Show HN: unsafehttp – tiny web server from scratch in C, running on an orange pi (unsafehttp.benren.au)
Hey HN, I wanted to get more familiar with C programming, *nix socket programming and C compilation, so I wrote this "web" ""server"". It's running on a tiny SBC in my office, and there's as little as possible between you and it.
Happy for you to try and break it, hopefully with something more interesting than a DoS though :) Please let me know if you find any issues.
20 comments
[ 3.3 ms ] story [ 46.3 ms ] threadPS. You may be unaware that your shortened domain name 'benren' from your whois-available real name means "stupid person" in Mandarin. Only noted because there is a company registered with the same name since 1999. On the off chance it's yours, probably not the best marketing in a global world. Just throwing it out there.
Harsh? Maybe, but you’re posting this to a site with some of the most talented developers on planet. Real talk, sorry.
https://GitHub.com/lionkor/http
1) Run it in a container
2) Isolate it through a reverse proxy, probably nginx
On the whole, it actually almost implements the minimally required amount of HTTP/1.1: I would suggest adding support for HEAD requests, it's just a single flag that you need to set in the try_parse_request_path(), and check in generate_response(). Also, probably check that the request path is followed by "HTTP/1." before sending the response? And I'd really recommend finishing reading out all of the request from the socket (that is, until you've seen "\r\n\r\n"), or you may run into the problem of your clients not being sent the complete response [0].
But other than that, yeah, it is an HTTP server. The HTTP protocol is decently well thought out so that you can be oblivious of most of the features you don't want to support.
[0] https://blog.netherlabs.nl/articles/2009/01/18/the-ultimate-... — the tl;dr is that if you do close() on a socket that still has the data from the client you haven't recv()d, the client will be sent an RST.
> This server follows almost none of that.
This made me chuckle :-)