Apache

Apache goes back a long way – it was launched in 1995, so it is now well over 20 years old. It’s full name is Apache HTTP Server, and some people refer to Apache just as httpd. Recent statistics suggest that Apache is the web server that powers more than half of the websites on the internet, it is without doubt the most popular web server available.

Apache is OS agnostic, so you can run Apache on anything from Windows to Mac OS X. However, Apache is usually run on some variant of the Linux OS. Apache is open source and it is licensed under Apache License V2. You can easily extent Apache thanks to its modular nature, simply by adding extra modules to enable additional features.

One popular example of an extension for Apache is mod_proxy which enables you to use a gateway or proxy on your Apache server – it also makes it easy to use load balancing across all of the supported protocols. HTTP2 is also supported by Apache thanks to an add-in module called mod_http2, but you can only use mod_http2 if you have Apache version 2.4 or alter.

The Apache open source web server has been the most popular way to serve web pages since 1996 and therefore benefits from extensive passive support – you will find bags of Apache documentation, alongside integrated support for Apache offered by many other software products. Apache is managed by the Apache Foundation, there is a page for the Apache project here.

Apache Tomcat

To understand how Apache Tomcat is different from Apache you simply need to understand this simple concept: Apache Tomcat is a Java servlet container which works as a webpage server. Remember, a Java servlet is a particular type of Java program that can extend the capabilities of a specific server.

Java servlets can respond to any type of request but Java servlets are generally used to enable applications which are hosted on a web server. These web servlets are Java’s rendition of web content tech that renders dynamic pages, think ASP.NET and PHP for example.

The code for Apache Tomcat was donated by the creators of Java, Sun Microsystems. The Apache Software Foundation received the donation from Sun in 1999 and made Apache Tomcat one if it’s top-level projects in 2005. Apache Tomcat is used to power about 1% of the world’s websites.

There are other open source alternatives if you want a Java application server, including Glassfish, JBoss and Wildfly – these are often listed alongside Apache Tomcat.

Caching

Caching is about of storing copies of files in a temporary storage location in order to insure quicker access. CDN servers cache various content to reduce the latency, DNS servers cache DNS records to speedup lookup, browsers cache html/css/js and image files to rise the speed of website load.

CGI

CGI or Common Gateway Interface is an interface type for web servers to execute apps that execute like console applications running on a server that generates web pages in dynamical way. CGI program is an executable file, therefore there are a number of security measures you need to follow while using CGI programs. Most typical approach – CGI program will reside in a special directory ( with limited rights ) in order to let the web server to understand that the file is for execution only and not to display in the user’s browser.

htaccess

.htaccess is a system file with certain Apache web server configuration instructions. It provides ability to manage such configuration on the level of specific directory. There is a necessity of .htaccess usage when you don’t have access to the main server configuration file.

.htaccess file on an Apache web server lets you activate or deactivate things like your 404 page, set passwords or prevent others from linking to videos and pictures from 3rd party websites.

IIS

Microsoft is the company behind the Internet Information Services web server, or IIS. Like other Microsoft server products IIS runs on Windows, serving web pages to anyone who requests HTML files.

Functioning as a typical web server, IIS can take requests from client computers located remotely and respond by rendering the requested web page. It includes basic functionality which can let web servers deliver information across a number of different types of networks, ranging from local networks ( LANs ) in the case of intranets through to serving websites on the internet.

Of course, web servers work in different ways: a web server can send information to users in HTML, to be decoded by a web browser client or as a file which can be downloaded – these files can be images, text documents or anything else.

Portals and IIS

The IIS web server is a great way to deliver portals which businesses can use for many different needs. Yes, other web servers can operate as portals too and offer web applications that operate in the enterprise but it can be argued that IIS is an enterprise-ready platform for serving web applications.

Another way of delivering web applications would include Amazon Web Services or AWS, a platform operating in the public cloud and which users can easily administer using a portal located on a website.

For consumer use, streaming media is a typical example of the use of a web portal for delivering services as companies like Netflix (films) and Spotify (music) deliver content by making use of web servers.

How does IIS work?

Like most web servers, IIS utilises a range of standard protocols and programming languages to execute its server duties. On the one hand, IIS handles standard HTML to render text and images as well as interface elements such as buttons alongside interactions and behaviours and, of course, hyperlinks.

Needless to say, IIS also supports HTTP, HTTPS and FTP protocols. HTTP (hypertext transfer protocol) is the basic protocol which allows browsers and web servers to exchange content, and HTTPS or HTTP over SSL (secure sockets layer) is the secure version of HTTP which uses TLS, or Transfer Layer Security (or indeed SSL, secure sockets layer) to ensure that data is transmitted over an encrypted channel. FTP, of course, is the protocol that is commonly used for file transfers and IIS support FTP while also supporting the secure variant of FTP, FTPS.

ASP.NET Core is central to IIS

Active Server Pages (ASP) is the cornerstone of IIS and ASP.NET Core is the latest framework for ASP. In effect, ASP is a script engine that runs server-side to build interactive webpages, just like PHP. So, a browser would send a request to an IIS server across the internet. IIS in turn sends the request to ASP.NET Core. The request is then processed, and the result is sent back via the IIS server to the browser client that originally created the request.

All kinds of web applications can be written using ASP.NET. This includes popular uses like blog platforms alongside more advanced CMS-driven sites. There are numerous tools which enable developers to build IIS website, WebDAV is one of the most popular which helps developers create and publish content. More integrated development tools are also available, including Microsoft’s Visual Studio package.

The different versions of IIS

IIS has been around a long time so needless to say there is a long version history, and it’s worth noting that IIS has evolved alongside Microsoft’s popular operating system – Windows. The first edition of IIS, version 1.0, was included with Windows NT version 3.51. Version 4.0 of IIS was released with Windows NT 4.0, while IIS 5.0 came with Windows 2000 and indeed IIS 6.0 shipped with Windows Server 2003.

Windows Server 2008 included a major revision to IIS, version 7.0 with version 7.5 of IIS included with R2 of Windows Server 2008. As Windows 10 and Windows Server 2016 arrived Microsoft released IIS version 10.

Every release of IIS has, of course, included additional functionality and improved versions of existing functions. IIS 3.0 included the ability for ASP to execute dynamics scripts while IIS 6.0 included support for IPv4’s replacement, IPv6 plus important improvements in reliability and security. Furthermore, IIS 8.0 added the ability to adopt non-uniform memory access, as well as multicore scaling plus centralised support for SSL certificates as well as Server Name Indication.

What’s in IIS version 10?

Looking at IIS 10, we can confirm that it includes even more in terms of additional features and further security boosts. For example, IIS 10 supports the new edition of the HTTP protocol: HTTP/2 which offers reduced latency and lower resource usage compared to the commonly deployed HTTP 1.1.

IIS10 is compatible with Nano Server mode in Windows Server 2016, a minimal deployment model for Windows Server. It runs ASP.NET Core and can also deal with PHP and Apache Tomcat web applications – all in Nano Server mode.

Furthermore, IIS 10 can also operate both in a virtual machine and in a container which gives more flexibility to developers and administrators that choose to build apps with IIS 10. As a result, IIS 10 also accommodates a much broader range of web application types.

Using IIS in Express mode for testing

Testing websites is essential for a smooth launch and that’s why Microsoft offers an edition of IIS that is self-contained. It’s called IIS Express and developers can use IIS Express as a testing tool before they launch a website. Though IIS Express has the essential capabilities of the complete IIS edition, it does offer the unique ability to do a lot of things without the need for administrator-level privileges.

Security in IIS

Web servers are very vulnerable to security breaches and sysadmins need to make sure their web servers are protected by sufficient security measures. IIS has a range of features that can be activated to bolster its defences.

Administrators can make sure IIS is protected against attacks by taking some essential steps. For example, installing the necessary security patches for the Windows OS is a key start, and admins should also ensure that they disable any IIS features which are not necessary for running their sites, as disabling features renders the feature immune from attacks.

Consistent use of firewalls can help ensure the server is only sent valid packets while controlling the IP addresses and domains that can access a server also helps to lock matters down. URL authorization can help admins to set up rules for certain requests – including specifying how to deal with set URLs. For example, a sysadmin can set a URL authorization rule which means that only some users can see a page.

Logging also helps sysadmins because the can see who has accessed the server and vet these visitors. Finally, administrators should configure error pages so that only essential information is displayed about the error – error pages should never reveal usernames, the IP address of the server or any other data which can help hackers.

Comparing IIS and Apache

There are a number of core differences between IIS and Apache, starting with the fact that IIS comes with Windows which is a commercial product. Apache on the other hand is open source and can be used free of charge. Of course, IIS can only run on Windows – it does not run on Linux. Apache runs on a range of OS platforms, including OS X and UNIX variants, but it is best suited to Linux.

Developers who use .NET and ASPX will prefer IIS as the IIS platform integrates with these Microsoft technologies. IIS also offers commercial support from Microsoft’s help desk, while Apache administrators and developers are reliant on the user community for support.

Arguably the security options that is included in IIS makes IIS a safer choice when compared to Apache. Finally, the underlying tech used by IIS is widely compatible with all the usual web interfaces in use around the world.

Lighttpd

Like a lot of the most established web servers Lighttpd has been around a long time – in fact, Lighttpd rolled out in March 2003. Currently Lighttpd is behind about 0.1% of websites, and you can get a hold of Lighttpd via the BSD license as Lighttpd is distributed under BSD licensing conditions.

Even though Lighttpd powers only 0.1% of sites it does have its advantages: Lighttpd has a very low memory footprint and uses little in terms of CPU resources – Lighttpd is really optimised for speed. Like NGINX Lighttpd is also event-driven in the way it is built and can also cope with a large number of connections occurring in parallel.

Lighttpd also supports a range of additional features including Auth, output compression as well as the rewriting of URLs plus SCGI and FastCGI. Lighttpd has its use cases and is particularly popular with Ruby on Rails developers and with those using the Catalyst framework.

NGINX

At the start of this millennium a unique web server problem emerged: the C10K problem. In other words, how can a web server deal with ten thousand connections that are made to it concurrently? NGINX was the response to this question: developed in 2002, the first release of NGINX that was made public occurred in 2004.

Concurrency is a big issue and that’s why NGINX is second in line after Apache in terms of the number of web servers using it, with a little more than 30% of the websites on the internet making use of NGINX to serve web pages.

The architecture of NGINX is different from Apache, which is what makes it possible for NGINX to handle so many concurrent sessions: NGINX uses an event-driven architecture that is asynchronous to perform its magic. Because of the fact that NGINX can handle concurrent sessions using relatively little in resources it has become very popular with website administrators who appreciate the fact that NGINX scales easily.

NGINX is very flexible: you can deploy NGINX as a web server, but also as a load-balancer and NGINX can also operate as a proxy server. NGINX, just like Apache, has a community site that you can refer to over here

Softaculous

Softaculous is a script library that automates the installation of various applications on a website. It’s often implemented via control panels like Plesk, cPanel and DirectAdmin, and it supports more than 50 applications in its free version. You also get one-touch installation of more than 280 applications in its paid version.

SSI

A Server Side Includes (shortened to SSI ) is a type of HTML comment which tells the Web server to dynamically generate data for a webpage on request. For the example you may use include construction to show the same footer and header on multiple pages automatically.