Christian

Kildau

Network & Systems Architect


Welcome to my little blog. I am mostly techie over here, blogging about networking and system administration topics, but there will also be some Travel Reports from time to time…

Nginx or Apache?

March 21, 2010Christian Kildau0 Comments

I recently discovered nginx when I was thinking about replacing apache2 as a reverse-proxy that adds ssl and authentication to my internal webserver. I finally chose nginx and it’s now running on my freshly installed OpenBSD 4.7 gateway. I chose nginx because of it’s straight-forward configuration syntax and because it has a much smaller codebase, which means it should run faster and has less security flaws. The documentation also is great. Plus nginx seems to be the rising star on the horizon of webservers Many large sites are already running it as their reverse-proxies/loadbalancers according to this article.

For me nginx runs much faster than apache2. Where apache2 gave about 14MBps for a single download session, nginx gives me 23MBps (It’s a slow Intel Atom machine). Here’s my configuration. But since the nginx docs are that good, you don’t need any how-tos! Just rtfm

user _nginx;
worker_processes  1;

events {
    worker_connections  1024;
}


http {
    sendfile        on;
    keepalive_timeout  65;
    gzip  on;
    access_log off;
    error_log off;
    server {
        listen 443 ;
        ssl on;
        server_name ext.example.org;
        ssl_certificate     ext.example.org.crt;
        ssl_certificate_key ext.example.org.key;
        ssl_session_timeout 5m;
        ssl_protocols       SSLv3 TLSv1;
        
        location / {
            proxy_set_header X-Forwarded-Host $host;
            proxy_set_header X-Forwarded-Server $host;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_pass http://int.example.org;
            auth_basic "int.example.org";
            auth_basic_user_file /etc/nginx/htpasswd;
        }
    }
}


I just love this thing. Maybe I’ll replace apache2 on my internal webserver, too.


Leave a Reply

By continuing to use the site, you agree to the use of cookies. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.

Close