Hi,
I had build meracat on current arch linux and it seems to be working well. But when I try to upload file with ssl enabled I receive only random mess of data with no boundary. To me it looks like it did not get deciphered or it is compressed. If i disable ssl everything works fine.

I tried to dig into source code, but I am unable to find where it gets messed up. Could you please point me to right direction where to look or help me to solve this problem.

Thanks for your time.
Vojta

There must be possible to skip doc installation.
I'm trying to build rpm for Fedora Linux. It packs documentation and licenses with its own commands:

%files
%license LICENSE
%doc README.md ChangeLog.md

So I have to delete installed /usr/share/doc/merecat/LICENSE during packaging because
Extra file[s] installed but not packed: /usr/share/doc/merecat/LICENSE
Other 2 doc files are installing into the same folder as rpmbuild uses, but it its coincidence and unreliably.

Is the ‘#’ of all configuration options in merecat.conf not a comment, but is it enabled by default?

./configure: line 5849: syntax error near unexpected token confuse,' ./configure: line 5849: PKG_CHECK_MODULES(confuse, libconfuse >= 2.7)'

Can the program be cross-compiled with arm and related configuration methods and procedures?

I am having a hard time to get a log file of users of the web service, am I just not finding the documentation?

How to make it support python cgi

This is my configuration, I installed php and php-cgi, but I couldn't enable php, it doesn't run the example script phpinfo.php, it just shows plain text of php code:

directory = /var/www
data-directory = /htdocs/php_test
charset = "UTF-8"
chroot = true
compression-level = -1
global-passwd = false
hostname = 127.0.0.1
list-dotfiles = false

#virtual-host = true

#sudo pacman -S php php-cgi

php "**.php" {
        enabled = true
        cgi-path = "/usr/bin/php-cgi"
}


server php_test_server {
        port = 80
}

Excellent program thank you - just installed in Bookworm via apt (lazy). I put index.html in /var/www and type merecat.

It mostly works with occasional 500 errros - I think the issue is that when I look, there are 2 running merecat processes
nobody 1088 1 0 18:35 ? 00:00:00 /usr/sbin/merecat -sn /var/www
nobody 1090 1 0 18:35 ? 00:00:00 merecat

If I kill process 1090 then everything works reliably with no more 500's. I've looked at the man page but don't see any switch which tells me what I'm doing wrong (I know it's me...)

Thanks

civetweb added mbedtls support, can merecat do the same? Thanks.

Hi,

After creating a tarball from a fresh git checkout with 'make distcheck', unpacking that tarball and running "make check", the
tests fail with

fatal: making test-suite.log: failed to create php.trs
fatal: making test-suite.log: failed to create php.log
make[4]: *** [Makefile:487: test-suite.log] Error 1

This is likely due to tests/php.sh not being included in the tarball. I believe this could be fixed by adding
php.sh to EXTRA_DIST in tests/Makefile.am.

Thanks!

Bye, Joost

merecat.conf:

charset = "UTF-8"
chroot = false
directory = "www"
#data-directory = "db"
global-passwd = false
port = 8080

cgi "list-todos.cgi|list-todos-as-json.cgi" {
	enabled = true
}

Then I tried this:

$ # first terminal
$ merecat -n -f ./merecat.conf 
merecat[147080]: Merecat httpd 2.32-rc4 starting on port: 8080, vhost: OFF, ssl: OFF, php: OFF, ssi: OFF

$ # second terminal
$ curl -I localhost:8080/list-todos.cgi
HTTP/1.1 403 Forbidden
Date: Wed, 03 Jan 2024 09:55:17 GMT
Server: merecat/2.32-rc4
Last-Modified: Wed, 03 Jan 2024 09:55:17 GMT
Accept-Ranges: bytes
Content-Type: text/html; charset=UTF-8
Cache-Control: no-cache,no-store
Cache-Control: no-cache,no-stored
Connection: close

OBTW

$ merecat -h
Usage: merecat [OPTIONS] [WEBROOT]

  -f FILE    Configuration file, default: /etc/merecat.conf
  -h         This help text
  -I IDENT   Identity for syslog, .conf, and PID file, default: merecat
  -l LEVEL   Set log level: none, err, warning, notice*, info, debug
  -n         Run in foreground, do not detach from controlling terminal
  -p PORT    Port to listen to, default 80, or 443 if HTTPS is enabled
  -P PIDFN   Path to PID file, default: /usr/share/merecat-git/run/merecat.pid
  -s         Log to syslog, even though running in foreground, -n
  -t FILE    Throttle file
  -V         Show Merecat httpd version

*) Default log level

Bug report address: https://github.com/troglobit/merecat/issues

Did you intentionally dropped the feature?

See #17 for a background.

Mercat returns error 403 for a valid URL, for example:

http://localhost?page=home

the POST method works fine and also the GET method without the symbol "?", for example:

http://localhost/index.php

Hi,

I'm trying to run Merecat on a Raspberry Pi nano to host a hugo site.
Following you instructions on Github, I compiled Merecat and installed it into /usr/sbin. Then after setting up merecat.conf to use HTTPS and HTTP. I ran Merecat using systemctl.

The only problem that I am finding with Merecat is that it is taking up 100% CPU on the Raspberry Pi nano. Is there any compile options that could be used to optimize Merecat for Raspberry PI?

Thanks in advance for any help that you can provide.

When you use Merecat as a background program and send an http request with the post method from the client, Merecat responds with an empty request, in the foreground this does not happen and works fine, only if Merecat is running in the background.

Hi Everybody,

Managed to build merecat on Ubuntu 16.04, it builds and runs but it wont process php script files since it

have impossible to set path for php-cgi interpreter directory.
I have put the php-cgi executable binary in cgi-bin directory

I will like to use it along with PHP and other CGI executable/interpreters. Many thanks!

Please help: pointers, directions, examples on how I might achieve this.

Hear from you soon!

God blesses!!!

Best regards,
Sanyaade

Hi,

I just tried to build merecat Merecat httpd 2.32-rc4 as it sits in git today, on a Debian oldstable 10/buster system.
I don't have php-cgi installed. I tried to build a Debian package from it: I invoked 'debuild' from the merecat
git checkout. It failed with:

make[3]: Entering directory '/home/joostvb/git-ro/merecat/tests'
/usr/bin/make  check-TESTS
make[4]: Entering directory '/home/joostvb/git-ro/merecat/tests'
make[5]: Entering directory '/home/joostvb/git-ro/merecat/tests'
PASS: start.sh
PASS: cgi.sh
FAIL: php.sh
PASS: gzip.sh
PASS: redirect.sh
PASS: location.sh
PASS: stop.sh
============================================================================
Testsuite summary for Merecat httpd 2.32-rc4
============================================================================
# TOTAL: 7
# PASS:  6
# SKIP:  0
# XFAIL: 0
# FAIL:  1
# XPASS: 0
# ERROR: 0
============================================================================
See tests/test-suite.log
Please report to https://github.com/troglobit/merecat/issues
============================================================================
make[5]: *** [Makefile:486: test-suite.log] Error 1

.

test-suite.log has:

FAIL: php
=========

+ echo <?php echo 'Hello ' . htmlspecialchars($_GET["name"]) . '!'; ?>
+ ls srv
cgi-bin
img
index.html
index.html.gz
main.css
main.css.gz
test.php
+ cat srv/test.php
<?php echo 'Hello ' . htmlspecialchars($_GET["name"]) . '!'; ?>
+ + curl http://localhost:8086/test.php?name=foobar
grep Hello foobar
FAIL php.sh (exit status: 1)

It would be nice if in debian/control, the line

Build-Depends: debhelper (>= 10), systemd, pkg-config, libconfuse-dev, libssl-dev, zlib1g-dev

could be replaced with

Build-Depends: debhelper (>= 10), systemd, pkg-config, libconfuse-dev, libssl-dev, zlib1g-dev, php7.4-cgi | php-cgi

(I didn't test that, btw). Furthermore, it'd be nice if ./configure honoured a --disable-php flag.

Thanks for maintaining merecat!

Bye,

Joost

The current master requires OpenSSL version 1.1.0, but TLS1_3_VERSION and SSL_CTX_set_ciphersuites seem to be available up from version 1.1.1.

I open a new thread, phpmyadmin in mercat ?, not really, but if someone has been able to make "phpminiadmin" work in merecat I would appreciate it http://phpminiadmin.sourceforge.net/ , it's a simple script in php

Hi,

I recently discovered the merecat is sending an HTTP response in the following format:

HTTP/1.0 200 OK\r\n
Content-type: text/html\n
\n

The status line is correctly ended with '\r\n', but the content-type header and the newline separating headers and body is '\n'. The Unix line endings are produced by my CGI script. I can fix this on the CGI script side, but accord to CGI RFC it seems that CGI servers are supposed to do the translation from native line ends to '\r\n'.

I think that it can be implemented in libhttp.c when interposing cgi_output after the test that headers aren't empty. Would you be willing to add this change? If necessary I can implement it and send PR.

I am trying to get cgit to be served by merecat and have come up against this bug. I do not fully understand CGI and PATH_INFO but I did track down an old patch for thttpd which seems relevant. However, I cannot figure out if this patch has been applied as it cannot be applied in its current form.

I'd be happy to provide any other information to help debug this.

Again disturbed，
Its configure does not support the use of CC variables to specify the cross toolchain；
The following error occurred with the --host=arm-linux CC=arm-linux-ggc command：

checking for arm-linux-pkg-config... no
checking for pkg-config... /usr/bin/pkg-config
checking pkg-config is at least version 0.9.0... yes
checking for arm-linux-gcc... arm-linux-gcc
checking whether the C compiler works... no
configure: error: in /home/book/merecat-master': configure: error: C compiler cannot create executables See config.log' for more details

Hi there!

Building from the current master (as of this note's timestamp)
Linux xxx.net 4.19.0-14-amd64 #1 SMP Debian 4.19.171-2 (2021-01-30) x86_64 GNU/Linux

The build worked fine, new package was created and installed.

merecat -V
2.32-rc4

Seems to operate well enough from a browser's view with a minimal port-80 initial test install, except for the traffic logging only seems to show errors like 304 and 404 best I can tell, even when started with

merecat -n -f /etc/merecat.conf -l debug

(all messages to stdout, right?)

with /etc/merecat.conf containing only:

username = www-data
directory = /var/www

Your default merecat webpage content is in /var/www and displays correctly, but the only logging I can see is the process start-up info, the http 404s and the 304s - no 200s.

Further (another bug report?) the man page indicates CLI -r and -d options, neither of which works or appears in the merecat -h usage message, as well as some of the other merecat(8) listed options (still on the todo list?)

Lastly, why is it that the newly built deb package that builds from my updated/cloned repo indicates install files with modify dates of "July 7, 2020" on all of the installed files? The 'dpkg-deb --contents' of the new deb file shows the same. Odd that, even after a "make distclean", ./autoconf.sh, ./configure, make package sequence, the resulting installed files in /usr/sbin/merecat are dated July 7, 2020. Is there a forced date in the package build rules (I'm not too savvy about pkg building)?

But thanks for keeping this little gem alive (I've been using thttpd for years now, but it's time for me to upgrade..., and your updates tie it all up very nicely - ssl, etc.)

I hope this info helps, and I can test further if it will help.

cheers,
mindsong

I am attempting to get merecat server git-http-backend over CGI. I need to set an environment variable, GIT_PROJECT_ROOT. I attempted setting up an override:

$ cat /lib/systemd/system/merecat.service.d/10-git.conf
[Service]
EnvironmentFile=/var/www/git.alephnull.site/env
$ cat /var/www/git.alephnull.site/env
GIT_PROJECT_ROOT=/srv/repos
GIT_HTTP_EXPORT_ALL=1

This seems to have set the environment vars correctly:

$  sudo cat /proc/$(pgrep merecat)/environ | tr '\0' '\n'
LANG=en_IN
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
INVOCATION_ID=12fd140812c6464aa486e89c7b5cf93e
JOURNAL_STREAM=9:1042993
GIT_PROJECT_ROOT=/srv/repos
GIT_HTTP_EXPORT_ALL=1

However, going to http://git.alephnull.site/cgi-bin/printenv does not show me those variables.

If the requested URL resolves to a FIFO then merecat opens and reads it like a regular file, which leads to a hang (blocking read on the FIFO). Note that this prevents any further connections from being handled. See here for reference.

Hi,

thank you for this great piece of software. I need to add the Access-Control-Allow-Origin header to the response headers and i just can't figure out how to do it.

Could you please help me ?

Thank you very much

configure: error: Package requirements (libconfuse >= 2.7) were not met:

No package 'libconfuse' found

Consider adjusting the PKG_CONFIG_PATH environment variable if you
installed software in a non-standard prefix.

Alternatively, you may set the environment variables confuse_CFLAGS
and confuse_LIBS to avoid the need to call pkg-config.
See the pkg-config man page for more details.

---- my system is ubuntu 18.04

dpkg -l |grep confuse
ii libconfuse-common 3.2.1+dfsg-4ubuntu0.1 all Common files for libConfuse
ii libconfuse-dev:amd64 3.2.1+dfsg-4ubuntu0.1 amd64 Development files for libConfuse
ii libconfuse-doc 3.2.1+dfsg-4ubuntu0.1 all Documentation for libConfuse
ii libconfuse2:amd64 3.2.1+dfsg-4ubuntu0.1 amd64 Library for parsing configuration files

Hi !

I've been using merecat for a community managed server that serves multiple vhosts : http://bebou.netlib.re
Easy to setup, everything works great except we've been having some strange performance issues. I'm having a lot of trouble understanding what's happening.

The symptoms and what I know :

• A few KB of data take more than one second to download. For example http://arthur.bebou.netlib.re might take 1.5 seconds to load even though it is a fairly lightweight page.
• When someones streams audio from http://doublezip.bebou.netlib.re/ htop shows merecat using 100% of one of the servers CPU.
• On http://doublezip.bebou.netlib.re the video dj.webm, by far the largest element in the page, loads almost instantly but the far smaller html document loads in more than one second.
• While audio is streamed it is almost impossible to access other resources.
• RAM usage is fine
• When tested with busybox's httpd everything works fine, pages load instantly and streaming audio uses a minuscule amount of CPU. But I want vhosts :(
• pretty much nothing else is happening on the server other than from serving web pages
• running merecat not chrooted and serving a single host doesn't change anything

My setup :

• raspberry 3b running up-to date raspberry os
• merecat installed via debian packages
• great internet connection, can't be the problem
• client side tests done in up-to date firefox and chromium packaged by debian
• merecat launched with systemctl start merecat.service, everything looks right in journalctl

I'm having trouble understanding what's happening and I'm not sure how to effectively troubleshoot on the server. It feels like merecat or something on the server imposes an arbitrary ~1.2 seconds delay to a bunch of resources. I may very well be missing something obvious.

Thank you for your time, have a nice day :)

My merecat config :

## /etc/merecat.conf                                     -*-conf-unix-*-
## This is a sample configuration file for Merecat httpd
## For more help and more settings, see merecat.conf(5).
##

## what interface to bind to?
## (default is binding to any interface)
#hostname=www.example.org

## Port to listen to, overrides command line argument
## Defaults to 80, or 443 when enabling HTTPS
port = 80

## Unpriviliged user to run as, usually nobody or www-data
#username = nobody

## Global .htpasswd (true) or local per-directory (false)
#global-passwd = false

## Chrooting is a security measure which means isolating the webserver's
## access to files only available from a the given directory.  To access
## files outside the chroot the administrator can either copy or bind
## mount files and directories into the chroot.
chroot = true

## Only useful if not chrooting
#check-symlinks = false

## Alt. charset=iso-8859-1
charset = UTF-8

## Deflate (gzip) compression level: -1 .. 9
## -1: Default (zlib's reasonable default, currently 6)
##  0: Disabled
##  1: Best speed
##  9: Best compression
#compression-level = -1

## Webserver document root, or chroot
directory = /var/www

## When chrooting, alt. document root inside chroot
## => /var/www/htdocs
# data-directory = htdocs

## Skip dotfiles in dirlistings
#list-dotfiles = false

## Virtual hosting
## /var/www/cgi-bin/          <-- Shared CGI
## /var/www/meso.bebou.netlib.re
virtual-host = true

## Control the caching, in seconds, by setting the following header for
## all transactions.  Depends heavily on the content you provide, and
## this global setting is disabled by default.  It is recommended to
## instead set it per server location, e.g. for all image files.
##
##    Cache-Control: max-age=SEC
##
## Min max-age value 0 (browser caching disabled)
## Max max-age value 31536000 (1 year)
##
max-age = 3600

## Some bots behave really badly and may overload your server.  Often
## they cannot be blocked based on IP address, so the only means we are
## left with is User-Agent blocking.  Use patterns like this:
#user-agent-deny = "**SemrushBot**|**MJ12bot**|**DotBot**|**PetalBot**"

## Enable HTTPS support.  The certificate (public) and key (private) are
## required when enabling HTTPS support.  The (min) protocol and cipher
## settings are optional and have sane built-in defaults, e.g. 'protocol'
## defaults to TLSv1.1.  See ciphers(1) man page for possible values.
##
## Note: You may want to enable this on a per-server basis instead.
#ssl {
#    protocol = "TLSv1.1"
#    ciphers  = "..."
#    certfile = certs/cert.pem
#    keyfile  = private/key.pem
#    dhfile   = certs/dhparam.pem
#}

## The CGI module is a core part of Merecat httpd and is for security
## reasons disabled by default.  Like other modules it uses pattern
## matching to trigger the CGI functionality:
##	?	match a single char
##	*	matches any string excluding "/"
##	**	matches any string including "/"
##	separate multiple patterns with "|"
## Example: "**.sh|**.cgi"
##
## `limit` sets the max number of simultaneous CGI programs allowed.
##
## The below values are the default, so to enable CGI only `enabled`
## need to be set to 'true'.
#cgi "**.cgi|/cgi-bin/*" {
#    enabled = false
#    limit   = 50
#}

## The PHP module is bolted on top of the CGI module, so the same limits
## apply also to PHP scripts.  The below are the built-in defaults.
## Verify the path to the php-cgi binary for your system and expand on
## the pattern if you have, e.g. .php5 files.
#php "**.php*" {
#    enabled  = false
#    cgi-path = "/usr/bin/php-cgi"
#}

## The SSI module, like PHP above, is built on top of the CGI module,
## and it also requires the Merecat SSI CGI script to be installed, the
## defaults are commented out below.  The silent setting controls the
## default <!--#config errmsg="..." --> value.
#ssi "**.shtml" {
#    enabled  = false
#    silent   = false
#    cgi-path = "cgi-bin/ssi"
#}

## Server specific settings, overrides certain global settings
## Notice the HTTP redirect from the default server to HTTPS.
server default {
     port = 80
}

#server secure {
#    port = 443
#    ssl {
#	certfile = letsencrypt/cert.pem
#	keyfile = letsencrypt/privkey.pem
#	dhfile = certs/dhparam.pem
#    }
#}

Despite refactoring to fix this in v2.31, it seems the resulting list is still ... 😞

@troglobit, change the value of var ConditionPathExiststo @WWWDIR@ in the merecat.service.in file. In systemd this condition fails. My report :3

Using master v2.32,
autogen.sh
build.sh
the following problem occurs
CC merecat-base64.o
CC merecat-md5.o
CC merecat-merecat.o
CC merecat-mmc.o
CC merecat-pidfile.o
In file included from merecat.c:52:0:
conf.h: In function ‘conf_srv’:
conf.h:88:16: error: ‘do_ssl’ undeclared (first use in this function)
arr[0].ssl = do_ssl;
^
conf.h:88:16: note: each undeclared identifier is reported only once for each function it appears in
Makefile:563: recipe for target 'merecat-merecat.o' failed
make[2]: *** [merecat-merecat.o] Error 1

Last major feature planned for the next release.

Hi!

I've been using thttpd and switched to merecat for its TLS support. It's been excellent so far, however, it has a completely different logging style, and I can't seem to be able to get thttpd-style logging back, though I would like it because it seems to be more complete, and I have already written a parser around it.

Unfortunately, my knowledge of C is rather limited, and I don't know either codebase well enough.

Therefore, I, and perhaps the author of #25 as well, would love it if it could be added to merecat as well, or possibly some directions as to where one would find the old and new logging code.

Thanks, any help is much appreciated!