I see so many posts and people who run NGINX as their reverse proxy. Why though? There’s HAProxy and Apache, with Caddy being a simpler option.
If you’re starting from scratch, why did you pick/are you picking NGINX over the others?
Because Nginx Proxy Manager exists.
And also because for me it started from web hosting where Apache and Nginx dominate and later because of many easy to understand example configs from the net including many “docker letsencrypt” examples.
It just works and it’s in every distros default repo, it’s pretty easy to set up and can be a webserver for static files, PHP sites, etc… It can be a reverse proxy for HTTP(s) traffic or just forward TCP/UDP.
There’s also endless documentation out there for how to do something in nginx.
HAProxy is a nightmare to use in my experience. It just feels so clunky and old.
Caddy is nice, but downloading and updating it is a pain because you need modules that aren’t included in the repo version.
Right there with you on “just works,” as well as the simple fact that the config snippets you need are readily available - either in the repo of whatever you’re putting behind the proxy, or elsewhere on the internet.
I consistently keep in mind that it’s ultimately an RU product, of course. But since it’s open source and changes relatively infrequently, that’s mitigated to a large degree from where I sit.
Nothing against Caddy, though Apache gets heavy quickly from a maintenance standpoint, IMHO. But nginx has been my go to for many, many years per the above. It drops into oddball environments without having to rip and tear existing systems out by the roots, and it doesn’t care what’s behind it.
Ages ago, I had a Tomcat app that happened to be supported indirectly by an embedded Jetty (?) app that didn’t properly support SSL certs in a sane way on its own.
That was just fine to nginx and certbot, the little-but-important Jetty app just lived off to the side and functionally didn’t matter because with nginx and certbot, nothing else gave a crap - including the browser clients and the arcane build system that depended on that random Jetty app.
Nginx is owned by F5 now which is an American company so it’s not RU anymore
When NGINX showed up it beat the then dominant apache on resource utilzation hands-down.
It’s also very configurable and has a lot of modules, both in-house and third party.
The only downside for me: as of late the whole commercial part of the project has been gobbling up everything to shove the non-free version to the point where it’s hard to find info on the free version, e.g., the wiki page that lists all the third-party modules. The nginxtutorials site seems to be a good resource.
Btw one of the main devs forked it into freenginx:
Dounin writes in his announcement that “new non-technical management” at F5 “recently decided that they know better how to run open source projects. In particular, they decided to interfere with security policy nginx uses for years, ignoring both the policy and developers’ position.” While it was “quite understandable,” given their ownership, Dounin wrote that it means he was “no longer able to control which changes are made in nginx,” hence his departure and fork.
Also, fun fact: this is probably the only instance of russian software muricans don’t cry Commie! all the time (maybe because the parent company was acquired).
Counter question: Why does everyone call it “engine X” and not “enjinx”, which would be the way cooler pronunciation?
I always did? A friend pointed out to me once the “correct” pronunciation. I like this way more.
Huh. That is way cooler
I call it N Jinx. Always have and I’ll never be convinced otherwise that it’s not.
Some good answers in here already. It boils down to a couple points for me:
- Back when I started selfhosting, it was either nginx or apache, and I found nginx better and easier to set up
- All the nginx knowledge I learned years ago still works just the same as it did back then, so why potentially mess things up by switching if it all still works
- Basically every project has an example nginx config for reference, that can’t be said about other proxies
- It is easier to find support online for edge cases that might pop up with nginx due to the ubiquity of its use and years of history
Back when Nginx started, Apache was the only alternative and a big pain in the ass. That’s how it became popular.
Apache still is a pain in the ass. The only guide I found useful were from 20 years ago or so. All “modern” ones I found didn’t explain stuff, but were more like “copy paste this, now you’re done”. They never fit my usecase.
I honestly don’t know why people new to webhosting even bother with Apache when NGINX is around. It’s just so much easier.
Traefik + CrowdSec + Authelia ftw
Traefik gang here 👊 !
But only because it works so easily with docker !! I remember a time where I though that you need a diploma and read/learn/understand a 10000 page dictionary to make nginx work properly.
Also hated the syntax of nginx… It can look so ugly and gibberish :/.
But I do believe Nginx is superior and more mature in many more aspects than Treafik. Still, Traefik is a breeze and is in IMO way easier to configure with docker than Nginx.
I use Traefik as my main reverse proxy as well for the same reason—container niceties. But then I actually also use nginx… inside container images, like for containers that just serve static files for example.
Use the right tool for the job!
Yeah it’s Traefik for me as well! Heavy docker user, of course - it’s nice just tossing some labels into my Portainer stacks and letting Traefik figure it out. If I wasn’t so invested with containers I’d be using nginx.
I used to use traefik back when it was new and less complex and the 2.0 complexity forced my hand to drop it for my homelab.
Good question. I chose it initially because it was open source and way easier (in my eyes) than Apache. I don’t recall the others being an option at the time, or I was not aware of them. nginx does what I need without complaint, so I haven’t switched.
At $dayjob I switched from Apache to nginx 15+ years ago. It’s Callback/Event based process model ran circles around Apache’s pre-fork model at the time. It was very carefully developed to be secure, and even early on it had a good track record. Being able to have nginx handle static content without tying up a backend worker process was huge, and let us scale our app pretty well for the investment of time. Since then, Apache implemented threaded + Event based process models, Caddy, traefik, and a bunch of others have entered the scene.
TBH, I think the big thing nowadays is sane defaults, and better configuration, even automatically discovered configuration – traefik is my current favorite for discovering hosts in consul/Kubernetes/simple host definition files, but since traefik can’t directly serve files, I simply proxy from traefik to … nginx :)
Because pingora doesn’t have a Nixos package yet
IIUC pingora is not standalone, but a set of rust crates? Should be already supported by nixpkgs through rust builders.
Yep it would need to be compiled from the configuration given. I’m vaguely interested in trying. I will look up the rust builders. Thank you
What about envoy proxy?
Nothing else on the market has as low latency implications to workloads that I am aware of.
I have heard a lot about Envoy proxy from Istio but never looked into it for baremetal usage. I’ll keep an eye out, thanks
I use nginx & docker-proxy. Because the model I copied used that setup. Having messed with it a bit, I’m understanding it more and more. Before that, the last time I messed with a web server (Apache), nginx wasn’t around. Lately, I’ve seen a similar docker setup to mine that doesn’t use docker-proxy. If I find time, I’ll probably play with that some on my dev rig.
I learned nginx when I was hosting websites. I had it set up and running when it was time to add reverse proxies into my setup. It didn’t take much more from the virtual hosts I was already using.
Now, I don’t host many individual sites anymore and haproxy has a plugin on my firewall for the handful of services I run now.
There’s a lot of good resources for Nginx, it’s fast (faster than Caddy), and has a ton of features, so you can use it for pretty much anything HAProxy, Apache, or Caddy can do, and not sacrifice much in performance.
That said, I mostly use HAProxy and Caddy. Here’s my basic setup:
- HAProxy at the edge VPS - routes requests to machines based on SNI
- WireGuard VPN - connects my internal devices to my VPS
- Caddy in Docker - runs on internal network on my NAS/homelab - manages LetsEncrypt renewals and reverse proxies to internal Docker network
- Nginx in Docker - FE for NextCloud; this simplifies things so all my TLS is handled in one place, and Caddy doesn’t need to touch files
I use a local DNS server on my router so my domains can route directly to Caddy instead of going over the internet when on my network, otherwise I may just have HAProxy handle LetsEncrypt certificates.
From what I can tell, Nginx is a little more efficient than Caddy, but Caddy is plenty fast for my needs. I’m considering switching from NextCloud to the new ownCloud Infinite Scale, and if I do, I’d ditch nginx completely.
NGINX is a bit more hands on than some other options but it’s mature, configurable and there’s a huge amount of information out there for setting it up for various use cases.
in my case, its what I set up when i was first getting into this and it works, so I don’t want to go through setting up anything else.
Nginx handles more connections than Apache, given the same resources. HAProxy does not have web server functionality like the former two, so Nginx is the natural upgrade from Apache. Caddy is relatively new, I’m not sure how it compares other than being easier to set up.