webfsd(1) a lightweight http server


webfsd [ options ]


This is a simple http server for purely static content. You can use it to serve the content of a ftp server via http for example. It is also nice to export some files the quick way by starting a http server in a few seconds, without editing some config file first.


Print a short help text and the default values for all options. If used as last option, the printout will reflect command line choices.
Use IPv4 only.
Use IPv6 only.
Enable debug output.
Write a start/stop notice and serious errors to the syslog. Specify this option twice to get a verbose log (additional log events like dropped connections).
-t sec
Set network timeout to >sec< seconds.
-c n
Set the number of allowed parallel connections to >n<. This is a per-thread limit.
-a n
Configure the size of the directory cache. Webfs has a cache for directory listings. The directory will be reread if the cached copy is more than one hour old or if the mtime of the directory has changed. The mtime will be updated if a file is created or deleted. It will not be updated if a file is only modified, so you might get outdated time stamps and file sizes.
Do not generate a directory listing if the index-file isn't found.
-y n
Set the number of threads to spawn (if compiled with thread support).
-p port
Listen on port >port< for incoming connections.
-r dir
Set document root to >dir<.
-R dir
Set document root to >dir< and chroot to >dir< before start serving files. Note that this affects the path for the access log file and pidfile too.
-f file
Use >file< as index file for directories. If a client asks for a directory, it will get >file< as response if such a file exists in the directory and a directory listing otherwise. index.html is a frequently used filename.
-n hostname
Set the hostname which the server should use (required for redirects).
-i ip
Bind to IP-address >ip<.
-l log
Log all requests to the logfile >log< (common log format). Using "-" as filename makes webfsd print the access log to stdout, which is only useful together with the -F switch (see below).
-L log
Same as above, but additional flush every line. Useful if you want monitor the logfile with tail -f.
-m file
Read mime types from >file<. Default is /etc/mime.types. The mime types are read before chroot() is called (when started with -R).
-k file
Use >file< as pidfile.
-u user
Set uid to >user< (after binding to the tcp port). This option is allowed for root only.
-g group
Set gid to >group< (after binding to the tcp port). This option is allowed for root only.
Don't run as daemon. Webfsd will not fork into background, not detach from terminal and report errors to stderr.
-b user:pass
Set user+password for the exported files. Only a single username/password combination for all files is supported.
-e sec
Expire documents after >sec< seconds. You can use that to make sure the clients receive fresh data if the content within your document root is updated in regular intervals. Webfsd will send a Expires: header set to last-modified time plus >sec< seconds, so you can simply use the update interval for >sec<.
Enable virtual hosts. This has the effect that webfsd expects directories with the hostnames (lowercase) under document root. If started this way: "webfsd -v -r /home/web", it will look for the file /home/web/ftp.foobar.org/path/file when asked for http://ftp.FOObar.org:8000/path/file.
-x path
Use >path< as CGI directory. >path< is interpreted relative to the document root. Note that CGI support is limited to GET requests. The first character in the path string must be a slash!
-~ servdir
Enable access to user specific subdirectories, uniformly located below >subdir<. A request for "/~user/path/file", is rewritten "$HOME/servdir/path/file", and is then checked for existence. Here the user's home directory is retrieved from the system in the standard manner from $HOME in the environment. Mark well, that user specific requests are disabled completely, should this switch be missing. Since user directories are most probably located outside of the server's root directory, care is needed with this option.
Secure web server mode. Warning: This mode is strictly for https.
-C path
File to use as SSL certificate. This file must be in chained PEM format, and may contain server certificate as well as RSA key, but the latter can equally well be a separate entity, see -K.
-K path
File that contains the private key, if the key is not bundled with the certificate.
-A path
Optional file containing CA-certificate and certificate chain.
Apply a verification procedure to the client certificate and chain. These must, if this option is chosen, be supplied by any client. Each chain member must pass verification, and must in turn verify the next chain member. The validity time for the client certificate is checked.
-Q ciphers
Specify acceptable cipher priorities for handshake, data exchange, etc. The default value is NORMAL.

Webfsd can be installed suid root (although the default install isn't suid root). This allows users to start webfsd chroot()ed and to bind to ports below 1024. Webfsd will drop root privileges before it starts serving files.

Access control simply relies on Unix file permissions. Webfsd will serve any regular file and provide listings for any directory it is able to open(2).


Gerd Knorr <[email protected]>
FreeBSD port by Charles F. Randall <[email protected]>


Copyright (C) 1999,2000 Gerd Knorr <[email protected]>

This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.