Weblog

18 February 2019, 20:06

Everything that has a beginning, has an ending. In 2002, the Hiawatha webserver was born. It started as a small hobby project with no serious intentions. But in the years that followed, it grew to a mature webserver with unique and proven security features. Unfortunately, lack of interest in this project has always been a seamy side. Many times, I wondered whether I should keep going on with the project or not, but somehow I always found a reason to continue. But not this time. Recently, a serious issue was found in the Hiawatha webserver and the fact that I didn't care much, made me realize that it's time to stop.

Does this mean that the Hiawatha webserver will stop to exist? No. I still use it myself a lot and I will continue to do so in the future. I will make new releases available via this website and GitLab, but don't expect any more fancy. The most important change is that I will stop seeing and promoting it as an alternative webserver. For the time being, this website will remain online, but I will make the forum read-only. The contact form will be removed, I won't send any more newsletters (I will remove all e-mail addresses soon) and I will no long be available for support questions about the Hiawatha webserver. Security related issues can still be reported, of course.

The most important reason for this is that my spare time is only limited and I'd rather spend it doing other things than developing a webserver. I recently bought an electric guitar and many of my spare time now goes to playing music. And for quite some time, I found a more interesting challenge in organisational security-related subjects and privacy-related subjects than in technical security-related subjects. For the last 6 years, I developed a methodology for performing a risk analysis for information security (in Dutch) and for the last few months, that project is suddenly going very well. It's getting a lot of attention in the Netherlands. And with a friend, I started a weblog about privacy (also in Dutch). And that simply covers most of my spare time.

So, can you continue using the Hiawatha webserver? Well, that depends on what you want from a webserver. Clearly, Hiawatha will never support HTTP/2 or HTTP/3. If you're fine with that and Hiawatha serves your needs, you can continue using it. To be clear: I won't stop developing Hiawatha. But new features will be based on what I need, not on what is needed for a webserver in general.

I now come to the end of my, probably, final message at the Hiawatha weblog. While typing this message, I realize that it's still a serious step for me. But I think it's the right one. Thanks to all who have supported me and this project (you know who you are). Hopefully, Hiawatha will serve you well for as long as possible, but I won't blame you if you switch to another webserver. Thanks and stay safe!

Konstantinos
18 February 2019, 20:30
Thank you!
Erik S
18 February 2019, 20:32
Thank you Hugo for the best web server out there. I will continue to use it until the bitter end. Puppy Linux will continue to use it.
Ben
18 February 2019, 20:37
Thank you, Hugo, for your many years of exceptional service and support. I have learned a lot by reading Hiawatha source code and using it for many projects. What will the future of the Banshee framework be?
Ali
18 February 2019, 20:44
Sorry to read this Hugo, it is a shame that Hiawatha never got the attention it deserved. Thank you for your great work and good luck with your other ventures. Also, thank you for not directly abandoning/killing the project.

I am one of those 13 people who starred the repo at GitLab, will definitely keep using it.
Marc Abel
18 February 2019, 20:45
Hugo, I'm in awe of your courage to make this decision. You've grown beyond what you were doing and thinking in 2002, and you're now contributing things to the Dutch-language literature that I too find more compelling than maintaining a web server. I hope you will offer a mechanism for those of us who have followed your Hiawatha emails for many years of keeping informed about what you are doing.
Ernesto Perez Estevez
18 February 2019, 20:46
thanks Hugo! It has been a good webserver and hope it will continue working in the years to come. And count on us for reporting any issue that arises. Problems are to be solved.
regards
EPE
Paolo M.
18 February 2019, 20:48
Thank you for the precious time and energy you spent in your fantastic webserver.
Now, a great "in bocca al lupo" for all your coming projects!
Hugo Leisink
18 February 2019, 20:51
@Ben: Banshee also suffers from lack of interest, but it suffers even more from it than Hiawatha. Since it has almost no users, there is no scaling down. But the same goes for that one. I still use it myself a lot and I will make new releases available via that website (probably a new version soon), but no more active promoting. I'm also thinking about making the forum read-only etc, but haven't made up my mind yet. The Banshee forum has no activity at all, so no rush for me there.
Patrick Beks
18 February 2019, 21:10
Thanks for this excellent piece of work.
Germain
18 February 2019, 21:12
Thank you for your past appreciated efforts Hugo, and best wishes for a bright future... as Hiawatha was a truly shinning web server !
Klemens
18 February 2019, 21:23
I can totally understand your desire to spend your time on more interesting things. Thank you for a webserver that has always worked well for me and have fun with your future projects!
Christopher Ferrell
18 February 2019, 21:28
Hugo, I m saddened by this post. Not because I don't understand, because I do. Hiawatha has been great to me, secure, and just a great webserver to work with.

I wish you the best of luck in all future endeavours.
Wouter
18 February 2019, 21:54
Thanks!
Nice to know it does not stop completely!

Dank voor deze geweldige webserver. Gebruik het sinds 2012 met veel plezier.
Chris Wadge
18 February 2019, 22:24
This news saddens me, but doesn't surprise me. The reason Hiawatha never really gained much traction in the grand scheme (though it does have its user base -- my mirror alone sees thousands of unique downloads per month) was never due to lack of quality IMO, but simply herd mentality. People don't want to risk standing out, being the first one to do something different. They'd rather blend in. After all, zebras aren't camouflaged against the landscape, they're camouflaged against eachother.

The above being said, I understand that personal priorities shift, and you've been more or less a one man show on this project for the entire run. It's better to move on than to burn out. For my part I support your decision, and will continue to maintain my Debian builds and repositories until the project is well and truly abandoned.

Thanks for all your hard work over the years, Hugo. You gave us one of the fastest, most stable and secure web servers out there. It was great while it lasted!

All the best,
-Chris
Gour
18 February 2019, 22:34
It is so rare in the open-source world that one provides such a high-quality product which is so pleasurable to use (Hiawatha's config format is simply unprecedented) and still offer great and personal support!!

We'll miss Hiawatha's further development, fully understand your decision, wishing you all the best to all your current and future endeavours...biding farewell with a big: "THANK YOU!"
Kewl
18 February 2019, 23:16
I have been using Hiawatha webserver daily for more than 10 years, first on Windows then on Linux, and it has never crashed nor bugged once. One of the most reliable software I've ever used.

This project is also special to me because this is after an exchange with you in 2017 that I discovered and decided to try Linux. I am now a happy Arch Linux user, rock solid and such an enjoyable system.

Developer myself I can fully understand your feelings, we do this for fun and without passion there is no point continuing. Thanks again, it was a great journey.

Best, Kewl
Anoduck
19 February 2019, 00:23
Hugo,
Although it is sad to see the project end, it has been a wonderful experience working with you as a developer. It shows great maturity in understanding when your heart is not into something. You provided excellent support throughout these years, and it has served as a role model fore personally to strive towards. I have thorough enjoyed all of our discourses, and wish you the best in all your future ventures.
RoestVrijStaal
19 February 2019, 00:29
Hugo,

Thank you for providing an security-focused alternative to NGINX & Apache.

Good luck with your new adventures! Could you please share the link of that new Dutch security-oriented blog?

P.S.: https://www.hiawatha-webserver.org/banners isn't anymore!
Gilad
19 February 2019, 08:01
Dear Hugo,
I've been using Hiawatha on my production server for over 6-7 years now and I can tell you it beats every other web server out there.

I really wish you would not abandon this project as I think it is one of the best out there and that your work is highly appreciated by other professionals (like myself).

We have a saying in my culture: "Those who don't do mistakes don't do".
One small (and really not that big) mistake in so many years is really not that big a deal and only shows how hard you're working.

Thanks Hugo for all that you've done and I still hold hope you'll come around and not leave this project.
borys
19 February 2019, 08:17
Thank you very much!!! I've spent a lot of time searching the right webserver for me and I know exactly why I chose Hiawatha. I admire what you did very much. Wish you the best for the future!
Hugo Leisink
19 February 2019, 08:35
@Gilad: To be clear, I'm not abandoning this project. I just did a major focus shift. I'm no longer trying to make Hiawatha an alternative webserver for everybody. I'm now just building it for myself and sharing with others what I have. If you can live with that, nothing much will change for you.
Gour
19 February 2019, 10:27
> I'm not abandoning this project...If you can live with that, nothing much will change for you.

It looks I was mistaken with the message and I'm pacified now...being able to "live with that" :-)
yolo
19 February 2019, 11:55
@Hugo_Leisink Too bad, I liked the project. Anyway, webservers require timely updates. If you want to dedicate yourself to music, find a new maintainer and delegate everything to him.
In addition, the most responsible thing you can do is move Hiawatha to GitHub (or similar) and let people send code using pull requests. Good luck.
tda
19 February 2019, 12:51
Hugo,

thank you for your great job until now. You made something possible others huge players just did not care about. But we care and this perfect webserver will be in the net and continue to live on (as it is or with whatever features you will probably put into in the future).

electRic (missed a letter?) guitar ist probably also a nice hobby and another time-eater ;-)

I wish you all the best with your music and your security project (that finally did not make it into german language, what a pitty). Nevertheless, I will always keep an eye on your projects and hope they will be as successfull as you want them to be.

Liebe Grüße aus Hamburg,
Torsten
Gerard Lally
19 February 2019, 13:29
Sic transit gloria mundi. Sad news. All the best, Hugo.
Ray
19 February 2019, 22:28
Thank you Hugo for you selfless effort to provide us with a Superior product in a tech world of it will do just to make some or a lot of money.
Could I suggest that the Hiawatha-webserver project be run by a group of dedicated Brothers and Sisters and overseen by you of course, just like the Linux Kernel is run.
Hugo Leisink
20 February 2019, 00:44
If you know some people who are willing to continue development, let me know.
David
21 February 2019, 07:52
Hello. Great work with hiawatha. I was using up to 10.8.4 without problems. Did you change some syntax for v10.9 that is not documented as I can no longer start hiawatha with my working config and the error line is of no help. I installed via chris wadge debian build if that makes any difference.

All the best to you and your future.
Daniel Eisele
21 February 2019, 11:08
@David, The options "yes" and "true" have been removed from PreventCSRF, PreventSQLi and PreventXSS.
What is in the line that causes the error message?
Robin Miyagi
21 February 2019, 17:01
Thank you for the wonderful web server. I really like how the source code is so clean and well written, and the application a joy to use.
Robin Miyagi
21 February 2019, 17:24
I wonder if being available in the official linux distribution repositories would help with the amount of overall awareness of Hiawatha in the site operator community. I imagine many are using Linux to host their operations.
David
21 February 2019, 17:34
@Daniel Eisele THANK YOU VERY MUCH!

When I upgraded; the syntax error pointed to a commented line (4 lines) above the default hostname. I started removing lines which at one point pointed to the WebsiteRooty below the default hostname to the Directory->UrlToolkit and above directives.
Jeff
27 February 2019, 00:42
This news makes me sad, using this software for more than 7 years has been a pleasure to use, there doesn't exist any decent alternative for hiawatha, all other webservers suck hard. I hope this software isn't abandoned and some capable hands can continue the great work done by Hugo all this years. Thanks Hugo for all your hardwork, wonder if there is a way for the community to compensate you.
Hiroki Kamino
28 February 2019, 15:02
I made Japanese manual of Hiawatha webserver.

First of all, I appreciate your development. Hiawatha was a very easy-to-use software.

I would like to take over the development, if possible, but there are concerns. Can I change the license of Hiawatha to "Apache License 2.0".

Your consideration of our request would be greatly appreciated.

Kind regards,
Hugo Leisink
1 March 2019, 08:09
@Hiroki. I've had several offers to help with development in the past. None of them resulted in actual code contributions. So, don't get me wrong, I appreciate your offer. But if you really want to help develop, I'd like some proof that you really mean it.

As mentioned in the blog, I'm not stopping to develop Hiawatha. I just stopped having big plans for Hiawatha. So, there is no 'taking over development'. There are two options for you. 1) Contribute to develop Hiawatha. It could really use HTTP/2 support, but I don't have the time for that. 2) Fork Hiawatha and write your own version.

Why do you want to change to the Apache license?
Hiroki Kamino
1 March 2019, 14:23
@Hugo
Thanks for the reply. I will explain why I proposed "APLv2 (or BSD-style)".

I apologize in advance that English is not my first language.

There was portion that becomes a little care in your comment.
> I've had several offers to help with development in the past. None of them resulted in actual code contributions.

(Same as Apache HTTPd) "nginx" which continues to expand market share also adopts "2-clause BSD license". (See also: http://nginx.org/LICENSE)
Although is looser than GPL-type license, both form a vibrant community. "lighttpd" is also being developed on community basis.

As a result of the analysis, I thought that adopting a loose license may reduce the responsibility for contribution.

Many people complain, but few people can write source code.
However, with the GPL license, it must be disclosed even in the source code under development. (Even if the developer does not want it)

Even if you try to distribute an experimental build that incorporates specific library, it's impossible to distribute only binaries in an open environment.
Contributors want only "bug reports", but they can't refuse it when requested for code disclosure.

Some people laugh at looking at source code that does not handle errors properly. It's so humiliating.
In the case of BSD-like license, we can distribute only binary because don't have the obligation to disclose. You can also brush up by asking the early adapter layer to review.

In conclusion "Contributing with the current license is very difficult". Even if I fork, I can't escape GPL contamination.
Of course, you can also kick this proposal as "ridiculous".

Thank you for your consideration.
Hugo Leisink
1 March 2019, 15:09
I don't think that the goal of the GPL license is for developers to disclose their code changes 'under development'. That would mean that I would have to disclose every character I type, like developing in public. That's not what the GPL is for.

However, I'm always open for discussion about the license. But let's discuss your development plans first. Is HTTP/2 support even an option for you? Or what other plans do you have for Hiawatha?
Zoltan
1 March 2019, 23:57
Thanks! Great work you accomplished!
Kapageridis Stavros
2 March 2019, 00:43
Sad to read this, but happy to use Hiawatha. Thank you for all Hugo.
Hiroki Kamino
2 March 2019, 07:32
I understand. Originally, HTTP/2 is based on Google's "SPDY" protocol.
If this is not an open standard, you don't need to actively adopt it.

However, as HTTPS communication becomes commonplace, the delay of old protocol becomes prominent.
Late leads to "a decrease in the number of visitors". It will be fatal for Web services that provide real-time communication.

The strength of Hiawatha webserver, it's "able to launch a secure Web server without complicated setup".
For Web server administrators, it's welcome, but the client side does not.

Speed and safety should be equal. To do this it will be necessary to support HTTP/2.
If we can use both HTTP/2 and HSTS without complicated setup, more people will switch from nginx etc.

HTTP/2 support is also valid for me and it will be effective for increasing individual use.
Kurt Marasco
2 March 2019, 21:52
Your efforts have been amazing. Not only have I enjoyed using Hiawatha, but I have learned much about web-servers in general from all of your great feedback in the forum.

May you find great success in your new venture!
Ricardo
2 March 2019, 23:42
I have been using Hiawatha with Kloxo-mr since it had the option and I can say it's the best webserver out there, damn it! This is so sad!

Isn't there anyone who can fork Engintron and make it work with Hiawatha? https://github.com/engintron/engintron

That would make the webserver quite popular. I was using Hiawatha + Apache (as second webserver to compatibility with .htaccess) and still outdid most of the webservers.

Sad forum is also disabled since at least users could help each other
Edgard
4 March 2019, 16:16
Can't anybody take over? Seriously, just by adding a few things to this webserver (http2) would do wonders
David
5 March 2019, 05:37
Thanks for so much effort over the years and a for great webserver!

Giving so much to Open Source is extremely noble and often feels thankless, but I'm sure everyone here really appreciates what you have given us.

If you would like the project to continue on from your fantastic base, that is of course what open source is about as well; perhaps you might invite forking of the project to someone who you believe could successfully keep it current.

Many Thanks
David Chapman
JS
5 March 2019, 11:52
I'm sorry to read this, but it is also easy to understand your decision. Thank You very much Hugo!
Maik
5 March 2019, 13:12
Hello Hugo,

well as some people mentioned above, I'm kinda sad about your decision but I totally understand your reasons. All I can say is thank your for your hard work.

And last but not least: I made an RFC to the dietpi-project to add hiawatha to their software repository. I think your webserver is the best choice to build a secure nextcloud server.

Let's see how the devs will decide.

Anyway, a huge THANK YOU!

Kind Regards,
Mike
Fred
5 March 2019, 17:11
Hi Hugo,

I am really sad to hear the news.
I have been using Hiawatha for 4 years and I really love it.
I'll carry on using it until it eventually dies.
Would you mind if I/we , the users start a new forum for community support?

Have fun playing your guitars and thank you for this wonderful piece of software you gave us all to use for free
Hugo Leisink
5 March 2019, 17:51
@Fred: You can use this forum if you want. I can even give some people moderator rights.
Joe Schmoe
7 March 2019, 16:16
I will echo the replies of many others in my gratitude for your work on this project. Its a joy to use.

Another thought for future development and collaboration would be to more fully embrace the features of GitLab. Enabling the Issue queue would be a great start.
Kewl
7 March 2019, 23:11
Not that I am expecting a correction given the current state but it seems to me that a bug has been introduced in 10.9 in the Windows version: a PUT request on a file replaces the line endings 0D0A in the file into 0A and some garbage appears at the end of the file. Going back to 10.8.4 I don't see this behavior. I don't see this issue in the Linux version either (could it has something to do with the cygwin update in 10.9?)

@Hugo: I can obviously understand your lack of interest investigating a windows issue and I am myself in the process of exiting completely windows. This message can be of interest though for future readers experiencing the same issue in 10.9. In this case the advice is to switch to 10.8.4 still available for download for Windows.

commandline.be
9 March 2019, 01:14
Thanks Hugo, for the many hours, the great quality of this software, the educational value, the always polite attitude.

Suddenly i feel the irrational urge to seek people to fork and rewrite hiawatha in rust, just to give it a fighting chance.

I will probably continue use of Hiawatha as to me it is the one that works well for me. Thanks again.
zmak
11 March 2019, 23:38
Hello Hugo,

I just wanted to say thank you for your great work over the past years. It is amazing to see that so many people use and love Hiawatha. It makes me sad that such a great piece of software won't be continued. On the other side, I totally understand your reasons (I'm also addicted to my guitar :-)

I wish you all the best for the future and once again thanks a lot for all the effort and work.

Cheers,
zmak
Hugo Leisink
12 March 2019, 18:24
Again, I never said Hiawatha won't be continued. I will just stop promoting it and try to make it an alternative webserver. So, no more active support or feature requests. I will just make Hiawatha for myself and share what I've made.
Zac
14 March 2019, 00:28
So basically it will never support http2 unless someone else contributes it?
Hugo Leisink
14 March 2019, 00:34
@Zac: Indeed.
Ron Jones
14 March 2019, 02:55
Thank you Hugo,

Hiawatha is without a doubt the breath of fresh air that I was looking for in a web server. Apache configuration had grown far more complex than it was worth... and Hiawatha is secure AND blazing fast. I am fortunate (and happy) that you plan to continue it in its current state. Perhaps the day may come when I need something else, but it works perfectly just the way it is.

Good luck with your guitar adventure! May you find the tone and feel it to your bones.

@JonesRE
chapchap70
15 March 2019, 02:39
Thank you for allowing us to benefit from your work with Hiawatha and Banshee.
vitronic
16 March 2019, 07:45
A lot of luck hugo, I will continue using hiawatha until something very bad happens, I have to say that I understand perfectly your position, I admire you very much, o7
Fred
18 March 2019, 10:34
@Hugo Leisink: I am not a Hiawatha expert in any way but I can help on basic question and I think we all need to the forum to keep going for the existing users as we are now part of the Hiawatha family and we need to help each other.
I don't mind moderating the forum and I'll try to do my best in answering basic questions.
I am sure others will also help.

Which email can I PM you with my details?
Hugo Leisink
19 March 2019, 09:12
@Fred: You can use hugo@leisink.net.
PICCORO Lenz McKAY
22 March 2019, 00:34
hiawatha its almost themost secure webserver.. and some will ask itselft "why if are the most secure are scaling down the ride?"

well the answer are in the real life: most stupid enterprices prefers pay expensive products event use real and efective products.. recently a friend of me tell me that a corporation integrates a BACNET software with 60000$ event use a more features but only llinus alternate... well.. that the real shit life!
QB
22 March 2019, 20:54
Thank you Hugo! If you become as good at guitar playing as at webserver development, then I hope to see a link to your carefully crafted songs somewhere nearby
Devon Carter
1 April 2019, 10:09
Just discovered Hiawatha at 12 noon today, seems the perfect server for my 'social reality theory' webserver and forum to save the world. It's now 4.00 pm.....phew..It not Armageddon ... the end ... but just a prioritization on your part. Although I loved SQL databases of 40 years ago, mysql was like a blind date I was never comfortable getting into bed with....just too much mystery and not enough reality for me. So I have my own modified ini text file data format and php scripts for my DIY CMS,,,,a keyword searches pulls meaningful snippets.... leading paragraph, keyword paragraph and trailing paragraph from a repository of thousands of files. Is there anyway hiawatha might be compatible with a roll your own...DIY....ini.file data and/or cms. As an example the ini file layout is like this:
User Table:
[IDX]
firstName="Mary"
otherName=" "
lastName= "Jones"

[IDX] // next record.
Kewl
13 April 2019, 10:36
@Hugo: because of the bug I reported earlier in the 10.9 Windows built (maybe linked to the cygwin update) it is a bit unfortunate this is the version that will be left for download, unless you plan to release another version in the future of course. Then it seems the user base of the win version is very small and I suppose it is not worth spending any time on it in the future given your new priorities.
Josef Pospisil
14 April 2019, 22:45
Hello Hugo, the world of IT is lacking of simple, genious, secure programs... Please try to keep Hiawatha up even if you make pauses please please try to keep it up... IT of nowadays is that overblown and dizzy that... please please please
Marc
30 April 2019, 09:41
Thanks for all of your time. I really appreciate the Hiawatha Webserver and I have been using it since 2015. (I am a younger person)
You helped me many times in the forum with my questions and I learned a lot.
Thank you for all of that!

What got me to Hiawatha in the first place?
I wanted a fast and secure webserver. I still want a secure webserver and I will continue to use Hiawatha.
Oli
15 May 2019, 16:06
It's unfortunate that the forum is read-only now. I feel hiawatha is still a useful piece of software and some forum for the community would be very helpful.

What about enabling issues on gitlab?
Hamed
27 May 2019, 14:49
@Hugo
First of all I should say thank you for what you've done during these years to make this project and lovely hiawatha
its very sad to hear that this project would be scaled down. I'm not a professional on this topic (web server development) but a regular web developer. I can't help for the development of this project but since I think doing our best to help this project is a great responsibility for us as users I can provide these things and I declare my commitment to these:
1- I can make a new website for hiawatha with a better forum. (I am a Drupal developer) and I would maintain the site (host, backups, further development etc)
2- we (in our web agency) can allocate a fraction of our income to this project. so if you don't mind please add a donation button to the website
3- I'm just learning hiawatha. we wanted to use it for our enterprise solutions that we are working on it now. so I promise that in the future I can do some forum moderation

Thanks again and sorry for my weak English!
Hugo Leisink
28 May 2019, 11:06
Hi Hamed, Thanks for your message.
1 - The forum itself isn't the issue. People answering questions is what's needed. What Hiawatha needs is a community, people helping other people. It took me too much time to answer all the support-questions myself. I'm willing to re-open the forum, but not without other people to help answering the questions.
2 - Thanks for the offer, but money is not what's needed. What's really needed is a developer willing to help HTTP/2 support. Without HTTP/2 support, Hiawatha doesn't really have a future. It's too much work for me on my own.
3 - See answer 1.
Sigg3
5 June 2019, 09:23
I discovered Hiawatha on FLOSS Weekly, and liked what I heard.

Sad to see you go, but as a family man myself, I sympathize with having to prioritize. Hopefully, we'll see you in concert Ciao!
Jeff
6 June 2019, 19:38
Maybe the issue with the forum was that there isn't a way to get automatic notifications of new post as a normal user. Would be useful if the forum supported a subscription per section to receive e-mail notifications of new entries, that way people that regularly check e-mail will notice the new entries and visit the site to reply if they know the answer.

I myself have been using Hiawatha for years but the few times I used the forums had to keep visiting them in order to know If a reply was given, e-mail notifications would surely help the community help each other since most people check e-mail regularly, I myself would answer questions for new topics if I'm notified about them.

So basically two features are needed in the forums:

1. Ability to subscribe/unsubscribe from forum sections to receive notifications of new topics.
2. Manual or automatic subscription to a topic when replying to it in order to receive all replies with the option to disable future replies by explicitly opting out.

The forum worked without a username or password but, at least the e-mail, name and password will be mandatory for this functionality.

On the other side the the hiawatha howto/man pages have mostly everything one needs to know and most questions are the consequence of not reading them properly (has happened to me), but there are also some cases when the current documentation may not be enough. Anyways, I may keep using Hiawatha for years and when I have time will try to study its source and see if I can contribute something (the http/2 stuff looks like a really complicated thing to implement from a security perspective since a single request can send more than one file at a time, making it harder to mitigate attacks, maybe limits have to be placed on the amount of stuff that can be send on a single request...)
Joe Schmoe
6 June 2019, 21:00
Good ideas, Jeff. I believe Gitlab, where the code is hosted, could solve the issues with notifications by enabling the Issue queue. No need to reinvent the wheel.
Joe Schmoe
6 June 2019, 21:16
Just some additional clarification on what kinds of notifications are allowed by GitLab:

Notification settings are divided into three groups:

Global settings
Group settings
Project settings

Each of these settings have levels of notification:

Global: For groups and projects, notifications as per global settings.
Watch: Receive notifications for any activity.
Participate: Receive notifications for threads you have participated in.
On Mention: Receive notifications when @mentioned in comments.
Disabled: Turns off notifications.
Custom: Receive notifications for custom selected events.

More info here ---

https://docs.gitlab.com/ee/workflow/notifications.html
Alex
10 June 2019, 16:17
Thank you for providing such an excellent webserver for free for such long time!

I used it in production as a reverse proxy/ssl endpoint for securing Confluence (tomcat) server for my clients.

As another commenter pointed out, the configuration file is so easy and it hiawatha always felt "plug and play".

All the best on your journey!
Jose
16 July 2019, 20:47
This is sad. Only by creating a cPanel plugin to use Hiawatha in cPanel would have made the webserver famous.
Vladas Palubinskas
18 July 2019, 12:39
Webmin [github.com] panel for Hiawatha is already in place, works perfectly.
Jeff
5 September 2019, 00:08
The hiawatha letsencrypt client seems to not work anymore so I migrated to the official certbot client and wrote a renewal-hook script that generates proper certificate files for the hiawatha server. First generate a certificate as:

```
certbot certonly -d domain.com,www.domain.com --webroot -w /home/domain/public_html/
```

Then you can copy the following script into: /etc/letsencrypt/renewal-hooks/deploy/hiawatha make it executable and run it manually if needed.
```
#!/bin/bash

if [ ! -e "/etc/letsencrypt/live" ]; then
exit
fi

if [ ! -e "/etc/hiawatha/tls" ]; then
mkdir /etc/hiawatha/tls
fi

for directory in $(ls /etc/letsencrypt/live); do
if [ "$directory" = "README" ]; then
continue
fi

echo "Generating certificate for ${directory}..."

cat /etc/letsencrypt/live/$directory/privkey.pem > /etc/hiawatha/tls/www.$directory.pem
echo "" >> /etc/hiawatha/tls/www.$directory.pem
cat /etc/letsencrypt/live/$directory/cert.pem >> /etc/hiawatha/tls/www.$directory.pem
echo "" >> /etc/hiawatha/tls/www.$directory.pem
cat /etc/letsencrypt/live/$directory/chain.pem >> /etc/hiawatha/tls/www.$directory.pem
done

systemctl restart hiawatha
```
Finally you can create a cronjob that renews all certificates which will also run the hiawatha hook by adding the following to your cron file:
```
* */10 * * * /usr/bin/certbot renew
```
Hugo Leisink
5 September 2019, 17:05
There were some recent changes in the Let's Encrypt API, which have been fixed in the 2.1 release of the Let's Encrypt script.
Jeff
9 September 2019, 20:21
Shouldn't that be put into the hiawatha gitlab repository and version bumped to something like 10.9.1 so that distro packages like archlinux (https://www.archlinux.org/packages/community/x86_64/hiawatha/) can pick it up?
Hugo Leisink
12 September 2019, 00:24
Yeah, will do soon.