.TH webfsd 1 "(c) 1999 Gerd Knorr"
webfsd - a lightweight http server
.B webfsd [ options ]
This is a simple http server for purely static content. You
can use it to serve the content of a ftp server via http for
example. It is also nice to export some files the quick way
by starting a http server in a few seconds, without editing
some config file first.
Print a short \fBh\fPelp text and the default values for all options.
If used as last option, the printout will reflect command line choices.
Use IPv\fB4\fP only.
Use IPv\fB6\fP only.
Enable \fBd\fPebug output.
Write a start/stop notice and serious errors to the \fBs\fPyslog.
Specify this option twice to get a verbose log (additional log
events like dropped connections).
.B -t sec
Set network \fBt\fPimeout to >sec< seconds.
.B -c n
Set the number of allowed parallel \fBc\fPonnections to >n<. This is
a per-thread limit.
.B -a n
Configure the size of the directory cache. Webfs has a
cache for directory listings. The directory will be
reread if the cached copy is more than one hour old or if
the mtime of the directory has changed. The mtime will be
updated if a file is created or deleted. It will \fBnot\fP
be updated if a file is only modified, so you might get
outdated time stamps and file sizes.
Do not generate a directory listing if the index-file isn't found.
.B -y n
Set the number of threads to spawn (if compiled with thread support).
.B -p port
Listen on \fBp\fPort >port< for incoming connections.
.B -r dir
Set document \fBr\fPoot to >dir<.
.B -R dir
Set document root to >dir< and chroot to >dir< before start
serving files. Note that this affects the path for the access log
file and pidfile too.
.B -f file
Use >file< as index \fBf\fPile for directories. If a client
asks for a directory, it will get >file< as response if such
a file exists in the directory and a directory listing otherwise.
index.html is a frequently used filename.
.B -n hostname
Set the host\fBn\fPame which the server should use (required
.B -i ip
Bind to \fBI\fPP-address >ip<.
.B -l log
\fBL\fPog all requests to the logfile >log< (common log format).
Using "-" as filename makes webfsd print the access log to stdout,
which is only useful together with the \-F switch (see below).
.B -L log
Same as above, but additional flush every line. Useful if you
want monitor the logfile with tail \-f.
.B -m file
Read \fBm\fPime types from >file<. Default is /etc/mime.types.
The mime types are read before chroot() is called (when started
.B -k file
Use >file< as pidfile.
.B -u user
Set \fBu\fPid to >user< (after binding to the tcp port). This
option is allowed for root only.
.B -g group
Set \fBg\fPid to >group< (after binding to the tcp port). This
option is allowed for root only.
Don't run as daemon. Webfsd will not fork into background, not detach
from terminal and report errors to stderr.
.B -b user:pass
Set user+password for the exported files. Only a single
username/password combination for all files is supported.
.B -e sec
\fBE\fPxpire documents after >sec< seconds. You can use that to
make sure the clients receive fresh data if the content within your
document root is updated in regular intervals. Webfsd will send
a Expires: header set to last-modified time plus >sec< seconds, so
you can simply use the update interval for >sec<.
Enable \fBv\fPirtual hosts. This has the effect that webfsd expects
directories with the hostnames (lowercase) under document root. If
started this way: "webfsd \-v \-r /home/web", it will look for the file
/home/web/ftp.foobar.org/path/file when asked for
.B -x path
Use >path< as CGI directory. >path< is interpreted relative to the
document root. Note that CGI support is limited to GET requests.
The first character in the path string must be a slash!
.B -~ servdir
Enable access to user specific subdirectories, uniformly located
A request for "\fI/~user/path/file\fP", is rewritten
"\fI$HOME/\fBservdir\fI/path/file\fR", and is then checked
Here the user's home directory is retrieved from the system
in the standard manner from \fI$HOME\fP in the environment.
Mark well, that user specific requests are disabled completely,
should this switch be missing.
Since user directories are most probably located outside of the
server's root directory, care is needed with this option.
\fBS\fPecure web server mode. Warning: This mode is strictly for https.
.B -C path
File to use as SSL \fBc\fPertificate. This file must be in chained PEM
format, and may contain server certificate as well as RSA key, but the
latter can equally well be a separate entity, see \fB-K\fR.
.B -K path
File that contains the private key, if the key is not bundled with the
.B -A path
Optional file containing CA-certificate and certificate chain.
Apply a verification procedure to the client certificate and chain.
These must, if this option is chosen, be supplied by any client.
Each chain member must pass verification, and must in turn verify the next
chain member. The validity time for the client certificate is checked.
.B -Q ciphers
Specify acceptable cipher priorities for handshake, data exchange, etc.
The default value is \fINORMAL\fR.
.\"\fBP\fPassword for accessing the SSL certificate.
Webfsd can be installed suid root (although the default install
isn't suid root). This allows users to start webfsd chroot()ed
and to bind to ports below 1024. Webfsd will drop root privileges
before it starts serving files.
Access control simply relies on Unix file permissions. Webfsd will
serve any regular file and provide listings for any directory it is
able to open(2).
Gerd Knorr <firstname.lastname@example.org>
FreeBSD port by Charles F. Randall <email@example.com>
Copyright (C) 1999,2000 Gerd Knorr <firstname.lastname@example.org>
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.