Author: Dean Gaudet
Apache is a general webserver, which is designed to be correct first, and fast second. Even so, it's performance is quite satisfactory. Most sites have less than 10Mbits of outgoing bandwidth, which Apache can fill using only a low end Pentium-based webserver. In practice sites with more bandwidth require more than one machine to fill the bandwidth due to other constraints (such as CGI or database transaction overhead). For these reasons the development focus has been mostly on correctness and configurability.
Unfortunately many folks overlook these facts and cite raw performance numbers as if they are some indication of the quality of a web server product. There is a bare minimum performance that is acceptable, beyond that extra speed only caters to a much smaller segment of the market. But in order to avoid this hurdle to the acceptance of Apache in some markets, effort was put into Apache 1.3 to bring performance up to a point where the difference with other high-end webservers is minimal.
Finally there are the folks who just plain want to see how fast something can go. The author falls into this category. The rest of this document is dedicated to these folks who want to squeeze every last bit of performance out of Apache's current model, and want to understand why it does some things which slow it down.
Note that this is tailored towards Apache 1.3 on Unix. Some of it applies to Apache on NT. Apache on NT has not been tuned for performance yet, in fact it probably performs very poorly because NT performance requires a different programming model.
The single biggest hardware issue affecting webserver performance
is RAM. A webserver should never ever have to swap, swapping increases
the latency of each request beyond a point that users consider "fast
enough". This causes users to hit stop and reload, further increasing
the load. You can, and should, control the MaxClients
setting so that your server does not spawn so many children it starts
swapping.
Beyond that the rest is mundane: get a fast enough CPU, a fast enough network card, and fast enough disks, where "fast enough" is something that needs to be determined by experimentation.
Operating system choice is largely a matter of local concerns. But a general guideline is to always apply the latest vendor TCP/IP patches. HTTP serving completely breaks many of the assumptions built into Unix kernels up through 1994 and even 1995. Good choices include recent FreeBSD, and Linux.
Prior to Apache 1.3, HostnameLookups
defaulted to On.
This adds latency
to every request because it requires a DNS lookup to complete before
the request is finished. In Apache 1.3 this setting defaults to Off.
However (1.3 or later), if you use any allow from domain
or
deny from domain
directives then you will pay for a
double reverse DNS lookup (a reverse, followed by a forward to make sure
that the reverse is not being spoofed). So for the highest performance
avoid using these directives (it's fine to use IP addresses rather than
domain names).
Note that it's possible to scope the directives, such as within
a <Location /server-status>
section. In this
case the DNS lookups are only performed on requests matching the
criteria. Here's an example which disables
lookups except for .html and .cgi files:
But even still, if you just need DNS names in some CGIs you could consider doing theHostnameLookups off <Files ~ "\.(html|cgi)$> HostnameLookups on </Files>
gethostbyname
call in the specific CGIs that need it.
Wherever in your URL-space you do not have an
Options FollowSymLinks
, or you do have an
Options SymLinksIfOwnerMatch
Apache will have to
issue extra system calls to check up on symlinks. One extra call per
filename component. For example, if you had:
and a request is made for the URIDocumentRoot /www/htdocs <Directory /> Options SymLinksIfOwnerMatch </Directory>
/index.html
.
Then Apache will perform lstat(2)
on /www
,
/www/htdocs
, and /www/htdocs/index.html
. The
results of these lstats
are never cached,
so they will occur on every single request. If you really desire the
symlinks security checking you can do something like this:
This at least avoids the extra checks for theDocumentRoot /www/htdocs <Directory /> Options FollowSymLinks </Directory> <Directory /www/htdocs> Options -FollowSymLinks +SymLinksIfOwnerMatch </Directory>
DocumentRoot
path. Note that you'll need to add similar sections if you have any
Alias
or RewriteRule
paths outside of your
document root. For highest performance, and no symlink protection,
set FollowSymLinks
everywhere, and never set
SymLinksIfOwnerMatch
.
Wherever in your URL-space you allow overrides (typically
.htaccess
files) Apache will attempt to open
.htaccess
for each filename component. For example,
and a request is made for the URIDocumentRoot /www/htdocs <Directory /> AllowOverride all </Directory>
/index.html
. Then
Apache will attempt to open /.htaccess
,
/www/.htaccess
, and /www/htdocs/.htaccess
.
The solutions are similar to the previous case of Options
FollowSymLinks
. For highest performance use
AllowOverride None
everywhere in your filesystem.
If at all possible, avoid content-negotiation if you're really interested in every last ounce of performance. In practice the benefits of negotiation outweigh the performance penalties. There's one case where you can speed up the server. Instead of using a wildcard such as:
Use a complete list of options:DirectoryIndex index
where you list the most common choice first.DirectoryIndex index.cgi index.pl index.shtml index.html
Prior to Apache 1.3 the MinSpareServers
,
MaxSpareServers
, and StartServers
settings
all had drastic effects on benchmark results. In particular, Apache
required a "ramp-up" period in order to reach a number of children
sufficient to serve the load being applied. After the initial
spawning of StartServers
children, only one child per
second would be created to satisfy the MinSpareServers
setting. So a server being accessed by 100 simultaneous clients,
using the default StartServers
of 5 would take on
the order 95 seconds to spawn enough children to handle the load. This
works fine in practice on real-life servers, because they aren't restarted
frequently. But does really poorly on benchmarks which might only run
for ten minutes.
The one-per-second rule was implemented in an effort to avoid
swamping the machine with the startup of new children. If the machine
is busy spawning children it can't service requests. But it has such
a drastic effect on the perceived performance of Apache that it had
to be replaced. As of Apache 1.3,
the code will relax the one-per-second rule. It
will spawn one, wait a second, then spawn two, wait a second, then spawn
four, and it will continue exponentially until it is spawning 32 children
per second. It will stop whenever it satisfies the
MinSpareServers
setting.
This appears to be responsive enough that it's
almost unnecessary to twiddle the MinSpareServers
,
MaxSpareServers
and StartServers
knobs. When
more than 4 children are spawned per second, a message will be emitted
to the ErrorLog
. If you see a lot of these errors then
consider tuning these settings. Use the mod_status<