Picture says it all :) Performance testing while under attack - Weblog - Hiawatha webserver
Hiawatha installation script (Hiawatha, PHP-FPM, MariaDB) - Coding, Scripting & Programming - vpsBoard
Yeah interesting not enough experience with Hiawatha but did read it doesn't do compression so you bandwidth usage will increase and no SSL SNI support Hiawatha 7.0 and beyond - Weblog - Hiawatha webserver - so does rule it out for me (unless you're happy with higher bandwidth usage and needing a dedicated IP address for each SSL host you have on the server) wonder how other web servers would fair if they also turned of gzip compression altogether ? edit: also faq says the same F.A.Q. - Hiawatha webserver
digging up very old benchmarks i did Hiawatha 9.4 back in April 2014 on port 81 while Centmin Mod on port 80 Code: curl -I http://localhost:81/29257_phpi.php HTTP/1.1 200 OK Date: Tue, 22 Apr 2014 18:05:06 GMT Server: Hiawatha v9.4 Connection: keep-alive Transfer-Encoding: chunked Content-type: text/html curl -I http://localhost/29257_phpi.php HTTP/1.1 200 OK Server: nginx centminmod Date: Tue, 22 Apr 2014 18:05:12 GMT Content-Type: text/html; charset=utf-8 Connection: keep-alive Vary: Accept-Encoding PHP Info page and html pages, check the data transferred size differences due to Hiawatha not doing on the fly gzip compression = 6.2x times higher bandwidth consumed with Hiawatha compared to Nginx Code: Hiawatha phpi.php file data transferred 70.28MB to 180.58MB Nginx phpi.php file data transferred 11.28MB to 28.94MB For Hiawatha maintenance.html html file = 3x times higher bandwidth used with Hiawatha compared to Nginx Code: data transferred 21.79MB Nginx phpi.php file data transferred 7.26MB Hiawatha Code: siege -i -d3 -c50 -t30s http://localhost:81/29257_phpi.php Transactions: 973 hits Availability: 100.00 % Elapsed time: 29.90 secs Data transferred: 70.28 MB Response time: 0.01 secs Transaction rate: 32.54 trans/sec Throughput: 2.35 MB/sec Concurrency: 0.30 Successful transactions: 973 Failed transactions: 0 Longest transaction: 0.12 Shortest transaction: 0.00 siege -q -i -d3 -c50 -r50 http://localhost:81/29257_phpi.php Transactions: 2500 hits Availability: 100.00 % Elapsed time: 91.40 secs Data transferred: 180.58 MB Response time: 0.01 secs Transaction rate: 27.35 trans/sec Throughput: 1.98 MB/sec Concurrency: 0.18 Successful transactions: 2500 Failed transactions: 0 Longest transaction: 0.22 Shortest transaction: 0.00 siege -q -i -d2 -c100 -r100 http://localhost:81/nginx-logo.png Transactions: 10000 hits Availability: 100.00 % Elapsed time: 115.27 secs Data transferred: 146.69 MB Response time: 0.01 secs Transaction rate: 86.75 trans/sec Throughput: 1.27 MB/sec Concurrency: 0.85 Successful transactions: 10000 Failed transactions: 0 Longest transaction: 1.68 Shortest transaction: 0.00 siege -q -i -d2 -c100 -r100 http://localhost:81/maintenance.html Transactions: 10000 hits Availability: 100.00 % Elapsed time: 114.38 secs Data transferred: 21.79 MB Response time: 0.00 secs Transaction rate: 87.43 trans/sec Throughput: 0.19 MB/sec Concurrency: 0.23 Successful transactions: 10000 Failed transactions: 0 Longest transaction: 1.01 Shortest transaction: 0.00 Centmin Mod Nginx with default gzip enabled Code: siege -i -d3 -c50 -t30s http://localhost/29257_phpi.php Transactions: 972 hits Availability: 100.00 % Elapsed time: 29.26 secs Data transferred: 11.25 MB Response time: 0.01 secs Transaction rate: 33.22 trans/sec Throughput: 0.38 MB/sec Concurrency: 0.46 Successful transactions: 972 Failed transactions: 0 Longest transaction: 0.09 Shortest transaction: 0.00 siege -q -i -d3 -c50 -r50 http://localhost/29257_phpi.php Transactions: 2500 hits Availability: 100.00 % Elapsed time: 93.80 secs Data transferred: 28.94 MB Response time: 0.01 secs Transaction rate: 26.65 trans/sec Throughput: 0.31 MB/sec Concurrency: 0.28 Successful transactions: 2500 Failed transactions: 0 Longest transaction: 0.16 Shortest transaction: 0.00 siege -q -i -d2 -c100 -r100 http://localhost/nginx-logo.png Transactions: 10000 hits Availability: 100.00 % Elapsed time: 121.28 secs Data transferred: 146.69 MB Response time: 0.00 secs Transaction rate: 82.45 trans/sec Throughput: 1.21 MB/sec Concurrency: 0.15 Successful transactions: 10000 Failed transactions: 0 Longest transaction: 0.03 Shortest transaction: 0.00 siege -q -i -d2 -c100 -r100 http://localhost/maintenance.html Transactions: 10000 hits Availability: 100.00 % Elapsed time: 117.54 secs Data transferred: 7.26 MB Response time: 0.00 secs Transaction rate: 85.08 trans/sec Throughput: 0.06 MB/sec Concurrency: 0.25 Successful transactions: 10000 Failed transactions: 0 Longest transaction: 0.06 Shortest transaction: 0.00
So except the bandwidth and ssl issue, Hiawatha performs pretty close to Nginx. I'm still maze on this: Performance testing while under attack - Weblog - Hiawatha webserver
Nginx can be tuned better to handle slowris specifically.. FYI, they benchmarked out of box Nginx defaults
well yeah and fact is Centmin Mod Nginx tuned defaults are better than Nginx out of box install defaults and should handle slowris attacks much better
But I know you only implemented few of your paid optimizations on stack install centminmod I hope you incorporate most of the optimizations into the stack install Christmas gift for us
hehe those are reserved for paid consult clients as part of the process is analysis and monitoring each clients specific work loads and usage stats and devising custom tailored and optimised settings for that work load and server environment. You can't have a set and forget set of options as not all servers and sites' work loads are the same
Maybe just put on the basic value that would fit on most server just leave a comment for how we can modify it based on our server? With your formula how to achieve the best value
then I'd be out of paid work in the $$$$ range ! FYI, my paid consult work is what allows me time to put into Centmin Mod development as well
Curious how Centmin Mod Nginx fairs with slowhttptest tool for slowris testing against my Wordpress test blog's static html file at Test Page for the Centmin Mod Nginx HTTP Server (2GB DigitalOcean KVM VPS server) Chris at Performance testing while under attack - Weblog - Hiawatha webserver didn't provide the exact slowhttptest parameters used but I tried to figure it out based on the last OpenLiteSpeed test result output on that page and came up with these slowhttptest parameters Code: URL=http://wordpress7.centminmod.com/default_nginxindex.html slowhttptest -c 4096 -H -g -o slowhttptest_centminmod_nginx_1 -i 10 -l 240 -t GET -u $URL -p 3 result was as follows oh i see i used default 50 connections a second, need to retest with the 128 connections a second Chris used
Above slowhttptest used 50 connections per sec default parameters, but if I read correctly Chris used 128 connections per second test parameters so here's the test again Code: URL=http://wordpress7.centminmod.com/default_nginxindex.html slowhttptest -c 4096 -H -g -o slowhttptest_centminmod_nginx_2 -i 10 -l 240 -t GET -u $URL -p 3 -r 128
Chris also has a higher slowris test with 65539 connections, 512 connections per second and 900 second test duration test at http://pub.dotbalm.org/hiawatha_v_apache_2014-02-27/hiawatha-9_4.html which peaked at 821 connections (orange line) Recreating that test on my Wordpress test blog's static html file at Test Page for the Centmin Mod Nginx HTTP Server (2GB DigitalOcean KVM VPS server) with Centmin Mod 1.2.3-eva2000.08 beta LEMP web stack - Nginx, PHP-FPM, MariaDB, CSF Firewall on CentOS 7.0 Code: URL=http://wordpress7.centminmod.com/default_nginxindex.html slowhttptest -c 65539 -H -g -o slowhttptest_centminmod_nginx_2 -i 10 -l 900 -t GET -u $URL -p 3 -r 512 looks like test ends at 557th second when no open connections left
What my above tests for slowhttptest against Centmin Mod LEMP web stack's Nginx show is there's a huge difference between out of box Nginx defaults shown here versus a tuned Nginx configuration
heh More examples of slowhttptest and what the results mean at Security Labs: Testing Web Servers for Slow HTT... | Qualys Community