TL;DR
Zeroserve is a small, fast web server that serves websites directly from a tarball and enables scripting with sandboxed eBPF programs. It aims to replace traditional servers like nginx with a zero-config, scriptable approach, running entirely in userspace.
Developers have unveiled Zeroserve, a lightweight web server that serves static websites directly from a tarball and allows scripting request handling with sandboxed eBPF programs, all without configuration files. This innovation aims to simplify deployment and offer high performance, positioning itself as an alternative to nginx and Caddy.
Zeroserve is a small, single-process HTTPS server that serves a website stored as a tarball, indexing it on load without unpacking. It supports modern TLS 1.3, HTTP/2, and encrypted client hello, ensuring secure connections. The core feature is its ability to run eBPF programs in userspace, compiled from C files placed in a specific directory, which execute on every request to handle routing, headers, authentication, and rate limiting. Building a web server in aarch64 assembly to give my life (a lack of) meaning. These scripts are JIT-compiled into native code, ensuring fast execution.
The server uses io_uring for network and disk I/O, enabling efficient asynchronous operations. Deployment is simplified: updating the site involves replacing the tarball and sending a SIGHUP signal to reload everything atomically, with no dropped connections. Zeroserve’s scripting model consolidates configuration and middleware logic into a single eBPF program, removing the need for traditional layered configurations or plugin systems. The server also includes features like hot reload, TLS with SNI, and request inspection capabilities, making it suitable for static sites, APIs, and gateway functions.
Why It Matters
Zeroserve’s approach to combining zero-configuration deployment with high-performance, sandboxed eBPF scripting could significantly streamline web server management. Its ability to handle requests efficiently in userspace and its simplified deployment model may appeal to developers seeking lightweight, flexible alternatives to established servers like nginx, especially for edge computing, microservices, or embedded environments. The integration of eBPF scripting extends the potential for custom request handling without complex plugin systems, potentially influencing future web server designs.
TP-Link Archer BE24000 Quad-Band WiFi 7 Router (Archer BE900) with Dual 10 Gbps Multi-Gig Ethernet Ports and LED Touch Screen,12 High Performance Antennas, VPN Supported
REDEFINING WI-FI ROUTERS: With powerful Wi-Fi 7 performance, lightning-fast wired connections, brand-new design, and easy-to-use touchscreen and LED…
As an affiliate, we earn on qualifying purchases.
As an affiliate, we earn on qualifying purchases.
Background
Traditional web servers such as nginx and Caddy rely on declarative configuration files and optional scripting languages like Lua or plugins, which can introduce complexity. Recent developments in eBPF have enabled kernel-level request processing, but Zeroserve leverages sandboxed eBPF in userspace, combining high performance with safety. Its design reflects a trend toward minimal, fast, and scriptable servers, responding to the need for simpler deployment models in modern cloud and edge environments. Building a web server in aarch64 assembly to give my life (a lack of) meaning. The concept of serving static sites directly from a tarball with hot reload is inspired by containerization and immutable infrastructure practices, aiming to reduce deployment complexity. Building a web server in aarch64 assembly to give my life (a lack of) meaning.
“Zeroserve collapses configuration and middleware into one sandboxed eBPF program, simplifying request handling and deployment.”
— Zeroserve Developers
“Zeroserve aims to be a fast, zero-config alternative to nginx, with scripting capabilities that run in userspace via sandboxed eBPF programs.”
— Hacker News Source
Bulletproof TLS and PKI, Second Edition: Understanding and Deploying SSL/TLS and PKI to Secure Servers and Web Applications
As an affiliate, we earn on qualifying purchases.
As an affiliate, we earn on qualifying purchases.
What Remains Unclear
It is not yet clear how Zeroserve performs under high concurrency or in production environments, and how mature its scripting ecosystem will become. Details about security, scalability, and compatibility with existing infrastructure are still emerging, as the project is in early stages of community adoption.
Learning eBPF: Programming the Linux Kernel for Enhanced Observability, Networking, and Security
As an affiliate, we earn on qualifying purchases.
As an affiliate, we earn on qualifying purchases.
What’s Next
Further testing and benchmarking by early adopters are expected to assess Zeroserve’s performance and stability. Developers are likely to expand scripting capabilities and improve tooling. Community feedback and real-world deployments will shape its evolution, with potential integrations or plugins in development. Monitoring updates on its GitHub repository and user experiences will be crucial in understanding its practical viability.
Zig Network Programming: Practical TCP/UDP, Asynchronous I/O, and High-Performance Networking with Zig
As an affiliate, we earn on qualifying purchases.
As an affiliate, we earn on qualifying purchases.
Key Questions
How does Zeroserve compare to nginx in performance?
Preliminary benchmarks suggest Zeroserve can outperform nginx on single-core workloads for static files and small proxy responses, owing to its efficient use of io_uring and JIT-compiled eBPF scripts. However, comprehensive performance data is still being gathered.
Can I use Zeroserve for dynamic content or backend integration?
Zeroserve primarily targets static sites and request routing. Its scripting model allows request inspection and modification, but it does not natively support server-side scripting languages like PHP or Python. It can proxy requests to backend services, making it suitable as an API gateway or reverse proxy.
Is Zeroserve secure to run in production?
As a new project, Zeroserve’s security model is still under evaluation. Its sandboxed eBPF scripts run in userspace, reducing kernel attack surface, but comprehensive security audits are pending. Users should exercise caution and monitor updates before deploying in sensitive environments.
What is required to deploy a site with Zeroserve?
You need to package your website into a tarball, place any eBPF scripts in the designated directory, and run the server with the tarball. Updating the site involves replacing the tarball and sending a SIGHUP signal for hot reload.
Source: Hacker News
