Apache httpd - a robust, open source web server
Archive - Originally posted on "The Horse's Mouth" - 2013-04-16 23:34:09 - Graham EllisMost major Open Source software has a bewildering assortment of levels and switches when compared to commercial software - and that's because there's no restriction on development / people can make suggestions and add in facilities without the bottom line question "And what's THAT going to cost / will we sell enough more units to make a financial case for it". And this flexibility can be both a blessing and a curse.
It can increase the total cost of ownership. Don't look just at what you pay to get the product - also look at what it costs you to install, look after and support it. And flexibiity can become complexity of choice if you're not careful.
Over the last two days, I've been teaching a private course about the Apache httpd and Apache Tomcat, and the question arose about all the various https / ssl (secure connection) options. How on earth can any newcomer be expected to learn and to choose between them all? How do they interact with each other, which ones are important, and which ones are there to meet some tiny niche requirement? The questions are excellent ones ... the answer (thank goodness) is that you won't go far wrong if you start from the default example configuration file, you read through the comments that are there to help you, and you leave most of it alone especially if you're not sure. Apache httpd has been around for a long time, and the configuration files are designed to work, work well, and work securely out of the box. It's in use for serving some 70% of the domains worldwide, has an excellent reputation; if you're looking for an assurance that it's not going to cause a security issue if you use a facility in vanilla mode, just consider how many people would be complaining / how it would have gone out of fashion is there were problems for the newcomer.