ApacheCon North America 2014

This presentation will provide insights on the new features of Apache HTTPD 2.4, including performance enhancements, Cloud functionality, and Reverse Proxy improvements.

You've been asking for this since the 0.9 release of the Apache http server, and 2.4 gives it to you - conditional configuration syntax in your config file, with if blocks, request-time expression evaluation, and configuration macros. Come learn about these great new features, and go away with tools you can use right away to make your life as a sysadmin better.

Apache HTTP Server 2.4 includes valuable enhancements to logging capabilities which allow fine-grained control of events being logged, as well as better information about those events.  Third-party modules and other tools provide additional facilities for capturing and understanding diagnostic data.  In this presentation, Jeff Trawick will cover the use of these facilities for solving problems encountered with Apache HTTP Server and third-party modules.

The extensive work over the years on the proxy modules has given httpd a degree of flexibility and intelligence that rivals some hardware load balancers. In this session, the speaker will discuss how a few features of different load balancing solutions line up and why mod_proxy/mod_proxy_balancer may be the best choice for you. After providing an overview of configuration directives, the session will begin exploring solutions to many problems that may arise in today's world of complex web applications and cloud-based systems where mod_proxy just makes it all that much easier.

Complicated load balancing setups? No problem! Misbehaving backend applications? Child's play! After this session, the functional basis will be set for handling nearly any proxy situation you can think of.

mod_rewrite is a necessary evil if you're a web server admin. The enormous amount of misinformed, worst-practice, and just-plain-wrong mod_rewrite advice on the web is a testament to how unnecessarily complex mod_rewrite has historically been to use.

In this talk, Rich will remove the mystery and show you the basic building block of regular expressions, and how to craft your own rewrite rules. You'll understand how the rewrite process works, and why, so that you aren't surprised by what rules do. You'll learn about rewrite maps, rewrite flags, and, at least as importantly, about the many ways that you can do things without using mod_rewrite at all, using basic Apache httpd functionality.

With the launch of the Apache HTTP Server version 2.4, a new module, mod_lua, has been introduced, which enables administrators and users to use the Lua programming language to extend the web servers capabilities as well as write web applications. mod_lua allows you to rewrite requests, add custom authentication and authorization functions, write web applications in Lua, perform caching operations, input/output filtering of requests, advanced request mapping, as well as interact with the httpd API, with a speed that sometimes rivals that of regular modules written in C. This talk will introduce the Lua language, analyze and compare Lua to other languages and modules, and look at the many ways in which one can interact with the Apache HTTP Server with Lua.  If you have previously used perl, python or php for httpd management/scripting, you might be interested in what mod_lua has to offer.

FastCGI is a protocol for communication between a web server and applications or frameworks, allowing requests to be handled outside of the web server processes with reasonable performance.  Administrators of Apache HTTP Server often deploy applications which are able to use the FastCGI protocol.  In this presentation, Jeff Trawick will describe several modules which support deploying FastCGI applications with Apache HTTP Server 2.4.  You will learn about the pros and cons of each module as well as typical configurations of the modules.

This talk introduces the new communication standards that helped launch a new way of web browsing, more specifically WebSockets and Server-Sent Events (SSE), and looks at how the Apache HTTP Server can be utilized to use these technologies to create 'the Next Web App'.  With code examples and live previews, this talk explains how these new communication protocols work and how to get started with them, from a simple chat application to massive online collaboration programs. The talk will feature complete, working examples in HTML5, JavaScript, PHP and Lua, as well as live interaction with the audience, and can be watched by beginners as well as people with prior knowledge in the field.

Need to run applications in the cloud but don't have the budget of Netflix? This talk will cover best practices for running your application on scaled down servers without sacrificing performance.

Not everyone running their apps in the cloud is Netflix or Zynga and needs to deploy and manage tens of thousands of servers. Cloud vendors also provide micro instances with limited memory and CPU resources at very affordable prices or even free. Properly configured, these machines can be excellent servers for blogs, content management systems, code hosting repositories, forums and more. This talk will cover best practices for scaling down your application in the cloud without compromising performance. It will draw on the lessons-learned running Bitnami, the number one library of open source applications for the Amazon and Azure clouds, with over one million deployments each month.

The Secure Socket Layer is essential for secure access to web applications.  However, it is important to understand how it works and what the limitations are.  In this session, Sander Temme will discuss protocol principles, recent security developments, configuration tips for several Apache server technologies.  He will cover how the Open Source community has stumbled, and how to set up a certificate infrastructure for development, test and deployment.

The days of deploying the default, example httpd.conf to enable mod_ssl are long gone, while most articles published on the web are long out of date.  Any 'openssl genrsa 1024' bit suggestion is a first hint of corroded guidance. Smart organizations and business have changed their cipher suite, added ECC keys and stronger RSA keys to now default to forward secrecy operation.  They have shifted from SSL session caches to session tickets to further attain perfect forward secrecy.  And they are rolling out OCSP stapling services to avoid the CA lookup delays, and are on the verge of adopting TLS virtual hosting as the last of the antique browser clients disappear from (or become ignored on) the internet. This talk discusses all of the above features and illustrates deployment consideration, including a hands-on demonstration.  The talk further presents smart configuration of the reverse proxy connections and looks at forward proxy mechanics in preserving the end-to-end goal of perfect forward secrecy.