1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
|
.\" $OpenBSD: httpd.8,v 1.9 2002/11/07 21:40:15 henning Exp $
.\" Copyright (c) 1995-1997 David Robinson. All rights reserved.
.\" Copyright (c) 1997-1999 The Apache Group. All rights reserved.
.\" Copyright (c) 1998-1999 Bob Beck. All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\" notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\" notice, this list of conditions and the following disclaimer in
.\" the documentation and/or other materials provided with the
.\" distribution.
.\"
.\" 3. All advertising materials mentioning features or use of this
.\" software must display the following acknowledgment:
.\" "This product includes software developed by the Apache Group
.\" for use in the Apache HTTP server project (http://www.apache.org/)."
.\"
.\" 4. The names "Apache Server" and "Apache Group" must not be used to
.\" endorse or promote products derived from this software without
.\" prior written permission.
.\"
.\" 5. Redistributions of any form whatsoever must retain the following
.\" acknowledgment:
.\" "This product includes software developed by the Apache Group
.\" for use in the Apache HTTP server project (http://www.apache.org/)."
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE APACHE GROUP ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE APACHE GROUP OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\" ====================================================================
.\"
.\" This software consists of voluntary contributions made by many
.\" individuals on behalf of the Apache Group and was originally based
.\" on public domain software written at the National Center for
.\" Supercomputing Applications, University of Illinois, Urbana-Champaign.
.\" For more information on the Apache Group and the Apache HTTP server
.\" project, please see <http://www.apache.org/>.
.Dd Sep 18, 2002
.Dt HTTPD 8
.Os
.Sh NAME
.Nm httpd
.Nd Apache Hypertext Transfer Protocol Server
.Sh SYNOPSIS
.Nm httpd
.Op Fl FhlLStTuvVX
.Op Fl d Ar serverroot
.Op Fl f Ar config
.Op Fl c Ar directive
.Op Fl C Ar directive
.Op Fl D Ar parameter
.Op Fl R Ar libexecdir
.Sh DESCRIPTION
.Nm
is the Apache HyperText Transfer Protocol (HTTP) server program. It is
designed to be run as a standalone daemon process. When used like this
is will create a pool of child processes to handle requests. To stop
it, send a TERM signal to the initial (parent) process. The PID of
this process is written to a file as given in the configuration file.
Alternatively
.Nm
may be invoked by the Internet daemon inetd(8) each
time a connection to the HTTP service is made.
.Pp
Normally this service can be enabled for startup on OpenBSD
by editing
.Pa /etc/rc.conf .
The
.Fl u
option is of particular importance.
.Pp
This manual page only lists the command line arguments. For details
of the directives necessary to configure httpd see the Apache manual,
which is part of the Apache distribution or can be found at
.Pa http://www.apache.org/ ,
or in
.Pa /var/www/htdocs/manual .
Paths in this manual page reflect those
compiled into httpd by default with OpenBSD.
.Sh OPTIONS
.Bl -tag -width Ds
.It Fl u
By default
.Nm
will
.Xr chroot 2
to the
.Va serverroot
path.
The
.Fl u
option disabled this behaviour, and returns
.Nm
to the expanded "unsecure" behaviour.
.Pp
As a result of the default secure behaviour,
.Nm
cannot access any objects outside
.Va ServerRoot
-- this security measure is taken in case
.Nm
is compromised.
This is not without drawbacks, though:
.Pp
CGI programs may fail due to the limited environment available inside
this chroot space.
UserDir, of course, cannot access files outside the directory space.
Other modules will also have issues.
DocumentRoot directories or any other files needed must be inside
.Va ServerRoot .
For this to work, pathnames inside the
.Va config
file do not need adjustment relative to
.Va ServerRoot .
For this option to remain secure, it is important that no files or directories
writeable by user
.Ar www
or group
.Ar www
are created inside the
.Va ServerRoot .
.It Fl R Ar libexecdir
This option is only available if
.Nm
was built with the
.Dv SHARED_CORE
rule enabled which forces the
.Nm
core code to be placed into a dynamic shared object (DSO) file. This file
is searched in a hardcoded path under ServerRoot per default. Use this
option to override.
.It Fl d Ar serverroot
Set the initial value for the ServerRoot directive to
.Va serverroot .
This can be overridden by the ServerRoot command in the configuration
file.
The default is
.Pa /var/www .
.It Fl f Ar config
Execute the commands in the file
.Va config
on startup.
If
.Va config
does not begin with a /, then it is taken to be a path relative to
the ServerRoot. The default is
.Pa conf/httpd.conf .
.It Fl C Ar directive
Process the configuration
.Va directive
before reading config files.
.It Fl c Ar directive
Process the configuration
.Va directive
after reading config files.
.It Fl D Ar parameter
Sets a configuration
.Va parameter
which can be used with
<IfDefine>...</IfDefine> sections in the configuration files
to conditionally skip or process commands.
.It Fl F
Run the main process in foreground. For process supervisors.
.It Fl h
Output a short summary of available command line options.
.It Fl l
Output a list of modules compiled into the server.
.It Fl L
Output a list of directives together with expected arguments and
places where the directive is valid.
.It Fl S
Show the settings as parsed from the config file (currently only shows the
virtualhost settings).
.It Fl t
Run syntax tests for configuration files only, including DocumentRoot checks.
The program immediately exits after these syntax parsing with either a return
code of 0 (Syntax OK) or return code not equal to 0 (Syntax Error).
.It Fl T
Run syntax tests for configuration files only, without DocumentRoot checks.
The program immediately exits after these syntax parsing with either a return
code of 0 (Syntax OK) or return code not equal to 0 (Syntax Error).
.It Fl X
Run in single-process mode, for internal debugging purposes only; the daemon
does not detach from the terminal or fork any children. Do NOT use this mode
to provide ordinary web service.
.It Fl v
Print the version of
.Nm Ns ,
and then exit.
.It Fl V
Print the version and build parameters of
.Nm Ns ,
and then exit.
.El
.Pp
The documents served by
.Nm
should not be owned by the user which
.Nm
is running as (usually user
.Va www
and group
.Va www Ns ).
They must, however, be readable by this user.
.Sh FILES
.Bl -tag -width /etc/passwd -compact
.It Pa /var/www/conf/httpd.conf
.It Pa /var/www/conf/srm.conf
.It Pa /var/www/conf/access.conf
.It Pa /var/www/conf/mime.types
.It Pa /var/www/logs/error_log
.It Pa /var/www/logs/access_log
.It Pa /var/www/logs/httpd.pid
.It Pa /etc/rc.conf
.El
.Sh SEE ALSO
.Xr chroot 2 ,
.Xr inetd 8 ,
.Xr rc 8
|