IndexOther information

Other: Cherokee goodies

There are several important features of Cherokee that really do make a difference in real-world production environments.


Cherokee bundles a one of a kind GUI to set up every available feature without the need of editing any configuration files by hand. It is a modern and easy to manage web application that allows to set up the server with speed and ease. The interface is thoroughly documented throughout Cherokee's documentation. Several security measures prevent non authorized personnel from accessing the application, and one-time passwords are generated each time the program is launched. This can be used to give temporary access to a remote administrator.


The swiss-army knife of the Cherokee bundle. This little tool enables you, among other things, to rotate the logs with absolutely no downtime at all. No connections are lost. No delay happens. It can also be used to trace Cherokee's state on the fly, even remotely and on production servers.

This tool has its own documentation under the cherokee-tweak section.


X-Sendfile is a special, non-standard HTTP header that has been supported by Cherokee for a while. At first you might think it is no big deal, but think again.It can be enabled in any CGI, FastCGI or SCGI backend. Basicaly its job is to instruct the web server to ignore the content of the response and replace it by whatever is specified in the header. The main advantage of this is that it will be Cherokee the one serving the file, making use of all its optimizations. It is useful for processing script-output of e.g. php, perl, ruby or any cgi.

This is particularly useful because it hands the load to Cherokee, all the response headers from the backend are forwarded, the whole application uses a lot less resources and performs several times faster not having to worry about a task best suited for a web server.

You retain the ability to check for special privileges or dynamically deciding anything contemplated by your backend's logic, you speed up things a lot while having more resources freed, and you can even specify the delivery of files outside of the web server's document root path. Of course, this is to be done solely in controled environments. In short, it offers a huge performance gain at absolutely no cost.

Note that the X-Sendfile feature also supports X-Accel-Redirect header, a similar feature offered by other web servers. This is to allow the migration of applications supporting it whithout having to make major code rewrites.

Zero Downtime Updates

Cherokee has an ability hardly ever seen in any service delivering application, be it web content, multimedia streaming or almost any other server you can think of.

Whenever a configuration change is applied, it is immediately reflected in the web server with no downtime requirements to restart the server. Of course the connections that are already being served will continue normally with the same parameters that where negotiated with the requesting clients, but they will not be shut down just to perform a menial task such as restarting the server.

In fact, this mechanism is not only limited to configuration updates. Cherokee is so smart that it can even apply this to perform full program upgrades. This means you can completely replace the binaries for new ones, launch the enhanced versions and yet not suffer any downtime. Zero connection losses, no lag associated. Guaranteed.

This might seem as just another cool feature, but is in fact huge. Just think about it: an extremely high traffic site cannot afford to be down. Ever. Not to upgrade the webserver. Not to enhance it. Not to reflect a new configuration setting. Thousands of hits per second depend on it.

With Cherokee you can cope with this and much more. With Cherokee, it's easier done than said.

SSL Virtual Hosts

You might have been told elsewhere that named virtual hosts in SSL cannot be supported without SNI (Server Name Indication) because a web server cannot see the hostname header when the SSL request is being processed. Technically this might have been correct in the past. The first thing that the server has to do is to connect with the other end by using SSL/TLS. The user entered host part of the URI must match the Common Name (CN) provided by the certificate. Since virtual hosts are in use, the CN of the first available certificate may or may not match the one specified in the early stages of TLS negotiation.

Cherokee supports the clean and standard method of dealing with this issue called Server Name Indication (SNI) that sends the name of the virtual host during the TLS negotiation.

If SNI is supported by your SSL/TLS library, the SSL layer does not need to be restarted. Since the host info can be put in the SSL handshake, things will simply work as long as there is a web browser with SNI support at the other side. Currently every modern web browser supports this, and Cherokee has TLS SNI support for the OpenSSL backends.

Note that for SNI to work, client support is required. Web browsers known to support it are Mozilla Firefox 2.0+, Opera 8.0+, Internet Explorer 7 (Vista, not XP) or later and Google Chrome.

Database load balancing

Ever heard of the DB Access Layer, AKA DBSlayer?

In case you haven't, DBSlayer is a database abstraction and pooling layer designed to be simple to use (it's a DB abstraction layer for the web age built on top of HTTP and JSON).

Well, Cherokee ships our very own DBSlayer handler that provides the fastest implementation in existence. It also provides several interesting enhancements.

The usage of this balancing mechanism is a blessing when you wish to scale connection growth against the database layer without replicating your databases to every web server. It is also useful when you have problems like local connections overwhelming a local slave, local slave database failures, or replication failures.

This feature delivers connection pooling, database abstraction to enable easier migrations and administration, load balancing and automatic failover.

Reverse Proxy

Yes, that too! Cherokee also provides a state of the art HTTP reverse proxy module. Check the documentation for more details and give it a try.

And if that is not enough, you can always take a look at the rest of the modules bundled with Cherokee.

Can you improve this entry?