Catalog
concept#Architecture#Software Engineering#Platform#Security

Web Server

A web server is a software component that accepts HTTP requests and delivers web content to clients.

A web server is software (and often hardware) that handles HTTP requests and delivers web content to clients.
Established
Medium

Classification

  • Medium
  • Technical
  • Architectural
  • Intermediate

Technical context

CDN providers (e.g. Cloudflare)Load balancers and service discoveryMonitoring stacks (Prometheus, ELK, Grafana)

Principles & goals

Use secure default configurations and explicitly harden them.Separate stateless delivery from stateful application logic.Provide well-defined interfaces and observability.
Run
Enterprise, Domain, Team

Use cases & scenarios

Compromises

  • Insecure TLS configurations and outdated software versions.
  • Overload due to missing load balancing or caching.
  • Lack of monitoring hampers fault diagnosis and incident response.
  • Use automated configuration and reproducible deployments.
  • Enforce TLS and HSTS consistently.
  • Collect and analyze access logs regularly.

I/O & resources

  • Configuration files (vhosts, TLS, caching)
  • Access to static resources or backend APIs
  • Operational and monitoring access (logs, metrics)
  • HTTP/HTTPS responses to clients
  • Access and error logs
  • Throughput and latency metrics

Description

A web server is software (and often hardware) that handles HTTP requests and delivers web content to clients. It serves static files, forwards dynamic requests to application backends, and manages connections, caching, and security. It shapes performance, scalability, and deployment patterns across systems.

  • Centralized content delivery reduces client-side complexity.
  • Caching and proxy features improve performance and scalability.
  • Mature ecosystem with many implementations and tools.

  • Single-server setups can quickly hit limits under load or failure.
  • Misconfigurations easily lead to security vulnerabilities.
  • Not all web servers are optimized for complex application logic.

  • Requests per second (RPS)

    Measures the number of requests the web server handles per second.

  • Error rate (4xx/5xx)

    Percentage of erroneous responses relative to all responses.

  • Average response latency

    Time between request receipt and complete delivery of the response.

Apache HTTP Server

One of the oldest and most widely used open-source web servers with modular architecture.

NGINX

High-performance, asynchronous web server and reverse proxy, commonly used for high loads.

Node.js HTTP server

Lightweight, programmable server instance for JavaScript-based web applications and APIs.

1

Install base web server and harden the OS.

2

Configure virtual hosts, routing, and TLS.

3

Enable caching, compression, and security modules.

4

Set up monitoring, backups, and automated deployments.

⚠️ Technical debt & bottlenecks

  • Outdated modules and untested configuration overrides.
  • Monolithic server without automated replication.
  • Lack of infrastructure for zero-downtime deployments.
Network throughputI/O latencyCPU and memory constraints
  • Using a web server as an application language interpreter instead of a dedicated app server.
  • Running outdated open-source versions without security updates.
  • Disabling TLS to work around compatibility issues.
  • Adopting default configurations blindly without hardening.
  • Not properly handling logging, leading to privacy breaches.
  • Insufficient testing when changing timeouts and keep-alive settings.
Server and network administrationTLS/PKI basics and security hardeningConfiguration management and automation
Availability and resiliencePerformance and latencySecurity and privacy
  • Hardware or container resources limit scaling.
  • Legacy protocols or clients constrain security options.
  • Network topology and firewall rules affect reachability.