Forum

I have benchmarking certain web servers and information found in http://forum.mratwork.com/index.php/topic,19486.0.html (old [forum.mratwork.com]).

Nginx still the champions especially when using their 'microcache'. It's good if hiawatha implementing the same technique.

Hiawatha can already do that! Take a look at the 'CGI OUTPUT CACHE' section in the manual page.

This term ('CGI OUTPUT CACHE') make me confuse. So, how to add this parameter to hiawatha config?.

The parameter is not for the Hiawatha configuration, but for in CGI code. Take a look at the following PHP example:

<?php
  header("X-Hiawatha-Cache: 300");
  printf("Hello world!");
?>

Benchmark this and compare to benchmark without the header() command. And compare to nginx with microcache.

Hmm,...

No 'special' header for nginx.

See below:

Server: nginx/1.5.6
Date: Mon, 07 Oct 2013 09:52:32 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.3.27
X-Pingback: http://bugfix.potissima.com/xmlrpc.php
Cache-Control: public
Content-Encoding: gzip


Date: Mon, 07 Oct 2013 09:58:01 GMT
Server: Hiawatha v9.2
Connection: keep-alive
Transfer-Encoding: chunked
X-Powered-By: PHP/5.3.27
X-Pingback: http://bugfix.potissima.com/xmlrpc.php
Content-Type: text/html; charset=UTF-8

What do you mean with 'no special header'? You mean that nginx doesn't require such a CGI header? It might look that it's easier in nginx, but CGI-caching isn't easy if you want to do it secure. What does nginx do to prevent the leaking of sensitive information, such as personal information inside a webpage or cookies?

You right. Add above code make loading faster (9 vs 9,000 requests/seconds).

I mean nginx no need 'special header' like 'X-Hiawatha-Cache: 300' like hiawatha.

Like 'ConnectionsPerIP" in Hiawatha, Nginx have 'limit_conn'.

I hope I can implementing Hiawatha in Kloxo-MR like nginx.

Is it possible using 'SetEnv' like Lighttpd do for header?. I found http://redmine.lighttpd.net/projects/1/wiki/Docs_ModSetEnv

Add 'CustomHeader = X-Hiawatha-Cache:10' not work.

So, no altervative accept add '<?php header("X-Hiawatha-Cache: 10"); ?>' to index.php

SetEnv will not work. Its purpose is to set environment variables for a CGI process. That's totally different from a CGI header printed by a CGI process.

CustomHeader will indeed also not work. This setting will make Hiawatha print a HTTP header. What you need is a CGI header printed by the CGI process which Hiawatha will read and process.

CGI caching is dangerous because the output of a CGI can contain private information! Don't underestimate this!! Because of this, I'm really curious about how nginx's CGI caching works and how secure it is.

This is header after 'CustomHeader = X-Hiawatha-Cache:10':

Date: Mon, 07 Oct 2013 11:07:13 GMT
Server: Hiawatha v9.2
Connection: keep-alive
X-Hiawatha-Cache: 10
Transfer-Encoding: chunked
X-Powered-By: PHP/5.3.27
Content-Type: text/html

but performance back to 9 requests/seconds. Add '<?php header("X-Hiawatha-Cache: 10"); ?>' in index.php made performance became 9,000 requests/seconds.

How CGI caching in Hiawatha works: when a CGI process prints the X-Hiawatha-Cache header, Hiawatha will cache the output for the amount of seconds specified by the header. What the CustomHeader option does is adding the specified header to the HTTP header.

CGI process --(cgi output + header)--> Hiawatha --( requested page + HTTP header)--> client.

For CGI caching to work, the X-Hiawatha-Cache header needs to be present in the CGI output. CustomHeader adds a header to the HTTP header. Different place, so that won't activate CGI caching.

Thanks for your explain.

About nginx's microcache:

## for microcache for fastcgi
fastcgi_cache_valid 200 10s;
fastcgi_cache_use_stale updating;
fastcgi_max_temp_file_size 1M;

## for microcache for proxy
proxy_cache_valid 200 10s;
proxy_cache_use_stale updating;
proxy_max_temp_file_size 1M;

Microcache just cache but with short live time (10 seconds or less) and small ram cache (1M).

What happens if someone with administrator rights visits a page, nginx caches that page (cookies included?) and then later serves it to another user? Will that other user then have administrator rights too?

Reference from nginx.org

The following response headers flag a response as uncacheable unless they are ignored:

Set-Cookie
Cache-Control containing "no-cache", "no-store", "private", or a "max-age" with a non-numeric or 0 value
Expires with a time in the past
X-Accel-Expires: 0

FYI, our forum.mratwork.com change to SMF from phpBB and your account already approved.

I hope Hiawatha implementing 'microcache' like nginx do.

I think Hiawatha's implementation is better. Consider a CMS which allows static content from the database to be cached for, let's say, 30 minutes. What if an administrator changes the page after 5 minutes. In nginx, the change would be visible after 25 minutes. Hiawatha offers a way to flush the page from the cache, which allowes the new content to be loaded.

Yes, nginx (also varnish) have an issue for cache in long cache time (let say 5 minutes). It's why nginx offer 'microcache' but need 'cache_use_stale update'.

I will test hiawatha with 5 minutes cache or more related to cache flush. If it's work, hiawatha have advantage compare to nginx for low-traffic website.

As we know, 'microcache' trick only advantage for high-traffic website.

You can take a look at the Banshee PHP framework [www.banshee-php.org] for an example about how to use Hiawatha's CGI caching feature.

Thanks your reference.

Because template-based configure in Kloxo-MR, detection with 'list($webserver) = explode(" ", $_SERVER["SERVER_SOFTWARE"], 2);' may inaccurate. User able change 'server info' easily. So, no detection and just enough add '<?php header("X-Hiawatha-Cache: 10"); ?>'.

A user (visitor) can't change the SERVER_SOFTWARE environment setting for a CGI-script. Unless the webserver itself has changed it, it's a secure way to check for which webserver is being used. But printing the X-Hiawatha-Cache header while another webserver is being used can't indeed do any harm.

I mean 'user' is someone use Kloxo-MR in their server (as 'admin' in Kloxo-MR context).