this post was submitted on 05 Mar 2024
51 points (91.8% liked)

Selfhosted

40183 readers
1058 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 1 year ago
MODERATORS
 

I'm currently researching the best method for running a static website from Docker.

The site consists of one single HTML file, a bunch of CSS files, and a few JS files. On server-side nothing needs to be preprocessed. The website uses JS to request some JSON files, though. Handling of the files is doing via client-side JS, the server only need to - serve the files.

The website is intended to be used as selfhosted web application and is quite niche so there won't be much load and not many concurrent users.

I boiled it down to the following options:

  1. BusyBox in a selfmade Docker container, manually running httpd or The smallest Docker image ...
  2. php:latest (ignoring the fact, that the built-in webserver is meant for development and not for production)
  3. Nginx serving the files (but this)

For all of the variants I found information online. From the options I found I actually prefer the BusyBox route because it seems the cleanest with the least amount of overhead (I just need to serve the files, the rest is done on the client).

Do you have any other ideas? How do you host static content?

top 50 comments
sorted by: hot top controversial new old
[–] [email protected] 1 points 6 months ago (1 children)

I've read that you're trying for minimal resource overhead.

Is lighttpd still a thing? Back in the day I used it to deliver very simple static Http pages with minimal resource usage.

I found a docker image with like 4 mb size but being two years old I don't know how well maintained lighttpd is these days.

[–] [email protected] 1 points 6 months ago

The old age of the Docker image is a bit of a red flag to me.

I settled with SWS since the Docker image and a locally installable version are actively maintained by the creator. It just serves static files and optionally directory listing as JSON (which comes in quite handy).

[–] [email protected] 3 points 8 months ago (1 children)

I just use nginx alpine, if freenginx proves to be the better option later it should be fairly trivial to switch the base image.

[–] [email protected] 2 points 8 months ago

Yes, Freenginx should/would/will be a drop-in replacement, at least int he beginning. We'll see how this works out over time. Forks purely out of frustration never lived long enough to gain a user base and attract devs. But it's an "anti corporate bullshit" fork and this alone puts it on my watchlist.

[–] [email protected] 3 points 8 months ago

Err, FROM webserver + COPY /path/to/content /path/to/server/directory? You don't event expect users, what's there to discuss?

[–] [email protected] 4 points 8 months ago

I’ve always used an nginx alpine image and have been very happy with it.

Not sure how this fork business is turning out and I have also heard conflicting opinions on wether to care or not…

If you do wish for something simple that is not nginx I’m also very happy with caddy, which can also handle ssl certificates for you, if you plan to make it publicly reachable.

[–] [email protected] 5 points 8 months ago* (last edited 8 months ago) (1 children)

The busybox one seems great as it comes with shells. php looks like it would add some issues.

Personally since I use go, I would create a go embedded app, which I would make a deb, rpm, and a dockerfile using "goreleaser"

package main

import (
	"embed"
	"net/http"
)

//go:embed static/*
var content embed.FS

func main() {
	http.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) {
		// Serve index.html as the default page
		http.ServeContent(w, r, "index.html", nil, content)
	})

	// Serve static files
	http.Handle("/static/", http.StripPrefix("/static/", http.FileServer(http.FS(content))))

	// Start the server
	http.ListenAndServe(":8080", nil)
}

Would be all the code but allows for expansion later. However the image goreleaser builds doesn't come with busybox on it so you can't docker exec into it. https://goreleaser.com/customization/docker/

Most of the other options including the PHP one seem to include a scripting language or a bunch of other system tools etc. I think that's overkill

[–] [email protected] 2 points 8 months ago

I would consider the lack of a shell a benefit in this scenario. You really don't want the extra attack surface and tooling.

Considering you also manage the host, if you want to see what's going on inside the container (which for such a simple image can be done once while building it the first time more likely), you can use unshare to spawn a bash process in the container namespaces (e.g., unshare -m -p [...] -t PID bash, or something like this - I am going by memory).

[–] [email protected] 4 points 8 months ago (1 children)

If your looking for a small size you could build a custom image with buildroot and lighttpd. It is way, way overkill but it would be the smallest.

For something easier use the latest image of your web server of choice and then pass though a directory with the files. From there you can automate patching with watch tower.

[–] [email protected] 3 points 8 months ago* (last edited 8 months ago)

First thing you mention is such a fun and useful exercise. But as you point out, way overkill. Might even be dangerous to expose it. I got mine to 20kb on top of busybox.

There is something that tickles the right spots when a complete container image significantly smaller than the average js payload in "modern" websites.

[–] [email protected] 7 points 8 months ago (2 children)

I see from your other comments that you're already running nginx in other containers. The simplest solution would be to make use of one of them. Zero overhead since you're not adding any new container. 🙂

You mentioned you're using NPM, well NPM already has a built-in nginx host that you can reach by making a proxy host pointed at http://127.0.0.1:80 and adding the following to the "Advanced" tab:

location / {
  root /data/nginx/local_static;
  index index.html;
}

Replace the root location with whatever dir you want, use a volume option on the NPM container to map the dir to the host, put your files in there and that's it.

[–] [email protected] 2 points 8 months ago

Clarity:

NPM (Nginx Proxy Manager) != npm (node package manager).

[–] [email protected] 1 points 8 months ago (1 children)

Wait, really? I use NPM and also have two sites running via a separate nginx container -- i feel so dumb now LMAO

[–] [email protected] 3 points 8 months ago* (last edited 8 months ago)

Yeah it's not exactly an obvious feature. I don't even remember how I stumbled onto it, I think I was looking at the /data dirs and noticed the default one.

I haven't tried using it for more than one site but I think that if you add multiple domain names to the same proxy host they go to the same server instance and you might be able to tweak the "Advanced" config to serve all of them as virtual hosts.

It's not necessarily a bad thing to have a separate nginx host. For example I have a PHP app that has its own nginx container because I want to keep all the containers for it in one place and not mix it up with NPM.

[–] [email protected] 20 points 8 months ago

The answer is get a minimum linux image, add nginx or apache, and put your content on the relevant place. (Basically, your third option.)

Do not bother about the future of nginx. Changing the web server on that image is the easiest thing in the world.

[–] [email protected] 14 points 8 months ago (1 children)

I personally package the files in a scratch or distroless image and use https://github.com/static-web-server/static-web-server, which is a rust server, quite tiny. This is very similar to nginx or httpd, but the static nature of the binary removes clutter, reduces attack surface (because you can use smaller images) and reduces the size of the image.

[–] [email protected] 3 points 8 months ago

Thanks, this looks actually pretty great. From the description it's basically BusyBox httpd but with Nginx stability and production-readiness and functionality. It also seems to be actively developed.

[–] [email protected] 0 points 8 months ago* (last edited 6 months ago) (1 children)

Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I've seen in this thread:

Fewer Letters More Letters
Git Popular version control system, primarily for code
HTTP Hypertext Transfer Protocol, the Web
SSL Secure Sockets Layer, for transparent encryption
nginx Popular HTTP server

4 acronyms in this thread; the most compressed thread commented on today has 14 acronyms.

[Thread #575 for this sub, first seen 5th Mar 2024, 14:15] [FAQ] [Full list] [Contact] [Source code]

[–] [email protected] 2 points 8 months ago

Ngl calling nginx a contraction of "popular https server" is kinda wild

[–] [email protected] 3 points 8 months ago (3 children)

Forget about docker. Run caddy or some similar webserver that is a single file next to the assets to serve.

[–] [email protected] 2 points 8 months ago (1 children)

Why? It seems like docker is way more flexible and maintainable.

[–] [email protected] 1 points 8 months ago (1 children)

Because serving static files doesn't really require any flexibility in web serving code.

If your setup has an nginx or similar as a reverse proxy entry point, you can just tell it to serve the directory. Why bother making an entire new chroot and proxy hop when you have absolutely zero requirements beyond what the reverse proxy already provides. Now if you don't have that entry point, fine, but at least 99% of the time I see some web server as initial arbiter into services that would have all the capability to just serve the files.

[–] [email protected] 1 points 8 months ago (2 children)
[–] [email protected] 3 points 8 months ago

My brother in Christ, serving a file through HTTP is exactly what Tim Berners-Lee invented in 1989.

[–] [email protected] 2 points 8 months ago

For 90% of static site requirements, it scales fine. That entry point reverse proxy is faster at fetching content to serve via filesystem calls than it is at making an http call to another http service. For self hosting types of applications, that percentage guess to go 99.9%

If you are in a situation where serving the files through your reverse proxy directly does not scale, throwing more containers behind that proxy won't help in the static content scenario. You'll need to do something like a CDN, and those like to consume straight directory trees, not containers.

For dynamic backend, maybe. Mainly because you might screw up and your backend code needs to be isolated to mitigate security oopsies. Often it also is useful to manage dependencies, but that facet is less useful for golang where the resulting binary is pretty well self contained except maybe a little light usage of libc.

[–] [email protected] 4 points 8 months ago (2 children)

Containers are a perfectly suitable use-case for serving static sites. You get isolation and versioning at the absolutely negligible cost of duplicating a binary (the webserver - which in case of the one I linked in my comment, it's 5MB of space). Also, you get autostart of the server if you use compose, which is equivalent to what you would do with a Systemd unit, I suppose.

You can then use a reverse-proxy to simply route to the different containers.

[–] [email protected] 1 points 8 months ago* (last edited 8 months ago) (1 children)

Serving static app in Caddy:

sudo apt install caddy
sudo systemctl enable --now caddy

Then in /etc/caddy/Caddyfile:

example.com {
   root * /var/www/html
   file_server
}

That's all, really.

[–] [email protected] 1 points 8 months ago

If there is already another reverse proxy, doing this IMHO is worse than just running a container and adding one more rule in the proxy (if needed, with traefik it's not for example). I also build all my servers with IaC and a repeatable setup, so installing stuff manually breaks the model (I want to be able to migrate server with minimal manual action, as I had to do it already twice...).

The job is simple either way, I would say it mostly depends on which ecosystem someone is buying into and what secondary requirements one has.

[–] [email protected] 2 points 8 months ago (1 children)

But it you already have an nginx or other web server otherwise required to start up (which is in all likelihood the case), you don't need any more auto startup, the "reverse proxy" already started can just serve it. I would say that container orchestration versioning can be helpful in some scenarios, but a simple git repository for a static website is way more useful since it's got the right tooling to annotate changes very specifically on demand.

That reverse proxy is ultimately also a static file server. There's really no value in spinning up more web servers for a strictly static site.

Folks have gone overboard assuming docker or similar should wrap every little thing. It sometimes adds complexity without making anything simpler. It can simplify some scenarios, but adding a static site to a webserver is not a scenario that enjoys any benefit.

[–] [email protected] 1 points 8 months ago

It really depends, if your setup is docker based (as OP's seems to be), adding something outside is not a good solution. I am talking for example about traefik or caddy with docker plugin.

By versioning I meant that when you do a push to master, you can have a release which produces a new image. This makes it IMHO simpler than having just git and local files.

I really don't see the complexity added, I do gain isolation (sure, static sites have tiny attack surfaces), easy portability (if I want to move machine it's one command), neat organization (no local fs paths to manage essentially), and the overhead is a 3 lines Dockerfile and a couple of MB needed to duplicate a webserver binary. Of course it is a matter of preference, but I don't see the cons honestly.

[–] [email protected] 1 points 8 months ago

I already have a fully set up docker environment that serves all sorts of things (including some containers that serve special static content using Nginx).

[–] [email protected] 10 points 8 months ago (2 children)

caddy can serve the files and deal with SSL certificates in case you put this in a public domain.

[–] [email protected] 1 points 8 months ago (1 children)

My setup already has Nginx Proxy Manager to handle SSL. This is specifically about serving files from within a docker container with as little overhead as possible.

[–] [email protected] 1 points 8 months ago (1 children)

Caddy and Nginx can host those files directly, no need to do a proxy to a container would be running another Nginx anyway.

[–] [email protected] 1 points 8 months ago

I do more than that with my setup. This static site would be one of various different things.

[–] [email protected] 4 points 8 months ago

Caddy is the way to go.

[–] [email protected] 4 points 8 months ago* (last edited 8 months ago)

The simplest way is certainly to use a hosted service like GitHub Pages. These make it so easy to create static websites.

If you’re not flexible on that detail, then I next recommend Go actually. You could write a tiny web server and embed the static files into the app at build time. In the end, you’d have a single binary that acts as a web server and has your content. Super easy to dockerize.

Things like authentication will complicate the app over time. If you need extra features like this, then I recommend using common tools like nginx as suggested by others.

load more comments
view more: next ›