I see so many posts and people who run NGINX as their reverse proxy. Why though? There’s HAProxy and Apache, with Caddy being a simpler option.

If you’re starting from scratch, why did you pick/are you picking NGINX over the others?

  • MangoPenguin
    link
    fedilink
    English
    arrow-up
    54
    ·
    5 months ago

    It just works and it’s in every distros default repo, it’s pretty easy to set up and can be a webserver for static files, PHP sites, etc… It can be a reverse proxy for HTTP(s) traffic or just forward TCP/UDP.

    There’s also endless documentation out there for how to do something in nginx.

    HAProxy is a nightmare to use in my experience. It just feels so clunky and old.

    Caddy is nice, but downloading and updating it is a pain because you need modules that aren’t included in the repo version.

    • ____@infosec.pub
      link
      fedilink
      English
      arrow-up
      13
      ·
      5 months ago

      Right there with you on “just works,” as well as the simple fact that the config snippets you need are readily available - either in the repo of whatever you’re putting behind the proxy, or elsewhere on the internet.

      I consistently keep in mind that it’s ultimately an RU product, of course. But since it’s open source and changes relatively infrequently, that’s mitigated to a large degree from where I sit.

      Nothing against Caddy, though Apache gets heavy quickly from a maintenance standpoint, IMHO. But nginx has been my go to for many, many years per the above. It drops into oddball environments without having to rip and tear existing systems out by the roots, and it doesn’t care what’s behind it.

      Ages ago, I had a Tomcat app that happened to be supported indirectly by an embedded Jetty (?) app that didn’t properly support SSL certs in a sane way on its own.

      That was just fine to nginx and certbot, the little-but-important Jetty app just lived off to the side and functionally didn’t matter because with nginx and certbot, nothing else gave a crap - including the browser clients and the arcane build system that depended on that random Jetty app.