{"id":16265006,"url":"https://github.com/patrickdappollonio/http-server","last_synced_at":"2026-04-02T00:38:07.002Z","repository":{"id":21817532,"uuid":"94117132","full_name":"patrickdappollonio/http-server","owner":"patrickdappollonio","description":"A small application with no dependencies to expose a local folder as an HTTP server. It includes a file explorer and a Markdown renderer. ","archived":false,"fork":false,"pushed_at":"2026-03-23T16:38:09.000Z","size":5426,"stargazers_count":99,"open_issues_count":9,"forks_count":16,"subscribers_count":3,"default_branch":"master","last_synced_at":"2026-03-23T20:34:54.261Z","etag":null,"topics":["docker-container","golang","hacktoberfest","http-server","server","static-server","static-site"],"latest_commit_sha":null,"homepage":"https://patrickdappollonio.github.io/http-server-testing-page/","language":"CSS","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/patrickdappollonio.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2017-06-12T16:24:32.000Z","updated_at":"2026-03-23T04:11:49.000Z","dependencies_parsed_at":"2024-01-30T06:33:44.235Z","dependency_job_id":"7ad0ffab-0d24-408c-9282-d68a0582f9dc","html_url":"https://github.com/patrickdappollonio/http-server","commit_stats":{"total_commits":165,"total_committers":8,"mean_commits":20.625,"dds":0.5878787878787879,"last_synced_commit":"9b792e70d48261686aaf3711aef691d2de4cb3c6"},"previous_names":["patrickdappollonio/docker-http-server"],"tags_count":33,"template":false,"template_full_name":null,"purl":"pkg:github/patrickdappollonio/http-server","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrickdappollonio%2Fhttp-server","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrickdappollonio%2Fhttp-server/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrickdappollonio%2Fhttp-server/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrickdappollonio%2Fhttp-server/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/patrickdappollonio","download_url":"https://codeload.github.com/patrickdappollonio/http-server/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrickdappollonio%2Fhttp-server/sbom","scorecard":{"id":722230,"data":{"date":"2025-08-11","repo":{"name":"github.com/patrickdappollonio/http-server","commit":"20d9ff367d3a6964fd6ff47f3b55eccd20941367"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":5.3,"checks":[{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Maintained","score":10,"reason":"14 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Code-Review","score":0,"reason":"Found 0/18 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: no topLevel permission defined: .github/workflows/releasing.yaml:1","Warn: no topLevel permission defined: .github/workflows/stale.yml:1","Warn: no topLevel permission defined: .github/workflows/testing-commit.yaml:1","Warn: no topLevel permission defined: .github/workflows/testing-pull-request.yaml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: MIT License: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Security-Policy","score":10,"reason":"security policy file detected","details":["Info: security policy file detected: github.com/patrickdappollonio/.github/SECURITY.md:1","Info: Found linked content: github.com/patrickdappollonio/.github/SECURITY.md:1","Info: Found disclosure, vulnerability, and/or timelines in security policy: github.com/patrickdappollonio/.github/SECURITY.md:1","Info: Found text in security policy: github.com/patrickdappollonio/.github/SECURITY.md:1"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Signed-Releases","score":0,"reason":"Project has not signed or included provenance with any releases.","details":["Warn: release artifact v2.9.0 not signed: https://api.github.com/repos/patrickdappollonio/http-server/releases/219828527","Warn: release artifact v2.8.1 not signed: https://api.github.com/repos/patrickdappollonio/http-server/releases/219434335","Warn: release artifact v2.8.0 not signed: https://api.github.com/repos/patrickdappollonio/http-server/releases/219365865","Warn: release artifact v2.7.0 not signed: https://api.github.com/repos/patrickdappollonio/http-server/releases/216371091","Warn: release artifact v2.6.0 not signed: https://api.github.com/repos/patrickdappollonio/http-server/releases/214977421","Warn: release artifact v2.9.0 does not have provenance: https://api.github.com/repos/patrickdappollonio/http-server/releases/219828527","Warn: release artifact v2.8.1 does not have provenance: https://api.github.com/repos/patrickdappollonio/http-server/releases/219434335","Warn: release artifact v2.8.0 does not have provenance: https://api.github.com/repos/patrickdappollonio/http-server/releases/219365865","Warn: release artifact v2.7.0 does not have provenance: https://api.github.com/repos/patrickdappollonio/http-server/releases/216371091","Warn: release artifact v2.6.0 does not have provenance: https://api.github.com/repos/patrickdappollonio/http-server/releases/214977421"],"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/releasing.yaml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/patrickdappollonio/http-server/releasing.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/releasing.yaml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/patrickdappollonio/http-server/releasing.yaml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/releasing.yaml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/patrickdappollonio/http-server/releasing.yaml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/releasing.yaml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/patrickdappollonio/http-server/releasing.yaml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/releasing.yaml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/patrickdappollonio/http-server/releasing.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/stale.yml:11: update your workflow using https://app.stepsecurity.io/secureworkflow/patrickdappollonio/http-server/stale.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/testing-commit.yaml:11: update your workflow using https://app.stepsecurity.io/secureworkflow/patrickdappollonio/http-server/testing-commit.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/testing-commit.yaml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/patrickdappollonio/http-server/testing-commit.yaml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/testing-commit.yaml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/patrickdappollonio/http-server/testing-commit.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/testing-pull-request.yaml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/patrickdappollonio/http-server/testing-pull-request.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/testing-pull-request.yaml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/patrickdappollonio/http-server/testing-pull-request.yaml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/testing-pull-request.yaml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/patrickdappollonio/http-server/testing-pull-request.yaml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/testing-pull-request.yaml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/patrickdappollonio/http-server/testing-pull-request.yaml/master?enable=pin","Warn: containerImage not pinned by hash: Dockerfile:1","Info:   0 out of   7 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of   6 third-party GitHubAction dependencies pinned","Info:   0 out of   1 containerImage dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Packaging","score":10,"reason":"packaging workflow detected","details":["Info: Project packages its releases by way of GitHub Actions.: .github/workflows/releasing.yaml:8"],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 30 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}}]},"last_synced_at":"2025-08-22T11:42:18.882Z","repository_id":21817532,"created_at":"2025-08-22T11:42:18.882Z","updated_at":"2025-08-22T11:42:18.882Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":31293451,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-01T21:15:39.731Z","status":"ssl_error","status_checked_at":"2026-04-01T21:15:34.046Z","response_time":53,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["docker-container","golang","hacktoberfest","http-server","server","static-server","static-site"],"created_at":"2024-10-10T17:05:19.038Z","updated_at":"2026-04-02T00:38:06.541Z","avatar_url":"https://github.com/patrickdappollonio.png","language":"CSS","readme":"# `http-server`, a simple HTTP file server\n\n[![Github Downloads](https://img.shields.io/github/downloads/patrickdappollonio/http-server/total?color=orange\u0026label=github%20downloads)](https://github.com/patrickdappollonio/http-server/releases)\n[![Container Downloads](https://img.shields.io/badge/container%20downloads-250k-orange)](https://github.com/users/patrickdappollonio/packages/container/package/docker-http-server) [![Go Report Card](https://goreportcard.com/badge/github.com/patrickdappollonio/http-server)](https://goreportcard.com/report/github.com/patrickdappollonio/http-server)\n\n\u003cimg src=\"internal/server/assets/file-server.svg\" width=\"160\" align=\"right\" /\u003e `http-server` is a static file server with zero dependencies: **just one binary to run**. It also supports:\n\n* **CORS support:** by setting the `Access-Control-Allow-Origin` header to `*`. `HEAD` requests, although unnecessary when doing CORS on `GET` requests, are also supported.\n* **Authentication support:** via either plain username and password or through a JWT token, with optional support for validating if the token isn't expired.\n* **Directory listing:** if no `index.html` or `index.htm` files are present in the directory, a directory listing page will show instead.\n* **Markdown support:** if a `README.md` or `readme.md` file is present in the directory during directory listing, it will be rendered as HTML. Additional support for GitHub-flavored markdown is also available.\n* **Fully air-gapped:** the directory listing feature is fully air-gapped, meaning that it does not require any external resources to be loaded. This is useful for environments where internet access is not available.\n* **Redirections support:** if a `_redirections` file exists in the target directory, it will be used to redirect requests to other locations. Learn about the syntax [in the docs](docs/redirections.md).\n\nThe app is available both as a standalone binary and as a Docker container image.\n\nFor an example site built with `http-server`, check the demo page: [`https://patrickdappollonio.github.io/http-server-testing-page/`](https://patrickdappollonio.github.io/http-server-testing-page/). The [repository for the demo page](https://github.com/patrickdappollonio/http-server-testing-page) contains the folder being served.\n\n### Docker image\n\n[Find the latest version available here](https://github.com/users/patrickdappollonio/packages/container/package/docker-http-server). `latest` will always map to the latest version, which could lead you to download a newer major version that might contain a breaking change. I recommend using `v2` for the tag, since it will always map to a stable version with all potential patches applied. This is the safest way to use to avoid any breaking changes.\n\n```bash\n# stable version 2\ndocker pull ghcr.io/patrickdappollonio/docker-http-server:v2\n\n# pin to specific version\ndocker pull ghcr.io/patrickdappollonio/docker-http-server:v2.0.0\n\n# bleeding edge version (will always update to latest)\ndocker pull ghcr.io/patrickdappollonio/docker-http-server:latest\n```\n\nUsage with `docker compose`:\n\n```yaml\nservices:\n  http-server:\n    image: ghcr.io/patrickdappollonio/docker-http-server:v2\n    restart: unless-stopped\n    ports:\n      - \"5000:5000\"\n    volumes:\n      - ./:/html:ro # Use the current directory as the source\n    environment:\n      - PORT=5000 # Configures the port (the default is 5000)\n      - TITLE=HTTP Server Test Site # Changes the site name\n      - CORS=true # Enable CORS for testing purposes\n      # Other configuration options:\n      # - BANNER=Welcome to the HTTP Server Test Site! # Changes the banner\n```\n\n#### Configuring the container\n\nThere are three ways to configure the container:\n\n* **Using a YAML configuration file:** create a configuration file named `.http-server.yaml`. This file cannot be accessed using the file explorer mode nor it will show up in the directory listing. The variable names match the command line flags. For example, to set `--disable-markdown`, you can use `disable-markdown: true` in the configuration file.\n* **Using environment variables:** The environment variables match the command line flags. For example, to set `--disable-markdown`, you can use `DISABLE_MARKDOWN=true` as an environment variable. Additionally, and to avoid collisions, all environment variables can be prefixed with `FILE_SERVER_`. For example, to set `--path` parameter, which would collide with your Operating System's `$PATH`, you can use instead `FILE_SERVER_PATH`.\n* **Overwriting the `command` and `args`:** Overriding the arguments passed to the container is also possible. For Docker, see [overriding `CMD`](https://docs.docker.com/engine/reference/run/#cmd-default-command-or-options) but keep the `ENTRYPOINT` intact. For `docker compose`, see [overriding the `command`](https://docs.docker.com/compose/compose-file/#command). For Kubernetes, see [overriding `command` and `args`](https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/).\n\n### Static binary\n\nYou can download the latest version from the [Releases page](https://github.com/patrickdappollonio/http-server/releases).\n\n### Homebrew\n\nYou can also install the app using Homebrew. A Homebrew tap is available with the latest version:\n\n```bash\nbrew install patrickdappollonio/tap/http-server\n```\n\n#### Usage options\n\nThe following options are available.\n\n```text\nA simple HTTP server and a directory listing tool.\n\nUsage:\n  http-server [flags]\n\nFlags:\n      --banner string                       markdown text to be rendered at the top of the directory listing page\n      --cors                                enable CORS support by setting the \"Access-Control-Allow-Origin\" header to \"*\"\n      --custom-404 string                   custom \"page not found\" to serve\n      --custom-404-code int                 custom status code for pages not found\n      --custom-css-file string              path within the served files to a custom CSS file\n      --disable-cache-buster                disable the cache buster for assets from the directory listing feature\n      --disable-directory-listing           disable the directory listing feature and return 404s for directories without index\n      --disable-etag                        disable etag header generation\n      --disable-markdown                    disable the markdown rendering feature\n      --disable-redirects                   disable redirection file handling\n      --ensure-unexpired-jwt                enable time validation for JWT claims \"exp\" and \"nbf\"\n      --etag-max-size string                maximum size for etag header generation, where bigger size = more memory usage (default \"5M\")\n      --force-download-extensions strings   file extensions that should be downloaded instead of displayed in browser\n      --gzip                                enable gzip compression for supported content-types\n  -h, --help                                help for http-server\n      --hide-files-in-markdown              hide file and directory listing in markdown rendering\n      --hide-links                          hide the links to this project's source code visible in the header and footer\n      --jwt-key string                      signing key for JWT authentication\n      --markdown-before-dir                 render markdown content before the directory listing\n      --password string                     password for basic authentication\n  -d, --path string                         path to the directory you want to serve (default \"./\")\n      --pathprefix string                   path prefix for the URL where the server will listen on (default \"/\")\n  -p, --port int                            port to configure the server to listen on (default 5000)\n      --render-all-markdown                 if enabled, all Markdown files will be rendered using the same rendering as the directory listing READMEs\n      --title string                        title of the directory listing page\n      --username string                     username for basic authentication\n  -v, --version                             version for http-server\n```\n\n### Detailed configuration\n\nAll the available configuration options are documented in the docs. You can find them [here](docs/).\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpatrickdappollonio%2Fhttp-server","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fpatrickdappollonio%2Fhttp-server","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpatrickdappollonio%2Fhttp-server/lists"}