Christian

Kildau

Network Engineer


Welcome to my little blog. I am mostly techie over here, blogging about networking and system administration topics, but there will also be some Travel Reports from time to time…

Nginx or Apache?

March 21, 2010Christian Kildau0 Comments

I recently discovered nginx when I was thinking about replacing apache2 as a reverse-proxy that adds ssl and authentication to my internal webserver. I finally chose nginx and it’s now running on my freshly installed OpenBSD 4.7 gateway. I chose nginx because of it’s straight-forward configuration syntax and because it has a much smaller codebase, which means it should run faster and has less security flaws. The documentation also is great. Plus nginx seems to be the rising star on the horizon of webservers Many large sites are already running it as their reverse-proxies/loadbalancers according to this article.

For me nginx runs much faster than apache2. Where apache2 gave about 14MBps for a single download session, nginx gives me 23MBps (It’s a slow Intel Atom machine). Here’s my configuration. But since the nginx docs are that good, you don’t need any how-tos! Just rtfm

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
user _nginx;
worker_processes  1;

events {
    worker_connections  1024;
}


http {
    sendfile        on;
    keepalive_timeout  65;
    gzip  on;
    access_log off;
    error_log off;
	server {
		listen 443 ;
		ssl on;
		server_name ext.example.org;
		ssl_certificate		ext.example.org.crt;
		ssl_certificate_key	ext.example.org.key;
		ssl_session_timeout	5m;
		ssl_protocols		SSLv3 TLSv1;
		
		location / {
			proxy_set_header X-Forwarded-Host $host;
			proxy_set_header X-Forwarded-Server $host;
			proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
			proxy_set_header X-Real-IP $remote_addr;
			proxy_pass http://int.example.org;
			auth_basic "int.example.org";
			auth_basic_user_file /etc/nginx/htpasswd;
		}
	}
}

I just love this thing. Maybe I’ll replace apache2 on my internal webserver, too.


Leave a Reply