SPDY Protocol & Other Apache Upgrades

Fri, Jun 22, 2012 at 9:05PM

Google thinks everyone should use SSL (secure connections) in the future to make the internet safer.   Since they made it faster with the new SPDY protocol, it is now easier then ever to agree with them.

Google's web sites have been running on SPDY for over a year for users who login with the chrome browser.  This also works on Firefox 11+ too.  Chances are you have been seen SPDY in action.  Google's web sites are usually some of the fastest there are and SPDY is one of the reasons why that is true.

We're using the SPDY protocol on our secured (SSL) web sites now.

Our Apache Web Server was updated to use MOD_SPDY, Apache Worker MPM and PHP FASTCGI 

The mod_spdy module for the apache web server was made by the google community.  They announced in April, 2012 that it was stable for production use.  They also made it easier to install with an RPM release recently. So I choose now to adopt this technology.

I also switched apache to worker mode (instead of the default prefork MPM).   In the process of doing this, you must switch to use php fastcgi as well which can be tricky to configure, but after a few hours of research, I got it working thanks to this blog article.  The default php integration method is mod_php, which can be slower and less secure since it is part of the apache process and shares all its permissions.  Fastcgi loads php as a separate process and this can be configured to be more secure.

Both changes improve performance of the hidden stuff that happens when you use the Internet.  This include things like your browser connecting to the server, and the way the browser chooses to load multiple resources (images, stylesheets, javascript, etc).   SPDY allows supported browsers to load more at once and to use less bandwidth due to the extra compression it applies.   It has other advanced features that you can tie into with more work too.

The Apache web server running with worker MPM setting reduces its memory usage and this is shown to allow high traffic web servers to perform better under load.

Integrating php with fastcgi "can" be more secure as well with additional configuration to impersonate a linux user. This allows you to further isolate web sites and applications.  This is similar to suexec, but it is faster because fastcgi attempts to keeps a pool of processes handy which eliminates the startup overhead of the php process compared to previous technologies, yet retains the improved security features.

The above changes also makes it easier to measure the cpu usage of apache and php separately since they run as different processes now.  This can be useful for load testing (Large number of simultaneous users) and debugging (Finding problems with a software application).

SPDY Protocol Facts

Spdy works on firefox 11+, android 3+ and chrome browsers.  As of the writing of this blog post, there were no plans for Apple iOS or Microsoft Internet Explorer support for SPDY, but that may change as it becomes a mature standard.  There is a project that lets you use SPDY protocol in an iOS application, but it doesn't enhance the safari browser.  Microsoft is pushing for additional features in a different standard that isn't yet released, but it will allow apps to be faster in addition to browsers, which you can read more about on this cnet article.

Normal HTTP is considered a stateless protocol, which means it does know anything about the user between requests. SPDY is setup to take advantage of the ability for SSL sessions to maintain some state between communications.  This allows it to reuse the connection and keep sending more data on it.  On a normal HTTP web site, there is lots of extra traffic that occurs because its not able to reuse a single connection for all of the data, but SPDY attempts to change that.  This is why you need to have SSL setup for SPDY to work.  SSL also prevents problems with proxy servers since proxy servers usually don't interfere with SSL traffic.  This lets SPDY send its special data format across the Internet without causing problems for users not using SPDY yet.

A study by Google showed an automatic 23% improvement on mobile web site load time by switching the web site to use the SPDY protocol.

Spdy can be up to 50% faster at best according to other studies by Google.  You get this improvement without having to write any code, so really everyone should adopt this technology as soon as possible to improve the Internet and make it more secure in the process.

Our Customers Can Start To Benefit Now

All my managers will made to use SSL secure connections eventually.  Once they have SSL, they will also support the spdy protocol. 

Any customers who wish to upgrade their site with an ssl certificate will also benefit sooner and it will allow their public web site to load faster as well.  An ssl certificate combined with spdy not only speeds up browsing, but it greatly improves the security of your web site and your data including passwords and customer information.

Some businesses quality for a free SSL Certificate with www.startssl.com for non-ecommerce domains.  For ecommerce, they currently charge $60 for 2 years or $200 for 2 year extended validation (EV) certificates (These show your company name in a green bar in most browsers).    Godaddy certificates are some of the cheapest at just $12.99 per year with a coupon, or $99 for EV certificates.

Our adoption of state of the art technologies continues with these recent improvements to our web server software.

If you are a company that wants a high performance & secure web application, we are here to consult and provide the right technology solutions for your business.

Bookmark & Share