From: "Omar Polo" Subject: Re: gotwebd website support To: Stefan Sperling Cc: gameoftrees@openbsd.org Date: Mon, 01 Dec 2025 23:17:39 +0100 Stefan Sperling wrote: > Add a new feature to gotwebd which allows serving static websites > straight out of Git repositories. > > In the simplest case, declaring a website in gotwebd.conf works as follows: > > server "www.example.com" { > # Serve the www.git repository as a web site when > # the browser visits "www.example.com". > website "/" { > repository "www" > } > } > > See the docs added to gotwebd.conf.5 for details. > > A tricky part of this is requesting routing. We can now have URL paths > which map to repositories and may require authentication, and URL paths > which map to websites which never require authentication (similar to how > static gotwebd assets are not protected by authentication). It took me > some time to get this right. We must have good test coverage for this to > avoid introducing authentication bypass bugs later. > > For now, I am adding some basic tests to the gotsysd regression test suite. > The tests should be extended later to cover more cases. Adding more tests > will be much easier gone gotsysd has learned to reconfigure gotwebd on the fly. > Until gotsysd can reconfigure gotwebd, test cases which require a unique > gotwebd.conf file need to be start in separate scripts. > > ok? to start with, I think it's more than okay =) it's quite a lot. I'm jus leaving one tiny nitpick if you can fix it before merging this in main, as i think it was an unwanted change :p while playing with it i've found a minor logic error, which is innocuous luckily, with `website "/"': $ curl -sI http://localhost/ | grep Location Location: http://localhost//index.html in any case, let's get this in and improve in-tree, i think it's the best way forward :) ok op@ Thanks! > [...] > --- gotwebd/gotwebd.conf.5 > +++ gotwebd/gotwebd.conf.5 > @@ -1,4 +1,4 @@ > -.\" > +\" nit: lost the "." :p > .\" Copyright (c) 2020 Tracey Emery > .\" > .\" Permission to use, copy, modify, and distribute this software for any > [..] > @@ -463,6 +507,56 @@ parameter determines whether > .Xr gotwebd 8 > will display the repository. > .El > +.It Ic website Ar url-path Brq ... > +Show a web site when the browser visits the given > +.Ar url-path . > +The web site's content is composed of files in a Git repository. > +.Pp > +While the underlying repository is subject to authentication as usual, > +web site content is always public, and cannot be hidden via the > +.Ic hide repository > +or > +.Ic respect_exportok > +directives. I think we should 'fix' this and at least enable auth for the website. I think it doesn't make much sense to protect the history but not the resulting tree at the tip :p