> Show HN: Hosting my website using my own C web server
"But if you actually do this, WAT" – https://www.destroyallsoftware.com/talks/wat
As with much of HN, this is fun, a good thing to learn while making and reading about... but it likely needs the caveat that doing this is production isn't a good idea (although in this case the author does not appear to encourage production usage).
It’s a great way to get hacked
Finally a website that doesn't crash when it shows up on the front page
Any site with a CDN in front of it can do that.
Don’t get me wrong this is an awesome project but if you really care about this kind of thing in a production scenario and you’re serving mostly static content… just use a CDN. It’ll pretty much always outperform just about anything you write. It’s just boring.
Uhh… doesn’t the link go to GitHub? I’m a little confused by this comment. I mean the project is neat and cool. But I imagine most folks go to GitHub and don’t go to the link showing the webpage. Am I missing something?
Hello everyone! This is a fun little project I started in my spare time and thought you'd appreciate :)
Appreciated indeed. I happened to want to mess around with the C11 concurrency API and write a server of sorts, mostly as a curiosity of how those constructs work out in C coming from C++.
You may be interested in this https://news.ycombinator.com/item?id=27431910
> As of 2024, the althttpd instance for sqlite.org answers more than 500,000 HTTP requests per day (about 5 or 6 per second) delivering about 200GB of content per day (about 18 megabits/second) on a $40/month Linode. The load average on this machine normally stays around 0.5. About 19% of the HTTP requests are CGI to various Fossil source-code repositories.
Only 3.4k of C code for a full http and https server? I honestly thought you would need a lot more for it to be fully compliant with the spec.
Http/1.1 is dead simple if you ignore most of the spec. If you only take get requests and set content-length on response you will be good for 99% of user agents. It’s not much more code to handle the transfer-encoding and byte-range headers. HTTPS is just http over a tls socket which is the level of abstraction you should have if you don’t roll your own crypto.
It’s fun and not that bad really.
Yeah I’ve done this for embedded devices. A website can be presented with nothing more than a raw socket and sending back a text string of http headers and html in a single text string when people connect to it.
Hell if you’re really lazy you can forgo responding with the http headers and just socket.write(“hello world”) as the response and all the major browsers will render “hello world” to the user. Properly formatted http headers are just a text string extra and the html is just text. There’s not much to it.
looks like it’s survived the HN front page hug. Congrats.
How about embedding the contents of the HTML files so that no access to the filesystem is required?
That would make it not only faster but also safer.
I recommend linking a romfs image into the program. It's a simple format and provides an easy way to manage a collection of resources.
I did something similar in LabView once. There were reasons.....
This is amazing. Seriously, more things should be custom-coded. Why not?
For fun, sure. Small mistake can be big security nightmare
1000 lines are easier to secure than 5 million lines
“You can write software that has no obvious bugs or you can write software that obviously has no bugs.”
I think that was ewd?
Not if you’re the only author!
I love it!
It’s fast!
I have always wanted to try out something like this.
Good job!
Nice. I've done this in the past. But I feel like attempting to make a file serving http server is like adding preservants and high fructose corn syrup to home made baked goods.
You have the opportunity to really make something custom and of high quality, hard code the paths of your files and avoid a whole class of vulnerabilities for example.
Configuration files? That makes sense when programmer and sysadmin are distinct, you can just modify variables and recompile.
I think you'll like dwm and other suckless tools. They have configuration as code and require a recompile after a configuration change.
Not sure if serious…
Not the only time it’s been brought up in this thread: https://news.ycombinator.com/item?id=41643198
I’m waiting for someone to chime in and explain why that would be a bad idea cause I can’t think of it from a security perspective.
Once at a certain level of complexity, e.g. having several hundred/thousand resources, then you start automating your hardcoded paths, and then you still can get bitten.
vs just putting things in a subfolder of your repo or whatever and having the default handling not accept `..` path components