#webhook #server #http #https #ci

app webhook-httpd

simple HTTP(S) server for receiving webhooks and running commands

3 releases

0.1.2 Aug 13, 2021
0.1.1 Dec 20, 2020
0.1.0 Dec 20, 2020

#83 in HTTP server


872 lines

webhook-httpd tests

webhook-httpd is a simple HTTP(S) server to receive webhooks, written in Rust.


  • Run commands on POST requests based on the request URL.
  • Optionally verify the X-Hub-Signature-256 header.
  • Optionally limit job concurrency per hook.
  • Supports TLS with OpenSSL.

Hooks are configured as a sequence of commands to execute when a POST request is made for a certain URL. A hook can run an arbitrary number of commands, and you can configure any number of hooks for different URLs. For each command run by a hook, you can configure if it should receive the request body on standard input.


The server supports limiting the number of concurrently running jobs per hook. When the concurrency limit is reached, jobs can be put in a first-in-first-out or last-in-first out queue. Each hook can have a different concurrency limit, queue type and maximum queue size.

By default, a hook will run only one job concurrently, and will queue at most one job in a LIFO queue (meaning older jobs are dropped when the queue is full). This is a good configuration for hooks that just want to update things based on the latest request, but all parameters can be changed individually per hook.

Command environment

Each command is executed with some environment variables set. The variables provide some information about the HTTP request that was made:

  • URL_PATH: The path portion of the request URL.
  • URL_QUERY: The query portion of the request URL.
  • REMOTE_ADDR: The IP address of the remote peer.
  • REMOTE_PORT: The port number of the remote peer.

You can also configure a command to receive the request body on its standard input. In that case, some additional environment variables are set:

  • CONTENT_TYPE: The value of the Content-Type header.
  • CONTENT_LENGTH: The size of the request body in bytes.

Example configuration

A small configuration is shown below. For a more detailed example with comments, see example-config.yaml or run webhook-httpd --print-example-config.

port: 8091
  private-key: /etc/letsencrypt/live/example.com/privkey.pem
  certificate-chain: /etc/letsencrypt/live/example.com/fullchain.pem

  - url: "/make-release-tarball"
      - cmd: ["make-release-tarball"]
        stdin: request-body
    working-dir: "/path/to/repository/"
    max-concurrent: 1
    queue-size: unlimited
    queue-type: fifo
    secret: "some-randomly-generated-secret"

  - url: "/update-daemon-config"
      - cmd: ["git", "fetch"]
      - cmd: ["git", "reset", "--hard", "origin/main"]
      - cmd: ["systemctl", "reload", "my-little-service"]
    working-dir: "/etc/my-little-service/"
    secret: "some-randomly-generated-secret"


The crate has one optional feature: static-openssl. When the feature is enabled, openssl is linked statically against a locally compiled OpenSSL. This can be used to create a binary with a minimal set of runtime dependencies, and it can make compilation easier on systems with no recent version of OpenSSL readily available.


~274K SLoC