Skip to main content

Differences and similarities in web servers

If you talked to a new grad and asked them "how can I achieve concurrency in code?" There are two obvious answers: multi-threading and multi-processing. Factually, both approaches are schemes to map instructions to the CPU/bare metal. Although from the hardware's standpoint, they are very different, from an engineer's standpoint, many use cases tend to be fairly similar. This matters for web servers.

In fact, for a long time, those two methods (multi-processing and multi-threading) were the primary ways to map HTTP requests to a web server's hardware. That is, if a request comes in, a request will map to a process or map to a thread. In Apache HTTPD-speak, you can control which scheme you use. That mapping component is called the "Multi-Processing Module" or MPM. This is all fine and dandy if the requests don't do anything requiring blocking or asynchronous behavior and all requests are short lived. However, nearly all modern web applications require data stores which are far from synchronous.

Traditionally, at least in Linux (~96% of web servers[1]), this is a problem. In the old world, web servers have depended on two system calls: select() and poll(). In both cases, your listening process/dispatcher continuously polls a number of file descriptors which represent socket IO. Sockets get created for each connection and are alive until closed (so they can be blocked). Webservers, internally, have an internal loop that calls select()/poll(). So essentially, for each new connection, you add to your O(n) operation that happens each loop whether they're ready to be processed or not. As you can imagine, when you've got a ton of file descriptors for which we're waiting for things, a lot of wasted time is spent just polling. This all changed with the introduction of the system call epoll() on Oct 19, 2002 (Linux kernel version 2.5.44 [2]). epoll() essentially turns the O(n) polling into an O(1) polling as it only returns the file descriptors that you need to operate on. This is the latest and greatest system call (on Linux) that modern web servers use to monitor socket IO. There's a lot of misinformation on the Internet where a lot of engineers say "Node.js/Nginx is different because of their use of epoll()". This just isn't true. Apache (with mpm_event), Node, Nginx, Lighthttpd can all use epoll() on Linux.

I'd like to predicate this section with the fact that, the following paragraph wasn't always true and Apache has, at one point, been significantly slower than other webservers. Today, however, Apache with mod_event (the most modern configuration of Apache) uses an event driven model to dispatch to a thread or process pool. That is, Apache will accept a request from the kernel using epoll(), push it onto a queue, and have a pool of threads process that queue. Nginx, does the exact same thing. That is, if we're talking about web applications which are based on externally executed code, Nginx and Apache will perform very similarly. The reason is, while the underlying architecture may be different, the blocking component is the code and that code waits for things like databases. So if we're using PHP, Python, etc. the difference between Apache and Nginx is minimal when both webservers are tuned correctly. The story is different if using mpm_prefork or mpm_worker where Apache will most likely underperform Nginx and other HTTP servers which have been created after 2002.

Where they perform differently and where Nginx's architecture shines is when it comes to static files. Even with Apache using mod_event, Nginx will, on average out-perform Apache.

You can see (somewhat recent) results comparing the two here:

You might think that given that Nginx outperforms Apache in the case of static files we should always resort to Nginx. That's not entirely true. In cases where we're not close to Apache's threshold, the differences between Nginx and Apache are most likely not important because we'd always be under capacity. In the cases where we are close to Apache's threshold, we're starting to run into the equivalent Nginx server at ~50% capacity. At this point, an engineer should start thinking about distributed delivery systems (ie. CDN or a distributed cluster behind a load balancer) where the questions about which webserver are less important than the ability to horizontally scale content delivery. So really, the choice between Apache and Nginx is arguably moot in most important cases.

Today, there's an emergence of individual webservers that are specific to a programming language and allows the language to talk directly to a socket. Examples of this are Node.js, Tornado, and Netty. I will contend that you will almost always want to put this kind of server behind a frontend web server (either Nginx or Apache). The reason being is, the Internet is a hostile place. Both Apache and Nginx have wonderfully convenient ways of handling DoS, ensuring SSL is used properly, logging facilities, and so on. In the case that you aren't behind a frontend web server, all of this logic must happen in application code as opposed to using mature, battle tested and optimized web server code (typically written in C). Undoubtedly, hardening a web application requires an approach beyond just web server configuration and taking a look at application code. But you do get an awful lot for free by putting a frontend web server in front of whatever server is hosting your application code.



Popular posts from this blog

How to get 70 job interviews in 17 days

When I was but a wee lad, I dreamed of being a janitor for NASA. There's just something awesome about playing a part, no matter how small, of something that dares to push the world forward. While I no longer hold my old lofty dreams of working for NASA, I have had to recently look for jobs. For whatever contrived reason, the conventional thinking behind how people should search for jobs falls under two categories: networking and job sites. While those approaches work, a very useful metaphor for how you might view yourself is that you're a business. You sell your product (your time) for a salary (your revenue). You might argue, most wages in the western world are $20,000 USD to $500,000 USD. If you're a business, then it's probably also helpful to think about selling your product (time) like a business. Typically, different price points in business dictate different sales and marketing techniques. Below say, $10 a month, direct sales (sales where you sell to people

What marketing might look like in the future

There once lived a wise, middle aged, bald prophet named Marc Andreessen. His job, was to profit from prophecy. Today, he is one of the most well known, and respected, venture capitalists in the world. He is famous for some of his sayings such as "if you want to see where a bubble is forming, follow the MBAs" in reference to the MBAs going to Wall St during the mortgage backed securities crisis of 2008 and the dot com bust in 2002. Arguably, his most famous saying is/was "software is eating the world". Today, it's a foregone conclusion that, software has broken the way a lot of industries fundamentally operate. I think it's particularly interesting, however, to think about what that means for marketing. I'm of the opinion that, very few companies really understand what they're doing and that modern marketing should not only look like engineering... it should be engineering. One way to think about marketing is that there are two key components to ma

Superficial impressions of business in China

I’m walking down a residential street in Tianjin. Food vendors hustle their wares for dirt cheap prices. A whole Peking duck for $3.80 USD? Sign me up for that! As I bring my spoils back to my girlfriend’s apartment, I can’t help but feel like I’m caught back in time while the rest of the country is moving in fast forward.  I’m on my computer looking at valuations of companies in the healthcare/pharmaceutical space. $500M here, $300M there. Whatever your conceptions of speed or size are in the Valley, I assure you, they have nothing on China. The game being played in China is big and aggressive. And Clay Christensen’s “Innovator’s Dilemma”? Nowhere to be found. Alibaba does everything from B2B sales to B2C pharmaceuticals. Big companies just aren’t slow here. What about the startups? Even more fast and furious.  As a foreigner, China is a daunting place. Almost every perception of what you think you know about doing business basically doesn’t really apply here. In the Valley,