Apache HTTP Server: new features for version 2.4
The Apache Foundation released Apache HTTP Server 2.2.0 at the end of 2005. Now 7 years later there is a new major release of Apache HTTP Server. Apache HTTP Server currently has 65% market share according to Netcraft.
There has always been two competitors in the web space - Apache and IIS - but in late 2007, NGINX was born and has been grabbing more and more market share everyday. Looking at the release notes for Apache 2.4 you can see that this release has a few features that match NGINX's feature set. Apache HTTP 2.4 has included something for everyone: performance increases; lower memory usage; new modules; program enhancements and new features for old modules.
Related Blog >> Apache vs. NGINX
I have picked 10 pieces from the Apache 2.4 change log that I feel are important to know about:
Back to topRun-time Loadable Multi-Processing Modules (MPMs)
Multi-Processing Modules (MPMs) are responsible for binding to network ports, accepting requests from clients, and dispatching children/threads to handle requests. Before Apache 2.4 MPMs had to be statically compiled into the Apache binary and this would cause a re-compile if you wanted or needed to change from a threaded or server based Apache instance. Now with the new Apache 2.4 release you can pass the --enable-mpms-shared option to your configure which will enable shared or Dynamically loaded MPMs. With this feature enabled, you can on-demand change the MPM your server is using, which is great for testing and environments when you want the same Apache binary but different MPMs.
Back to topEvent MPM
NGINX used to be the king for event driven web servers. Yet, if you look at the market share, you can see that NGINX has grown its share while Apache has lost share. I believe this has to do with the mobile market where you have more requests that are long-running but of a small size. This demand stresses a server that needs one thread running for every client.
The event MPM is the "fix" for Apache's "keep alive problem" making it so Apache no longer needs to have one thread open per concurrent client. There are still issues with this module and one of them occurs when using SSL. Since the event MPM is based on the old worker, it will step down to normal worker functions when you are on a https connection. You will also need a system that is compatible with KQueue and EPoll for the event MPM to work.
Back to topNameVirtualHost Is Deprecated
You do not need to use the name virtualhost anymore when you create a virtualhost context. Apache finds and enables NamedVirtualHost for you so you can now remove the NameVirtualHost settings.
Back to topConfig File Variables
This is a good one! Now you can use variables in your configuration files that make the file much more versatile and clean. You can now add the "Define rootDir /var/www" and just use that variable (${rootDir}) throughout the file; I think this is a great new feature for Apache 2.4.
Back to topReduced Memory Usage
I think this is one more stab at NGINX since one of the two reasons people go to NGINX is memory usage (and Event driven) so this is a welcomed addition. I do not have any statistics yet, but as soon as we start hammering Apache 2.4 in the lab here at Openlogic we might release some data to see how Apache 2.4 performs in the memory space.
Back to topNew Modules
mod_heartmonitor
Status: Experimental! This is a module that Apache and mod_balancer needs to get a full feature set for loadbalancing and proper load distribution in a cluster setup. You have mod_heartbeat that talks to mod_heartbeatmonitor using UDP packets so that a frontend Apache can correctly loadbalance clusters of Apache using busy/idle workers information.
mod_sed
Status: Experimental! mod_substitute is still available and probably the module you would use for a production server. However, mod_sed is a more advanced substitution module that allows you to edit the response body using sed. This is a very promising module and I can't wait to see what this can do under load.
mod_session
Mod_session and mod_auth_form together will allow you to configure Apache to handle the form authentication and then pass the credentials back to your application which is a great add-on to Apache. For a legacy system where you want to implement a better more standard authentication mod_session combined with mod_auth_form is a great fit.
"We want to instead provide a service to module developers as well as sys-admins who have always needed to worry about implementing sessions, in one way or another," Jagielski said. "Mod_session provides a universal framework that people can use, which has been lacking for a long time." - Jim Jagielski, ASF President and Apache HTTP Server Project Management Committee
Back to topEnhancements to mod_ssl
mod_ssl has a few new tricks up its sleeve and the biggest might just be that you can now share your SSL Session cache between Apache servers using a memcache server. Online Certificate Status Protocol (OCSP) is now somewhat supported; Apache can be configured to check the client certificate. Apache also supports OCSP stapling, where the server verifies the certificate during a client handshake.
Back to topEnhancements to mod_proxy_balancer
Here is the list from Apache:
• More runtime configuration changes for BalancerMembers via balancer-manager
• Additional BalancerMembers can be added at runtime via balancer-manager
• Runtime configuration of a subset of Balancer parameters
• BalancerMembers can be set to 'Drain' so that they only respond to existing sticky sessions, allowing them to be taken gracefully offline.
• Balancer settings can be persistent after restarts.
There are some very cool new features here, but I think the one that is going to get most people excited is the new draining function so that you can easily remove servers from the balancer even under daytime load. Adding a new server to you balancers under load without the need to restart the cluster and have that server stick after a restart is also a great feature.
Additional Resources
- Blog - What is Apache HTTPd Server CVE 2019-0211?
- Blog - Apache vs. NGINX: Which Web Server Is Better?
- Blog - Web Server vs. Application Server: What's the Difference?
Back to topGet Support for Apache Server and All Your Open Source Infrastructure
OpenLogic's enterprise architects can help you configure Apache properly and support your entire open source infrastructure. We offer guaranteed SLAs up to 24/7/365, with no limits on tickets or team members. To get started, just click the button below.