LiteSpeed Web Server v5.4 is Here!
LiteSpeed Technologies is pleased to introduce LiteSpeed Web Server Enterprise, version 5.4.
This update is bursting with improvements such as:
- A massive HTTP/2 HTTPS performance boost.
- Anti-DDoS with reCAPTCHA integration to stop any Layer7 attack, easily.
- Experimental HTTP/3 support
- Mass Hosting support with Redis or with rewrite rules.
- SO_REUSEPORT to handle HIGH traffic efficiently in a large multi-worker deployment.
LiteSpeed Web Server Enterprise, version 5.4 gives you massive performance increases without price inflation!
Read on to learn about everything LSWS v5.4 has to offer!
HTTP/2 and HTTPS Improvements
The performance improvements we’ve made to our HTTP/2 implementation are significant. We’ve taken several steps to minimize overhead and maximize efficiency in this version.
This newly-optimized HTTP/2 implementation beats Nginx’s HTTP/2 implementation by a wide margin: by 2X when serving large dynamic files, by 4X when serving small static files, and by 10X when serving WordPress!
These are verifiable, repeatable results. Try it yourself.
Take a look at the ways in which we’ve improved LiteSpeed HTTP/2:
TLS Record Direct
Rather than relying on third-party SSL libraries with their heavy, inflexible and bloated code path, LSWS builds the TLS record directly. This minimizes data-copies, and allows LiteSpeed to directly control TLS record size in the process.
By implementing an efficient sendfile()-like API, and loading file data directly into the TLS record buffer, LiteSpeed minimizes deep copies and beats kernel TLS (kTLS) efficiency. In a comparison with rival web servers Apache and nginx, LSWS’s throughput of file stream over TLS almost doubled!
Dynamic TLS Record Size
LSWS dynamically adjust TLS record size to deliver data in an optimal way under a variety of conditions. When it’s necessary to improve time to first byte, a small TLS record is used to deliver data quickly. When improving throughput is the goal, maximum sized TLS records are used to reduce TLS protocol overhead.
TLS Record Buffering
In order to reduce system-call overhead and network-packet-level fragmentation, LSWS combines multiple TLS records together and sends them over one system call.
SSL Handshake Offloading
The SSL handshake is the most expensive operation in SSL. Event driven servers usually do the SSL handshake in the main event loop thread, But when there is a large number of incoming SSL connections, this method may cause the event loop to become heavily clogged. To utilize multi-core processors in a modern server, LSWS 5.4 offloads the handshake operation to separate worker threads. By avoiding blockage of the main event-loop, we improve SSL handshake performance.
TLS Certificate Compression
While the IETF is working on the TLS Certificate Compression standard, Google Chrome already supports it. LSWS 5.4 adds certificate compression, which reduces the amount of data that server and client exchange during the handshake.
HPACK Performance Optimization
We’ve heavily optimized both HPACK compression/decompression speed and compression ratio.
HTTP/2 Stream Priority Tuning
With light SSL data buffering, LSWS 5.4 is able to implement HTTP/2 stream priority effectively and efficiently.
Learn more about what makes HTTP/2 with LiteSpeed so special.
Built-in reCAPTCHA Integration
You’re undoubtedly familiar with the application-level reCAPTCHA model, which traditionally protects login screens, form submissions, and the like. LiteSpeed’s new reCAPTCHA implementation, however, provides server-level protection: the best available weapon against Layer-7 DDoS attacks.
When implemented on the server, reCAPTCHA provides more control than most other popular DDoS protection solutions. Legitimate visitors will be able to access the site, while suspicious bots and relentless attackers will be stopped, providing a powerful tool to mitigate resource usage before it can become a problem.
Best of all, LiteSpeed reCAPTCHA is flexible, so you can protect the entire server, or you can enable protection at the Virtual Host level. You can even control coverage by URL via rewrite rules. And by specifying an appropriate trigger sensitivity, you can configure reCAPTCHA to engage only when the server is under heavy load, if you wish.
Learn more about LiteSpeed’s server-level reCAPTCHA, and see why it’s a much better solution than traditional application-level implementations.
The Internet is abuzz over the new HTTP/3 protocol currently under development. HTTP/3 (formerly known as HTTP-over-QUIC) was originally a Google effort to improve HTTP/2 by transporting it encrypted over UDP.
The IETF is still defining the HTTP/3 standard, but LiteSpeed intends to be the first production-ready server to support the new protocol once they adopt a standard. We’re keeping a close eye on the IETF’s progress. LiteSpeed Web Server v5.4 supports HTTP/3 (IETF-QUIC) Draft 20.
With v5.4, LiteSpeed introduces support for two types of Mass Hosting setups:
- High-Availability Redis-Controlled Dynamic Virtual Hosting
- Dynamic Virtual Hosting via Rewrite Mapping.
Best for large-scale generic hosting with hundreds of nodes, Redis-based mass hosting with LSWS boasts the following features:
- Powerful virtual host template via the main Apache configuration file.
- Most flexible vhost configuration via custom Apache configuration.
- Custom SSL certificate for each domain, dynamically loaded.
- High scalability with cloud infrastructure.
- Account migration with a simple Redis record update.
Our friend Aurimas at Hostinger was instrumental in helping us develop this feature. In fact, prior to LSWS v5.4’s public release, Hostinger has already been successfully running it on all of their production servers.
On their blog, Aurimas writes about Hostinger’s experience switching from an OpenResty+Apache solution to LiteSpeed-powered mass hosting. It’s worth a read!
With Rewrite Rules
For those providing shared hosting with minimal customization, LSWS 5.4 allows you to manage virtual hosts via rewrite rules. Benefits include:
- Virtual host template based on Apache configuration.
- High scalability with cloud infrastructure.
Learn more about Mass Hosting with LiteSpeed.
In large multi-worker deployments, SO_REUSEPORT allows multiple sockets on the same host to bind to the same port. By hashing the TCP socket and UDP packets by source IP:port, LSWS can shard the data into smaller chunks. Processes/threads may more easily digest these smaller chunks.
Using SO_REUSEPORT with TCP lets you avoid the thundering herd issue that accept() system calls are susceptible to in multi-worker mode.
With UDP, the same worker process handles packets from the same source. This is great for the QUIC protocol, as it avoids passing packets between processes.
SO_REUSEPORT is enabled automatically when multiple workers are used.
Now that you’ve seen the highlights, take a look at the full release log for a list of all of the changes that have gone into LiteSpeed Web Server v5.4.
If you’re already a LiteSpeed customer, you can upgrade immediately to 5.4 with this command:
/usr/local/lsws/admin/misc/lsup.sh -f -v 5.4
If you’re not yet experiencing LiteSpeed for yourself, why not sign up for a free trial?