Web Ten -- A New Standard in Web Service
Web Ten is a powerful Web server for Power Macintosh. Web Ten is based on the most popular Web server in use today -- the highly acclaimed Apache Web server, developed by the Apache Group for use in the Apache HTTP server project ( http://www.apache.org/ ).
Tenon's unique technology enables the Apache Web server to run in an "invisible UNIX wrapper" on the Macintosh Operating System (Mac OS). Tenon's "UNIX virtual machine" creates a preemptive multitasking environment for the industrial-strength, secure Apache Web server. Apache has been extended in a number of ways to give Macintosh users the best of both the Macintosh and UNIX worlds.
Tenon has extended Apache to support WebSTAR Plug-In APIs and AppleScript CGIs. So, with Web Ten you can use standard internet plug-ins, as well as Apple-specific plug-ins. You can use shell, Perl, and binary CGIs, as well as Apple CGIs. In fact, Web Ten supports the widest selection of plug-ins and CGIs of any known Web server.
Web Ten is easy to install, easy to set up, and easy to administer. The Web-accessible interface allows local or remote administration using any Web browser. Web Ten can be configured from anywhere in the world. No special administration tools are needed on the remote site. No special administration agent is required on the server.
Tenon's powerful TCP stack lets Web Ten support "true" internet-style virtual hosting. Apple's OpenTransport can be used in place of Tenon's TCP stack, or in combination, giving users the most flexibility for their internet and intranet servers.
Other features unique to Web Ten include the ability to use SSL to support secure transmission for multiple virtual hosts on a single machine, integrated FTP and NFS services for uploading or offloading Web content, and built-in domain name service.
Tenon has taken advantage of advanced caching techniques from the Harvest ARPA research project. A derivative software package called "Squid" has been incorporated into Web Ten . Integration of Squid with Apache provides high-performance object caching that further improves Web Ten 's top performance. By using Squid object caching, Web Ten can process 65,000 hits per minute, or more than 90 million hits per day.
Web Ten fuses the world's most popular Web creation platform with the world's most popular Web server. Apple and Apache -- a new standard in Web service for Macintosh.
Web Ten Architecture
Web Ten is more than simply a port of Apache software to the Macintosh. Web Ten extends several Apache and Macintosh system components and, at the same time, brings new and exciting state-of-the-art networking technology to the Macintosh.
Creating a new standard in Macintosh Web service did not simply revolve around the creation of a new and more powerful Web server. It required a series of new or alternative system components, in addition to Apache, to make the system more powerful, flexible, and easy to configure.
The first step in creating Web Ten was porting Apache to the Macintosh. This was made possible by Tenon's "UNIX virtual machine" technology, making an Apache port to Macintosh a reality for the first time. Apache was then extended in two dimensions. First, an Administration Server was created to support Web browser-based configuration and maintenance. This gave Apache a point-and-click configuration capability. Next, Apache was extended to support Apple WSAPI-defined CGI and plug-in extensions. As a result, Apple CGIs and plug-ins that work on other Macintosh Web servers will simply "drop in" to Web Ten . (See See WebTen Architecture.)
Tenon enhanced Apache's performance by using state-of-the-art caching techniques and fine-tuning Web Ten 's TCP stack, and extended Web Ten 's functionality by including a key set of internet and networking services.
Apache Design
A basic understanding of the Apache architecture will enable you to appreciate the power of Apache and fully benefit from the various Web Ten displays. Older UNIX Web servers (namely the ones from NCSA and CERN) generated clone servers to handle incoming HTTP requests. The main Web server listened for incoming requests on the httpd port and generated a clone server for each request. Under this setup, there was no way to control the number of clones other than by limiting the total number of processes supported by the system.
The Apache designers had a better idea -- a large body of persistent "children" running in parallel, coordinated by a parent process. The parent process is able to initiate and terminate children and to control the number of children that are alive. One of Apache's strengths is its tunability. A Webmaster can stipulate the number of persistent children at system startup, and control the number of children that are available at any point in time to respond to requests.
The number of allocated children threads is dynamically set by Web Ten as a function of peak loads from system startup. The Web Ten Web Server Status Window displays the allocated children threads versus the active children threads at any instance in time. (See section See Web Server Status.)
Squid Object Caching
Web Ten incorporates an object cache module that dramatically increases overall performance. It is well known that many Web servers serve a relatively small number of pages many times. Rather than perform full Web service calculations and production for each page, as all Apache Web servers do, Web Ten uses an object cache to intercept repeated requests for the same page and to produce a copy of the page directly from a local memory or disk cache. Another advantage provided by internet object caching is a way to store requested internet objects (URLs, FTP requests, gopher requests) on a system closer to the requesting site than the source. Web browsers can use the local cache as a "proxy server", thereby reducing access time and bandwidth consumption. This technique greatly reduces system overhead and increases performance.
The Web Ten object cache module is based on the Squid Object Cache software ( http://squid-cache.org ). Squid is derived from the ARPA-funded Harvest project. The Harvest cache has been shown to outperform other popular internet cache implementations by an order of magnitude. In addition, pairing the Harvest cache with HTTP servers has been shown to increase the server throughput by an order of magnitude. Web Ten 's object cache is based on this state-of-the-art technology.
The Harvest project spawned a number of commercial and research efforts. For example, Netscape's Catalog Server, a key component of the Netscape Suite Spot, is based on the Harvest design. Squid, a publicly available body of software developed by a community of world-wide internet researchers, incorporates the Harvest cache software. Duane Wessels of the National Laboratory for Applied Network Research (funded by the National Science Foundation) leads the code development.
The Squid Object Cache module sits between the Web Ten Apache Web server module and the Macintosh network interfaces, where it is able to monitor inbound network requests for Web service. Each request is examined for the possibility of dynamically caching the Apache response in the local object cache. As time passes, the object cache module contains an increasingly larger variety of previously requested Web data. When a new request is found that matches a previously cached request, the object cache responds directly, without involving the Web Ten Apache Web server module. Using this technique, requests for many Web pages can be given a priority response directly from the object cache. This has the effect of greatly increasing the overall operation of the Apache module, freeing it to process more complex or dynamic requests in parallel.
Unlike traditional caching software, Squid handles all requests in a single, non-blocking, I/O-driven process. Squid keeps meta data and especially hot objects cached in RAM. As Web Ten starts, Squid caching is enabled by default. Measurement of the Squid cache, like the Harvest cache, suggests an order of magnitude performance improvement over standard Web servers and other caching software. The Squid cache serves as an httpd accelerator for Web Ten .
Enhanced Networking
Web Ten includes an alternative TCP/IP networking protocol implementation. Incorporation of the new protocol software provides for enhanced internet performance, increased protection from "hacker" attacks, and support for multiple, simultaneous IP, domain name and network hardware interfaces on a single Macintosh.
The Web Ten TCP stack can be used to replace the standard Apple OpenTransport implementation, or it can be run in parallel with OpenTransport on the same Macintosh.
Using the Web Ten TCP stack increases performance for two reasons -- (1) Tenon's TCP stack includes no built-in limits on the number of simultaneous TCP connections, and (2) Tenon's stack, by including a wider range of packet delay and packet loss profiles than OpenTransport, has been tuned to work extremely well over internet links.
"Hacker" protection has been added to the Tenon TCP stack to prevent a number of "denial-of-service" attacks, such as the "ping-of-death" and SYN attacks, that have recently crippled some Internet Service Providers.
Web Ten 's TCP includes support for multiple network hardware interfaces. This allows a single Macintosh to be dual-homed to a single physical network for packet load balancing, or a single Macintosh to be connected to multiple network backbones for robustness and availability.
In addition, Web Ten 's TCP allows multiple IP addresses to be assigned to a single physical interface, so that a single Macintosh may be known by different internet addresses. Web Ten has support for multiple domain names, all on the same Macintosh. The multiple network interfaces, multiple internet addresses, and multiple domain names can be used in combination with each other, making Web Ten the first Macintosh-based Web server that supports true virtual hosting -- simultaneous access to different top-level Web server URLs on a single Mac. The flexibility of Apache with respect to Web URLs makes Web Ten a great vehicle for supporting Macintosh-based Web service.
Dual TCP Stacks
Some Macintosh TCP-based applications require OpenTransport. Since Web Ten 's advanced TCP stack is needed to support IP-based virtual hosting, some Webmasters may want to configure their Web Ten machines to run dual protocol stacks. It is possible to run Web Ten 's TCP and OpenTransport simultaneously on a single Macintosh. The idea is to configure OpenTransport with one IP address and Web Ten 's TCP/IP with a second IP address. This allows Macintosh applications to use OpenTransport, and still lets Web Ten use its own stack for multihoming and performance advantages. See section See Replacing OpenTransport for more information.
Enhanced Services
Web Ten includes a native fast file system to provide fast storage. Web Ten 's fast storage enables efficient storage and retrieval of thousands of small files on the Macintosh file system. Both the Apache Server and the Squid Object Cache take advantage of this fast file system to give Web Ten enhanced performance.
Web Ten includes Secure Socket Layer (SSL) support, integrated file transfer, integrated network file service, and integrated domain name service. These services work in concert in Web Ten 's preemptive multitasking environment to create a robust, top-performing, full-featured, secure Web server.
Virtual Hosts
Web Ten gives you the ability to set up Web service for multiple organizations on a single machine. Using a single machine to "host" Web pages for different organizations will reduce hardware costs and administrative costs. Even within a single organization, you may want to establish multiple Web "sites", each with their own top-level URLs.
For example, Web Ten running on host " www.doodads.com " could be configured to answer requests for domains " widgets.com " and " trinkets.com ". That way someone using a browser could access the " doodads " host in any of the following ways:
Note that even though all of these so-called "sites" are hosted on a single machine, each logical host has a first-class URL address.
This setup is much more desirable than the scheme that has been used thus far on Macintosh:
http://www.doodads.com/widgets
http://www.doodads.com/trinkets
Having the ability to establish multiple first-class URLs on a single physical machine is accomplished by creating multiple virtual hosts. Each virtual host can have a unique IP address and a unique domain name, or simply a unique domain name.
The TCP stack that comes with Web Ten allows your Macintosh to be configured with multiple network interfaces (i.e., multihomed), each with a unique internet (IP) address. Web Ten also allows a Macintosh with one network interface (i.e., single-homed) to appear to be multi-homed through a technique called IP aliasing. By using IP aliasing and domain name aliasing, you can create any number of virtual hosts on a single Macintosh, thus letting a single physical machine behave as if it were several different hosts.
With Web Ten , you can set up any number of IP addresses, and each IP address can be assigned any number of domain names. This technique of IP aliasing and domain name aliasing is built into Tenon's TCP stack. Therefore, if you want this capability, you must use the TCP stack that comes with Web Ten (see section See Replacing OpenTransport).
To set up virtual hosts, see section See Virtual Hosts Table and read section See WebTen Preferences and DNS to understand the relationship between virtual hosts and domain name service.
Header-Based Virtual Hosting
The HTTP/1.1 protocol supports a new feature called "header-based virtual hosts". This feature is supported in Web Ten . Nowadays, about 95% of all Web browsers support header-based virtual hosts. If you decide to use this, you may use either Tenon's TCP stack or OpenTransport to support virtual hosting.
The setup for this kind of virtual hosting is exactly the same as for IP-based virtual hosting.
Fast Storage
Web Ten includes a native fast file system. Web Ten 's fast storage provides a means to efficiently store and retrieve thousands of small files on the Macintosh File System. Portions of the Apache server and the Squid Object Cache take advantage of this fast file system to give Web Ten enhanced performance.
Secure Socket Layer
Web Ten incorporates version 3.0 of the Secure Socket Layer (SSL) protocol to encrypt Web server transmissions. Because Web Ten is the only Macintosh Web server to support IP-based virtual hosts, Web Ten 's SSL can support secure transmissions on a per virtual host basis -- true multihoming SSL.
FTP Service
Web Ten includes FTP service as an integrated component of its Web service, providing high-performance file uploads to Webmasters and Web service providers' customers.
NFS Service
Web Ten includes NFS capabilities that allow it to mount NFS volumes from any NFS server. These volumes can then be published within the content hierarchy of the Web Ten Web server. NFS servers can contain the Web pages for an entire Web site, a set of specific virtual hosts, or simply a component of a virtual host.
The Web Ten NFS client service is compatible with any NFS server implementation. Support for read-only access to the NFS volumes is also provided.
DNS Service
Web Ten 's domain name service (DNS) is based on the latest internet technology, with improved performance and security. You can use Web Ten 's built-in DNS as your primary domain name service, as your secondary domain name service in conjunction with any other available DNS service, or simply continue to use your existing domain name service.
CRON Service
Web Ten includes an integrated timer-driven execution manager, the popular UNIX Cron utility. Using Cron , Web managers can specify a schedule for periodic execution of any number of scripts. These scripts can generate Web usage reports or perform various maintenance routines automatically. See section See Clock Service (Cron) for more information and a sample Cron script.
Proxy Services
A proxy server is one that is able to respond to requests for documents that are on other servers. The simplest use of a proxy is as a document cache. Remote documents can be copied to the hard disk of the proxy server. This not only speeds up access time, but also reduces network congestion. More sophisticated uses of proxies involve security and filtering. A trusted proxy can be positioned inside a firewall. That way employees deal only with the proxy, and the proxy is given special privileges to access documents beyond the firewall. A school can give students internet access via a proxy Web server, with built-in restrictions based on key words or domain names.
Web Ten includes two kinds of proxy services -- the Apache proxy module and the Squid proxy component. The Apache proxy module can be configured via the Web Ten Administration Server (see section See Proxy Settings). The Squid proxy software actually has more features, since Squid allows filtering based on partial URLs and key words. See See Appendix C for instructions on configuring Squid proxy.
Advanced HTTP Features
Web Ten 's Apache is fully compliant with HTTP/1.0 and HTTP/1.1. HTTP/1.1 is the newest version of the HyperText Transfer Protocol. This version allows for greater performance and efficiency when transferring files, and includes a suite of advanced features.
Host Name Identification
Every request sent using HTTP/1.1 must identify the host name of the request. This feature, for the first time, allows non-IP-based virtual hosts. This is the "header-based virtual host" feature discussed in section See Header-Based Virtual Hosting. Based on the host name included in every request, the server can deliver different content, even if the IP address is the same. Therefore, two requests for the same IP address, one coming for " www.joe.com " and the other coming for " www.harry.com ", would each receive different content.
Content Negotiation
This gives the server the ability to choose among several different versions of a single document (e.g., English or French, HTML or PDF) and to serve the one most preferred by the browser.
Keep-Alive Connections
Persistent connections, or "keep-alives", allow the browser to establish a long-lived connection when numerous documents are requested over the same connection. Web Ten 's ability to recognize this browser request results in better performance.
"As-Is" Documents
Web Ten can be configured to send certain documents "as-is". This allows you to create documents that exhibit special behavior, such as documents that redirect browsers to other sites, or documents that are never cached by the browser, without being concerned that the server will automatically add standard HTTP headers to the data.
Web Ten also supports " RAW !" type files, the WebSTAR equivalent of "as-is" documents.
"PUT" and "DELETE" Requests
"PUT" and "DELETE" allow Webmasters to create documents on another system and to upload them to the Web Ten system. Conversely, such documents can also be deleted from the Web Ten system using the browser on the remote system. In either case, it is necessary for the browser on the remote system to also support the "PUT" and "DELETE" methods.
In order to take advantage of these methods, it is necessary to install a plug-in, Apple CGI, or traditional CGI that specifically handles these transactions.
Chunked Transfers
This feature works in concert with "persistent connections". Chunked encoding lets the server send output a bit (or chunk) at a time. Normally the server would have to know the content length before sending data. If the data is the output of a CGI script, the length may not be known. With this new feature, servers can start sending data before the script is completed. This lets servers send out dynamic content that is either large or produced slowly, without having to disable persistent connections.
Scripting
In general, when traversing a Web page, clicking on a link causes that client (browser) to send a message to the server (the site maintaining the Web page the client wishes to view) with a given URL. The server gets the file indicated by the URL and sends the contents of the file back to the browser to be displayed to the user. The Common Gateway Interface (CGI) is a mechanism that causes the server to behave differently. The CGI protocol defines communication between the server and an external program. When the URL points to a CGI script file, instead of simply sending the contents of the file to the browser, the server executes the script and then returns the program output to the browser. This allows Webmasters to create dynamic documents and interactive pages. Web Ten supports a wide range of executable scripts.
CGI-Based Scripts
CGI scripts are typically written in C, C++ or Perl, or they can be UNIX shell scripts. Web Ten supports five different styles of CGIs -- shell CGIs, Perl CGIs, AppleScript CGIs, WSAPI CGIs, and C or C++ program CGIs.
See Chapter See Using CGIs for more information on CGIs.
Shell CGIs
A shell CGI is a text file that contains commands for the Bourne Shell or C Shell command interpreter. Any text editor can be used to create shell CGIs. We recommend BBEdit, but any Macintosh editor will do, even SimpleText. The resultant file will typically have the file extension of " .sh " (e.g., mycgi.sh ). Place the file in the Web Ten cgi-bin folder.
Perl CGIs
A Perl CGI is a text file that contains commands for the Perl language interpreter. The file name extension is usually " .pl ", and the file is placed in the cgi-bin folder. A Perl interpreter is included with Web Ten , so Web Ten is able to interpret Perl scripts. We recommend using Tenon's CodeBuilder for developing and debugging Perl CGIs.
C Language CGIs
A C language CGI is a computer program. To produce a C language CGI, you need to write the C language source program using any Macintosh text editor. Then, a C language translator called a C compiler is needed to translate the C program into machine language. Tenon's CodeBuilder can be used to construct and compile the C language CGI scripts. The machine language file with the extension " .c " is stored in the cgi-bin folder in a file that can be executed by Web Ten . F
AppleScript CGIs
AppleScript is an OS-specific scripting language. Tenon extended Apache to support AppleScript CGIs (ACGIs). The best reference for writing AppleScript CGIs is Jon Wiederspan's paper "Extending WebSTAR with AppleScript". These techniques can be applied directly to Web Ten , since running AppleScript CGIs on Web Ten is exactly like running ACGIs on WebSTAR. These files, with the extension " .acgi ", are placed in the cgi-bin folder.
Server APIs
To maximize server performance, it is possible to add modules directly to the server itself using the server's application programming interface (API). By linking the script directly into the server software, you remove the overhead involved in launching an external program (like a Perl script) and passing the information back and forth between the external scripting program and the Web server.
Apache APIs
Apache modules are the equivalent of WebSTAR plug-ins. Web Ten includes many Apache modules and, in most cases, those modules can be configured via the Web Ten Administration Server. In some cases, an Apache module provides the full functionality of a common WebSTAR-style plug-in. See WebTen's Built-In Plug-Ins and CGIs in See Appendix E for a partial list of available plug-ins.
See section See Plug-ins and Apache Modules for more information.
WSAPIs
Tenon included a special Apache module, the " wsapi_module" , that implements W*API 1.1, providing support for running W*API plug-ins and AppleScript CGIs. In most cases, using WebSTAR-style plug-ins with Web Ten will be exactly like using them with WebSTAR. There are some anomalies -- for example, plug-ins delivered by StarNINE, ironically, do not conform to W*API 1.1. Please see See Guide to Using W*API Plug-Ins and AppleScript CGIs in See Appendix D for more details.
Installing Plug-Ins
See Chapter See Plug-ins and Apache Modules for instructions on installing Plug-Ins in WebTen.
Server-Side Includes
Server-Side Includes (SSIs) are a simple type of script that allows you to create HTML documents with boiler plate information (e.g., time of day, name of the server, built-in page hit counters, etc.). Apache includes a new set of eXtended Server-Side Includes (XSSIs) that lets you set variables and use conditional HTML.
Database Interfaces
The standard way for Web servers to interact with databases is through CGI scripts. A number of solutions exist on the Macintosh, both in the form of plug-ins and CGIs (e.g., Tango and on Lasso with the FileMaker Pro database). In addition, there are public domain UNIX database applications with CGI script interfaces that could easily be incorporated into Web Ten .
Directives
Directives are the key to both Apache and Squid. Directives are ASCII text strings, usually with two or more components (e.g., a tag and a specifier). All server actions are determined by directives. You can use directives to turn Squid logging on, to limit server access, to insert files into an HTML document, or to run a script.
Web Ten 's browser-based interface insulates Webmasters from manipulating directives inside configuration files. With Web Ten 's interface, mouse clicks are translated into the appropriate directives to yield the required action. Apache-savvy Webmasters, of course, may set directives by editing the appropriate configuration file. For more information on editing directives in the Apache and Squid configuration files. See section See Customizing WebTen in See Appendix C.
The Web Ten W*API module contains some custom directives which may be used in the httpd.conf file in the context of the main server or within a < VirtualHost > directive. These custom directives control the W*API plug-in/CGI operation. Please see section See Guide to Using W*API Plug-Ins and AppleScript CGIs in See Appendix D for more details.
The httpd.conf file resides in /tenon/apache/conf.httpd.conf and the squid.conf file is in /tenon/squid/etc/squid.conf .
Logging
Apache's default log file format is known as the Common Log Format (CLF). This format provides basic information, such as raw hits, pages accessed, client host names, and timestamps. An extension of the Apache LogFormat directive lets Webmasters generate WebSTAR-style logging. See See Appendix F for more information.
Special Utilities
Web Ten includes some useful utilities in the tenon:utilities folder. These utilities are stand-alone Macintosh programs that provide a specific feature or service that aids in the use and maintenance of a Web Ten system. In addition, many free, shareware and commercial programs provide other very useful services.
Fast File First Aid
The Fast File First Aid program repairs Web Ten 's fast storage files. These files may become damaged in the event of a power outage or other unorderly shutdown of the Web Ten system. Web Ten automatically performs a check and repair (if necessary) on these files each time Web Ten is started, so this program should only be used in the atypical event that the automatic repair is failing. To run this program, drag-and-drop one of Web Ten 's fast storage files from the tenon:Storage folder onto the Fast File First Aid program.
NoFinder
The NoFinder program provides a means to start and stop the Finder (and other programs) on a Macintosh. The Finder is the program that presents the Desktop interface and supports "point-and-click" and "drag-and-drop" methods for launching programs and managing files.
To use NoFinder , simply double-click the icon, select Finder from the Processes list, and choose Terminate A Process from the Process menu. To restart the Finder, choose Launch Process and select Finder from the System Folder .
Reasons for running a Macintosh without running the Finder include, but are not limited to:
Unix <-> Text
Web Ten can serve text files of any Macintosh text file format, including files to be executed as CGIs. If, however, a Webmaster wishes to access an Apache configuration file directly or modify Apache Log files using Macintosh editors, Unix<->Text file conversion may be necessary. The Unix<->Text program converts Macintosh text files back and forth between the different text file formats supported by Web Ten .
When any Macintosh text file (with the type "TEXT") is dropped on Unix<-> Text , the file is converted to Web Ten 's Macintosh creator (or signature) which is "MUMM" (if it is not already "MUMM"), and the Macintosh type "BINA". "BINA" is Web Ten 's native file format. This format provides the fastest possible performance for reading text files in Web Ten , but most Macintosh text editors do not support this file format. We recommend BBEdit for reading and writing these text files, as it does support this format.
Dragging a "MUMM/BINA" text file onto Unix<->Text converts the file to the "MUMM/TEXT" format. This format provides excellent performance for reading text files in Web Ten , and all Macintosh text editors support this format. This format is the suggested format for Web Ten 's Perl and shell CGIs.