Set-Up Hiawatha Web-Server

· klm's blog

Original post is here: eklausmeier.goip.de

I stumbled upon Hiawatha web-server when I read about a web-server for a houseboat by Ronald Scheckelhoff, WB8LZR. I had used Apache, thttpd, Lighttp, NGINX, and others before. Now I use the Hiawatha web-server. Since August 2023 I use the NGINX web-server.

Hiawatha has three objectives, which are nicely met:

  1. Security: Hiawatha resisted Heartbleed and Slowloris attacks
  2. Ease of use: use the man-pages for configuring the web-server, no extensive Googling
  3. Lightweight on resources

Also see Hiawatha - the best webserver you've never heard of, or see Why I use Hiawatha Webserver (dead link).

The following diagram shows the number of source code lines using

1wc `find . -iname \*.c -o -iname \*.h -o -iname \*akefile\* `

for each web-server.

Below configuration mostly follows the example configuration and provides Perl and PHP as CGI:

 1ServerId = http
 2ConnectionsTotal = 1000
 3ConnectionsPerIP = 25
 4SystemLogfile = /var/log/hiawatha/system.log
 5GarbageLogfile = /var/log/hiawatha/garbage.log
 6
 7Binding {
 8        Port = 80
 9        MaxRequestSize = 1572864
10        MaxUploadSize = 2047
11        TimeForRequest = 90,180
12}
13
14CGIhandler = /usr/bin/perl:pl
15CGIhandler = /usr/bin/php-cgi:php
16
17Directory {
18        DirectoryID = DownloadArea
19        Path = /Download
20        ShowIndex = yes
21}
22
23Directory {
24        DirectoryID = WebPresence
25        Path = /
26        ExecuteCGI = yes
27}
28
29Hostname = 127.0.0.1
30WebsiteRoot = /srv/http
31
32VirtualHost {
33        Hostname = www.eklausmeier.tk, eklausmeier.tk, 192.168.178.24, klm.no-ip.org, klm.ddns.net, edh.no-ip.org, edh.ddns.net, klmport.no-ip.org, borussia.no-ip.org
34        WebsiteRoot = /srv/http
35        FollowSymlinks = yes
36        UseDirectory = WebPresence, DownloadArea
37}

So I have a directory where Hiawatha shows a graphical representation of some files I can download. And it has an ordinary directory where I serve HTML and PHP files. I had to change MaxRequestSize and MaxUploadSize as I sometimes upload large chunks of data.

Since the 2014 Microsoft shotgun attack on No-IP.org I have many different DNS names to better withstand this vandalism.

Enabling GD for PHP is described here: php-gd -- just uncomment extension=gd.

#Hiawatha