Ferron：Rust 语言开发的快速、内存安全的 Web 服务器（类似 nginx、apache）

jetsung

Ferron：Rust 语言开发的快速、内存安全的 Web 服务器（类似 nginx、apache）

Ferron 是一个用 Rust 编写的正在进行的 Web 服务器。它旨在实现内存安全、高效和高度可定制，使其成为寻求基于 Rust 的现代服务器解决方案的开发人员和管理员的绝佳选择。

特性

高性能：基于 Rust 的异步能力打造，速度一流。
内存安全：用 Rust 这种具备内存安全特性的编程语言开发。
扩展性强：模块化架构，方便个性化定制。
安全可靠：着重于稳健的安全措施和安全并发。

组件

Ferron 包含多个组件：

ferron：主网页服务器。
ferron - passwd：一款生成带哈希密码用户条目的工具，生成的条目能拷贝到网页服务器配置文件里。

https://github.com/ferronweb/ferron
https://ferron.sh/

中文文档：https://ferron.ooos.top/

jetsung

配置

官方原始的 `ferron.kdl`

// See https://ferron.sh/docs/configuration-kdl for the configuration reference

// Include all domain-specific configurations.
// Each domain should have its own .kdl file in /etc/ferron.d/
// include "/etc/ferron.d/**/*.kdl"

// Global configuration.
//
// Here you can put configuration that applies to all hosts,
// and even to the web server itself.
globals {
  // Log requests and errors into log files
  log "/var/log/ferron/access.log"
  error_log "/var/log/ferron/error.log"
}

// Host configuration.
//
// Here you can put configuration that applies to a specific host,
// by default a catch-all ":80" host that applies to all hostnames and port 80 (HTTP).
//
// Replace ":80" with your domain name (pointing to your server) to use HTTPS.
// If you don't specify the paths to the TLS certificate and private key manually,
// Ferron will obtain a TLS certificate automatically (via Let's Encrypt by default).
:80 {
  // Serve static files
  root "/var/www/ferron"

  // Reverse proxy to a backend server
  //proxy "http://localhost:3000/"

  // Serve a PHP site with PHP-FPM (you would need to specify the webroot also used for serving static files)
  // Replace "unix:///run/php/php-fpm.sock" with your Unix socket URL
  //fcgi_php "unix:///run/php/php-fpm.sock"

  // If using Unix socket with PHP-FPM,
  // set the listener owner and group in the PHP pool configuration to the web server user (`ferron`, if you used installer for GNU/Linux)
  // For example:
  //   listen.owner = ferron
  //   listen.group = ferron
}

基础的 `ferron.kdl`

// See https://ferron.sh/docs/configuration-kdl for the configuration reference

// Include all domain-specific configurations.
// Each domain should have its own .kdl file in /etc/ferron.d/
include "/etc/ferron.d/**/*.kdl"

// Global configuration.
//
// Here you can put configuration that applies to all hosts,
// and even to the web server itself.
globals {
  // Log requests and errors into log files
  log "/var/log/ferron/access.log"
  error_log "/var/log/ferron/error.log"
}

扩展配置

/etc/ferron # tree
.
├── ferron.kdl
├── http.d
│   ├── http_default.kdl
│   ├── https_default.kdl
└── ssl
    ├── default.crt
    └── default.key

官方入口：/etc/ferron.kdl

include "/etc/ferron/ferron.kdl"

自定义入口：/etc/ferron/ferron.kdl

include "/etc/ferron/http.d/*.kdl"

globals {
  log "/var/log/ferron/access.log"
  error_log "/var/log/ferron/error.log"
}

80 端口和 443 端口示例：/etc/ferron/http.d/example.com.kdl

// Host configuration for example.com
example.com:443 {
  auto_tls
  auto_tls_contact "admin@example.com" // Replace with your email address
  auto_tls_challenge "http-01"
  auto_tls_letsencrypt_production // 生产环境
  // auto_tls_letsencrypt_production #false // 测试环境
  auto_tls_cache "/etc/ferron/ssl/letsencrypt" // Specify cache directory for certificates

  // Reverse proxy to a backend server
  proxy "http://localhost:8989"
}

// HTTP configuration for example.com
example.com:80 {
  // Redirect HTTP to HTTPS
  status 301 location="https://example.com{path_and_query}"
}

/etc/ferron/http.d/example.com.kdl

snippet "auto_tls" {
  auto_tls
  auto_tls_contact "admin@example.com" // Replace with your email address
  auto_tls_challenge "http-01"
  auto_tls_letsencrypt_production // 生产环境
  // auto_tls_letsencrypt_production #false // 测试环境
  auto_tls_cache "/etc/ferron/ssl/letsencrypt" // Specify cache directory for certificates
}

// Host configuration for example.com
example.com:443 {
  // Reverse proxy to a backend server
  proxy "http://localhost:8989"

  use "auto_tls"
}

// HTTP configuration for example.com
example.com:80 {
  // Redirect HTTP to HTTPS
  status 301 location="https://example.com{path_and_query}"
}

通用 80 端口入口（所有未配置的域名均走此）：/etc/ferron/http.d/http_default.kdl

// /etc/ferron/http.d/http_default.kdl
*:80 {
  // This configuration handles all unbound domain accesses on port 80
  // The * wildcard matches all hostnames not explicitly defined elsewhere

  // Document root and index files
  root "/var/www/ferron"
  index "index.html" "index.htm"
}

通用 443 端口入口（所有未配置的域名均走此）：/etc/ferron/http.d/https_default.kdl

// /etc/ferron/http.d/https_default.kdl
*:443 {
  // This configuration handles all unbound domain accesses on port 443
  // The * wildcard matches all hostnames not explicitly defined elsewhere

  // Document root and index files
  root "/var/www/ferron"
  index "index.html" "index.htm"

  // Use self-signed certificates for default HTTPS access
  tls "/etc/ferron/ssl/dummy.crt" "/etc/ferron/ssl/dummy.key"

  // Disable automatic TLS for the catch-all host
  auto_tls #false
}

生成证书

openssl req -x509 -nodes -days 1 -newkey rsa:2048 -keyout ssl/dummy.key -out ssl/dummy.crt -subj "/CN="

jetsung

Debian / Ubuntu 安装

# Install packages required for adding a new repository
sudo apt install curl gnupg2 ca-certificates lsb-release debian-archive-keyring

# Add the public PGP key
curl https://deb.ferron.sh/signing.pgp | gpg --dearmor | sudo tee /usr/share/keyrings/ferron-keyring.gpg >/dev/null

# Add a new Debian package repository
echo "deb [signed-by=/usr/share/keyrings/ferron-keyring.gpg] https://deb.ferron.sh $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/ferron.list

# Fetch the package lists
sudo apt update