Transcript
Web server
The term web server can mean one of two things: 1. A computer program that is responsible for accepting HTTP requests from clients, which are known as web browsers, and serving them HTTP responses along with optional data contents, which usually are web pages such as HTML documents and linked objects (images, etc.). 2. A computer that runs a computer program as described above.
Common features
Although web server programs differ in detail, they all share some basic common features. 1. HTTP: every web server program operates by accepting HTTP requests from the client, and providing an HTTP response to the client. The HTTP response usually consists of an HTML document, but can also be a raw file, an image, or some other type of document (defined by MIME-types). If some error is found in client request or while trying to serve it, a web server has to send an error response which may include some custom HTML or text messages to better explain the problem to end users. 2. Logging: usually web servers have also the capability of logging some detailed information, about client requests and server responses, to log files; this allows the webmaster to collect statistics by running log analyzers on log files. In practice many web servers implement the following features also: 1. Authentication, optional authorization request (request of user name and password) before allowing access to some or all kind of resources. 2. Handling of static content (file content recorded in server's filesystem(s)) and dynamic content by supporting one or more related interfaces (SSI, CGI, SCGI, FastCGI, JSP, PHP, ASP, ASP .NET, Server API such as NSAPI, ISAPI, etc.). 3. HTTPS support (by SSL or TLS) to allow secure (encrypted) connections to the server on the standard port 443 instead of usual port 80. 4. Content compression (i.e. by gzip encoding) to reduce the size of the responses (to lower bandwidth usage, etc.). 5. Virtual hosting to serve many web sites using one IP address. 6. Large file support to be able to serve files whose size is greater than 2 GB on 32 bit OS. 7. Bandwidth throttling to limit the speed of responses in order to not saturate the network and to be able to serve more clients.
Origin of returned content
The origin of the content sent by server is called:
• •
static if it comes from an existing file lying on a filesystem; dynamic if it is dynamically generated by some other program or script or Application Programming Interface called by the web server.
Serving static content is usually much faster (from 2 to 100 times) than serving dynamic content, especially if the latter involves data pulled from a database.
Path translation
Web servers are able to map the path component of a Uniform Resource Locator (URL) into:
• •
a local file system resource (for static requests); an internal or external program name (for dynamic requests).
For a static request the URL path specified by the client is relative to the Web server's root directory. Consider the following URL as it would be requested by a client:
http://www.example.com/path/file.html
The client's web browser will translate it into a connection to www.example.com with the following HTTP 1.1 request:
GET /path/file.html HTTP/1.1 Host: www.example.com
The web server on www.example.com will append the given path to the path of its root directory. On Unix machines, this is commonly /var/www/htdocs. The result is the local file system resource:
/var/www/htdocs/path/file.html
The web server will then read the file, if it exists, and send a response to the client's web browser. The response will describe the content of the file and contain the file itself.
Load limits
A web server (program) has defined load limits, because it can handle only a limited number of concurrent client connections (usually between 2 and 60,000, by default
between 500 and 1,000) per IP address (and IP port) and it can serve only a certain maximum number of requests per second depending on:
• • • • •
its own settings; the HTTP request type; content origin (static or dynamic); the fact that the served content is or is not cached; the hardware and software limits of the OS where it is working.
When a web server is near to or over its limits, it becomes overloaded and thus unresponsive.
Overload causes
At any time web servers can be overloaded because of:
• • • • • • •
Too much legitimate web traffic (i.e. thousands or even millions of clients hitting the web site in a short interval of time. e.g. Slashdot effect); DDoS (Distributed Denial of Service) attacks; Computer worms that sometimes cause abnormal traffic because of millions of infected computers (not coordinated among them); XSS viruses can cause high traffic because of millions of infected browsers and/or web servers; Internet web robots traffic not filtered / limited on large web sites with very few resources (bandwidth, etc.); Internet (network) slowdowns, so that client requests are served more slowly and the number of connections increases so much that server limits are reached; Web servers (computers) partial unavailability, this can happen because of required / urgent maintenance or upgrade, HW or SW failures, back-end (i.e. DB) failures, etc.; in these cases the remaining web servers get too much traffic and become overloaded.
Overload symptoms
The symptoms of an overloaded web server are:
• • • •
requests are served with (possibly long) delays (from 1 second to a few hundred seconds); 500, 502, 503, 504 HTTP errors are returned to clients (sometimes also unrelated 404 error or even 408 error may be returned); TCP connections are refused or reset (interrupted) before any content is sent to clients; in very rare cases, only partial contents are sent (but this behavior may well be considered a bug, even if it usually depends on unavailable system resources).
Anti-overload techniques
To partially overcome above load limits and to prevent overload, most popular web sites use common techniques like:
•
• •
managing network traffic, by using: o Firewalls to block unwanted traffic coming from bad IP sources or having bad patterns; o HTTP traffic managers to drop, redirect or rewrite requests having bad HTTP patterns; o Bandwidth management and traffic shaping, in order to smooth down peaks in network usage; deploying web cache techniques; using different domain names to serve different (static and dynamic) content by separate Web servers, i.e.:
o o o o http://images.example.com http://www.example.com
•
• • • • • •
using different domain names and/or computers to separate big files from small and medium sized files; the idea is to be able to fully cache small and medium sized files and to efficiently serve big or huge (over 10 - 1000 MB) files by using different settings; using many Web servers (programs) per computer, each one bound to its own network card and IP address; using many Web servers (computers) that are grouped together so that they act or are seen as one big Web server, see also: Load balancer; adding more hardware resources (i.e. RAM, disks) to each computer; tuning OS parameters for hardware capabilities and usage; using more efficient computer programs for web servers, etc.; using other workarounds, especially if dynamic content is involved.
Historical notes
In 1989 Tim Berners-Lee proposed to his employer CERN (European Organization for Nuclear Research) a new project, which had the goal of easing the exchange of information between scientists by using a hypertext system. As a result of the implementation of this project, in 1990 Berners-Lee wrote two programs:
• •
a browser called WorldWideWeb; the world's first web server, which ran on NeXTSTEP.
Between 1991 and 1994 the simplicity and effectiveness of early technologies used to surf and exchange data through the World Wide Web helped to port them to many different operating systems and spread their use among lots of different social groups of people, first in scientific organizations, then in universities and finally in industry.
In 1994 Tim Berners-Lee decided to constitute the World Wide Web Consortium to regulate the further development of the many technologies involved (HTTP, HTML, etc.) through a standardization process. The following years are recent history which has seen an exponential growth of the number of web sites and servers.
Market structure
iven below is a list of top Web server software vendors published in a Netcraft survey in April 2008. Vendor Apache Microsoft Google Oversee lighttpd nginx Others Total Product Web Sites Hosted Percent Apache 83,206,564 50.22% IIS 58,540,275 35.33% GWS 10,075,991 6.08% Oversee 1,926,812 1.16% lighttpd 1,495,308 0.9% nginx 1,018,503 0.61% 9,432,775 5.69% 165,696,228 100.00%
There are hundreds of different web server programs available, many of which are specialized for very specific purposes, so the fact that a web server is not very popular does not necessarily mean that it has a lot of bugs or poor performance. See Category:Web server software for a longer list of HTTP server programs.
Comparison of web server software
Overview
Server Abyss Web Server And-httpd AOLserver Creator Aprelium James Antill NaviSoft Apache Software Foundation Apache Software Foundation Cost Open (USD) source Free - $59 No Free Free Yes Yes Software Last stable Release license version date proprietary 2006LGPL 0.99.11 09-11 AOLserver Public License Apache License Apache License 2.2.8 200801-19 200802-07
Apache HTTP Server
Free
Yes
Apache Tomcat
Free
Yes
6.0.16
BadBlue BarracudaDrive Application Server Boa bozohttpd Caudium Cherokee HTTP Server
Working Resources Inc. Real Time Logic Paul Phillips Matthew R. Green The Caudium Group Alvaro Lopez Ortega Borland Seanox Software Solutions Davis E. King
$29.99– $59.99 Free/$70 Free Free Free Free Included in Corel Paradox version ≥ 9 Free
No No Yes Yes Yes Yes
proprietary proprietary GPL 3.9 0.94.13 200805-09 200207-30 200803-03 200712-16 200803-17
BSD variant 20080303 GPL GPL 1.4.12 0.6.0
Corel Web Server
No
proprietary
Devwex
No
proprietary 1.2008.0524 Boost Software License proprietary
200805-24
dlib C++ http server
Free Freeware with the option to upgrade Free Free Free
Yes
Fastream Fastream IQ Web/FTP Server Technologies Fnord Hiawatha HFS HP-UX NSA hssTVS IBM HTTP Server IceWarp Server Felix von Leitner Hugo Leisink Rejetto HewlettPackard Oliver Baumgärtel IBM IceWarp Software
No
Yes Yes Yes
GPL GPL GPL
1.10 6.5 2.2
200509-28 200803-08 200707-18
Free Free Included with mail server Included with newer Windows NT Family products Free Free $899.00 Free
No No No
proprietary proprietary proprietary
0.230e 6.1
200707-30 200607-21
Internet Information Services (IIS)
Microsoft
No
proprietary
Jetty Jigsaw JRun KF Web Server
Mort Bay Consulting W3C Adobe KeyFocus
Yes Yes No No
Apache License W3C License[1] proprietary proprietary
6.1.6
200711-18
Koala Web Server
The Open Dylan Group
Free
Yes
Functional Object Library Public License BSD variant proprietary BSD variant BSD variant 1.4.19 200803-10
lighttpd LiteSpeed Web Server Mathopd micro_httpd
mini_httpd Monkey HTTP Daemon MyServer NaviServer
NCSA HTTPd
Jan Kneschke Free (Incremental) LiteSpeed Free to $799 Technologies Michiel Free Boland Jef Poskanzer for ACME Free Laboratories Jef Poskanzer for ACME Free Laboratories Eduardo Silva Free MyServer Free Project Various Free Noncommercial Robert use free, McCool Commercial use with fee Igor Sysoev Marcus Glocker NullLogic Nigel Griffiths, IBM PPS Université Paris Diderot - CNRS Max Krohn, MIT OpenKeta Project OpenLink Software Free Free Free Free
Yes No Yes Yes
Yes Yes Yes Yes
BSD variant GPL GPL MPL 1.1 Free for NonCommercial Use BSD variant BSD variant GPL proprietary 0.5.1
Yes
1.5.2a
Nginx nhttpd Null httpd nweb
Yes Yes Yes Yes
0.6.31
200805-12
Ocsigen
Free
Yes
LGPL GPL [2] BSD variant GPL and Commercial Versions proprietary ? proprietary GPL
OKWS OpenKETA OpenLink Virtuoso
Free Free
Yes Yes Yes
Oracle HTTP Server publicfile Rock Web Server Roxen
Free & Commercial Versions Oracle Free & Technology Commercial Network Versions Daniel J. Free Bernstein Accoria $2000+ Networks Roxen Free
No ? No Yes
Savant Web Server SHTTPD Sun Java System Web Server thttpd TUX web server TV's server UltiDev Cassini Web Server Web/2 Weblogic WebObjects WASD Xavante Xitami Yaws Zeus Web Server ZwebServer Server
Internet Software Michael Lamont Sergey Lubka Sun Microsystems Jef Poskanzer for ACME Laboratories Ingo Molnár TV's software UltiDev LLC Dink BEA Weblogic Apple Computer
Free Free Free Free Free Free Free Free $9000+
Yes Yes No Yes Yes No No No No No Yes Yes No Yes No No Open source
GPL BSD variant proprietary BSD variant GPL proprietary proprietary proprietary proprietary proprietary GPL GPL compatible proprietary BSD variant proprietary proprietary 1.0.1 Software Last stable Release license version date 1.76 200804-03 2.25b
Free with Mac OS X Server 10.4 Mark Daniel Free The Kepler Free Project iMatix Free / $99 Corporation for Pro Claes Free Wikström Zeus £1100+ Technology Zotag Search Free Creator Cost (USD)
[edit] Features
Security Dynamic content[3] R uns in basic digest virtua user Administr Server access access l CG FastC Servl ASP.N spac https SSI ation authentica authentica hostin I GI et ET e or console tion tion g kern el spac e paid Yes on Abyss Web Yes No Yes versio Yes Yes No Yes Windo user Yes Server n ws And-httpd Yes No No Yes No No No Yes No user ? via too
IPv6
? ?
AOLserver Apache HTTP Server Apache Tomcat BadBlue Barracuda Drive Boa bozohttpd Caudium Cherokee HTTP Server Corel Web Server Devwex Fastream IQ Web/FTP Server Fnord Hiawatha HFS HP-UX NSA hssTVS IBM HTTP Server IceWarp Server Internet Informatio n Services JBoss Web Jetty Jigsaw JRun Koala Web Server lighttpd Linux khttpd LiteSpeed
Yes Yes Yes Yes Yes No Yes Yes
No Yes Yes ? Yes No No Yes
Yes Yes Yes ? Yes No Yes Yes
Yes Yes No Yes Yes Yes Yes Yes No ? Yes ?
ls No Yes
?
user
? Yes Yes ? Yes ? No ?
? Yes ? ? Yes Yes Yes Yes[6] (unconfir med) Yes[7] ? ? ? ? Yes ? ? ? ? Yes
No[4] Yes No[5] user Yes Yes ? Yes via No LS P No No No No Yes Yes ? No ? No No No ? user ? user user user user
Yes Yes No Yes Yes No Yes Yes No Yes Yes Yes
Yes Yes Yes Yes Yes Yes Yes No No Yes Yes
Yes No No Yes ? Yes No No No Yes Yes
Yes No Yes Yes ? Yes No No
Yes Yes Yes N No o[8] Yes Yes No No Yes Yes Yes Yes Yes No Yes Yes Yes No No No ? No No No
No Yes No No No Yes No No No No No No No No No No No No ? ? Yes Yes
No No No ? ? No ? No ? No Yes
user user user user user user ? kern el user user user kern el and user[
11]
Yes Yes Yes Yes ? Yes ? Yes No Yes Yes
No[9] Yes No Yes Yes
Yes Yes Yes Yes Yes Yes
Yes
Yes
Yes
Yes Yes Yes No[10] Yes
Yes
Yes
Yes
Yes ? Yes Yes No Yes No Yes
Yes ? Yes Yes No Yes No Yes
Yes ? ? Yes No Yes No Yes
Yes ? Yes Yes
Yes No Yes ? Yes ? Yes No No
Yes Yes Yes ? Yes ? Yes Yes No No
[4]
Yes ? ? No ?
[5]
user user user user user user kern el user
? ? ? ? ? ? No Yes
? ? ? ? ? Yes ? ?
Yes No
?
Yes Yes Yes ? No No
Yes No
No No No[4] No
No ?
Yes Yes Yes
Web Server Mathopd micro_http d mini_httpd Monkey HTTP Daemon MyServer NaviServer NCSA HTTPd[12] Nginx nhttpd Null httpd nweb Ocsigen OpenKETA OpenLink Virtuoso Oracle HTTP Server[14] publicfile Rock Web Server Roxen Savant Web Server[16] SHTTPD Solaris NCA SPIN webserver Sun Java System Web Server thttpd TUX web server TV's server UltiDev Cassini Web Server WASD Web/2 Xavante Xitami
Yes No Yes No Yes Yes Yes Yes Yes No No Yes No Yes Yes No Yes Yes ? No ? ? Yes Yes No No ? Yes Yes Yes Yes
? ? ? No Yes No Yes No No No No ? No Yes ? No Yes Yes ? Yes ? ? Yes ? No Yes ? Yes ? ? ?
? No Yes No Yes Yes ? Yes Yes No No Yes No Yes Yes No Yes Yes No Yes ? ? Yes No No
Yes Yes Yes No
? No
?
?
? ? ? ? ? ? No No No No No No ? ? No No ? ? No No ? ? No No No No Yes ? ? ? ?
user user user user user user user user user user user user kern el ? user user ? user user user kern el kern el user user kern el user ? user user user user
No ? ? ? Yes Yes ? ? ? No No ? ? ? ? No ? ? Yes Yes ? ? Yes ? ? Yes ? Yes ? ? ?
? No Yes ? ? ? ? No Yes No No Yes ? ? ? No ? ? ? ? ? ? Yes Yes ? Yes ? ? ? ? ?
No No No No No No ? ? No No No Yes No No No No No Yes No No No No
Yes Yes No Yes Yes No Yes Yes Yes Yes Yes No Partial Yes ? [13] Yes Yes No No Yes No No Yes Yes No Yes No Yes No No No No No No
No No Yes Yes No Yes No No
Yes No
Yes Yes Yes Yes No No
Yes Yes No No[15] No Yes Yes Yes ? Yes No Yes Yes No No No Yes ? ? ? ?
No Yes No ? ? ? ? ? ?
Yes Yes Yes Yes Yes No Yes Yes No
Yes Yes No No No No No No No No No Yes ? ? ? ? ? Yes
No[9] Yes Yes No No ? No No
Yes Yes Yes Yes ? Yes Yes ? ? ? Yes ? paid versi Yes Yes ? on
Yaws Zeus Web Server ZwebServe r
Yes Yes No
? Yes No Security
Yes Yes No
Yes Yes
?
?
Yes
? ? No
user user user
? ? Yes
? ? Yes
Yes Yes Yes No No No
No[4] Yes No No
Dynamic content[17]
Server
R uns in basic digest virtua user Administr access access l CG FastC Servl ASP.N spac https SSI ation authentica authentica hostin I GI et ET e or console tion tion g kern el spac e
IPv6
[edit] Operating system support
Server Abyss Web Server And-httpd AOLserver Apache HTTP Server Apache Tomcat BadBlue Boa bozohttpd[18
]
Windows Yes No Yes Yes Yes Yes ? see note No Yes Yes Yes Yes ? Yes (Cygwin) Yes No
Mac OS Linux X Yes Yes Yes Yes Yes No ? see note Yes Yes No Yes No ? Yes No No Yes Yes Yes Yes Yes No Yes Yes Yes Yes No Yes No Yes Yes No No
BSD Yes Yes Yes Yes Yes No Yes Yes (see note) Yes Yes No Yes No ? Yes No No
Solaris Yes Yes Yes Yes Yes No ? Yes Yes Yes No Yes No ? Yes No No
eCS No No No Yes No No No see note No No No ? No No No No No
OpenVMS No No No Yes ? No No see note No No No ? No No No No No
AIX ? ? ? Yes Yes
z/OS ? ? ? Yes Yes
Caudium Cherokee HTTP Server Corel Web Server Devwex Fastream IQ Web/FTP Server Fnord Hiawatha HFS HP-UX NSA
[19]
? ? ? ? see see note note Yes ? ? No ? No ? ? No No ? No ? No ? ? No No
hssTVS IBM HTTP Server IceWarp Server Internet Information Services Jetty Jigsaw JRun Koala Web Server
No Yes Yes Yes Yes Yes Yes Yes
No No No No Yes Yes Yes No Yes No Yes ? Yes Yes No Yes Yes ? Yes Yes ? No Yes No Yes ? ? No Yes No Yes No
Yes Yes Yes No Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes
No No No No ? Yes ? Yes (FreeBSD ) Yes No Yes Yes Yes Yes No Yes Yes Yes
No Yes No No Yes Yes Yes No Yes No Yes ? Yes Yes No Yes Yes Yes Yes No ? Yes Yes No Yes Yes ? Yes Yes No Yes Yes
No ? No No ? No ? No No No No No No No No ? ? No No No No No ? No No No ? No No No ? No
No No No No No No No No No No No No No No No ? ? No No No No No ? No No No ? No No No ? No
No Yes No No ? ? ? No ? No ? ? ? ? ? ? Yes ? ? ? ? Yes ? ? ? Yes ? ? ? No Yes No
No Yes No No ? ? ? No ? No ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? No ? ?
lighttpd Yes Linux No khttpd LiteSpeed No Web Server Mathopd ? micro_http (cygwin?) d mini_httpd (cygwin?) Monkey HTTP No Daemon MyServer Yes NaviServer Yes NCSA ? HTTPd Nginx (cygwin?) nhttpd No Null httpd Yes nweb No Ocsigen No OpenKETA OpenLink Virtuoso Oracle HTTP Server publicfile Rock Web Server Roxen Savant Web Server SHTTPD Sun Java No Yes ? No No Yes Yes Yes Yes
Yes Yes ? No Yes Yes Planned (FreeBSD in future ) Yes Yes Yes Yes Yes No Yes Yes Yes ? Yes No Yes No Yes No
System Web Server thttpd TUX web server TV's server UltiDev Cassini Web Server WASD Web/2 Xavante Xitami Yaws Zeus Web Server ZwebServer Server Yes (cygwin) No Yes Yes No Yes Yes Yes Yes No Yes Windows Yes No No No No No Yes ? Yes PowerPC -only ? Mac OS X Yes Yes No No No No Yes Yes Yes Yes No Linux Yes No No No No No Yes Yes Yes Yes (FreeBSD ) No BSD Yes No No No No No Yes ? Yes Yes No Solaris No No No No No Yes No Yes No No No eCS No No No No Yes No No No No No No OpenVMS ? No No No No ? ? ? Yes ? No AIX ? No No No No ? ? ? ? ? No z/OS