Embedded C/C++ web server

Overview

CivetWeb CivetWeb

The official home of CivetWeb is https://github.com/civetweb/civetweb

License GitHub contributors

Continuous integration for Linux and macOS (Travis CI):

Travis Build Status

Continuous integration for Windows (AppVeyor):

Appveyor Build Status

Test coverage check (coveralls, codecov) (using different tools/settings):

Coveralls Coverage Status

codecov

Static source code analysis (Coverity):

Coverity Scan Build Status

Project Mission

Project mission is to provide easy to use, powerful, C (C/C++) embeddable web server with optional CGI, SSL and Lua support. CivetWeb has a MIT license so you can innovate without restrictions.

CivetWeb can be used by developers as a library, to add web server functionality to an existing application.

It can also be used by end users as a stand-alone web server running on a Windows or Linux PC. It is available as single executable, no installation is required.

Where to find the official version?

End users can download CivetWeb binaries / releases from SourceForge https://sourceforge.net/projects/civetweb/

Developers can contribute to CivetWeb via GitHub https://github.com/civetweb/civetweb

Due to a bug in Git for Windows V2.24 CivetWeb must be used with an earlier or later version (see also here).

Trouble tickets should be filed on GitHub https://github.com/civetweb/civetweb/issues

New releases are announced at Google Groups https://groups.google.com/d/forum/civetweb

Formerly some support question and discussion threads have been at Google groups. Recent questions and discussions use GitHub issues.

Source releases can be found on GitHub https://github.com/civetweb/civetweb/releases

A very brief overview can be found on GitHub Pages http://civetweb.github.io/civetweb/

Getting The Source

Download the source code by running the following code in your command prompt:

$ git clone https://github.com/civetweb/civetweb.git or simply grab a copy of the source code as a ZIP or TGZ file.

Quick start documentation

Overview

CivetWeb keeps the balance between functionality and simplicity by a carefully selected list of features:

  • Liberal, commercial-friendly, permissive, MIT license
  • Free from copy-left licenses, like GPL, because you should innovate without restrictions.
  • Forked from Mongoose in 2013, before it changed the licence from MIT to commercial + GPL. A lot of enhancements have been added since that time, see RELEASE_NOTES.md.
  • Works on Windows, Mac, Linux, UNIX, iPhone, Android, Buildroot, and many other platforms.
  • Scripting and database support (CGI, SQLite database, Lua Server Pages, Server side Lua scripts, Server side JavaScript). This provides a ready to go, powerful web development platform in a one single-click executable with no dependencies.
  • Support for CGI, SSI, HTTP digest (MD5) authorization, WebSocket, WebDAV.
  • HTTPS (SSL/TLS) support using OpenSSL.
  • Optional support for authentication using client side X.509 certificates.
  • Resumed download, URL rewrite, file blacklist, IP-based ACL.
  • May run as Windows service.
  • Download speed limit based on client subnet or URI pattern.
  • Simple and clean embedding API.
  • The source is in single file to make things easy.
  • Embedding examples included.
  • HTTP client capable of sending arbitrary HTTP/HTTPS requests.
  • Websocket client functionality available (WS/WSS).

Optionally included software

Lua

Sqlite3

LuaFileSystem

LuaSQLite3

LuaXML

Duktape

Support

This project is very easy to install and use. Please read the documentation and have a look at the examples.

Recent questions and discussions usually use GitHub issues. Some old information may be found on the mailing list, but this information may be outdated.

Note: We do not take any liability or warranty for any linked contents. Visit these pages and try the community support suggestions at your own risk. Any link provided in this project (including source and documentation) is provided in the hope that this information will be helpful. However, we cannot accept any responsibility for any content on an external page.

Contributions

Contributions are welcome provided all contributions carry the MIT license.

DO NOT APPLY fixes copied from Mongoose to this project to prevent GPL tainting. Since 2013, CivetWeb and Mongoose are developed independently. By now the code base differs, so patches cannot be safely transferred in either direction.

Some guidelines can be found in docs/Contribution.md.

Authors

CivetWeb has been forked from the last MIT version of Mongoose in 2013. Since then, CivetWeb has seen many improvements from various authors (Copyright (c) 2013-2021 the CivetWeb developers, MIT license).

A list of authors can be found in CREDITS.md.

CivetWeb is based on the Mongoose project. The original author of Mongoose was Sergey Lyubka (Copyright (c) 2004-2013 Sergey Lyubka, MIT license). However, on August 16, 2013, the license of Mongoose has been changed after writing and distributing the original code this project is based on. The license change and CivetWeb used to be mentioned on the Mongoose Wikipedia page as well, but it's getting deleted (and added again) there every now and then.

Using the CivetWeb project ensures the MIT licenses terms are applied and GPL cannot be imposed on any of this code, as long as it is sourced from here. This code will remain free with the MIT license protection.

Issues
  • Port the build system to cmake

    Port the build system to cmake

    Would there be interest for a pull request which replaces the makefiles with a CMake build implementation?

    This change will help maintain & improve the cross platform support.

    It would be beneficial if I could build Civetweb for multiple versions of visual studio for instance.

    Thoughts?

    opened by cdbishop 167
  • SSL request never gets to CW server

    SSL request never gets to CW server

    Following up on my prior question: we got the HTTP functionality (data format conversion) working properly with embedded CivetWeb, and we're now adding the HTTPS support. All the OpenSSL DLLs are (apparently) where they're supposed to be, and the configurations are set.

    It looks to me like all the relevant settings are good to go in web.config:

    listening_ports=8083, 8443s
    ssl_certificate server.pem
    ssl_cipher_list = DES-CBC3-SHA:AES128-SHA:AES128-GCM-SHA256
    ssl_protocol_version = 3
    
    

    I noted that the MD for OpenSSL doesn't mention doing something like

    callbacks.init_ssl = [](void *, void *) { return 1; };

    but we sorted that out on our own.

    Anyway--to the issue: The log is happy (no complaints about the PEM, nor about the DLLs).

    Firefox says SSL_ERROR_NO_CYPHER_OVERLAP, Chrome says ERR_SSL_VERSION_OR_CIPHER_MISMATCH, Postman just says it can't chat with the server, and IE spins. And spins. And spins.

    I followed up on all the articles I could find about ensuring that Chrome gets the cert added, but I'm up against a deadline here and I can't even figure out how to debug this. I could have a bad config, have missed a step in the coding--it could be a lot of things.

    Supposedly this is setting up for TLS1.2 but I can't confirm that. Should I be barking up this tree, up the OpenSSL tree, or some other tree? (The application will be queried by .a NET 4.5 application, not a browser, but the .NET end is even fussier in my experience.) Can you (or anyone reading this) point me in the right direction?

    Thanks,

    --jbm!

    opened by jbmonroe 48
  • SSL fails to pass security tests

    SSL fails to pass security tests

    I need to use SSL for webhook callbacks but my provider refuses to accept SSL as handled by civetweb.

    You can test it here (this test will accept specific ports to test): https://www.htbridge.com/ssl/

    It receives a grade of C while port 443 on my server receives a A+

    "The server is vulnerable to POODLE over SSL"

    ""SERVER DOES NOT HAVE CIPHER PREFERENCE The server does not have preferred cipher suites. We advise to enable this feature in order to use only the strongest suite available."

    "SERVER SUPPORTS CLIENT-INITIATED SECURE RENEGOTIATION The server supports client-initiated secure renegotiation which may be unsafe and allow Denial of Service attacks."

    opened by CrackerHax 42
  • Data race during shutdown

    Data race during shutdown

    There's a data race on ctx->stop_flag during shutdown. Didn't see an easy fix so creating an issue instead of a PR.

    WARNING: ThreadSanitizer: data race (pid=748655)
      Write of size 4 at 0x7b5c00000028 by main thread:
        #0 mg_stop src/civetweb.c:18842:17 (objectbox-http-server-test+0x26cd7f)
        #1 CivetServer::close() src/CivetServer.cpp:398:3 (objectbox-http-server-test+0x2833e8)
        #2 CivetServer::~CivetServer() src/CivetServer.cpp:329:2 (objectbox-http-server-test+0x2833e8)
    
      Previous read of size 4 at 0x7b5c00000028 by thread T1:
        #0 master_thread_run src/civetweb.c:18625:14 (objectbox-http-server-test+0x277935)
        #1 master_thread src/civetweb.c:18725:2 (objectbox-http-server-test+0x277935)
    
      Location is heap block of size 888 at 0x7b5c00000000 allocated by main thread:
        #0 calloc <null> (objectbox-http-server-test+0x7b468)
        #1 mg_calloc src/civetweb.c:1540:9 (objectbox-http-server-test+0x26d151)
        #2 mg_start2 src/civetweb.c:18973:34 (objectbox-http-server-test+0x26d151)
        #3 mg_start src/civetweb.c:19548:9 (objectbox-http-server-test+0x26d151)
        #4 CivetServer::CivetServer(std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >, CivetCallbacks const*, void const*) src/CivetServer.cpp:321:12 (objectbox-http-server-test+0x2830de)
    
      Thread T1 'civetweb-master' (tid=748660, running) created by main thread at:
        #0 pthread_create <null> (objectbox-http-server-test+0xb07ce)
        #1 mg_start_thread_with_id src/civetweb.c:6049:11 (objectbox-http-server-test+0x26e920)
        #2 mg_start2 src/civetweb.c:19482:9 (objectbox-http-server-test+0x26e920)
        #3 mg_start src/civetweb.c:19548:9 (objectbox-http-server-test+0x26e920)
        #4 CivetServer::CivetServer(std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >, CivetCallbacks const*, void const*) src/CivetServer.cpp:321:12 (objectbox-http-server-test+0x2830de)
    
    SUMMARY: ThreadSanitizer: data race src/civetweb.c:18842:17 in mg_stop
    
    opened by vaind 32
  • a demo that civetweb support mbedtls

    a demo that civetweb support mbedtls

    here is a demo that civeweb v1.11 supports mbedtls v2.16.2

    https://github.com/Qinch/civetweb/tree/v1.11-mbedtls

    opened by Qinch 32
  • Add option for building civetweb without timegm().

    Add option for building civetweb without timegm().

    Using the NO_TIMEGM option disables the caching feature. Civetweb will not be able to detect a unchanged file. On the other hand it allows to build civetweb on systems that don't implement timegm().

    opened by c-mauderer 31
  • Appveyor tests failing

    Appveyor tests failing

    This environment works:

    Environment: compiler=msvc-18-seh, build_shared=NO, no_files=NO, enable_ipv6=NO, enable_ssl=YES, enable_websockets=YES, no_cgi=NO; Platform: x86
    

    This one fails:

    Environment: compiler=msvc-18-seh, build_shared=NO, no_files=NO, enable_ipv6=NO, enable_ssl=YES, enable_websockets=YES, no_cgi=NO; Platform: x64
    

    Note, the only difference is in the failure is in the 64bit windows version.

    Here is the summary:

      Test project C:/projects/civetweb/output/build
            Start  1: test-private-http-message
       1/19 Test  #1: test-private-http-message ...................   Passed    0.04 sec
            Start  2: test-private-url-parsing
       2/19 Test  #2: test-private-url-parsing ....................   Passed    0.02 sec
            Start  3: test-private-internal-parsing
       3/19 Test  #3: test-private-internal-parsing ...............   Passed    0.00 sec
            Start  4: test-private-encode-decode
       4/19 Test  #4: test-private-encode-decode ..................   Passed    0.01 sec
            Start  5: test-private-mask-data
       5/19 Test  #5: test-private-mask-data ......................   Passed    0.01 sec
            Start  6: test-publicfunc-version
       6/19 Test  #6: test-publicfunc-version .....................   Passed    0.01 sec
            Start  7: test-publicfunc-options
       7/19 Test  #7: test-publicfunc-options .....................   Passed    0.01 sec
            Start  8: test-publicfunc-mime-types
       8/19 Test  #8: test-publicfunc-mime-types ..................   Passed    0.01 sec
            Start  9: test-publicfunc-strcasecmp
       9/19 Test  #9: test-publicfunc-strcasecmp ..................   Passed    0.01 sec
            Start 10: test-publicfunc-url-encoding-decoding
      10/19 Test #10: test-publicfunc-url-encoding-decoding .......   Passed    0.01 sec
            Start 11: test-publicfunc-cookies-and-variables
      11/19 Test #11: test-publicfunc-cookies-and-variables .......   Passed    0.01 sec
            Start 12: test-publicfunc-md5
      12/19 Test #12: test-publicfunc-md5 .........................   Passed    0.00 sec
            Start 13: test-publicserver-check-test-environment
      13/19 Test #13: test-publicserver-check-test-environment ....   Passed    0.02 sec
            Start 14: test-publicserver-start-threads
      14/19 Test #14: test-publicserver-start-threads .............   Passed    1.16 sec
            Start 15: test-publicserver-start-stop-http-server
      15/19 Test #15: test-publicserver-start-stop-http-server ....   Passed    3.25 sec
            Start 16: test-publicserver-start-stop-https-server
      16/19 Test #16: test-publicserver-start-stop-https-server ...***Failed    1.03 sec
            Start 17: test-publicserver-tls-server-client
      17/19 Test #17: test-publicserver-tls-server-client .........***Failed    1.02 sec
            Start 18: test-publicserver-server-requests
      18/19 Test #18: test-publicserver-server-requests ...........***Failed    0.00 sec
            Start 19: test-exe-helper-funcs
      19/19 Test #19: test-exe-helper-funcs .......................   Passed    0.02 sec
    
      84% tests passed, 3 tests failed out of 19
    
      Total Test time (real) =   7.04 sec
    

    I think if test-publicserver-start-stop-https-server, test-publicserver-start-stop-https-server, test-publicserver-start-stop-https-server were to be run directly (seperately from CTest), it would give more useful information about the test failure, but CTest is suppressing that information.

    An alternative could be to turn on XML logging and have the xml files be uploaded to appveyor as test results.

    Here is the link explaining uploading: https://www.appveyor.com/docs/running-tests#uploading-xml-test-results here is the link explaining how to do xml logging in libcheck: ftp://www.eeng.dcu.ie/pub/ee454/cygwin/usr/share/doc/check-0.9.2/html/x232.html

    opened by jd-boyd 30
  • Dot (.) character of URI issue

    Dot (.) character of URI issue

    I use "mg_set_request_handler" to hook the specified URI to my handler.

    for example, "curl https://127.0.0.1/%2e/SECURE_API/neverseen.txt" and "curl https://127.0.0.1/./SECURE_API/./neverseen.txt"

    If I use "." in my url, it looks like curl will remove "." from request url. If I use "%2e", it will send to civetweb directly and the conn->request_uri will be "/./SECURE_API/./neverseen.txt".

    For the case, my request handler is never be matched. The worse is that my URI filter will be bypass using "%2e".

    I see function "remove_double_dots_and_double_slashes" will try to remove "..". Maybe we should remove ".", too.

    opened by allenk 30
  • Cipher list

    Cipher list

    Added cipher list setting.

    Note that i set some additional flags in SSL_CTX_set_options. You may want to be selective while merging those.

    opened by MGralka 29
  • mg_read variable shadowing

    mg_read variable shadowing

    mg_read has a function param of void* buf, but also declares a local variable char buf[64].

    This should be fixed as it generates a warning with -Wshadow on clang. I can look at it later but figured I'd give you a heads up.

    opened by kainjow 29
  • Can't add/upload a file using WebDav with Explorer on Windows 10

    Can't add/upload a file using WebDav with Explorer on Windows 10

    Hi,

    I'm trying to use WebDav with Civetweb 64-bit (precompiled V1.15) on Windows 10 64-bit. It appears to work fine for downloading a file via the Explorer window from Civitweb running on localhost (i.e., \\[email protected]\DavWWWRoot).

    However when trying to upload a file or folder, I'm getting a "Replace or Skip files" dialog window, and when I click "Replace the file in the destination" (which appears even though the file didn't exist there before ), I then get a dialog window with "1 Interrupted Action -- Can't read from source file or disk" and buttons for: 'Try Again | Skip | Cancel' Pressing 'Skip' appears to create an empty file. Oddly, I can delete files using the Explorer window just fine.

    I'm trying to upload simple text files without any special permissions. I've tried running Civetweb under Admin permissions, and specifying a "put_delete_auth_file" as per this comment. I also tried using port 80 instead of the default port 8080.

    Can someone explain how to setup WebDav so that files can be uploaded via Explorer to a directory on Windows 10?

    Thank you!

    Update:

    After testing with different WebDav clients on Windows, it appears uploading is actually working and this is related to using Explorer. I suspect it requires an HTTPS connection (i.e., https://[email protected]\DavWWWRoot), but I'm not sure.

    If anyone happens to know why this occurs with Explorer or a workaround, please let me know.

    opened by stevensam 13
  • Expose base64 decoder

    Expose base64 decoder

    Hello,

    as a civetweb library consumer I have to ship my own base64 implementation to support HTTP Basic Authentication within a custom AuthHandler: https://github.com/jupp0r/prometheus-cpp/blob/v0.13.0/pull/src/basic_auth.cc#L43

    Maybe you could expose the base64 decoder or provide a convenience function to ease Basic Authentication.

    Thanks, Gregor

    opened by gjasny 1
  • Path variables in HTTP URI

    Path variables in HTTP URI

    Currently it is not possible to use path variables in URIs like /user/{id}. Any plans to support that?

    opened by dacrome 1
  • SigSev with openssl 1.1.1l and Chrome on Linux

    SigSev with openssl 1.1.1l and Chrome on Linux

    Hi,

    We are currently having a problem with the latest version of openssl (1.1.1l) and civetweb when querying https page with chrome. I'm not entirely sure that civetweb is at fault here , but i'd like to have your opinion on the matter. When we refresh (Ctrl +F5) multiple time a page , at some point, Chrome will display an error : ERR_SSL_PROTOCOL_ERROR. chrome

    From that point the web pages are no longer available from chrome (but everything is ok with firefox). To access the web page again , we have to restart our app. After the restart we are experiencing a crash after a few more refresh :

    The stack of the crash is the following :

    __memmove_avx_unaligned_erms 0x00007f20265306ec
    rand_pool_add 0x00005581f72fae43
    rand_pool_add_additional_data 0x00005581f72fbdd6
    rand_drbg_get_additional_data 0x00005581f72fa1ab
    RAND_DRBG_bytes 0x00005581f72f936d
    RAND_priv_bytes 0x00005581f72fb304
    <unknown> 0x00005581f72ac4af
    <unknown> 0x00005581f72ad83b
    EVP_PKEY_keygen 0x00005581f72ce4c1
    ssl_generate_pkey 0x00005581f725ad66
    tls_construct_stoc_key_share 0x00005581f721bdb0
    tls_construct_extensions 0x00005581f720e7d8
    tls_construct_server_hello 0x00005581f7234cf7
    <unknown> 0x00005581f721defa
    <unknown> 0x00005581f721d32b
    ossl_statem_accept 0x00005581f721ce09
    SSL_do_handshake 0x00005581f72064b1
    SSL_accept 0x00005581f7202090
    <unknown> 0x00005581f8d15972
    <unknown> 0x00005581f8d1a91f
    <unknown> 0x00005581f8d1ac73
    start_thread 0x00007f20504be609
    clone 0x00007f20264c4293
    

    And the resulting error message is :

    Thread 99 "civetweb-worker" received signal SIGSEGV, Segmentation fault. [Switching to Thread 0x7f1fc4532000 (LWP 8021)] __memmove_avx_unaligned_erms () at ../sysdeps/x86_64/multiarch/memmove-vec-unaligned-erms.S:306

    The complete environment is : CivetWeb 1.15, OpenSSL 1.1.1l, Ubuntu 20.04.3 LTS, Linux 5.11.0-37-generic, GCC 9.3.0 (Ubuntu 9.3.0-17ubuntu1~20.04). Civetweb is statically embedded in our app and configured to use tls 1.2.

    Switching back to openssl 1.1.1g (the previous version we were using) resolve the problem. Under windows everything is fine with civetweb 1.15 and openssl 1.1.1l even if the server is queried with the same browser that made the linux version crash

    If it can help here is how openssl and civetweb have been compiled : Openssl : ./config --prefix=$BUILD_PATH/openssl threads -static no-shared -fPIC

    Civetweb cmake .. -DCMAKE_INSTALL_PREFIX=$BUILD_PATH/civetweb -DCMAKE_CXX_FLAGS="-fPIC" -DBUILD_TESTING=OFF -DCIVETWEB_ENABLE_CXX=ON -DCIVETWEB_ENABLE_SSL=ON -DCIVETWEB_ENABLE_SSL_DYNAMIC_LOADING=OFF -DCIVETWEB_ENABLE_WEBSOCKETS=ON -DCIVETWEB_ENABLE_SERVER_STATS=ON -DOPENSSL_ROOT_DIR=$buildv8Path/openssl -DCIVETWEB_BUILD_TESTING=OFF

    Do you have any idea of what can be the problem here ? Thanks

    opened by grunk 5
  • Example Has a problem

    Example Has a problem

    Hi! Excellent project.

    I am trying to work through some of your examples and am stuck on: https://github.com/civetweb/civetweb/blob/master/examples/embedded_c/embedded_c.c#L657

    You have a snippet: while (r > 0) { r_total += r; s = mg_send_chunk(conn, buf, r); if (r != s) { /* Send error */ break; } r = mg_read(conn, buf, sizeof(buf)); }

    The test for r != s should always fail because you are always sending more bytes (the length is prepended to the buffer on every send) than the receive buffer's size.

    Additionally, the example is problematic since when the read buffer is emptied, the connection is slammed shut. This results in an error on the away (client) side: curl: (18) transfer closed with outstanding read data remaining. Is there any way to keep the connection open and close it manually after I have responded to the request? Thank you!

    opened by gsteri1 3
  • Has anyone attempted to compile on Apple Silicon?

    Has anyone attempted to compile on Apple Silicon?

    Has anyone attempted to compile and run on Apple Silicon M1? I would love to know the answer but don't have access to an M1 chipset

    Type: question Status: Help required 
    opened by hexmarkrecords 1
  • Intermittent errors while handling TLS connections

    Intermittent errors while handling TLS connections

    I'm using an embedded civetweb server, version 1.12 running in an older buildroot environment.

    Request processing works great when not using TLS. When using TLS, it has intermittent errors processing requests, I'd say about 25% of the time.

    When the error occurs, it is reported as:

    4101 mg_cry_internal_impl:3793: mg_cry called from sslize:15503: SSL syscall error 0

    Other notes:

    • Same problem if I upgrade to 1.13.
    • Using Openssl 1.0.1s-fips
    • Same problem if I exclude all my code and simply use the civetweb server
    Status: not reproducible - postponed 
    opened by cb-engage 2
  • Fix Debug-Build for Zephyr

    Fix Debug-Build for Zephyr

    Do nothing in DEBUG_TRACE_FUNC for ZEPHYR as Zephyr-RTOS lacks support for function flockfile (POSIX_DEVICE_IO).

    opened by mglettig 1
  • mg_connect_websocket_client timeout

    mg_connect_websocket_client timeout

    On Linux I get immediate return when the port is not open, while in Windows I get an huge delay of 10 seconds before the return.

    Is this expected? Do I have some way to configure this behavior?

    opened by abramobagnara 6
  • Too many open files

    Too many open files

    Dear all, I cross compiler the library on arm64 and works great except for a strange error. I serve both web pages as static content and api with the library. In the pages I have a JavaScript that interact with the API every seconds. After a while, the server response with error 500 Too many opens file for the static content while perfectly works for the api (that do not opens file on disk) If I check open sockets I see hundreds of open sockets associated to my app. What could I investigate?

    thank you Andrea

    opened by NuclearInstruments 15
Releases(v1.15)
  • v1.15(Sep 1, 2021)

    Summary

    bug fixes, remove legacy interfaces

    Changes

    • New configuration for URL decoding
    • Sanitize filenames in handle form
    • Example "embedded_c.c": Do not overwrite files (possible security issue)
    • Remove obsolete examples
    • Remove "experimental" label for some features
    • Remove MG_LEGACY_INTERFACE that have been declared obsolete in 2017 or earlier
    • Modifications to build scripts, required due to changes in the test environment
    • Unix domain socket support fixed
    • Fixes for NO_SSL_DL
    • Fixes for some warnings / static code analysis
    • Update version number
    Source code(tar.gz)
    Source code(zip)
    CivetWeb_Win32+64_V1.15.zip(1.62 MB)
  • v1.14(Apr 6, 2021)

    Summary

    mbedTLS, Lua API enhancements, log filtering

    Changes

    • Change SSL default setting to use TLS 1.2 as minimum (set config if you need an earlier version)
    • Add local_uri_raw field (not sanitized URI) to request_info
    • Additional API functions and a callback after closing connections
    • Allow mbedTLS as OpenSSL alternative (basic functionality)
    • Add OpenSSL 3.0 support (OpenSSL 3.0 Alpha 13)
    • Support UNIX/Linux domain sockets
    • Fuzz tests and ossfuzz integration
    • Compression for websockets
    • Restructure some source files
    • Improve documentation
    • Fix HTTP range requests
    • Add some functions for Lua scripts/LSP
    • Build system specific fixes (CMake, MinGW)
    • Update 3rd party components (Lua, lfs, sqlite)
    • Allow Lua background script to use timers, format and filter logs
    • Remove WinCE code
    • Update version number
    Source code(tar.gz)
    Source code(zip)
    CivetWeb_Win32+64_V1.14.zip(3.18 MB)
  • v1.13(Sep 30, 2020)

    Summary

    Various updates and fixes, additional API functions

    Changes

    • Add arguments for CGI interpreters
    • Support multiple CGi interpreters
    • Buffering HTTP response headers, including API functions mg_response_header_* in C and Lua
    • Additional C API functions
    • Fix some memory leaks
    • Extended use of atomic operations (e.g., for server stats)
    • Add fuzz tests
    • Set OpenSSL 1.1 API as default (from 1.0)
    • Add Lua 5.4 support and deprecate Lua 5.1
    • Provide additional Lua API functions
    • Fix Lua websocket memory leak when closing the server
    • Remove obsolete "file in memory" implementation
    • Improvements and fixes in documentation
    • Fixes from static source code analysis
    • Additional unit tests
    • Various small bug fixes
    • Experimental support for some HTTP2 features (not ready for production)
    • Experimental support for websocket compression
    • Remove legacy interfaces declared obsolete since more than 3 years
    • Update version number
    Source code(tar.gz)
    Source code(zip)
    CivetWeb_Win32+64_V1.13.zip(3.16 MB)
  • v1.12(Mar 17, 2020)

    Summary

    Multiple improvements and extensions in various areas, including compatibility enhancements, additional Lua scripting features and documentation.

    Changes

    • Updates/improvements for LuaXML
    • Updates and tests for JSON for Lua
    • BoringSSL support
    • Add Remark: Do not use Git for Windows V2.24 (but <= V2.23 or >= V2.25)
    • Format configuration dialogs for Windows
    • Add option "hide_tray" to start without Windows systray icon
    • URI checking according to "remove_dot_segments" algorithm from RFC
    • Experimental support for a new server and client start API
    • Additional callbacks to initialize external SSL context
    • More cache control options for static files
    • Trace function for Lua server pages
    • Access to client certificate data for Lua pages
    • Allow to configure SOMAXCONN (max. number of waiting connections)
    • Include some build options for Zephyr
    • Support for flawed CGI interpreters returning only instead of
    • Add NO_FILESYSTEM flag for (embedded) system without any file system
    • Several fixes for server side Lua scripts
    • Disable SSL renegotiation for new OpenSSL version
    • Allow to force TLSv1.3 (disable TLSv1.2)
    • Prefer pre-compressed *.gz file, if it already exists
    • Fix some #include statements for various compilers / OS / SDK versions
    • Support for Linux Standard Base (LSB)
    • Fixes to mg_get_*_info() API functions
    • Fix some bugs/deficiencies in examples and tests
    • Fix some static source code analysis warnings
    • Add Conan package build
    • Fix include for Lua pages in "Kepler Syntax"
    • Replace some uses of deprecated Linux and OpenSSL API functions
    • Improved documentation and examples
    • Fixes for timeout handling
    • Fixes for the request queue (rare loss of requests)
    • Client side SNI
    • Update version number
    Source code(tar.gz)
    Source code(zip)
    CivetWeb_Win32+64_V1.12.zip(1.50 MB)
  • v1.11(Sep 10, 2018)

    Major Features

    Support multiple domains and certificates, support websocket ping-pong, on-the-fly compression, additional API functions

    Changes

    • Add API function to send file body for C and Lua
    • Fix several warnings from different compilers and static code analyzers
    • Drop Symbian support from the code
    • Improve examples
    • Timeout for CGI scripts
    • Fix for requests using IPv6 addresses as hostname
    • Shared data for Lua scripts and Lua server pages
    • Add API function for 30x redirect
    • Script for Linux bash auto-completion
    • Add HTTP JSON C callback example
    • Add helper function for HTTP 200 OK response
    • Allow Kepler Syntax for Lua Server pages
    • Update duktape to 2.2.0 and Lua to 5.3.4
    • Optional support for on-the-fly compression (if zlib is available and USE_ZLIB is set)
    • Add method to replace mg_cry and log_access by own implementation
    • Fixes for IPv6 support
    • Add server support for websocket ping pong protocol
    • Fix misspellings in source code and documentation
    • Add error msg to http_error callback
    • Move unit test to a new directory
    • Remove remote_ip request_info member (it has been legacy since several versions)
    • Use gmtime_r instead of gmtime, if available
    • Add some functions to C++ wrapper
    • Support multiple domains with different certificate files (TLS server name identification, SNI)
    • Provide client peer certificate (X509) in mg_client_cert structure
    • Add new callback (get_external_ssl_ctx) to provide pre-initialized TLS context
    • Improve unit tests
    • Fix ssl init for HTTPS clients
    • Update version number
    Source code(tar.gz)
    Source code(zip)
  • v1.10(Sep 26, 2017)

    Major Features

    OpenSSL 1.1 support, add server statistics and diagnostic data

    Changes

    • Add missing mg_ or MG_ to symbols in civetweb.h. Symbols without will be removed a future version.
    • Add HTTPS server configuration example
    • Lua Pages: mg.include should support absolute, relative and virtual path types
    • Add API function for HTTP digest authentication
    • Improved interface documentation
    • Support parameters for Lua background scripts
    • Use new connection queue implementation (previously ALTERNATIVE_QUEUE) as default
    • Add USE_SERVER_STATS define, so the server collects statistics data
    • Convert system_info text output and all other diagnostic strings to JSON format
    • Add experimental function to query the connection status (may be dropped again)
    • Add document on proposed future interface changes (for comments)
    • Officially drop Symbian support
    • Ignore leading blank lines in multipart messages (for Android upload service)
    • Rewrite some functions, in particular request parsing
    • CORS preflight directly in the server, with additional config options
    • Solve some warnings from different static source code analysis tools
    • Collect server status data
    • Allow hostname in listening_ports
    • Make maximum request size configurable
    • Allow multiple Sec-Websocket-Protocol
    • Add configuration option to send additional headers
    • Add configuration option for Strict-Transport-Security
    • Mark "file in memory" feature is a candidate for deletion
    • Improve examples
    • Fix timeout error when sending larger files
    • Add mg_send_chunk interface function
    • Allow to separate server private key and certificate chain in two different files
    • Support for multipart requests without quotes (for some C# clients)
    • Initialize SSL in mg_init_library, so https client functions can be used when no server is running
    • Allow "REPORT" HTTP method for REST calls to scripts
    • Allow to compile civetweb.c wih a C++ compiler
    • Lua: Remove internal length limits of encode/decode functions
    • Allow sub-resources of index script files
    • Add config parameter allow_index_script_resource the aforementioned feature
    • Remove deprecated "uri" member of the request from the interface
    • Improve documentation
    • Make auth domain check optional (configuration)
    • Update unit test framework to check 0.11.0 (C89/C90 compilers still need a patched version)
    • Limit depth of mg.include for Lua server pages
    • Additional unit tests
    • OpenSSL 1.1 support
    • Update version number
    Source code(tar.gz)
    Source code(zip)
  • v1.9.1(Jan 4, 2017)

    Bug fix version

    Changes

    • Fix for connections closed prematurely
    • Update to a new check unit test framework and remove patches required for previous version
    • Add "open website" button for pre-built Windows binaries (so end users can easily check for new versions)
    • Update version number
    Source code(tar.gz)
    Source code(zip)
  • v1.9(Dec 30, 2016)

    Features

    Read SSI client certificate information, improve windows usability, use non-blocking sockets, bug fixes

    Changes

    • Add library init/exit functions (call is now optional, but will be required in V1.10)
    • Windows: Show system information from the tray icon
    • Windows: Bring overlaid windows to top from the tray icon
    • Add Lua background script, running independent from server state
    • Move obsolete examples into separated directory
    • Change name of CMake generated C++ library to civetweb-cpp
    • Add option to set linger timeout
    • Update Duktape and Lua (third-party code)
    • Add continuous integration tests
    • Add API documentation
    • Limit recursions in .htpasswd files
    • Fix SCRIPT_NAME for CGI directory index files (index.php)
    • Use non-blocking sockets
    • stdint.h is now required and no longer optional
    • Rewrite connection close handling
    • Rewrite mg_fopen/mg_stat
    • Enhanced tray icon menu for Windows
    • Add subprotocol management for websocket connections
    • Partially rewrite timeout handling
    • Add option keep_alive_timeout_ms
    • Improve support for absolute URIs
    • Allow some additional compiler checks (higher warning level)
    • Add option for case sensitive file names for Windows
    • Short notation for listening_ports option when using IPv4 and IPv6 ports
    • Make usage of Linux sendfile configurable
    • Optimize build matrix for Travis CI
    • Retry failing TLS/HTTPS read/write operations
    • Read client certificate information
    • Do not tolerate URIs with invalid characters
    • Fix mg_get_cookie to ignore sub-strings
    • Fix memory leak in form handling
    • Fix bug in timer logic (for Lua Websockets)
    • Updated version number
    Source code(tar.gz)
    Source code(zip)
  • v1.8(May 27, 2016)

    Features

    CMake integration, new unit tests based on the check framework, continuous integration with Travis CI and AppVeyor, code analysis with Coverity, some additional API functions, bug fixes and updates

    Changes

    • Replace mg_upload by mg_handle_form_request
    • CGI-scripts must receive EOF if all POST data is read
    • Add API function to handle all kinds of HTML form data
    • Do not allow short file names in Windows
    • Callback when a new thread is initialized
    • Support for short lived certificates
    • Add NO_CACHING compile option
    • Update Visual Studio project files to VS2015; rename directory VS2012 to VS
    • Sec-Wesocket-Protocol must only return one protocol
    • Mark some examples and tests as obsolete
    • Remove no longer maintained test utils
    • Add some default MIME types and the mg_send_mime_file API function.
    • Client API using SSL certificates
    • Send "Cache-Control" headers
    • Add alternative to mg_upload
    • Additional configuration options
    • Fix memory leaks
    • Add API function to check available features
    • Add new interface to get listening ports
    • Add websocket client interface and encode websocket data with a simple random number
    • Support SSL client certificates
    • Add configuration options for SSL client certificates
    • Stand-alone server: Add command line option -I to display information about the system
    • Redirect stderr of CGI process to error log
    • Support absolute URI; split uri in mg_request_info to request_uri and local_uri
    • Some source code refactoring, to improve maintainability
    • Use recursive mutex for Linux
    • Allow CGI environment to grow dynamically
    • Support build for Lua 5.1 (including LuaJIT), Lua 5.2 and Lua 5.3
    • Improve examples and documentation
    • Build option CIVETWEB_SERVE_NO_FILES to disable serving static files
    • Add Server side JavaScript support (Duktape library)
    • Created a "civetweb" organization at GitHub.
    • Repository moved from https://github.com/bel2125/civetweb to https://github.com/civetweb/civetweb
    • Improved continuous integration
    • CMake support, continuous integration with Travis CI and Appveyor
    • Adapt/port unit tests to CMake/Travis/Appveyor
    • Bug fixes, including issues from static code analysis
    • Add status badges to the GitHub project main page
    • Updated version number
    Source code(tar.gz)
    Source code(zip)
  • v1.7(Jul 5, 2015)

    Features

    Enhanced examples and documentation, additional API functions, some functions rewritten, bug fixes and updates

    Changes

    • Format source with clang_format
    • Use function 'sendfile' for Linux
    • Fix for CRAMFS in Linux
    • Fix for file modification times in Windows
    • Use SO_EXCLUSIVEADDRUSE instead of SO_REUSEADDR for Windows
    • Rewrite push/pull functions
    • Allow to use Lua as shared objects (WITH_LUA_SHARED)
    • Fixes for many warnings
    • URI specific callbacks and different timeouts for websockets
    • Add chunked transfer support
    • Update LuaFileSystem
    • Update Lua to 5.2.4
    • Fix build for MinGW-x64, TDM-GCC and clang
    • Update SQLite to 3.8.10.2
    • Fix CGI variables SCRIPT_NAME and PATH_TRANSLATED
    • Set TCP_USER_TIMEOUT to deal faster with broken connections
    • Add a Lua form handling example
    • Return more differentiated HTTP error codes
    • Add log_access callback
    • Rewrite and comment request handling function
    • Specify in detail and document return values of callback functions
    • Set names for all threads (unless NO_THREAD_NAME is defined)
    • New API functions for TCP/HTTP clients
    • Fix upload of huge files
    • Allow multiple SSL instances within one application
    • Improve API and user documentation
    • Allow to choose between static and dynamic Lua library
    • Improve unit test
    • Use temporary file name for partially uploaded files
    • Additional API functions exported to C++
    • Add a websocket client example
    • Add a websocket client API
    • Update websocket example
    • Make content length available in request_info
    • New API functions: access context, callback for create/delete, access user data
    • Upgraded Lua from 5.2.2 to 5.2.3 and finally 5.2.4
    • Integrate LuaXML (for testing purposes)
    • Fix compiler warnings
    • Updated version number
    Source code(tar.gz)
    Source code(zip)
  • v1.6(Jun 27, 2014)

    Features

    Enhance Lua support, configuration dialog for windows, new examples, bug fixes and updates

    Changes

    • Add examples of Lua pages, scripts and websockets to the test directory
    • Add dialog to change htpasswd files for the Windows standalone server
    • Fix compiler warnings and warnings from static code analysis
    • Add new unit tests
    • Support includes in htpasswd files
    • Add a basic option check for the standalone executable
    • Support user defined error pages
    • Method to get POST request parameters via C++ interface
    • Re-Add unit tests for Linux and Windows
    • Allow to specify title and tray icon for the Windows standalone server
    • Fix minor memory leaks
    • Redirect all memory allocation/deallocation through mg functions which may be overwritten
    • Support Cross-Origin Resource Sharing (CORS) for static files and scripts
    • Win32: Replace dll.def file by export macros in civetweb.h
    • Base64 encode and decode functions for Lua
    • Support pre-loaded files for the Lua environment
    • Server should check the nonce for http digest access authentication
    • Hide read-only flag in file dialogs opened by the Edit Settings dialog for the Windows executable
    • Add all functions to dll.def, that are in the header
    • Added Lua extensions: send_file, get_var, get_mime_type, get_cookie, url_decode, url_encode
    • mg_set_request_handler() mod to use pattern
    • Solved, tested and documented SSL support for Windows
    • Fixed: select for Linux needs the nfds parameter set correctly
    • Add methods for returning the ports civetweb is listening on
    • Fixes for Lua Server Pages, as described within the google groups thread
    • Added support for plain Lua Scripts, and an example script
    • A completely new, and more illustrative websocket example for C
    • Websocket for Lua
    • An optional websocket_root directory, including URL rewriting
    • Update of SQLite3 to 3.8.1.
    • Add "date" header field to replies, according to the requirements of RFC 2616 (the HTTP standard), Section 14.18
    • Fix websocket long pull
    • Updated API documentation
    • Fixed Posix locking functions for Windows
    • Updated version number
    Source code(tar.gz)
    Source code(zip)
🌱Light and powerful C++ web framework for highly scalable and resource-efficient web application. It's zero-dependency and easy-portable.

Oat++ News Hey, meet the new oatpp version 1.2.5! See the changelog for details. Check out the new oatpp ORM - read more here. Oat++ is a modern Web F

Oat++ 4.7k Dec 3, 2021
A C++11 RESTful web server library

Served Overview Served is a C++ library for building high performance RESTful web servers. Served builds upon Boost.ASIO to provide a simple API for d

Meltwater 675 Nov 23, 2021
cserv is an event-driven and non-blocking web server

cserv is an event-driven and non-blocking web server. It ideally has one worker process per cpu or processor core, and each one is capable of handling thousands of incoming network connections per worker. There is no need to create new threads or processes for each connection.

null 35 Sep 10, 2021
Crow is very fast and easy to use C++ micro web framework (inspired by Python Flask)

Crow is C++ microframework for web. (inspired by Python Flask) #include "crow.h" int main() { crow::SimpleApp app; CROW_ROUTE(app, "/")([]()

Jaeseung Ha 6.6k Dec 5, 2021
A C++ Web Framework built on top of Qt, using the simple approach of Catalyst (Perl) framework.

Cutelyst - The Qt Web Framework A Web Framework built on top of Qt, using the simple and elegant approach of Catalyst (Perl) framework. Qt's meta obje

Cutelyst 720 Nov 26, 2021
Drogon: A C++14/17 based HTTP web application framework running on Linux/macOS/Unix/Windows

English | 简体中文 | 繁體中文 Overview Drogon is a C++14/17-based HTTP application framework. Drogon can be used to easily build various types of web applicat

An Tao 6.5k Dec 6, 2021
Your high performance web application C framework

facil.io is a C micro-framework for web applications. facil.io includes: A fast HTTP/1.1 and Websocket static file + application server. Support for c

Bo 1.5k Dec 2, 2021
QDjango, a Qt-based C++ web framework

QDjango - a Qt-based C++ web framework Copyright (c) 2010-2015 Jeremy Lainé About QDjango is a web framework written in C++ and built on top of the Qt

Jeremy Lainé 231 Nov 26, 2021
TreeFrog Framework : High-speed C++ MVC Framework for Web Application

Small but Powerful and Efficient TreeFrog Framework is a high-speed and full-stack web application framework based on C++ and Qt, which supports HTTP

TreeFrog Framework 977 Nov 29, 2021
C library to create simple HTTP servers and Web Applications.

Onion http server library Travis status Coverity status Onion is a C library to create simple HTTP servers and Web Applications. master the developmen

David Moreno Montero 1.8k Dec 2, 2021
This is a proof-of-concept of a modern C web-framework that compiles to WASM and is used for building user interfaces.

DanCing Web ?? ?? (DCW) Getting Started Dancing Web is now distributed with the Tarantella Package Manager — a tool I've made to simplify setup of pro

Danilo Chiarlone 3 Sep 11, 2021
The C++ REST SDK is a Microsoft project for cloud-based client-server communication in native code using a modern asynchronous C++ API design. This project aims to help C++ developers connect to and interact with services.

Welcome! The C++ REST SDK is a Microsoft project for cloud-based client-server communication in native code using a modern asynchronous C++ API design

Microsoft 6.6k Dec 4, 2021
Experimental, scalable, high performance HTTP server

Lwan Web Server Lwan is a high-performance & scalable web server. The project web site contains more details. Build status OS Arch Release Debug Stati

Leandro A. F. Pereira 5.5k Dec 2, 2021
Embeddable Event-based Asynchronous Message/HTTP Server library for C/C++

libasyncd Embeddable Event-based Asynchronous Message/HTTP Server library for C/C++. What is libasyncd? Libasyncd is an embeddable event-driven asynch

Seungyoung 163 Nov 17, 2021
A lightweight Bedorck Dedicated Server Plugin Loader

LiteLoader 简体中文 A lightweight Bedorck Dedicated Server Plugin Loader Based on BedrockX Install Download LiteLoader from Releases or Actions, unzip it

null 130 Dec 5, 2021
A http/websocket server framework on linux.

The framework is a Web-Server on unix based system. Without using any third-party libraries, the framework writes from unix system calls and standard C library functions.

xingyuuchen 12 Dec 7, 2021
Embedded C/C++ web server

CivetWeb The official home of CivetWeb is https://github.com/civetweb/civetweb Continuous integration for Linux and macOS (Travis CI): Continuous inte

null 1.9k Nov 30, 2021
web server & client. Fully C++/WebAssembly. Server runs on google cloud function. Client uses a C++ virtual dom.

Starter project. A web server and client fully made with C++/WebAssembly. A simple CMake configuration describes how to build and run everything.

null 3 Aug 6, 2021
A place to collaborate on code for the Embedded.fm book club. Currently reading "STM32 ARM Programming for Embedded Systems".

Welcome to the Book Club Code site! This is a place for the Embedded.fm book club to collaborate and learn together. Repo Structure Guide Top-level fo

Peter Griffin 10 Jun 4, 2021
Embedded Flutter runtime targeting Embedded Linux with Wayland

ivi-homescreen IVI Homescreen for Wayland Strongly Typed (C++) Lightweight Clang 11 Release Stripped = 151k GCC 9.3 Release Stripped = 168k Source run

null 116 Nov 17, 2021
Lab2: using a physical embedded systems to interact with virtual embedded systems.

Lab2: dotDevice EmSys Autumn 2021 In this lab you will use your TinyPico to interact with a virtual embedded system. Current Virtual Lab URL: [http://

Shane Fleming 1 Oct 20, 2021
VNOpenAI 14 Nov 27, 2021
🌱Light and powerful C++ web framework for highly scalable and resource-efficient web application. It's zero-dependency and easy-portable.

Oat++ News Hey, meet the new oatpp version 1.2.5! See the changelog for details. Check out the new oatpp ORM - read more here. Oat++ is a modern Web F

Oat++ 4.7k Dec 3, 2021
🌱Light and powerful C++ web framework for highly scalable and resource-efficient web application. It's zero-dependency and easy-portable.

Oat++ News Hey, meet the new oatpp version 1.2.5! See the changelog for details. Check out the new oatpp ORM - read more here. Oat++ is a modern Web F

Oat++ 4.7k Nov 28, 2021
C++ library for creating an embedded Rest HTTP server (and more)

The libhttpserver reference manual Tl;dr libhttpserver is a C++ library for building high performance RESTful web servers. libhttpserver is built upon

Sebastiano Merlino 573 Dec 7, 2021
Simple, secure & standards compliant web server for the most demanding of applications

Simple, secure[1] & standards compliant[2] web server for the most demanding[3] of applications. Read more... ?? Optimized security Being meticulously

uNetworking AB 13.4k Dec 7, 2021
A C++11 RESTful web server library

Served Overview Served is a C++ library for building high performance RESTful web servers. Served builds upon Boost.ASIO to provide a simple API for d

Meltwater 675 Nov 23, 2021