Swazoo on port 80

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

Swazoo on port 80

Bernat Romagosa
Hi list,

Is it a bad practice to skip apache and just run swazoo on port 80? If so, why?

Thanks!

Bernat.
Reply | Threaded
Open this post in threaded view
|

Re: Swazoo on port 80

Nicolas Petton
Le mardi 05 avril 2011 à 17:55 +0200, Bernat Romagosa a écrit :
> Hi list,
>
>
> Is it a bad practice to skip apache and just run swazoo on port 80? If
> so, why?

I consider that it is.
First, you'll have to run your image as root, which is very bad.
Also, you'll have to serve static files with Swazoo too. This is
useless, and it will use CPU cycles for nothing.

Cheers,
Nico

>
>
> Thanks!
>
>
> Bernat.

--
Nicolas Petton
http://www.nicolas-petton.fr

Reply | Threaded
Open this post in threaded view
|

Re: Swazoo on port 80

Bernat Romagosa
Understood, thanks :)

2011/4/5 Nicolas Petton <[hidden email]>
Le mardi 05 avril 2011 à 17:55 +0200, Bernat Romagosa a écrit :
> Hi list,
>
>
> Is it a bad practice to skip apache and just run swazoo on port 80? If
> so, why?

I consider that it is.
First, you'll have to run your image as root, which is very bad.
Also, you'll have to serve static files with Swazoo too. This is
useless, and it will use CPU cycles for nothing.

Cheers,
Nico

>
>
> Thanks!
>
>
> Bernat.

--
Nicolas Petton
http://www.nicolas-petton.fr


Reply | Threaded
Open this post in threaded view
|

Re: Swazoo on port 80

Janko Mivšek
In reply to this post by Nicolas Petton
Hi guys,

On 05. 04. 2011 18:09, Nicolas Petton wrote:
> Le mardi 05 avril 2011 à 17:55 +0200, Bernat Romagosa a écrit :

>> Is it a bad practice to skip apache and just run swazoo on port 80? If
>> so, why?

> I consider that it is.
> First, you'll have to run your image as root, which is very bad.
> Also, you'll have to serve static files with Swazoo too. This is
> useless, and it will use CPU cycles for nothing.

I need to say just opposite. I'm namely running Swazoo only production
systems for years as root on port 80, public websites included, static
content included, without any security break.

A big plus of Swazoo only system is simplicity: in installation,
running, maintenance. No need to learn another web server, nothing. And
Swazoo (at least on VisualWorks) has a good performance even in static
serving, it is just 4x slower than Apache, which is actually very good
for Smalltalk only/any C at all.

Best regards
Janko

--
Janko Mivšek
Aida/Web
Smalltalk Web Application Server
http://www.aidaweb.si
Reply | Threaded
Open this post in threaded view
|

Re: Swazoo on port 80

Paolo Bonzini-2
On 04/05/2011 07:22 PM, Janko Mivšek wrote:
> I need to say just opposite. I'm namely running Swazoo only production
> systems for years as root on port 80, public websites included, static
> content included, without any security break.

Still, the Smalltalk virtual machines do not enjoy protection from e.g.
SELinux.  So, at the very least I'd avoid running the image as root, and
use iptables to move port 8080 traffic to port 80:

iptables -t nat -I PREROUTING \
   --source 0/0 --destination 0/0 -p tcp --dport 80 \
   -j REDIRECT --to-ports 8080

(this one as root :).

This precaution alone gives most of the security advantages of Apache.
Apache may protect better against DoS by rejecting upfront invalid
requests that would cause Swazoo to eat too much memory.

Still, Apache may give your site better performance because for example
Swazoo doesn't do any fancy connection management.  In fact, I don't
think Swazoo should because this is not important when your connections
are to localhost (like when Apache talks to Swazoo).  However, it makes
a difference if the latency is high.

With GNU Smalltalk's version of Swazoo, you can also use lighttpd+scgi
instead of Apache.

Paolo