Update README.md
This commit is contained in:
parent
0e2b7843c7
commit
0167c67649
59
README.md
59
README.md
|
@ -1,60 +1,9 @@
|
|||
# Shizaru
|
||||
|
||||
Shizaru is a minimalistic web server whose guiding principle is "serve no evil".
|
||||
Precisely what counts as "evil" can be configured by the user, so perhaps
|
||||
Shizaru is best explained as a webserver for imposing strong opinions. Said
|
||||
opinions can be imposed in many ways, for example by defining maximum file
|
||||
sizes, or by setting whitelists or blacklists for things like permitted MIME
|
||||
types (as inferred from file extension), permitted HTML tags, domains which are
|
||||
permitted to be linked to, etc.
|
||||
THIS PROJECT HAS MOVED!!!
|
||||
|
||||
Have no opinions of your own to impose? Fear not! Shizaru has lovely default
|
||||
settings which attempt to promote a fast, safe, clean, simple, respectful web.
|
||||
The [website obesity crisis](https://idlewords.com/talks/website_obesity.htm) is
|
||||
combatted with strict file size limits, to ensure that your website does not
|
||||
end up larger than the major works of Russian literature. Besides being
|
||||
limited to 32 KiB in size, HTML pages are limited to 3 images and HTML tags
|
||||
cannot be nested more than 10 levels deep. This encourages uncluttered and
|
||||
quickly rendering layouts. ``<audio>``, ``<applet>``, ``<canvas>``, ``<embed>``,
|
||||
``<iframe>``, ``<script>`` and ``<video>`` tags are prohibited (among others).
|
||||
In other words, your web pages will need to be actual documents, not
|
||||
applications, which means they have some hope of being usable on older machines
|
||||
or without massively bloated browsers. Third-party images, stylesheets and
|
||||
fonts are not allowed, so your users can rest assured that they aren't being
|
||||
tracked indirectly.
|
||||
All further development on Shizaru will happen in the repo at https://git.sr.ht/~solderpunk/shizaru/
|
||||
|
||||
This default configuration of Shizaru is not supposed to be a "retro server".
|
||||
Shizaru supports HTTPS (in fact, the only thing it will serve over HTTP is a
|
||||
redirct to HTTPS) and HTTP/2, and the default ruleset allows the use of many
|
||||
tags introduced in HTML5. The goal is not to remove the new and keep only the
|
||||
old, but to remove the evil and keep only the good. Old and good may be
|
||||
correlated when it comes to the web, but there are exceptions. The Shizaru
|
||||
defaults disallow ``<blink>`` and ``<marquee>``, for example.
|
||||
Project description, documentation, news, etc. can be found at https://zaibatsu.circumlunar.space/~solderpunk/software/shizaru/
|
||||
|
||||
## Running as non-root
|
||||
|
||||
Shizaru is written in Go, a modern compiled language with built in memory
|
||||
management and excellent concurrency support. Go is so wonderfully modern that
|
||||
it does not support simple, well-understood, tried-and-true server security
|
||||
features like using `setuid` to drop root privileges after binding to low-valued
|
||||
ports like 80 and 443. So how do you actually run the darn thing not as root?
|
||||
|
||||
If you want to run Shizaru on Linux, you can use Linux's
|
||||
"[capabilities](http://man7.org/linux/man-pages/man7/capabilities.7.html)"
|
||||
system to assign a particular compiled binary the power to bind to priveleged
|
||||
ports without being root. See
|
||||
[here](https://superuser.com/questions/710253/allow-non-root-process-to-bind-to-port-80-and-443)
|
||||
for an example.
|
||||
|
||||
What if you're running on *BSD? As far as I know, no BSD system supports
|
||||
something equivalent to the Linux solution above. But, the `pf` firewall system
|
||||
(created by OpenBSD but now also available on FreeBSD and NetBSD) features a
|
||||
handy-dandy [traffic redirection](https://www.openbsd.org/faq/pf/rdr.html)
|
||||
functoinality which you should be able to use to have e.g. incoming connections
|
||||
on ports 80 and 443 sent to an unpriveleged Shizaru process listening on ports
|
||||
8080 and 4433. I haven't as yet testing this, though.
|
||||
|
||||
## Daemonising
|
||||
|
||||
Shizaru doesn't yet daemonise itself, so you'll have to rely on an external
|
||||
tool, like [this one](http://libslack.org/daemon/).
|
||||
Please DO NOT open issues or pull requests at tildegit.org for this project. Please update links or bookmarks.
|
Loading…
Reference in New Issue