Lightweight Web servers

Special-purpose HTTP applications complement Apache and other market leaders

Cameron Laird (claird@phaseit.net), Vice President, Phaseit, Inc.

Cameron Laird is a long-time developerWorks contributor and former columnist. He often writes about the open-source projects that accelerate development of his employer's applications, focused on reliability and security.

Summary: Recent years have enjoyed a florescence of interesting implementations of Web servers, including lighttpd, litespeed, and mongrel, among others. These Web servers boast different combinations of performance, ease of administration, portability, security, and related values. The following engineering study surveys the field of lightweight Web servers to help you find one likely to meet the technical requirements of your next project.

Tag this!

Date: 10 Jul 2007
Level: Intermediate
Activity: 13820 views

"Lightweight" Web servers like lighttpd, litespeed, and mongrel can offer dramatic benefits for your projects. This article surveys the possibilities and shows how they apply to you.

What does it take to be a Web server?

The first important aspect is to understand clearly the domain under investigation (see Resources for details). The fundamental end-user action on the Internet is "going to a Web page." At a high level, this involves teamwork between a couple of applications:

a Web browser, like Firefox or Internet Explorer, which requests a specific page and displays in human-readable form what it receives from...
a Web server, generally on a remote machine, which responds to the page request with an HTML-coded or similar stream of data.

All Web users have direct contact with browsers, and there's a corresponding level of zealotry in their selection and analysis. Servers, though, are visible only to the sites' technical staff. Moreover, while there are scores of different Web servers in use, two account for around 90% of all sites, according to recent surveys by Netcraft: Apache and Internet Information Server (IIS). Both of these are highly refined products, boasting not only lengthy intrinsic technologic feature lists, but also thriving "aftermarkets" of books, add-ons, consultancies, providers, and so on. Is there any need to re-invent this particular wheel?

Yes. Important dimensions for evaluation of a Web server include:

Performance: How fast does it respond to requests?
Scalability: Does the server continue to behave reliably when many users simultaneously access it?
Security: Does the server do only the operations it should? What support does it offer for authenticating users and encrypting its traffic? Does its use make nearby applications or hosts more vulnerable?
Availability: What are the failure modes and incidences of the server?
Compliance to standards: Does the server respect the pertinent RFCs?
Flexibility: Can the server be tuned to accommodate heavy request loads, or computationally demanding dynamic pages, or expensive authentication, or ...?
Platform requirements: On what range of platforms is the server available? Does it have specific hardware needs?
Manageability: Is the server easy to set up and maintain? Is it compatible with organizational standards for logging, auditing, costing, and so on?

Apache and IIS can't optimize so many criteria simultaneously. Abstractly, it's obvious that niche products can surpass the market leaders in at least one or two of these dimensions.

The interesting thing about lightweight Web servers, and what makes them worthy of a survey such as this one, is that their competitiveness is more than just theoretical: Careful examination shows they have a lot to offer and hold their own against Apache and IIS even in many common situations. While it's reasonable to assume the market leaders have been carefully optimized to be effectively unbeatable in performance (for example), many tiny competitors are faster for simple service of static Web pages. When you run your own tests with these Web servers, you'll have the feeling that you showed up at a race track with a go-kart and are somehow passing the Porsches and Vipers. That's not all: There are times when lightweight Web servers complement, and not just compete, with their big brothers. Even if you know you'll be using Apache, you sometimes will get the most from it by teaming it up with a lightweight partner. The best solutions frequently involve co-operation between two or more Web servers.

The lightness of Web service

The "lightness" on which this survey focuses is rather a subjective quality, like "art" or "flavor." It generally means simple, easy-to-install, streamlined, undemanding, and robust -- smaller and less complex than Apache and IIS, certainly, which have grown rather baroque in trying to satisfy their mass markets. For this purpose, the complexity and size of the Java Web Server. AOLserver, and Zeus exclude them, despite their intriguing portability and performance.

Sufficiently lightweight servers open possibilities closed to the market leaders and other "heavy" alternatives. An entire server can fit in one file, for instance. This means it's convenient for a developer to carry around all the tools he or she needs to be productive; even if you run Apache on your production servers, you can sit in a hotel room and experiment with new ideas running on a lightweight server that takes only seconds to install. Also, because they're so undemanding, lightweight servers operate happily on hosts that simply can't stand up under the burden of IIS.

Single-file packaging

Apache requires careful installation of many files spread over several directories. The contrast with the Web servers below, some of which fit in a single executable, is dramatic. As it happens, one of the specialties of my employer, Phaseit, is deployment and packaging, and we have ways to make Apache installation look simpler than it usually does. Even when we do our best, though, there's still a large difference in the "footprint" of Apache or IIS and the lightweight servers: The former simply fill up a lot of space.

Small, lightweight Web servers also operate quite nicely on low-power hosts. In our own business (Phaseit -- see sidebar), we run dedicated hardware on industrial computers in remote, harsh, or underpowered environments. In those situations, it's a great advantage to be able to serve up Web pages through an application that requires little processing power or disk space; it means that our machines can build in Web-based management consoles, without the development and power overhead of Apache.

Nearly all the lightweight Web servers are open source, at some level. If we need special behavior from a Web server, the ones profiled below are so small that they're easy to understand, and therefore to enhance, with only a couple of exceptions. These Web servers make excellent raw material for projects that embed Web service, whether in special hardware, or in specific applications designed to run on general-purpose computers. They're also in widespread use among conventional-looking Web sites:

YouTube depends on lighttpd for fast delivery of archived content such as videos;
cdServe runs the "German Woodworking Machinery and Tools" CDs;
LiteSpeed boasts of its role in the twitter, www.funnyoride.com, www.airliners.com, WordPress.com, fanfiction.com, SlashGear, www.forumactif.com, and other prominent Web sites;
OpenSUSE, RubyOnRails, MarkaBoo, and several other prominent sites rely on Mongrel;
thttpd is instrumental for demon.net, bluelight.com, mtv.com, The Drudge Report, garfield.com, and more;
and so on.

Here's an example of the handiness of lightweight servers to developers: At our company, we work with special-purpose hardware that provides an office telephony solution. It's based on customized software that runs as a conventional Linux® application. With just one additional file and a bit of init.d configuration, it's easy to add a highly capable "Web console" that provides a management interface to the hardware and software. End users gain the ability to monitor and configure their boxes from any browser, without having to arrange special hardware connections or any of the other complications that were once common with "vertical" hardware.

Service-oriented architectures (SOA) have the reputation of being difficult and touchy. At least part of that challenge, in our experience, centers on correct Web service. We've taken advantage of lightweight Web servers to set up quick SOAs for demonstrations.

Lightweight servers even have a role to play in production datacenters, including the high-profile sites listed above, and more. Very high-performance sites segment their operations to make the most of caching, proxying, and so on. An Apache-based site, for example, might have an architecture which delivers slowly changing images through a minimal Web server from a dedicated filesystem. The results an end-user sees are actually the outcome of teamwork between Apache and one or more secondary Web servers, each playing a role at which it excels. Such an arrangement can deliver very fast results at minimum computational cost.

Means and ends

While lightweight Web servers have much in common, there's also variation within the category. Most are written in C, but several other implementation languages have proven successful among the servers with which I've experimented, including Erlang, Java, Lisp, Lua, Perl, Python, and Tcl. If there's a language you favor, you can probably find a Web server coded for your convenience.

You might concentrate on a "minority" language for plenty of specific reasons:

Education: Work with a lightweight Web server constitutes a serious, but not overwhelming, goal. This makes for a good way to gain experience with a language.
Cooperation: While a lightweight C-coded Web server typically fits in 10-50 kilobytes, and higher-level languages have runtimes of 100 kilobytes to several megabytes, the source for a complete Web server might fill only a few thousand bytes of the higher-level language. Sharing such a small footprint with technical peers is much easier than patching Apache.
Research: Higher-level languages make experimentation appealing -- adding a new HTTP/1.1 feature, for example, might take only a few more lines of source code. These lightweight servers are handy experimental material.
Enhancement: Adding an HTTP server to an existing application already coded in a high-level language might cost only a few lines of incremental source.

Athana exemplifies these themes. It's a Web server coded in Python. It supports HTTP multipart (uploading), sessions, cookies, and more. Athana, as of the 0.2.1 release, is still coded in a single, nicely organized source file.

As hinted above, the strengths of different lightweight Web servers also vary, more or less independently of the language involved. All the lightweight Web servers are smaller and easier to configure than Apache. Some are faster, some much faster, than Apache; others emphasize security, grace under heavy load, extensibility, or memory stinginess. In all cases, it's reasonable to expect to understand these servers thoroughly in a way that's no longer practical with Apache.

What specific products make these possibilities real? Even restriction of attention to "lightweight" servers leaves an unmanageably large collection. Think of them in terms of sub-categories: The ultralightweight, the security-conscious, those which feature a particular language, and so on.

Among these, I'm particularly fond of ultralightweight Web servers, those which are much smaller than Apache. Applications this small can fit inside a single human mind; it's possible to think about them systematically and rigorously, to prove their security or scaling profiles. Tiny Web servers include:

The Cheetah Server, written in under a thousand lines of C.
DustMote, a very small Web server, implemented in a single Tcl source file of about 3000 bytes.
fnord fits in under 20K, depending on platform and configuration. Despite its small size, it supports virtual hosting, CGI, and keep-alive.
ihttpd requires under 800 lines of C to serve pages, including CGI, by way of inetd.
im-httpd is tiny -- only about 7 kilobytes, linked against glibc. It's also quite fast.
mattows supports CGI in barely 600 lines of C.
Despite Scrinchy's small size, under 30KB, it supports an interesting variety of scripting languages, including a special-purpose stack-based one called Sy.
ZWS demonstrates how capable an application -- in this case, an HTTP 0.9+ server -- can be even though written in just over 500 lines of well-commented zsh (!).

Small size doesn't preclude these servers from serious use; fnord, for example, handles thousands of simultaneous connections.

Perhaps the most impressive achievement of the lightweights as a category are the high-performance servers:

cghttpd is a minimal Web server best understood as an experiment in use of asynchronous facilities available in the 2.6 series of Linux kernels.
darkhttpd is a fast, single-threaded HTTP/1.1 server.
Gatling is designed for high performance. Features include FTP, IPv6, virtual hosting, CGI, and so on.
Kernux is a Linux kernel module which implements an HTTP daemon.
lighttpd is the fifth-most-used Web server (and growing!). It is optimized for many simultaneous connections: "The typical scenario is using lighttpd as an off-load server to push out static content ..."
The LiteSpeed Web Server is a commercial lightweight Web server that emphasizes performance and security. LiteSpeed Technologies Inc. claims speed-up by a factor of six for static content, and more modest gains for interpreted pages.
Miniature JWS, also known as tjws, is a Java-coded Web server which handles servlets, JSP, and thousands of concurrent connections, in 77 kilobytes. Its author advertises it is "10% faster than Apache 2.x."
Yaws is a high-performance HTTP/1.1 server written in Erlang.

A few Web servers are implemented as class or libraries designed to be embedded in larger applications. Among these I've found particularly interesting are:

EHS -- "embedded HTTP server," a C++ class designed for embedding in larger C++ applications; and
Embedded TCL Web Server, a trivial Web server which supports SSL and Basic Authentication and is blazingly fast -- its author's timings have it at least as fast as lighttpd and AOLserver. It's written in under a hundred lines of Tcl.

Python is the language of implementation for several Web servers which fit unusual niches, including:

cdServer, a small, simple HTTP coded in Python "designed to serve (static) contents off a CD-ROM." It has limited abilities to serve dynamic content. We have several projects that involve delivery of incorruptible "live CDs," and tools like cdServer are crucial.
edna, a clever Python-coded MP3 server implemented through HTTP.

There are other interesting lightweight Web servers implemented in Perl and other not-so-well-known languages:

Camlserv is a complete Web server written in ocaml, targeted to "highly interactive webpages." It fits in several thousand lines of ocaml, most of which have to do with special handling of MySQL and HTML.
dhttpd logs accesses in the same format as Apache. It supports CGI with a built-in Perl interpreter, virtual hosting, IPv6, bandwidth management, and security features.
DNHTTPD is written in Perl for UNIX®. It supports virtual hosts, SSL connections, CGI, and more.
Jellybean is a Perl-coded Perl Object Server based on HTTP.
lns.http is a Common LISP HTTP/1.1 Web framework.
Mongrel is a library and server for HTTP written in Ruby.
Nanoweb is a fast, robust Web server written in PHP. It boasts an extensive list of features, including full HTTP/1.1 compliance, access control, authentication, virtual hosting, SSL compatibility, and more.
Naridesh is a Perl-coded Web server.
OpenAngel is coded in Perl. Its focus is security.
Xavante is an HTTP/1.1 Web server coded in Lua.
XSP is written in C#, and hosts ASP.NET.

And you might someday need a few other C-coded lightweight Web servers with unusual secondary strengths:

ABYSS is portable across UNIX and Win32, and "aims to be a fully HTTP/1.1-compliant Web server." It is thrifty in its use of memory.
Anti-Web HTTPD(also "Anti-Web", "awhttpd", and "AW") is a single-process, non-threaded, CGI-capable server that emphasizes security and simplicity.
MHTTPD supports MHTTPD Basic Authentication either from an external file or LDAP server.
mini-httpd handles multiple concurrent requests in a single system thread, while demanding little from its host in the way of memory or CPU.
Naken Web is like many other lightweight servers -- it supports Basic Authentication, static content, and so on -- but its author has targeted it for Webcam operations and exercised it on Gumstix, WRT54GL, OpenWrt, and other innovative platforms.
Null httpd is a multi-threaded but simple and portable Web server.
Seminole is a commercial Web server with small memory requirements and many capabilities.
thttpd throttles, does chroot, Basic Authentication, and so on.

Conclusion

There's far more to the world of Web servers than just Apache and IIS. You can find a healthy selection of alternatives so small they can be completely understood, yet fast enough for serious applications. One of them may well help speed your next project.

Resources

Learn

LinuxLinks and Wikipedia maintain lists of lightweight Web servers.
Want to know what server software a given site is running (or claims to be running)? Check out Netcraft.
Netcraft calculates a 1.2% (or fifth-place) share of the Web server market for lighttpd, and Serverwatch reckons the growth is driven by admins looking for an Apache alternative.
Three Hungarian academics write about "Portable minimal Web servers" in terms of two examples they've written in C and bash, respectively.
"Implementing a Lightweight Web Server for Resource Pooling and Scalability" details considerations and usage that are typical of all the servers profiled here, even though the language of implementation, Java, is in the minority among them.
REBOL's inventor shows off the capabilities of the language with this one-page Web server coded in REBOL.
Get your hands on more articles for Web developers in our technical library.
Subscribe to our newsletter.

Get products and technologies

Download free IBM trial software including such favorites as IBM HTTP Server, WebSphere Application Server Community Edition, and much more.

Discuss

Get involved in the developerWorks community: Explore blogs, forums, spaces, and more.

About the author

Comments (Undergoing maintenance)

Trademarks | My developerWorks terms and conditions

Close [x]

Help: Update or add to My dW interests

What's this?

This little timesaver lets you update your My developerWorks profile with just one click! The general subject of this content (AIX and UNIX, Information Management, Lotus, Rational, Tivoli, WebSphere, Java, Linux, Open source, SOA and Web services, Web development, or XML) will be added to the interests section of your profile, if it's not there already. You only need to be logged in to My developerWorks.

And what's the point of adding your interests to your profile? That's how you find other users with the same interests as yours, and see what they're reading and contributing to the community. Your interests also help us recommend relevant developerWorks content to you.

View your My developerWorks profile

Return from help

Close [x]

Help: Remove from My dW interests

What's this?

Removing this interest does not alter your profile, but rather removes this piece of content from a list of all content for which you've indicated interest. In a future enhancement to My developerWorks, you'll be able to see a record of that content.

View your My developerWorks profile

Return from help

static.content.url=http://www.ibm.com/developerworks/js/artrating/

SITE_ID=1

Zone=Web development, Open source, Linux

ArticleID=239637

ArticleTitle=Lightweight Web servers

publish-date=07102007

author1-email=claird@phaseit.net

author1-email-cc=