Educause Security Discussion mailing list archives
Re: Nginx vs. Apache2 for web service
From: John Ladwig <John.Ladwig () SO MNSCU EDU>
Date: Tue, 12 Jun 2012 16:20:27 +0000
I heard a recent interview with some of the OpenBSD principals that they're considering nginx as a replacement for their forked version of Apache 1(.3?). That suggests they think that the code is or can be made pretty secure, but doesn't necessarily speak as much for configuration security and simplicity (though they do tend to make that a priority). Also, the long pole in OpenBSD tends to be concerns over 2-term BSD-compatible licensing terms. -jml From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Aaron Hockett Sent: Tuesday, June 12, 2012 10:59 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Nginx vs. Apache2 for web service Hello All, I'm doing an in depth comparison to Nginx vs. Apache2 as a case study for moving towards using Nginx for our web servers and in doing so, I've hit the part where I believe some input from the group would be appreciated. Security. I'm fairly well versed in locking down vHosts, .htaccess files, redirects, rewrites, etc. on Apache2 and I'm just learning some of the techniques found in Nginx to do the configuration in their config files. What I'm curious about is what the "buzz" is around if Nginx and if it sacrifices any security for the speed? The context of this is obviously important so let me flesh that out. This would be running on: Ubuntu 12.04 64-bit VM, 100GB HD space, 1GB RAM, MySQL, PHP5 w/ php5-gd, php5-curl, php5-xcache, php5-fpm (for FastCGI which by most tutorials listed as the BKM, I've changed it from a :9000 port listening to an actual .socks listing) Varnish reverse proxy, PHPMyAdmin, Webmin,Shorewall FW (using IP Tables) and of course Nginx running a Wordpress site. As mentioned I have everything setup and running right now and it is able to handle an absurd amount of web traffic compared to an Apache2 install; numbers wise we're talking 100 users max concurrent @ 5000 requests w/ Apache2 vs. 750+concurrent @ 5000 requests w/ Nginx. Anyways, just curious what people's thoughts were on it. Thanks. -Aaron Hockett Warner Pacific College Network & Web Services Engineer
Current thread:
- Nginx vs. Apache2 for web service Aaron Hockett (Jun 12)
- Re: Nginx vs. Apache2 for web service John Ladwig (Jun 12)
- security management techniques David Pirolo (Jun 14)
- Re: security management techniques Stephen C. Gay (Jun 14)
- Re: security management techniques Dan Sarazen (Jun 14)
- Re: security management techniques Wright, A J (A. J.) (Jun 14)
- Re: security management techniques Dan Sarazen (Jun 14)
- Re: security management techniques Wright, A J (A. J.) (Jun 14)
- Re: security management techniques Carlos Lobato (Jun 14)
- security management techniques David Pirolo (Jun 14)
- Re: Nginx vs. Apache2 for web service John Ladwig (Jun 12)
- Re: security management techniques Shawn Kohrman (Jun 14)
- Re: security management techniques Tammy Lynn Clark (Jun 14)
- Re: security management techniques David Pirolo (Jun 14)