Alaya 4.5

Alaya is a chrooting webserver with basic webdav extensions and a number of unsual features. It can serve both http and https and is intended to provide a simple means for people to share directories with webdav. Although it chroots it supports running CGI programs outside of the chroot via a trusted-path method. Alaya supports perfect-forward-secrecy and client certificate authentication.

Tags http-server c posix linux
License GNU GPLv3
State stable

Recent Releases

4.503 Jan 2024 12:21 minor feature:
4.113 Oct 2020 03:15 minor feature: Fastopen now only enabled in https by default. added TCPFastOpen and .
4.009 Oct 2020 03:15 minor feature: For pipes being held open by other processes that shouldn't even . Add missing files from previous commit. . Add missing libUseful files. . Add support for using namespaces. handle chroot better when server no . . Added namespaces support. . Added REUSEPORT and namespaces.
3.227 Apr 2020 03:15 minor feature: For vpath directory traversals.
3.123 Apr 2020 18:07 minor feature: Added 'Upload' event handling.
3.013 Apr 2020 05:45 minor feature: Scripts should run in the home directory, for now. Long term a more i . Support HTTPS/HTTP on same port. Added SOCKS service support. Modific . . Remove some garbage/test files.
2.107 Apr 2016 06:55 major bugfix: Three issues fixed: CGI programs were being delayed because connection was not being closed to signal end of data. Timezone info was wrong in CGI programs because glibc timezone implementation doesn't play well with chroot. Finally there was a segfault when building m3u playlist if a file is inaccessible.
2.025 Mar 2016 14:38 major feature: Initial websockets support added. Improved performance. Added 'session cookie' authentication. Fine-grained caching control. Added 'REMOTE_MAC' cgi variable. SSL version control. VPaths can now be configured with various arguments. Directory listing page much improved for 'interactive' mode.
1.512 Jan 2015 01:07 major feature: Added Events framework to take actions in response to certain HTTP requests. AccessToken authentication system hardened. Maximum stack/memory resource controls. Many bugfixes and cleanups.