 | Level: Intermediate Cameron Laird (claird@phaseit.net), Vice President, Phaseit, Inc.
10 Jul 2007 Recent years have enjoyed a florescence of interesting implementations of
Web servers, including lighttpd, litespeed, and mongrel, among others. These Web
servers boast different combinations of performance, ease of administration,
portability, security, and related values. The following engineering study surveys the field of lightweight Web servers to help you find one likely to meet the technical requirements of your next project.
"Lightweight" Web servers like
lighttpd,
litespeed, and
mongrel can
offer dramatic benefits for your projects. This article surveys the
possibilities and shows how they apply to you.
What does it take to
be a Web server?
The first important aspect is to understand clearly the domain under investigation
(see Resources for
details). The
fundamental end-user action on the Internet is "going to
a Web page." At a high level, this involves teamwork between
a couple of applications:
- a Web browser, like Firefox or
Internet Explorer, which requests a specific
page and displays in human-readable form what
it receives from...
- a Web server, generally on a remote machine,
which responds to the page request with an
HTML-coded or similar stream of data.
All Web users have direct contact with browsers, and there's
a corresponding level of zealotry in their selection and analysis.
Servers, though, are visible only to the sites' technical staff.
Moreover, while there are scores of different Web servers in use,
two account for around 90% of all sites, according to recent
surveys by Netcraft: Apache and Internet Information Server (IIS).
Both of these are highly refined products, boasting not only
lengthy intrinsic technologic feature lists, but also thriving
"aftermarkets" of books, add-ons, consultancies, providers, and
so on. Is there any need to re-invent this particular wheel?
Yes. Important dimensions for evaluation of a Web server include:
-
Performance: How fast does it respond to requests?
-
Scalability: Does the server continue to behave reliably
when many users simultaneously access it?
-
Security: Does the server do only the operations
it should? What support does it offer for authenticating
users and encrypting its traffic? Does its use make
nearby applications or hosts more vulnerable?
-
Availability: What are the failure modes and
incidences of the server?
-
Compliance to standards: Does the server respect
the pertinent RFCs?
-
Flexibility: Can the server be tuned to accommodate
heavy request loads, or computationally demanding
dynamic pages, or expensive authentication, or ...?
-
Platform requirements: On what range of
platforms is the server available? Does it have
specific hardware needs?
-
Manageability: Is the server easy to set up and
maintain? Is it compatible with organizational
standards for logging, auditing, costing, and so
on?
Apache and IIS can't optimize so many criteria
simultaneously. Abstractly, it's obvious that
niche products can surpass the market leaders in
at least one or two of these dimensions.
The interesting thing about lightweight Web servers, and what makes
them worthy of a survey such as this one, is that their
competitiveness is more than just theoretical: Careful
examination shows they have a lot to offer and
hold their own against Apache and IIS even in many common
situations. While it's reasonable to assume the market
leaders have been carefully optimized to be effectively
unbeatable in performance (for example), many tiny competitors
are faster for simple service of static Web pages. When
you run your own tests with these Web
servers, you'll have the feeling that you showed up at a race
track with a go-kart and are somehow passing the Porsches
and Vipers. That's not all: There are times when lightweight
Web servers complement, and not just compete, with their
big brothers. Even if you know you'll be using Apache, you sometimes
will get the most from it by teaming it up with a lightweight
partner. The best solutions
frequently involve co-operation between two or more Web servers.
 |
The lightness
of Web service
The "lightness" on which this survey focuses is rather a
subjective quality, like "art" or "flavor." It generally means
simple, easy-to-install, streamlined, undemanding, and
robust -- smaller and less complex than Apache and IIS,
certainly, which have grown rather baroque in trying to
satisfy their mass markets. For this purpose,
the complexity and size of the Java Web Server. AOLserver, and Zeus
exclude them, despite their
intriguing portability and performance.
Sufficiently lightweight servers open possibilities closed
to the market leaders and other "heavy" alternatives.
An entire server can fit in one file, for instance.
This means it's convenient for a developer to carry
around all the tools he or she needs to be productive;
even if you run Apache on your production servers,
you can sit in a hotel room and experiment with new
ideas running on a lightweight server that takes only
seconds to install. Also, because they're so
undemanding, lightweight servers operate happily on
hosts that simply can't stand up under the burden of IIS.
Single-file packaging
|
Single-file packaging
Apache requires careful installation of many files spread
over several directories. The contrast with the Web servers
below, some of which fit in a single executable, is dramatic.
As it happens, one of the specialties of my employer, Phaseit,
is deployment and
packaging, and we have ways to make Apache installation
look simpler than it usually does. Even when we do our best,
though, there's still a large difference in the "footprint"
of Apache or IIS and the lightweight servers: The former simply
fill up a lot of space.
|
|
Small, lightweight Web servers also operate quite nicely
on low-power hosts. In our own business (Phaseit -- see sidebar), we run dedicated
hardware on industrial computers in remote, harsh, or
underpowered environments. In those situations, it's a
great advantage to be able to serve up Web pages through
an application that requires little processing power or
disk space; it means that our machines can build in
Web-based management consoles, without the development
and power overhead of Apache.
Nearly all the lightweight Web servers are open source,
at some level. If we need special behavior from a Web
server, the ones profiled below are so small that they're
easy to understand, and therefore to enhance, with only a
couple of exceptions. These Web
servers make excellent raw material for projects that
embed Web service, whether in special hardware, or in
specific applications designed to run on general-purpose
computers. They're also in widespread use among
conventional-looking Web sites:
- YouTube depends on lighttpd for fast delivery of
archived content such as videos;
-
cdServe runs the "German Woodworking Machinery
and Tools" CDs;
- LiteSpeed boasts of its role in the twitter,
www.funnyoride.com, www.airliners.com, WordPress.com,
fanfiction.com, SlashGear, www.forumactif.com, and other
prominent Web sites;
- OpenSUSE, RubyOnRails, MarkaBoo, and several other
prominent sites rely on Mongrel;
- thttpd is instrumental for demon.net, bluelight.com,
mtv.com, The Drudge Report, garfield.com, and more;
- and so on.
Here's an example of the handiness of lightweight servers to
developers: At our company, we work with special-purpose
hardware
that provides an office telephony solution. It's based on
customized software that runs as a conventional Linux® application.
With just one additional file and a bit of
init.d configuration, it's
easy to add a highly capable "Web console" that provides
a management interface to the hardware and software.
End users gain the ability to monitor and configure their boxes
from any browser, without having to arrange special
hardware connections or any of the other complications
that were once common with "vertical" hardware.
Service-oriented architectures (SOA) have the reputation of
being difficult and touchy. At least part of that challenge,
in our experience, centers on correct Web service. We've
taken advantage of lightweight Web servers to set up quick
SOAs for demonstrations.
Lightweight servers even have a role to play in production
datacenters, including the high-profile sites listed above,
and more. Very high-performance sites segment their
operations to make the most of caching, proxying, and so
on. An Apache-based site, for example, might have an
architecture which delivers slowly changing images through
a minimal Web server from a dedicated filesystem. The results
an end-user sees are actually the outcome of teamwork between
Apache and one or more secondary Web servers, each playing a
role at which it excels. Such an
arrangement can deliver very fast results at
minimum computational cost.
Means and ends
While lightweight Web servers have much in common, there's also
variation within the category. Most are written in C, but
several other implementation languages have proven successful
among the servers with which I've experimented, including
Erlang, Java, Lisp, Lua, Perl, Python, and Tcl. If there's a language
you favor, you can probably find a Web server coded for your
convenience.
You might concentrate on
a "minority" language for plenty of specific reasons:
- Education: Work with a lightweight Web server
constitutes a serious, but not overwhelming,
goal. This makes for a good way to gain
experience with a language.
- Cooperation: While a lightweight C-coded Web server
typically fits in 10-50 kilobytes,
and higher-level languages have runtimes
of 100 kilobytes to several megabytes,
the source for a complete Web
server might fill only a few thousand
bytes of the higher-level language.
Sharing such a small footprint with technical
peers is much easier than patching Apache.
- Research: Higher-level languages make experimentation
appealing -- adding a new HTTP/1.1 feature, for
example, might take only a few more lines
of source code. These lightweight servers
are handy experimental material.
- Enhancement: Adding an HTTP server to an existing
application already coded in a high-level
language might cost only a few lines of
incremental source.
Athana exemplifies these themes. It's a
Web server coded in Python. It supports
HTTP multipart (uploading), sessions,
cookies, and more. Athana, as of the 0.2.1
release, is still coded in a single, nicely organized
source file.
As hinted above, the strengths of different lightweight Web
servers also vary, more or less independently of the language
involved. All the lightweight Web servers are smaller and
easier to configure
than Apache. Some are faster, some much faster, than
Apache; others emphasize security, grace under heavy load,
extensibility, or memory stinginess. In all cases, it's
reasonable to expect to understand these servers thoroughly
in a way that's no longer practical with Apache.
What specific products make these possibilities real? Even
restriction of attention to "lightweight" servers leaves an
unmanageably large collection. Think of them in terms of
sub-categories: The ultralightweight, the security-conscious,
those which feature a particular language, and so on.
Among these, I'm particularly fond of ultralightweight Web servers,
those which are much smaller than Apache. Applications
this small can fit inside a single human mind; it's possible
to think about them systematically and rigorously, to prove
their security or scaling profiles. Tiny Web servers include:
- The Cheetah Server, written in under a thousand
lines of C.
-
DustMote, a very small Web server, implemented
in a single Tcl source file of about 3000 bytes.
-
fnord fits in under 20K, depending on platform and
configuration. Despite its small size, it supports
virtual hosting, CGI, and keep-alive.
-
ihttpd requires under 800 lines of C to serve pages,
including CGI, by way of
inetd.
-
im-httpd is tiny -- only about 7 kilobytes, linked against
glibc. It's also quite fast.
-
mattows supports CGI in barely 600 lines of C.
- Despite Scrinchy's small
size, under 30KB, it supports an
interesting variety of scripting languages, including a
special-purpose stack-based one called Sy.
-
ZWS demonstrates how
capable an application -- in this
case, an HTTP 0.9+ server -- can be even though written in
just over 500 lines of well-commented zsh (!).
Small size doesn't preclude these servers from serious
use; fnord, for example, handles thousands of simultaneous
connections.
Perhaps the most impressive achievement of the lightweights
as a category are the high-performance servers:
-
cghttpd is a minimal Web server best understood
as an experiment in use of asynchronous facilities
available in the 2.6 series of Linux kernels.
-
darkhttpd is a fast, single-threaded HTTP/1.1 server.
-
Gatling is designed for high performance. Features
include FTP, IPv6, virtual hosting, CGI, and so on.
-
Kernux is a Linux kernel module which implements an
HTTP daemon.
-
lighttpd is the fifth-most-used Web server (and growing!).
It is optimized for many simultaneous connections: "The
typical scenario is using lighttpd as an off-load server
to push out static content ..."
- The LiteSpeed Web Server is a commercial lightweight
Web server that emphasizes performance and security.
LiteSpeed Technologies Inc. claims speed-up by a factor
of six for static content, and more modest gains for
interpreted pages.
-
Miniature JWS, also known as tjws, is a Java-coded Web server
which handles servlets, JSP, and thousands of concurrent
connections, in 77 kilobytes. Its author advertises it is "10%
faster than Apache 2.x."
-
Yaws is a high-performance HTTP/1.1 server written
in Erlang.
A few Web servers are implemented as class or libraries
designed to be embedded in larger applications.
Among these I've found particularly interesting are:
-
EHS -- "embedded HTTP server," a C++ class designed
for embedding in larger C++ applications; and
-
Embedded TCL Web Server, a trivial Web server
which supports SSL and Basic Authentication
and is blazingly fast -- its author's timings
have it at least as fast as lighttpd and
AOLserver. It's written in under a hundred
lines of Tcl.
Python is the language of implementation for several
Web servers which fit unusual niches, including:
- cdServer, a small, simple HTTP coded in Python
"designed to serve (static) contents off a
CD-ROM." It has limited abilities to serve
dynamic content. We have several projects
that involve delivery of incorruptible "live CDs,"
and tools like cdServer are crucial.
-
edna, a clever Python-coded MP3 server implemented
through HTTP.
There are other interesting lightweight Web servers implemented in
Perl and other not-so-well-known languages:
-
Camlserv is a
complete Web server written in ocaml,
targeted to "highly interactive webpages."
It fits in several thousand lines of ocaml,
most of which have to do with special
handling of MySQL and HTML.
-
dhttpd logs accesses in the same format as Apache. It
supports CGI with a built-in Perl interpreter, virtual
hosting, IPv6, bandwidth
management, and security features.
-
DNHTTPD is written in Perl for
UNIX®. It
supports virtual hosts, SSL connections, CGI,
and more.
-
Jellybean is a Perl-coded Perl Object Server based on HTTP.
-
lns.http is a Common LISP HTTP/1.1 Web framework.
-
Mongrel is a library and server for HTTP written in Ruby.
-
Nanoweb is a fast, robust Web server written in PHP. It boasts
an extensive list of features, including full HTTP/1.1 compliance,
access control, authentication, virtual hosting, SSL
compatibility, and more.
-
Naridesh is a Perl-coded Web server.
-
OpenAngel is coded in Perl. Its focus is security.
-
Xavante is an HTTP/1.1 Web server coded in Lua.
-
XSP is written in C#, and hosts ASP.NET.
And you might someday need a few other C-coded lightweight Web servers with
unusual secondary strengths:
-
ABYSS is portable across UNIX and Win32, and "aims
to be a fully HTTP/1.1-compliant Web server." It
is thrifty in its use of memory.
-
Anti-Web
HTTPD(also
"Anti-Web", "awhttpd", and "AW") is
a single-process, non-threaded, CGI-capable server
that emphasizes security and simplicity.
-
MHTTPD supports MHTTPD Basic Authentication either from
an external file or LDAP server.
-
mini-httpd handles multiple concurrent requests in a single
system thread, while demanding little from its host in the
way of memory or CPU.
-
Naken Web is like many other lightweight servers -- it supports
Basic Authentication, static content, and so on -- but its
author has targeted it for Webcam operations and exercised it
on Gumstix, WRT54GL, OpenWrt, and other innovative platforms.
-
Null httpd is a multi-threaded but simple and portable Web
server.
-
Seminole is a commercial Web
server with small memory
requirements and many capabilities.
-
thttpd throttles, does
chroot,
Basic Authentication, and so on.
Conclusion
There's far more to the world of Web servers than just Apache and
IIS. You can find a healthy selection of alternatives so small they can be
completely understood, yet fast enough for serious applications. One of them may well help speed your next project.
Resources Learn
Get products and technologies
Discuss
About the author | 
| | Cameron Laird is a long-time developerWorks contributor and former columnist. He often writes about the open-source projects that accelerate development of his employer's applications, focused on reliability and security. |
Rate this page
| |
