lua-users home
lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

On Mon, 28 Sep 2009, David Given wrote:

> Petite Abeille wrote:
> - doesn't play nicely with a third-party web server; you either end
> up having to run two outward-facing servers on a single box, or else
> have your main web server proxy to the CMS server, which is usually
> a pain;
Most setups don't work this way, instead one server is negotiating if it
is static and serves the file or dynamic and pipes it through to the
application server it proxies on some other port. That aaplication
server itself speaks HTTP of cause and does the actual parsing and
routing(url to entry point) etc. There are lots of benefits to have a
tightly coupled Http server with your application. Most APIs require to
copy requests in memory which creates overhead. A tightly coupled server
can pass references instead. While the proxying behind some well proven
server, be it nginx or Apache creates some complexity for a single
machine setup it also has a few great advantages:
 - Basic scaling is a as simple as setting up another machine with just
   one application server proxied through the main machine
 - For development people don't have to resemble production environments
   with apache and module configuration, the embedded httpserver is
   sufficient for application development
 - applications with embedded servers are in many cases well
   encapsulated and can live in a single directory, without any
   dependencies to the system they are deployed on. That means it's
   simple to pack them up and mov'em to another machine. The more self
   contained an application is the simpler and less error prone the
   deployment process is. Sysadmins will love it.

> - HTTP ain't as simple as at looks, particularly when dealing with
> stuff like multipart, transfer encoding, negotiating compression and
> so on; targeting something like WSAPI makes all these problems go
> away, as the main web server does it for you;
Yes, writing your own HTTP engine, which is evidently what the op wants
to do is not trivial, but it has the advantage of potentially tight
coupling to the application at lower costs.

> - having two HTTP servers means that you've double the chances of
> exposing a security flaw to the outside world; WSAPI nicely isolates
> you from the web server proper, making it very easy to run your
> client code at reduced privileges;
As written to the first point, in many cases only one server will face
the outside world. The embedded server will listen to localhost only(if
deployed onto the same machine). Client code can run as a dedicated
user, there is no privelidge isssue since all communication happens
across a socket via HTTP.

> I have actually in the past implemented a web app using my own mini
> HTTP server. This was before I knew about Lua, so I actually did it
> in LambdaMOO code. It *worked*, but if I'd known in advance what a
> pain it would be, I wouldn't have done it like that...
Sounds like a fun project though and you learnt a lot from it.