A new year has begun and it’s the right time to take stock of the software that was popular over the past year. So here is a list of the top ten open source Web servers in 2019.
A Web server can refer to hardware or software, or both working together.
- On the software side, a Web server includes several parts that control how Web users access hosted files; at the minimum, it is an HTTP server. An HTTP server is software that understands URLs (Web addresses) and HTTP (the protocol your browser uses to view Web pages). It can be accessed through the domain names (like mozilla.org) of the websites it stores, and it delivers their content to the end user’s device.
At the most basic level, whenever a browser needs a file that is hosted on a Web server, it requests the file via HTTP. When the request reaches the correct Web server (hardware), the HTTP server (software) accepts the request, finds the requested document (if it doesn’t, then a 404 response is returned), and sends it back to the browser, also through HTTP.
Publishing a website requires either a static or a dynamic Web server.
- A static Web server, or stack, consists of a computer (hardware) with an HTTP server (software). We call it static because the server sends its hosted files as is, to your browser.
- A dynamic Web server consists of a static Web server plus extra software, most commonly an application server and a database. We call it dynamic because the application server updates the hosted files before sending them to your browser via the HTTP server.
The following are the main features of a Web server:
- Creates one or more websites.
- Configures log file settings, including where the log files are saved, what data is included in the log files, etc.
- Configures website/directory security. For example, based on requirements and subsequent configuration, the Web server either allows or prevents a particular website being viewed, as well as which IP addresses are/aren’t allowed to view the website, etc.
- Creates an FTP site.
- Creates virtual directories, and maps them to physical directories.
- Configures/ nominates custom error pages. This allows the users to build and display user friendly error messages on the website.
- Specifies default documents, which are displayed when no file name is given. For example, it specifies which files should be displayed if the user opens http://localhost. This is typically index.html or something similar, but it doesn’t need to be.
Web servers have come a long way since the CERN httpd was developed by Tim Berners-Lee in 1990, as part of the project that resulted in the first Web browser. Some of the leading providers of Web servers provide closed source options for corporations, but many are still open source (based on Linux). Some Web servers are designed for certain special needs, some receive updates frequently, some are designed for certain technologies only, and some are known for their stability-cum-security because of the latest updates.
This article lists out the top ten open source Web browsers in 2019.
Apache HTTP is an open source, cross-platform Web server software, released under the terms of Apache License 2.0. It is developed and maintained by an open community of developers under the Apache Software Foundation. It powers around 46 per cent of the world’s websites. It works on a large number of operating systems, including Linux, FreeBSD, Solaris, Windows, MacOS X, Novell Netware, OS/2, and so on (and probably any UNIX-like system).
Apache supports a variety of features, many implemented as compiled modules which extend the core functionality. These can range from authentication schemes to supporting server-side programming languages such as Perl, Python, Tcl and PHP. Popular authentication modules include mod_access, mod_auth, mod_digest, and mod_auth_digest, the successor to mod_digest. A sample of other features include Secure Sockets Layer and Transport Layer Security support (mod_ssl), a proxy module (mod_proxy), a URL rewriting module (mod_rewrite), custom log files (mod_log_config), and filtering support (mod_include and mod_ext_filter). Popular compression methods on Apache include the external extension module, mod_gzip, implemented to help with reducing the size (weight) of Web pages served over HTTP. ModSecurity is an open source intrusion detection and prevention engine for Web applications. Apache logs can be analysed through a Web browser using free scripts, such as AWStats/W3Perl or Visitors.
Virtual hosting allows one Apache installation to serve many different websites. For example, one computer with one Apache installation could simultaneously serve example.com, example.org, test47.test-server.example.edu, etc.
- Loading of dynamic modules, handling of static files, index files, auto-indexing and content negotiation.
- IPv6 and HTTP/2 support.
- Custom logging and rotation, IP address-based geo location, user and session tracking, concurrent connection limiting, CGI support, FTP and XML support.
- URL rewriting, fine-grained authentication and authorisation access control.
- Fault tolerance and failover handling, and multiple load balancing mechanisms.
Latest version: 2.4.41
Official website: https://httpd.apache.org/
Apache Tomcat, an open source Web server written in Java, was designed by the Apache Foundation with the credit of invention given to James Duncan Davidson, a software architect. It is termed an open source implementation of the Java-Servlet, JavaServer Pages, Java Expression Language and WebSocket technologies. Apache Tomcat software powers numerous large-scale, mission-critical Web applications across a diverse range of industries and organisations.
Tomcat is made up of multiple components — Catalina, Coyote, Jasper, Cluster, etc. Catalina is termed as Tomcat’s servlet container. Coyote is the connector component for Tomcat that supports HTTP 1.1. as the Web server, allowing Catalina, nominally a Java servlet or JSP container, to also act as a plain Web server that serves local files as HTTP documents. Jasper is Tomcat’s JSP engine. It parses JSP files to compile them into Java code as servlets that can be handled by Catalina. The Cluster component is added to manage large applications. It is used for load balancing, which can be achieved through many techniques. Clustering support currently requires the JDK version 1.5 or higher.
- Lightweight and highly flexible.
- Very stable and has an extra level of security.
- Well-documented and the most widely used Java application server.
- Supports HTTP/2, OpenSSL for TLS support with the JSSE connectors.
- Support for TLS virtual hosting, Web application memory leak protection and detection.
- Advanced IO capabilities and refactored clustering.
Latest version: 9.0.30
Official website: https://tomcat.apache.org/
Nginx is a free and open source Web server based on a BSD-like licence. It is also an HTTP and reverse proxy server, mail proxy server and a generic TCP/UDP proxy server. It has been designed by Igor Sysoev. Nginx is capable of handling more than 10,000 simultaneous connections with a very low memory footprint of about 2.5MB. This is all possible due to its asynchronous, event driven nature. Nginx supports a large number of Web server languages, but it doesn’t have any native support and thus third-party modules have to be used; for instance, it requires PHP-FPM to be installed separately to process PHP scripts. Even though Nginx is used as a standalone Web server, nowadays many developers use it as a static content server in front of the actual server. Some sites dynamically handle the requests at the back-end, and cache them for Nginx to serve when the content is requested by the user.
Nginx can be deployed to serve dynamic HTTP content on the network using FastCGI, SCGI handlers for scripts, WSGI application servers or Phusion Passenger modules, and it can serve as a software load balancer.
There are two versions of Nginx — OSS Nginx and Nginx Plus. The latter offers additional features not included in OSS Nginx, such as active health checks, session persistence based on cookies, DNS-service-discovery integration, a cache purging API, AppDynamic, Datalog, Dynatrace New Relic plugins, Active-Active HA with configuration synchronisation, on-the-fly (with zero downtime) updates for upstream configurations, as well as key value stores using the Nginx Plus API and Web application firewall (WAF) dynamic module.
Nginx was designed to outperform the Apache server by serving static files, using less memory and handling four times as many requests per second.
- Handles 10,000 concurrent connections with low memory; handles static, index files and offers auto-indexing.
- Name- and IP address based virtual servers.
- IPv6 compatible.
- Supports TLS/SSL with SNI, offers OCSP stapling support, gRPC support and HTTP/2 support.
- Configuration upgrade and execution is done without client connection loss. Supports SMTP, POP3 and IMAP proxy.
- Reverse proxy with caching.
- Modular architecture: Filters include gzipping, byte ranges, chunked responses, XSLT, SSI, and an image transformation filter. Multiple SSI inclusions within a single page can be processed in parallel if they are handled by proxied or FastCGI/uwsgi/SCGI servers.
Latest version: 1.17.6
Official website: https://www.nginx.com/
H2O Web server
H2O is a new generation HTTP server that has full-featured HTTP/2 implementations of all the current Web servers in use. With H2O as the Web server, users can take advantage of new features of the HTTP/2 specifications, like latency optimisation, server-push and server-side prioritisation, which can take advantage of modern browser features that are seldom talked about. H2O is powered by libh2o, which contains all the Web serving power of H2O itself. libh2o is also packaged separately for third party use. It is MIT licensed. H20 is written in C and can also be used as a library.
- Supports HTTP 1.0/1.1/2.0, Websocket and TLS.
- Supports TCP Fast Open, FastCGI, reverse proxy.
- AEAD ciphers, OCSP stapling, mime-type configuration, forward secrecy, chunked encoding.
- Server push, negotiation methods: NPN, ALPN, upgrade, direct.
Latest version: 2.3.0
Official website: https://h2o.examp1e.net/
Caddy is an open source, HTTP/2 enabled Web server, designed by Matthew Holt and written in the Go language. It is a strong alternative to Apache Web Server. It is easy to configure and use, and is loaded with the latest features like IPv6, Markdown, WebSockets, FastCGO, templates and other out-of-the-box features. Caddy activates HTTPS by default for sites with qualifying domain names (names for which a TLS certificate can be negotiated via the ACME protocol) and redirects HTTP requests to HTTPS. It obtains certificates as needed during startup and keeps them renewed during the lifetime of the server.
An alternate configuration method allows Caddy to obtain certificates only as needed during TLS handshakes rather than at startup, a feature dubbed as ‘on-demand TLS’. To enable this feature, the user must specify a maximum number of certificates that can be issued this way. It is available for Windows, MAC, Linux, BSD, Solaris and Android.
- Fast HTTP requests, minimal configuration with fast deployment.
- No installation, portable executables, and runs on multiple CPUs/cores.
- Supports IPv6, creates login custom format.
- Serves FastCGI, has reverse proxy, rewrites and redirects, clean URL and Gzip compression, directory browsing, virtual hosts and headers.
- Supports VirtualHost, load balancing with health checks, URL rewriting, basic access authentication, Gzip compression, file browsing, QUIC, etc.
Latest version: 2.0 beta 12
Official website: https://caddyserver.com/
Lighthttpd is “a secure, fast, compliant, and very flexible Web server that has been optimised for high-performance environments.” It has a very low memory footprint compared to other Web servers and takes care of CPU load. Also called Lighty, it is an alternative to Apache Web Server.
The configuration file is /etc/lighttpd/lighttpd.conf, while the standard directory for files is /var/www/localhost/htdocs/.
Its advanced feature set (FastCGI, CGI, Auth, output-compression, URL-rewriting and many more) makes Lighttpd the perfect Web server software for every server with load problems.
- Supports TLS/SSL with SNI via OpenSSL, server-side.
- Flexible virtual hosting, chroot support, authentication against LDAP server.
- Supports modules, WebDev, servlet, HTTP compression using mod_compress and the newer mod_deflate.
- URL rewriting and efficient event notification schemes like kqueue and epoll.
Latest version: 2.0
Official website: https://www.lighttpd.net/
LiteSpeed Web Server (LSWS)
LiteSpeed Web Server (LSWS) is, as its name suggests, a lightweight Web server developed by LiteSpeed Industries Inc. and is compatible with commonly used Apache features, including mod_rewrite, .htaccess, and mod_security. LiteSpeed has become fairly popular and is capable of handling thousands of concurrent connections despite having a smaller memory. The purpose of introducing this Web server was to read Apache configuration files. However, according to the company, a single LiteSpeed server is capable of handling data equivalent to two Apache servers.
LSWS 5.0 was the first popular Web server to support HTTP/2. An add-on with the 5.0 version is LiteMage Cache, which is a full page caching solution to enhance the speed of Magneto stores. It is available as a free version as well as a paid option. LiteSpeed Web Server is a high-performance, highly scalable Web server. LSWS can load Apache configuration files directly and works as a drop-in replacement for Apache while fully integrating with popular control panels — replacing Apache in less than 15 minutes with zero downtime. Unlike other front-end proxy based solutions, LSWS replaces all Apache functions, simplifying usage and making the transition from Apache easy, while also allowing your team to move confidently with little or no retraining.
- Supports HTTP/2, QUIC and HTTP/3.
- ModSecurity and Control Panel compatible, CloudLinux integration, Apache drop-in replacement.
- HTTPS / TLSv1.3 certificate, mass hosting support, zero downtime maintenance, fastest PHP, Ruby + Python app server.
- SSL handshake offloading, LSCache engine with ESI.
Latest version: 5.4.1
Official website: https://www.litespeedtech.com/products/litespeed-web-server
Jetty is an open source project providing an HTTP server, HTTP client and javax.servlet container capable of serving static and dynamic content either from a standalone or embedded instantiation. From Jetty-7 onwards, the Jetty Web server and other core components are hosted by the Eclipse Foundation.
Jetty is a lightweight, highly scalable Java based Web server and servlet engine. The primary objective is to support Web protocols like HTTP, HTTP/2 and WebSocket with high-volume low latency, providing maximum performance while retaining the ease of use and compatibility that’s come from years of servlet development. Jetty is a modern, fully async Web server, which has a long history as a component-oriented technology that’s easily embedded into applications while still offering a solid traditional distribution for Web app deployment.
Jetty has been designed for scalable performance under realistic loads of many simultaneous connections. It can achieve excellent results with many tens of thousands of HTTP connections and hundreds of thousands of simultaneous WebSocket connections. These benchmarks have been developed using real applications under realistic loads, and have been validated by real users achieving the same results in production environments. Unlike other Web server packages, Jetty has a remarkably small footprint. This allows both developers and administrators to deploy Jetty in their environments without worrying about unwanted overhead or memory usage. A small memory footprint also allows you to run more instances of the server on virtual hardware, which is often memory constrained, making Jetty very cloud friendly.
Jetty is used in products such as Apache ActiveMQ, Alfresco, Scalatra, Apache Geronimo, Apache Maven, Apache Spark, Google App Engine, Eclipse, FUSE, iDempiere, Twitter’s Streaming API and Zimbra. Jetty is also the server in open source projects such as Lift, Eucalyptus, OpenNMS, Red5, Hadoop and I2P.
- Asynchronous, flexible and extensible.
- Enterprise scalable, yet has a small footprint.
- OSGI, JNDI, JMX, JASPI and AJP support.
- Supports HTTP/2, WebSocket server, Java ServletAPI with JSP.
Latest version: 10.0.0
Official website: https://www.eclipse.org/jetty/
Cherokee is an extremely lightweight, efficient, fast, flexible, open source cross-platform Web server that runs on Linux, BSD, Solaris, OS X and Windows. It provides strong support for a wide range of technologies – FastCGI, SCGI, PHP, CGI, SSI, TLS and SSL encrypted connections, VirtualHosts, authentication, load balancing and Apache compatible log files. It handles concurrent connections on low memory, and enhances hardware performance with an easy-to-use GUI interface.
It has a completely new modular architecture with a neat and clean code base. Cherokee can be modified, updated and even extended to anything. It provides strong administration with wizards to configure the Web server to perform specific tasks or run frameworks and applications. These provide support for PHP through FastCGI, Ruby on Rails, ColdFusion, GlassFish, Django, Alfresco, GNU Mailman, .NET with Mono, rTorrent, Symfony, and Zend Engine, plus generic video streaming and uWSGI.
- Reverse HTTP proxy, traffic shaping, authentication via htdigest, htpasswd, LDAP.
- MySQL, PAM, plain and fixed list.
- Server side includes (SSI) and on the fly gzip and deflate compressions.
- Chroot support, RRDtool statistics and the ability to launch Web applications on demand.
- Supports video streaming, content caching, etc.
Latest version: 1.2.103
Official website: https://cherokee-project.com/
GlassFish is an open source application server project started by Sun Microsystems for the Java EE platform, later sponsored by Oracle Corporation, and now hosted by the Eclipse Foundation and supported by Payara, Oracle and Red Hat. GlassFish is free software and was initially dual-licensed under two free software licences: the Common Development and Distribution License (CDDL) and the GNU General Public License (GPL) with the classpath exception.
GlassFish supports Enterprise JavaBeans, JPA, JavaServer Faces, JMS, RMI, JavaServer Pages, servlets, etc. This allows developers to create enterprise applications that are portable and scalable, and which integrate with legacy technologies. Optional components can also be installed for additional services.
In fact, GlassFish is more than just a generic Java EE application server. It’s the reference implementation of the Java EE standard. This means that GlassFish is used to showcase Java EE capabilities, and it gets contributions from the same people who define Java EE standards. Therefore, GlassFish will always support the latest Java EE features first.
GlassFish server supports Java EE 7, which provides the basis for delivering dynamic and scalable hypertext language applications. For example, the Java API for WebSocket allows bi-directional low-latency communication, while the Java API for JSON processing simplifies information analysis for transportable applications. The Java API for RESTful Net Services 2.0, the performance utilities for Java EE and Servlet 3.1, add competency options to change extremely scalable applications to handle additional HTML5 buyers at the same time. The modular design of GlassFish is based primarily on the standards of the OSGi Alliance and ensures that the GlassFish server only starts with the modules than the square footage required for application that only measures the measurement. As a result, the boot times and the memory consumption decrease.
- Lightweight and extensible core, based on OSGi Alliance.
- Web container with easy-to-use admin console.
- Highly available clustering and load balancing.
Latest version: 5.1
Official website: https://www.oracle.com/middleware/technologies/glassfish-server.html