 |
index.md - sites - public wiki contents of suckless.org |
 |
git clone git://git.suckless.org/sites |
 |
Log |
|
Files |
|
Refs |
|
--- |
|
index.md (3487B) |
|
--- |
|
1  |
|
2 |
|
3 quark is an extremely small and simple HTTP GET/HEAD-only web server for… |
|
4 content. |
|
5 |
|
6 The goal of this project is to do one thing and do it well, namely servi… |
|
7 static web directories and doing that right. Most other solutions either… |
|
8 too complex (CGI support, dependencies on external libraries, ...) or la… |
|
9 features you expect (TLS, virtual hosts, partial content, not modified s… |
|
10 ...). quark tries to find a midway and just restrict itself to being sta… |
|
11 while still offering functions you only find in more bloated solutions a… |
|
12 being as secure as possible (chroot, privilege dropping, strict parsers,… |
|
13 malloc at runtime, pledge, unveil, ...). |
|
14 |
|
15 Static web |
|
16 ---------- |
|
17 We believe that most of the web does not need to be dynamic and increasi… |
|
18 complexity on server-side applications is one of the main reasons for th… |
|
19 obesity crisis. The common approach nowadays is to do everything on the … |
|
20 including parsing requests, modifying files and databases, generating HT… |
|
21 all that using unfit languages like PHP or JavaScript, which is a securi… |
|
22 efficiency nightmare. |
|
23 |
|
24 Over the years we have seen massive amounts of security holes in numerous |
|
25 applications of tools commonly used for these jobs (PHP, node.js, |
|
26 CGI-implementations, ...). The reason why we are in this situation in th… |
|
27 place is due to the fact that the jobs of data processing and data |
|
28 presentation, which should be separate, converged together into one. |
|
29 |
|
30 The solution is to rely on static regeneration independent from the web … |
|
31 which just serves static files. You can still implement e.g. form handle… |
|
32 dynamic content which run as their own network instance and operate |
|
33 independently from the web server. What's left is just to generate the s… |
|
34 content using the database and repeating this process in case the databa… |
|
35 updated. |
|
36 |
|
37 This way the jobs of data processing and data presentation are separate … |
|
38 with many advantages. All requests are handled with constantly low laten… |
|
39 with the possibility of serving everything directly from RAM (using a ra… |
|
40 Separated concerns make it very unattractive to attack the web server it… |
|
41 and the attack surface that is left, if it is present at all, is the sep… |
|
42 form handler, which can be implemented in a very simple, safe and effici… |
|
43 manner. |
|
44 |
|
45 In case there is an attack on this infrastructure and the attacker manag… |
|
46 DoS the form handler, the serving of content is still unaffected. |
|
47 |
|
48 TLS-support |
|
49 ----------- |
|
50 quark does not natively support TLS. A more suckless approach than to |
|
51 implement TLS into it is to use a TLS reverse proxy (e.g. [tlstunnel](ht… |
|
52 [hitch](https://hitch-tls.org/) or [stunnel](https://www.stunnel.org/)). |
|
53 It accepts encrypted TLS connections and forwards them as unencrypted |
|
54 requests to a server. In this case, one can run such a reverse proxy to … |
|
55 on a public IP address and forward the requests to a local port or UNIX-… |
|
56 |
|
57 Solutions |
|
58 --------- |
|
59 * [saait](https://git.codemadness.org/saait/file/README.html) site gener… |
|
60 * [stagit](https://git.codemadness.org/stagit/file/README.html) git page… |
|
61 |
|
62 Development |
|
63 ----------- |
|
64 You can [browse](//git.suckless.org/quark) the source code repository or… |
|
65 copy with the following command: |
|
66 |
|
67 git clone https://git.suckless.org/quark |
|
68 |
|
69 Author |
|
70 ------ |
|
71 * Laslo Hunhold ([email protected]) |
|
72 |
|
73 Please contact me when you find information that could be added to this … |
