Sign In / Register

Contents

  1. Description
  2. Features
  3. Benchmarks
  4. Grom connector
  5. Installation
  6. Administration
  7. FAQ
  8. Contact/support
  9. Appendix

Version 2.0.22

Bauk HTTP Server

1. Description

Bauk is a free, open-source, high performance Web server which provides advanced features such as complete ASP-like scripting environment for Server-Side JavaScript, PHP, Perl, Python and Tcl, portability to wide range of Unix-like operating systems (Linux and *BSD systems), easy installation and management, security, configurability, efficiency, flexibility, and many other.

Because of extreme power and low memory consumption, Bauk has excellent universal application and use in different environments. Eg. it is suitable for dedicated and VPS servers, for powering Virtual Hosts, downloads, dynamic and rich style web sites, social Web sites, discussion boards, shared/mass hosting, scripting and application server, for personal use/fun, or just about anything else you imagine. See Bauk Features.

2. Features

  • Static and Dynamic Content — Bauk provides complete ASP-like scripting environment for Server-Side JavaScript, PHP, Perl, Python and Tcl. Ie. easy just like working with HTML files, scripts placed in web directory automatically executed by web server/interpreter
  • Extreme Performance — Uses only standard and advanced program techniques/algorithms for providing extreme performance, eg. does not relay on any OS-specific features (eg. TCP related) for increasing speed. Faster, reliable, portable
  • Extreme Power — Maintains same performance with any load and never degrades. Bauk is not only faster and more efficient than other web servers, it always operates with same extreme speed. Ie. no matter what load HTTP clients create, properly configured it never degrades performance level. See our benchmarks for info and BaukBench HTTP/1.1 benchmark tool and compare/verify yourself
  • OS support and portability — 32bit/64bit Linux, *BSD and POSIX-compliant operating systems. No configuration required, compiles directly out of the box in a single "make bauk" command. No dependancies to chase, versions and parts, etc. requires minimum time from user
  • Single-process architecture — Architecture that provides highest speed and most effective resource utilization. Uses only a single process for all tasks
  • Advanced memory management — Bauk always returns memory to system. Does not retain unused memory but returns it to system for further use. Ie. you can notice Bauk process returns to initial size as it releases memory
  • Unlimited number of HTTP connections / clients — Serving thousands of simultaneous HTTP connections on single system without any performance penalty. For example, Bauk serves 4000 simultaneous connections with ease, ie. simply a matter of config parameter adjustment. In some cases admins using Apache disable KeepAlive to avoid clients holding connections. With Bauk you never have to revert to such means
  • SSL/TLS support — Support for SSL/TLS secure/encrypted HTTP connections
  • Virtual Hosts — Allows serving unlimited number of Virtual Hosts on a single system without any performance penalty
  • Virtual Host aliases — Allows setting additional names for a single Virtual Host, ie. host "domain.com" with aliases "www.domain.com", "www.domain.net", "www.otherdomain.org", etc.
  • Host / domain name matching — Using wildcards "*" for matching host names ie. "*.domain.com", "www.*.domain.com", "*.domain.*", etc.
  • Dynamic Virtual Hosts — Add/remove hosts on-the-fly simply by adding/removing a directory, ie. www.domain.com → /path/to/www.domain.com/ without server stopping/restarting and config change
  • RDP (Reverse Domain Path) Dynamic Virtual Hosts — Ie. www.domain.com → /path/to/com/domain/www/
  • URL Path — Define URL and path with type of access, ie. read, write, browse, execute, require HTTP authentication, define precisely type of access to server resources
  • Clean URLs — Passing arguments by URL in form ie. "http://www.domain.com/arg1/arg2/arg3"
  • Full HTTP/1.1 standard compliance
  • Full CGI/1.1 standard compliance
  • Persistent/KeepAlive HTTP connections
  • GZIP compression — Automatic on-the-fly content and file compression. Bauk's own GZIP library
  • HTTP authentication — VirtualHost main and directory based authorization scripts
  • Content negotiation — By client language and charset
  • MIME types configuration
  • Configurable HTTP headers — Configurable HTTP headers per MIME type
  • Configurable error documents — Configurable error HTML pages, web scripts and CGI scripts
  • Styled directory listings — Server generated directory listings with custom HTML header/footer and icons. Highly customizable, craft your own style and visual identity of site's dynamic directory listings. See examples of styled directory listings on Bauk web site:
  • Built-in suexec wrapper — CGI scripts and interpreters, ie. PHP, Server-Side JavaScript, Perl, Python, Tcl
  • Secure CGI scripts execution — Identity, path, workdir verification, additional security options and limits
  • 3 security layers for CGI execution — By URL limit to X-only ie. CGI dir, for RX-URL imply X-only for executable files, and limit to X-only by extension
  • Limits — Set limits and control resource utilization:
    • CGI scripts — Max simultaneous CGI processes, priority, max CGI execution time (duration), max CPU time, max memory
    • Network traffic — VirtualHost I/O bandwidth control
    • Max connections per VirtualHost
    • Max connections per Client
  • Access restriction by IP address — Forbid and allow-only
  • FileCache — Set limit for FileCache and up to configured amount of ram Bauk retains recent files in cache and serves directly from memory providing extreme performance
  • Fully configurable HTTP-log format — Info available from over 50 variables, ie. URL, path, served path, data length, client header variables, host specific info ie. connections, traffic, reply status, server status/errors, etc.
  • Easy HTTP-log management — Ie. VirtualHost's log move, remove, replace, without server stopping/restarting
  • User/group server identity change
  • Chroot feature
  • Extensive configurability — Bauk is one of the most configurable web servers available, its configuration includes several hundreds config options
  • Bauk configuration script language — See example Bauk configuration script syntax
  • HTTP authentication scripts — Configure URL's and realms with authenticated users/passwords and IP's in VirtualHost's main and directory based authorization scripts, see more info
  • Forbid-IP scripts — Restrict access for listed IP's using VirtualHost's forbid-IP scripts, see more info
  • Easy administration
  • Flexibility

3. Benchmarks

Bauk HTTP Server has techologically advanced design and memory management (always returns memory to system) with integrated load balancing, which allow it to always operate at same, extreme speed, regardless of what load HTTP clients generate. This is unique Bauk feature, there is no other web server that provides this kind of performance.

It is based on single-process architecture which provides small memory footprint and exceptionally high performance. For comparison, Bauk is 3-8 times faster than Apache and uses as little as 10% of system resources in a same configuration and usage pattern. Servers that suffer load problems with Apache and barely operate, with Bauk run by speed of lightning.

Below is a set of Bauk versus Apache benchmark tests that reflect speed in serving requests, and results can be used as reference values for comparing Bauk to Apache or any other web server.

Benchmark Suite

Server

Hardware

AMD Athlon 3GHz Dual Core
16GB ram
2TB SATA disk
Linux 2.6 kernel

Software

Bauk Version 2.0.19
Apache Version 2.2.11

Client

Hardware

Intel Core2 Duo 2.6GHz Dual Core
4GB ram
1TB SATA disk
Linux 2.6 kernel

Software

BaukBench Version 1.0.7
http://www.bauk.ws/baukbench/

Network

Hardware

1Gb Network


Benchmark Client

Benchmark tests use BaukBench HTTP benchmarking client (comes included with Bauk HTTP server source), it is capable of producing extreme load without consuming large amount of resources on client system. This is important as it means that client will be able to generate high load to test a web server at its highest performance and determine its max capabilities.

Comparable results can be obtained by ApacheBench "ab" client, with keeping number of simultaneous connections lower ie. up to 100 to avoid hitting its limits.

Web Server Configuration

Both Bauk and Apache server configs have logging disabled for max performance.

Bauk configuration script "bauk.cfg"

//VirtualHost "www.domain.com"
vhost_create("single", "www.domain.com", "/home/user/www_domain_com/");
//root URL and path it translates to
vhost_url_path("/",       "./html/", "GHP", "lbr");
vhost_url_path("/icons/", "/usr/local/bauk/SHARE/icons/", "GH", "lbr");
vhost_alias("*.domain.com", "123.45.6.78");    //VirtualHost's aliases
vhost_save() ;                                 //store this VirtualHost
/*
Example:
http://www.domain.com/       --> /home/user/www_domain_com/html/
http://www.domain.com/icons/ --> /usr/local/bauk/SHARE/icons/
*/

//MIME types
mime("html,htm", "text/html");
mime("css",      "text/css");
mime("bmp",      "image/bmp");
mime("gif",      "image/gif");
mime("jpg",      "image/jpeg");
mime("png",      "image/png");

//Main server configuration:
int BAUK_NO      = 0;
int BAUK_YES     = 1;
int nConnections = 3*1024; //3k simultaneous HTTP connections

//Configure system side of HTTP connections:
system_connection(nConnections);    //Number of connections system ques/listen
system_tcpnodelay(BAUK_YES);        //TCP 0=delayed=more efficient, 1=no delay=faster

//Bauk HTTP connections parameters:
bauk_connection(
     /*simult*/       nConnections,  //Max 3k simultaneous connections
     /*maxrequests*/  200000,        //Max 200k KeepAlive requests per connection
     /*maxpostlen*/   -1,            //Max allowed POST/PUT data length
     /*writeblock*/   -1,            //Connection "write" block, -1 default (ie. 16KB)
     /*outputwhole*/  BAUK_NO,       //Output whole block, 0 best try, 1 yes, whole block
     /*tmaxidle*/     35,            //35 sec connection KeepAlive/idle time
     /*tmaxduration*/ 30*60          //30 minutes max request duration
     );
//
bauk_workdir("/usr/local/bauk/bin/");          //Bauk working directory
bauk_pidfile("/usr/local/bauk/bin/bauk.pid");  //Pidfile path
bauk_tmp("/usr/local/bauk/tmpfiles/");         //Temp files dir
bauk_usergroup("bauk", "bauk", "e");           //Change user/group; "r" real, "e" effective
bauk_bind("*", 80);                            //Bind to interface

//Enable GZIP compression
bauk_gzip(5, "html,htm,css,txt,js,xml,wml");

See below chapter Bauk configuration for more detailed "bauk.cfg" script.

Apache configuration script "httpd.conf"

#
ServerRoot "/usr/local/apache2"

Listen 80
MaxKeepAliveRequests 200000
KeepAliveTimeout 35

<IfModule !mpm_netware_module>
<IfModule !mpm_winnt_module>
User daemon
Group daemon
</IfModule>
</IfModule>
ServerAdmin you@example.com

#
DocumentRoot "/usr/local/apache2/htdocs"

<Directory />
    Options FollowSymLinks
    AllowOverride None
    Order deny,allow
    Deny from all
</Directory>

#
<Directory "/usr/local/apache2/htdocs">
    Options Indexes FollowSymLinks
    AllowOverride None
    Order allow,deny
    Allow from all
</Directory>

<IfModule dir_module>
    DirectoryIndex index.html
</IfModule>

DefaultType text/plain

Test Load

In benchmark tests the load is created by requests for small 1K HTML file which represents the size of many files such as HTML, CSS style sheets, .gif .jpg .png images etc. typically requested on a server hosting busy and popular sites.

This provides stress test that measures speed of requests serving, ie. number of requests served per second.

Large files such as ISO downloads, GZIP files, audio and video files, etc. represent absolutely no difficulty for Bauk as it uses single process architecture and large downloads or large number of (slow) connections do not have any negative effect ie. it handles large number of connections without it having any impact on resource usage.
  • Benchmark 1.

    In first benchmark test load is created by BaukBench client producing large number of 1000000 (1M) requests, using KeepAlive, and 10 simultaneous HTTP connections to Bauk and Apache server.

    Test

    $ bb -host www.domain.com -port 80 -url /page.html -n 1000000 -c 10 -k

    Results

    Bauk HTTP Server

    Time taken
     104.81 seconds
    Speed
     9540.78 RPS
    Memory
     3.01 MB

    Apache HTTP Server

    Time taken
     320.60 seconds
    Speed
     3119.11 RPS
    Memory
     121.10 MB

    Bauk server accomplishes same task with 3.05 times higher speed than Apache and consumes moderate 3MB of ram which is significant difference to 121MB consumed by Apache.

  • Benchmark 2.

    In second benchmark test the load is produced by large number of 1000000 (1M) requests, using KeepAlive, and higher number of 250 simultaneous HTTP connections to Bauk and Apache server.
    The number of 250 connections represents the upper limit for Apache server while it is an entry level for Bauk server which does not limit the number of simultaneous HTTP connections.

    Test

    $ bb -host www.domain.com -port 80 -url /page.html -n 1000000 -c 250 -k

    Results

    Bauk HTTP Server

    Time taken
     113.54 seconds
    Speed
     8809.20 RPS
    Memory
     4.12 MB

    Apache HTTP Server

    Time taken
     335.29 seconds
    Speed
     2983.20 RPS
    Memory
     3.02 GB

    In second test Bauk web server demonstrates low memory consumption of total 4MB of ram and 3 times higher speed of serving requests and Apache consumes a very high amount of 3GB of ram.

  • Benchmark 3.

    In third benchmark test the load is produced by large number of 1000000 (1M) requests, using KeepAlive, and higher number of 2000 (2K) simultaneous HTTP connections to Bauk and Apache server which simulates ie. a busy site or shared host with many Virtual Hosts.
    The number of 2000 connections is beyond limit for Apache server and it experiences the lower performance and requests timeout, while Bauk server handles it with ease.

    Test

    $ bb -host www.domain.com -port 80 -url /page.html -n 1000000 -c 2000 -k

    Results

    Bauk HTTP Server

    Time taken
     118.09 seconds
    Speed
     8484.17 RPS
    Memory
     5.21 MB

    Apache HTTP Server

    Time taken
     981.93 seconds
    Speed
     1018.45 RPS
    Memory
     3.02 GB

    Bauk web server acomplishes same task with 8.33 times higher speed and using moderate 5MB of ram, comparing to Apache which consumes a high amount of 3GB of ram.

Conclusion

High performance level is relevant for all servers hosting high traffic web sites and operating in extreme and demanding conditions.

Bauk HTTP server provides extremely high performance and speed with all tasks, serving static and dynamic content, graphics intensive and Rich Style web sites, etc. Bauk accomplishes it with maximum efficiency. Installing Bauk or replacing Apache by Bauk provides noticeable difference in both number of clients served in same time unit and much more efficient and effective resource utilization increasing server's overall performance.

Check why users rate it so well, Download Bauk.

4. Bauk HTTP Server's Grom connector

Bauk HTTP Server's Grom (Thunder) connector is a server interface and library which provide any interpreter with command line interface ability to operate in persistent mode (interpreters compiled and linked with Grom connector library "libgromcgi.a" become capable of executing multiple scripts by a single process before exit).

Grom connector has key specific feature that it is universal for large number of interpreters, and it provides persistent process model for extreme performance (for comparison it's 5 times higher than CGI execution and 2.5 times higher than FastCGI).
It includes advanced features such as process limits, suexec (interpreters run under real UID of script owner), and allows simple and easy web scripts management ie. like HTML files, no trouble with file location, permissions, etc., scripts placed in web directory automatically executed by web server/interpreter.

Supported Interpreters

Bauk HTTP Server provides support for following interpreters/scripting languages:
  1. Server-Side JavaScript — Download latest bundled package (Bauk/GromJS) from GromJS homepage, GromJS interpreter based on Mozilla SpiderMonkey JS core script engine, see INSTALL_gromjs.txt for install instructions
  2. PHP — Download PHP from its official site or from /addons/ directory, and compile according to INSTALL_gromphp.txt in Bauk src dir
  3. Perl — Download Perl from its official site or from /addons/ directory, and compile according to INSTALL_gromperl.txt in Bauk src dir
  4. Python — Compile according to INSTALL_grompython.txt in Bauk src dir
  5. Tcl — Compile according to INSTALL_gromtcl.txt in Bauk src dir
See chapter Installation for more information on compiling persistent interpreters.

Persistent Process Model

Bauk HTTP Server's Grom connector provides wide range of interpreters with command line interface ability to operate in persistent mode for extremely high performance.

Let's take, for example, PHP interpreter, as CGI or from command line it is started by executing the script on path ie. /path/to/script.php.
Compiled and linked with Grom persistent interpreter connector library "libgromcgi.a", PHP operates in persistent mode, which now we can call Persistent PHP (gromphp), and in Bauk configuration script "gromphp" is set in charge of executing all *.php files located in web directory.

Accepting the first request for *.php script (or Server-Side JavaScript, Perl, Python, Tcl, etc.) Bauk HTTP Server creates new persistent interpreter process "gromphp" which executes the script, and returns into "idle" state awaiting for next request.
All further requests are executed by available persistent interpreter process(es), with new processes automatically created when and if required.
The max number of script executions per process ie. 50, 100, 5000, etc. and max number of simultaneous processes ie. 1, 500, 1000 etc., is set in Bauk configuration script, with appropriate idle interpreter timeout value ie. 15 sec, 2 min, 5 hours etc.

Here is a sample Bauk configuration script "bauk.cfg" with settings for persistent interpreters:

Segment from Bauk configuration script "bauk.cfg"

//configure persistent interpreter connector:
grom_bind("127.0.0.1", 9001);          //Grom connector IP and port
grom_limit(
     /*nmaxsimultproc*/  1024,         //max simult. persistent interp. processes (PPs)
     /*nmaxprocperuser*/ -1,           //max simult. PP per user id (scriptfile owner)
     /*nmaxchild*/       50,           //max child per PP UID
     /*nprio*/           0,            //PP priority 0-20; 0=normal, 20=lowest
     /*tmaxconnecting*/  10,           //idle PP connecting time max 10sec
     /*tmaxexecution*/   30,           //PP must execute/finish request in max 30sec
     /*tmaxidle*/        15*60,        //max PP idle time 15min
     /*tmaxsessionvar*/  365*24*60*60, //max session variable duration 1 year
     /*nmaxrss*/         40*1024*1024, //max 40mb PP RSS (memory footprint), in bytes
     /*nmaxfilesize*/    -1,           //max allowed file size (-1 for unlimited)
     /*nmaxrequests*/    4500          //max 4500 requests (scripts) by PP before exit
     );
//configure persistent interpreters:
//gromphp executes all .php .php4 files
grom_interpreter("/usr/local/bauk/bin/gromphp --GromKeepAlive", "php,php4");
//gromjs executes all .jsx .jsp .jss .sjs files
grom_interpreter("/usr/local/bauk/bin/gromjs --GromKeepAlive", "jsx,jsp,jss,sjs");
//gromperl executes all .pl files
grom_interpreter("/usr/local/bauk/bin/gromperl --GromKeepAlive", "pl");


Please see default Bauk configuration script "bauk.cfg" provided with Bauk distribution for more details.

5. Installation

Bauk HTTP Server installation

Download latest version of Bauk HTTP Server from:
http://www.bauk.ws/
Bauk TAR GZIP archive ie. "bauk-n.n.n.tgz" unpacked creates a directory named "bauk-n.n.n" with 'n' being Bauk version numbers. Installation process doesn't move/create any files outside of original dir, allowing administrator to choose suitable location after compilation is complete.

Basic steps to compile, install and start Bauk HTTP Server on a Unix-like system are:

$ tar xfz bauk-n.n.n.tgz
$ cd bauk-n.n.n/src/
$ make bauk
$ su (switch to root)
# mkdir /usr/local/bauk/
# mkdir /usr/local/bauk/bin/
# cp bauk bauk*.cfg baukctl.sh /usr/local/bauk/bin/
# cd /usr/local/bauk/bin/
# vi bauk.cfg (edit configuration scripts bauk.cfg and bauk_*.cfg)
# ./bauk bauk.cfg (start Bauk HTTP Server)

Below is one sample Bauk install dir/file structure.

Example Bauk install directory structure

# adduser -s /sbin/nologin bauk
# mkdir /usr/local/bauk/
/usr/local/bauk/             (install dir)
               bin/          (bin dir)
                  bauk.cfg   (Bauk config script)
                  bauk.pid   (pidfile)
                  baukctl.sh (process manager script)
                  bauk       (Bauk web server executable)
                  gromjs     (persistent SpiderMonkey SSJS interpreter)
                  gromphp    (persistent PHP interpreter)
                  gromperl   (persistent Perl interpreter)
                  grompython (persistent Python interpreter)
                  gromtcl    (persistent Tcl interpreter)
               VHOSTS/       (Virtual Hosts)
                     www.domain.com/
               DVHOSTS/      (Dynamic Virtual Hosts)
                      www.domain.com/
                      www.otherdomain.net/
               RDPVHOSTS/    (RDP Virtual Hosts)
                        com/
                           domain/
                                 www/
               SHARE/        (shared data)
                    icons/
/home/user/www_domain_com/   (user-based Virtual Host)
                         html/
If using Bauk process manager "baukctl.sh" script edit and set correct value for pidfile path, and that should be the same value you've set in Bauk configuration script for pidfile (ie. /usr/local/bauk/bin/bauk.pid).

To start Bauk using process manager script:

$ ./baukctl.sh start

Bauk's process manager script "baukctl.sh" handles and automates server starting/stopping and creation/usage of PID file. Script also features other commands, ie. start, stop, terminate, restart, etc. For brief instructions, type:

$ ./baukctl.sh help

After start, use program like "ps" or "top" to check whether server is running. Note that in order to have server working on port 80 you may need special system privileges, ie. usually "root" user.

Compiling persistent interpreters

The procedure of compiling/linking interpreters with Grom persistent interpreter connector library and producing persistent interpreter ie. PHP, Perl, Server-Side JavaScript, Python, Tcl, etc. is relatively simple and consists of basic 3 steps:
  • Compiling the interpreter itself
  • Compiling Bauk's Grom connector library "libgromcgi.a"
  • Linking interpreter with Grom connector library "libgromcgi.a" and producing persistent interpreter
Bauk HTTP Server's TAR GZIP archive and INSTALL file includes instructions for compiling supported persistent interpreters, with specific install file for each interpreter, ie.:
  • INSTALL_gromphp.txt
  • INSTALL_gromjs.txt
  • INSTALL_gromperl.txt
  • INSTALL_grompython.txt
  • INSTALL_gromtcl.txt
...for compiling persistent PHP, GromJS Server-Side JavaScript, Perl, Python, and Tcl interpreters.

Below is procedure for compiling persistent PHP interpreter.

Compiling/linking interpreters with Grom connector library

In this chapter we describe step-by-step procedure for compiling and installing persistent PHP (gromphp) interpreter.
This procedure is same for all supported interpreters and description given here can be used for any of them with very little difference.

Sample "INSTALL_gromphp.txt" file:

Assuming that, when unpacked, Bauk HTTP Server's and PHP source directories are:
/path/to/bauk-n.n.n/
/path/to/php-5.2.6/


Step-by-step installation:
  1. Download and compile ie. PHP 5.2.6. Official supported PHP versions also can be downloaded from /addons/ directory.
  2. Compile PHP in CGI mode (which is default) by executing:

    $ cd /path/to/php-5.2.6/
    $ ./configure
    $ make

    This step is taken to check wether compilation completes without problems on specific platform and if succesfull, compilation creates new executable named "php" in PHP "sapi/cgi" dir.
    If encountering errors in compilation, you can remove/disable some of the PHP options to create simpler PHP executable, by running configure with parameters ie. (single line):

    $ ./configure --disable-dom --disable-libxml --without-iconv
                  --disable-simplexml --disable-xml --disable-xmlreader
                  --disable-xmlwriter --without-pear
                  --with-mysql=/usr/local/mysql
    $ make

    After compilation completes, to clean everything and prepare for new fresh compilation with Grom connector library, execute:

    $ make clean

  3. Change working dir to Bauk's src dir compile Bauk HTTP Server and Grom persistent connector library, by executing:

    $ cd /path/to/bauk-n.n.n/src/
    $ make bauk
    $ make libgromcgi GROMPHP=1

    The compilation creates Bauk executable "bauk" and places required files into src directory "gromconnector/gromphpconnector".
  4. From Bauk's src copy entire "gromphpconnector" dir to PHP src:

    $ cp -R ./gromconnector/gromphpconnector /path/to/php-5.2.6/
    $ cd /path/to/php-5.2.6/gromphpconnector/
    $ ./gromphp_compile.sh

    The script "gromphp_compile.sh" performs compilation of PHP interpreter and links it with Grom connector library "libgromcgi.a", creating persistent PHP interpreter.
  5. Newly created executable "gromphp" is located in PHP "sapi/cgi" dir. Copy "gromphp" executable into Bauk's bin dir (or another location) and configure that path in Bauk's configuration script for executing all *.php files.

    $ cd sapi/cgi/
    $ cp gromphp /usr/local/bauk/bin/
    $ cd /usr/local/bauk/bin/
    $ vi bauk.cfg (edit Bauk configuration script)

    //Segment from Bauk configuration script "bauk.cfg":
    //gromphp executes all *.php files
    grom_interpreter("/usr/local/bauk/bin/gromphp", "php");
  6. After editing config script "bauk.cfg" start Bauk HTTP Server.

    $ ./bauk bauk.cfg

    Put your web scripts to web accessible dir and point your browser to URL for specific dynamic page/script to verify that interpreter executes it:

    http://www.domain.com/script.php

  7. That is it, persistent PHP interpreter is installed and ready for use

Compiling Bauk with SSL/TLS support

Bauk HTTP server implements secure hypertext transfer protocol (HTTPS) using Secure Socket Layer/Transport Layer Security (SSL/TLS) provided by OpenSSL library. This section covers the procedure of compiling and linking Bauk HTTP server with OpenSSL library and producing a SSL-enabled version of Bauk HTTP server.

Compiling/building Bauk with SSL/TLS support

The procedure of compiling Bauk with OpenSSL library is simple and can be performed following these steps:
  1. Download the latest OpenSSL library and unpack.
  2. In OpenSSL dir follow the install instructions in order to compile the library. Use "config" with option "no-threads" to compile OpenSSL library without support for threads (threads have additional complexity and sometimes know to cause problems). From command line execute:

    $ ./config no-threads
    $ make

    If compilation is successful libraries "libcrypto.a" and "libssl.a" are created.
  3. Directory with OpenSSL *.h header files is ie. "openssl-0.9.8/include/openssl/". Copy from OpenSSL the whole dir into Bauk src dir, ie. by executing:

    $ mkdir /path/to/bauk-n.n.n/src/openssl/
    $ cp -Rf ./include/openssl/* /path/to/bauk-n.n.n/src/openssl/

    After that the directory "/path/to/bauk-n.n.n/src/openssl/" with OpenSSL *.h files should exist. This avoids installation of OpenSSL headers into "/usr/include/" and keeps the whole instalation within Bauk's src dir.
  4. From OpenSSL src dir copy "libcrypto.a" and "libssl.a" libraries into Bauk src dir. Change workdir to Bauk src dir and execute make baukssl.
    After successful compilation new executable "baukssl" is created which is the SSL-enabled Bauk executable. Copy the "baukssl" executable to Bauk's bin dir ie. "/usr/local/bauk/bin/".

    $ cd /path/to/openssl-n.n.n/
    $ cp libcrypto.a libssl.a /path/to/bauk-n.n.n/src/
    $ cd /path/to/bauk-n.n.n/src/
    $ make baukssl
    $ cp baukssl /usr/local/bauk/bin/

  5. In Bauk configuration script you're using ie. "baukssl.cfg" or "mysecureserver.cfg" edit the segment related to SSL/TLS configuration:
    //Segment from Bauk configuration script "baukssl.cfg":
    //configure SSL/TLS support:
    bauk_bind("*", 443);                         //port number 443, default for HTTPS
    bauk_pidfile("/usr/local/bauk/bin/baukssl.pid");  //pidfile path
    grom_bind("127.0.0.1", 9002);                //Grom connector server IP and port
    ssl_certificate("server.pem");               //certificate file ie. myserver.cert
    ssl_privatekey("server.pem");                //Private Key file ie. myserver.key
    ssl_version("SSLv2", "SSLv3", "TLSv1");      //choose SSL/TLS versions to enable
    
    Note: for ssl_version() use versions you want to enable and remove other ie. if enabling SSL, remove TLS, and vice versa. You can enable both SSL v2 and v3 by entering "SSLv2" and "SSLv3", or if you want to enable only SSL v3, enter only "SSLv3" and remove other.
    Note: grom_bind() is set to port 9002 to leave port 9001 free for plaintext HTTP, if serving dynamic pages both with HTTP and HTTPS at same time.
  6. In Bauk's bin dir run SSL-enabled Bauk from command line:

    $ cd /usr/local/bauk/bin/
    $ ./baukssl baukssl.cfg

  7. If Bauk was successfuly started, you can access configured domain name(s) by secure connection (HTTPS) using the URL ie.:

    https://www.domain.com/

  8. That is it, you have configured and started secure Bauk server. Performing the rest of configuration such as VirtualHosts, persistent interpreters, etc. is identical as with standard (plain-text) HTTP service.
    Note: For running highly secure server, follow general guidelines for using applications with OpenSSL and installation/management of related files (ie. protecting keys).

Generation and installation of OpenSSL self-signed certificate and keys

This chapter covers quick method of generating OpenSSL self-signed certificate and keys and their installation. Using self-signed certificate is an option which is preffered in some cases ie. for testing web server's SSL configuration/setup or personal use.

Assuming the hostname that requires SSL connections is "securehost.domain.com":
  1. In first step, using OpenSSL generate private and public key.
    Command for creating both private and public keys stored in file "server.bothkeys" is:

    $ openssl genrsa -out server.bothkeys 2048

  2. Next step is to create a self-signed certificate from these keys.

    $ openssl req -new -x509 -days 365 -key server.bothkeys -subj '/C=US/ST=Oregon/L=Portland/CN=securehost.domain.com' -out server.cert

    New certificate is created and stored in file "server.cert".

    If prefered, the certificate and keys can be all kept within a single file:

    $ cat server.bothkeys server.cert > server.pem

    Newly created file "server.pem" contains the certificate and keys, and old files "server.bothkeys" and "server.cert" can be removed/deleted.

    Move the file "server.pem" to desired location, ie. Bauk's bin dir, and assure it's protected as it contains private key.
  3. Now make adjustments to your secure Bauk configuration script:
    //Segment from Bauk configuration script "bauk.cfg", settings for HTTPS:
    //configure SSL/TLS support:
    bauk_bind("*", 443);                         //port number 443, default for HTTPS
    bauk_pidfile("/usr/local/bauk/bin/baukssl.pid");  //pidfile path
    grom_bind("127.0.0.1", 9002);                //Grom connector server IP and port
    ssl_certificate("server.pem");               //certificate file
    ssl_privatekey("server.pem");                //Private Key file, can be same
    ssl_version("SSLv2", "SSLv3", "TLSv1");      //choose SSL/TLS versions to enable
    
  4. SSL-enabled Bauk HTTP server is configured to use certificate "server.pem" and now can be started:

    $ ./baukssl mysecureserver.cfg

  5. To access the server through secure HTTP (SSL), use URL with "https://" indicating use of secure protocol, such as:

    https://securehost.domain.com/

  6. That is it, web server is now configured and serving HTTPS connections using self-signed certificate.

6. Administration

Bauk configuration script

Configuring Bauk HTTP server is is performed by making adjustments to configuration script used at server start, the default config script is "bauk.cfg" provided with Bauk distribution.

Bauk server features its own C-like config script language allowing easy and convinient way to set many of server options, and it supports variables, int and string data types, functions, operators, block and line comments, file inclusion, etc.

Below is an example reduced Bauk config script "bauk.cfg" with settings for dynamic VirtualHosts, one custom VirtualHost and PHP, Server-Side JavaScript and Perl scripting:

Example Bauk configuration script "bauk.cfg":

//enable dynamic VirtualHosts:
vhost_create("dynamic", "/usr/local/bauk/DVHOSTS/");
vhost_url_path("/",       "./html/",                      "GHP", "lbr");  //symlinks, browse, read
vhost_url_path("/wiki/",  "./html/wiki/",                 "GHP", "lbrc"); //"clean" url
vhost_url_path("/icons/", "/usr/local/bauk/SHARE/icons/", "GH",  "lbr");
vhost_log("./access.log"); //access log
vhost_save();
/*
Example:
http://www.domain123.com/             --> /usr/local/bauk/DVHOSTS/www.domain123.com/html/
http://www.domain123.com/wiki/abc/def --> /usr/local/bauk/DVHOSTS/www.domain123.com/html/wiki/
http://www.domain123.com/icons/       --> /usr/local/bauk/SHARE/icons/
*/

//custom VirtualHost "www.domain.com", overrides dynamic
vhost_create("single", "www.domain.com", "/home/user/www_domain_com/");
//root URL and path it translates to
vhost_url_path("/",       "./html/", "GHP", "lbr");
vhost_url_path("/icons/", "/usr/local/bauk/SHARE/icons/", "GH", "lbr");
vhost_alias("*.domain.com", "123.45.6.78");    //VirtualHost's aliases
//VirtualHost specific MIME types
vhost_mime("html", "text/html; charset=ISO-8859-2");
vhost_log("./access.log");                     //access log
vhost_save() ;                                 //store this VirtualHost
/*
Example:
http://www.domain.com/       --> /home/user/www_domain_com/html/
http://www.domain.com/icons/ --> /usr/local/bauk/SHARE/icons/
*/

//configure access log format
//NCSA Common Log Format
//123.45.6.78 - - [Mon, 20 Apr 2009 12:40:22 GMT] "GET /page.html HTTP/1.1" 200 1234
global_format_log("$client_ip - $client_user [$server_date_local] "
     +"\"$client_method $client_url $client_protocol\" "
     +"$server_status_http $server_object_length\n"
     );

//MIME types for all Virtual Hosts
//multiple extensions may be separated by ','
mime("html,htm",      "text/html");
mime("txt,log,c,h",   "text/plain");
mime("css",           "text/css");
mime("bmp",           "image/bmp");
mime("gif",           "image/gif");
mime("jpg",           "image/jpeg");
mime("png",           "image/png");
mime("doc",           "application/msword");
mime("exe",           "application/octet-stream");
mime("pdf",           "application/pdf");
mime("js",            "application/x-javascript");
mime("zip",           "application/zip");
mime("tgz",           "application/x-tar");
mime("gz",            "application/x-gzip");
mime("bz2",           "application/x-bzip2");
mime("mid,mid1,kar",  "audio/midi");
mime("mpga,mp2,mp3",  "audio/mpeg");
mime("vrm,vrml",      "model/vrml");
mime("sgm,sgml",      "text/sgml");
mime("wml",           "text/vnd.wap.wml");
mime("wmls",          "text/vnd.wap.wmlscript");
mime("xml",           "text/xml");
mime("mpg,mpe,mpeg",  "video/mpeg");
mime("qt,mov",        "video/quicktime");
mime("avi",           "video/x-msvideo");


//main server configuration:
int BAUK_NO      = 0;
int BAUK_YES     = 1;
int nConnections = 2500;    /*number of simultaneous connections served. Bauk is
                            capable of serving unlimited number of simult. HTTP
                            connections with no performance penalty. Choose
                            number depending on requirements ie. 200, 500, 2000,
                            etc.*/

//configure system side of HTTP connections:
system_connection(nConnections +1); //number of connections system ques/listen
system_tcpnodelay(BAUK_YES);        //0 delayed, 1 no delay


//Bauk HTTP connections parameters:
bauk_connection(
     /*simult*/       nConnections,  //max 2500 simultaneous connections
     /*maxrequests*/  7500,          //max 7500 KeepAlive requests per connection
     /*maxpostlen*/   -1,            //max allowed POST/PUT data length
     /*writeblock*/   -1,            //connection "write" block, -1 default (ie. 16KB)
     /*outputwhole*/  BAUK_YES,      //output whole block, 0 best try, 1 yes, whole block
     /*tmaxidle*/     35,            //35 sec connection KeepAlive/idle time
     /*tmaxduration*/ 30*60          //30 minutes max request durat., must complete in
     );

//configure Bauk server paths:
bauk_chroot("/baukroot/");                //chroot to specified dir
bauk_workdir("/usr/local/bauk/bin/");          //Bauk working directory
bauk_pidfile("/usr/local/bauk/bin/bauk.pid");  //pidfile path
bauk_tmp("/usr/local/bauk/tmpfiles/");         //temp files dir
bauk_usergroup("bauk", "bauk", "e");      //change user/group; "r" real, "e" effective
bauk_bind(
     "*", 80,
     "123.45.6.78", 2081
     ); //bind to multiple interfaces/ports

//enable GZIP compression
//arg0 compression level 0-10; 0 fastest, 10 best compression
//list of comma separated extensions for which gzip is enabled
bauk_gzip(5, "html,htm,css,txt,js");

//configure persistent interpreter connector:
grom_bind("127.0.0.1", 9001);          //Grom connector IP/port
grom_limit(
     /*nmaxsimultproc*/  1024,         //max simult. pers. interpreter processes (PPs)
     /*nmaxprocperuser*/ -1,           //max simult. PP per user (scriptfile owner)
     /*nmaxchild*/       50,           //max child per PPs UID
     /*nprio*/           0,            //PP priority 0-20;  0=normal, 20=lowest
     /*tmaxconnecting*/  10,           //idle PP connecting time max 10sec
     /*tmaxexecution*/   30,           //PP must execute/finish request in max 30sec
     /*tmaxidle*/        15*60,        //max PP idle time 15min
     /*tmaxsessionvar*/  365*24*60*60, //max session variable duration 1 year
     /*nmaxrss*/         40*1024*1024, //max 40mb PP RSS (memory footprint), in bytes
     /*nmaxfilesize*/    -1,           //max allowed file size (-1 for unlimited)
     /*nmaxrequests*/    4500          //max 4500 requests (scripts) by PP before exit
     );
//configure persistent interpreters:
//gromphp executes all .php .php4 files
grom_interpreter("/usr/local/bauk/bin/gromphp --GromKeepAlive", "php,php4");
//gromjs executes all .jsx .jsp .jss .sjs files
grom_interpreter("/usr/local/bauk/bin/gromjs --GromKeepAlive", "jsx,jsp,jss,sjs");
//gromperl executes all .pl files
grom_interpreter("/usr/local/bauk/bin/gromperl --GromKeepAlive", "pl");


For details and all available config options please see default configuration script "bauk.cfg" provided with Bauk distribution.
Also see chapter Bauk HTTP log format for configuring Bauk's log.

Controling Bauk process

Bauk executable accepts one argument from command line and it is the name of configuration script, ie. "bauk.cfg". Before starting Bauk, edit configuration script and set the correct path for pidfile:
//Segment from Bauk configuration script "bauk.cfg":
//set path for Bauk's pidfile
bauk_pidfile("/usr/local/bauk/bin/bauk.pid");
Save config file and, to start Bauk manually, execute command:

Manually starting Bauk HTTP server

$ cd /usr/local/bauk/bin
$ ./bauk bauk.cfg
After configuration script, edit Bauk's process manager script (baukctl.sh) and set the same path for pidfile and set the name of configuration script (default is "bauk.cfg", but any other name may be used ie. "mysrvconfig.cfg"), which will allow process manager script to control Bauk process.

After successful start, server will create a file "bauk.pid" containing process identity number (PID) in the specified path, "/usr/local/bauk/bin/bauk.pid".
For manually shutting server down by "soft" termination, execute a kill command with HUP signal for that PID, ie. "kill -HUP 1234"; Bauk will complete serving active requests and exit. Server can also be stopped by kill command with no argument ie. "kill 1234" to perform immediate process termination.

Manually controling Bauk process

Command             Action
$ ./bauk bauk.cfg   [start Bauk HTTP server using bauk.cfg config file]
$ kill -HUP 1234    [complete serving requests and exit, soft termination]
$ kill 1234         [immediate process termination]
For easier administration of Bauk server, process manager script "baukctl.sh" automatically handles the business of starting/stopping Bauk server. Ie. from command line execute command "baukctl.sh start" or "baukctl.sh stop" to start/stop the server, or after making configuration script changes issue command "baukctl.sh restart" to perform a soft process termination and automatic restart of server. For more info run "baukctl.sh help".

Controlling Bauk process using process manager script, from command line

/usr/local/bauk/bin$ ./baukctl.sh ACTION

where 'ACTION' is:
 start     [start server (default config script "bauk.cfg")]
 stop      [stop server, soft termination]
 term      [terminate process]
 restart   [soft term, and restart]
 help      [print available options]

Running Bauk in chroot box

If running Bauk with chroot option, ie. within dir "/baukroot/" and changing identity of user/group, then chroot dir must contain a copy of "/etc/" with files which contain user and group information, which allows Bauk to change user/group from within its chroot root.
Files required for user/group change are:

/etc/passwd
/etc/group
/etc/pwd.db
/etc/spwd.db

The quickest way to do it is to copy these files into "/baukroot/etc/" dir. Perhaps a better method is to copy "/etc/master.passwd" to new file "/baukroot/etc/masterpasswd.tmp", then use a text editor, edit and remove from it all users except those which are required for server operation.
Change working dir to "/baukroot/etc/" and as root issue command such as:

$ cp /etc/master.passwd /baukroot/etc/masterpasswd.tmp
$ cd /baukroot/etc/
$ vi masterpasswd.tmp (edit and remove users not required for server operation)
$ pwd_mkdb -p -d /baukroot/etc/ ./masterpasswd.tmp

This compiles a new user database in "/baukroot/etc/". New files are created:

/baukroot/etc/passwd
/baukroot/etc/master.passwd
/baukroot/etc/pwd.db
/baukroot/etc/spwd.db

Files and "masterpasswd.tmp" and "master.passwd" are no longer required and can be removed, to avoid leaving files containing passwords in that dir. Now copy "/etc/group" into "/baukroot/etc/" dir, edit and remove everything from it, leave only groups required for server operation.
That's it, server can now change identity when running in chroot box.

Bauk HTTP logs

Bauk HTTP log format

Bauk HTTP server has fully configurable HTTP log format with info available from over 50 variables including ie. info from client's request header, server response info, VirtualHost's specific data and general server statistical data such as total no. of connections, server status, errors, uptime, etc.
Data from client's request includes all variables defined by HTTP/1.1, ie. host, URL, content length etc., and on server side all information from HTTP response ie. requested and served path, HTTP response status, length of response data, server status, errors, etc.
HTTP logs are VirtualHost based, each VirtualHost keeps track of its own requests served and has web access log located in VirtualHost's home dir.

The format of HTTP log is set in Bauk configuration script by "global_format_log()" function which sets the log format for all VirtualHosts. It accepts one argument, format string containing HTTP log variables and literal chars which define the log's format.
Bauk HTTP log variables are case-insensitive and begin by a '$' character.
For example, one log variable is '$user_agent' or '$client_ip' etc., which contain client's user agent and IP address.
An example log format string:
global_format_log("$server_date_gmt $client_ip $client_url $server_status_http\n");
In creating a log entry, variable-names within the format-string are replaced by corresponding values, other characters are used as literal. C-escape sequence can be used for entering special characters, ie. \" for doublequote, \n for newline, \r\n for CRLF, etc.

Log format examples

Here is a simple HTTP log format with server's local date, client's IP, requested URL and server's HTTP-response status:

Bauk configuration script "bauk.cfg":

//Example http log format
//Tue, 05 Sep 2006 18:30:21 GMT 123.46.89.32 /webpage.html 200
global_format_log("$server_date_local $client_ip $client_url $server_status_http\n");

Another example, two simple log formats called NCSA "Common" and "Combined" log formats. Adjust the format by adding/removing specific variables and create a format that suits your requirements, or for more details see Bauk configuration script "bauk_format.cfg" with description and additional examples of HTTP log formats.

Bauk configuration script "bauk.cfg":

//Example http log format
//long format string is broken into several lines

//NCSA Common Log Format
//123.45.6.78 - - [Tue, 05 Sep 2006 18:30:21 GMT] "GET /webpage.html HTTP/1.1" 200 1234
global_format_log("$client_ip - $client_user [$server_date_local] "
	+"\"$client_method $client_url $client_protocol\" "
	+"$server_status_http $server_object_length\n"
	);

//NCSA Combined Log Format
//123.45.6.78 - - [Tue, 05 Sep 2006 18:30:21 GMT] "GET /webpage.html HTTP/1.1" 200 1234
// "http://www.domain.com/referer.html" "Mozilla/4.0 (compatible; MSIE 6.0; Windows)"
// "XYZ=abc"
global_format_log("$client_ip - $client_user [$server_date_local] "
	+"\"$client_method $client_url $client_protocol\" "
	+"$server_status_http $server_object_length "
	+"\"$Referer\" \"$User_Agent\" \"$Cookie\"\n"
	);

See complete list of available log variables in the table below.


Bauk HTTP log variables

Variable nameExample valueDescription
$server_process_i 3731 Bauk server's process PID (process identity number)
$server_process_t 7893331 process time, seconds elapsed since start (server uptime)
$server_connection_n 753 total number of simultaneous HTTP connections active
$server_connection_i 98765 unique connection identity number; each new connection has unique n; ie. used to identify how many requests are served through specific connection
$server_bind 123.45.6.78 bind to interface
$server_port 80 port number
$server_date_gmt Mon, 23 Dec 2002 20:59:49 GMTGMT date
$server_date_local Mon, 23 Dec 2002 21:59:49 LTZlocal date
$server_url_path /path/to/picture.gif path created by URL translation (path requested)
$server_object_path /path/to/picture.gif actual path served; in some cases different from requested path
$server_object_source ! - / * | source of response data, ie. ! SERVERMSG - NONE / FS * FILECACHE | DYNAMIC (result of dynamic execution)
$server_object_length 3965 length of response data, ie. size of file
$server_errno 0 1 2 .. etc. system errno
$server_error FILE_PATH FILE_PERMISSIONS ... etc.Bauk's additional info about request errors, server status and other
$server_status_http 200 HTTP response status
$virtualhost_name *.domain.net actual name of host serving the request; ie. requested www.domain.net, served by *.domain.net
$client_ip 234.5.67.89 client IP address
$client_method GET POST HEAD PUT DELETE ... client HTTP request method
$client_url /picture.gif URL requested by client
$client_protocol HTTP/1.1 client protocol
$client_user usernam value of REMOTE_USER (HTTP Authentication)
$Accept variables from client's request header..
$Accept_Charset
$Accept_Encoding
$Accept_Language
$Age
$Authorization
$Cache_Control
$Connection Keep-Alive
$Content_Encoding
$Content_Length 1234
$Content_MD5
$Content_Range
$Content_Type
$Cookie ABCD=XY567
$Date
$Expect
$From
$Host www.domain.net
$If_Match
$If_Modified_Since
$If_None_Match "3E63D2C10F7D"
$If_Range
$If_Unmodified_Since
$Pragma
$Range
$Referer
$TE
$Trailer
$Transfer_Encoding
$Upgrade
$User_Agent Mozilla/6.0
$Via
$Warning


HTTP log files administration/management

HTTP log files management represents an important part of web server administration and, especially on a busy server, it is common that log files grow very large. Bauk HTTP server uses an advanced HTTP log management mechanism which allows HTTP log files to be renamed/moved or removed (deleted) completely while HTTP service is active with no need for shutting down HTTP server and disturbing HTTP service.

This reduces the complexity of server administration as log files can be manipulated in any way required without shutting down HTTP service or causing corrupted log files data and it can be done without any special tool for log files management. Ie. if a log file is moved/deleted, once new HTTP requests are served, Bauk HTTP server creates a new empty log file and records new data.

Best method to administer log files would be to first rename/move files and then manipulate (ie. edit, compress, etc.).

Example (move existing log to a new filename with datestamp, then gzip):

$ cd /tmp/
$ mv /path/to/vhost/access.log ./access_20090322.log
$ gzip access_20090322.log

HTTP log files management can be done manually from command line as shown in example, or using a shell/web script to automate the task of log replace.

HTTP Authentication

Bauk features HTTP authentication: Basic according to HTTP/1.1 standard. Each Virtual Host is using its own, directory based authentication scripts. Authentication scripts are interpreted run-time and changes take effect immediately.

Authentication scripts define HTTP realm and lists of authorized usernames/passwords and IP's and protect the web directory they're located in and its content/subdirs.

Additionally, Bauk allows dir-based auth scripts to be located in upper-level dirs (parent dirs) to actual protected resource, including VirtualHost's home dir, if configuration is such that it is "behind" all web-accessible dirs. Assuming that VirtualHost's home dir is "/home/user/www_domain_com/", ie.:

Paths and locations of auth scripts

/home/user/www_domain_com/              (VirtualHost's home dir)
/home/user/www_domain_com/.ht_authbasic (VirtualHost's dir-based auth script located in its homedir)
/home/user/www_domain_com/html/         (VirtualHost's root URL '/')
In order to enable usage of authorization scripts for specific Virtual Host, vhost_url_path() function in Bauk configuration script (bauk.cfg) sets URL with flag "a" which indicates that particular URL requires HTTP authorization.

Bauk configuration script "bauk.cfg":

//URL "/auth/" with GET HEAD methods, allow Read and require HTTP authorization
//vhost_url_path(URL, PATH, METHOD, URLFLAGS);
vhost_url_path("/auth/", "./protected/", "GH", "ra");

After that a dir-based authentication script is created and placed in protected directory or one of its parent dirs.

Example dir-based HTTP authentication script ".ht_authbasic":

#set realm name
"Test realm 1"

#configure authenticated username/passwords and IP's.
#list of values entered one per line and optional comments behind '#' char
username1:pswrd1
username2:pswrd2
username3:pswrd3
username4:pswrd4
123.45.6.78  #allow this ip
32.10.1      #allow all from 32.10.1.*
33.5.7.8     #allow all from 33.5.7.8.*
76.231.12    #allow all from 76.231.12.*
91           #allow all from 91.*

#eos
See sample authentication script ".ht_authbasic" provided with Bauk distribution.

Forbid-IP scripts

Bauk HTTP server provides forbid-ip scripts access control/restriction mechanism.

The advantage of forbid-ip scripts over ip restrictions set in Bauk configscript is that forbidip scripts are interpreted run-time and modifications do not require server restart.

Forbid-ip scripts are located in VirtualHost's homedir or/and Bauk's workdir (the global script) and restrict access to virtual host's dirs/subdirs and content.
The forbidip script, if located in Bauk's workdir, is global for all VirtualHosts ie. if there is 3000 VirtualHosts restriction applies to all of them. Each virtual host may have its own script with forbidden IPs within VirtualHost's homedir.
Forbid-ip scripts are easy to administer, ie. they can be created manually or by an automated process ie. script/database etc.

Paths and locations of forbid-ip scripts

/home/user/www_domain_com/              (VirtualHost's home dir)
/home/user/www_domain_com/.ht_forbidip  (VirtualHost's forbid-ip script)
/home/user/www_domain_com/html/         (VirtualHost's root URL '/')
/usr/local/bauk/bin/.ht_forbidip        (global forbid-ip script in Bauk workdir, optional)
In order to enable use of forbid-ip scripts, vhost_options() function in Bauk config script sets option "forbidip" to non-zero value which indicates usage of forbid-ip scripts for that VirtualHost.

Bauk configuration script "bauk.cfg":

//create VirualHost
vhost_create();
//etc. ...
//enable usage of VirualHost forbidip script
vhost_options("forbidip", 1);
//etc.

Forbid-ip scripts include lists of IP addresses separated by newline and optional comments behind '#' char.
Here is an example forbid-ip script syntax:

Example forbid-ip script ".ht_forbidip":

#configure list of forbidden IP's
33.45.1.23  #forbid this IP
123.35.67   #forbid all from 123.35.67.*
40.55       #forbid all from 40.55.*
172         #forbid all from 172.*

#eos
After placing forbid script in in VirtualHost's homedir or/and Bauk's workdir server denies access to addresses listed in script. See sample forbid-ip script ".ht_forbidip" provided with Bauk distribution.

Auto generated directory listings

Bauk HTTP server provides auto generated directory listings with templating capability by usage of header/footer HTML files.

On request for URL which translates to path of a directory on server's local filesystem, if URL flag allows browsing, Bauk server generates listing of directory contents and adds custom header/footer and title/signature HTML files if available.

The procedure of generating dirlists and placement of static HTML files is following:

Server generated dirlist HTML consisted of

[.ht_header.html]
[.ht_title.html]
[server generated dirlist]
[.ht_signature.html]
[.ht_footer.html]
Generating directory listing, Bauk server attempts to locate header/footer/title/signature files in current dir, vhost's home dir or Bauk's workdir, in that order.

Ie. if requested URL is http://www.domain.com/subdir/, and VirtualHost's homedir is "/home/user/www.domain.com/", Bauk HTTP server will attempt to locate files in following dirs:

Location of static HTML header/footer/title/signature files

/home/user/www.domain.com/html/subdir/  (VirtualHost's current dir)
/home/user/www.domain.com/              (VirtualHost's home dir)
/usr/local/bauk/bin/                    (Bauk's working dir)
This allows templating capability, placing ie. header/footer files in Bauk work dir makes a template for ie. 3000 Virtual Hosts. Placing header/footer files in vhosts homedir makes a template for that specific vhost, and placing any of header/footer/title/signature in current dir overrides any parent dir files.

CGI programming

For a quick start in CGI programming, see shell CGI script "helloworld.cgi" provided with Bauk distribution .

7. FAQ (frequently asked questions)

This chapter covers some of frequently asked questions related to compilation, config and usage of Bauk HTTP server.

Installation/troubleshooting

Q. Compiling Bauk HTTP server in src dir by "make bauk" produces error:
$ make bauk
 Makefile, line 34: Need an operator
 Makefile, line 36: Need an operator
 Makefile, line 38: Need an operator
make: fatal errors encountered -- cannot continue

A. Make program is probably not "gmake", Bauk makefile by default requires gmake (ie. it's default make program on most Linux distributions). If gmake is not available on your OS, download and install it, and then proceed with compilation.
Otherwise if make program on system is "pmake" (ie. FreeBSD) in Bauk src there is additional pmake makefile.
Copy it over makefile and start make again: $ cp -f Makefile.pmake Makefile
$ make clean
$ make bauk

This will provide succesfull compilation by pmake utility.

Q. Compiling BaukSSL with OpenSSL library on Linux by instructions from this manual, aborts compilation with linker returning error:
$ make baukssl
[BUILD OBJECTS] ...
./libcrypto.a(dso_dlfcn.o)(.text+0x38): In function 'dlfcn_load':
: undefined reference to 'dlopen'
./libcrypto.a(dso_dlfcn.o)(.text+0xa0): In function 'dlfcn_load':
: undefined reference to 'dlclose'
...
collect2: ld returned 1 exit status
make[1]: *** [baukssl] Error 1
make[1]: Leaving directory '/path/to/bauk-n.n.n/src'
make: *** [baukssl] Error 2

A. Solution: on Linux linker cannot find functions required by OpenSSL, available in dl library.
You can pass optional argument to ld by starting make with 'OPTLDFLAGS=-ldl', like this: $ make clean
$ make baukssl OPTLDFLAGS=-ldl

This will pass additional info and a bit of "help" to linker indicating it to include dl library and should provide succesfull compile/link of baukssl executable.

Q. I'm running (threaded) persistent interpreter (Python, Perl, Tcl, ...) with Bauk HTTP server and experiencing problems. Interpreter (process) executes a single/few scripts, and then hangs/loops/becomes unresponsive !
A. Threads sometimes can cause this type of problems. It is worth to mention that some interpreters by default compile with threads (ie. Python), and you might be using threads even not specifying it directly when compiling the (persistent) interpreter.
To solve this issue, start new clean interpreter compilation without threads. Check documentation/install info for interpreter in question and when compiling if required pass option such as "no-threads" or "disable-threads" to configure script, ie. ./configure --no-threads etc.
Compile new persistent interpreter with Grom connector library (according to instructions in this chapter). Using/running persitent interpreter without threads normally solves this issue, repeat tests with few web scripts to see if problem re-appears.

Q. Is there a way to limit number of client HTTP connections ?
A. Yes, Bauk HTTP server can limit number of connections per client/network, and optionally per VirtualHost.
See sample Bauk config script "bauk.cfg" and function client_limit_connection() and vhost_options().
If configuration generally requires preserving resources and avoiding clients consuming connections you can also make adjustments to way connections generally are handled ie. increase max total number of simultaneous connections and slightly reduce connection KeepAlive time, reduce max request duration, configure/reduce max allowed upload/post length, etc. These values are configured by bauk_connection() function.
Here is Bauk config script syntax for limiting client connections: //limit number of client HTTP connections
client_limit_connection(0xFFFFFF00, 20); //123.45.6.* max 20 connections

And Bauk config script syntax for limiting number of connections per VirtualHost:
//limit number of HTTP connections for this VirtualHost
vhost_create("www.domain.com", "/home/usernam/www_domain_com/");
vhost_options("maxconnections", 155); //max 155 simult. connections for this host
vhost_save();

Q. How can I restrict access to my server/VirtualHosts?
A. Bauk HTTP server provides several methods for managing access restriction:

  • in Bauk config script use functions client_ip_forbid() and client_ip_allow() which provide access restriction to server globally - configured IP addresses will be forbidden access to all VirtualHosts
  • use dir-based forbid-ip scripts for specific VirtualHost
  • use HTTP authentication scripts with username:password/ip based access control
  • dynamically by web script execution (ie. PHP, Perl, JavaScript, Python, Tcl ...), for example, dynamically generated content depending on condition/client info ie. depending on IP, password, number of hits, etc.
These options can be used individually or combined, ie. dynamically generated forbid-ip scripts for blocking spambots.

Q. How can I increase performance of my HTTP server?
A. Increasing performance of Bauk HTTP server can depend on specific use of server, ie. serving dynamic content, large files, file share server, high bandwidth/speed download, serving many simultaneous clients, etc.
Many of performance benefits can be gained by simple adjustments/tweaks of Bauk config script. See sample config files "bauk.cfg" and "bauk_*.cfg" and options in following list:
In general, options that can increase server performance:

  • (System) Use more powerful hardware
  • (System) Increase network performance, ie. hardware/OS/specific TCP configuration
  • (Bauk config) access log: reduce/turn off access logging, see config function global_format_log() and vhost_log()
  • (Bauk config) access log: if logging enabled increase access log cache, bauk_log_cache()
  • (Bauk config) Enable/increase file cache (improves speed with serving small static files), config function bauk_file_cache()
  • (Bauk config) Enable KeepAlive connections, see bauk_connection()
  • (Bauk config) Increase total max simultaneous HTTP connections, config functions system_connection() and bauk_connection()
  • (Bauk config) Enable/disable TCP delay, config function system_tcpnodelay()
  • (Bauk config) Increase/decrease connection output (write) chunksize and enable/disable 'output_whole_chunk' option in function bauk_connection(), ie. increase chunksize for high bandwidth, decrease for high no. of simultaneous HTTP connections
  • (Bauk config) Limit no connections per client, config function client_limit_connection()
The actual strategy must be created to match specific setup/use, ie. most of default configuration values represent good base and additional tweaks can be applied selectively, ie. if server is used as high-bandwidth file sharing/download, performance benefits can be gained by ie. limiting no. of connections per client, increasing total no. of connections and increasing/decreasing output chunksize.

Hints/tips

For compiling static Bauk executable (reduces memory footprint) during installation, enter option STATIC=1 to make, ie:
make bauk STATIC=1

8. Contact/Support

Please visit Bauk web site for most up to date contact info:
http://www.bauk.ws/

9. Appendix

Environment variables and web/CGI scripts

Environment variables

Bauk HTTP server passes information about client's request to web scripts/CGI scripts through environment variables. List of available environment variables includes all variables defined by CGI/1.1 specification, and additional variables with details from client's HTTP request header in variables with names starting by HTTP_*. (optional by CGI/1.1 specification)

Web scripts/CGI scripts environment variables:

Variable nameSpecificationExample value
AUTH_TYPECGI/1.1Basic
CONTENT_LENGTHCGI/1.10
CONTENT_TYPECGI/1.1
DOCUMENT_ROOT
/home/user/www_domain_com/html
GATEWAY_INTERFACECGI/1.1CGI/1.1
HTTP_ACCEPT
*/*
HTTP_ACCEPT_CHARSET

HTTP_ACCEPT_ENCODING
gzip, deflate
HTTP_ACCEPT_LANGUAGE
en-us
HTTP_AUTHORIZATION
Basic bXl1c2VybmFtZTpteXBzd3JkNjc4
HTTP_AUTHORIZATION_PASSWORDBaukmypswrd678
HTTP_AUTHORIZATION_USERNAMEBaukmyusername
HTTP_CONNECTION
Keep-Alive
HTTP_COOKIE
VARNAME=VALUE
HTTP_FROM

HTTP_IF_MATCH

HTTP_IF_MODIFIED_SINCE

HTTP_IF_NONE_MATCH

HTTP_IF_RANGE

HTTP_IF_UNMODIFIED_SINCE

HTTP_RANGE

HTTP_REFERER

HTTP_USER_AGENT
WebBrowser/4.0
HTTP_VIA

PATH_INFOCGI/1.1
PATH_TRANSLATEDCGI/1.1/home/user/www_domain_com/html/myscript.jsp
QUERY_STRINGCGI/1.1
REMOTE_ADDRCGI/1.1123.45.6.78
REMOTE_USERCGI/1.1myusername
REQUEST_METHODCGI/1.1GET
SCRIPT_FILENAME
/home/user/www_domain_com/html/myscript.jsp
SCRIPT_NAMECGI/1.1/myscript.jsp
SERVER_NAMECGI/1.1www.domain.net
SERVER_PORTCGI/1.180
SERVER_PROTOCOLCGI/1.1HTTP/1.1
SERVER_SOFTWARECGI/1.1Bauk/n.n.n
VIRTUALHOST_HOMEBauk/home/user/www_domain_com
BAUK_ERRORBauk-
BAUK_STATUS_HTTPBauk200 OK


Environment variables provided by Bauk HTTP server in addition to CGI/1.1 defined:
HTTP_AUTHORIZATION_USERNAME
Base64-decoded username from values sent in HTTP_AUTHORIZATION field. Ie. if authorization is ie. Basic bXl1c2VybmFtZTpteXBzd3JkNjc4 (decoded myusername:mypswrd678) variable is set to "myusername". This is the same value as in REMOTE_USER variable.
HTTP_AUTHORIZATION_PASSWORD
Base64-decoded password from values sent in HTTP_AUTHORIZATION field. Ie. if authorization is ie. Basic bXl1c2VybmFtZTpteXBzd3JkNjc4 (decoded myusername:mypswrd678) the value of password is "mypswrd678". These values are provided for ie. using scripts/database powered HTTP Authentication.
BAUK_ERROR
Additional info about server execution status/errors. Ie. on access denied because of file permissions, the variable is set to value "FILE_PERMISSIONS" describing the error.
BAUK_STATUS_HTTP
The value is HTTP response status on moment prior to script execution. Ie. if if script is used as a dynamic error-handler, and ie. request was for invalid file path with error 404, the variable is set to "404 Not Found". Ie. allows single web script/CGI script to be used as handler for multiple errors by examining the HTTP status in this variable.

Setting custom environment variables

Bauk configuration script function bauk_env() allows setting custom environment variables for web/CGI scripts. Typical application for setting custom environment variables is providing specific/custom info to scripts, ie. if using SSL/TLS, custom variable "HTTPS" can be set to 1 to make scripts aware that they're executed through secure HTTP connection, ie. scripts can check and abort execution if request is made through non-secure connection.

The bauk_env() function can be also used to set the value of built-in variables which allows over-writing of the normal value. For example, if it is required to "hide" sensitive info such as HTTP Authorization and password from scripts these variables can be set to empty value.

Bauk configuration script "bauk.cfg":

//set custom environment variables
bauk_env("HTTPS","1");                      //set variable HTTPS to 1 when using SSL/TLS
bauk_env("HTTP_AUTHORIZATION","");          //delete authorization info
bauk_env("HTTP_AUTHORIZATION_PASSWORD",""); //delete password
bauk_env("XTRAVAR1","abc56");               //set custom variable
bauk_env("XTRAVAR2","efgh678");             //set custom variable

GromJS Server-Side JavaScript interpreter

GromJS is a Server-Side JavaScript interpreter based on Mozilla's SpiderMonkey core script engine which provides web designers / programmers ability to use JavaScript code for creating dynamic pages / scripts on server with same functionality as PHP, CGI, ASP, mod_perl or any other server side scripting solution.

GromJS interpreter was developed in 2005. by Bauk HTTP Server development team providing advanced features and complete ASP-like environment for JavaScript server-side scripting. Compiled and linked with Bauk HTTP server's Grom (Thunder) persistent interpreter connector, SpiderMonkey JS interpreter operates in persistent mode with ability to execute multiple scripts by single process, advanced features such as process limits (max processes, max per user, max execution time, max idle time, priority), suexec (persistent interpreters run under real uid of script owner) and advantage of simple and easy web scripts management ie. like HTML files, no trouble with file location, permissions, etc., scripts placed in web directory automatically executed by web server/interpreter.

More info and examples on GromJS homepage:
http://www.bauk.ws/gromjs.html

GromJS Quick Install Guide

This is brief description of steps in GromJS interpreter installation, for precise instructions see INSTALL file included with package.

GromJS Quick Install Steps

Check GromJS page for first time introduction:
http://www.bauk.ws/gromjs.html

Download ie. GromJS 1.7.11 from:
http://www.bauk.ws/gromjs/

Unpack and follow instructions from INSTALL file:
$ tar xfz gromjs-1.7.11.tgz
$ cd gromjs-1.7.11
$ less INSTALL_gromjs.txt

Final result of compilation are Bauk HTTP Server and GromJS executables "bauk" and "gromjs".
Copy executables to Bauk bin dir /usr/local/bauk/bin/ and configure/start Bauk server:
(precise steps described in INSTALL file)
$ cp bauk gromjs /usr/local/bauk/bin/
$ cd /usr/local/bauk/bin/
$ vi bauk.cfg (edit Bauk config script)
$ ./bauk bauk.cfg (start Bauk HTTP server)

Place your SSJS web scripts to web accessible dir and point your browser/client to URL for specific dynamic page/script to verify that interpreter executes it:
http://www.domain.com/script.js

That is it, GromJS interpreter is installed and ready for use.

Examples

Below is one sample Hello world type SSJS web script demonstrating JS scripting on server.

Example GromJS Server-Side JavaScript web script:

//sample Server-Side JavaScript Web script
//print environment variables
print("<html><body>");
print("<h1>Environment variables</h1><hr>");
print("<pre>");

//print env variable
print(Server.getenv("HTTP_USER_AGENT"), "\n"); //Mozilla/5.0 (Windows NT 5.1; en-US)
print(Server.getenv("REMOTE_ADDR"), "\n");     //123.45.6.78

//get array of all envvar names
var ENVNAMES 	= Server.varnames();
var cVarnam 	= 0;
//print all names in array, ie.
//REQUEST_METHOD = POST
//CONTENT_LENGTH = 123
//QUERY_STRING   = abc=234 //etc. etc.
for ( cVarnam=0; cVarnam<ENVNAMES.length; cVarnam++ ) {
	var evnam = ENVNAMES[cVarnam];
	print(evnam, " = ", Server.getenv(evnam), "\n");
	}
print("</pre>");
print("</body></html>");
See more examples and information on GromJS homepage:
http://www.bauk.ws/gromjs.html