Next Previous Contents

2. Apache

Apache is the leading internet web server, with over 60% market share, according to the Netcraft survey. Several key factors have contributed to Apache's success:

Many commercial vendors have adopted Apache-based solutions for their products, including Oracle, Red Hat and IBM. In addition, Covalent provides add-on modules and 24x7 support for Apache.

The following websites use Apache or derivatives. Chances are that if Apache is good enough for them, it is also good enough for you :)

>From the Apache website:

The Apache HTTP Server Project is an effort to develop and maintain an open-source HTTP server for modern operating systems including UNIX and Windows NT. The goal of this project is to provide a secure, efficient and extensible server that provides HTTP services in sync with the current HTTP standards.

Apache started its life as modifications to the NCSA Web server, one of the first HTTP servers. You can learn more about Apache's history here:

The Apache project has grown beyond building just a web server into developing other critical server side technologies. The Apache Software Foundation, described in a later section, serves as an umbrella for these projects.

2.1 Architecture

There are two main versions of Apache, the 1.3 series and the 2.0 series. Although both versions are considered production quality, they differ in architecture and capabilities.

2.1.1 Apache 1.3

Apache 1.3 has been ported to a great variety of Unix platforms and is the most widely deployed Web server on the Internet.

Process-based Web server

Apache 1.3 on Unix is a process-based Web server. The Apache program forks several children at startup. Forking means that a parent process makes identical copies of itself, called children. Each one of the children can serve a request independent of the others. This approach has the advantage of improved stability: If one of the children misbehaves (runs out of control or has memory leaks) it can be terminated without affecting the others. The stability comes with a performance penalty. In most Unix operating systems, creating processes and context switching (assigning processor time to each process) are expensive operations. Since processes are isolated from each other, they cannot easily share code and data, consuming system resources.

Windows support

Apache 1.3 is the first version of Apache to support Windows, although the port is not considered to be as stable as its Unix counterparts. This is due to the fact that the server had been designed with Unix in mind and the Windows port was a later addition that did not integrate very well.

Modular

Apache 1.3 has a modular architecture. You can enable or disable modules to add and remove Web server functionality. You can customize Apache to improve performance and security. In addition to modules bundled with the server, there is a great number of third party modules, providing extended functionality.

2.1.2 Apache 2.0

Apache 2.0 is the latest and greatest version of the Apache server. The architecture contains significant improvements over the 1.3 series. The following are some of them.

Multi Processing Modules

Apache 2.0 abstracts the request processing architecture in special server modules, called Multi Processing modules (MPMs). This means that Apache can be configured to be a pure process-based server, a purely threaded server or a mixture of those models. Threads are contained inside processes and run simultaneously. Unlike processes, threads can share data and code. Threads are thus more "lighweight" than processes, and in most cases threaded servers scale better than process based servers. The disadvantage is that the server is less reliable, since if a thread misbehaves it can corrupt data or code belonging to other threads.

Protocol Modules

The protocol handling has been encapsulated in its own layer in Apache 2.0. That means it is possible to write modules to serve protocols other than HTTP, such as POP3 for mail or FTP for file transfer. These protocol modules can take advantage of a solid server framework and module functionality, such as authentication and dynamic content generation. This means that, for example, you can authenticate your POP3 users against the same user database Apache uses for web requests and that FTP content can be generated dynamically using PHP, CGI or any other technologies explained later in this document.

Module and filter architecture.

Apache 2.0 maintains the 1.3 modular architecture and adds an additional extension mechanism: filters. Filters allow modules to modify the content generated by other modules. They can encrypt, scan for viruses or compress not only static files but dynamically generated content.

Compatibility issues

Unfortunately, though the module API is similar between versions, they are not identical and Apache 1.3 modules need to be ported to the new architecture. Most mainstream modules such as PHP and mod_perl already have Apache 2.0 versions and others, such as mod_dav and mod_ssl, are now part of the server distribution. Running modules on a threaded architecture requires specific changes to modules. Modules distributed with Apache have undergone those changes and are considered `thread-safe', but third-party modules or libraries may not. If you need one of those, you will be limited to running Apache as a pure process-based server.

Portable

Apache runs equally well now on Windows and Unix platforms thanks to the Apache Portable Runtime (APR) library. It abstracts the differences among operating systems, such as file or network access APIs. Porting Apache to a new platform is often as simple as porting the Apache Portable Runtime. This abstraction layer also provides for platform-specific tuning and optimization.

2.2 Security

Apache provides several security-related modules for securing and restricting access to the server.

Authentication

Authentication modules allow you to determine the identity of a client, usually by verifying an username and password against a backend database. Apache includes modules to authenticate against plain text and database files. Additional authentication modules exist that connect Apache to existing security frameworks or databases, including: NT Domain controller, Oracle, mySQL, PostgresSQL and so on.

The LDAP modules are specially interesting, as they allow integration with company and enterprise wide existing directory services. You can find these modules at http://modules.apache.org. An Apache 2.0 LDAP module can be found at the Apache website.

Access Control

Apache provides the mod_access module that can restrict access to resources based on parameters of the client request, such as the presence of a specific header or the IP address or hostname of the client. Third party modules allow you to restrict access to clients that misbehave, as explained in later sections on performance and bandwidth control.

SSL/TLS

The Secure Sockets Layer/Transport Layer Security protocols allow data between the Web server and client to be encrypted. In Apache 1.3, the protocols are implemented by mod_ssl, which is distributed separately from the mod_ssl website and requires applying patches to the server. This was necessary because of export regulations on encryption. Most of those restrictions have since then being lifted and starting with Apache 2.0, mod_ssl is now included as a base module with Apache.

2.3 Proxy

A proxy is a program that performs requests on behalf of another. There are different kind of Web proxies. A traditional HTTP proxy, also called a forward proxy, accepts requests from clients (usually Web browsers), contacts the remote server, and returns the responses.

A reverse proxy is a Web server that is placed in front of other servers, providing a unified front end and offloading certain tasks, such as SSL processing, from the backend Web servers.

Apache supports both types of proxy, caching of proxied content and differente proxy backends such as FTP.

2.4 Performance and scalability

Raw performance is only one of the factors to consider in a web server (flexibility and stability come usually first).

Having said that, there are solutions to improve performance on heavy loaded webservers serving static content. If you are in the hosting business Apache also provides ways in which you can measure and control bandwidth usage. Throttling in this context usually means slowing down the delivery of content based on the file requested, a specific client IP address and so on. This is done to prevent abuse.

Load Balancing

Using the Apache reverse proxy and mod_rewrite you can have an Apache process distributing requests among a variety of backend web servers. You can find more information at http://www.apache.org/docs/misc/rewriteguide.html

Additionally, mod_backhand is an Apache 1.3 module that allows seamless redirection of HTTP requests from one web server to another. This redirection can be used to target machines with under-utilized resources, thus providing fine-grained, per-request load balancing of web requests. You can find more information at http://www.backhand.org/.

Compression

Apache 2.0 includes mod_deflate, a filtering module that compresses content before delivering it to clients. This saves bandwidth but can have a performance impact. The mod_gzip module provides this functionality for Apache 1.3

2.5 CGI scripts

CGI stands for Common Gateway Interface. CGI programs are external programs that are called when a user requests a certain page. The CGI program receives information from the web server (form variable values, type of browser, IP address of the client and so on) and uses that information to output a web page to the client.

Apache has support for CGIs and there is a third-party Apache 1.3 module that provides support for the FastCGI protocol. It avoids the performance penalties associated with starting and stopping a CGI program with every request. You can find it at http://fastcgi.com/

2.6 Development Platform Integration

Web applications are written in high-level languages such as Java, Perl, C# and so on and Apache has several modules that integrate them with the server. In many cases the modules expose the Apache API so entire Apache modules can be written in those languages.

Perl

mod_perl is one of the most veteran and successful Apache projects. It embeds a Perl interpreter in Apache and allows access to the web server internals from Perl. This allows for entire modules to be written in Perl or a mixture of Perl and C code. In the 1.3 Apache versions, one interpreter has to be embedded in each child, since the server is multiprocess based. In heavy traffic dynamic sites, the increased size could make a difference. In threaded versions of Apache 2.0 mod_perl allows for sharing of code, data and session state among interpreters. This results in a faster, leaner solution.

mod_perl is in itself another platform, with a great variety of modules available such as Mason and Embperl for embedding Perl in HTML pages and AxKit for XML-driven templates.

PHP

From the PHP website: PHP is a server-side, cross-platform, HTML embedded scripting language. It is the most popular module for Apache and this is due to a variety of reasons:

PHP has a modular design. Among many others, there are modules that provide support for: You only need to compile/use the modules you need. PHP can be used with Apache, as an external CGI or with other webservers. It is crossplatform and it runs on most flavors of Unix and Windows. If you come from a Windows background, you probably have used Internet Information Server with Active Server Pages and MS-SQL Server. A common replacement in the Unix world for this trio is Apache with PHP and MySQL. Since PHP works: you have a nice, gradual migration path from a Microsoft-centric solution to Unix based solutions.

Python

Python is a popular object oriented scripting language. Mod_Python, which is now an official Apache project, allows you to integrate Python with the Apache web server. You can develop complex web applications or accelerate existing Python CGI scripts. Recent versions run on Apache 2.0.

Tcl

The Tcl Apache project integrates Tcl with the Apache webserver. Tcl is a lightweight, extensible scripting language. You can learn more about Tcl here. There are several modules currently under the Apache Tcl umbrella:

Microsoft technologies

Several modules allow integration with Microsoft languages and technologies such as the .Net framework or Active Server Pages.

.Net

mod_haydn integrates Mono with Apache and exposes the Apache API to the .Net framework, allowing you to write modules in C#, for example. Covalent provides mod_asp.net, an commercial Windows module that allows Apache to run ASP.Net applications, allowing you to replace Microsoft IIS.

ASP

ASP stands for Active Server Pages and is a Microsoft technology that allows you to embed code, usually Visual Basic, in HTML pages. Several companies such as ChilliSoft and Stryon provide products that can run ASP applications on Unix environments.

ISAPI

ISAPI is an API that you can use to extend Microsoft IIS, similarly to how you would use the Apache API. Apache includes a module mod_isapi that mirrors this functionality and allows you to run ISAPI modules.

Java

Most applications servers, such as those from Oracle, IBM and BEA provide modules to integrate with the Apache web server. Additionally, several modules such as mod_jk and mod_webapp allow you to connect to Tomcat, a Servlet and JavaServer Pages container that is also part of the Apache Software Foundation.

Modules for other languages

This document has described modules for popular server side languages such as Perl, Python and PHP. You can find additional language modules (JavaScript, Haskell, Ruby and others) at the Apache modules directory.

2.7 Management

An important part of Web server administration includes building, configuring and monitoring different servers.

Build tools

Apache can be extended and customized in many different ways. Integration of different modules with the server can sometimes be a difficult task. Tools such as the Apache Toolbox can make this task easier, by providing a menu driven build framework.

User Interfaces for Apache

Apache is configured thru text configuration files, and that sometimes can be hard, specially for people coming from a Windows background. There are open source graphical tools that make this task easier:

SNMP

SNMP stands for Simple Network Management Protocol. It allows monitoring and management of network servers, equipment and so on. SNMP modules for Apache help manage large deployments of web servers, measure the quality of service offered and integration of Apache with existing management frameworks.

2.8 Publishing

Authors of Web content require a means of managing that content and uploading it to the server. One of the protocols used for this purpose is DAV (Distributed Authoring and Versioning). DAV is an extension to the HTTP protocol that enables users and applications to publish and modify Web content. DAV technology is widely implemented, Microsoft supports it at the operating system level (WebFolders) and in its Office suite. Same goes for Apple OS-X and a variety of third party products from Adobe, Oracle and so on. You can get the mod_dav module for Apache 1.3 at http://www.webdav.org/mod_dav/. In Apache 2.0, mod_dav is included with the base distribution.

Previous to DAV, Microsoft had its own publishing protocol, integrated with the Microsoft FrontPage tool. You can add server-side support for Frontpage using the modules at http://www.rtr.com/Ready-to-Run_Software/, though due to the way they integrate with Apache they are not considered secure.

2.9 Protocol modules

Apache 2.0 introduced the concept of protocol modules. That means that developers can reuse the Apache server framework to implement new protocols such as those dealing with mail and file transfer. mod_ftp is a commercial Apache-based FTP module from Covalent. mod_pop3 is an open source module that implements the POP3 protocol, commonly used by mail readers to retrieve messages from mail servers.

2.10 Virtual Hosting

Apache provides extensive virtual hosting support which means that you can serve multiple websites from a single server. In Apache 2.0, with the per-child MPM you can have multiple children, each one serving a different domain under different Unix user ids. This is very important for security in shared hosting scenarios, as it allows you to isolate customers from each other. The following are additional, alternative, virtual hosting modules.

2.11 Commercial support

Apache is the web server of choice for many commercial entities, including big enterprises. These companies have certain requirements when adopting a technology, specially one that is at the core of their Internet strategy, such as Web servers. Those requirements include performance, stability, management capabilities, support, professional services and integration with legacy systems. A number of commercial companies, such as IBM, Red Hat and Covalent, provide the products and services necessary to make Apache meet the needs of Enterprise customers.

In addition, many other companies and OEMs ship Apache as a bundled web server with their products.


Next Previous Contents