Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Performance / Load / Security Question

Status
Not open for further replies.
smah

smah

MIS
Sep 4, 2002
9,396
0
0
US
Consider the scenario of a front-end & a back-end linux servers. The back-end server contains static content (plain old files) that need to be presented to the internet. Does anyone know which will give better performance and/or be a lighter load on the front end server? And, is one case better than the other from a security standpoint?

Case 1: Back-end server using NFS to provide content. Front-end server simply mounts the NFS share to the local filesystem & apache treats the content as local.

Case 2: Back-end server using apache to provide its local content. Front-end server uses reverse proxy to get the content from the back-end web server.

My guess is that Case 1 will better performing under heavy client load conditions, but Case 2 will be better performing under light client load conditions. However, I have no good way to test this to see if I'm right. What does everyone think? From a security standpoint, I'm not sure there's a big difference (as long as the NFS share is mounted as read-only), but I would think that Case 2 might be a little better because the content is really not even on the front-end machine if it were comprimised.
 
Sort by date Sort by votes
Hi Smah,

Using NFS isn't the best idea, purely because of its reliability and performance. Under heavy load you would certainly notice problems.

I've seen it used sucessfully on smaller installs but i would never recommend it.

Ideally, ensure that the FE machine is secured by a Firewall, ensure Apache is well configured - unused modules turned off etc - run a 'pmap -x PID' - PID being the process id of httpd. This will show you whats running on the process and can prove handy in cutting bulky unused modules down.

Reverse proxy is possibly a better idea but its still not ideal. Its almost a sticky-tape kind of solution, it may be better to put the content on the FE anyway but secure it properly - is the content dynamic (i.e. php) - if its purely static html that your serving to the world then a breach meaning stolen content shouldn't be the biggest issue to worry about.



I wish someone would just call me Sir, without adding 'Your making a scene'.

Rob
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

AbidingDude
  • Locked
  • Question
Newbie Apache Cache Question
Replies
5
Views
114
AbidingDude
AbidingDude
johngiggs
  • Locked
  • Question
Regex Question
Replies
1
Views
50
johngiggs
johngiggs
jponnusa
  • Locked
  • Question
Unable to Configure Apache HTTP Server for Physical Load Balance's VIP
Replies
2
Views
71
SamBones
SamBones
ksreeejith
  • Locked
  • Question
Apache Performance Turning for high traffic site
Replies
1
Views
47
SamBones
SamBones
Argonto
  • Locked
  • Question
2 Server Load Balancing and Fail-over Protection (Windows 2008 w/ xampp Apache)
Replies
2
Views
67
vacunita
vacunita

Part and Inventory Search

Sponsor

Back
Top