Home > Users Guide > Configuration Directives > Server Directives

Quick Nav

See Also

Server Directives

Action

Description Specify the CGI program to run to handle the document
Synopsis Action mimeType programPath
Context Default server, Virtual host
Example Action application/x-appweb-python /usr/bin/python
Notes

The Action directive associates the specified program path with a document mime type. The Action directive may be  used to ensure a specific program is used to run CGI scripts.

The CGI handler may match URLs by extension or by prefix path, depending on how the appweb configuration file setup. When a match by extension occurs, the cgiHandler will first see if an Action directive has been specified for the corresponding mime type for the URLs extension. If one is defined, the specified program is run with the CGI script passed as the first argument. If no action directive is found, the script is examined to see if it contains a "#!/programPath" in the first line of the script. If it does, the specified program is run with the CGI script passed as the first argument. If the script is a binary executable or if the first line does not contain such a programPath, the CGI script will be directly executed.

The default extensions in the appweb configuration file are: cgi, cgi-nph, bat, cmd, pl, py, and php. For Linux, the default settings also include an Action directive for the php extension. The other default extensions do not have Action directives.

The mime type may be added via the AddType directive or you may edit the mime.types file to add the mime type. Mime type entries associate a mime type with a given URL extension. For example, the following mime entry specifies that any URL with a ".php" extension should will have the application/x-appweb-php mime type:

application/x-appweb-php php

AddType

Description Add a MIME type specification
Synopsis AddType mimeType extension
Context Default server, Virtual host
Example application/x-appweb-perl pl
Notes

The AddType directive will associate the specified MIME type with the nominated extension. MIME types are used by Appweb when processing CGI scripts. When processing client requests, Appweb will map a URLs extension to a mime type. If an Action directive has been specified for this mime type, the associate program will be run using the CGI protocol to process the URL.

Chroot

Description Directory containing a "chroot jail" in which for Appweb to execute. Once this directive is parsed, all files outside the jail will be inaccessible.
Synopsis Chroot directoryPath
Context Entire Application
Example Chroot /etc/appweb/jail
Notes

See Wikipedia Chroot for more information.

Security A chroot jail enhances security by limiting system access should Appweb ever be compromised. When coupled with lowering the privilege for the UserAccount and GroupAccount potential security exposures can be minimized.

GroupAccount

Description Account group that Appweb will run as.
Synopsis GroupAccount group
Context Default server
Example GroupAccount nobody
GroupAccount APPWEB
Notes

The GroupAccount directive specifies the account group in which Appweb will be a member when running.

It is important that you run Appweb with the lowest system privilege that will get the job done. If any application is compromised, including Appweb, then the system will be safest if the compromised application has as few privileges as possible.

When Appweb starts it initially runs as root or administrator and then changes account if a group account is defined in the Appweb configuration file by the GroupAccount directive.

If logged in as root or administrator, the pseudo name of APPWEB will change group to _www on Mac, nogroup/nobody on Unix and Administrator on Windows.

Security It is extremely dangerous to run Appweb as Group "root" or "administrators".

Home

Description Directory containing the core Appweb installation files
Synopsis Home directoryPath
Context Default server
Example Home /etc/appweb
Notes

The Home is by default /etc/appweb on Linux and "C:\appweb" on Windows. It is important that the server root directory be protected against modification by other users. It should be owned by either root or administrator and should only be writable by these users.

Listen

Description IP address and port on which to listing for incoming requests.
Synopsis Listen [IP address:]portNumber
Context Default server, Virtual Host
Examples Listen 80
Listen 205.162.77.64:7777
Listen [::]
Notes

The Listen directive specifies the IP endpoints on which Appweb will listen for incoming HTTP requests. If you specify only the port number and omit the IP address, Appweb will listen on all network interfaces including the loop-back adaptor. It will listen on both IPv4 and IPv6 if only a portNumber is specified.

To listen on IPv6 endpoints, enclose the IP address in square brackets. For example: Listen [2001:05c0:9168:0000:0000:0000:0000:0001]

To listen on IPv4 endpoints, supply an IPv4 IP address. You may use 0.0.0.0 to listen on all IPv4 interfaces.

To listen for SSL requests, use the ListenSecure directive.

Protocol

Description HTTP protocol version to use
Synopsis Protocol [HTTP/1.0 | HTTP/1.1]
Context Default server
Example Protocol HTTP/1.0
Notes

The Protocol directive specifies the HTTP protocol version to respond with. If the Protocol directive specifies HTTP/1.0, a browser may issue requests using either HTTP/1.0 or HTTP/1.1. However, the response will always be downgraded to use HTTP/1.0 without Keep-Alive support.

If the Protocol directive specifies HTTP/1.1 and a browser makes a request using HTTP/1.0 it will not be processed and the client will receive an error.

NOTE: this directive is proprietary to Appweb and is not an Apache directive.

ServerName

Description Define the fully qualified hostname and port number for the server to use.
Synopsis ServerName hostName
Context Default server, Virtual Host
Example ServerName www.acme.com
Notes

The ServerName directive specifies the base HTTP address that will be used for identification and for redirection responses. The given hostName should be a fully qualified domain name with port number if using a port other than port 80.

When used inside Name based VirtualHost blocks, this directive specifies the Host HTTP header that should be supplied with the request.

TypesConfig

Description Specify the location of the Mime types file
Synopsis TypesConfig directoryPath
Context Default server
Example TypesConfig /etc/appweb/mime.types
Notes

The TypeConfig directive specifies the location of the MIME types files. This file contains the mappings from file extensions to content types and is used by Appweb to determine the document content type which is included in the HTTP response back to the browser. The MIME types file included with Appweb follows the standard specified by IANA.

The directory path may be an absolute path or it may be relative to the Home directory.

The MIME types file has lines of the format:

ApplicationType [extensions]...

Feel free to modify the default mime types file, but be careful to save it as it will be overwritten should you upgrade Appweb.

UserAccount

Description The user account that Appweb will run as.
Synopsis UserAccount name
Context Default server
Example UserAccount nobody
UserAccount APPWEB
Notes

The UserAccount directive instructs Appweb to change accounts to run as the specified accountName. The UserAccount directive can only be used if Appweb is started using a privileged account such as root. Normally Appweb is started using the account root or administrator and thereafter it changes to run with less privilege using the specified accountName.

The account name chosen for the UserAccount directive should have minimal privilege and should not be able to read or modify any files outside the DocumentRoot or specified Alias directories.

If logged in as root or administrator, the pseudo name of APPWEB will change user to _www on Mac OSX, nobody on Unix and Administrator on Windows.

Security Do not run as root or administrator. Omitting the User directive can have the same effect as using a "User root" directive.

© Embedthis Software LLC, 2003-2013. All rights reserved. Embedthis, Appweb, ESP, Ejscript and Embedthis GoAhead are trademarks of Embedthis Software LLC.