Main Nav

Message from ahockett@warnerpacific.edu

Hello All,

 

I’m doing an in depth comparison to Nginx vs. Apache2 as a case study for moving towards using Nginx for our web servers and in doing so, I’ve hit the part where I believe some input from the group would be appreciated. 

 

Security.

 

I’m fairly well versed in locking down vHosts, .htaccess files, redirects, rewrites, etc. on Apache2 and I’m just learning some of the techniques found in Nginx to do the configuration in their “VCL” files.  What I’m curious about is what the “buzz” is around if Nginx  and if it sacrifices any security for the speed?  The context of this is obviously important  so let me flesh that out.  This would be running on:  Ubuntu 12.04 64-bit VM, 100GB HD space, 1GB RAM, MySQL, PHP5 w/ php5-gd, php5-curl, php5-xcache, php5-fpm (for FastCGI which by most tutorials listed as the BKM, I’ve changed it from a :9000 port listening to an actual .socks listing) Varnish reverse proxy, PHPMyAdmin, Webmin,Shorewall FW (using IP Tables) and of course Nginx running a Wordpress site.  As mentioned I have everything setup and running right now and it is able to handle an absurd amount of web traffic compared to an Apache2 install; numbers wise we’re talking 100 users max concurrent @ 5000 requests w/ Apache2 vs. 750+concurrent @ 5000 requests w/ Nginx. 

 

Anyways, just curious what people’s thoughts were on it.

 

Thanks.

-Aaron Hockett

Warner Pacific College

Network & Web Services Engineer

********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.

Comments

Message from ahockett@warnerpacific.edu

Hello All,

 

I’m doing an in depth comparison to Nginx vs. Apache2 as a case study for moving towards using Nginx for our web servers and in doing so, I’ve hit the part where I believe some input from the group would be appreciated. 

 

Security.

 

I’m fairly well versed in locking down vHosts, .htaccess files, redirects, rewrites, etc. on Apache2 and I’m just learning some of the techniques found in Nginx to do the configuration in their config files.  What I’m curious about is what the “buzz” is around if Nginx  and if it sacrifices any security for the speed?  The context of this is obviously important  so let me flesh that out.  This would be running on:  Ubuntu 12.04 64-bit VM, 100GB HD space, 1GB RAM, MySQL, PHP5 w/ php5-gd, php5-curl, php5-xcache, php5-fpm (for FastCGI which by most tutorials listed as the BKM, I’ve changed it from a :9000 port listening to an actual .socks listing) Varnish reverse proxy, PHPMyAdmin, Webmin,Shorewall FW (using IP Tables) and of course Nginx running a Wordpress site.  As mentioned I have everything setup and running right now and it is able to handle an absurd amount of web traffic compared to an Apache2 install; numbers wise we’re talking 100 users max concurrent @ 5000 requests w/ Apache2 vs. 750+concurrent @ 5000 requests w/ Nginx. 

 

Anyways, just curious what people’s thoughts were on it.

 

Thanks.

-Aaron Hockett

Warner Pacific College

Network & Web Services Engineer

 

Message from john.ladwig@so.mnscu.edu

I heard a recent interview with some of the OpenBSD principals that they’re considering nginx as a replacement for their forked version of Apache 1(.3?).

 

That suggests they think that the code is or can be made pretty secure, but doesn’t necessarily speak as much for configuration security and simplicity (though they do tend to make that a priority).  Also, the long pole in OpenBSD tends to be concerns over 2-term BSD-compatible licensing terms.

 

   -jml

 

 

Close
Close


Annual Conference
September 29–October 2
Register Now!

Events for all Levels and Interests

Whether you're looking for a conference to attend face-to-face to connect with peers, or for an online event for team professional development, see what's upcoming.

Close

Digital Badges
Member recognition effort
Earn yours >

Career Center


Leadership and Management Programs

EDUCAUSE Institute
Project Management

 

 

Jump Start Your Career Growth

Explore EDUCAUSE professional development opportunities that match your career aspirations and desired level of time investment through our interactive online guide.

 

Close
EDUCAUSE organizes its efforts around three IT Focus Areas

 

 

Join These Programs If Your Focus Is

Close

Get on the Higher Ed IT Map

Employees of EDUCAUSE member institutions and organizations are invited to create individual profiles.
 

 

Close

2014 Strategic Priorities

  • Building the Profession
  • IT as a Game Changer
  • Foundations


Learn More >

Uncommon Thinking for the Common Good™

EDUCAUSE is the foremost community of higher education IT leaders and professionals.