Original post is here: eklausmeier.goip.de
I stumbled upon Hiawatha web-server when I read about a web-server for a houseboat by Ronald Scheckelhoff, WB8LZR. I had used Apache, thttpd, Lighttp, NGINX, and others before.
Now I use the Hiawatha web-server.
Since August 2023 I use the NGINX web-server.
Hiawatha has three objectives, which are nicely met:
- Security: Hiawatha resisted Heartbleed and Slowloris attacks
- Ease of use: use the man-pages for configuring the web-server, no extensive Googling
- Lightweight on resources
Also see Hiawatha - the best webserver you've never heard of, or see Why I use Hiawatha Webserver (dead link).
The following diagram shows the number of source code lines using
1wc `find . -iname \*.c -o -iname \*.h -o -iname \*akefile\* `
for each web-server.
Below configuration mostly follows the example configuration and provides Perl and PHP as CGI:
1ServerId = http
2ConnectionsTotal = 1000
3ConnectionsPerIP = 25
4SystemLogfile = /var/log/hiawatha/system.log
5GarbageLogfile = /var/log/hiawatha/garbage.log
6
7Binding {
8 Port = 80
9 MaxRequestSize = 1572864
10 MaxUploadSize = 2047
11 TimeForRequest = 90,180
12}
13
14CGIhandler = /usr/bin/perl:pl
15CGIhandler = /usr/bin/php-cgi:php
16
17Directory {
18 DirectoryID = DownloadArea
19 Path = /Download
20 ShowIndex = yes
21}
22
23Directory {
24 DirectoryID = WebPresence
25 Path = /
26 ExecuteCGI = yes
27}
28
29Hostname = 127.0.0.1
30WebsiteRoot = /srv/http
31
32VirtualHost {
33 Hostname = www.eklausmeier.tk, eklausmeier.tk, 192.168.178.24, klm.no-ip.org, klm.ddns.net, edh.no-ip.org, edh.ddns.net, klmport.no-ip.org, borussia.no-ip.org
34 WebsiteRoot = /srv/http
35 FollowSymlinks = yes
36 UseDirectory = WebPresence, DownloadArea
37}
So I have a directory where Hiawatha shows a graphical representation of some files I can download. And it has an ordinary directory where I serve HTML and PHP files. I had to change MaxRequestSize
and MaxUploadSize
as I sometimes upload large chunks of data.
Since the 2014 Microsoft shotgun attack on No-IP.org I have many different DNS names to better withstand this vandalism.
Enabling GD for PHP is described here: php-gd -- just uncomment extension=gd
.