When all you have is a hammer, everything looks like a nail. That’s as true for Web servers as it is for work around the house. This overview explains the pluses and minuses of the obvious candidates — IIS and Apache — and suggests a few alternatives worth exploring.
Once upon a time, the decision was easy. If you needed a Web server, and you used Windows on your servers, you used Microsoft’s Internet Information Server (IIS). If you used anything else — and sometimes even if Windows Server was running in your data center — you used Apache. Simple.
Things are a little bit more complicated in these Web 2.0 days of 2011. Here’s what you should know to pick the right web server for your needs.
The Big Two: Apache and IIS
Mind you, there’s nothing wrong with Apache or IIS. Indeed, according to Netcraft, a site that monitors Web server activity worldwide, in June 2011 over 203 million Web servers were running Apache. That’s 65% of all Web servers running Apache, for those of you keeping score at home. IIS comes in at a distant second place with over 56 million Web sites, or 17% of the market.
Both have good reasons for their popularity. Apache is at the core of the LAMP technology stack upon which a lot of server architecture is based: Linux, Apache, MySQL, PHP/Python/Perl. That’s not just the web server itself but other application servers that use LAMP as a foundation. Among them are popular content management systems (CMSs) as Drupal and blogging platforms such as WordPress. If you need more, many Apache modulesenable you to easily incorporate additional functionality into the Web server.
But, as popular as both of these servers are, just because you have a hammer and screwdriver doesn’t mean that every problem you face is a nail or a screw.
For starters, Apache doesn’t always scale well. As additional Web page requests come in, Apache spawns new threads (i.e., processes). Thus, with more connections, more processes are spawned, and your Web server can become memory starved.
IIS is far more expensive than Apache, once you add in the cost of Microsoft Windows Server 2008 R2 and other back engine software. It also has a reputation for not being the most secure of platforms. Historically, Apache and other open-source Web servers have also proven to be more stable than IIS.
In general, neither Apache nor IIS are lightweight or fast. If you want the maximum number of Web pages, static or dynamic, served in the fastest possible time with the minimum of resources, you need to look beyond the big two.
Three Fast and Lightweight Web Servers
The most popular of the alternative Web servers, with almost 24 million Web sites and 7% of the global market, is Nginx (pronounced “engine X”). Like Apache, Nginx is an open-source HyperText Transfer Protocol (HTTP) Web server. Nginx also includes an Internet Message Access Protocol (IMAP) and Post Office Protocol (POP) server.
Companies like the online TV video on demand (VoD) company Hulu use Nginx for its stability and simple configuration. The single most important reason why companies use Nginx is that its asynchronous architecture gives it a small memory footprint and low resource consumption.
Nginx is also event-based, so it doesn’t spawn new processes or threads for each Web page request. The end result is that even as the load increases, memory use remains predictable. In short, a Nginx Web server can take a lot of beating from users with minimal memory resources.
Nginx also comes ready to be used as a reverse proxy. To a user, in this mode Nginx looks like just another Web server. Behind the scenes, the reverse proxy is used to load balance among several back-end servers, or to provide caching for a slower back-end server. It can also be used to combine multiple back-engine Web servers into what appears to users as a single Web server.
Lighttpd, its makers claim, also uses an “event-driven architecture” and is “optimized for a large number of parallel connections (keep-alive) which is important for high performance Ajax applications.” Thus, Lighthttpd is ideal for Web sites that use the Ajax Web application design model.
Finally, we know that while speed and thrifty system resources are all well and good, your real concern is running a secure Web site. In that case, you should look in on the the Hiawatha Web server. This server’s focus is on security.
For example, rather than use the sometimes broken OpenSSL for Secure Socket Layer (SSL) connections, Hiawatha uses the historically more secure PolarSSL. Similarly, Hiawatha’s developer, realizing that security in the Web server alone isn’t enough, strongly suggests that it be used with the secure Banshee PHP Web site framework.
So which one is right for you? Look at your needs and your existing systems.
Are you already on a Windows foundation? Then IIS remains your easiest choice. Rely on LAMP stack software? Then, clearly Apache is still good for you.
But if you need Web site speed and you simply can’t throw more servers at your performance problems, then Nginx or Lighttpd deserve your attention. If, on the other hand, you’re seriously worried about attacks coming at your company through your Web site, then you should consider Hiawatha.
Of course, before making any decision to switch to another Web server, you should also carefully examine how you are currently using your present Web servers. Proper Web server tuning can often produce excellent results. Whether you stick with your old server or get a new one, making sure it’s been optimized for the best possible results is essential.