Weblog
Everything that has a beginning, has an ending. In 2002, the Hiawatha webserver was born. It started as a small hobby project with no serious intentions. But in the years that followed, it grew into a mature webserver with unique and proven security features. Unfortunately, lack of interest in this project has always been a seamy side. Many times, I wondered whether I should keep going on with the project or not, but somehow I always found a reason to continue. But not this time. Recently, a serious issue was found in the Hiawatha webserver and the fact that I didn't care much, made me realize that it's time to stop.
Does this mean that the Hiawatha webserver will stop to exist? No. I still use it myself a lot and I will continue to do so in the future. I will make new releases available via this website and GitLab, but don't expect any more fancy. The most important change is that I will stop seeing and promoting it as an alternative webserver. For the time being, this website will remain online, but I will make the forum read-only. The contact form will be removed, I won't send any more newsletters (I will remove all e-mail addresses soon) and I will no longer be available for support questions about the Hiawatha webserver. Security related issues can still be reported, of course.
The most important reason for this is that my spare time is only limited and I'd rather spend it doing other things than developing a webserver. I recently bought an electric guitar and many of my spare time now goes to playing music. And for quite some time, I found a more interesting challenge in organisational security-related subjects and privacy-related subjects than in technical security-related subjects. For the last 6 years, I developed a methodology for performing a risk analysis for information security (in Dutch) and for the last few months, that project is suddenly going very well. It's getting a lot of attention in the Netherlands. And with a friend, I started a weblog about privacy (also in Dutch). And that simply covers most of my spare time.
So, can you continue using the Hiawatha webserver? Well, that depends on what you want from a webserver. Clearly, Hiawatha will never support HTTP/2 or HTTP/3. If you're fine with that and Hiawatha serves your needs, you can continue using it. To be clear: I won't stop developing Hiawatha. But new features will be based on what I need, not on what is needed for a webserver in general.
I now come to the end of my, probably, final message at the Hiawatha weblog. While typing this message, I realize that it's still a serious step for me. But I think it's the right one. Thanks to all who have supported me and this project (you know who you are). Hopefully, Hiawatha will serve you well for as long as possible, but I won't blame you if you switch to another webserver. Thanks and stay safe!
Built upon the Banshee PHP framework.
I am one of those 13 people who starred the repo at GitLab, will definitely keep using it.
regards
EPE
Now, a great "in bocca al lupo" for all your coming projects!
I wish you the best of luck in all future endeavours.
Nice to know it does not stop completely!
Dank voor deze geweldige webserver. Gebruik het sinds 2012 met veel plezier.
The above being said, I understand that personal priorities shift, and you've been more or less a one man show on this project for the entire run. It's better to move on than to burn out. For my part I support your decision, and will continue to maintain my Debian builds and repositories until the project is well and truly abandoned.
Thanks for all your hard work over the years, Hugo. You gave us one of the fastest, most stable and secure web servers out there. It was great while it lasted!
All the best,
-Chris
We'll miss Hiawatha's further development, fully understand your decision, wishing you all the best to all your current and future endeavours...biding farewell with a big: "THANK YOU!"
This project is also special to me because this is after an exchange with you in 2017 that I discovered and decided to try Linux. I am now a happy Arch Linux user, rock solid and such an enjoyable system.
Developer myself I can fully understand your feelings, we do this for fun and without passion there is no point continuing. Thanks again, it was a great journey.
Best, Kewl
Although it is sad to see the project end, it has been a wonderful experience working with you as a developer. It shows great maturity in understanding when your heart is not into something. You provided excellent support throughout these years, and it has served as a role model fore personally to strive towards. I have thorough enjoyed all of our discourses, and wish you the best in all your future ventures.
Thank you for providing an security-focused alternative to NGINX & Apache.
Good luck with your new adventures! Could you please share the link of that new Dutch security-oriented blog?
P.S.: https://www.hiawatha-webserver.org/banners isn't anymore!
I've been using Hiawatha on my production server for over 6-7 years now and I can tell you it beats every other web server out there.
I really wish you would not abandon this project as I think it is one of the best out there and that your work is highly appreciated by other professionals (like myself).
We have a saying in my culture: "Those who don't do mistakes don't do".
One small (and really not that big) mistake in so many years is really not that big a deal and only shows how hard you're working.
Thanks Hugo for all that you've done and I still hold hope you'll come around and not leave this project.
It looks I was mistaken with the message and I'm pacified now...being able to "live with that" :-)
In addition, the most responsible thing you can do is move Hiawatha to GitHub (or similar) and let people send code using pull requests. Good luck.
thank you for your great job until now. You made something possible others huge players just did not care about. But we care and this perfect webserver will be in the net and continue to live on (as it is or with whatever features you will probably put into in the future).
electRic (missed a letter?) guitar ist probably also a nice hobby and another time-eater ;-)
I wish you all the best with your music and your security project (that finally did not make it into german language, what a pitty). Nevertheless, I will always keep an eye on your projects and hope they will be as successfull as you want them to be.
Liebe Grüße aus Hamburg,
Torsten
Could I suggest that the Hiawatha-webserver project be run by a group of dedicated Brothers and Sisters and overseen by you of course, just like the Linux Kernel is run.
All the best to you and your future.
What is in the line that causes the error message?
When I upgraded; the syntax error pointed to a commented line (4 lines) above the default hostname. I started removing lines which at one point pointed to the WebsiteRooty below the default hostname to the Directory->UrlToolkit and above directives.
First of all, I appreciate your development. Hiawatha was a very easy-to-use software.
I would like to take over the development, if possible, but there are concerns. Can I change the license of Hiawatha to "Apache License 2.0".
Your consideration of our request would be greatly appreciated.
Kind regards,
As mentioned in the blog, I'm not stopping to develop Hiawatha. I just stopped having big plans for Hiawatha. So, there is no 'taking over development'. There are two options for you. 1) Contribute to develop Hiawatha. It could really use HTTP/2 support, but I don't have the time for that. 2) Fork Hiawatha and write your own version.
Why do you want to change to the Apache license?
Thanks for the reply. I will explain why I proposed "APLv2 (or BSD-style)".
I apologize in advance that English is not my first language.
There was portion that becomes a little care in your comment.
> I've had several offers to help with development in the past. None of them resulted in actual code contributions.
(Same as Apache HTTPd) "nginx" which continues to expand market share also adopts "2-clause BSD license". (See also: http://nginx.org/LICENSE)
Although is looser than GPL-type license, both form a vibrant community. "lighttpd" is also being developed on community basis.
As a result of the analysis, I thought that adopting a loose license may reduce the responsibility for contribution.
Many people complain, but few people can write source code.
However, with the GPL license, it must be disclosed even in the source code under development. (Even if the developer does not want it)
Even if you try to distribute an experimental build that incorporates specific library, it's impossible to distribute only binaries in an open environment.
Contributors want only "bug reports", but they can't refuse it when requested for code disclosure.
Some people laugh at looking at source code that does not handle errors properly. It's so humiliating.
In the case of BSD-like license, we can distribute only binary because don't have the obligation to disclose. You can also brush up by asking the early adapter layer to review.
In conclusion "Contributing with the current license is very difficult". Even if I fork, I can't escape GPL contamination.
Of course, you can also kick this proposal as "ridiculous".
Thank you for your consideration.
However, I'm always open for discussion about the license. But let's discuss your development plans first. Is HTTP/2 support even an option for you? Or what other plans do you have for Hiawatha?
If this is not an open standard, you don't need to actively adopt it.
However, as HTTPS communication becomes commonplace, the delay of old protocol becomes prominent.
Late leads to "a decrease in the number of visitors". It will be fatal for Web services that provide real-time communication.
The strength of Hiawatha webserver, it's "able to launch a secure Web server without complicated setup".
For Web server administrators, it's welcome, but the client side does not.
Speed and safety should be equal. To do this it will be necessary to support HTTP/2.
If we can use both HTTP/2 and HSTS without complicated setup, more people will switch from nginx etc.
HTTP/2 support is also valid for me and it will be effective for increasing individual use.
May you find great success in your new venture!
Isn't there anyone who can fork Engintron and make it work with Hiawatha? https://github.com/engintron/engintron
That would make the webserver quite popular. I was using Hiawatha + Apache (as second webserver to compatibility with .htaccess) and still outdid most of the webservers.
Sad forum is also disabled since at least users could help each other
Giving so much to Open Source is extremely noble and often feels thankless, but I'm sure everyone here really appreciates what you have given us.
If you would like the project to continue on from your fantastic base, that is of course what open source is about as well; perhaps you might invite forking of the project to someone who you believe could successfully keep it current.
Many Thanks
David Chapman
well as some people mentioned above, I'm kinda sad about your decision but I totally understand your reasons. All I can say is thank your for your hard work.
And last but not least: I made an RFC to the dietpi-project to add hiawatha to their software repository. I think your webserver is the best choice to build a secure nextcloud server.
Let's see how the devs will decide.
Anyway, a huge THANK YOU!
Kind Regards,
Mike
I am really sad to hear the news.
I have been using Hiawatha for 4 years and I really love it.
I'll carry on using it until it eventually dies.
Would you mind if I/we , the users start a new forum for community support?
Have fun playing your guitars and thank you for this wonderful piece of software you gave us all to use for free
Another thought for future development and collaboration would be to more fully embrace the features of GitLab. Enabling the Issue queue would be a great start.
@Hugo: I can obviously understand your lack of interest investigating a windows issue and I am myself in the process of exiting completely windows. This message can be of interest though for future readers experiencing the same issue in 10.9. In this case the advice is to switch to 10.8.4 still available for download for Windows.
Suddenly i feel the irrational urge to seek people to fork and rewrite hiawatha in rust, just to give it a fighting chance.
I will probably continue use of Hiawatha as to me it is the one that works well for me. Thanks again.
I just wanted to say thank you for your great work over the past years. It is amazing to see that so many people use and love Hiawatha. It makes me sad that such a great piece of software won't be continued. On the other side, I totally understand your reasons (I'm also addicted to my guitar :-)
I wish you all the best for the future and once again thanks a lot for all the effort and work.
Cheers,
zmak
Hiawatha is without a doubt the breath of fresh air that I was looking for in a web server. Apache configuration had grown far more complex than it was worth... and Hiawatha is secure AND blazing fast. I am fortunate (and happy) that you plan to continue it in its current state. Perhaps the day may come when I need something else, but it works perfectly just the way it is.
Good luck with your guitar adventure! May you find the tone and feel it to your bones.
@JonesRE
I don't mind moderating the forum and I'll try to do my best in answering basic questions.
I am sure others will also help.
Which email can I PM you with my details?
well the answer are in the real life: most stupid enterprices prefers pay expensive products event use real and efective products.. recently a friend of me tell me that a corporation integrates a BACNET software with 60000$ event use a more features but only llinus alternate... well.. that the real shit life!
User Table:
[IDX]
firstName="Mary"
otherName=" "
lastName= "Jones"
[IDX] // next record.
You helped me many times in the forum with my questions and I learned a lot.
Thank you for all of that!
What got me to Hiawatha in the first place?
I wanted a fast and secure webserver. I still want a secure webserver and I will continue to use Hiawatha.
What about enabling issues on gitlab?
First of all I should say thank you for what you've done during these years to make this project and lovely hiawatha
its very sad to hear that this project would be scaled down. I'm not a professional on this topic (web server development) but a regular web developer. I can't help for the development of this project but since I think doing our best to help this project is a great responsibility for us as users I can provide these things and I declare my commitment to these:
1- I can make a new website for hiawatha with a better forum. (I am a Drupal developer) and I would maintain the site (host, backups, further development etc)
2- we (in our web agency) can allocate a fraction of our income to this project. so if you don't mind please add a donation button to the website
3- I'm just learning hiawatha. we wanted to use it for our enterprise solutions that we are working on it now. so I promise that in the future I can do some forum moderation
Thanks again and sorry for my weak English!
1 - The forum itself isn't the issue. People answering questions is what's needed. What Hiawatha needs is a community, people helping other people. It took me too much time to answer all the support-questions myself. I'm willing to re-open the forum, but not without other people to help answering the questions.
2 - Thanks for the offer, but money is not what's needed. What's really needed is a developer willing to help HTTP/2 support. Without HTTP/2 support, Hiawatha doesn't really have a future. It's too much work for me on my own.
3 - See answer 1.
Sad to see you go, but as a family man myself, I sympathize with having to prioritize. Hopefully, we'll see you in concert
I myself have been using Hiawatha for years but the few times I used the forums had to keep visiting them in order to know If a reply was given, e-mail notifications would surely help the community help each other since most people check e-mail regularly, I myself would answer questions for new topics if I'm notified about them.
So basically two features are needed in the forums:
1. Ability to subscribe/unsubscribe from forum sections to receive notifications of new topics.
2. Manual or automatic subscription to a topic when replying to it in order to receive all replies with the option to disable future replies by explicitly opting out.
The forum worked without a username or password but, at least the e-mail, name and password will be mandatory for this functionality.
On the other side the the hiawatha howto/man pages have mostly everything one needs to know and most questions are the consequence of not reading them properly (has happened to me), but there are also some cases when the current documentation may not be enough. Anyways, I may keep using Hiawatha for years and when I have time will try to study its source and see if I can contribute something (the http/2 stuff looks like a really complicated thing to implement from a security perspective since a single request can send more than one file at a time, making it harder to mitigate attacks, maybe limits have to be placed on the amount of stuff that can be send on a single request...)
Notification settings are divided into three groups:
Global settings
Group settings
Project settings
Each of these settings have levels of notification:
Global: For groups and projects, notifications as per global settings.
Watch: Receive notifications for any activity.
Participate: Receive notifications for threads you have participated in.
On Mention: Receive notifications when @mentioned in comments.
Disabled: Turns off notifications.
Custom: Receive notifications for custom selected events.
More info here ---
https://docs.gitlab.com/ee/workflow/notifications.html
I used it in production as a reverse proxy/ssl endpoint for securing Confluence (tomcat) server for my clients.
As another commenter pointed out, the configuration file is so easy and it hiawatha always felt "plug and play".
All the best on your journey!
```
certbot certonly -d domain.com,www.domain.com --webroot -w /home/domain/public_html/
```
Then you can copy the following script into: /etc/letsencrypt/renewal-hooks/deploy/hiawatha make it executable and run it manually if needed.
```
#!/bin/bash
if [ ! -e "/etc/letsencrypt/live" ]; then
exit
fi
if [ ! -e "/etc/hiawatha/tls" ]; then
mkdir /etc/hiawatha/tls
fi
for directory in $(ls /etc/letsencrypt/live); do
if [ "$directory" = "README" ]; then
continue
fi
echo "Generating certificate for ${directory}..."
cat /etc/letsencrypt/live/$directory/privkey.pem > /etc/hiawatha/tls/www.$directory.pem
echo "" >> /etc/hiawatha/tls/www.$directory.pem
cat /etc/letsencrypt/live/$directory/cert.pem >> /etc/hiawatha/tls/www.$directory.pem
echo "" >> /etc/hiawatha/tls/www.$directory.pem
cat /etc/letsencrypt/live/$directory/chain.pem >> /etc/hiawatha/tls/www.$directory.pem
done
systemctl restart hiawatha
```
Finally you can create a cronjob that renews all certificates which will also run the hiawatha hook by adding the following to your cron file:
```
* */10 * * * /usr/bin/certbot renew
```
You're a great person. I understand your decision, it makes sense. It is incredibly unfortunate that there was a lack of interest in such a fine project.
Greetings from Scandinavia. Heill auk Sæll!
Faithfully,
-k0nsl
A litte late but not too late. Thank you for this great webserver and all your valuable time spent for development, documentation and support. It was and is an excellent webserver, especially for embedded systems. Not overloaded with features nobody will ever use, small footprint, highly efficient, stable, and secure. I hope you enjoy playing guitar and all the other things for which you now have more time. I look forward to your ongoing contribution to this great project. Thank you!
Have a good time
Carsten