Content-type: text/html; charset=UTF-8 Man page of SHIZARU

SHIZARU

Section: User Commands (1)
Index Return to Main Contents

BSD mandoc
All Operating Systems

NAME

shizaru - Opinionated webserver

SYNOPSIS

shizaru [-c conf_file ] [-v ]

DESCRIPTION

shizaru is a minimalistic webserver, intended for use in shared-hosting environments, which will "serve no evil". This means it will respond with the HTTP 403 "Forbidden" status rather than serve any file which violates any of the fully user-configurable restrictions on e.g. file size, file type, HTML tags or attributes, linked to domains, and more.

The options are as follows:

-c conf_file: Path to config file (default /etc/shizaru.conf)
-h: Accept unencrypted HTTP connections only
-v: Print version and exit

CONFIGURATION

shizaru is configured with a single configuration file which is in the TOML format. shizaru will look for the configuration file at /etc/shizaru.conf but any alternate location can be specified with the -c option. The settings which can be specified in the config file fall into two categories, those determining the operation of the webserver and those placing restrictions on what will be served.

SERVER SETTINGS

HttpPort (int): Port number on which to listen for HTTP (unencrypted) connections. Default value: 80
HttpsPort (int): Port number on which to listen for HTTPS (encrypted) connections. Default value: 443
CertPath (string): Path to a TLS certificate for HTTPS connections. The certificate should be in PEM format.
KeyPath (string): Path to a TLS private key for HTTPS connections. The key should be in PEM format.
DocBase (string): Path to the directory to serve documents from. Default value: "/var/www/"
HomeDocBase (string): Path to the directory to serve personal "homepages" from, i.e. where to resolve URLs whose path begins with ~usename. Interpreted as relative to DocBase above. Default value: "users"
LogPath (string): Path to access log file. Default value: "/var/log/shizaru.log"

RESTRICTION SETTINGS

MaxPlaintextSize (int): Shizaru will refuse to serve any file with a MIME type (as inferred from the filename extension) of "text/plain" whose size in KiB (i.e. in units of 1024 bytes) exceeds this value. Default value: 1073741824 (equivalent to 1TiB, i.e. effectively infinite)
MaxTextSize (int): Shizaru will refuse to serve any file with a MIME type (as inferred from the filename extension) which begins with "text/" but isn't "text/plain" (e.g. "text/html", "text/css", "text/markdown") whose size in KiB (i.e. in units of 1024 bytes) exceeds this value. Default value: 1024 (equivalent to 1MiB)
MaxBinarySize (int): Shizaru will refuse to serve any file with a MIME type (as inferred from the filename extension) which does not begin with "text/" (e.g. "image/png", "audio/mpeg", "application/x-gtar-compressed") whose size in KiB (i.e. in units of 1024 bytes) exceeds this value. Default value: 32
AllowRemoteContent (bool): If set to false, Shizaru will refuse to serve any HTML page where the value of any element's "src" attribute contains a "://". This means that e.g. images and stylesheets must also be served by Shizaru and not fetched from a remote server. Default value: false
MaxHtmlDepth (int): Shizaru will refuse to serve any HTML page where elements are nested deeper than this value, e.g. if set to 4 then using a <a> or <em> (1) inside a <p> (2) inside a <div> (3) inside <body> (4) inside <html> (5) is "too deep" (5 > 4) and will not be served. Default value: 10
MaxImages (int): Shizaru will refuse to serve any HTML page which contains more tan this number of <img> tags. Default value: 3
BadDomains (list of strings): Shizaru will refuse to serve any HTML page with an <a> element whose "href" attribute is to a URL at any of the domains in this list (including subdomains). Default value: "facebook.com", "google.com", "instagram.com", "twitter.com", "x.com", "amazon.com"
BadMimes (list of strings): Shizaru will refuse to serve any file whose MIME media type (as inferred by the filename extension) is present in this list. Default value: "text/javascript", "application/javascript", "application/x-shockwave-flash"
BadTags (list of strings): Shizaru will refuse to serve any HTML page which contains any HTML tag present filename extension) is present in this list. Default value: "applet", "audio", "base", "blink", "canvas", "embed", "frame", "frameset", "iframe", "marquee", "script"
BadAttrs (list of strings): Shizaru will refuse to serve any HTML page containing any HTML element with an attribute in this list. The default value consists of all Javascript event attributes, e.g. "onmouseover", "onclick", "onscroll", etc.

TRIVIA

The famous "three wise monkeys" who see no evil, hear no evil and speak no evil are named Mizaru, Kikazaru and Iwazaru, respectively. There is a less well known fourth monkey, of dubious historical origin, who symbolises the principle of "do no evil". This monkey is named Shizaru.

AUTHORS

An Solderpunk Aq Mt solderpunk@posteo.net

TRIVIA

AUTHORS

This document was created by man2html, using the manual pages.
Time: 21:26:28 GMT, February 07, 2025