
110 echo shtml > /proc/sys/net/khttpd/dynamic
111 echo 1 > /proc/sys/net/khttpd/start
113 In this case, you also have to change the configuration of the
114 userspace-daemon. For Apache, you do this by changing
124 Once you have set up the configuration, start kHTTPD by running
125 echo 1 > /proc/sys/net/khttpd/start
126 It may take a jiffie or two to start.
131 echo 1 > /proc/sys/net/khttpd/stop
132 It should stop in a jiffy or two.
136 To unload the module, do
137 echo 1 > /proc/sys/net/khttpd/stop
138 echo 1 > /proc/sys/net/khttpd/unload
143 If this doesn't work fast enough for you (unloading can wait for
144 a remote connection to close down), you can send the daemons a "HUP"
145 signal after you told them to stop. This will cause the daemon-threads to
151 The security model of kHTTPd is very strict. It can be, since there is a
152 userspace daemon that can handle the complex exceptions.
154 kHTTPd only serves a file if
156 1) There is no "?" in the URL
157 2) The URL starts with a "/"
158 3) The file indicated by the URL exists
159 4) The file is world-readable (*)
160 5) The file is not a directory, executable or has the Sticky-bit
162 6) The URL doesn't contain any "forbidden" substrings such as ".."
164 7) The mime-type is known (*)
166 The items marked with a (*) are configurable through the
167 sysctl-parameters in /proc/sys/net/khttpd.
170 In all cases where any of the above conditions isn't met, the
171 userspace-daemon is handed the request.
177 The following parameters are settable through /proc/sys/net/khttpd:
179 Name Default Description
181 serverport 8080 The port where kHTTPd listens on
183 clientport 80 The port of the userspace
186 threads 2 The number of server-threads. Should
187 be 1 per CPU for small websites, 2
188 per CPU for big (the active files
189 do not fit in the RAM) websites.
191 documentroot /var/www the directory where the
194 start 0 Set to 1 to start kHTTPd
195 (this also resets "stop" to 0)
197 stop 0 Set to 1 to stop kHTTPd
198 (this also resets "start" to 0)
200 unload 0 Set to 1 to prepare kHTTPd for
201 unloading of the module
203 sloppymime 0 If set to 1, unknown mime-types are
204 set to text/html. If set to 0,
205 files with unknown mime-types are
206 handled by the userspace daemon
208 perm_required S_IROTH Minimum permissions required
209 (for values see "man 2 stat")
211 perm_forbid dir+sticky+ Permission-mask with "forbidden"
213 (for values see "man 2 stat")
215 dynamic cgi-bin .. Strings that, if they are a subset
216 of the URL, indicate "dynamic
219 maxconnect 1000 Maximum number of concurrent
223 kHTTPd is *not* currently compatible with tmpfs. Trying to serve
224 files stored on a tmpfs partition is known to cause kernel oopses
225 as of 2.4.18. This is due to the same problem that prevents sendfile()
226 from being usable with tmpfs. A tmpfs patch is floating around that seems
227 to fix this, but has not been released as of 27 May 2002.
228 kHTTPD does work fine with ramfs, though.
230 There is debate about whether to remove kHTTPd from the main
231 kernel sources. This will probably happen in the 2.5 kernel series,
232 after which khttpd will still be available as a patch.
234 The kHTTPd source code could use a good spring cleaning.
238 More information about the architecture of kHTTPd, the mailinglist and
239 configuration-examples can be found at the kHTTPd homepage:
241 http://www.fenrus.demon.nl
243 Bugreports, patches, etc can be send to the mailinglist
244 (khttpd-users@zgp.org) or to khttpd@fenrus.demon.nl
245 Mailing list archives are at
246 http://lists.alt.org/mailman/listinfo/khttpd-users