excerpt: An alternative to Apache. No installation required.
date: 2020-10-21
tags:
- linux
- aws
- busybox
---
As part of my practice for AWS [Solutions Architect](https://aws.amazon.com/certification/certified-solutions-architect-associate/) certification, I needed to run a test web server to test security group (a virtual firewall attached to an instance, specifically its network interface), NACL (network access control list, a subnet-level cloud firewall) and Route 53 DNS failover. Most (all?) study guides suggest installing and running an Apache web server, the most popular web server (it's the 'A' of an LAMP stack).
> This article assumes Ubuntu Linux AMI is used
## BusyBox httpd
It's little known that there is already a web server included in most Linux distributions, the ubiquitous BusyBox has a tiny and simple `httpd` web server. It doesn't support TLS and PHP (you _could_ run PHP via [CGI](https://www.php.net/manual/en/install.unix.commandline.php), which httpd [supports](https://openwrt.org/docs/guide-user/services/webserver/http.httpd#cgi), but it's not recommended). Since I only needed a static "index.html", httpd fits the bill. Not all Busybox installation includes httpd, for example {% post_link binaries-alpine-docker 'Alpine' %} doesn't have one, you need to install [busybox-extras](https://pkgs.alpinelinux.org/package/edge/main/x86_64/busybox-extras) package to get it.
By default, a normal user cannot starts a web server that binds to port 1 - 1023 without root privilege in Linux. A common solution is to grant `CAP_NET_BIND_SERVICE` capability to the web server's binary (BusyBox in this case). Alternatively, you could _start_ it using root and then _run_ it as an unprivileged user:
```
$ sudo busybox httpd -p 80 -u 33:33
```
Ubuntu includes a `www-data` user that has minimal privilege, "33" is its uid/gid:
I guess the workaround is fine for a temporary test server, you shouldn't do this in production; well, you wouldn't use `httpd` in production anyway.
### Example usage
1. Create an `index.html`:
```
$ echo '<html>test server</html>' > index.html
```
2. Starts `httpd`:
```
$ sudo busybox httpd -p 80 -u 33:33
```
3. From your local workstation, verify the server is responding:
```
$ curl -L http://x.x.x.x
<html>test test</html>
```
_Obviously you should already have a rule in the relevant security group to allow inbound port 80._
## Run SSH in an alternative port
SSH uses port 22 by default, if you prefer strangers not to knock on that door (figuratively speaking, not to be confused with [port knocking](https://en.wikipedia.org/wiki/Port_knocking)), you can change to another port using a [user data](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/user-data.html) script.
First, create a shell script (in your local workstation):
``` sh script.sh
#!/bin/sh
# Change port 1234 to desired port
sed -i 's/^#Port 22$/Port 1234/' "/etc/ssh/sshd_config"
systemctl restart ssh
```
Then, specify the script as a `--user-data` when you create an EC2 instance using AWS CLI:
The file should be specified with `file://` prefix, if the script is located at "/home/example/script.sh", it should be `file:///home/example/script.sh`.
Refer to "[Ubuntu Cloud Image Finder](https://cloud-images.ubuntu.com/locator/)" for the latest Ubuntu AMIs in your AWS region.
### Terminate EC2 instance using a tag
Notice I tag/name the instance as "test-ec2", this helps me to easily terminate it without manual input of instance id:
1. Move the private key to ".ssh" of your home folder:
```
$ mkdir -p ~/.ssh
$ cp /path/to/private_key.pem ~/.ssh/
```
2. SSH is fussy about the folder/file permission:
```
$ chmod 0700 ~/.ssh/
$ chmod 600 ~/.ssh/private_key.pem
```
3. Create SSH config:
``` plain ~/.ssh/config
Host server1
HostName x.x.x.x
User ubuntu
Port 1234
IdentityFile /home/example/.ssh/private_key.pem
```
The username differs depending on the AMI that you use, refer to the AWS [documentation](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/managing-users.html).
To find out your instance's public IP using its tag (e.g. "test-ec2"):
If you use [kitty](https://sw.kovidgoyal.net/kitty/index.html) terminal to ssh into your Linux instance, you may find the backspace doesn't work. That is because kitty uses different terminfo.
``` plain server
$ echo $TERM
xterm-256color
```
``` plain local
$ echo $TERM
xterm-kitty
```
You can view the xterm-kitty by:
```
$ infocmp xterm-kitty
```
There are two ways to fix this.
### Send kitty terminfo
This seems like a common issue and the fix is mentioned in kitty's [FAQ](https://sw.kovidgoyal.net/kitty/faq.html#i-get-errors-about-the-terminal-being-unknown-or-opening-the-terminal-failing-when-sshing-into-a-different-computer). In this approach, kitty can upload and install its terminfo when you ssh into your server:
```
$ kitty +kitten ssh server1
```
### Install terminfo using user data
Alternatively, you could also install it using user data:
``` sh script.sh
#!/bin/sh
# kitty terminfo
echo "# Reconstructed via infocmp from file: /usr/share/terminfo/x/xterm-kitty