Re: NetBSD - lighttpd - PHP - MySQL - Mediawiki

[Chuck Swiger <cswiger%mac.com@localhost>]

On Sep 13, 2011, at 10:39 AM, Greg A. Woods wrote:
> The "complicated" part is the big deal.  "fast" is secondary -- which is
> why even bozohttpd running under inetd is A-OK for me.

Ah, you're taking me back to the days of the CERN & NCSA httpds, although not 
every website has a low enough query rate that you one afford to fork a process 
for each request.

(This actually was one of the primary issues which Apache was created to 
resolve, by preforking a pool of child workers which stayed around and serviced 
many requests.  Although keeping a busy child process around for many requests 
turned out to be a pretty good way of tickling memory leaks in the system 
libraries....)

> That example you point to is indeed short and simple, but it doesn't
> support anything beyond the very most basic site.  By the time you start
> to do anything useful then Apache configs get very nasty, especially
> with SSL involved.

Public-key cryptography is inherently complicated.

> My most basic Apache-1.x config for just one site with SSL,
> ~/public_html directories, directory indexing, and aliases for
> cgi-bin and the httpd manual is over 220 lines long with all comments
> and blanks stripped and I'm still not exactly sure how some features
> work in SSL vs. non-SSL connections, nor is there any mailman support
> configured.

Many people configure their webservers to vend the exact same static content 
under both HTTP and HTTPS; they program the dynamic portion of the website to 
invoke HTTPS URLs at appropriate times-- ie, when a user logs in, enters CC 
details for a purchase on an online store, etc.

If that isn't what you want to do, it's entirely reasonable to setup separate 
configs and httpd instances for HTTP and HTTPS.  As for GNU Mailman, the 
integration with Apache needs only a single ScriptAlias line-- or between two 
and five config lines, if you have public list archives (possibly 
internationalized):

  http://www.list.org/mailman-install/node10.html

> Some of the features of how Apache is configured are also very prone to
> error, or at least to unexpected results, and there aren't good test and
> validation tools to help figure out what a given config actually means,
> other than actually turning it on and running a whole suite of test URLs
> against it from various client systems.

Hmm.  While I'm willing to accept that someone who is not especially familiar 
with Apache would find it difficult to predict what a given config might do, 
the Apache project does have very good documentation and the defaults they pick 
are reasonable for a wide range of situations.

However, whether one uses Apache, lighttpd, nginx, IIS, or anything else, it's 
standard practice to test out a config change in a QA environment and validate 
that things work as intended before you inflict the config change into 
production.  And yes, validation can include running a whole suite of test URLs 
from various clients, although that can miss things which human testers 
performing end-to-end validation will catch.

> I'm loathe to try Apache-2 since from everything I've seen it just ramps
> up the complexity yet again, and with zero benefit for my uses as far as
> I can tell (except of course for the potential benefit of running better
> maintained code).

Yes, Apache-1.x is at end-of-life.  Apache-2's configuration isn't 
significantly different from Apache-1; although I suppose that if one regards 
Apache-1 config as complicated, then it would be consistent to regard Apache-2 
config as complicated as well.  :-) 

> My lighttpd conf with full mailman support for five virtual domains was
> only just over 200 lines long, and much more understandable, though
> somewhat redundant (collapsing the repeated mailman stuff would cut it
> in half I think, if that were possible).

lighttpd is a fine webserver choice.  I don't see that much of a difference 
between a 220 line Apache config and a 200 line lighttpd config, though...

Regards,
-- 
-Chuck