Software for building web presence - QutEcoacoustics/baw-server GitHub Wiki

Some information about the software that can help to set up an SSL website that aggressively caches and provides multiple web servers.

Pound

WHAT POUND IS:

• a reverse-proxy: it passes requests from client browsers to one or more back-end servers.
• a load balancer: it will distribute the requests from the client browsers among several back-end servers, while keeping session information.
• an SSL wrapper: Pound will decrypt HTTPS requests from client browsers and pass them as plain HTTP to the back-end servers.
• an HTTP/HTTPS sanitizer: Pound will verify requests for correctness and accept only well-formed ones.
• a fail over-server: should a back-end server fail, Pound will take note of the fact and stop passing requests to it until it recovers.
• a request redirector: requests may be distributed among servers according to the requested URL.

Pound is a very small program, easily audited for security problems. It can run as setuid/setgid and/or in a chroot jail. Pound does not access the hard-disk at all (except for reading the certificate file on start, if required) and should thus pose no security threat to any machine.

WHAT POUND IS NOT:

• Pound is not a Web server: by itself, Pound serves no content - it contacts the back-end server(s) for that purpose.
• Pound is not a Web accelerator: no caching is done - every request is passed "as is" to a back-end server.

stud

stud is a network proxy that terminates TLS/SSL connections and forwards the unencrypted traffic to some backend. It's designed to handle 10s of thousands of connections efficiently on multicore machines.

stunnel

The stunnel program is designed to work as an SSL encryption wrapper between remote client and local (inetd-startable) or remote server. It can be used to add SSL functionality

nginx

nginx [engine x] is an HTTP and reverse proxy server, as well as a mail proxy server, written by Igor Sysoev. For a long time, it has been running on many heavily loaded Russian sites including Yandex, Mail.Ru, VKontakte, and Rambler. According to Netcraft nginx served or proxied 19.21% busiest sites in June 2014. Here are some of the success stories: Netflix, Wordpress.com, FastMail.FM.

The sources and documentation are distributed under the 2-clause BSD-like license.

Basic HTTP server features

• Serving static and index files, autoindexing; open file descriptor cache;
• Accelerated reverse proxying with caching; simple load balancing and fault tolerance;
• Accelerated support with caching of FastCGI, uwsgi, SCGI, and memcached servers; simple load balancing and fault tolerance;
• Modular architecture. Filters include gzipping, byte ranges, chunked responses, XSLT, SSI, and image transformation filter. Multiple SSI inclusions within a single page can be processed in parallel if they are handled by proxied or FastCGI/uwsgi/SCGI servers;
• SSL and TLS SNI support.

Other HTTP server features

• Name-based and IP-based virtual servers;
• Keep-alive and pipelined connections support;
• Flexible configuration;
• Reconfiguration and upgrade of an executable without interruption of the client servicing;
• Access log formats, buffered log writing, and fast log rotation;
• 3xx-5xx error codes redirection;
• The rewrite module: URI changing using regular expressions;
• Executing different functions depending on the client address;
• Access control based on client IP address, by password (HTTP Basic authentication) and by the result of subrequest;
• Validation of HTTP referer;
• The PUT, DELETE, MKCOL, COPY, and MOVE methods;
• FLV and MP4 streaming;
• Response rate limiting;
• Limiting the number of simultaneous connections or requests coming from one address; Embedded Perl.

Varnish

Varnish Cache is a web application accelerator also known as a caching HTTP reverse proxy. You install it in front of any server that speaks HTTP and configure it to cache the contents.

(requires some other software that can terminate SSL connections in front of it)

HAProxy

HAProxy is a free, very fast and reliable solution offering high availability, load balancing, and proxying for TCP and HTTP-based applications. It is particularly suited for very high traffic web sites and powers quite a number of the world's most visited ones. Over the years it has become the de-facto standard opensource load balancer, is now shipped with most mainstream Linux distributions, and is often deployed by default in cloud platforms.

Passenger (Apache version)

Phusion Passenger is an application server which can directly integrate into Apache. It is designed to be easy to use, fast, stable and reliable and is used by hundreds of thousands of websites all over the world. Phusion Passenger is a so-called polyglot application server because it supports applications written in multiple programming languages. At this time, Ruby and Python are supported.

Resources

• Production Rails Tuning with Passenger: PassengerMaxProcesses