Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Why should one use a http server in front of a framework web server?

Tags:

Web applications frameworks such as sinatra (ruby), play (scala), lift (scala) produces a web server listening to a specific port.

I know there are some reasons like security, clustering and, in some cases, performance, that may lead me to use an apache web server in front of my web application one.

Do you have any reasons for this from your experience?

like image 486
juanpavergara Avatar asked Nov 14 '12 02:11

juanpavergara

People also ask

Why do we need HTTP server?

A web server is software and hardware that uses HTTP (Hypertext Transfer Protocol) and other protocols to respond to client requests made over the World Wide Web. The main job of a web server is to display website content through storing, processing and delivering webpages to users.

Why do we need both a web server and an application server?

A web server accepts and fulfills requests from clients for static content (i.e., HTML pages, files, images, and videos) from a website. Web servers handle HTTP requests and responses only. An application server exposes business logic to the clients, which generates dynamic content.

What is the difference between web server and web framework?

As we saw in the last article, web servers and browsers communicate via the HTTP protocol — servers wait for HTTP requests from the browser and then return information in HTTP responses. Web frameworks allow you to write simplified syntax that will generate server-side code to work with these requests and responses.

Is a web framework a web server?

Most of the time, a web app (implemented in a web framework) sits behind a web server, and process requests handed over by the web server. But sometimes, the framework itself can function as a web server, like Tornado/Express. NodeJS is neither a web framework or a web server.

2 Answers

  • Part of any web application is fully standardized and commoditized functionality. The mature web servers like nginx or apache can do the following things. They can do the following things in a way that is very likely more correct, more efficient, more stable, more secure, more familiar to sysadmins, and more easy to configure than anything you could rewrite in your application server.
    • Serve static files such as HTML, images, CSS, javascript, fonts, etc
    • Handle virtual hosting (multiple domains on a single IP address)
    • URL rewriting
    • hostname rewriting/redirecting
    • TLS termination (thanks @emt14)
    • compression (thanks @JacobusR)
  • A separate web server provides the ability to serve a "down for maintenance" page while your application server restarts or crashes
  • Reverse proxies can provide load balancing and fault tolerance for you application framework
  • Web servers have built-in and tested mechanisms for binding to privileged ports (below 1024) as root and then executing as a non-privileged user. Most web application frameworks do not do this by default.
  • Mature web servers are battle hardened and stable. By stable, I mean that they quite literally almost never crash. Your web application is almost certainly far less stable. This gives you the ability to at least serve a pretty error page to the user saying your application is down instead of the web browser just displaying a generic "could not connect" error.
    • Anecdotal case in point: nginx handles attack that would otherwise DoS node.js: http://blog.nodejs.org/2013/10/22/cve-2013-4450-http-server-pipeline-flood-dos/

And just in case you want the semi-official answer from Isaac Schluetter at the Airbnb tech talk on January 30, 2013 around 40 minutes in he addresses the question of whether node is stable & secure enough to serve connections directly to the Internet. His answer is essentially "yes" it is fine. So you can do it and you will probably be fine from a stability and security standpoint (assuming you are using cluster to handle unexpected termination of an app server process), but as detailed above the reality of current operations is that still almost everybody runs node behind a separate web server or reverse proxy/cache.

like image 175
Peter Lyons Avatar answered Oct 21 '22 22:10

Peter Lyons

I would add:

  • ssl handling
  • for some servers like apache lots of modules (i.e. ntml/kerberos authentication)
  • Web servers are much better for some things compared to your application, like serving static.
like image 34
emt14 Avatar answered Oct 22 '22 00:10

emt14
Sign in to Comment

Related questions

How to find sub-directories in a directory/folder?
How to use opendiff as default mergetool
Add a range of items to the beginning of a list?
Why is deleting in a single linked list O(1)?
How to retrieve spring data repository instance for given domain class?
what is the use of "response.setContentType("text/html")" in servlet
how to remove from list using Lambda syntax
WCF Streaming large data (500MB / 1GB) on a self hosted service
I need help understanding PowerShell security and file access issues
how to keep variables that share all node processes in node cluster?
Why do the Django docs suggest a separate server for static files?
Problems with running EXE file built with Visual Studio on another computer

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!