From 0251ba5cc54cdd24092e442ab7ec364b97d42601 Mon Sep 17 00:00:00 2001
From: Laurent Bercot
Date: Thu, 21 Sep 2023 05:57:24 +0000
Subject: More doc, complete?
Signed-off-by: Laurent Bercot
---
doc/tipideed.html | 180 ++++++++++++++++++++++++++++++++++++++++++++++++++++--
1 file changed, 176 insertions(+), 4 deletions(-)
(limited to 'doc/tipideed.html')
diff --git a/doc/tipideed.html b/doc/tipideed.html
index b11a63c..0c34af5 100644
--- a/doc/tipideed.html
+++ b/doc/tipideed.html
@@ -23,7 +23,9 @@
a web server package: it serves files over HTTP.
+
Interface
+
tipideed [ -v verbosity ] [ -f cdbfile ] [ -d basedir ] [ -R ] [ -U ]
@@ -42,7 +44,9 @@ occurs that makes it nonsensical to keep the connection open.
current working directory, one subdirectory for every domain it hosts.
+
Common usage
+
tipideed is intended to be run under a TCP super-server such as
@@ -81,11 +85,13 @@ of the tipidee package provides service templates to help you run tipideed under
s6-rc.
+
Exit codes
+
- - 0
- Clean exit. The client closed the connection after a stream of
-HTTP exchanges.
+ - 0
- Clean exit. There was a successful stream of HTTP exchanges,
+that the client decided to end.
- 1
- Illicit client behaviour. tipideed exited because it could
not serve the client in good faith.
- 2
- Illicit CGI script behaviour. tipideed exited because the invoked
@@ -96,12 +102,18 @@ line options, or missing environment variables, etc.
- 101
- Cannot happen. This signals a bug in tipideed, and comes with an
error message asking you to report the bug. Please do so, on the
skaware mailing-list.
+ - 102
- Misconfiguration. tipideed found something in its configuration
+data or in the document layout that it does not like. This can happen, for
+instance, when a document is a symbolic link pointing outside of the server's
+root.
- 111
- System call failed. If this happens while serving a request,
tipideed likely has sent a 500 (Internal Server Error) response to the
client before exiting.
+
Environment variables
+
Reading - mandatory
@@ -173,11 +185,13 @@ otherwise, it will assume it is running plaintext HTTP.
so the passed environment is as close as possible to the environment of the
super-server; and it adds all the variables that are required by the
CGI 1.1
-specification. It does not add PATH_TRANSLATED, which CGI scripts should
-not rely on.
+specification. As an exception, it does not add PATH_TRANSLATED, which
+cannot be used by CGI scripts in a portable way.
+
Options
+
- -v verbosity
@@ -218,9 +232,150 @@ the super-server has bound to its socket, and all the subsequent operations,
including the spawning of tipideed processes, are performed as a normal user.
+
+
Document root
+
+
+
+ The way to organize your documents so they can be served by tipideed
+may look a little weird, but there's a logic to it.
+
+
+
+ tipideed serves documents from subdirectories of its working directory,
+and these subdirectories are named according to the host and
+the port of the request.
+
+
+
+ - A request for https://example.com:1234/doc/u/ment
+will result in a lookup in the filesystem for
+./example.com:1234/doc/u/ment.
+ - A request for https://example.com/doc/u/ment
+will result in a lookup in the filesystem for
+./example.com:443/doc/u/ment.
+
+
+
+The fact that the port is always specified allows you to have
+different document sets for the same host on different ports:
+more flexibility.
+
+
+
+ However, most of the time, you don't want different
+document sets for different ports. You want the same document
+sets for ports 80 and 443, and that's it. And you don't want
+to have both a domain example.com:80 section and a
+domain example.com: 443 section in your
+/etc/tipidee.conf, with
+duplicate information.
+
+
+
+ That is why you are allowed to make your document roots
+symbolic links, and resource attributes declared in
+the configuration file are always looked up with the
+canonical path. In other words, the common case
+would be:
+
+
+
+ - Have your document root in ./example.com, a
+real directory.
+ - Declare your resource attributes under a
+domain example.com section in your configuration file.
+ - Have a ./example.com:80 symlink pointing to
+example.com, if you want to serve example.com
+under plaintext HTTP.
+ - Have a ./example.com:80 symlink pointing to
+example.com, if you want to serve example.com
+under HTTPS.
+
+
+
+ This system allows you to share documents across virtual hosts
+without fear of misconfiguration. You can symlink any document
+under example.com to any name under example.org;
+if the path via example.com is the canonical path, then
+your resource will still get the correct attributes, defined in a
+domain example.com section, even if it is accessed via an
+example.org URL. You will not inadvertently expose source
+code for CGI scripts, for instance.
+
+
+
+ You can do wild things with symbolic links. However, anything
+that does not resolve to a file in a document root under tipideed's
+current working directory will be rejected. If an attacker symlinks
+your /etc/passwd file, tipideed will keep it safe.
+
+
+
+
Detailed operation
+
+
+
+ - tipideed reads its compiled
+configuration file. Then:
+
+ - If the -d option has been given, it changes its working directory.
+ - If the -R option has been given, it chroots to its current directory.
+ - If the -U option has been given, it drops root privileges.
+
+ - It checks that its environment is valid, and that its configuration has
+some minimal defaults it can use.
+ - tipideed listens to a stream of HTTP requests on its standard input. For every
+HTTP request:
+
+ - It parses the request line and check it's HTTP/1.0 or 1.1
+ - It parses the headers into a quick access structure
+ - It checks header consistency with the request
+ - If the method is OPTIONS * or TRACE, it answers here
+and continues the loop
+ - It reads the request body, if any
+ - It checks in its configuration if a redirection has been defined for
+the wanted resource or a prefix (by directory) of the wanted resource. If it's
+the case, it answers with that redirection and continues the loop.
+ - It looks for a suitable resource in the filesystem, completing the
+request with index files if necessary, or substracting CGI INFO_PATHs if
+necessary
+ - It uses the canonical path of the resource in the filesystem to look
+for resource attributes in its configuration. (Is this a CGI script? a NPH
+script? Does it have a customized Content-Type? etc.)
+ - If the method is a targeted OPTIONS, it answers here and
+continues the loop
+ - If the resource is a CGI script:
+
+ - If it is an NPH script, tipideed execs into the script (possibly
+after spawning a helper child if there is a request body to feed to the script)
+with the appropriate environment;
+and the connection will close when the script exits.
+ - Else, tipideed spawns the CGI script as a child with the appropriate
+environment, feeds it the request body if any, reads its output, and answers
+the client.
+ - If a problem occurs server-side, the client will receive a 502
+answer ("Bad Gateway"), and tipideed will write an error message to
+its stderr, so that administrators can see what went wrong with their setup.
+tipideed trusts its CGI scripts more than its clients, but it does not give
+them its full trust either — lots of sites are running third-party
+backends.
+
+ - Else, the resource is a regular ("static") file, and tipideed serves
+it on its stdout, to the client.
+
+ - tipideed exits on EOF (when the client closes the connection), or after
+a single HTTP/1.0 request, or when it has answered a request with a
+Connection: close header, or when it encounters an error where it is
+likely that the client will have no use for the connection anymore anyway
+and exiting is simpler and cheaper — in which case tipideed adds
+Connection: close to its last answer.
+
+
Performance considerations
+
On systems that implement
@@ -264,12 +419,29 @@ other Web servers, please share them on the
skaware mailing-list.
+
Notes
+
+ - tipideed sometimes answers 400, or even does not answer at all
+(it just exits), when receiving some malformed or weirdly paced
+client requests, despite what the
+HTTP RFC says.
+This is on purpose. HTTP servers are very much solicited, they can run
+very hot, the Web is a cesspool of bots and bad actors, and every
+legitimate browser knows how to speak HTTP properly and without abusing
+corner cases in the protocol.
+It makes no sense to try to follow the book to the letter, expending
+precious resources, when the client can't even be bothered to pretend
+it's legit. Knowing when to exit early is crucial for good resource
+management.
- tipideed is pronounced tipi-deed. You can say
tipi-dee-dee, but only if you're the type of person who also says
PC computer, NIC card or ATM machine.
+ - tipidee is the name of the package, the software suite
+implementing a Web server. tipideed is the name of the program
+doing the HTTP serving part.