I mean is "httpd" only used by Apache for the download of the software or is it used by other websites as well? Also is it necessary to have httpd to run "cgi" or not?
And why does Apache use httpd to download the http server instead of having it in a file on their http website?
Apache HTTPD is an HTTP server daemon produced by the Apache Foundation. It is a piece of software that listens for network requests (which are expressed using the Hypertext Transfer Protocol) and responds to them.
It is open source and many entities use it to host their websites.
Other HTTP servers are available (including Apache Tomcat which is designed for running server side programs written in Java (which don't use CGI)).
CGI is a protocol that allows an HTTP server to use an external piece of software to determine how to respond to a request instead of simply returning the contents of a static file. Many HTTP servers support the CGI protocol.
You can use CGI without an HTTP server, but this typically has few uses beyond allowing a developer to perform command line testing of the CGI program. (You certainly can't interact with it directly from a web browser).
HTTP Daemon is a software program that runs in the background of a web server and waits for the incoming server requests. The daemon answers the request automatically and serves the hypertext and multimedia documents over the Internet using HTTP.
Apache Httpd is basically a web server used for handling requests and delivering static content. While CGI is a protocol which adds a scripts with the request and based on the script the content is delivered instead of simply returning a static content. So it is not necessary to use CGI with apache httpd but for delivering a dynnmic content httpd and cgi are used together.
Also using httpd with cgi is a very heavy process of delivering dynamic content as it creates and destroys process with every request response cycle, there are many other efficient alternatives with latest technology.
HTTPd - HyperText Transfer Protocol Daemon
HTTPd is a software program, that usually runs in the background, as a process.
It plays the role of server in a client-server model using HTTP and/or HTTPS network protocols.
HTTPd waits for the incoming client requests and for each request it answers by replying with requested information.
Following are some commonly used HTTPd
Apache
BusyBox
CERN HTTPd
Lighttpd
Ngnix
Related
My situation:
A website is hosted using a default apache2 installation on an ubuntu server.
Served on port 443 using HTTPS and a self-signed certificate (for developping).
Now I have a simple service written in golang that listens at port 8080 and acts as a Reverse Proxy to take https requests, forward them to apache locally and return the response back to the client. This webservice doesn't cache any files and only forwards requests.
Code: https://play.golang.org/p/tnfKVWyLuZQ
My "problem":
Calling apache directly, i.e. https://foo.com/bar/ is remarkably slower (200-400ms) than calling the website through my reverse proxy, i.e. https://foo.com:8080/bar/
Why is it slower to call apache2 directly? I expected to have overhead using a reverse proxy, not a speedup. -> Comparison for example page: https://i.imgur.com/TqznM2v.png
UPDATE: Sketch to show the current setup:
Current Setup
Regarding the encoding: The Encoding is consistent in both situations: Encoding header and Content-Length is in both cases (Situation 1 vs 2) the same, the client also receives the file size. Not sure why in the HAR Viewer it only displays the uncompressed size in the second case. If checking in Chrome I can see the compressed size in both case.
Update #2: I came to the conclusion that the golang implementation handles multiple requests from the same client in a short time more efficiently than apache2 in it's default configuration. Sicne I only test with few clients I can't say how well it scales - I imagine the webservice will fall behind when under load.
I see this as closed, thanks all for the help.
As far as i can see. There are two possible reasons.
The apache reverse proxy handled some cache contain static file like images, css or javascript.
When you browse a https url. A process named "ssl certificate uninstall" will happen, and it can cause huge server load. So if the web application and the ssl certificate are deployed on the same server, the load may cause high-latency. Generally, we use a special device named load-balancer to uninstall ssl certificate, Just like a reverse proxy.
What makes nginx/apache a web server, HAProxy not?
What functionalities HAProxy lacks to be a web server?
HAProxy can listen on port 80 and can speak HTTP but that's not what people mean when they say "web server."
HAProxy is not a web server, because "web server" implies an HTTP endpoint that can serve static content from files and/or dynamic content generated from code. That's not what HAProxy is for.
Technically, there are certain capabilities in HAProxy that can be misused to emulate some capabilities of a web server -- you can serve very small static files from memory buffers and you can generate small dynamic responses using the optional embedded Lua interpreter -- but it is not intended or designed to be used as a web server. It's a proxy server -- emulating a web server toward the client, and emulating a client toward the real back-end web server(s) behind it -- because bidirectional emulation is commonly what proxies do.
With Nginx and Apache, you can specify a root directory from which files are served, and you can specify paths that are to be serviced by code running in languages like Perl, PHP, Python, etc. Not with HAProxy, because, again, that isn't what it's designed to do.
Both Nginx and Apache can also be used as proxy servers, as HAProxy can, but HAproxy is specifically designed and optimized for that primary purpose -- proxying and load balancing against multiple back-end, selecting the back-end using various rules and algorithms... in essence, HAProxy is an "intermediate router" for HTTP requests, delivering them rather than responding to them. It can also proxy and load balance non-HTTP protocols that rely on TCP.
CUPS implements its own web server to host CGI programs on http://localhost:631
server: https://github.com/apple/cups/blob/master/cups/http.c
CGI pages: https://github.com/apple/cups/tree/master/cgi-bin
Creating a web server just for a printing daemon seems like duplicate code and bloat that might lead to code harder to maintain and possible creation of bugs.
Why an actual httpd daemon like Apache is not used?
CUPS uses the Internet Printing Protocol (IPP) for transferring jobs from print clients to print servers (and potentially to printers, if these support IPP).
IPP is based on HTTP.
But IPP is not the same as HTTP.
Also, the CUPS web server is not the same as the CUPS printing daemon. You can disable the web interface completely by putting WebInterface No into your cupsd.conf.
Using Apache or any other HTTP daemon would not so much unbloat CUPS: because these daemons do not talk IPP, and they do not provide any functions as a print server. Therefore, adding them to CUPS just for the web interface would rather bloat up CUPS!
I want the CUPS web server to run PHP so I can do a few print and scan tasks with it without installing another web server.
I would like to setup mod_security as a stand alone instance protecting Tomcat instances against web application attacks. Would anyone know the pros and cons of doing this via installing mod_security as an Apache module versus installing mod_security on a reverse proxy? Has anyone implemented mod_security in either of these fashions? And if so is one preferred over the other?
There's really no difference in your two options. What non reverse proxy would you install the module on to protect Tomcat?
The question doesn't really make sense as they are both the same to you.
If you already have an Apache server, then you install ModSecurity in one of two ways:
In embedded mode by installing ModSecurity as module in the existing Apache instance you already have. The advantages are that you won't have to set up a separate Apache instance, and that the ModSecurity will have access to the environment that Apache runs under (so can see environment variables for example or log to same log files).
In a reverse proxy mode. This involves setting up a separate Apache instance, with ModSecurity on it only, and funnel all requests through it, before sending on the requests to your normal Apache. The advantages here are a dedicated web server just for ModSecurity, so you will not share resources with your existing version of Apache, if it is already resource hungry. Disadvantages are that it doubles your infrastructure and the complications that brings.
Personally I prefer option 1.
However, as you want to set up a dedicated web server in front of TomCat, the two options are identical for you. The new instance of Apache (or Nginx) that you set up will be running it in embedded mode and will act as a reverse proxy to your Tomcat server.
Personally I always think it's best to run a dedicated web server like Apache in front of any app server like Tomcat - especially on a public facing website. Granted Tomcat does include a pretty good web server (called Coyote), which may serve most of your web server needs, but a dedicated web server like Apache is more geared towards serving static content and contains other features for performance and security which make it a better end point server (including the ability to run ModSecurity for example!).
And just in case there is any confusion, Apache is actually short for Apache HTTP Server, and is sometimes called Apache httpd after the process that it runs. It is Apache's most popular bit of software hence why the name gets shortened, but Apache actually have lots of bits of software (including Apache Tomcat - usually shortened just to Tomcat).
Recently our Software Analytic provider (NETTRACKER) sent us a plugin in order to be able to capture visitors in a better way. This plugin is for Apache 1.x and Apache 2.x. They said and I quote
that since Apache Tomcat is built on Apache HTTP server the configuration of the plugin should be the same.
I have looked for a httpd.conf in our tomcat deployment but we cannot find one, the only configuration that is similar to that one is the server.xml under the /conf directory.
If someone has better information regarding these two incredible products (Apache HTTP server and Apache Tomcat) I will greatly appreciate to draw the differences.
EDIT:
In case you are curious we know that Apache Web Server and Tomcat can work together using the mod_jk option and other proxys. But this will be too complex for our deployment.
Apache Tomcat and Apache HTTP are completely different server technologies. It is impossible to use a plugin for Apache HTTP server with Tomcat.
Apache HTTP server is developed in C and so are the plug-ins. On the contrary Tomcat is now completely developed in Java. Tomcat doesn't only serve static content, but it can also serve JSP pages and servlets.
Tomcat is used for hosting Java Web Applications. It can sure serve static content - you can host a web application using only Tomcat. Secure connections are supported and the performance is also very good (comparable with the performance of HTTP server).
A plain installation of Apache serves static content. Using the appropriate plug-ins, HTTP requests can be redirected to an application server (Tomcat, JBoss, Glassfish) or a script language interpreter (PHP). With this way dynamic content can be generated. The big advantages of Apache are the numerous plug-ins available, which allows administrators to configure and monitor web sites any way they want and that is the most widespread server available. This makes it the most secure solution, since it is thoroughly tested and any discovered flaw is corrected very quickly.
The best solution would be to use Tomcat proxied by an Apache server. It isn't so difficult to set up. If you can't do this, then you can't take advantage of Apache's plug-ins.
You see this confusion all the time. Many people think that Apache is a web server where in reality it is the name of an organization that has a web server project called "The Apache HTTP Server Project". In short the web server is called HTTPD (D as in daemon or Unix process).
Tomcat is another Apache project. This project implements a Java servlet engine to serve JSP pages and servlets. Tomcat and HTTPD have nothing to do with each other. However, you can set up HTTPD and Tomcat so that they work together. This way you can have HTTPD serve all static content, do URL rewriting and much more fancy stuff that the built in Tomcat web server can't do (or can't do very well). Whenever a JSP page is requested, HTTPD will pass the request on to Tomcat. Tomcat will process the request and will hand the output back to HTTPD which in turn will send it to the client.
Apache has many interesting projects. E.g. there is also a project called Geronimo which is a Java Enterprise server (J2EE). You can e.g. choose to embed Tomcat inside Geronimo to handle requests for JSP's and servlets where Geronimo does the more enterprisy stuff (LDAP, Messaging etc.). And you guessed it probably already, you can use HTTPD as a static content server for Geronimo as well.
totally bogus. Apache httpd plugins are written in C, Tomcat is pure Java.
Tomcat is a Java servlet engine. It can be hosted under Apache or IIS or quite a number of other external facing web servers. It sounds like you may be currently running your Tomcat instance standalone...
If you serve the JSP/servlets off of port 8080 and have it do things standalone, on the same host machine that Apache is running on, this can allow you to have them loosely coupled. Having multiple web servers fielding independent requests is not recommended, especially if you want to use server-based authentication along with Apache. Typically, you have one outside facing server that shepherds everything through it... Apache does this quite well, and the plugin you mention probably relies on this type of setup (everything gets wired through Apache) for its features/capabilities, based on your brief description of it.
If you would like to serve up your Tomcat servlets under Apache, you could configure apache to forward a class of URIs to your tomcat server instances. you could achieve this type of forwarding through mod_rewrite. this is a slower option performance-wise, as it adds slight overhead on everything you server up. You could also proxy incoming requests via a CGI mechanism similarly, from Apache to Tomcat.
mod_jk will simplify deployment and increase performance for placing Tomcat into an Apache server config. It is pretty painless to configure if you follow the docs, so I am not sure what you mean by "too complex" for your deployment -- if you want Apache and have Tomcat already, it would seem only a matter of slight config changes to get mod_jk downloaded and installed.