This program is FREE for commercial and non-commercial use. The only restriction is that copyright holder must be attributed with the development of this code. See the LICENCE file for more details. Well, as this has been in essence an unpaid effort there is no guarantee of support (you get what you pay for :-), however I do undertake a limited amount of consulting.
This program may be freely distributed, provided the distribution package is not modified. No person or company may charge a fee for the distribution of this program without written permission of the copyright holder.
TinyWeb is extremely small (executable file size is 53K), simple (no any configuration except command line) and fast (consumes as little system memory and CPU resources as possible). TinyWeb installs in minutes and maintains a low-memory profile.
TinyWeb has got five-star rating at ZDNet HotFiles
c:\www\bin\tiny.exe is the path to TinyWeb executable, c:\www\root is the path to www home (root) directory, and c:\www\log is the directory for log files TinyWeb keeps.
TinyWeb is neither windowed nor console application, moreover, it is not a Windows Service. Once started,
tiny.exe will appear in Task List. There is no way to stop Tiny Web except End Task operation.
Run TinyWeb on port 8000 and address 18.104.22.168:
c:\www\bin\tiny.exe c:\www\root 8000 22.214.171.124
Path to home directory is taken from command line as a first parameter. The second parameter is bind-port and the third is bind-address, both are optional, don't use them if unsure.
The default directory root file name is
index.html file is not found in a directory, TinyWEB then looks for
index.htm. If none of these two files are found, a file with name
index and extension from
PATHEXT environment variable is executed as a CGI from
cgi-bin directory. If you have no such files in
cgi-bin, make sure that
index.htm exist in the directory first command line paramenter points to. Please refer to
error_log in case of any troubles. The only
POST commands are handled.
The following environment variables are passed to application:
To learn more about CGI, please visit http://hoohoo.ncsa.uiuc.edu/cgi/.
CGI interface was tested with ActivePerl for NT, which is available at http://www.activestate.com/
CGI application are being executed from /cgi-bin/ directory only.
The samples to test CGI are provided in
cgitest.zip package within TinyWeb archive.
Note that TinyWeb extracts content-types, associated to file extensions, and script interpreters (e.g. Perl) form Windows Registry, so make sure that
.pl are registered file types. It means that I recommend to use
.pl as an extension for CGI-scripts written in Perl.
The information is being taken from registry (to TinyWeb's cache) on TinyWeb's startup, so if you made some content-type or file-assotiation-related changes of registry, you must reload TinyWeb in order to take effect.
TinyWeb keeps Apache-compatible The Common Logfile Format log files:
error_log, which can be analyzed by any compatible log analyzer, eg:
If some of them do not do what you want, let me know! You can also try some of the other log analysis tools. Consult the Yahoo guide for a list.
Logs are kept in a derectory from that TinyWeb was started. Make sure that "Start In" directory of TinyWeb properties is set properly.
Please note that TinyWeb doesn't support W3C's Extended Log File Format.
http://www.ritlabs.com/tinyweb/. In that case TinyWEB first looks for
index.htmland then runs a file with name
indexand extension from
PATHEXTenvironment variable. For example, if
PATHEXTis set to
/cgi-bin/tinyweb/index.plwill be run.
TinySSL is a Secure Sockets Layer (SSL v2/v3) and Transport Layer Security Web Server Daemon based on TinyWeb. TinySSL comes under the same licence as for TinyWEB and is FREE for commercial and non-commercial use. Source code is not provided but you can obtain it for a small fee of $49, thus you will not only be donating to the author but will also support further TinyWEB/TinySSL development. You will also be able to compile TinyWEB with Basic Access Authentication (rfc-2068). Just include your check or money order made payable to CIFNet, Inc. and mail it to: 2545 W. Peterson Ave. Suite 209, Chicago, IL 60659.
TinySSL versions up to 1.7 were using SSLeay library which is a free implementation of Netscape's Secure Socket Layer written by Eric Young (email@example.com), please visit SSLeay FAQ at http://www.psy.uq.edu.au/~ftp/Crypto/ for a lot of useful information about SSLeay.
TinySSL versions 1.8 and later are using OpenSSL which is a successor of SSLeay.
We do run TinySSL on a secure server certified by Thawte at https://support.ritlabs.com/
In order to initiatine a SSL-connection, the secure server must have a certificate or, in other words, Digital ID (there is a good Information Desk on that at Verisign and FAQ on Cryptography at RSA). The client can (and probably should) have a certificate. TinySSL does not currently provide client-certificate verifications.
First of all, you must generate your secure server's RSA private key. For that, feed
.rnd file with lots of interesting and varied data, that would be used for key generation.
.rnd is unformatted file, size don't care. You can copy a wav-file with digitized noize to it, or just a text-file with randomly-typed words and phrases.
To generate a key, type:
openssl genrsa -rand .rnd -out key.pem 1024
This command sequence will generate a 1024-bit RSA private key and store it in the file
key.pem. The key should look like:
-----BEGIN RSA PRIVATE KEY----- MIIBOwIBAAJBALtv55QyzG6i2PlwZ1pah7++Gv8L5j6Hnyr/uTZE1NLG0ABDDexm q/R4KedLjFEIYjocDui+IXs62NNtXrT8odkCAwEAAQJAbwXq0vJ/+uyEvsNgxLko nWmM1KvqnAo5uQIhALqEADu5U1Wvt8UN8UDGBRPQulHWNycuNV45d3nnskWPAiAw ueTyr6WsZ5+SD8g/Hy3xuvF3nPmJRH+rwvVihlcFOg== -----END RSA PRIVATE KEY-----
Remember, that your secure server certificate (Digital ID) will be useless without the key.
Then you should generate your Certificate Signing Request (CSR). The CSR is what contains the name information for the certificate (Country, State/Province, City, Organization, Division, Web Server Domain Name, etc). It also contains your public key. The formats of certificate and CSR used by TinySSL are the same as for Apache-SSL. CSR should be sent for verification to Certificate Authority (CA) e.g. to Verisign (www.verisign.com) or Thawte (www.thawte.com). Thawte has issued a certificate for TinySSL without any problem, we use it at https://support.ritlabs.com/. Verisign are now signing certificate requests for Apache-SSL, more details are online. After verification you will probably receive the certificate.
To generate your CSR, run:
openssl req -new -key key.pem -out req.pem -config openssl.cnf
This command sequence will prompt you for the attributes of your certificate. Remember to give the secure server domain name when you would be prompted for "Common Name".
The request (saved to
req.pem file) should look like:
-----BEGIN CERTIFICATE REQUEST----- MIIBGzCBxgIBADBjMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFuZDEa MBgGA1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQxIzAhBgNVBAMTGkNsaWVudCB0ZXN0 2NNtXrT8odkCAwEAATANBgkqhkiG9w0BAQQFAANBAC5JBTeji7RosqMaUIDzIW13 oO6+kPhx9fXSpMFHIsY3aH92Milkov/2A4SuZTcnv/P6+8klmS0EaiUKcRzak4E= -----END CERTIFICATE REQUEST-----
You will now have a private key in
key.pem and a CSR in
Make sure to store
key.pem in a safe place. You will need the key to operate your secure server when CA issue your certificate. Note, that it is very important to backup the private key that corresponds to the certificate you purchased. Without the private key the certificate is quite useless. For good security reasons the most of CA's are unable to reissue certificates arbitrarily if you cannot access your private key!
req.pem to CA.
Upon reception of a signed certificate from CA, put it to cert.pem.
The certificate should look like:
-----BEGIN CERTIFICATE----- MIICLjCCAZcCAQEwDQYJKoZIhvcNAQEEBQAwWzELMAkGA1UEBhMCQVUxEzARBgNV BAgTClF1ZWVuc2xhbmQxGjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRswGQYD dp7jnmWZwKZ9cXsNUS2o4OL07qOk2HOywC0YsNZQsOBu1CBTYYkIefDiKFL1zQHh 8lwwNd4NP+OE3NzUNkCfh4DnFfg9WHkXUlD5UpxNRJ4gJA== -----END CERTIFICATE-----
You can also generate a temporary but ready to use untrusted test certificate by running:
openssl req -new -key key.pem -out cert.pem -x509 -config openssl.cnf
There is also a good temporary untrusted test certificate generator at http://www.cryptsoft.com/~tjh/usercert.cgi. Also, you can get a free trial secure server certificate from Verisign at http://digitalid.verisign.com/test_server_ids.html (choose Apache-SSL or any compatible server) or from Thawte at https://www.thawte.com/cgi/server/test.exe (chose Generate an X.509v3 certificate & Use the most basic format).
We do run TinySSL on a secure server certified by Thawte. If you enter https://support.ritlabs.com/, you would be able to see the following:
This Certificate belongs to:
RIT Research Labs
This Certificate was issued by:
Thawte Server CA
Certification Services Division
Thawte Consulting cc
Cape Town, Western Cape, ZA
realms.cfgfile. There are MD5/DES-hybrid hashes (also may be called digests) that allow avoiding cleartext reusable passwords to be stored in
realms.cfgfile. Each line of the file describes a single realm and has the following format:
ListOfURLs RealmName User1 User2 User3 User4 ....
ListOfURLsis a list of URLs (pipe-seperated) belonging to specified realm,
RealmNameis name of the realm as per rfc-2068 and
UserNis user name and hash of a password. To produce a hash, run
str2key.exeutility, passing password as a command line parameter (no space characters are allowed). As you see, you may assign several users and URLs to an realm. If you do not need access authentication, simply leave
realms.cfgempty (but do not even think to delete it). The sample file with two realms looks like this:
/cgi-bin/*|/view.html|/edit.html Operations mickey|7a4064683b98bf5e donald|f8ea4654643e75f8 /photos.html Photos ronnie|4f1fab620816ea8a coolman|f1578aa107bc4aefHere
donaldusers will have access to
Operationsrealm and will be able to retrieve
coolmanusers will have access to
str2key.exe utility produces a hash in the following steps: applies MD5 algorinthm to a password string; resulting 128 bits are split on two 64-bit blocks, 56 bits from one block is used as a DES key to ECB-encrypt 64 bits of another block; 64 bits produced by DES ecnryption are taken as hash.
realms.cfg without restarting server is allowed. TinySSL will reload the file if it was modified since last load.
Before starting TinySSL, make shure
realms.cfg files are in the same directory with
TinySSL.exe with the same parameters as needed for
|Q?||When I use my browser to show me my home page it displays its source, i.e. with HTML tags. My browser also reports that the Content-Type of the document is "text/plain", whereas on other home pages I noticed that it is "text/html". Have you any ideas why this is, and what I can do to put it right?|
|A:||As stated above, TinyWeb uses Window Registry to obtain the information about content-types, file extensions, and script interpreters. If your registry does not contain the information about content-types, try to fill the basic minimum of |
|Q?||I compiled a CGI script written in C as a DOS-application. Why does TinyWeb not execute it?|
|A:||DOS-based CGI scripts are not supported. Try to compile the script for Win32.|
|Q?||Does TinyWEB support SSI (Server-Side Includes)?|
|A:||No. There are good docs on NCSA SSI and Apache SSI, explaining SSI concepts, though.|
|Q?||I just made my homepage and launched TinyWeb. What should I enter in my browser's location field to access my site locally?|
|Q?||I was able to view it as "http://localhost/", but I couldn't figure out how to make an internet host address (ex: http://www.ritlabs.com). Can you help?|
|A:||Please contact your Internet Service Provider or Network Administrator.|
|Q?||What is the difference between TinyWeb and TinySSL?|
|A:||There is no difference except TinyWeb uses generic TCP connection while TinySSL adds a Secure Socket Layer to a TCP connection. Thus TinyWeb is an http daemon while TinySSL is an https daemon.|
|Q?||What editor did you use to create this HTML page?|
|A:||I've used FAR © 1996-99 Eugene Roshal.|
|Q?||Is it possible to run both HTTP and HTTPS servers on the same machine (or several concurrently running servers for diffferent addresses/ports on the same machine)?|
|A:||Yes, but if you start them in a same directory they will have the same set of log files and will cease to work. Run them from different directories, i.e. each server from it's own directory.|
|Q?||I believe what I am missing is in the area of |
|A:||The NT command-line shell uses the |
WaitForInputIdle()call to prevent from running GUI applications as CGI.
TCollector.Collectroutine, it's now 100 times (or even more) faster.
TinyWeb ver 1.8 (71K)
TinySSL ver 1.8 (449K)
Copyright © 1997-2000 RITLABS S.R.L. All rights reserved.