Hacker Newsnew | past | comments | ask | show | jobs | submitlogin
Ask HN: What do you want in a web server?
6 points by austin-cheney on Aug 4, 2024 | hide | past | favorite | 11 comments
For personal use I am writing a web server from the ground up based not on HTTP but on streaming sockets. It provides both HTTP and WebSocket support from a single port, a proxy, redirection for both domains and resources. All configurations are supplied through a tiny JSON file. It also provides support for TLS, localhost certificate generation and TLS proxies. Because it’s a streaming sockets first server it can easily proxy anything, including multi gigabit media, directly to the browser or other servers.

What native features would you or other people want that:

* Are missing from other web servers

* Are too painful to implement

* Are too slow or incomplete in other servers

Are there file system features/content or file execution capabilities that are missing or poorly implemented in other web servers that you would like?



I would like an all in one solution, single file, that is prod ready, with a key/value datastore. In terms of the projects I have done, there is a significant amount of work to set up actual web server, solely to have access to a backend logic which relies on some database.

So the idea behind this is that I can provision an cloud instance, set up the DNS link, drop the front end assets + configuration json+server file in a directory, and run the file and it should work without any big setup, with a given advantage that I can have

Generally, it should have a key/value store endpoint, which is backed by an in memory cache (set to a certain size) + disk offload, as well as ability to add to the database using JSON files.

Also, in the config json, it can be possible to specify a command to be run (in the spirit of the CGI frameworks), for a given endpoint with provided data.

It would be also nice to have integrated user auth. Im thinking that it auto injects JS code for the index.html page that creates a modal for either logging in or registering a new user, activated when someone clicks on a link, and then there would be a separate folder for "authorized" view pages that I can be viewed with the set cookie from the modal.


A lot of the things you described sound like caddy? [1]

[1] https://caddyserver.com/


A simple way to restrict resources would be nice. I’m only familiar with Nginx and Apache and while resource restriction is possible with both I feel it could be simplified.

Would be nice if you could restrict resources with individual passwords too.


Do you mean in an organization prevent other people from extending the application in unauthorized ways?


No not exactly, I meant simply restricting access to particular resources.

So, for example, denying access too whatever.whatever/*.mp3 while allowing access to everything else under that domain, potentially applying some form of password/key protection to each restriction rule.

While possible both with nginx and apache I feel the configuration for such rules could be simplified, it’s sometimes a little tedious to configure.


Nginx maps feel wrong to me.

Bot and agent blacklisting and country blocking is pain in the ass.

Simple Variable Usage both environment or json/config ones and Configuration Includes will help a lot.


The current config looks like this:

    interface project_config {
        domain_default: string;
        path: {
            storage: string;
            web_root: string;
        };
        redirect_domain: {
            [key:string]: [string, number];
        };
        redirect_internal: {
            [key:string]: store_string;
        };
        service_port: {
            open: number;
            secure: number;
        };
    }
Any domain not in the "redirect_domain" list is an alias for services on the server. The "default_domain" can receive priority features unspecified domains cannot. Domains listed in the "redirect_domain" list are pushed into the proxy. The [string, number] portion of the "redirect_domain" list allows for identification of host and port. If the host is not specified the server's local IP is the default.

What kind of variables would you have in mind to push into the server? Knowing what kinds of such features are desirable might lead me to think about supporting them in a variety of ways.

I do not have a block list feature yet, but I will write that. I could block by IP address on the socket, HTTP host header, HTTP referrer header.


Which language? Curious b/c I was going to do the same in C and have several ideas.


It is in TypeScript and Node.


Too bad... you're missing all of the fun low-level stuff!!!

I've never messed with TypeScript. I like JavaScript and have used it a lot over the years (decades), but I've come to appreciate the simplicity and straightforwardness of C.

Good luck with your project, though, and have fun! You'll learn a lot with these types of projects. At least, that's my goal!


A Graphical User Interface.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: