this post was submitted on 26 Jul 2024
162 points (94.0% liked)

Selfhosted

40347 readers
304 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 1 year ago
MODERATORS
 

I see so many posts and people who run NGINX as their reverse proxy. Why though? There's HAProxy and Apache, with Caddy being a simpler option.

If you're starting from scratch, why did you pick/are you picking NGINX over the others?

you are viewing a single comment's thread
view the rest of the comments
[–] Max_P@lemmy.max-p.me 33 points 4 months ago (8 children)

NGINX can really do a lot of things out of the box while being pretty easy to configure. NGINX can serve static files, it can proxy emails, it can do FastCGI, it can do UWSGI, it can do HTTP proxying, you can run Lua code inside NGINX to do things, there's a module for RTMP live streaming. You can also implement some stuff like external authentication to protect your services/authenticate them at the proxy level. It can also do caching. Not all that useful with all those Rust and Go apps with their own built-in web server but if you run large legacy apps at scale it's great, you can offload a lot of stuff away from your slow ass PHP app.

Caddy's simpler but the current battle tested popular option is NGINX.

HAproxy is good at what it does but it's only good at proxying and simple rules. For the most part, it's used as a load balancer and router and doesn't really process the requests itself. It can alter some things in it but it's limited, and it only does HTTP and TCP. So you can't really run PHP or Python or Ruby or whatever applications directly behind HAproxy. That makes NGINX a better choice there because NGINX deals with HTTP and only passes the request details to the application which doesn't have to do HTTP on its own. I usually see HAproxy load balancing to NGINX hosts with some PHP/Python/Ruby app behind them.

Apache is old. It's gotten better but the way it works just doesn't reflect most modern use cases. I remember when NGINX popped off like 15 years ago and just how much more resource efficient it was and how happy I was with the upgrade. So it exists and still works but not very popular anymore. It's a bit easier to set up but also a bit weird with things like mod_php which runs directly inside Apache instead of a dedicated user that can be better sandboxed.

Traefik is getting traction in big part because it fits well with the Docker ecosystem and just sets itself up automatically.

There's also Envoy if you want some serious proxying and meshing but setting that one up is truely headache inducing.

They're all pretty good web servers regardless, it comes down to preference. There's no right choice because everyone's needs are different.

[–] Findmysec@infosec.pub 2 points 4 months ago (1 children)

Traefik's marketing as the "Docker reverse-proxy" put me off since I like technologies to stay agnostic of each other (personal preference).

Your arguments are correct, and usually I'd run a separate web server but I suppose for a homelab having less things to manage is great

[–] bmarinov@lemmy.world 1 points 4 months ago

Traefik does auto discovery and you can register different configuration providers. Don't need docker? Then don't use the docker label-based provider. It is really flexible and has sensible defaults. Other than a few quirks in the basic auth support I haven't had any problems. And at work it powers our globally utilized infrastructure without any hiccups.

load more comments (6 replies)