[nycbug-talk] apache stability
ike at lesmuug.org
Sat Jan 22 23:46:43 EST 2005
On Jan 22, 2005, at 10:55 PM, steve wrote:
> Hi all
> In your opinion is apache2 ready for production use, am looking at a
> setup that includes php, perl, and ssl.
This topic is hard to give a definitive answer about- it's worth
discussion, and I'll throw out my experiences with it-
Basically, Apache2 is solid software, but it's initial
production/stable debut was riddled with a few massive security holes
that left me (and lots of folks) shaky- sucked hard to go back when I
was already in the process of updating/migrating all the systems I was
currently working in...
On the other hand, it *is* the Apache which the Apache foundation is
sitting on as the 'live' branch, though there is still a lot of ongoing
work for 1.3.x, insomuch as half the world runs it still...
I'd like to see the world get over and move to 2.x, insomuch as I found
it to be filled with smart and elegant features- and nicer ways to go
about many things- (mod_ssl is default module, for example). In
addition, on some platforms and under particular loads, the
multiprocessor (threaded) compile-time modules provide INSANE
performance if applied in the right context.
On the other hand, 1.3.x, if your doing standard stuff, (like it sounds
like you are), is still likely the simplest to manage, insomuch as
there's years of relevant docs and info online for 1.3.x, within nearly
every tech. culture online. Hard to move away from what I feel is one
of the most widely supported Open Source softwares, supported by the
masses of the world using it.
So with that, I guess I didn't really provide any definitive answer,
but hope this helps you make your decision more sanely... (Personal
note, I'm running 1.3.x in all but one production box I administer, and
that 1 box has special requirements that are met by Apache2's ability
to re-write incoming headers [for proxy] - here's a somewhat ancient
article on that particular setup, for the record
More information about the talk