2. This work is licensed under a Creative Commons Attribution 3.0 Unported License.
About Me
ā” Apache Software Foundation
ā” Co-founder, Director, Member and Developer
ā” Director
ā” Outercurve, MARSEC-XL, OSSI, OSI (ex)ā¦
ā” Developer
ā” Mega FOSS projects
ā” OāReilly Open Source Award: 2013
ā” European Commission: Luminary Award
ā” Sr. Director: Tech Fellows: Capital One
@jimjag
3. This work is licensed under a Creative Commons Attribution 3.0 Unported License.
Hold on a tic
ā” How do you define ānewā??
@jimjag
4. This work is licensed under a Creative Commons Attribution 3.0 Unported License.
httpd is sooo old school (aka
fud)
ā” Apache doesnāt scale (its SLOW)
ā” http://www.youtube.com/watch?v=bzkRVzciAZgāØ
āØ
ā” Apache is too generalizedāØ
āØ
āØ
ā” Apache is too complex (config file)
ā” really?
ā” Apache is too oldāØ
(yeah, just like Linux)
@jimjag
vs
Itās Squagels!
5. This work is licensed under a Creative Commons Attribution 3.0 Unported License.
Apache httpd 2.4 - design drivers
ā” New features and improve old ones
ā” Support for async I/O w/o dropping support for older
systems
ā” Larger selection of usable MPMs: added Event, Motorz,
etc...
ā” Leverage higher-performant versions of APR
ā” Increase performance
ā” Reduce memory utilization
ā” The Cloud
@jimjag
Currently at version 2.4.23 (2.4.1 went GA Feb 21, 2012)
6. This work is licensed under a Creative Commons Attribution 3.0 Unported License.
Whatās New: Apache httpd 2.4
ā” Configuration / Runtime Improvements
ā” New Modules / Capabilities
ā” Cloud / Proxy Enhancements
ā” Performance Increases
ā” HTTP/2
@jimjag
7. This work is licensed under a Creative Commons Attribution 3.0 Unported License.
Conļ¬guration - Runtime
ā” Finer control of timeouts, esp. during requests
ā” mod_reqtimeout
ā” KeepAliveTimout down to the millisecond
ā” Finer control over logging
ā” per module/per directory
ā” new logging levels (TRACE[1-8])
@jimjag
LogLevel info ssl:warn
<Directory "/usr/local/apache/htdocs/foo">
LogLevel debug
</Directory>
8. This work is licensed under a Creative Commons Attribution 3.0 Unported License.
Conļ¬guration - Runtime
ā” Other stuff:
ā” No more NameVirtualHost
ā” General purpose expression parser (BNF compatible)
ā” AllowOverrideListāØ
āØ
āØ
ā” Loadable MPM modules
ā” Recall that different MPMs have different config directives!
@jimjag
AllowOverride None
AllowOverrideList Redirect RedirectMatch Header
./configure āenable-mpms-shared=all
LoadModule mpm_event_module modules/mod_mpm_event.so
9. This work is licensed under a Creative Commons Attribution 3.0 Unported License.
Conļ¬guration - Runtime
ā” Require
ā” Removes order deny/allow insanity!
ā” mod_access_compat for backwards combat
@jimjag
AuthType Basic
AuthName "Restricted Resource"
AuthBasicProvider file
AuthUserFile /web/users
AuthGroupFile /web/groups
Require group admin
<Directory /www/docs>
<RequireAll>
Require group alpha beta
Require not group reject
</RequireAll>
</Directory>
<Directory /www/docs2>
Require all granted
</Directory>
10. This work is licensed under a Creative Commons Attribution 3.0 Unported License.
New Modules
ā” mod_macro
@jimjag
<Macro VHost $name $domain>
<VirtualHost *:80>
ServerName $domain
ServerAlias www.$domain
DocumentRoot /var/www/vhosts/$name
ErrorLog /var/log/httpd/$name.error_log
CustomLog /var/log/httpd/$name.access_log combined
</VirtualHost>
</Macro>
Use VHost example example.com
Use VHost myhost hostname.org
Use VHost apache apache.org
UndefMacro VHost
From my
ApacheCon 2000
Preso
11. This work is licensed under a Creative Commons Attribution 3.0 Unported License.
Conļ¬guration - Runtime
ā” <If> supports per-request conditions
@jimjag
# Compare the host name to example.com and
# redirect to www.example.com if it matches
<If "%{HTTP_HOST} == 'example.com'">
Redirect permanent / http://www.example.com/
<ElseIf "%{HTTP_HOST} == āfoobarfoo.com'">
Redirect permanent / http://www2.example.com/
</If>
12. This work is licensed under a Creative Commons Attribution 3.0 Unported License.
Conļ¬guration - Runtime
ā” Simple config-file variables: <Define>
@jimjag
<IfDefine TEST>
Define servername test.example.com
</IfDefine>
<IfDefine !TEST>
Define servername www.example.com
Define SSL
</IfDefine>
DocumentRoot /var/www/${servername}/htdocs
13. This work is licensed under a Creative Commons Attribution 3.0 Unported License.
New Modules
ā” mod_lua
@jimjag
<Files *.lua>
SetHandler lua-script
</Files>
ā¦
example.lua
require "string"
function handle(r)
r.content_type = "text/plain"
if r.method == 'GET' then
r:puts("Hello Lua World!n")
for k, v in pairs( r:parseargs() ) do
r:puts( string.format("%s: %sn", k, v) )
end
elseif r.method == 'POST' then
r:puts("Hello Lua World!n")
for k, v in pairs( r:parsebody() ) do
r:puts( string.format("%s: %sn", k, v) )
end
elseif r.method == 'PUT' then
r:puts("Unsupported HTTP method " .. r.method)
r.status = 405
return apache2.ok
else
return 501
end
return apache2.OK
end
14. This work is licensed under a Creative Commons Attribution 3.0 Unported License.
New Modules
ā” mod_buffer
ā” buffer the i/o stacks w/i httpd
ā” mod_sed
ā” True sed functionality, alternate to mod_substituteāØ
āØ
āØ
āØ
āØ
ā” mod_remoteip
ā” allow access to the real client IP address
@jimjag
<Directory "/var/www/docs/status">
AddOutputFilter Sed html
OutputSed "s/complete/DONE/g"
OutputSed ās/in-progress/TODO/g"
</Directory>
RemoteIPHeader X-Client-IP
15. This work is licensed under a Creative Commons Attribution 3.0 Unported License.
New Modules
ā” mod_session
ā” easily maintain application server state
ā” mod_auth_form
ā” Form-based auth can now be handled internally
@jimjag
<Location /dologin.html>
SetHandler form-login-handler
AuthFormLoginRequiredLocation http://example.com/login.html
AuthFormLoginSuccessLocation http://example.com/success.html
AuthFormProvider file
AuthUserFile conf/passwd
AuthType form
AuthName realm
Session On
SessionCookieName session path=/
SessionCryptoPassphrase secret
</Location>
16. This work is licensed under a Creative Commons Attribution 3.0 Unported License.
New Modules
ā” mod_log_debug
ā” Add debug logging at any hookāØ
āØ
āØ
āØ
ā” mod_ratelimit
ā” (basic) bandwidth limiting for clients
@jimjag
<Location /foo>
LogMessage āsubreq to fooā hook=type_checker expr=%{IS_SUBREQ}
</Location>
<Location /downloads>
SetOutputFilter RATE_LIMIT
SetEnv rate-limit 400
</Location>
17. This work is licensed under a Creative Commons Attribution 3.0 Unported License.
Even more!
ā” mod_cache
ā” Can serve stale data if required
ā” X-Cache-Header now supports HIT/MISS/
REVALIDATE
ā” Can cache HEAD
ā” htcacheclean improvements
ā” mod_socache / mod_slotmem
ā” Data object/blog storage mechanisms
@jimjag
18. This work is licensed under a Creative Commons Attribution 3.0 Unported License.
New Modules
ā” mod_proxy submodules:
ā” mod_proxy_fcgi
ā” mod_proxy_scgi
ā” mod_proxy_wstunnel
ā” mod_proxy_html
ā” mod_proxy_express
@jimjag
ProxyExpressEnable onāØ
ProxyExpressDBMFile emap
ā¦
##āØ
##express-map.txt: httxt2dbm -i express-map.txt -o emapāØ
##āØ
āØ
www1.example.com http://192.168.002.2:8080āØ
www2.example.com http://192.168.002.12:8088āØ
www3.example.com http://192.168.002.10
...
www6341.example.com http://192.168.211.26
19. This work is licensed under a Creative Commons Attribution 3.0 Unported License.
Cloud and Performance
ā” The Cloud is a game changer for web servers
ā” Horizontal scalability is no longer as painful
ā” Concurrency is no longer the sole consideration
ā” ... or maybe even the primary one
ā” Whatās important now? Transaction Time! (because it CAN be)
ā” Low latency
ā” Fast req/resp turnover
ā” Does density still matter? Of course!
ā” micro-services
ā” Are there environs where super-mega concurrency is the
bugaboo? You betcha! (but the cloud makes these more and more rare,
and youāre likely using a bad architecture anyway)
@jimjag
20. This work is licensed under a Creative Commons Attribution 3.0 Unported License.
Cloud and Dynamics
ā” The Cloud is a game changer for web servers
ā” The cloud is a dynamic place
ā” automated reconfiguration
ā” horizontal, not vertical scaling
ā” self-aware environments
@jimjag
OK, maybe not THAT self-aware
21. This work is licensed under a Creative Commons Attribution 3.0 Unported License.
Why Dynamic Proxy Matters
ā” Apache httpd still the most frequently used front-end
ā” Proxy capabilities must be cloud friendly
ā” Front-end must be dynamic friendly
@jimjag
22. This work is licensed under a Creative Commons Attribution 3.0 Unported License.
Apache httpd 2.4 proxy
ā” Reverse Proxy Improvements
ā” Supports FastCGI, SCGI, Websockets in balancer
ā” Additional load balancing mechanisms
ā” Runtime changing of clusters w/o restarts
ā” Support for dynamic configuration
ā” mod_proxy_express
ā” mod_fcgid and fcgistarter
ā” Brand New: Support for Unix Domain Sockets
@jimjag
23. This work is licensed under a Creative Commons Attribution 3.0 Unported License.
Performance
ā” From Nic Rosenthal Battle of the stacksāØ
(http://www.slideshare.net/AllThingsOpen/battle-of-the-stacks)
@jimjag
HHVM + NGINX!
!
vs!
!
HHVM + Apache 2.4!
!
http://ldr.io/1ogvD7X
http://ldr.io/1ogD7b3
Response time: 76ms
Response time: 60ms
HHVM + NGINX
HHVM + Apache 2.4
Image by Articularnos.com https://www.ļ¬ickr.com/photos/articularnos/
Champion of the !
Battle Of The Stacks
ATO Edition
HHVM + Apache 2.4
24. This work is licensed under a Creative Commons Attribution 3.0 Unported License.
Raw Performance
ā” Event MPM : no longer experimental
ā” non-blocking
ā” async
ā” Faster, more efficient APR
ā” Smaller memory footprint
ā” More efficient data structures (worker and event)
@jimjag
25. This work is licensed under a Creative Commons Attribution 3.0 Unported License.
Apache httpd vs nginx
ā” Why nginx? Everyone asks about it...
ā” Benchmark: local and reverse proxy transaction times
ā” Apache httpd 2.4.22-dev, nginx 1.8.1
ā” CentOS6, Dual Xeon 3.33GHz
ā” 4GB memory
ā” localhost loopback and external (no firewall)
ā” Double checked results: OSX 10.11.2 (8-core), Fedora 23 (4-
core)
@jimjag
26. This work is licensed under a Creative Commons Attribution 3.0 Unported License.
Setup
loopbackSetup 1:
Setup 2:
Setup 3:
Setup 3:
27. This work is licensed under a Creative Commons Attribution 3.0 Unported License.
Considerations
ā” Multiple benchmarking systems:
ā” flood (50/250/5/2, 50/100/5/2, 50/5/5/2)
ā” httperf (num-conns=100->20000, numcalls=3,10,100)
ā” weighttp
ā” Full URL requests (www.example.com/index.html)
ā” Static local requests
ā” Static reverse proxy requests
ā” All Apache httpd MPMs
ā” No significant ātuningā efforts (mostly out of the box
configs)
@jimjag
28. This work is licensed under a Creative Commons Attribution 3.0 Unported License.
nginx vs Event (typical)
Apache - Event MPM
0
500
1000
1500
2000
nginx
0
500
1,000
1,500
2,000
Open Write Read Close
Increasing concurrency Increasing concurrency
29. This work is licensed under a Creative Commons Attribution 3.0 Unported License.
Apache - Prefork MPM
0
500
1000
1500
2000
nginx vs Prefork (typical)
nginx
0
500
1,000
1,500
2,000
Open Write Read Close
Increasing concurrency Increasing concurrency
30. This work is licensed under a Creative Commons Attribution 3.0 Unported License.
Total req/resp time
Comparison - total transaction (close)
0
500
1000
1500
2000
Prefork Worker Event nginx
Increasing concurrency
31. This work is licensed under a Creative Commons Attribution 3.0 Unported License.
Resp to Req. Bursts - httperf
100 ---> 20000
0.00
1.75
3.50
5.25
7.00
min avg max dev min avg max dev min avg max dev min avg max dev min avg max dev min avg max dev
prefork worker event nginx
Increasing concurrency
32. This work is licensed under a Creative Commons Attribution 3.0 Unported License.
Independent benchmarks
Source: Ryosuke Matsumoto : http://blog.matsumoto-r.jp/?p=1812
#!/bin/sh
RESULT='./result.txt'
Ā
for port in 80 8080 8888
do
#for count in 1000 2000 3000 4000 5000 6000 7000 8000
9000 10000
#for count in 11000 12000 13000 14000 15000 16000 17000
18000 19000 20000
for count in 21000 22000 23000 24000 25000 26000 27000
28000 29000 30000
do
echo -n "$port $count " >> $RESULT
httperf --rate $count --num-conns 25000 --server
ipaddr --port $port
--uri=/test.html | grep "Request rate:" >>
$RESULT.$port
sleep 60
done
done
33. This work is licensed under a Creative Commons Attribution 3.0 Unported License.
Take-away
ā” Today, the web-server isnāt the slow link in the chain.
ā” Benchmarks get staleā¦ fast!
ā” Real world trumps test environs
ā” Choose the right tool for the right job
@jimjag
34. This work is licensed under a Creative Commons Attribution 3.0 Unported License.
HTTP/2
ā” Implements RFC 7540
ā” Supports both h2 (HTTP/2 over TLS) and h2c (HTTP/2 over TCP[cleartext])
ā” āSemi-experimentalā
ā” Only in that API is still subject to change
ā” Enterprise-ready regarding stability, performance, etc.
ā” Also supported in mod_proxy
@jimjag
35. This work is licensed under a Creative Commons Attribution 3.0 Unported License.
Whatās next?
ā” TCP Proxy
ā” Better async support
ā” More MPMs
ā” motorz:
ā” Streamlined event driven MPM
ā” Prelim benchmarks: 10% faster, 70% the size
ā” Strict HTTP compliance
ā” You tell us!
@jimjag
36. This work is licensed under a Creative Commons Attribution 3.0 Unported License.
Thanks
Twitter: @jimjag
Emails:āØ
jim@jaguNET.comāØ
jim@apache.orgāØ
jim.jagielski@capitalone.com
http://www.slideshare.net/jimjag/