Do things differently.

Among this statement I was looking for something new for developing websites. Over the last years I used a few languages for doing web development, including ruby and erlang. All these languages have in common that they are abstracted to a point where the user can focus on creating things instead of fiddling around with the language itself. So, to make something different I selected the language I used most of the time for the last year, C. You might have heard that writing web software in C isn’t a good idea. We will see. Part of the journey will be learning a lot about safe programming patterns for the C language and getting a feeling for dangerous code.

The Kore web application framework

If you want to do modern web development, you have to use modern web technologies. This includes HTTPS, SPDY, WebSockets, IPv6 and much more. If you want to be efficient you can not write all that stuff yourself. It would probably take months of work to get a stable base of working tools. But there is light at the end of the tunnel. The Kore web application framework. It gives you all the tools you need to quickly become flying in the web.

Kore provides a huge list of features:

  • Supports SNI
  • Supports SPDY/3.1
  • Supports HTTP/1.1
  • WebSocket support
  • Non blocking page handlers
  • Built-in parameter validation
  • Lightweight background tasks
  • Only HTTPS connections allowed
  • Easy to use authentication blocks
  • Multiple libraries can be loaded at once
  • Built-in asynchronous PostgreSQL support
  • Default sane TLS cipher suites (PFS in all major browsers)
  • Load your web application as a precompiled dynamic library
  • Event driven architecture with per CPU core worker processes
  • Modules can be reloaded on-the-fly, even while serving content

That looks like a good base to start developing :).

A simple example

After installing (look at documentation), Kore provides the user with a programm of the same name. Try to start Kore:

$ kore
Usage: kore [options | command]

Available options:
-c	specify the configuration file to use
-d	run with debug on (if compiled in)
-f	start kore in foreground mode
-h	this help text
-n	do not chroot (if not starting kore as root)
-v	display kore's version information

Available commands:
help	this help text
run	run an application (-fn implied)
build	build an application
clean	cleanup the build files
create	create a new application skeleton

The commands mostly exist for your convenience
when hacking on your Kore applications.

Production servers should be started using the options.

Find more information on

The usage is very clear, so let’s start creating a new web application. By using kore create <name>, Kore creates a new application skeleton with the name <name> in the folder <name>. Create a new app:

$ kore create hello
created hello/src/hello.c
created hello/conf/hello.conf
created hello/.gitignore
hello created succesfully!
note: do not use the generated certificates for production

This creates a new folder with all necessary files you need to start developing a web application in C. The file src/hello.c is the main file of your application. Here the one we created before:

#include <kore/kore.h>
#include <kore/http.h>

int page(struct http_request *);

int page(struct http_request *req)
    http_response(req, 200, NULL, 0);
    return KORE_RESULT_OK;

The other important file is the application configuration file conf/hello.conf. In this file you can configure the behavior of the application. This includes network binding information, virtual hosts and request routing. Take a look at the generated file from before:

bind 8888
load ./

domain {
    certfile cert/server.crt
    certkey cert/server.key
    static / page

By default Kore binds to on tcp port 8888. So your application is only accessible from within your machine. The load directive specifies the application file to load. Kore than dynamically links the binary data together and runs your application. Also Kore creates a first virtual host for you based on SNI. Kore is designed to be as safe as possible and only accepts encrypted connections. For that Kore creates a dummy SSL certificate. Be sure to replace it for a production application. The directives certfile and certkey are used to specify the certificate and key to use. To route the outside in, Kore has some directives like static. This is used to tell Kore what callback function should be called for a defined path. The example above means: Serve static data for path / by calling the function page. If you look back to the src/hello.c file you may see that this is exactly the function defined in the source code.

Before we run the application, we create some content to be served. We create a small c-string with some text and use the page callback to deliver that content. Modify the src/hello.c like shown below.

#include <kore/kore.h>
#include <kore/http.h>
#include <string.h>

int page(struct http_request *);

int page(struct http_request *req)
    char *hello = "Hello world!";
    http_response(req, 200, hello, strlen(hello));
    return KORE_RESULT_OK;

Now let’s get to the interesting part; running the application.

$ cd hello
$ kore run
compiling hello.c
hello built succesfully!
[parent]: running on
[parent]: kore is starting up
[wrk 0]: worker 0 started (cpu#0)

The application is running and waiting for requests on port 8888. Now let’s try to send a request to Kore and proof that we’ve done everything right. We use curl for that little test.

$ curl -k
Hello world!

It works! Yay!

You can also use a web browser to look at our new shiny web site.

Kore shows in an impressive way how easy it can be to create web applications in the C language. There is much more to show you about Kore and C, so stay tuned for the next posts.