I see so many posts and people who run NGINX as their reverse proxy. Why though? There’s HAProxy and Apache, with Caddy being a simpler option.
If you’re starting from scratch, why did you pick/are you picking NGINX over the others?
You must log in or register to comment.
Traefik + CrowdSec + Authelia ftw
I used to use traefik back when it was new and less complex and the 2.0 complexity forced my hand to drop it for my homelab.
Traefik gang here 👊 !
But only because it works so easily with docker !! I remember a time where I though that you need a diploma and read/learn/understand a 10000 page dictionary to make nginx work properly.
Also hated the syntax of nginx… It can look so ugly and gibberish :/.
But I do believe Nginx is superior and more mature in many more aspects than Treafik. Still, Traefik is a breeze and is in IMO way easier to configure with docker than Nginx.
I use Traefik as my main reverse proxy as well for the same reason—container niceties. But then I actually also use nginx… inside container images, like for containers that just serve static files for example.
Use the right tool for the job!
Yeah it’s Traefik for me as well! Heavy docker user, of course - it’s nice just tossing some labels into my Portainer stacks and letting Traefik figure it out. If I wasn’t so invested with containers I’d be using nginx.
You want to access your server under CG-NAT from the outside or what is the point??
You can do that with Wireguard and NAT.
nginx has more features and flexibility than haproxy, such as being a web server. If I wanted just a pure proxy, I’d use haproxy. Apache is primarily a web server, and a pain to configure.
Personally I use Traefik. Add it to docker-compose, set up LE certs, add a few lines to each container, and it Just Works. No extra config on Traefik itself.
nginx is mature and has a lot of support online. A lot of server projects assume you’re using nginx, as well. I’ve only ever seen caddy instructions on newer projects and even then, they usually also have nginx instructions.
Plus, I already know how to use it.
Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I’ve seen in this thread:
Fewer Letters More Letters HTTP Hypertext Transfer Protocol, the Web IP Internet Protocol NAT Network Address Translation SSL Secure Sockets Layer, for transparent encryption TCP Transmission Control Protocol, most often over IP UDP User Datagram Protocol, for real-time communications nginx Popular HTTP server
6 acronyms in this thread; the most compressed thread commented on today has 10 acronyms.
[Thread #888 for this sub, first seen 26th Jul 2024, 04:25] [FAQ] [Full list] [Contact] [Source code]
@selfhosted @Findmysec what is the problem with nginx? 🤔
Security
Caddy is good but it tried to do to much. This means that security bugs could be way more common. It has been audited by outside people and the issues they found were fixed but I am will very doubtful that it is secure yet
**
**
It just works and it’s in every distros default repo, it’s pretty easy to set up and can be a webserver for static files, PHP sites, etc… It can be a reverse proxy for HTTP(s) traffic or just forward TCP/UDP.
There’s also endless documentation out there for how to do something in nginx.
HAProxy is a nightmare to use in my experience. It just feels so clunky and old.
Caddy is nice, but downloading and updating it is a pain because you need modules that aren’t included in the repo version.
Right there with you on “just works,” as well as the simple fact that the config snippets you need are readily available - either in the repo of whatever you’re putting behind the proxy, or elsewhere on the internet.
I consistently keep in mind that it’s ultimately an RU product, of course. But since it’s open source and changes relatively infrequently, that’s mitigated to a large degree from where I sit.
Nothing against Caddy, though Apache gets heavy quickly from a maintenance standpoint, IMHO. But nginx has been my go to for many, many years per the above. It drops into oddball environments without having to rip and tear existing systems out by the roots, and it doesn’t care what’s behind it.
Ages ago, I had a Tomcat app that happened to be supported indirectly by an embedded Jetty (?) app that didn’t properly support SSL certs in a sane way on its own.
That was just fine to nginx and certbot, the little-but-important Jetty app just lived off to the side and functionally didn’t matter because with nginx and certbot, nothing else gave a crap - including the browser clients and the arcane build system that depended on that random Jetty app.
Nginx is owned by F5 now which is an American company so it’s not RU anymore
Counter question: Why does everyone call it “engine X” and not “enjinx”, which would be the way cooler pronunciation?
I call it N Jinx. Always have and I’ll never be convinced otherwise that it’s not.
oh I’ve only ever read it, never heard it pronounced, do people really pronounce it engine X?
That is the way it’s pronounced, yes.
Directly from the nginx home page:
nginx [engine x] is an HTTP and reverse proxy server, a mail proxy server, and a generic TCP/UDP proxy server, originally written by Igor Sysoev.
It’s actually n-jynx duh
Huh. That is way cooler
Some good answers in here already. It boils down to a couple points for me:
- Back when I started selfhosting, it was either nginx or apache, and I found nginx better and easier to set up
- All the nginx knowledge I learned years ago still works just the same as it did back then, so why potentially mess things up by switching if it all still works
- Basically every project has an example nginx config for reference, that can’t be said about other proxies
- It is easier to find support online for edge cases that might pop up with nginx due to the ubiquity of its use and years of history
Because I have it in use as my main webserver, sure I could put that behind haproxy too but why? I like to keep my server setup small and easy, without unnecessary duplications. Nginx can everything that haproxy can, and more.
I think a lot of people just haven’t heard of Caddy. Since I’ve found it I haven’t used anything else.
It might be worth looking more deeply into. From a cursory glance, it might be usable for my usecase, but many service have configuration examples for NGINX (or Apache if they’re old). I’ve never seen caddy examples. What has your experience been with adapting those examples to caddy?
Caddy is so simple you don’t really need configuration examples. The extra configuration many docker services have you configure in Nginx are already done by default with Caddy. Though I have seen Caddy config examples around sometimes.
If all you’re using it for is reverse proxying, you don’t need config examples for Nginx or Caddy, just understand how to configure them.
Good question. I chose it initially because it was open source and way easier (in my eyes) than Apache. I don’t recall the others being an option at the time, or I was not aware of them. nginx does what I need without complaint, so I haven’t switched.
At $dayjob I switched from Apache to nginx 15+ years ago. It’s Callback/Event based process model ran circles around Apache’s pre-fork model at the time. It was very carefully developed to be secure, and even early on it had a good track record. Being able to have nginx handle static content without tying up a backend worker process was huge, and let us scale our app pretty well for the investment of time. Since then, Apache implemented threaded + Event based process models, Caddy, traefik, and a bunch of others have entered the scene.
TBH, I think the big thing nowadays is sane defaults, and better configuration, even automatically discovered configuration – traefik is my current favorite for discovering hosts in consul/Kubernetes/simple host definition files, but since traefik can’t directly serve files, I simply proxy from traefik to … nginx :)
Nginx handles more connections than Apache, given the same resources. HAProxy does not have web server functionality like the former two, so Nginx is the natural upgrade from Apache. Caddy is relatively new, I’m not sure how it compares other than being easier to set up.
