> No reverse proxies required!

This is one that has always baffled me. If there's no specific reason that a reverse proxy is helpful, I will often hang an app with an embedded Jetty out on the internet without one. This has never lead to any problems.

Infra or security people will see this and ask why I don't have an nginx instance in front of it. When I ask why I need one, the answers are all hand-wavy security or performance, lacking any specifics. The most specific answer I received once was slow loris, which hasn't been an issue for years.

Is reverse proxying something we've collectively decided to cargo cult, or is there some reason why it's a good idea that applies in the general case that I'm missing?

Cool! I also wrote my own C web server (sources linked below) which ran a commercial website for a while. It's amazing how small and light you can make an HTTP/1.1 webserver. The commercial site ran on a machine with 128MB of RAM and 1 CPU (sic) and routinely served a large proportion of schools in the UK with a closed source interactive, web-based chat system. However that was 20 years ago when the internet was a slightly less hostile place.

He mentions bots make great fuzzers, but I think he should also do a bit of actual fuzzing.

http://git.annexia.org/?p=rws.git;a=tree Requires: http://git.annexia.org/?p=c2lib.git;a=tree http://git.annexia.org/?p=pthrlib.git;a=tree

Hello everyone! This is a fun little project I started in my spare time and thought you'd appreciate :)

Awesome! I used to think (well, I still do) that getting a barebones service up and running using the system APIs at the lowest level like this is so satisfying. It's sort of magical, really. And to see it serve real traffic! I'm kind of surprised that the vanilla poll() can put up numbers like you were seeing, but I guess it's been a while since I've had to do anything event related/benchmark at that level.

I love the connection-specific functions and related structs and arrays for your connection bookkeeping, as well as the poll fd arrays. It's very reminiscent of how it's done in lots of other open source packages known for high throughput numbers, like nginx, redis, memcached.

Great work!

You may be interested in this https://news.ycombinator.com/item?id=27431910

> As of 2024, the althttpd instance for sqlite.org answers more than 500,000 HTTP requests per day (about 5 or 6 per second) delivering about 200GB of content per day (about 18 megabits/second) on a $40/month Linode. The load average on this machine normally stays around 0.5. About 19% of the HTTP requests are CGI to various Fossil source-code repositories.

Aside, if you want to write C apps but aren't comfortable writing the public facing parts, 'Kore' is a great framework with some handy builtins like ACME cert management, Pgsql, curl, websockets, etc.

Essentially build and run modules, and they can be combined (including mixing Lua/Python + C.)

https://kore.io/

Finally a website that doesn't crash when it shows up on the front page

>I enjoy making my own tools and I'm a bit tired of hearing that everything needs to be "battle-tested." So what it will crash? Bugs can be fixed :^)

I love it

Only 3.4k of C code for a full http and https server? I honestly thought you would need a lot more for it to be fully compliant with the spec.

Reminds me of that Chaos Communication Congress talk about a blog/web server written in C, but with a bunch of security features (immutable storage, dropped privileges, blog has no access to TLS certificate, etc.): https://www.youtube.com/watch?v=TaE28fJVPTk

Like this sort of approach.. Go back to basics and use what's strictly required. Remember McNealy (?) once said you can choose dozen different shapes Microsoft word uses to highlight spelling errors or something to that effect.

There's lots of bloat in practically every software not sure how much it affects performance but it's nice to build something from scratch.

Congrats to developer

My blog (https://forwardscattering.org/) uses a C++ web server too: https://github.com/Ono-Sendai/blog

How about embedding the contents of the HTML files so that no access to the filesystem is required?

That would make it not only faster but also safer.

Very cool! I was working on something similar at one point, but I sort of gave up on it when I wanted to move it from the "toy server that works on localhost" stage to something that I could actually deploy in the wild. I got overwhelmed by decision paralysis for how to proceed: should I just use a reverse proxy? Or should I rewrite my backend code to be some kind of plugin for some existing server software? If so, what kind of plugin, and for which software?

It's very inspirational to see that you've just said screw it, I'm going to host my own HTTPS server, and also hey reddit, do your worst, try to break it. Now I want to work on my similar project again.

For anyone similarly inspired, but who doesn't know where to begin making an HTTP server, check out this excellent tutorial that walks you through everything you need to make an HTTP/1.0 server, and then grow it to handle HTTP/1.1: https://www2.cs.uh.edu/~gnawali/courses/cosc6377-f12/p1/http...

Nice. I've done this in the past. But I feel like attempting to make a file serving http server is like adding preservants and high fructose corn syrup to home made baked goods.

You have the opportunity to really make something custom and of high quality, hard code the paths of your files and avoid a whole class of vulnerabilities for example.

Configuration files? That makes sense when programmer and sysadmin are distinct, you can just modify variables and recompile.

Kudos for your project -- it is great fun and a learning experience to implement your own HTTP server in a low(er)-level language.

One question: you say that "Transfer-Encoding: Chunked responds with 411 Length Required, prompting the client to resend with Content-Length". Is there a reason for doing this (security perhaps), or is it just a choice?

looks like it’s survived the HN front page hug. Congrats.

> No Transfer-Encoding: Chunked (responds with 411 Length Required, prompting the client to resend with Content-Length

I've always wanted to undertake a project similar to this but chunked encoding has always been the thing that put me off the idea... I never even though about just not supporting that :)

I've written many http/1.1 servers in the past but only for internal stuff that I also controlled the clients. Guess perfection was the enemy of good for me.

This is amazing. Seriously, more things should be custom-coded. Why not?

I like the string handling, especially

  #define LIT(S) ((string) {.data=(S), .size=sizeof(S)-1})
  #define STR(S) ((string) {.data=(S), .size=strlen(S)})

I did something similar in LabView once. There were reasons.....

Making a HTTP/1.1 server is so fun and teaches so much about networking. I highly recommend anyone interested in networking or web development give it a try.

> Show HN: Hosting my website using my own C web server

"But if you actually do this, WAT" – https://www.destroyallsoftware.com/talks/wat

As with much of HN, this is fun, a good thing to learn while making and reading about... but it likely needs the caveat that doing this is production isn't a good idea (although in this case the author does not appear to encourage production usage).

I use lighttpd which is lighter and simpler than nginx

Nginx is C web server.

I love it!

It’s fast!

I have always wanted to try out something like this.

Good job!

Nice, now lets see Paul Allen's web server.

cool project, but the readme has a disingenuous comparison bench against nginx. why even put it there?

Why? How is this better than running nginx or Apache2?

Great project. Down for me.

$ curl http://playin.coz.is/index.html

curl: (7) Failed to connect to playin.coz.is port 80 after 166 ms: Couldn't connect to server

Not to compare but i realice this is something you can do with rust with few lines

https://github.com/actix/actix-web/tree/master/actix-http