The sys admin's daily grind – H2O

Whiz Kid

Article from Issue 181/2015
Author(s):

H2O is a web server that has been in development for some time but seems to be a baby compared with the long-serving Apache. Columnist Charly sets out to discover what the "new kid" is capable of.

Most popular distributions still do not offer packages for H2O [1], but it is not difficult to build the web server. In addition to the standard compilation tools, you also need cmake. The following command will help you pick up the code from GitHub:

git clone https://github.com/h2o/h2o.git h2o

Now change to the h2o directory. As the build parameters, you can decide whether to trust OpenSSL for encrypted connections or to go with LibreSSL  [2] instead. To use OpenSSL, type:

cmake -DWITH_BUNDLED_SSL=off

If you prefer the OpenSSL fork, LibreSSL, you can replace off with on. If you stipulate auto, Cmake will check which OpenSSL version exists on your system. If it is newer than 1.0.2, OpenSSL is used, otherwise LibreSSL. The H2O developers prefer LibreSSL because it is generally regarded as more secure and supports procedures such as Chacha20-Poly1305. That said, H2O is a little slower than OpenSSL.

This fact can be significant because H2O owes its burgeoning popularity to its speed. Even before H2O reached version 1.0, benchmarks [3] demonstrating that the newcomer delivered web pages twice as fast as the Nginx sprinter were already making the rounds. H2O also shares the ability to act as a reverse proxy with Nginx.

Bring On the Water!

All that is separating you and a working web server now is two commands: make and sudo make install. The executable is created in /usr/local/bin/, and a sample configuration file exists in the examples directory. I launched the server as follows:

/usr/local/bin/h2o -c \
  /usr/local/h2o/examples/h2o/h2o.conf

In the out-of-the-box configuration, the server listens on port 8080 (unencrypted) and 8081 (with HTTPS). If you have a suitable browser (e.g., Firefox as of version 36), you can even try out the new HTTP/2 protocol, about which another article in this issue reveals many interesting facts.

The browser then complains about the protocol being self-signed, but the setup still works (Figure 1). The new HTTP protocol, which only became an official IETF standard in May 2015, is something that many other web servers still cannot handle. HTTP/2 can bundle connections and also has a new compression method in the form of HPACK.

Figure 1: A new version of Firefox reveals that H2O speaks HTTP/2.

The Author

Charly Kühnast is a Unix operating system administrator at the Data Center in Moers, Germany. His tasks include firewall and DMZ security and availability. He divides his leisure time into hot, wet, and eastern sectors, where he enjoys cooking, freshwater aquariums, and learning Japanese, respectively.

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy Linux Magazine

SINGLE ISSUES
 
SUBSCRIPTIONS
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

  • Security Lessons: Cryptographic Agility

    When dangerous security flaws are discovered, being able to switch to alternative software can be crucial.

  • Charly's Column: Miniflux

    Sys admin Charly Kühnast typically follows 40 to 50 RSS feeds using Tiny Tiny RSS on his own server. Now, the good times spent with the faithful Tiny are coming to an end. Read on to discover the whole story.

  • Charly's Column – httpstat

    Httpstat is a special stopwatch you can use to discover how long web servers take to serve up a static or dynamic HTML page. Visible performance lags indicate optimization potential for the server.

  • Charly's Column: Air Traffic Control

    When he sees vapor trails in the skies above the Lower Rhine area, sys admin Charly Kühnast doesn't just dream of faraway places. With a Linux system and a DVB-T stick, he grabs the signals from jets flying overhead and tracks their courses on a map.

  • Charly's Column – Let's Encrypt

    Columnist Charly fights the fight for free SSL certificates with Let's Encrypt. He particularly likes the matching software client that takes care of everything – from certificate retrieval to web server integration.

comments powered by Disqus