Althttpd

This is a tutorial for Althttpd - an HTTP server made by the SQLite crew.

Build

First, download althttpd.c.

Then, create a file named “VERSION.h”:

#define COMPILER "cc"
#define MANIFEST_DATE "2025-07-03"
#define MANIFEST_ISODATE "2025-07-03"
#define MANIFEST_UUID "1"
#define RELEASE_VERSION "2"

Finally, compile the server:

cc \
    -DENABLE_TLS \
    -I/usr/local/include \
    -L/usr/local/lib \
    -Os \
    -Wall \
    -Wextra \
    -fPIC \
    -lcrypto \
    -lssl \
    -o althttpd althttpd.c

Static Files

Serving static files is as simple as invoking Althttpd with a root directory and a port number:

althttpd -root . -port 8080

Dynamic Files

Serving dynamic files is done using good ol’ CGI scripts. Here is how to show the current time:

#!/usr/bin/env perl

use strict;
use warnings;

use Time::Piece;
my $time = localtime;

print "Content-type: text/html\n\n";
print '<html><body><h1>', $time->hms, '</h1></body></html>'

These are the available CGI variables:

CONTENT\_LENGTH, AUTH\_TYPE, AUTH\_CONTENT, CONTENT\_TYPE, DOCUMENT\_ROOT, HTTP\_ACCEPT, HTTP\_ACCEPT\_ENCODING, HTTP\_COOKIE, HTTP\_HOST, HTTP\_IF\_MODIFIED\_SINCE, HTTP\_IF\_NONE\_MATCH, HTTP\_REFERER, HTTP\_SCHEME, HTTP\_USER\_AGENT, HTTPS, PATH, PATH\_INFO, QUERY\_STRING, REMOTE\_ADDR, REQUEST\_METHOD, REQUEST\_URI, REMOTE\_USER, SCGI, SCRIPT\_DIRECTORY, SCRIPT\_FILENAME, SCRIPT\_NAME, SERVER\_NAME, SERVER\_PORT, SERVER\_PROTOCOL, SERVER\_SOFTWARE.

Logging

Logging can be enabled with -logfile, e.g.:

althttpd -root . -port 8080 -logfile althttpd-%Y%m%d.csv

This will create a new logfile for each day.

Virtual Hosts

Hosting multiple websites on a single server is done by creating multiple directories ending with “.website”.

E.g. this will host “a.example.com” and “b.example.com”:

mkdir a_example_com.website b_example_com.website
althttpd -root . -port 8080

Basic Authentication

Directories can be protected with a password by placing a -auth file in them:

realm Private Directory

# redirect to HTTPS
http-redirect

# prohibit HTTP
https-only

# set $REMOTE_USER
user Richard drh:xxxxxxxxxxxxxxxx

However, this will only protect the directory itself, not it’s subdirectories!

HTTPS

This is enabled with -cert cert.pem and -pkey pkey.pem.

Content Compression

Althttpd can do content compression, but I haven’t used it yet.

IP Blocking

Malicious requests can be blocked with -ipshun or 418 in CGI scripts, but I haven’t used this either.

More Information

• Official documentation: https://sqlite.org/althttpd/doc/trunk/althttpd.md

2025-07-03