Why do so many people use NGINX?

possiblylinux127 , 7 hours ago

Security

Caddy is good but it tried to do to much. This means that security bugs could be way more common. It has been audited by outside people and the issues they found were fixed but I am will very doubtful that it is secure yet

MangoPenguin , 8 hours ago

It just works and it’s in every distros default repo, it’s pretty easy to set up and can be a webserver for static files, PHP sites, etc… It can be a reverse proxy for HTTP(s) traffic or just forward TCP/UDP.

There’s also endless documentation out there for how to do something in nginx.

HAProxy is a nightmare to use in my experience. It just feels so clunky and old.

Caddy is nice, but downloading and updating it is a pain because you need modules that aren’t included in the repo version.

____ , 5 hours ago

Right there with you on “just works,” as well as the simple fact that the config snippets you need are readily available - either in the repo of whatever you’re putting behind the proxy, or elsewhere on the internet.

I consistently keep in mind that it’s ultimately an RU product, of course. But since it’s open source and changes relatively infrequently, that’s mitigated to a large degree from where I sit.

Nothing against Caddy, though Apache gets heavy quickly from a maintenance standpoint, IMHO. But nginx has been my go to for many, many years per the above. It drops into oddball environments without having to rip and tear existing systems out by the roots, and it doesn’t care what’s behind it.

Ages ago, I had a Tomcat app that happened to be supported indirectly by an embedded Jetty (?) app that didn’t properly support SSL certs in a sane way on its own.

That was just fine to nginx and certbot, the little-but-important Jetty app just lived off to the side and functionally didn’t matter because with nginx and certbot, nothing else gave a crap - including the browser clients and the arcane build system that depended on that random Jetty app.

brygphilomena , 8 hours ago

I learned nginx when I was hosting websites. I had it set up and running when it was time to add reverse proxies into my setup. It didn’t take much more from the virtual hosts I was already using.

Now, I don’t host many individual sites anymore and haproxy has a plugin on my firewall for the handful of services I run now.

udon , 8 hours ago

Counter question: Why does everyone call it “engine X” and not “enjinx”, which would be the way cooler pronunciation?

rothaine , 8 hours ago

Huh. That is way cooler

model_tar_gz , 7 hours ago

I call it N Jinx. Always have and I’ll never be convinced otherwise that it’s not.

authorinthedark , 6 hours ago

oh I’ve only ever read it, never heard it pronounced, do people really pronounce it engine X?

EncryptKeeper , 4 hours ago

That is the way it’s pronounced, yes.

dgriffith , 4 hours ago

Directly from the nginx home page:

nginx [engine x] is an HTTP and reverse proxy server, a mail proxy server, and a generic TCP/UDP proxy server, originally written by Igor Sysoev.

Codilingus , 8 hours ago

Traefik + CrowdSec + Authelia ftw

N0x0n , 5 hours ago (edited 5 hours ago)

Traefik gang here 👊 !

But only because it works so easily with docker !! I remember a time where I though that you need a diploma and read/learn/understand a 10000 page dictionary to make nginx work properly.

Also hated the syntax of nginx… It can look so ugly and gibberish :/.

But I do believe Nginx is superior and more mature in many more aspects than Treafik. Still, Traefik is a breeze and is in IMO way easier to configure with docker than Nginx.

Crogdor , 38 minutes ago

Yeah it’s Traefik for me as well! Heavy docker user, of course - it’s nice just tossing some labels into my Portainer stacks and letting Traefik figure it out. If I wasn’t so invested with containers I’d be using nginx.

AustralianSimon , 27 minutes ago

I used to use traefik back when it was new and less complex and the 2.0 complexity forced my hand to drop it for my homelab.

s38b35M5 , 8 hours ago

I’m reminded of this blog/article on Ars about ripping out OLS and reverting to NGINX. There’s some good info there, and also links to other of his posts on the subject and references. Good read.

atzanteol , 8 hours ago

Nginx scales better than Apache does for static content and proxying, so it started to take over market share.

A home gamer handling a handful of users is unlikely to ever notice a difference.

But the configuration for nginx is simpler nout of the box for most things which is probably the real reason people use it at home.

rglullis , 9 hours ago

**

**

rysiek , 9 hours ago

HAproxy cannot serve static files directly. You need a webserver behind it for that.

Apache is slow.

Nginx is both a capable, fast reverse-proxy, and a capable, fast webserver. It can do everything HAproxy does, and what Apache does, and more.

I am not saying it is absolutely best for every use-case, but this flexibility is a large part of why I use it in my infra (nad have been using it for a decade).

miau , 10 hours ago

Honest question: why not use nginx?

I have run it in so many different scenarios, both professionally and personally, its crazy. Nginx has never failed me, literally. My homeserver is quite limited but nginx has a very small footprint, it performs beautifully well and it satisfies all my hosting, proxying, redirecting and streaming needs.

It works for modern and legacy applications, custom code, webhosting, supports all the modern features and its configuration is very easy with literal thousandsof examples available online.

Apache probably can do all that but I hate how unintuitive its configuration is to me personally. HAproxy cant do half the stuff nginx does.

As for caddy Ive heard of it but never really used it. What does it offer that nginx doesnt?

486 , 1 hour ago

What does it offer that nginx doesnt?

Automatic HTTPS, you don’t have to use certbot or something similar to get/renew certificates. Also, its configuration is really simple and straight forward.

miau , 59 minutes ago

Thank you for your reply!

Personally I am fine with nginx configuration, at least when using containers. The syntax is fine and all I need to do is map one file into the container

But I took a look at the automatic cert feature and wow, that is very, very nice. I may give caddy a try for this feature only - it would simplify my current setup.

I am also surprised it allows using HTTPS over port 443 for cert renewal. I didnt even know this was possible, so I was always stuck with DNS challanges.

So again, thanks for your reply!

Flax_vert , 11 hours ago

Because everyone told me to

d00phy , 11 hours ago

I use nginx & docker-proxy. Because the model I copied used that setup. Having messed with it a bit, I’m understanding it more and more. Before that, the last time I messed with a web server (Apache), nginx wasn’t around. Lately, I’ve seen a similar docker setup to mine that doesn’t use docker-proxy. If I find time, I’ll probably play with that some on my dev rig.

fmstrat , 12 hours ago

Because modsec.

thebardingreen , 12 hours ago

As a security professional, what finally got me to move from Apache to NGINX was OpenResty.

I sometimes still put Apache behind it, depending on my goals.

0x0 , 12 hours ago

When NGINX showed up it beat the then dominant apache on resource utilzation hands-down.

It’s also very configurable and has a lot of modules, both in-house and third party.

The only downside for me: as of late the whole commercial part of the project has been gobbling up everything to shove the non-free version to the point where it’s hard to find info on the free version, e.g., the wiki page that lists all the third-party modules. The nginxtutorials site seems to be a good resource.

Btw one of the main devs forked it into freenginx:

Dounin writes in his announcement that “new non-technical management” at F5 “recently decided that they know better how to run open source projects. In particular, they decided to interfere with security policy nginx uses for years, ignoring both the policy and developers’ position.” While it was “quite understandable,” given their ownership, Dounin wrote that it means he was “no longer able to control which changes are made in nginx,” hence his departure and fork.

Also, fun fact: this is probably the only instance of russian software muricans don’t cry Commie! all the time (maybe because the parent company was acquired).