Ferron – A fast, memory-safe web server written in Rust
52 comments
·April 2, 2025austin-cheney
MaxBarraclough
> Fast. That is just a matter of streams and pipes. More on this later. That said the language the web server is written in largely irrelevant to its real world performance so long as it can execute low level streams and pipes.
I'm no expert, but that doesn't sound right to me. Efficiently serving vast quantities of static data isn't trivial, Netflix famously use kernel-level optimisations. [0] If you're serious about handling a great many concurrent web-API requests, you'll need to watch your step with concerns like asynchrony. Some languages make that much easier than others. Plenty of work has gone into nginx's efficiency, for example, which is highly asynchronous but is written in C, a language that lacks features to aid with asynchronous programming.
If you aren't doing that kind of serious performance work, your solution presumably isn't performance-competitive with the ones that do. As you say, anyone can call their solution fast.
[0] [PDF] https://freebsdfoundation.org/wp-content/uploads/2020/10/net...
xorcist
Most of these things are much harder to get right that you make it sound. Perhaps proxying most so. It is a legitimately hard problem. Look at something like Varnish, which is likely one of the better proxies out there. It took many years to get good.
I never had to write a proxy and am grateful for it. You have to really understand the whole network stack, window sizes and the effects of buffering, what to do about in flight requests, and so on. Just sending stuff from the file system is comparatively easier where you have things such as sendfile, provided you get the security implications of file paths right.
koakuma-chan
In Rust all web frameworks are fast because they all use the same stack tokio + hyper.
dorianniemiec
By the way, Ferron web server also uses Tokio and Hyper.
DoctorOW
This is a really good Caddy replacement. The configuration format Caddy uses sometimes feels oversimplified in that complex configurations are hard to read. My instincts tell me this could scale better without getting more verbose. I'm definitely considering a migration if this project matures.
dorianniemiec
Thank you!
password4321
https://github.com/errantmind/faf is the fastest Rust static "web server" per the most recent TechEmpower Round 23 (Plaintext); it is purposely barebones (provide content via Rust callback!) The top 3 Composite scores are all Rust web frameworks, also not necessarily intended as general-purpose web servers.
https://github.com/static-web-server/static-web-server wins the SEO (and GitHub star) battle, though apparently it is old enough to have a couple unmaintained dependencies.
I use https://github.com/sigoden/dufs as my personal file transfer Swiss Army knife since it natively supports file uploads; I will check out Ferron as a lighter reverse proxy with automatic SSL certs vs. Caddy.
sshine
> the fastest ... purposely barebones
This piece of fiber cable is the fastest static web server.
It is purposely barebones, but I bet you, it does almost nothing to reduce the delivery of a static website. The trick is: The website is already in its final state when it gets piped through the fiber cable, so no processing is required. The templating and caching mechanism is left open for most flexibility.
I call it an OSI layer 1 web server.
The trick is to use fiber instead of copper.
Many webservers don't care about this.
dorianniemiec
Static Web Server is also old enough to use Hyper 0.14.x instead of Hyper 1.x used by Ferron. I wish you good luck using Ferron then!
dorianniemiec
The author of Ferron web server here. Thank you so much for submitting this, and thank you all for the support you have shown when I submitted the server on Hacker News.
jsheard
Nitpick: the logo at the top of your readme is unreadable in GitHubs dark mode.
dorianniemiec
So how can I put a logo with bright text in dark mode and dark text in light mode on the read-me for a GitHub repository?
jsheard
Either give it a solid background, or do this: https://github.blog/changelog/2022-05-19-specify-theme-conte...
indeyets
Important part of caddy’s configuration are their defaults. For example TLS and automatic certificates are on by default. It covers the most useful use case by default.
Ferron is different.
Is that a choice or just something you didn’t work on yet?
dorianniemiec
Well, Ferron has HTTP/2 and OCSP stapling enabled by default when HTTPS is enabled.
KennyBlanken
Some feedback: you really need to put a features list somewhere prominent and tell people what distinguishes your webserver from others in terms of its capabilities.
Also, your FAQ really makes you come off as incredibly patronizing.
dorianniemiec
Why do you think that FAQ makes me come off as patronizing?
amenhotep
I wouldn't be as harsh as that, but "what is a web server" feels very out of place in how basic it is, and the final one that basically just says "read the docs" maybe also doesn't quite land.
tommyage
I am also wondering about this.
To me, your FAQ quickly addressed all questions I had to get a first grasp of the capabilities. It appears to me that you had a determined scope and I very much like that!
nottorp
Isn't Go better for writing servers, and as fast and memory safe as the second coming of $DEITY?
dorianniemiec
Go has larger ecosystem of libraries for building web servers. You have FrankenPHP for running PHP, Lego for automatic TLS, etc. For Rust there is `tokio-rustls-acme` crate (used by Ferron) for automatic TLS. While for PHP there is a `php` crate that depends on unsupported PHP version. Ferron uses FastCGI for communicating with PHP-FPM daemon instead. However, Go uses a garbage collector, unlike Rust, which has a borrow checker to ensure memory safety.
timeflex
The first thing on their main homepage is instructions to curl a shell script into Bash using Sudo. I find the argument that they prioritize security unconvincing.
dorianniemiec
Oh... For safety, it's recommended to check the installation script for suspicious commands. Or you can just pull the image for the Ferron web server from Docker Hub.
no_wizard
I wonder why they left nginx off their comparisons. Is it simply because nginx is still faster I wonder
dorianniemiec
Maybe because of marketing reasons or because I am biased in the comparisons?
no_wizard
So open question: is nginx faster?
I think this is really cool. More competition in this space is better not worse, I am merely curious to know how it stacks up
alexpadula
You’re comparing a new project to nginx. Obviously nginx will be faster maybe not across the board but generally it probably is. As a project matures it will optimize surely! nginx has 21 years of development under its belt.
throwaway81523
Yikes, there is a musician named Ferron who has been around forever, and her web site was formerly ferronweb.com. So I did a double take when I saw this. The musician's web site is ferronsongs.com now. Shadows on a Dime (from 1984) is a great album.
dorianniemiec
Oh... Good to know!
frontfor
Are there benchmarks demonstrating its speed?
mleonhard
I'm also interested in looking at the benchmark code.
Tepix
How much memory does it use? Is it suitable for memory-limited scenarios like a Raspberry Pi 1 with 256MB?
dorianniemiec
I am not exactly sure, but comparing Ferron 1.0.0-beta5 and Caddy 2.9.1 in a benchmark where HTTPS, HTTP/2 are enabled, and default Apache httpd page was served, Caddy used so much memory, that at 12,600 requests per second the system with 16 GB RAM ran out of memory, while Ferron didn't use that much memory, and benchmark succeeded up to 20,000 requests per second. Maybe it's a bug in Caddy?
nicce
It also can be Go issue. Garbage collector did not have time to free memory.
nicoburns
Almost certainly given that pretty much all Rust webservers are, and this one is built on the same dependencies as others.
I run a few websites on fly.io VMs with 256mb using Rust servers that never actually exceed 64mb of usage.
liveafterlove
Nice, does it support DTSL for webrtc over the same port? Nginx only have a patch for it ATM.
dorianniemiec
Thank you! Unfortunately, Ferron doesn't support DTLS, although it can be used as a WebSocket reverse proxy for signaling in WebRTC applications...
alexpadula
Cool project! The first feature put a smile on my face! “Built with rust so it’s fast” paraphrasing but yeah :)
Every web server claims to be fast, so I wonder how they define that. As someone who has written their own supposedly fast web server I only want configuration simplicity. Most web servers are unnecessarily far too complicated.
In a web server here is what I am looking for:
* Fast. That is just a matter of streams and pipes. More on this later. That said the language the web server is written in largely irrelevant to its real world performance so long as it can execute low level streams and pipes.
* HTTP and WebSocket support. Ideally a web server will support both on the same port. It’s not challenging because you just have to examine the first incoming payload on the connection.
* Security. This does not have to be complicated. Let the server administrator define their own security rules and just execute those rules on incoming connections. For everything that fails just destroy the connection. Don’t send any response.
* Proxy/reverse proxy support. This is more simple than it sounds. It’s just a pipe to another local existing stream or piping to a new stream opened to a specified location. If authentication is required it can be the same authentication that sits behind the regular 403 HTTP response. The direction of the proxy is just a matter of who pipes to who.
* TLS with and without certificate trust. I HATE certificates with extreme anger, especially for localhost connections. A good web server will account for that anger.
* File system support. Reading from the file system for a specific resource by name should be a low level stream via file descriptor piped back to the response. If this specific file system resource is something internally required by the application, like a default homepage it should be read only once and then forever fetched from memory by variable name. Displaying file system resources, like a directory listing, doesn’t have to be slow or primitive or brittle.