Skip to content

Latest commit

 

History

History
102 lines (79 loc) · 5.16 KB

README.md

File metadata and controls

102 lines (79 loc) · 5.16 KB

python-tiny-http-server

PyPi version Python compatibility Downloads PyPI - Downloads License

A simple ad-hoc HTTP server for serving static pages, similar to python -m http.server.

This supports:

  • Basic authentication, for one or more user:password pairs, which can be specified from the command line and/or be read in from a file.
  • Support for HTTPS using a cert and key file
  • Support to run as CGI server, but without basic auth / HTTPS for now
  • Support for optionally uploading files, with or without the ability to override existing files

Installation

pip install -U tiny-http-server

Usage

usage: tiny-http-server [-h] [--cgi] [--bind ADDRESS] [--directory DIRECTORY]
                        [--port PORT] [--authfile AUTHFILE]
                        [--auth USERNAME:PASSWORD] [--cert CERT] [--key KEY]

Tiny HTTP server with optional basic authentication and https support.

optional arguments:
  -h, --help            show this help message and exit
  --cgi                 Run as CGI Server
  --bind ADDRESS, -b ADDRESS
                        Specify alternate bind address [default: 127.0.0.1]
  --directory DIRECTORY, -d DIRECTORY
                        Specify alternative directory [default: current
                        directory]
  --port PORT           Specify alternate port [default: 8000]
  --authfile AUTHFILE, -f AUTHFILE
                        If specified, a file with lines username:password
  --auth USERNAME:PASSWORD, -a USERNAME:PASSWORD
                        Add username:password to accepted authentication
  --cert CERT, -c CERT  If specified, the cert-file to use, enables https
  --key KEY, -k KEY     Key file, needed if --cert is specified
  --enable-upload       If specified, allows file uploads
  --enable-override     If specified and --enable-upload, allows to override existing files
  --no-force-auth       If specified, do not force authentication after server
                        restart.
  --debug               If specified output some debugging information

Details:

  • --no-force-auth: the default behaviour when using basic auth is that after restarting the server, authentication is always enforced before the first response. If this parameter is specified, the server will accept a connection if the browser provides the basich auth credentials from the previous server session.

Notes:

  • CAUTION: do not use this program if security, safety or stability are important, this is just a very simply tiny program for the convenience of providing a quick ad-hoc server to trusted users.
  • specifying the user/password on the command line is insecure if other users are on the same system. The --authfile option or use of environment variables is a better choice in that case.
  • If --enable-upload is specified, all directory listing pages allow to upload files into the shown directory. Replacing existing files is only allowed if --enable-override is specified in addition.
  • CAUTION: --enable-upload may be dangerous, use with caution!
  • the program uses a sinlge process and no threading, so if several clients use the server, one may have to wait for all others to complete or may get rejected.
  • Uploading large files will load the whole file into memory which can completely bog down the machine this program runs on. Do not use the upload options if this could cause problems or if users may abuse this.

Using Basic Authentication

Whenever at least one user/password pair is added through either the --auth option or as line in the file specified via --authfile, basic authentication is enabled. This can be combined with HTTPs (see below).

Using HTTPS

This is experimental. It requires a cert and key file. This gets enabled whenever the --cert option is specified.

For testing this can be created for localhost using the command:

openssl req -x509 -out localhost.crt -keyout localhost.key -newkey rsa:2048 -nodes -sha256 -subj '/CN=localhost' -extensions EXT -config <( printf "[dn]\nCN=localhost\n[req]\ndistinguished_name = dn\n[EXT]\nsubjectAltName=DNS:localhost\nkeyUsage=digitalSignature\nextendedKeyUsage=serverAuth")

Kudos

This software has been inspired and uses adapted code from the following sources: