Appweb™ — for Dynamic Web Applications

Appweb is an embedded web server for the efficient hosting of web applications and frameworks. It is blazing fast and has an extensive set of features. Appweb is optimized for hosting dynamic web applications via an event-driven, multi-threaded core to deliver rapid response, fast throughput and effective memory utilization. It is compact and will embed using as little as 800K of memory.

Appweb has a strong set of features including: SSL, TLS, basic and digest authentication, virtual hosting, loadable modules, Apache style configuration, PHP, Ejscript, CGI, sandbox resource limits, logging, angel monitoring process and extensive conditional configuration and compilation controls.

As one of the most widely deployed embedded web servers, Appweb is being used in networking equipment, telephony, mobile devices, consumer and office equipment as well as hosting for enterprise web applications and frameworks. It runs equally well stand-alone or in a web farm behind a reverse proxy such as Apache.

Appweb Benefits and Features:

• Rapid Development. Appweb is the easiest and most cost-effective way to create dynamic web applicatoins. The Ejscript web framework for server-side JavaScripting and Apache compatibile configuration and logging means a lower learning curve. Coupled with the robust and secure Appweb web server and your post-release maintenance costs will be much lower as well.

• Minimal Resource Requirements. Appweb is exceptionally fast (over 4,500 HTTP requests per second) and compact (from 800 KB). It demands minimal resources from your system so your system can devote vital system resources to running your applications.

• Flexible Development Environment. Appweb is highly modular so you can choose the features you wish. It supports both run-time module loading and extensive compile time controls for those who wish to rebuild from source.

• Security and Reliability. Appweb is the most widely deployed embedded web servers with a large body of users testing and hammering on the code. It has an extensive regression test suite that stresses the product well beyond the limits encountered in normal operation. Secure Socket Layer (SSL/TLS), digest and basic Authentication and sandbox directives all limit exposure to potential attacks.

• Performance. Fastest performance in its class with an event-driven, multi-threaded core. Uses arena-based memory allocator to prevent memory leaks and offer the highest performance. Over 4500 requests per second on a PC class device. Memory footprint from 800K.

• Standards Compliance. Appweb supports HTTP/1.0, HTTP/1.1, CGI/1.1, SSL RFC 2246, HTTP RFC 2617. The Ejscript web framework supports ECMA-262, ECMA-357.

• Portable. Appweb has been ported to Linux, Windows, Mac OSX and Solaris and support the following CPU architectures: ARM, MIPS, i386/X86/X86_64, PowerPC, SH and Sparc

Target Uses

Embedded Device Applications

When used in embedded devices or applications, web servers must assume they are secondary to the essential functions the device or application must perform. As such, the web server must minimize its resource demands and should be deterministic in the load it places on a system.

Appweb excels in this regard and is:

• Fast and compact with a small memory footprint (from 800K).
• Easily embedded via a one line API.
• Easy to configure and administer — via an Apache compatible configuration and extensive build time configuration options.
• Secure by design and by default.
• Minimal in its demand on system resources — via configurable resource limits.

Web Applications Behind Reverse Proxies

Ruby and PHP have transformed the landscape for developing web 2.0 applications. They have made many tasks easier, but deploying these applications has not been quite so smooth. The "dirty-little-secret" about using these web frameworks is that deployment is often messy and difficult.

CGI, FastCGI, Mongrel-Clusters ... many solutions have been tried. More recently, the best solution is emerging — to deploy these applications behind a reverse proxy. This permits the front-end web server to exclusively serve static content and route the incoming requests. The back-end can then focus on actually running the application.

Appweb is an ideal back-end web server in this scenario for running web applications. Because Appweb is a fast, multi-threaded, event-driven server, each Appweb instance can host several web application sessions for maximum efficiency and minimal memory footprint. Due to its Apache compatible configuration file, you don't have to learn a whole new configuration setup. Using this configuration, you will lighten the load on your web installation, provide better response to clients and simplify your configuration.

Goals and Non-Goals

The goal of Appweb is to create the best web server for hosting web applications and frameworks whether they be embedded device applications or enterprise applications behind a reverse proxy. This requires that Appweb be:

• Robust and secure
• Efficient with memory
• Fast with low latency
• Easy to configure and manage

Non Goals: Appweb was designed to handle small loads exceptionally well. An explicit goal was NOT to create a single, monolithic, highly scalable web server, like Apache, Rather Appweb is designed to host the applications that will serve those users running behind Apache as a reverse proxy.

Appweb Internals

The core of Appweb is an event-driven, multi-threaded HTTP pipeline above which modules are loaded to provide content specific handling and to extend its functionality.

Appweb has the following feaures:

• High performance multi-threaded core.
• Modular architecture with dynamic module loading.
• Request oriented memory allocator for fast allocations and to eliminate memory leaks.
• Portable runtime layer to isolate platform dependencies.
• Sandboxing to limit resource consumption for more robust operation.
• Safe programming layer to prevent buffer overrun exploits.
• Apache compatible configuration.
• Extensive logging and debug trace.

Request Pipeline

Appweb has an efficient, zero-copy request pipeline to process requests and generate responses. This consists of a mechanism of queues, packets, buffering and event scheduling. The pipeline architecture is highly optimized and uses sendfile, async I/O and vectored, scatter/gather writes to the network to avoid the costly aggregation of data and headers in a single buffer before writing to the network.

Security

Most web servers have become more secure by a painful process of discovery. While it is no guarantee, developing a web server to be secure by design is easier than trying to engineer-in security after the fact. Securing embedded web servers is even more difficult, as it must be done without increasing memory footprint or degrading performance.

Embedthis Portable Runtime (MPR)

Appweb is designed to be secure from the foundation up, by using a secure Portable Runtime (MPR). The MPR is a cross-platform layer that permits over 97% of the Appweb code to be portable. It includes many mechanisms to assist in the creation of secure application. One such facility is a safe string and buffer handling module to help eliminate buffer overflows that have plagued many products.

Sandboxing

Appweb closely controls its use of system resources via a technique known as "sandboxing". This means running the web server within tightly controlled limits so that request errors will not compromise system operation. Appweb has also been hardened against several common denial of service attacks.

Appweb can be configured to:

• Preallocate memory and not grow beyond predefined memory limits
• Reject requests that are too large
• Reject URLs that are too long
• Run single-threaded or use a limited pool of reusable threads to service requests
• Be run by a designated user account or user group

To build on this foundation, Appweb also provides a Secure Sockets Layer and Digest authentication.

Open Source and Free

Appweb uses an Open Source development model where a community of developers contribute toward making Appweb the leading embedded HTTP web server. Products are licensed under the GNU open source license and are provided with full source code. Embedthis Software has generously provided infrastructure, developers and funding to make this possible. Embedthis sells commercial support and licenses for Appweb.

Want More?

To learn more about Appweb, please read:

• Appweb Architecture
• Appweb Download
• Appweb Support Forum
• Embedthis Web Site for Commercial Licenses and Support
• Appweb Documentation