{"id":30349670,"url":"https://github.com/alphaone1/sonicweb","last_synced_at":"2025-08-18T20:07:55.110Z","repository":{"id":310522484,"uuid":"809277526","full_name":"AlphaOne1/sonicweb","owner":"AlphaOne1","description":"Lightweight static file webserver","archived":false,"fork":false,"pushed_at":"2025-08-18T16:10:02.000Z","size":465,"stargazers_count":1,"open_issues_count":0,"forks_count":1,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-08-18T17:42:05.371Z","etag":null,"topics":["lightweight","static-site","webapplicationfirewall","webserver"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mpl-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/AlphaOne1.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":"AUTHORS.md","dei":null,"publiccode":null,"codemeta":null,"zenodo":null},"funding":{"github":["AlphaOne1"]}},"created_at":"2024-06-02T08:27:08.000Z","updated_at":"2025-08-18T16:10:03.000Z","dependencies_parsed_at":"2025-08-18T17:42:16.375Z","dependency_job_id":"9508ec88-92c7-404f-9f91-ba0faa1e7c5f","html_url":"https://github.com/AlphaOne1/sonicweb","commit_stats":null,"previous_names":["alphaone1/sonicweb"],"tags_count":9,"template":false,"template_full_name":null,"purl":"pkg:github/AlphaOne1/sonicweb","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/AlphaOne1%2Fsonicweb","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/AlphaOne1%2Fsonicweb/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/AlphaOne1%2Fsonicweb/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/AlphaOne1%2Fsonicweb/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/AlphaOne1","download_url":"https://codeload.github.com/AlphaOne1/sonicweb/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/AlphaOne1%2Fsonicweb/sbom","scorecard":{"id":391279,"data":{"date":"2025-08-18T16:10:24Z","repo":{"name":"github.com/AlphaOne1/sonicweb","commit":"fd92e9332066ffdde26d583639e914527d93c197"},"scorecard":{"version":"v5.2.1","commit":"ab2f6e92482462fe66246d9e32f642855a691dc1"},"score":6.3,"checks":[{"name":"Code-Review","score":0,"reason":"Found 0/7 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#code-review"}},{"name":"Dependency-Update-Tool","score":10,"reason":"update tool detected","details":["Info: detected update tool: Dependabot: .github/dependabot.yml:1"],"documentation":{"short":"Determines if the project uses a dependency update tool.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#dependency-update-tool"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#packaging"}},{"name":"Security-Policy","score":10,"reason":"security policy file detected","details":["Info: security policy file detected: SECURITY.md:1","Info: Found linked content: SECURITY.md:1","Info: Found disclosure, vulnerability, and/or timelines in security policy: SECURITY.md:1","Info: Found text in security policy: SECURITY.md:1"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#security-policy"}},{"name":"Maintained","score":10,"reason":"30 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#maintained"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Info: jobLevel 'packages' permission set to 'read': .github/workflows/codeql.yml:43","Info: jobLevel 'actions' permission set to 'read': .github/workflows/codeql.yml:46","Info: jobLevel 'contents' permission set to 'read': .github/workflows/codeql.yml:47","Info: jobLevel 'actions' permission set to 'read': .github/workflows/security.yml:22","Info: jobLevel 'contents' permission set to 'read': .github/workflows/security.yml:23","Warn: jobLevel 'security-events' permission set to 'write': .github/workflows/security.yml:24","Info: jobLevel 'actions' permission set to 'read': .github/workflows/security.yml:46","Info: jobLevel 'contents' permission set to 'read': .github/workflows/security.yml:47","Warn: jobLevel 'security-events' permission set to 'write': .github/workflows/security.yml:48","Info: jobLevel 'actions' permission set to 'read': .github/workflows/security.yml:81","Info: jobLevel 'contents' permission set to 'read': .github/workflows/security.yml:82","Warn: jobLevel 'security-events' permission set to 'write': .github/workflows/security.yml:83","Info: topLevel permissions set to 'read-all': .github/workflows/codeql.yml:26","Warn: topLevel 'contents' permission set to 'write': .github/workflows/release.yml:12","Info: topLevel permissions set to 'read-all': .github/workflows/scorecard.yml:21","Info: topLevel permissions set to 'read-all': .github/workflows/security.yml:15","Info: topLevel permissions set to 'read-all': .github/workflows/test.yml:15"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#token-permissions"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#dangerous-workflow"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#binary-artifacts"}},{"name":"Pinned-Dependencies","score":8,"reason":"dependency not pinned by hash detected -- score normalized to 8","details":["Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:73: update your workflow using https://app.stepsecurity.io/secureworkflow/AlphaOne1/sonicweb/release.yml/master?enable=pin","Warn: containerImage not pinned by hash: Dockerfile:15","Warn: goCommand not pinned by hash: .github/workflows/release.yml:46","Info: 17 out of 17 GitHub-owned GitHubAction dependencies pinned","Info: 16 out of 17 third-party GitHubAction dependencies pinned","Info: 0 out of 1 containerImage dependencies pinned","Info: 0 out of 1 goCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#pinned-dependencies"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#cii-best-practices"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#vulnerabilities"}},{"name":"SAST","score":7,"reason":"SAST tool detected but not run on all commits","details":["Info: SAST configuration detected: CodeQL","Warn: 6 commits out of 30 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#sast"}},{"name":"Signed-Releases","score":0,"reason":"Project has not signed or included provenance with any releases.","details":["Warn: release artifact v1.5.1 not signed: https://api.github.com/repos/AlphaOne1/sonicweb/releases/240426019","Warn: release artifact v1.5.0 not signed: https://api.github.com/repos/AlphaOne1/sonicweb/releases/223826855","Warn: release artifact v1.4.1 not signed: https://api.github.com/repos/AlphaOne1/sonicweb/releases/217180868","Warn: release artifact v1.4.0 not signed: https://api.github.com/repos/AlphaOne1/sonicweb/releases/210865376","Warn: release artifact v1.3.0 not signed: https://api.github.com/repos/AlphaOne1/sonicweb/releases/207817453","Warn: release artifact v1.5.1 does not have provenance: https://api.github.com/repos/AlphaOne1/sonicweb/releases/240426019","Warn: release artifact v1.5.0 does not have provenance: https://api.github.com/repos/AlphaOne1/sonicweb/releases/223826855","Warn: release artifact v1.4.1 does not have provenance: https://api.github.com/repos/AlphaOne1/sonicweb/releases/217180868","Warn: release artifact v1.4.0 does not have provenance: https://api.github.com/repos/AlphaOne1/sonicweb/releases/210865376","Warn: release artifact v1.3.0 does not have provenance: https://api.github.com/repos/AlphaOne1/sonicweb/releases/207817453"],"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#signed-releases"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: Mozilla Public License 2.0: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#license"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#fuzzing"}},{"name":"Branch-Protection","score":8,"reason":"branch protection is not maximal on development and all release branches","details":["Info: 'allow deletion' disabled on branch 'master'","Info: 'force pushes' disabled on branch 'master'","Warn: 'branch protection settings apply to administrators' is disabled on branch 'master'","Info: 'stale review dismissal' is required to merge on branch 'master'","Info: required approving review count is 2 on branch 'master'","Warn: codeowners review is not required on branch 'master'","Info: 'last push approval' is required to merge on branch 'master'","Info: 'up-to-date branches' is required to merge on branch 'master'","Info: status check found to merge onto on branch 'master'","Info: PRs are required in order to make changes on branch 'master'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#branch-protection"}},{"name":"Contributors","score":0,"reason":"project has 0 contributing companies or organizations -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project has a set of contributors from multiple organizations (e.g., companies).","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#contributors"}},{"name":"CI-Tests","score":9,"reason":"13 out of 14 merged PRs checked by a CI test -- score normalized to 9","details":null,"documentation":{"short":"Determines if the project runs tests before pull requests are merged.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#ci-tests"}}]},"last_synced_at":"2025-08-18T17:52:47.911Z","repository_id":310522484,"created_at":"2025-08-18T17:52:47.912Z","updated_at":"2025-08-18T17:52:47.912Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":271053844,"owners_count":24691198,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-08-18T02:00:08.743Z","response_time":89,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["lightweight","static-site","webapplicationfirewall","webserver"],"created_at":"2025-08-18T20:07:54.279Z","updated_at":"2025-08-18T20:07:55.094Z","avatar_url":"https://github.com/AlphaOne1.png","language":"Go","readme":"\u003c!-- markdownlint-disable MD013 MD033 MD041 --\u003e\n\u003cp align=\"center\"\u003e\n \u003cimg src=\"sonicweb_logo.svg\" width=\"60%\" alt=\"Logo\"\u003e\u003cbr\u003e\n \u003ca href=\"https://github.com/AlphaOne1/sonicweb/actions/workflows/test.yml\"\n rel=\"external noopener noreferrer\"\n target=\"_blank\"\u003e\n \u003cimg src=\"https://github.com/AlphaOne1/sonicweb/actions/workflows/test.yml/badge.svg\"\n alt=\"Test Pipeline Result\"\u003e\n \u003c/a\u003e\n \u003ca href=\"https://github.com/AlphaOne1/sonicweb/actions/workflows/codeql.yml\"\n rel=\"external noopener noreferrer\"\n target=\"_blank\"\u003e\n \u003cimg src=\"https://github.com/AlphaOne1/sonicweb/actions/workflows/codeql.yml/badge.svg\"\n alt=\"CodeQL Pipeline Result\"\u003e\n \u003c/a\u003e\n \u003ca href=\"https://github.com/AlphaOne1/sonicweb/actions/workflows/security.yml\"\n rel=\"external noopener noreferrer\"\n target=\"_blank\"\u003e\n \u003cimg src=\"https://github.com/AlphaOne1/sonicweb/actions/workflows/security.yml/badge.svg\"\n alt=\"Security Pipeline Result\"\u003e\n \u003c/a\u003e\n \u003ca href=\"https://goreportcard.com/report/github.com/AlphaOne1/sonicweb\"\n rel=\"external noopener noreferrer\"\n target=\"_blank\"\u003e\n \u003cimg src=\"https://goreportcard.com/badge/github.com/AlphaOne1/sonicweb\"\n alt=\"Go Report Card\"\u003e\n \u003c/a\u003e\n \u003ca href=\"https://app.codecov.io/gh/AlphaOne1/sonicweb\"\n rel=\"external noopener noreferrer\"\n target=\"_blank\"\u003e\n \u003cimg src=\"https://codecov.io/gh/AlphaOne1/sonicweb/graph/badge.svg\"\n alt=\"Code Coverage\"\u003e\n \u003c/a\u003e\n \u003ca href=\"https://coderabbit.ai\"\n rel=\"external noopener noreferrer\"\n target=\"_blank\"\u003e\n \u003cimg src=\"https://img.shields.io/coderabbit/prs/github/AlphaOne1/sonicweb\"\n alt=\"CodeRabbit Reviews\"\u003e\n \u003c/a\u003e\n \u003c!--\u003ca href=\"https://www.bestpractices.dev/projects/0000\"\n rel=\"external noopener noreferrer\"\n target=\"_blank\"\u003e\n \u003cimg src=\"https://www.bestpractices.dev/projects/0000/badge\"\n alt=\"OpenSSF Best Practices\"\u003e\n \u003c/a\u003e--\u003e\n \u003ca href=\"https://scorecard.dev/viewer/?uri=github.com/AlphaOne1/sonicweb\"\n rel=\"external noopener noreferrer\"\n target=\"_blank\"\u003e\n \u003cimg src=\"https://api.scorecard.dev/projects/github.com/AlphaOne1/sonicweb/badge\"\n alt=\"OpenSSF Scorecard\"\u003e\n \u003c/a\u003e\n \u003ca href=\"https://app.fossa.com/projects/git%2Bgithub.com%2FAlphaOne1%2Fsonicweb?ref=badge_shield\u0026issueType=license\"\n rel=\"external noopener noreferrer\"\n target=\"_blank\"\u003e\n \u003cimg src=\"https://app.fossa.com/api/projects/git%2Bgithub.com%2FAlphaOne1%2Fsonicweb.svg?type=shield\u0026issueType=license\"\n alt=\"FOSSA License Status\"\u003e\n \u003c/a\u003e\n \u003ca href=\"https://app.fossa.com/projects/git%2Bgithub.com%2FAlphaOne1%2Fsonicweb?ref=badge_shield\u0026issueType=security\"\n rel=\"external noopener noreferrer\"\n target=\"_blank\"\u003e\n \u003cimg src=\"https://app.fossa.com/api/projects/git%2Bgithub.com%2FAlphaOne1%2Fsonicweb.svg?type=shield\u0026issueType=security\"\n alt=\"FOSSA Security Status\"\u003e\n \u003c/a\u003e\n\u003c/p\u003e\n\u003c!-- markdownlint-enable MD013 MD033 MD041 --\u003e\n\n*SonicWeb* is a lightweight, easy-to-use web server for static content.\n\n\nFeatures\n--------\n\n* statically linked, suitable for use in scratch containers (~13MB)\n* focused purpose, thus little attack surface\n* usage of OWASP [Coraza](https://github.com/corazawaf/coraza) middleware\n to follow best security practices\n* HTTPS using [Let's Encrypt](https://letsencrypt.org) certificates\n* easy integration in monitoring using [Prometheus](https://prometheus.io) and/or\n [Jaeger Tracing](https://jaegertracing.io)\n* no complications with configuration files\n\n\nGetting Started\n---------------\n\n*SonicWeb* is controlled solely by command line arguments. They are as follows:\n\n| Parameter | Description | Default | Multiple |\n|------------------------------|----------------------------------------------------|-------------------|----------|\n| -root \\\u003cpath\\\u003e | root directory of content | `/www` | |\n| -base \\\u003cpath\\\u003e | base path to publish the content | `/` | |\n| -port \\\u003cport\\\u003e | port to listen on for web requests | `8080` | |\n| -address \\\u003caddress\\\u003e | address to listen on for web requests | all | |\n| -tlscert \\\u003ccertfile\\\u003e | TLS certificate file | n/a | |\n| -tlskey \\\u003ckeyfile\\\u003e | TLS key file | n/a | |\n| -clientca \\\u003ccafile\\\u003e | client certificate authority for mTLS | n/a | \u0026check; |\n| -acmedomain \\\u003cdomain\\\u003e | allowed domain for automatic certificate retrieval | n/a | \u0026check; |\n| -certcache \\\u003cpath\\\u003e | directory for certificate cache | os temp directory | |\n| -acmeendpoint \\\u003curl\\\u003e | endpoint for automatic certificate retrieval | n/a | |\n| -header \\\u003cheader\\\u003e | additional header | n/a | \u0026check; |\n| -headerfile \\\u003cfile\\\u003e | file containing additional headers | n/a | \u0026check; |\n| -tryfile \\\u003cfileexp\\\u003e | always try to load file expression first | n/a | \u0026check; |\n| -wafcfg \\\u003cfile-glob\u003e | configuration for Web Application Firewall | n/a | \u0026check; |\n| -iport \\\u003cport\\\u003e | port to listen on for telemetry requests | `8081` | |\n| -iaddress \\\u003caddress\\\u003e | address to listen on for telemetry requests | all | |\n| -telemetry {true,false} | enable/disable telemetry support | `true` | |\n| -trace-endpoint {address} | endpoint to send trace data to | `\"\"` | |\n| -pprof {true,false} | enable/disable pprof support | `false` | |\n| -log \\\u003clevel\\\u003e | log level (debug, info, warn, error) | `info` | |\n| -logstyle \\\u003cstyle\\\u003e | log style (auto, text, json) | `auto` | |\n| -help | print the argument overview and exit | n/a | |\n| -version | print just version information and exit | n/a | |\n\nExample call, to serve the content of `testroot/` on the standard base path `/`:\n\n```text\n$ ./sonic-linux-amd64 -root testroot/\n |\\\n ||\\\n _________||\\\\\n \\ \\ /|\n \\ ___ \\ / |\n / /.-.\\ _V__| _ _ __ __\n / // \\ / ___/____ ____ (_)___| | / /__ / /_\n/___ // _ | \\__ \\/ __ \\/ __ \\/ / ___/ | /| / / _ \\/ __ \\\n | \\(_)/ ___/ / /_/ / / / / / /__ | |/ |/ / __/ /_/ /\n | , \\_/ /____/\\____/_/ /_/_/\\___/ |__/|__/\\___/_.___/\n | / \\ \\\n |/ \\ _______\\ Version: v1.5.1\n \\ | of: 2025-08-18T15:43:26Z\n \\ | using: go1.25.0\n \\|\ntime=2025-08-18T17:55:41.408257+02:00 level=INFO msg=logging level=info\ntime=2025-08-18T17:55:41.408493+02:00 level=INFO msg=\"using root directory\" root=testroot/\ntime=2025-08-18T17:55:41.408519+02:00 level=INFO msg=\"using base path\" path=/\ntime=2025-08-18T17:55:41.408530+02:00 level=INFO msg=\"tracing disabled\"\ntime=2025-08-18T17:55:41.408538+02:00 level=INFO msg=\"registering handler for FileServer\"\ntime=2025-08-18T17:55:41.412176+02:00 level=INFO msg=\"starting server\" address=:8080 t_init=4.125504ms\ntime=2025-08-18T17:55:41.412315+02:00 level=INFO msg=\"serving pprof disabled\"\ntime=2025-08-18T17:55:41.412422+02:00 level=INFO msg=\"serving telemetry\" address=:8081/metrics\n```\n\nHTTPS\n---\n\n*SonicWeb* supports serving HTTPS via TLS. There are two options to enable HTTPS:\n\n1. Manually provide a certificate and a key\n2. Enable automatic certificate retrieval via [Let's Encrypt](https://letsencrypt.org)\n\n\n### Manual Configuration\n\nTo use a certificate and key pair, you simply start *SonicWeb* as follows:\n\n```shell\n$ ./sonic-linux-amd64 -root testroot/ -tlscert cert.pem -tlskey key.pem\n```\n\nThe Makefile provides a straightforward way to generate certificates for testing purposes.\nFor serious use, an official certificate signed by a certificate authority should be considered.\n\n### Manual Configuration with Client Certificate Authentication\n\nTo use the client certificate authentication, you simply start *SonicWeb* as follows:\n\n```shell\n$ ./sonic-linux-amd64 -root testroot/ -tlscert cert.pem -tlskey key.pem -clientca clientca0.pem\n```\n\n### Automatic Certificate Retrieval\n\nLet's Encrypt offers to automatically obtain certificates. For this to work, *SonicWeb* holds a list of valid domains,\nfor which certificate retrieval is allowed. When a client connects to one of these, and no certificate is available,\n*SonicWeb* sends a certificate request to Let's Encrypt. The valid domains can be specified via the `-acmedomain`\nparameter. Only exact domains match, so subdomains must be provided with repeated calls.\n\nOnce a certificate is obtained, it is stored in a certificate cache. By default, this cache is in the\noperating system's default temporary directory. It can be changed using the `-certcache` parameter.\n\nTo start *SonicWeb* using automatic certificate retrieval, use the following command:\n\n```shell\n$ ./sonic-linux-amd64 -root testroot/ -acmedomain example.com -acmedomain www.example.com\n```\n\nOther acme endpoints can be used, specifying the `-acmeendpoint` parameter. If nothing is specified, the production\nendpoint of Let's Encrypt is used. Use the following command for testing:\n\n```shell\n$ ./sonic-linux-amd64 -root testroot/ \\\n -acmedomain example.com \\\n -acmedomain www.example.com \\\n -acmeendpoint \"https://acme-staging-v02.api.letsencrypt.org/directory\"\n```\n\nAdditional Headers\n------------------\n\nIn some situations, it is necessary to add HTTP headers to the response.\n*SonicWeb* provides the `-header` parameter to facilitate this.\n\n```shell\n$ ./sonic-linux-amd64 -root testroot/ -header \"Environment: production\"\n```\n\nTo add a huge number of headers the `-headerfile` parameter can be used:\n\n```shell\n$ ./sonic-linux-amd64 -root testroot/ -headerfile additional_headers.conf\n```\n\nThe file should be formatted as follows:\n\n```text\n\u003cHeaderKey\u003e: \u003cHeaderValue\u003e\n \u003cnextLine, if multi-line, starts with space\u003e\n```\n\nHeaders can be specified multiple times, with the last entry taking precedence.\n*SonicWeb* sets the `Server` header to its name and version. By providing an own version of the `Server` header,\nit can be replaced, e.g., to misguide potential attackers.\n\n\nTry Files\n---------\n\nThe `-tryfile` option is specially aimed at single-page applications that use URIs to encode functionality.\nWhen used, *SonicWeb* tries the given file expressions in order. There is a special value that can be used:\n\n| Value | Description |\n|---------------|--------------------|\n| $uri | URI of the request |\n\nIf none of the expressions matches a real file, a 404 is returned. If one of the expressions ends with `/index.html`,\nthat suffix is truncated—replaced by the final `/`—to prevent redirection loops caused by Go's handling of\n`/index.html`. (Go’s FileHandler redirects to `/` when it encounters `/index.html`; therefore, attempting to load\n`/index.html` would trigger a redirect and repeatedly try to load `/index.html` instead of `/`, resulting in a loop.)\n\nAn invocation of *SonicWeb* could then be as follows:\n\n```shell\n$ ./sonic-linux-amd64 -root testroot/ -tryfile \\$uri -tryfile /\n```\n\nWeb Application Firewall\n------------------------\n\n*SonicWeb* integrates the [Coraza](https://github.com/corazawaf/coraza) Web Application Firewall middleware. It uses\nrules to determine actions on the incoming (and outgoing) HTTP traffic. This project does not include the rulesets.\nThe rules can be activated using the `-wafcfg` parameter. It expects, for each invocation, a file containing a Coraza\nconfiguration file. A good base ruleset can be obtained from [coreruleset.org](https://coreruleset.org).\nThere is also extensive documentation on how to write new rules.\n\n*SonicWeb* can be started as follows:\n\n```shell\n$ ./sonic-linux-amd64 -root testroot/ \\\n -wafcfg /etc/crs4/crs-setup.conf \\\n -wafcfg /etc/crs4/plugins/\\*-config.conf \\\n -wafcfg /etc/crs4/plugins/\\*-before.conf \\\n -wafcfg /etc/crs4/rules/\\*.conf \\\n -wafcfg /etc/crs4/plugins/\\*-after.conf\n```\n\nBuilding\n--------\n\nFor easier management, a `Makefile` is included, using it, the build is as easy as:\n\n```sh\nmake\n```\n\nIf your operating system does not provide a usable form of `make`, you can also do:\n\n```sh\nCGO_ENABLED=0 go build -trimpath -ldflags \"-s -w\"\n```\n","funding_links":["https://github.com/sponsors/AlphaOne1"],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Falphaone1%2Fsonicweb","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Falphaone1%2Fsonicweb","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Falphaone1%2Fsonicweb/lists"}