Why choose FreeBSD over OpenBSD for an http server?

N

nhpr

Recently I've been playing with OpenBSD and love a number of aspects of it. However, I've noticed that organizations seem to only use OpenBSD for NAT/firewalls while using FreeBSD or Linux to run Apache. Since I don't understand why this is, I figured what better place to hear about the advantages of FreeBSD in this realm than their forums?

Also, in terms of scalability, does either OS have any real (or perceived) advantage?
 
FreeBSD performs a lot better. OpenBSD is not build for performance, it's build for security.

That said, the perceived improved security of OpenBSD is IMO marginal at best. Just look at the security advisories for FreeBSD and see how many "remote holes" we've had. We just don't advertise it as such.

As for running a website, your web application is going to be the one that'll be attacked. Not the server itself. OpenBSD won't save you if you have a crappy (from a security point of view) web application.
 
I've read through several (disputed?) benchmarks that heavily favor FreeBSD in various performance metrics.

Other reasons may include: in-house expertise, institutional/personal bias for arbitrary reasons (cool logo? status quo?), affinity for a larger (and perceived to be more stable) development group.

A large installation base also tends to perpetuate its own existence.
 
Code: 
Why choose FreeBSD over OpenBSD for an http server?
Because ... as you said Apache and if we start from the fact Apache is most prefered http server for serving dynamic content ... most offen PHP ... In FreeBSD you can built it with PHP support , extensions so on for about 25 minutes for example ... depending of your hardware , internet connection , etc ... If you deicide in future to upgrade your application with new software all you have to do is to check if your application ( forum , cms, other ) is compatible with new PHP version and to read /usr/ports/UPDATING for any changes in your software, you will spend again 5-10-25 minutes to do it ...

In OpenBSD in base there is Apache 1.x ( "security reason" ), who use it in 2010 year ?! If you deicide to use it your installation and upgrade will be easy as in FreeBSD , BUT if you choose to use Apache 2.x you have to spent 1/2-1 day in installation and configuring your software and depends:e Worse is if you would like to upgrade your software in any time in the future ... ( cannot find english translation of one pharaphrase to say it ... ) ... But it is not a problem at all , just noone wants to spent a time ...

I use OpenBSD on my home PC since 3.6 version ... since 4.0 I decided to install Apache 2.x and PHP from source ... and actually update process is very fast ... some day have to test how are depends now in 4.7 ... Actually it is not really a problem to install all you need but you have to spend a lot of time ... May be soon I have to test how much time it will spent on 4.7 :e
 
SirDice said:
That said, the perceived improved security of OpenBSD is IMO marginal at best. Just look at the security advisories for FreeBSD and see how many "remote holes" we've had. We just don't advertise it as such.
Click to expand...
I feel like this needs to be qualified with 2024 in mind. I read this same perception being propagated even today. I do not see OpenBSD's security advantage right now being marginal at best.
 
canihazsekooriti said:
I feel like this needs to be qualified with 2024 in mind. I read this same perception being propagated even today. I do not see OpenBSD's security advantage right now being marginal at best.
Click to expand...

What gizmos do they have that FreeBSD didn't copy yet?

Are you talking potential holes or a lack of mitigations?
 
I use both and am happy with both; FreeBSD I think has better performance and wider support (hardware and ports) but that’s more based on feel and experience rather than solid data I can produce.

quintessence said:
In OpenBSD in base there is Apache 1.x ( "security reason" ), who use it in 2010 year ?!
Click to expand...

I think Apache 1 got removed a long time ago, so I do not think that is accurate.

OpenBSD feels a little more batteries-included with httpd in a base install but it is not long before you are likely to need a programming language like PHP or whatever a depending on your needs at that point ports (as in ported applications) become potentially more of an issue. You may find some modules better supported on FreeBSD.

FreeBSD makes Apache 2.4 with mod_php a breeze to install but we are all meant to be on php-fpm these days so it’s a bit more fiddly on both BSDs.

In terms of performance it is more likely that your network connection will be an issue long before file systems or CPU performance matter but again that really depends on what you are doing.

I definitely use OpenBSD for firewalls and some desktop and FreeBSD for web and database servers - that was because I found FreeBSD had better support for Dell servers at the time. And then “it works” inertia sets in.

For a couple of projects Linux has been the easiest way to go, so I’ve used that.

Great to have options!
 
1729749833133.png


It's not appropriate for me to quote from the file, but do please read it.
 
DutchDaemon said:
Yo, can we drop the 'subtweeting' and calling out? Back to the proper discussion, thanks.
Click to expand...
Indeed. As mentioned, not entirely sure why the guy keeps subtweeting me on the profile wall (now deleted). Its weird and makes no coherent sense. A real waste of time.

For completion, I will just post the correct original link that he purposefully failed to, and move on :) (But, do note that its your database he is filling up with his maliciously compliant image spam!).

https://freebsdfoundation.org/blog/...ur-systems-with-expert-guided-best-practices/
 
canihazsekooriti said:
I feel like this needs to be qualified with 2024 in mind. I read this same perception being propagated even today. I do not see OpenBSD's security advantage right now being marginal at best.
Click to expand...
To amplify, I feel that OpenBSD currently has a security advantage over FreeBSD that is somewhere greater than or at least measurable especially for web service. For scale, measurable is more than "marginal". At the same time, as of 2024, the performance difference between OpenBSD and FreeBSD for many tasks has narrowed considerably. In summary, I find that there are advantages to the OpenBSD project's focus on security. Over time those advantages have narrowed the performance gap between OpenBSD and FreeBSD especially for serving web pages with php-fpm/fastcgi when compared to using FreeBSD and apache/mod_php.

On the subject of apache/mod_php, I find that it's very difficult to performance tune, and it doesn't play well with anything else. That's not a high cost in the age of virtual machines where you can spin up a configuration that's vertically built to just do apache/mod_php but it is still a cost. Today I do php-fpm/fastcgi on top of nginx across the board.
 
chilton said:
To amplify, I feel that OpenBSD currently has a security advantage over FreeBSD that is somewhere greater than or at least measurable especially for web service. For scale, measurable is more than "marginal". At the same time, as of 2024, the performance difference between OpenBSD and FreeBSD for many tasks has narrowed considerably. In summary, I find that there are advantages to the OpenBSD project's focus on security. Over time those advantages have narrowed the performance gap between OpenBSD and FreeBSD especially for serving web pages with php-fpm/fastcgi when compared to using FreeBSD and apache/mod_php.

On the subject of apache/mod_php, I find that it's very difficult to performance tune, and it doesn't play well with anything else. That's not a high cost in the age of virtual machines where you can spin up a configuration that's vertically built to just do apache/mod_php but it is still a cost. Today I do php-fpm/fastcgi on top of nginx across the board.
Click to expand...
I read somewhere (I think on this forum) that H2O web server is the fastest server in the world today. https://en.wikipedia.org/wiki/H2O_(web_server)

Does OpenBSD's php-fpm/fastcgi beat it? Does FreeBSD's apache/mod_php beat it?
 
chilton said:
On the subject of apache/mod_php, I find that it's very difficult to performance tune, and it doesn't play well with anything else.
Click to expand...
When you install it, it does tell you (IIRC) not to use it because it is old and deprecated.

But it’s so easy to install and use so for now I still use it.

But it’s not going to be the fastest option I don’t think.
 
You must log in or register to reply here.
Back
Top