Good question. I chose it initially because it was open source and way easier (in my eyes) than Apache. I don’t recall the others being an option at the time, or I was not aware of them. nginx does what I need without complaint, so I haven’t switched.
At $dayjob I switched from Apache to nginx 15+ years ago. It’s Callback/Event based process model ran circles around Apache’s pre-fork model at the time. It was very carefully developed to be secure, and even early on it had a good track record. Being able to have nginx handle static content without tying up a backend worker process was huge, and let us scale our app pretty well for the investment of time. Since then, Apache implemented threaded + Event based process models, Caddy, traefik, and a bunch of others have entered the scene.
TBH, I think the big thing nowadays is sane defaults, and better configuration, even automatically discovered configuration – traefik is my current favorite for discovering hosts in consul/Kubernetes/simple host definition files, but since traefik can’t directly serve files, I simply proxy from traefik to … nginx :)
HAproxy cannot serve static files directly. You need a webserver behind it for that.
Apache is slow.
Nginx is both a capable, fast reverse-proxy, and a capable, fast webserver. It can do everything HAproxy does, and what Apache does, and more.
I am not saying it is absolutely best for every use-case, but this flexibility is a large part of why I use it in my infra (nad have been using it for a decade).
But only because it works so easily with docker !! I remember a time where I though that you need a diploma and read/learn/understand a 10000 page dictionary to make nginx work properly.
Also hated the syntax of nginx… It can look so ugly and gibberish :/.
But I do believe Nginx is superior and more mature in many more aspects than Treafik. Still, Traefik is a breeze and is in IMO way easier to configure with docker than Nginx.
I use Traefik as my main reverse proxy as well for the same reason—container niceties. But then I actually also use nginx… inside container images, like for containers that just serve static files for example.
Yeah it’s Traefik for me as well! Heavy docker user, of course - it’s nice just tossing some labels into my Portainer stacks and letting Traefik figure it out. If I wasn’t so invested with containers I’d be using nginx.
I have run it in so many different scenarios, both professionally and personally, its crazy. Nginx has never failed me, literally. My homeserver is quite limited but nginx has a very small footprint, it performs beautifully well and it satisfies all my hosting, proxying, redirecting and streaming needs.
It works for modern and legacy applications, custom code, webhosting, supports all the modern features and its configuration is very easy with literal thousandsof examples available online.
Apache probably can do all that but I hate how unintuitive its configuration is to me personally. HAproxy cant do half the stuff nginx does.
As for caddy Ive heard of it but never really used it. What does it offer that nginx doesnt?
Automatic HTTPS, you don’t have to use certbot or something similar to get/renew certificates. Also, its configuration is really simple and straight forward.
Personally I am fine with nginx configuration, at least when using containers. The syntax is fine and all I need to do is map one file into the container
But I took a look at the automatic cert feature and wow, that is very, very nice. I may give caddy a try for this feature only - it would simplify my current setup.
I am also surprised it allows using HTTPS over port 443 for cert renewal. I didnt even know this was possible, so I was always stuck with DNS challanges.
It’s easy to use, reliable, and doubles as a webserver so I only need one software to host my websites and also do the reverse proxying to the other webservices.
NGINX can really do a lot of things out of the box while being pretty easy to configure. NGINX can serve static files, it can proxy emails, it can do FastCGI, it can do UWSGI, it can do HTTP proxying, you can run Lua code inside NGINX to do things, there’s a module for RTMP live streaming. You can also implement some stuff like external authentication to protect your services/authenticate them at the proxy level. It can also do caching. Not all that useful with all those Rust and Go apps with their own built-in web server but if you run large legacy apps at scale it’s great, you can offload a lot of stuff away from your slow ass PHP app.
Caddy’s simpler but the current battle tested popular option is NGINX.
HAproxy is good at what it does but it’s only good at proxying and simple rules. For the most part, it’s used as a load balancer and router and doesn’t really process the requests itself. It can alter some things in it but it’s limited, and it only does HTTP and TCP. So you can’t really run PHP or Python or Ruby or whatever applications directly behind HAproxy. That makes NGINX a better choice there because NGINX deals with HTTP and only passes the request details to the application which doesn’t have to do HTTP on its own. I usually see HAproxy load balancing to NGINX hosts with some PHP/Python/Ruby app behind them.
Apache is old. It’s gotten better but the way it works just doesn’t reflect most modern use cases. I remember when NGINX popped off like 15 years ago and just how much more resource efficient it was and how happy I was with the upgrade. So it exists and still works but not very popular anymore. It’s a bit easier to set up but also a bit weird with things like mod_php which runs directly inside Apache instead of a dedicated user that can be better sandboxed.
Traefik is getting traction in big part because it fits well with the Docker ecosystem and just sets itself up automatically.
There’s also Envoy if you want some serious proxying and meshing but setting that one up is truely headache inducing.
They’re all pretty good web servers regardless, it comes down to preference. There’s no right choice because everyone’s needs are different.
Not sure why you say haproxy can’t serve python. I do it all the time. You just use something like python waitress and then point haproxy to it’s port.
It depends on what you use on the Python side. Classically that would have been uWSGI or one of the *SGI interfaces, and lately ASGI.
Sure, one can totally make Python apps that serve HTTP directly. The same can be done with PHP (and Ruby and others) as well, but most people still run their PHP through PHP-FPM over FastCGI because you can offload a lot of the work to the much faster NGINX side. A fair amount of apps make use of X-Accel-Redirect to serve private files, so you don’t tie up a PHP worker for an hour serving the user’s 2GB file.
But yes, as those languages all move to async computing and away from worker pools, it’s more common to see those serve HTTP directly, and there’s less and less need for a proxy that supports those other protocols. The async event loop is what made NGINX special when it came out, so naturally languages that moves to that model greatly reduce the need for that as well, they too can easily handle thousands of concurrent connections no problems. Plus these days people slap a CDN in front anyway so static file performance doesn’t matter quite as much.
Ye pretty much. I was just quite astounded at that statement as the AI Horde is basically just a lot of python processes behind a very low powered haproxy server.
Personally, I understand people like to stay with the familiar, which is perfectly fine for a non-demanding service, but when something becomes demanding, I find the haproxy specialization serves better. I wish lemmy deployment by default utilized haproxy myself.
HAproxy is good at what it does but it’s only good at proxying and simple rules.
It’s possible to write very complex rules/ACLs with HAproxy… stick-tables, ACLs with regexes on whatever HTTP header, source or destination ACLs, map files, geoblocking, lua scripting, load-balancing from round-robin to host header load balancing, dynamic backend servers provisionning through DNS… Not that you can’t do it with Nginx (it started as a reverse-proxy before becoming a jack of all trades), nor that nginx isn’t a great tool (it is!), but HAProxy can do very complex things too. It also follows the good ol’ UNIX philosophy of “one program to do one thing and do it well” and thus doesn’t try to be a webserver, hence why you need a webserver behind it to serve anything from static files to PHP/Python/whatever.
Traefik does auto discovery and you can register different configuration providers. Don’t need docker? Then don’t use the docker label-based provider. It is really flexible and has sensible defaults. Other than a few quirks in the basic auth support I haven’t had any problems. And at work it powers our globally utilized infrastructure without any hiccups.
HAproxy is good at what it does but it’s only good at proxying and simple rules. For the most part, it’s used as a load balancer and router and doesn’t really process the requests itself.
To add something here: HAProxy’s ACLs are more powerful than anything nginx, Apache or even Envoy can do. Of course HAProxy is not a web server but “just” a reverse proxy that speaks HTTP (and TCP) but what you can do with its ACLs is often extremely impressive in its simplicity and elegance. A single-line ACL in HAProxy would require loading additional modules in nginx and writing a screenful of configuration directives. Though the average self-hoster will probably never need any of the power HAProxy offers.
In the past 20 years I have professionally used all four of these as web servers and/or reverse proxies and I am pretty confident that HAProxy beats all others when it comes to request processing. Though Envoy might be getting there.
Having used HAProxy for 15 years commercially, I absolutely agree with this. There are lots of complex features of HAProxy that only a dedicated proxy can provide. The acls, deep packet inspection and stick tables are a few.
Whilst it doesn’t directly “serve” PHP or Python - it’s a load balancer so can just have regular Apache or nginx backends serving content which is arguably its main use case. For homelab this doesn’t always make sense but I would pick nginx for high traffic commercial environments.
When NGINX showed up it beat the then dominant apache on resource utilzation hands-down.
It’s also very configurable and has a lot of modules, both in-house and third party.
The only downside for me: as of late the whole commercial part of the project has been gobbling up everything to shove the non-free version to the point where it’s hard to find info on the free version, e.g., the wiki page that lists all the third-party modules. The nginxtutorials site seems to be a good resource.
Dounin writes in his announcement that “new non-technical management” at F5 “recently decided that they know better how to run open source projects. In particular, they decided to interfere with security policy nginx uses for years, ignoring both the policy and developers’ position.” While it was “quite understandable,” given their ownership, Dounin wrote that it means he was “no longer able to control which changes are made in nginx,” hence his departure and fork.
Also, fun fact: this is probably the only instance of russian software muricans don’t cry Commie! all the time (maybe because the parent company was acquired).
I think a large factor is because so many people use it. A lot of people come to self hosting without much knowledge and just copy configs etc. from a Tutorial. Those tutorials will 90% of the time use Apache or nginx. I remember back when I set up my first servers I mostly followed instructions and copied configs. Years later I understood I had set up Apache with virtual hosts and what that means/how it works but it might as well just have been nginx.
As for why so many people use these two I think it also has to do with “adoption” in another way. Back before nginx Apache was the standard everything else was “different”. Then nginx appeared to solve the Problems of Apache and then there were 2 … These days you can probably do anything you want/need with the 2 servers so no reason to use anything else.
Professionaly I usually use either HAProxy and Apache or Nginx (or sometimes HAProxy and Nginx) but if there are special requirements that might change.
I came to MySQL and Apache because they were the backend for other services I wanted to start,. Later, when I wanted to build my own, I already had Apache running, so why would I add nginx? I did let other services add sqlite, but have (in most cases) figured out how to switch those to MySQL.
All of that has been running for 20 years. I’m sure it would be good for my dementia-risk to learn how to start ngnix and migrate all those services, but it’s far more attractive not to mess with what works.
Caddy is good but it tried to do to much. This means that security bugs could be way more common. It has been audited by outside people and the issues they found were fixed but I am will very doubtful that it is secure yet
nginx has more features and flexibility than haproxy, such as being a web server. If I wanted just a pure proxy, I’d use haproxy. Apache is primarily a web server, and a pain to configure.
Personally I use Traefik. Add it to docker-compose, set up LE certs, add a few lines to each container, and it Just Works. No extra config on Traefik itself.
You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: !selfhosted@lemmy.world
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don’t control.
Rules:
Be civil: we’re here to support and learn from one another. Insults won’t be tolerated. Flame wars are frowned upon.
No spam posting.
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it’s not obvious why your post topic revolves around selfhosting, please include details to make it clear.
Don’t duplicate the full text of your blog or github here. Just post the link for folks to click.
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
Good question. I chose it initially because it was open source and way easier (in my eyes) than Apache. I don’t recall the others being an option at the time, or I was not aware of them. nginx does what I need without complaint, so I haven’t switched.
At $dayjob I switched from Apache to nginx 15+ years ago. It’s Callback/Event based process model ran circles around Apache’s pre-fork model at the time. It was very carefully developed to be secure, and even early on it had a good track record. Being able to have nginx handle static content without tying up a backend worker process was huge, and let us scale our app pretty well for the investment of time. Since then, Apache implemented threaded + Event based process models, Caddy, traefik, and a bunch of others have entered the scene.
TBH, I think the big thing nowadays is sane defaults, and better configuration, even automatically discovered configuration – traefik is my current favorite for discovering hosts in consul/Kubernetes/simple host definition files, but since traefik can’t directly serve files, I simply proxy from traefik to … nginx :)
HAproxy cannot serve static files directly. You need a webserver behind it for that.
Apache is slow.
Nginx is both a capable, fast reverse-proxy, and a capable, fast webserver. It can do everything HAproxy does, and what Apache does, and more.
I am not saying it is absolutely best for every use-case, but this flexibility is a large part of why I use it in my infra (nad have been using it for a decade).
Traefik + CrowdSec + Authelia ftw
Traefik gang here 👊 !
But only because it works so easily with docker !! I remember a time where I though that you need a diploma and read/learn/understand a 10000 page dictionary to make nginx work properly.
Also hated the syntax of nginx… It can look so ugly and gibberish :/.
But I do believe Nginx is superior and more mature in many more aspects than Treafik. Still, Traefik is a breeze and is in IMO way easier to configure with docker than Nginx.
I use Traefik as my main reverse proxy as well for the same reason—container niceties. But then I actually also use nginx… inside container images, like for containers that just serve static files for example.
Use the right tool for the job!
Yeah it’s Traefik for me as well! Heavy docker user, of course - it’s nice just tossing some labels into my Portainer stacks and letting Traefik figure it out. If I wasn’t so invested with containers I’d be using nginx.
I used to use traefik back when it was new and less complex and the 2.0 complexity forced my hand to drop it for my homelab.
Honest question: why not use nginx?
I have run it in so many different scenarios, both professionally and personally, its crazy. Nginx has never failed me, literally. My homeserver is quite limited but nginx has a very small footprint, it performs beautifully well and it satisfies all my hosting, proxying, redirecting and streaming needs.
It works for modern and legacy applications, custom code, webhosting, supports all the modern features and its configuration is very easy with literal thousandsof examples available online.
Apache probably can do all that but I hate how unintuitive its configuration is to me personally. HAproxy cant do half the stuff nginx does.
As for caddy Ive heard of it but never really used it. What does it offer that nginx doesnt?
The only time I use caddy is to serve static files… I then put a nginx proxy in front of it to expose it lol
Automatic HTTPS, you don’t have to use certbot or something similar to get/renew certificates. Also, its configuration is really simple and straight forward.
Thank you for your reply!
Personally I am fine with nginx configuration, at least when using containers. The syntax is fine and all I need to do is map one file into the container
But I took a look at the automatic cert feature and wow, that is very, very nice. I may give caddy a try for this feature only - it would simplify my current setup.
I am also surprised it allows using HTTPS over port 443 for cert renewal. I didnt even know this was possible, so I was always stuck with DNS challanges.
So again, thanks for your reply!
It’s easy to use, reliable, and doubles as a webserver so I only need one software to host my websites and also do the reverse proxying to the other webservices.
NGINX can really do a lot of things out of the box while being pretty easy to configure. NGINX can serve static files, it can proxy emails, it can do FastCGI, it can do UWSGI, it can do HTTP proxying, you can run Lua code inside NGINX to do things, there’s a module for RTMP live streaming. You can also implement some stuff like external authentication to protect your services/authenticate them at the proxy level. It can also do caching. Not all that useful with all those Rust and Go apps with their own built-in web server but if you run large legacy apps at scale it’s great, you can offload a lot of stuff away from your slow ass PHP app.
Caddy’s simpler but the current battle tested popular option is NGINX.
HAproxy is good at what it does but it’s only good at proxying and simple rules. For the most part, it’s used as a load balancer and router and doesn’t really process the requests itself. It can alter some things in it but it’s limited, and it only does HTTP and TCP. So you can’t really run PHP or Python or Ruby or whatever applications directly behind HAproxy. That makes NGINX a better choice there because NGINX deals with HTTP and only passes the request details to the application which doesn’t have to do HTTP on its own. I usually see HAproxy load balancing to NGINX hosts with some PHP/Python/Ruby app behind them.
Apache is old. It’s gotten better but the way it works just doesn’t reflect most modern use cases. I remember when NGINX popped off like 15 years ago and just how much more resource efficient it was and how happy I was with the upgrade. So it exists and still works but not very popular anymore. It’s a bit easier to set up but also a bit weird with things like mod_php which runs directly inside Apache instead of a dedicated user that can be better sandboxed.
Traefik is getting traction in big part because it fits well with the Docker ecosystem and just sets itself up automatically.
There’s also Envoy if you want some serious proxying and meshing but setting that one up is truely headache inducing.
They’re all pretty good web servers regardless, it comes down to preference. There’s no right choice because everyone’s needs are different.
Not sure why you say haproxy can’t serve python. I do it all the time. You just use something like python waitress and then point haproxy to it’s port.
It depends on what you use on the Python side. Classically that would have been uWSGI or one of the *SGI interfaces, and lately ASGI.
Sure, one can totally make Python apps that serve HTTP directly. The same can be done with PHP (and Ruby and others) as well, but most people still run their PHP through PHP-FPM over FastCGI because you can offload a lot of the work to the much faster NGINX side. A fair amount of apps make use of
X-Accel-Redirectto serve private files, so you don’t tie up a PHP worker for an hour serving the user’s 2GB file.But yes, as those languages all move to async computing and away from worker pools, it’s more common to see those serve HTTP directly, and there’s less and less need for a proxy that supports those other protocols. The async event loop is what made NGINX special when it came out, so naturally languages that moves to that model greatly reduce the need for that as well, they too can easily handle thousands of concurrent connections no problems. Plus these days people slap a CDN in front anyway so static file performance doesn’t matter quite as much.
Ye pretty much. I was just quite astounded at that statement as the AI Horde is basically just a lot of python processes behind a very low powered haproxy server.
Personally, I understand people like to stay with the familiar, which is perfectly fine for a non-demanding service, but when something becomes demanding, I find the haproxy specialization serves better. I wish lemmy deployment by default utilized haproxy myself.
It’s possible to write very complex rules/ACLs with HAproxy… stick-tables, ACLs with regexes on whatever HTTP header, source or destination ACLs, map files, geoblocking, lua scripting, load-balancing from round-robin to host header load balancing, dynamic backend servers provisionning through DNS… Not that you can’t do it with Nginx (it started as a reverse-proxy before becoming a jack of all trades), nor that nginx isn’t a great tool (it is!), but HAProxy can do very complex things too. It also follows the good ol’ UNIX philosophy of “one program to do one thing and do it well” and thus doesn’t try to be a webserver, hence why you need a webserver behind it to serve anything from static files to PHP/Python/whatever.
Traefik’s marketing as the “Docker reverse-proxy” put me off since I like technologies to stay agnostic of each other (personal preference).
Your arguments are correct, and usually I’d run a separate web server but I suppose for a homelab having less things to manage is great
Traefik does auto discovery and you can register different configuration providers. Don’t need docker? Then don’t use the docker label-based provider. It is really flexible and has sensible defaults. Other than a few quirks in the basic auth support I haven’t had any problems. And at work it powers our globally utilized infrastructure without any hiccups.
To add something here: HAProxy’s ACLs are more powerful than anything nginx, Apache or even Envoy can do. Of course HAProxy is not a web server but “just” a reverse proxy that speaks HTTP (and TCP) but what you can do with its ACLs is often extremely impressive in its simplicity and elegance. A single-line ACL in HAProxy would require loading additional modules in nginx and writing a screenful of configuration directives. Though the average self-hoster will probably never need any of the power HAProxy offers.
In the past 20 years I have professionally used all four of these as web servers and/or reverse proxies and I am pretty confident that HAProxy beats all others when it comes to request processing. Though Envoy might be getting there.
Having used HAProxy for 15 years commercially, I absolutely agree with this. There are lots of complex features of HAProxy that only a dedicated proxy can provide. The acls, deep packet inspection and stick tables are a few.
Whilst it doesn’t directly “serve” PHP or Python - it’s a load balancer so can just have regular Apache or nginx backends serving content which is arguably its main use case. For homelab this doesn’t always make sense but I would pick nginx for high traffic commercial environments.
Because everyone told me to
Nginx “just works™” had never got into the way, its been rock solid and has not changed significantly over the years.
Why would I need something else?
When NGINX showed up it beat the then dominant apache on resource utilzation hands-down.
It’s also very configurable and has a lot of modules, both in-house and third party.
The only downside for me: as of late the whole commercial part of the project has been gobbling up everything to shove the non-free version to the point where it’s hard to find info on the free version, e.g., the wiki page that lists all the third-party modules. The nginxtutorials site seems to be a good resource.
Btw one of the main devs forked it into freenginx:
Also, fun fact: this is probably the only instance of russian software muricans don’t cry Commie! all the time (maybe because the parent company was acquired).
I think a large factor is because so many people use it. A lot of people come to self hosting without much knowledge and just copy configs etc. from a Tutorial. Those tutorials will 90% of the time use Apache or nginx. I remember back when I set up my first servers I mostly followed instructions and copied configs. Years later I understood I had set up Apache with virtual hosts and what that means/how it works but it might as well just have been nginx.
As for why so many people use these two I think it also has to do with “adoption” in another way. Back before nginx Apache was the standard everything else was “different”. Then nginx appeared to solve the Problems of Apache and then there were 2 … These days you can probably do anything you want/need with the 2 servers so no reason to use anything else.
Professionaly I usually use either HAProxy and Apache or Nginx (or sometimes HAProxy and Nginx) but if there are special requirements that might change.
I came to MySQL and Apache because they were the backend for other services I wanted to start,. Later, when I wanted to build my own, I already had Apache running, so why would I add nginx? I did let other services add sqlite, but have (in most cases) figured out how to switch those to MySQL.
All of that has been running for 20 years. I’m sure it would be good for my dementia-risk to learn how to start ngnix and migrate all those services, but it’s far more attractive not to mess with what works.
@selfhosted @Findmysec what is the problem with nginx? 🤔
It’s pretty good, innit?
Why is their question, so why is it pretty good?
Nah, their question is why do so many people use it. And the answer is because it’s pretty good.
Innit?
You want to play this game?
I can create new posts all night long
Very helpful
Security
Caddy is good but it tried to do to much. This means that security bugs could be way more common. It has been audited by outside people and the issues they found were fixed but I am will very doubtful that it is secure yet
I think security is a fair point, given caddy’s younger age compared to nginx, but I wouldn’t say it tried to do too much.
nginx has more features and flexibility than haproxy, such as being a web server. If I wanted just a pure proxy, I’d use haproxy. Apache is primarily a web server, and a pain to configure.
Personally I use Traefik. Add it to docker-compose, set up LE certs, add a few lines to each container, and it Just Works. No extra config on Traefik itself.