Why do so many people use NGINX?

Codilingus , 8 hours ago

Traefik + CrowdSec + Authelia ftw

N0x0n , 5 hours ago (edited 5 hours ago)

Traefik gang here 👊 !

But only because it works so easily with docker !! I remember a time where I though that you need a diploma and read/learn/understand a 10000 page dictionary to make nginx work properly.

Also hated the syntax of nginx… It can look so ugly and gibberish :/.

But I do believe Nginx is superior and more mature in many more aspects than Treafik. Still, Traefik is a breeze and is in IMO way easier to configure with docker than Nginx.

Crogdor , 38 minutes ago

Yeah it’s Traefik for me as well! Heavy docker user, of course - it’s nice just tossing some labels into my Portainer stacks and letting Traefik figure it out. If I wasn’t so invested with containers I’d be using nginx.

AustralianSimon , 27 minutes ago

I used to use traefik back when it was new and less complex and the 2.0 complexity forced my hand to drop it for my homelab.

miau , 10 hours ago

Honest question: why not use nginx?

I have run it in so many different scenarios, both professionally and personally, its crazy. Nginx has never failed me, literally. My homeserver is quite limited but nginx has a very small footprint, it performs beautifully well and it satisfies all my hosting, proxying, redirecting and streaming needs.

It works for modern and legacy applications, custom code, webhosting, supports all the modern features and its configuration is very easy with literal thousandsof examples available online.

Apache probably can do all that but I hate how unintuitive its configuration is to me personally. HAproxy cant do half the stuff nginx does.

As for caddy Ive heard of it but never really used it. What does it offer that nginx doesnt?

486 , 1 hour ago

What does it offer that nginx doesnt?

Automatic HTTPS, you don’t have to use certbot or something similar to get/renew certificates. Also, its configuration is really simple and straight forward.

miau , 59 minutes ago

Thank you for your reply!

Personally I am fine with nginx configuration, at least when using containers. The syntax is fine and all I need to do is map one file into the container

But I took a look at the automatic cert feature and wow, that is very, very nice. I may give caddy a try for this feature only - it would simplify my current setup.

I am also surprised it allows using HTTPS over port 443 for cert renewal. I didnt even know this was possible, so I was always stuck with DNS challanges.

So again, thanks for your reply!

udon , 8 hours ago

Counter question: Why does everyone call it “engine X” and not “enjinx”, which would be the way cooler pronunciation?

rothaine , 8 hours ago

Huh. That is way cooler

model_tar_gz , 7 hours ago

I call it N Jinx. Always have and I’ll never be convinced otherwise that it’s not.

authorinthedark , 6 hours ago

oh I’ve only ever read it, never heard it pronounced, do people really pronounce it engine X?

EncryptKeeper , 5 hours ago

That is the way it’s pronounced, yes.

dgriffith , 4 hours ago

Directly from the nginx home page:

nginx [engine x] is an HTTP and reverse proxy server, a mail proxy server, and a generic TCP/UDP proxy server, originally written by Igor Sysoev.

solberg , 17 hours ago

I think a lot of people just haven’t heard of Caddy. Since I’ve found it I haven’t used anything else.

onlinepersona , 14 hours ago

It might be worth looking more deeply into. From a cursory glance, it might be usable for my usecase, but many service have configuration examples for NGINX (or Apache if they’re old). I’ve never seen caddy examples. What has your experience been with adapting those examples to caddy?

Anti Commercial-AI license

EncryptKeeper , 4 hours ago

Caddy is so simple you don’t really need configuration examples. The extra configuration many docker services have you configure in Nginx are already done by default with Caddy. Though I have seen Caddy config examples around sometimes.

If all you’re using it for is reverse proxying, you don’t need config examples for Nginx or Caddy, just understand how to configure them.

jimmy90 , 16 hours ago

Because pingora doesn’t have a Nixos package yet

PortugalSpaceMoon , 14 hours ago

IIUC pingora is not standalone, but a set of rust crates? Should be already supported by nixpkgs through rust builders.

jimmy90 , 5 hours ago

Yep it would need to be compiled from the configuration given. I’m vaguely interested in trying. I will look up the rust builders. Thank you

SexualPolytope , 14 hours ago

Some people are also building a reverse proxy using pingora called river.

jimmy90 , 5 hours ago

Would that lack the performance benefits that pingora provides by being compiled without configuration file?

jimmy90 , 4 hours ago

I mean pingora out performs nginx which is why cloud flare made it, I believe

MangoPenguin , 8 hours ago

It just works and it’s in every distros default repo, it’s pretty easy to set up and can be a webserver for static files, PHP sites, etc… It can be a reverse proxy for HTTP(s) traffic or just forward TCP/UDP.

There’s also endless documentation out there for how to do something in nginx.

HAProxy is a nightmare to use in my experience. It just feels so clunky and old.

Caddy is nice, but downloading and updating it is a pain because you need modules that aren’t included in the repo version.

____ , 5 hours ago

Right there with you on “just works,” as well as the simple fact that the config snippets you need are readily available - either in the repo of whatever you’re putting behind the proxy, or elsewhere on the internet.

I consistently keep in mind that it’s ultimately an RU product, of course. But since it’s open source and changes relatively infrequently, that’s mitigated to a large degree from where I sit.

Nothing against Caddy, though Apache gets heavy quickly from a maintenance standpoint, IMHO. But nginx has been my go to for many, many years per the above. It drops into oddball environments without having to rip and tear existing systems out by the roots, and it doesn’t care what’s behind it.

Ages ago, I had a Tomcat app that happened to be supported indirectly by an embedded Jetty (?) app that didn’t properly support SSL certs in a sane way on its own.

That was just fine to nginx and certbot, the little-but-important Jetty app just lived off to the side and functionally didn’t matter because with nginx and certbot, nothing else gave a crap - including the browser clients and the arcane build system that depended on that random Jetty app.

possiblylinux127 , 7 hours ago

Security

Caddy is good but it tried to do to much. This means that security bugs could be way more common. It has been audited by outside people and the issues they found were fixed but I am will very doubtful that it is secure yet

brygphilomena , 8 hours ago

I learned nginx when I was hosting websites. I had it set up and running when it was time to add reverse proxies into my setup. It didn’t take much more from the virtual hosts I was already using.

Now, I don’t host many individual sites anymore and haproxy has a plugin on my firewall for the handful of services I run now.

s38b35M5 , 8 hours ago

I’m reminded of this blog/article on Ars about ripping out OLS and reverting to NGINX. There’s some good info there, and also links to other of his posts on the subject and references. Good read.

atzanteol , 9 hours ago

Nginx scales better than Apache does for static content and proxying, so it started to take over market share.

A home gamer handling a handful of users is unlikely to ever notice a difference.

But the configuration for nginx is simpler nout of the box for most things which is probably the real reason people use it at home.

lemann , 13 hours ago

I was coming from Lighttpd which at the time had a very similar config syntax to Nginx. It was pretty much a no brainer, considering I wanted to shift to an automated Letsencrypt renewal process at the same time.

Sadly I wrote some python web services for CGI (not django/flask) that cannot be run anymore, since NGINX only supports FCGI, rather than just CGI as far as I can tell

2xsaiko , 11 hours ago

fcgiwrap is what you want for CGI in nginx.

lemann , 9 hours ago

First time hearing of this! Thank you 😁

rglullis , 9 hours ago

**

**

TheBigBrother , 18 hours ago (edited 17 hours ago)

You want to access your server under CG-NAT from the outside or what is the point??

Findmysec OP , 9 hours ago

You can do that with Wireguard and NAT.

Max_P , 16 hours ago

NGINX can really do a lot of things out of the box while being pretty easy to configure. NGINX can serve static files, it can proxy emails, it can do FastCGI, it can do UWSGI, it can do HTTP proxying, you can run Lua code inside NGINX to do things, there’s a module for RTMP live streaming. You can also implement some stuff like external authentication to protect your services/authenticate them at the proxy level. It can also do caching. Not all that useful with all those Rust and Go apps with their own built-in web server but if you run large legacy apps at scale it’s great, you can offload a lot of stuff away from your slow ass PHP app.

Caddy’s simpler but the current battle tested popular option is NGINX.

HAproxy is good at what it does but it’s only good at proxying and simple rules. For the most part, it’s used as a load balancer and router and doesn’t really process the requests itself. It can alter some things in it but it’s limited, and it only does HTTP and TCP. So you can’t really run PHP or Python or Ruby or whatever applications directly behind HAproxy. That makes NGINX a better choice there because NGINX deals with HTTP and only passes the request details to the application which doesn’t have to do HTTP on its own. I usually see HAproxy load balancing to NGINX hosts with some PHP/Python/Ruby app behind them.

Apache is old. It’s gotten better but the way it works just doesn’t reflect most modern use cases. I remember when NGINX popped off like 15 years ago and just how much more resource efficient it was and how happy I was with the upgrade. So it exists and still works but not very popular anymore. It’s a bit easier to set up but also a bit weird with things like mod_php which runs directly inside Apache instead of a dedicated user that can be better sandboxed.

Traefik is getting traction in big part because it fits well with the Docker ecosystem and just sets itself up automatically.

There’s also Envoy if you want some serious proxying and meshing but setting that one up is truely headache inducing.

They’re all pretty good web servers regardless, it comes down to preference. There’s no right choice because everyone’s needs are different.

db0 , 15 hours ago

Not sure why you say haproxy can’t serve python. I do it all the time. You just use something like python waitress and then point haproxy to it’s port.

Max_P , 15 hours ago

It depends on what you use on the Python side. Classically that would have been uWSGI or one of the *SGI interfaces, and lately ASGI.

Sure, one can totally make Python apps that serve HTTP directly. The same can be done with PHP (and Ruby and others) as well, but most people still run their PHP through PHP-FPM over FastCGI because you can offload a lot of the work to the much faster NGINX side. A fair amount of apps make use of X-Accel-Redirect to serve private files, so you don’t tie up a PHP worker for an hour serving the user’s 2GB file.

But yes, as those languages all move to async computing and away from worker pools, it’s more common to see those serve HTTP directly, and there’s less and less need for a proxy that supports those other protocols. The async event loop is what made NGINX special when it came out, so naturally languages that moves to that model greatly reduce the need for that as well, they too can easily handle thousands of concurrent connections no problems. Plus these days people slap a CDN in front anyway so static file performance doesn’t matter quite as much.

db0 , 14 hours ago

Ye pretty much. I was just quite astounded at that statement as the AI Horde is basically just a lot of python processes behind a very low powered haproxy server.

Personally, I understand people like to stay with the familiar, which is perfectly fine for a non-demanding service, but when something becomes demanding, I find the haproxy specialization serves better. I wish lemmy deployment by default utilized haproxy myself.

d2k1 , 15 hours ago

HAproxy is good at what it does but it’s only good at proxying and simple rules. For the most part, it’s used as a load balancer and router and doesn’t really process the requests itself.

To add something here: HAProxy’s ACLs are more powerful than anything nginx, Apache or even Envoy can do. Of course HAProxy is not a web server but “just” a reverse proxy that speaks HTTP (and TCP) but what you can do with its ACLs is often extremely impressive in its simplicity and elegance. A single-line ACL in HAProxy would require loading additional modules in nginx and writing a screenful of configuration directives. Though the average self-hoster will probably never need any of the power HAProxy offers.

In the past 20 years I have professionally used all four of these as web servers and/or reverse proxies and I am pretty confident that HAProxy beats all others when it comes to request processing. Though Envoy might be getting there.

Findmysec OP , 9 hours ago

Traefik’s marketing as the “Docker reverse-proxy” put me off since I like technologies to stay agnostic of each other (personal preference).

Your arguments are correct, and usually I’d run a separate web server but I suppose for a homelab having less things to manage is great

levitte , 15 hours ago

@Findmysec
Contrary to most, I never made the Apache-to-nginx switch. I actually don't find nginx that much easier to configure, so the effort of rewriting all my templates was too high.

Caddy is a different story. I can replace swathes of configuration lines with just two? And get letsencrypt automatically without having to give it a single thought? Gimme!

Findmysec OP , 9 hours ago

Indeed, I don’t find NGINX that easy to configure either