I see so many posts and people who run NGINX as their reverse proxy. Why though? There’s HAProxy and Apache, with Caddy being a simpler option.
If you’re starting from scratch, why did you pick/are you picking NGINX over the others?
It just works and it’s in every distros default repo, it’s pretty easy to set up and can be a webserver for static files, PHP sites, etc… It can be a reverse proxy for HTTP(s) traffic or just forward TCP/UDP.
There’s also endless documentation out there for how to do something in nginx.
HAProxy is a nightmare to use in my experience. It just feels so clunky and old.
Caddy is nice, but downloading and updating it is a pain because you need modules that aren’t included in the repo version.
Right there with you on “just works,” as well as the simple fact that the config snippets you need are readily available - either in the repo of whatever you’re putting behind the proxy, or elsewhere on the internet.
I consistently keep in mind that it’s ultimately an RU product, of course. But since it’s open source and changes relatively infrequently, that’s mitigated to a large degree from where I sit.
Nothing against Caddy, though Apache gets heavy quickly from a maintenance standpoint, IMHO. But nginx has been my go to for many, many years per the above. It drops into oddball environments without having to rip and tear existing systems out by the roots, and it doesn’t care what’s behind it.
Ages ago, I had a Tomcat app that happened to be supported indirectly by an embedded Jetty (?) app that didn’t properly support SSL certs in a sane way on its own.
That was just fine to nginx and certbot, the little-but-important Jetty app just lived off to the side and functionally didn’t matter because with nginx and certbot, nothing else gave a crap - including the browser clients and the arcane build system that depended on that random Jetty app.
Nginx is owned by F5 now which is an American company so it’s not RU anymore
Because Nginx Proxy Manager exists.
And also because for me it started from web hosting where Apache and Nginx dominate and later because of many easy to understand example configs from the net including many “docker letsencrypt” examples.
Very much became it exist. Its way simpler to do in the GUI.
Did not have to learn anything specific, and can work for things not in docker containers too, like the Nextcloud Snap.
And it makes it very easy to get and maintain certificates.
Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I’ve seen in this thread:
Fewer Letters More Letters CA (SSL) Certificate Authority DNS Domain Name Service/System HTTP Hypertext Transfer Protocol, the Web HTTPS HTTP over SSL IP Internet Protocol NAS Network-Attached Storage NAT Network Address Translation SSL Secure Sockets Layer, for transparent encryption TCP Transmission Control Protocol, most often over IP TLS Transport Layer Security, supersedes SSL UDP User Datagram Protocol, for real-time communications VPN Virtual Private Network VPS Virtual Private Server (opposed to shared hosting) nginx Popular HTTP server
[Thread #888 for this sub, first seen 26th Jul 2024, 04:25] [FAQ] [Full list] [Contact] [Source code]
Because modsec.
I’ll probably look into newer fancier options such as Caddy one day, but as far as I remember Nginx has never failed me : it’s stable, battle tested, and extremely mature. I can’t remember a single time when I’ve been affected by a breaking change (I could not even find one by searching changelogs) and the feature set makes it very versatile. Newer alternatives seem really interesting, but it seems to me they have quite frequent breaking changes and are not as feature rich.
That being said, I’d love to see side-by-side comparison of Nginx and Caddy configs (if anyone wants to translate to Caddy the Nginx caching proxy for OSM I shared earlier this week, that would make a good and useful example), as well as examples of features missing from Nginx. This may give me enough motivation to actually try Caddy :)
(edit : ad->and)
You want to access your server under CG-NAT from the outside or what is the point??
You can do that with Wireguard and NAT.
The only reason that I tend to use it is because of the included webserver. It’s not bad but the paywalling of functionality needed for it to be a proper LB left a bad taste in my mouth. That and HAProxy blows out of the water in all tests that I’ve done over the years where availability is at all a concern. HAProxy also is much more useful when routing TCP.
TLDR: probably a lot of people continue using the thing that they know if it just works as long as it works well enough not to be a bother.
Many many years ago when I learned, I think the only ones I found were Apache and IIS. I had a Mac at the time which came pre installed with Apache2, so I learned Apache2 and got okay at it. While by release dates Nginx and HAProxy most definitely existed, I don’t think I came across either in my research. I don’t have any notes from the time because I didn’t take any because I was in high school.
When I started Linux things, I kept using Apache for a while because I knew it. Found Nginx, learned it in a snap because the config is more natural language and hierarchical than Apache’s XMLish monstrosity. Then for the next decade I kept using Nginx whenever I needed a webserver fast because I knew it would work with minimal tinkering.
Now, as of a few years ago, I knew that haproxy, caddy, and traefik all existed. I even tried out Caddy on my homelab reverse proxy server (which has about a dozen applications routed through it), and the first few sites were easy - just let the auto-LetsEncrypt do its job - but once I got to the sites that needed manual TLS (I have both an internal CA and utilize Cloudflare’ origin HTTPS cert), and other special config, Caddy started becoming as cumbersome as my Nginx conf.d directory. At the time, I also didn’t have a way to get software updates easily on my then-CentOS 7 server, so Caddy was okay-enough, but it was back to Nginx with me because it was comparatively easier to manage.
HAProxy is something I’ve added to my repertoire more recently. It took me quite a while and lots of trial and error to figure out the config syntax which is quite different from anything I’d used before (except maybe kinda like Squid, which I had learned not a year prior…), but once it clicked, it clicked. Now I have an internal high availability (+keepalived) load balancer than can handle so many backend servers and do wildcard TLS termination and validate backend TLS certs. I even got LDAP and LDAPS load balancing to AD working on that for services like Gitea that don’t behave well when there’s more than one LDAPS backend server.
So, at some point I’ll get around to converting that everything reverse proxy to HAProxy. But I’ll probably need to deploy another VM or two because the existing one also has a static web server and I’ve been meaning to break up that server’s roles anyways (long ago, it was my everything server before I used VMs).
Thanks for the comment, that was a good read
- simple config & setup
- good performance
- popular/packaged by every single distro
- just works
I think a large factor is because so many people use it. A lot of people come to self hosting without much knowledge and just copy configs etc. from a Tutorial. Those tutorials will 90% of the time use Apache or nginx. I remember back when I set up my first servers I mostly followed instructions and copied configs. Years later I understood I had set up Apache with virtual hosts and what that means/how it works but it might as well just have been nginx.
As for why so many people use these two I think it also has to do with “adoption” in another way. Back before nginx Apache was the standard everything else was “different”. Then nginx appeared to solve the Problems of Apache and then there were 2 … These days you can probably do anything you want/need with the 2 servers so no reason to use anything else.
Professionaly I usually use either HAProxy and Apache or Nginx (or sometimes HAProxy and Nginx) but if there are special requirements that might change.
I came to MySQL and Apache because they were the backend for other services I wanted to start,. Later, when I wanted to build my own, I already had Apache running, so why would I add nginx? I did let other services add sqlite, but have (in most cases) figured out how to switch those to MySQL.
All of that has been running for 20 years. I’m sure it would be good for my dementia-risk to learn how to start ngnix and migrate all those services, but it’s far more attractive not to mess with what works.
Nginx scales better than Apache does for static content and proxying, so it started to take over market share.
A home gamer handling a handful of users is unlikely to ever notice a difference.
But the configuration for nginx is simpler nout of the box for most things which is probably the real reason people use it at home.
nginx has more features and flexibility than haproxy, such as being a web server. If I wanted just a pure proxy, I’d use haproxy. Apache is primarily a web server, and a pain to configure.
Personally I use Traefik. Add it to docker-compose, set up LE certs, add a few lines to each container, and it Just Works. No extra config on Traefik itself.
Because everyone told me to
Traefik + CrowdSec + Authelia ftw
I used to use traefik back when it was new and less complex and the 2.0 complexity forced my hand to drop it for my homelab.
Traefik gang here 👊 !
But only because it works so easily with docker !! I remember a time where I though that you need a diploma and read/learn/understand a 10000 page dictionary to make nginx work properly.
Also hated the syntax of nginx… It can look so ugly and gibberish :/.
But I do believe Nginx is superior and more mature in many more aspects than Treafik. Still, Traefik is a breeze and is in IMO way easier to configure with docker than Nginx.
Yeah it’s Traefik for me as well! Heavy docker user, of course - it’s nice just tossing some labels into my Portainer stacks and letting Traefik figure it out. If I wasn’t so invested with containers I’d be using nginx.
I use Traefik as my main reverse proxy as well for the same reason—container niceties. But then I actually also use nginx… inside container images, like for containers that just serve static files for example.
Use the right tool for the job!
Often I already have nginx running for serving some static content anyway.
Otherwise, I’m traefik all the way.
