LinuxCommandLibrary

http-server

Serve files over HTTP (simple webserver)

TLDR

Start an HTTP server listening on the default port to serve the current directory

$ http-server
copy

Start an HTTP server on a specific port to serve a specific directory
$ http-server [path/to/directory] [[-p|--port]] [port]
copy

Start an HTTP server using basic authentication
$ http-server --username [username] --password [password]
copy

Start an HTTP server with directory listings disabled
$ http-server -d [false]
copy

Start an HTTPS server on the default port using the specified certificate
$ http-server [[-S|--ssl]] [[-C|--cert]] [path/to/cert.pem] [[-K|--key]] [path/to/key.pem]
copy

Start an HTTP server and include the client's IP address in the output logging
$ http-server --log-ip
copy

Start an HTTP server with CORS enabled by including the Access-Control-Allow-Origin: * header in all responses
$ http-server --cors
copy

Start an HTTP server with logging disabled
$ http-server [[-s|--silent]]
copy

SYNOPSIS

http-server [path] [options]

PARAMETERS

path
    The directory to serve (defaults to the current directory). If not present it will take current directory.

-p , --port=
    Port to use (defaults to 8080).

-a

, --address=

    Address to use (defaults to 0.0.0.0).

-i, --index
    Display specific index file (defaults to 'index.html' or 'index.htm').

-g, --gzip
    Enable gzip compression (default: false).

-b, --brotli
    Enable brotli compression (default: false).

-c , --cache=
    Set cache time (in seconds) for cache-control max-age header, e.g. -c10 for 10 seconds (defaults to '3600'). To disable, set -c-1.

-s, --silent
    Suppress log messages from output.

-o, --open
    Open browser window after starting the server.

-e, --ext
    Default extension if no extension provided (default: 'html')

-U, --utc
    Use UTC time format in log messages.

-P, --proxy
    Proxy unresolved requests to the given URL.

-S, --ssl
    Enable https (default: false). If true, you must provide a key and cert using -C/--cert and -K/--key.

-C, --cert
    Path to ssl cert file (default: 'cert.pem').

-K, --key
    Path to ssl key file (default: 'key.pem').

-d, --cors
    Enable CORS with default origin *.

--cors-origin
    Set CORS origin, defaults to * if --cors is used.

--cors-headers
    Set CORS headers, defaults to "origin,x-requested-with,content-type,accept,range" if --cors is used.

-u, --username
    Username for basic authentication.

-r, --robots
    Provide a /robots.txt (whose content is 'User-agent: * Disallow: /')

--no-dotfiles
    Do not show dotfiles.

--config
    Path to config file (default: '.http-server.json')

-h, --help
    Show help message and exit.

-v, --version
    Print the version number and exit.

DESCRIPTION

The http-server command is a lightweight, production-ready HTTP server that serves static files from the current directory. It is designed for quick prototyping, testing, and sharing web content without requiring complex configurations.

Unlike more robust web servers like Apache or Nginx, http-server offers minimal functionality beyond serving files. It typically runs on port 8080 by default, but this can be changed with a command-line parameter. It includes features like directory listing if no index file is present and support for serving files with appropriate MIME types.

http-server simplifies serving static content, making it ideal for development and demonstration purposes. If you are dealing with dynamic content or have more advanced requirements, you will need to use a more powerful web server.

CAVEATS

http-server is not intended for high-traffic or production environments requiring advanced features. It lacks robust security features and performance optimizations found in more complex web servers. It primarily serves static files, and does not handle server-side scripting or database connections.

INSTALLATION

http-server is typically installed via npm (Node Package Manager):
npm install -g http-server

This makes the command available globally on your system.

SECURITY CONSIDERATIONS

When using https, http-server generates a self-signed certificate if one is not provided. These self-signed certificates are not trusted by browsers and will display a warning. For production, ensure a trusted certificate is used.

SEE ALSO

python3 -m http.server(1), apache2(8), nginx(8)

Copied to clipboard