Making Minimalist HTTPS Server in C on Linux
HTML-код
- Опубликовано: 11 сен 2024
- In this video I will demonstrate how you can make a Simple HTTPS Web Server using the C Programming Language and OpenSSL library on Linux.
You can view the code I wrote in the video over here:
github.com/nir...
- Notice that if you run the server quickly after running it before, bind might fail since the port may not be cleaned up yet, so I recommend running the server with ltrace/strace so you can actually see what is going on under the hood, my new video about the importance of error handling in c also talks about this specifically
Add setsockopt(sockfd, SOL_SOCKET, SO_REUSEADDR, &(int){1}, sizeof(int)) before bind to overcome this problem.
These videos are so insightful, especially the way you show the man pages where you can find all this information. I literally didn't even know C library functions had man pages until I starting watching your content.
Geez I opened the video and BOOM! it was straight into the action no silly 1 minute long intro. Love it ❤!
The way you put the documentation digging into the videos is super helpful. The thing that's lost on me at this point is how you discover the functions you need to use before you hit the docs for each item.
Thanks for the feedback I will try talking more about the discovery as well on future videos, check out my man pages tips video for general tips about finding man pages.
Nir, your distinct no nonsense style is very refreshing
Thanks for the longer video and more complicated program. Do you have any plans on doing anything non-minimalist?
Yes, I am planning on perhaps fully implementing one of the unix commands :)
Could you show how to handle concurrent requests and concurrent listeners?
@reapiu8316yeah I would love to see that, although I really loke these semi short videos.
awesome!@reapiu8316
Ah you've read my mind! I just started messing around with sockets and was about to try my hand at developing a simple http server.
Wow I guess Christmas came early this year. This opens up many possibilities with all kinds of web services. Only imagination is the limit! Thank you soo much!
My wish has been heared, thx
Making short videos are good but giving overview about what you're going to do would make it better I mean explaining flow!
Great videos bro, Thanks.
Hey bro your videos are amazing keep making them
aw your not writing a c implement of tls in 15 minutes
If you need to implement a production-grade HTTPS server in C++, Vinnie Falco's Beast library is the way to go.
This is good stuff!
Awesome!
I love your workflow, I'd really love to program using man pages and simple text editors but I always feel stuck when programming without a proper IDE. How did you practice C programming when you started?
Thanks! I started with IDEs (mostly Visual Studio) and then gradually moved over to Vim, first by using a Vim plugin on the IDE and then after feeling comfortable enough, I moved to Vim vanilla.
How do you know, or where did you learned which functions to use? I also use man pages but always struggle to begin with.
Thanks for video! Happy new year!
WOW - that is original hack stuff. Love it. Carry on!
I believe it's better to use separate TLS reverse proxies that will do TLS stuff and then pass the connection to next program by just connecting to localhost port or unix socket. It makes programs much simplier and can become a problem only on high load servers, where you don't want too many calls to write and read from programs because it's more user-kernel context switching.
I agree about this point, for actual production it would be better to separate the HTTP server and the SSL server, or to just use nginx :)
I really like your thumbnails
I found out that if you hold F5 in the browser for a while it can make it 'crash'. It's not a real crash however, it's the SIGPIPE signal that is being fired and it happens when a pipe gets broken. You can capture this event with the 'signal' function if you are on Unix based systems, but no idea what the equivalent on Windows is. Once you've captured this signal, you can just ignore it and the server keeps running.
Well, wouldn't it be better to send a corresponding HTTP error code (instead of 200 OK each time) when you return a "not found" error?
Nice videos. What is the window manager you are using on Windows?
I am using dwm-win32, more info about the setup in the welcome link in the channel description
@@nirlichtman Thanks, Nir.
Thanks, good work
How can you link it static … im stuck at this point
great stuff thanks, any chance of something similar but in Python?
Good idea, noted :)
Hi, what editor are you using? I'd like to try it out.
I am using Vim, many of my older videos are about it if you want more info
Interesting! Is this what NGINX does under the hood when configured as reverse proxy with SSL?
I haven't explored the NGINX source code yet, but I assume it works pretty similar, I am pretty sure it also uses OpenSSL :)
I don't think it's as simple as that. NGINX could be running TLS with http version 2 and it is redirecting the http request to a local web server that is not using TLS and is using http version 1.
i just wonder how you know the sequence of function calls beforehand
On most cases the man pages/docs are sufficient to help me do the preliminary research, but specifically in the case of OpenSSL, which has quite poor docs in my opinion, I had to also do online research
Narration: Great
Content: Great
Code Editor: C'mon man, use Visual Code
My favorite editor is Vim, in some of my older videos I explain why :)
Hey Nir, i used openssl commandline utility to generate key and cert. i changed "SSL_use_certificate_chain_file(ssl, "fullChain");" to "SSL_use_certificate_file(ssl, "key.pem", SSL_FILETYPE_PEM);" and ajusted file name.I compiled and ran it gave me an "The connection was reset
The connection to the server was reset while the page was loading." error. can you help?
Is that the error you got from the web browser? Reason is probably because the certificate is self-signed, and the browser is rejecting the connection, if you want to try out the server you can use wget with the ignore cert option or try configurating the browser to accept the self-signed cert. If you want it to work out of the box you need to get a certificate signed by a certificate authority, on my setup in the video for example I used my certificate and private generated by let's encrypt which is a service that lets you easily get a certificate for your server
@@nirlichtman, update, i added an printf debug statement to nearly every function call wich prints its return value, and i found out that `bind()` returns an error (-1) when it doesnt work and success if it works (to download) could the reason be that in the code (because its not "production ready") an "un-bind" is missing?
@@ItsCOMMANDer_ There's no need to "unbind". The binding of the socket is released when the server socket is closed.
If bind() is returning -1, then as you said, something is going wrong. When you get a failure, you should add code to print out the value of the errno special variable, to see what the error is. (See the bind(2) man page for more info.)
What is that {0} terminator for?
That is standard C syntax to initialize all array members with 0, as long as you are not using an old/weird C compiler, it works nicely :) devdocs.io/c/language/array_initialization
noice
Do some basic OpenGL stuff or some UI
I am planning a future UI video about making a minimalist paint app for Windows. OpenGL is a good idea, noted :)
@@nirlichtman 😊
upgrade your vim
It annoys me you use void for main. That is very C++ not C. 😂
It is not very C++ either.