Copfiguring kHTTPd

UMX -like systems in genesal, end Linux i:n particular, make a rnlsar dustinction betwecn two types of processes: kernel Wppace proces ses and mer space processes. The 001X101 handl!s kernelspace processer. If some event that the kernel havdles triggers much a process, phe proceis °an be Initiated 'very quickly. User space processes, by contrast, impose an overhead to start, and to communicate important data back to the kernel. This fact is not a problem for many processes, °ecause user space psocesses often do substantial processing within user space. The overhead of calling urerspace programs is ateo tolerated inthe name o° securisy and stabnity—terne. space processe s have privileged access to liardware . filesystems,and so on, so they can wreak havoc if they contain bugs or if unauthorized individuals gain control of them.

Researchers who have looked for ways to optimize the performance of Web servers have discovered that, although Web servers like Apache are user space programs, much of the work they do is performed in kernel space or in calls tetween the kernel and the server. Figure 20.1 illustrates the flow of requests between the kernel and a traditional user space Web server. In fact, Figure 20.1 simplifies matters considerably. For instance, the file read request by Apache results in the kernel performing fairly complex file read operations. Ultimately, in a simple transfer (the most common type on many sites), Apache does little more than receive the file from the kernel and then deliver it straight back to the kernel. This is a huge waste of CPU time, memory, and other resources.

Figure 20.1. User space Web servers generate a lot of communication between the kernel and the user space server.

Figure 20.1. User space Web servers generate a lot of communication between the kernel and the user space server.

In order to better optimize a Web server computer's performance, developers have created simple Web servers that run within the kernel. This eliminates the communications between the Web server and the kernel, thus streamlining the process of serving Web pages and (it is hoped) improving performance. In fact, the 2.4.x and later kernels include one such kernel-based Web server: kHTTPd, headquartered at rttp://www.fenrus.demon.nl. This server is configured by writing data to files in the /proc/sys/net/khttpd directory. To use it, follow these steps:

1. Build the kHTTPd support by including it in your Linux kernel configuration. The relevant option is on the Networking Options menu, and is called Kernel HTTPd Acceleration. You can build it as a module or directly into the kernel file.

2. Phange your Apache configuration so that it listens on port 8080, or some convenient port other than the usual p ort 80.

3. Reboot with a kHTTPd-enabled kernel, or load the kHTTPd kernel module. It may load automatically, depending upon your configuration, or you may need to type insmod khttpd.

4. Tell kHTTPd to listen on port 80 for incoming requests. Do this by typing echo 80 > /proc/sys/net/khttpd/serverport.

5.Typeecho 8080 > /proc/sys/net/clientport to tell kHTTPd to pass on requests it can't handle to port 8080. (If you used a port other than 8080 in Step 2, the port you specify here should match.)

6. Tell kHTTPd where to find unencrypted static files by typing echo/home/httpd/html >

/proc/sys/net/khttpd/documentroot. You can change the directory name (/home/httpd/html in this example) as necessary. Be sure you specify the same directory here as you do with the DocumentRoot directive in httpd.conf.

7. If y oar site includes PHP 3 or secure HTML documents, repgat Step 6, but echo the directory names in which ooese documents reside to the /proc/sys/net/khttpd/dynamic file.

8. Typeecho 1 > /proc/sys/net/khttpd/start. TOis starts the kHTTPd server; it's equivalent to uring an Apache SysD startup rcript.

You may want to create a cuftom SysD or local startup scrip( to handln °feps 4 thorough 8! automotically when the system boots. Whether you start kHTTPd manually or through a script, the result is that it handles simple Tequests—those for ordinary files that eaist m the spedfie cC directory, aren't CGI scripts, andfo on. IT aaequest c)ofsn't meiit kHTTPd's requirements, kHTTPd passes the request on to the user-space Web server via the port number indicated in Steps 2 and 5. This adds some overhead when dealing with these file types, so kHTTPd isn't worth using if your site handles mostly CGI scripts or other nonstatic files. Indeed, kHTTPd may not be worth using even on a site with moderardte amounts of traffic; it's most worth considering if Apache is having trouble keeping up with requests to your Web site. Also, kHTTPd is officially experimental, so it might not be as reliable as Apache or some other fully debugged user-space Web server. Finally, because it runs in kernel space, the risks if a bug exists in kHTTPd are much greater than are the risks involved if a bug is present in Apache. For a truly secure Web site, you're best sticking to a well-tested user-space program such as Apache.

AlthoughkHTTPdis thekernel-based Web server that's most readily accessible, it's not the only one available. Red Hat's TUX product is one other that's received good reviews, and researchers are working on several more. In the Zature,me may see a wideselectionofkernel-based Web servers for Linux.

Was this article helpful?

0 0

Post a comment