==== Building the gatling webserver ====

Fefe made a small and fast webserver [[https://www.fefe.de/gatling/|gatling]]. It turned out that building that webserver on debian was a little bit tricky. This post describes the steps I took to build gatling. 

=== Motivation ===

Due to security concerns the gitlab server of the University of Applied Sciences Augsburg has been hidden behind the VPN. The server is only accessible from within the university. I wanted to have a look at some smaller maybe less complex software and so I start with a "small" webserver. Small compared to apache or nginx.

=== Gatling and variants ===

The basic idea of gatling is to have a small statically linked executable. There are some gatling variants:

  * gatling - a http only webserver
  * tlsgatling - gatling with tls (https) provided by openssl
  * ptlsgatling - gatling with tls (https) provided by mbedtls

=== Required Components ===

The gatling webserver without https just needs dietlibc and libowfat. For https you need in addition either openssl or mbedtls. While openssl is more widely used, mbedtls promises to be smaller.

  * [[https://www.fefe.de/gatling/|gatling]] - the webserver
  * [[https://www.fefe.de/dietlibc/|dietlibc]] - a libc replacement with minimum size in mind
  * [[https://www.fefe.de/libowfat/|libowfat]] - some socket/unix functions
  * [[https://www.trustedfirmware.org/projects/mbed-tls/|mbedtls]] - a small size tls/ssl library
  * [[https://openssl-library.org|openssl]] - a famous tls/ssl library


=== Creating a x.509 certificate for localhost ===

[[https://letsencrypt.org/docs/certificates-for-localhost/|Letsencrypt]] describes how to create self signed certificates for development with https for tls/ssl. The following code creates a self signed x.509 certificate and a private key. The gatling server searches for a file "server.pem" which must contain the certificate "localhost.crt" and the private key "localhost.key".

<code>
openssl req -x509 -out localhost.crt -keyout localhost.key \
  -newkey rsa:2048 -nodes -sha256 \
  -subj '/CN=localhost' -extensions EXT -config <( \
   printf "[dn]\nCN=localhost\n[req]\ndistinguished_name = dn\n[EXT]\nsubjectAltName=DNS:localhost\nkeyUsage=digitalSignature\nextendedKeyUsage=serverAuth")

cp localhost.crt server.pem
cat localhost.key >> server.pem
</code>