0

I have a requirement to run a Java based web server on port 80. The options are:

  • Web proxy (apache, nginx, haproxy etc.)
  • xinet
  • iptables
  • setuid

The baseline would be running the app using setuid but I'd prefer not to for security reasons. Apache is too slow and nginx doesn't support keep-alives so new connections are made for every proxied request.

xinet is easy to set up but creates a new process for every request which I've seen cause problems in a high performance environment.

The last option is port forwarding with iptables but I have no experience of how fast it is.

Of course, the ideal solution would be to do this on a dedicated hardware firewall / load balancer but that's not an option at present.

At the moment, the setup is all on the same box which is why iptables should work.

Load is as follows approximately 2500 very short lived http requests per second that need to have a maximum latency of 50ms with... say at least 25 milliseconds for the app to return a response.

user44384
  • 129
  • 7

4 Answers4

1

iptables works within the kernel itself which means that it will be much faster than delegating to a userland proxy.

Ignacio Vazquez-Abrams
  • 45,939
  • 6
  • 79
  • 84
1

Can you describe your setup? I don't quite understand if everything resides on one server or if you have a separate gateway and web servers.

But yes, HAproxy indeed. Best suited for balancing to more than one web servers. I use it for http and smtp balance.

w00t
  • 1,164
  • 3
  • 19
  • 35
0

Other options maybe pound or haproxy

lg.
  • 4,649
  • 3
  • 21
  • 20
0

I wouldn't be 100% if iptables performance will be faster than other solutions. Any rule in iptables chains will be mached agains all the trafic while userland proxy will be triggered on ly on new connections.

My advise: Test and benchmark it.

dpc.pw
  • 173
  • 3