index.md - sites - public wiki contents of suckless.org | |
git clone git://git.suckless.org/sites | |
Log | |
Files | |
Refs | |
--- | |
index.md (3487B) | |
--- | |
1  | |
2 | |
3 quark is an extremely small and simple HTTP GET/HEAD-only web server for… | |
4 content. | |
5 | |
6 The goal of this project is to do one thing and do it well, namely servi… | |
7 static web directories and doing that right. Most other solutions either… | |
8 too complex (CGI support, dependencies on external libraries, ...) or la… | |
9 features you expect (TLS, virtual hosts, partial content, not modified s… | |
10 ...). quark tries to find a midway and just restrict itself to being sta… | |
11 while still offering functions you only find in more bloated solutions a… | |
12 being as secure as possible (chroot, privilege dropping, strict parsers,… | |
13 malloc at runtime, pledge, unveil, ...). | |
14 | |
15 Static web | |
16 ---------- | |
17 We believe that most of the web does not need to be dynamic and increasi… | |
18 complexity on server-side applications is one of the main reasons for th… | |
19 obesity crisis. The common approach nowadays is to do everything on the … | |
20 including parsing requests, modifying files and databases, generating HT… | |
21 all that using unfit languages like PHP or JavaScript, which is a securi… | |
22 efficiency nightmare. | |
23 | |
24 Over the years we have seen massive amounts of security holes in numerous | |
25 applications of tools commonly used for these jobs (PHP, node.js, | |
26 CGI-implementations, ...). The reason why we are in this situation in th… | |
27 place is due to the fact that the jobs of data processing and data | |
28 presentation, which should be separate, converged together into one. | |
29 | |
30 The solution is to rely on static regeneration independent from the web … | |
31 which just serves static files. You can still implement e.g. form handle… | |
32 dynamic content which run as their own network instance and operate | |
33 independently from the web server. What's left is just to generate the s… | |
34 content using the database and repeating this process in case the databa… | |
35 updated. | |
36 | |
37 This way the jobs of data processing and data presentation are separate … | |
38 with many advantages. All requests are handled with constantly low laten… | |
39 with the possibility of serving everything directly from RAM (using a ra… | |
40 Separated concerns make it very unattractive to attack the web server it… | |
41 and the attack surface that is left, if it is present at all, is the sep… | |
42 form handler, which can be implemented in a very simple, safe and effici… | |
43 manner. | |
44 | |
45 In case there is an attack on this infrastructure and the attacker manag… | |
46 DoS the form handler, the serving of content is still unaffected. | |
47 | |
48 TLS-support | |
49 ----------- | |
50 quark does not natively support TLS. A more suckless approach than to | |
51 implement TLS into it is to use a TLS reverse proxy (e.g. [tlstunnel](ht… | |
52 [hitch](https://hitch-tls.org/) or [stunnel](https://www.stunnel.org/)). | |
53 It accepts encrypted TLS connections and forwards them as unencrypted | |
54 requests to a server. In this case, one can run such a reverse proxy to … | |
55 on a public IP address and forward the requests to a local port or UNIX-… | |
56 | |
57 Solutions | |
58 --------- | |
59 * [saait](https://git.codemadness.org/saait/file/README.html) site gener… | |
60 * [stagit](https://git.codemadness.org/stagit/file/README.html) git page… | |
61 | |
62 Development | |
63 ----------- | |
64 You can [browse](//git.suckless.org/quark) the source code repository or… | |
65 copy with the following command: | |
66 | |
67 git clone https://git.suckless.org/quark | |
68 | |
69 Author | |
70 ------ | |
71 * Laslo Hunhold ([email protected]) | |
72 | |
73 Please contact me when you find information that could be added to this … |