web servers. pre-lecture survey: what is the #1 web server: 1. apache 2. google 3. ms iis http...
Post on 23-Dec-2015
223 Views
Preview:
TRANSCRIPT
Pre-lecture Survey: What is the #1 web server:
1. Apache2. Google3. MS IIS HTTP server4. nginx5. Sun6. Other
Apache
MS IIS
HTTP se
rver
nginx
SunOth
er
0% 0% 0%0%0%0%
Apache
http://en.wikipedia.org/wiki/Apache_web_server We’re number one!
Apache
Apache HTTP Server, referred to simply as Apache: A web server Notable for playing a key role in the initial growth of the
World Wide Web Apache
First viable alternative to Netscape Communications Corporation web server
Currently known as Sun Java System Web Server Evolved to rival other Unix-based web servers
Functionality and performance Since April 1996 Apache has been the most popular
HTTP server on the World Wide Web September 2007: Apache served 50% of all websites
Apache Project's name was chosen for two reasons:
Respect for the Native American Indian Apache tribe Well-known for their endurance and their skills in warfare
Project's root is a set of patches to the codebase of NCSA HTTPd 1.3
Making it "a patchy" server Apache is developed and maintained by
Open community of developers Under the auspices of the Apache Software Foundation
Available for a wide variety of OSs Microsoft Windows Novell NetWare Unix-like operating systems
e.g. Linux and Mac OS X z-OS (IBM mainframe) and more…
Released under the Apache License Apache is free software / open source software.
History
First version of the Apache web server created by Robert McCool Heavily involved with the National Center for
Supercomputing Applications web server Known simply as NCSA HTTPd
When Rob left NCSA in mid-1994 Development of httpd stalled Left a variety of patches for improvements circulating
through e-mails Rob McCool was not alone in his efforts
Several other developers helped form the original "Apache Group":
Brian Behlendorf, Roy T. Fielding, Rob Hartill, David Robinson, Cliff Skol nick, Randy Terbush, Robert S. Thau, Andrew Wilson, Eric Hagberg, Frank Peters, and Nicolas Pioch
History
Version 2 of the Apache server was a substantial re-write of much of the Apache 1.x code Strong focus on further modularization and the
development of a portability layer, the Apache Portable Runtime
Apache 2.x core - several major enhancements over Apache 1.x:
UNIX threading Better support for non-Unix platforms New Apache API IPv6 support
First alpha release of Apache March 2, 2000 First general availability release on April 6, 2002
Version 2.2 introduced a new authorization API that allows for more flexibility Also features improved cache modules and proxy
modules
Features
Apache supports a variety of features Many implemented as compiled modules
Extend the core functionality Range from server-side programming
language support to authentication schemes:
Common language interfaces support mod_perl, mod_python, Tcl, and PHP
Popular authentication modules include mod_access, mod_auth, and mod_digest
Features
Other features include: SSL and TLS support
mod_ssl A proxy module A useful URL rewriter
AKA a rewrite engine, implemented under mod_rewrite Custom log files
mod_log_config Filtering support
mod_include mod_ext_filter
Apache logs can be analyzed via web browsers with free scripts AWStats/W3Perl Visitors
Features
Virtual hosting allows one Apache installation to serve many different actual websites For example, one machine, with one Apache
installation could simultaneously serve: www.example.com www.test.com test47.test-server.test.com And more…
Apache features Configurable error messages DBMS-based authentication databases Content negotiation
Also supported by several graphical user interfaces (GUIs) Permit easier, more intuitive configuration of the server
Usage
Apache can serve both static content and dynamic Web pages Many web applications are designed expecting the
environment and features that Apache provides Apache is the web server component of the
popular XAMPP web server application stack Partners with
OS LAMPP – Linux WAMPP – Windows MAMPP – Mac OS X
MySQL PHP/Perl/(Python) programming languages
Usage
Apache is redistributed as part of various proprietary software packages including the Oracle Database IBM WebSphere application server
Mac OS X integrates Apache Its built-in web server Support for its WebObjects application server
It is also supported by Borland Kylix and Delphi development tools
Usage
Apache included with Novell NetWare 6.5 Default web server
Apache used for many tasks where content needs to be available in a secure and reliable way Sharing files from a personal computer over the
Internet User who has Apache installed on their desktop can
put arbitrary files in the Apache's document root which can then be shared
Programmers developing web applications Locally installed version of Apache Preview and test code as it is being developed
License
Software license From the Apache Foundation Distinctive part of the Apache HTTP Server's history Apache License allows distribution of both open and
closed source derivations of the source code Free Software Foundation does not consider
the Apache License to be compatible with version 2 of the GNU General Public License (GPL) Software licensed under the Apache License cannot
be integrated with software that is distributed under the GPL
License
Free software license: Incompatible with the GPL
Has a specific requirement that is not in the GPL Has certain patent termination cases that the
GPL does not require Version 3 of the GPL includes a provision
(Section 7e) allows it to be compatible with licenses that have patent retaliation clauses, including the Apache License
Apache is a registered trademark May only be used with the trademark holder's
express permission
IIS
Microsoft Internet Information Services (IIS) Formerly called Internet Information Server Set of Internet-based services for servers using Microsoft
Windows World's second most popular web server in terms of
overall websites July 2010: it served 25.87% of all websites and 36.63%
of all active websites (Netcraft) IIS Services currently include servers for:
FTP SMTP NTP NNTP HTTP/HTTPS
History of IIS
Initially released as additional set of Internet based services for Windows NT 3.51
IIS 2.0 added support for the Windows NT 4.0
IIS 3.0 introduced the Active Server Pages dynamic
scripting environment IIS 4.0
dropped support for the Gopher protocol Bundled with Windows NT as a separate
"Option Pack" CD-ROM
History of IIS
Current shipping versions of IIS: 8.5
Windows Server 21012 R2 Windows 8.1
8.0 Windows Server 2012 Windows 8
7.5 Windows 7 Windows Server 2008 R2
7.0 Windows Vista Windows Server 2008
6.0 Windows Server 2003
Added support for IPv6 (support ending July 14,2015)
History of IIS
Windows Vista and 7 do not install IIS 7 by default Can be selected among the list of optionally
installed components IIS 7.0 on Vista does not limit the number of
connections allowed Restricts performance based on active
concurrent requests
Security
Earlier versions of IIS had lot of vulnerabilities Chief among them CA-2001-19
Led to the infamous Code Red worm
Version 7.0 currently has no reported issues In perspective, as of 11 September 2007, the
free software Apache web server has one unpatched reported issue Affecting only MS Windows systems Rated "less critical“
Security
IIS 6.0 opted to change the behavior of pre-installed ISAPI handlers Many of which were culprits in the
vulnerabilities on 4.0 and 5.0 Reduced the attack surface of IIS IIS 6.0 added a feature called "Web
Service Extensions“ Prevents IIS from launching any program
without explicit permission by an administrator
Security
IIS 7.0 the components were modularized Only the required components have to be
installed Further reducing the attack surface Security features such asURLFiltering
were added Rejects suspicious URLs based on a user
defined rule set
Security
In IIS 5.1 and lower: By default all websites were run
In-process Under the System account
a default Windows account with elevated rights
Security
In IIS 6.0 all request handling processes have been brought under a Network Services account Has significantly fewer privileges If there is an exploit in a feature or custom code
Wouldn't necessarily compromise the entire system
Given the sandboxed environment the processes run
Contains a new kernel HTTP stack (http.sys) Stricter HTTP request parser and response cache
for both static and dynamic content
Authentication mechanisms
IIS 5.0 and higher support the following authentication mechanisms: Basic access authentication Digest access authentication Integrated Windows Authentication .NET Passport Authentication
Internet Information Services 7.0
Debuted with Windows Vista Included in Windows Server 2008
IIS 7.0 features a modular architecture Instead of a monolithic server which features all
services IIS 7 has a core web server engine Modules offering specific functionality can be
added to the engine to enable its features Advantages
Only the features required need be enabled The functionalities can be extended by using
custom modules
Internet Information Services 7.0
IIS 7 ships with a handful of modules Microsoft will make other modules available
online Following sets of modules ship with the server:
HTTP Modules Security Modules Content Modules Compression Modules Caching Modules Logging and Diagnostics Modules
Integrates with the new configuration store New management environment
Internet Information Services 7.0
Significant change from previous versions: All web server configuration information is stored
solely in XML configuration files Instead of in the metabase
Server has a global configuration file Provides defaults Each virtual web's document root (and any
subdirectory thereof) may contain a web.config Containing settings that augment or override the
defaults
Internet Information Services 7.0
Changes to these files take effect immediately Marks a significant departure from previous
versions whereby web interfaces, or machine administrator access, were required to change simple settings such as default document, active modules and security/authentication
Eliminates the need to perform metabase synchronization between multiple servers in a farm of web servers
Internet Information Services 7.0
Features a completely rewritten administration interface Takes advantage of modern MMC
features such as Task panes Asynchronous operation
Configuration of ASP.NET is more fully integrated into the administrative interface.
nginx
NGINX Plus is the web server, reinvented World’s most popular open source web
server for high-traffic websites. NGINX Plus adds enterprise-ready
features load balancing session persistence monitoring advanced management.
nginx
High-performance HTTP Server Delivers web and video assets with
Unparalleled speed Maximizing performance and efficiency
Web Accelerator Provides SSL and SPDY acceleration HTTP connection optimization High-performance caching HTTP compression
Application Gateway PHP, Ruby, Java and other application types supported Supports FastCGI, uWSGI and HTTP Proxy interfaces
Load Balancer and Application Delivery solution Gives
reliability control consistent performance for HTTP and TCP applications.
The "spiel"
The following from http://nginx.com/products/?_bt=669021
62345&_bk=nginx&_bm=b&gclid=CNy26dbm5MMCFWRk7AodWwoAXw
Capability
Future-proof, IPv6-ready reverse proxy with: Load balancing High availability
For: HTTP and TCP services Application request routing Content acceleration and caching
Predictability
Works predictably, without spikes, on: Low power chipsets Virtual machines with limited RAM
Eliminate unexpected issues with operations Reduce infrastructure costs
Simplicity
Flexible, logical, easily scalable setup Ten lines of directives enable:
Load balancing- or - Static content delivery
Don’t waste engineering hours on tweaking unreadable configurations
nginx
Virtualized Built to optimize CPU and memory
resource utilization. Extremely efficient in virtualized public
and private cloud environments Pay less, get more
nginx
Automation Easily automated with tools like Puppet
and Chef Can be managed by independent
development teams Shift engineering focus from
maintenance to innovation
Scalability and Performance
Serves Million users or more per server Tens of thousands of requests per
second Best in class multi-tenancy for virtual
hosts Easily scales for unparalleled efficiency
Post-survey: What is the #1 web server:
1. Apache2. Google3. MS IIS HTTP server4. nginx5. Sun
Apache
MS IIS
HTTP se
rver
nginx
Sun
99%
0% 0%1%0%
Summary
Concentrated on HTTP servers Apache and IIS are the main web
serving tools nginx is rising fast
Apache still king Currently declining IIS Up and down, wandering
Usage tracked Netcraft Web Server Survey
top related