Apache HTTP Server Version 2.4
Apache HTTP Server Version 2.4
Apache 2.x is a general-purpose webserver, designed to provide a balance of flexibility, portability, and performance. Although it has not been designed specifically to set benchmark records, Apache 2.x is capable of high performance in many real-world situations.
Compared to Apache 1.3, release 2.x contains many additional optimizations to increase throughput and scalability. Most of these improvements are enabled by default. However, there are compile-time and run-time configuration choices that can significantly affect performance. This document describes the options that a server administrator can configure to tune the performance of an Apache 2.x installation. Some of these configuration options enable the httpd to better take advantage of the capabilities of the hardware and OS, while others allow the administrator to trade functionality for speed.
Hardware and Operating System Issues Run-Time Configuration Issues Compile-Time Configuration Issues Appendix: Detailed Analysis of a Trace
The single biggest hardware issue affecting webserver
performance is RAM. A webserver should never ever have to swap,
as swapping increases the latency of each request beyond a point
that users consider "fast enough". This causes users to hit
stop and reload, further increasing the load. You can, and
should, control the MaxRequestWorkers setting so that your server
does not spawn so many children that it starts swapping. The procedure
for doing this is simple: determine the size of your average Apache
process, by looking at your process list via a tool such as
top, and divide this into your total available memory,
leaving some room for other processes.
Beyond that the rest is mundane: get a fast enough CPU, a fast enough network card, and fast enough disks, where "fast enough" is something that needs to be determined by experimentation.
Operating system choice is largely a matter of local concerns. But some guidelines that have proven generally useful are:
Run the latest stable release and patch level of the operating system that you choose. Many OS suppliers have introduced significant performance improvements to their TCP stacks and thread libraries in recent years.
If your OS supports a sendfile(2) system
call, make sure you install the release and/or patches
needed to enable it. (With Linux, for example, this means
using Linux 2.4 or later. For early releases of Solaris 8,
you may need to apply a patch.) On systems where it is
available, sendfile enables Apache 2 to deliver
static content faster and with lower CPU utilization.
| Related Modules | Related Directives |
|---|---|
Prior to Apache 1.3, HostnameLookups defaulted to On.
This adds latency to every request because it requires a
DNS lookup to complete before the request is finished. In
Apache 1.3 this setting defaults to Off. If you need
to have addresses in your log files resolved to hostnames, use the
logresolve
program that comes with Apache, or one of the numerous log
reporting packages which are available.
It is recommended that you do this sort of postprocessing of your log files on some machine other than the production web server machine, in order that this activity not adversely affect server performance.
If you use any Allow from domainDeny from domain
Note that it's possible to scope the directives, such as
within a <Location "/server-status"> section.
In this case the DNS lookups are only performed on requests
matching the criteria. Here's an example which disables lookups
except for .html and .cgi files:
HostnameLookups off <Files ~ "\.(html|cgi)$"> HostnameLookups on </Files>
But even still, if you just need DNS names in some CGIs you
could consider doing the gethostbyname call in the
specific CGIs that need it.
Wherever in your URL-space you do not have an Options
FollowSymLinks, or you do have an Options
SymLinksIfOwnerMatch, Apache will need to issue extra
system calls to check up on symlinks. (One extra call per
filename component.) For example, if you had:
DocumentRoot "/www/htdocs" <Directory "/"> Options SymLinksIfOwnerMatch </Directory>
and a request is made for the URI /index.html,
then Apache will perform lstat(2) on
/www, /www/htdocs, and
/www/htdocs/index.html. The results of these
lstats are never cached, so they will occur on
every single request. If you really desire the symlinks
security checking, you can do something like this:
DocumentRoot "/www/htdocs" <Directory "/"> Options FollowSymLinks </Directory> <Directory "/www/htdocs"> Options -FollowSymLinks +SymLinksIfOwnerMatch </Directory>
This at least avoids the extra checks for the
DocumentRoot path.
Note that you'll need to add similar sections if you
have any Alias or
RewriteRule paths
outside of your document root. For highest performance,
and no symlink protection, set FollowSymLinks
everywhere, and never set SymLinksIfOwnerMatch.
Wherever in your URL-space you allow overrides (typically
.htaccess files), Apache will attempt to open
.htaccess for each filename component. For
example,
DocumentRoot "/www/htdocs" <Directory "/"> AllowOverride all </Directory>
and a request is made for the URI /index.html.
Then Apache will attempt to open /.htaccess,
/www/.htaccess, and
/www/htdocs/.htaccess. The solutions are similar
to the previous case of Options FollowSymLinks.
For highest performance use AllowOverride None
everywhere in your filesystem.
If at all possible, avoid content negotiation if you're really interested in every last ounce of performance. In practice the benefits of negotiation outweigh the performance penalties. There's one case where you can speed up the server. Instead of using a wildcard such as:
DirectoryIndex index
Use a complete list of options:
DirectoryIndex index.cgi index.pl index.shtml index.html
where you list the most common choice first.
Also note that explicitly creating a type-map
file provides better performance than using
MultiViews, as the necessary information can be
determined by reading this single file, rather than having to
scan the directory for files.
If your site needs content negotiation, consider using
type-map files, rather than the Options
MultiViews directive to accomplish the negotiation. See the
Content Negotiation
documentation for a full discussion of the methods of negotiation,
and instructions for creating type-map files.
In situations where Apache 2.x needs to look at the contents
of a file being delivered--for example, when doing server-side-include
processing--it normally memory-maps the file if the OS supports
some form of mmap(2).
On some platforms, this memory-mapping improves performance. However, there are cases where memory-mapping can hurt the performance or even the stability of the httpd:
On some operating systems, mmap does not scale
as well as read(2) when the number of CPUs increases.
On multiprocessor Solaris servers, for example, Apache 2.x sometimes
delivers server-parsed files faster when mmap is disabled.
If you memory-map a file located on an NFS-mounted filesystem and a process on another NFS client machine deletes or truncates the file, your process may get a bus error the next time it tries to access the mapped file content.
For installations where either of these factors applies, you
should use EnableMMAP off to disable the memory-mapping
of delivered files. (Note: This directive can be overridden on
a per-directory basis.)
In situations where Apache 2.x can ignore the contents of the file
to be delivered -- for example, when serving static file content --
it normally uses the kernel sendfile support for the file if the OS
supports the sendfile(2) operation.
On most platforms, using sendfile improves performance by eliminating separate read and send mechanics. However, there are cases where using sendfile can harm the stability of the httpd:
Some platforms may have broken sendfile support that the build system did not detect, especially if the binaries were built on another box and moved to such a machine with broken sendfile support.
With an NFS-mounted filesystem, the kernel may be unable to reliably serve the network file through its own cache.
For installations where either of these factors applies, you
should use EnableSendfile off to disable sendfile
delivery of file contents. (Note: This directive can be overridden
on a per-directory basis.)
Prior to Apache 1.3 the MinSpareServers, MaxSpareServers, and StartServers settings all had drastic effects on
benchmark results. In particular, Apache required a "ramp-up"
period in order to reach a number of children sufficient to serve
the load being applied. After the initial spawning of
StartServers children,
only one child per second would be created to satisfy the
MinSpareServers
setting. So a server being accessed by 100 simultaneous
clients, using the default StartServers of 5 would take on
the order of 95 seconds to spawn enough children to handle
the load. This works fine in practice on real-life servers
because they aren't restarted frequently. But it does really
poorly on benchmarks which might only run for ten minutes.
The one-per-second rule was implemented in an effort to
avoid swamping the machine with the startup of new children. If
the machine is busy spawning children, it can't service
requests. But it has such a drastic effect on the perceived
performance of Apache that it had to be replaced. As of Apache
1.3, the code will relax the one-per-second rule. It will spawn
one, wait a second, then spawn two, wait a second, then spawn
four, and it will continue exponentially until it is spawning
32 children per second. It will stop whenever it satisfies the
MinSpareServers
setting.
This appears to be responsive enough that it's almost
unnecessary to twiddle the MinSpareServers, MaxSpareServers and StartServers knobs. When more than 4 children are
spawned per second, a message will be emitted to the
ErrorLog. If you
see a lot of these errors, then consider tuning these settings.
Use the mod_status output as a guide.
Related to process creation is process death induced by the
MaxConnectionsPerChild
setting. By default this is 0,
which means that there is no limit to the number of connections
handled per child. If your configuration currently has this set
to some very low number, such as 30, you may want to bump this
up significantly. If you are running SunOS or an old version of
Solaris, limit this to 10000 or so because of memory leaks.
When keep-alives are in use, children will be kept busy
doing nothing waiting for more requests on the already open
connection. The default KeepAliveTimeout of 5
seconds attempts to minimize this effect. The tradeoff here is
between network bandwidth and server resources. In no event
should you raise this above about 60 seconds, as
most of the benefits are lost.
Apache 2.x supports pluggable concurrency models, called
Multi-Processing Modules (MPMs).
When building Apache, you must choose an MPM to use. There
are platform-specific MPMs for some platforms:
mpm_netware,
mpmt_os2, and mpm_winnt. For
general Unix-type systems, there are several MPMs from which
to choose. The choice of MPM can affect the speed and scalability
of the httpd:
worker MPM uses multiple child
processes with many threads each. Each thread handles
one connection at a time. Worker generally is a good
choice for high-traffic servers because it has a smaller
memory footprint than the prefork MPM.event MPM is threaded like the
Worker MPM, but is designed to allow more requests to be
served simultaneously by passing off some processing work
to supporting threads, freeing up the main threads to work
on new requests.prefork MPM uses multiple child
processes with one thread each. Each process handles
one connection at a time. On many systems, prefork is
comparable in speed to worker, but it uses more memory.
Prefork's threadless design has advantages over worker
in some situations: it can be used with non-thread-safe
third-party modules, and it is easier to debug on platforms
with poor thread debugging support.For more information on these and other MPMs, please see the MPM documentation.
Since memory usage is such an important consideration in
performance, you should attempt to eliminate modules that you are
not actually using. If you have built the modules as DSOs, eliminating modules is a simple
matter of commenting out the associated LoadModule directive for that module.
This allows you to experiment with removing modules and seeing
if your site still functions in their absence.
If, on the other hand, you have modules statically linked into your Apache binary, you will need to recompile Apache in order to remove unwanted modules.
An associated question that arises here is, of course, what
modules you need, and which ones you don't. The answer here
will, of course, vary from one web site to another. However, the
minimal list of modules which you can get by with tends
to include mod_mime, mod_dir,
and mod_log_config. mod_log_config is,
of course, optional, as you can run a web site without log
files. This is, however, not recommended.
Some modules, such as mod_cache and
recent development builds of the worker MPM, use APR's
atomic API. This API provides atomic operations that can
be used for lightweight thread synchronization.
By default, APR implements these operations using the
most efficient mechanism available on each target
OS/CPU platform. Many modern CPUs, for example, have
an instruction that does an atomic compare-and-swap (CAS)
operation in hardware. On some platforms, however, APR
defaults to a slower, mutex-based implementation of the
atomic API in order to ensure compatibility with older
CPU models that lack such instructions. If you are
building Apache for one of these platforms, and you plan
to run only on newer CPUs, you can select a faster atomic
implementation at build time by configuring Apache with
the --enable-nonportable-atomics option:
./buildconf
./configure --with-mpm=worker --enable-nonportable-atomics=yes
The --enable-nonportable-atomics option is
relevant for the following platforms:
--enable-nonportable-atomics,