Switched (Back) to Apache from Cherokee – Part 1: Reasoning

Sadly, the current version of the Cherokee web server [cherokee-project.com] has some serious outstanding flaws. Most notably, up until recently (where it was reverted in Chrome, not fixed in Cherokee) Chrome could not submit POST forms over HTTPS. Google said in the Chrome bug that web servers that were broken by this change didn’t conform to the SSL spec, and even after it was reverted, they say it was only reverted because quite a few servers still “broke” SSL specs. While Cherokee people (perhaps rightfully) said that Chrome shouldn’t have landed that change (and the change did hit stable very rapidly, due to Chrome’s rapid release schedule), having a web server that cannot accept POSTed data is unacceptable, no matter whose fault it is.

More over, there haven’t been any commits in the master branch of Cherokee’s source in over six months. The creator of Cherokee posted on the mailing list a week ago that he’s working on a totally new version, because most of the core code is being written to be more compatible with protocols like SPDY, and to fix “a few long standing SSL bugs.” Unfortunately, with no release (or even commits) at all being made in six months and with several fairly large bugs, I cannot continue to run Cherokee. Part of what I loved about Cherokee (aside from the gorgeous web administration interface) was the agility behind it: new versions with new features and bug fixes were released constantly. It felt much like Chrome does, including that serious bugs are very rare, and are usually patched out extremely quickly. The only serious bug I ever encountered with Cherokee was the HTTPS POST bug, which was technically only triggered by a change in Chrome, despite the former rapid releases.

So for these reasons, I have switched all of my web servers back to Apache from Cherokee. Personally, I probably won’t be switching back yet again once the new Cherokee with the rewritten core is released, but I know I won’t be recommending Cherokee for new servers at least until the new version is released, and even then probably not for heavy production use. The complete lack of communication (up until a couple of emails explaining the situation last week) makes me wary to use or recommend Cherokee in production.