Difference between revisions of "Nginx"
(NGiNX uses an asynchronous event-driven approach) |
|||
| Line 1: | Line 1: | ||
| − | NGiNX by all accounts is much more efficient than Apache, so we will probably start changing the OD server, and our [[install a new server|server installation procedure]] over to NGiNX. | + | NGiNX by all accounts is much more efficient than Apache, so we will probably start changing the OD server, and our [[install a new server|server installation procedure]] over to NGiNX. Currently (as of June 2013) we're running both Apache and NGiNX with the former on ports 80 and 443 and the latter on 8080 and 8989. This way I can get the entire file structure of all sites running properly on NGiNX without any change to the live sites on the standard ports. When everything is working I can switch NGiNX over to the standard ports and then stop Apache and eventually un-install it completely if NGiNX works out well. |
| − | + | NGiNX uses an asynchronous event-driven approach to handling requests, instead of the Apache model that defaults to a threaded or process-oriented approach. NGiNX's event-driven approach can provide more predictable performance under high loads. | |
| − | |||
| − | + | Another reason we're moving over to NGiNX is due to the recent interest in [[w:Perfect forward secrecy|Perfect forward secrecy]] (PFS) coming from articles such as [http://news.netcraft.com/archives/2013/06/25/ssl-intercepted-today-decrypted-tomorrow.html this]. PFS is an obscure feature of SSL/TLS and requires at least OpenSSL version 1 and Apache version 2.3.3, but NGiNX has supported it for quite some time now. | |
| − | |||
| − | |||
| − | |||
| − | + | == Installation == | |
| − | + | All our local installation documentation is in the [[install a new server]] procedure. The [[install a new server#selecting a good set of ciphers|selecting a good set of ciphers]] section covers more detail about the perfect forward secrecy issues and installation. | |
| − | == | ||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
== See also == | == See also == | ||
Revision as of 02:52, 28 June 2013
NGiNX by all accounts is much more efficient than Apache, so we will probably start changing the OD server, and our server installation procedure over to NGiNX. Currently (as of June 2013) we're running both Apache and NGiNX with the former on ports 80 and 443 and the latter on 8080 and 8989. This way I can get the entire file structure of all sites running properly on NGiNX without any change to the live sites on the standard ports. When everything is working I can switch NGiNX over to the standard ports and then stop Apache and eventually un-install it completely if NGiNX works out well.
NGiNX uses an asynchronous event-driven approach to handling requests, instead of the Apache model that defaults to a threaded or process-oriented approach. NGiNX's event-driven approach can provide more predictable performance under high loads.
Another reason we're moving over to NGiNX is due to the recent interest in Perfect forward secrecy (PFS) coming from articles such as this. PFS is an obscure feature of SSL/TLS and requires at least OpenSSL version 1 and Apache version 2.3.3, but NGiNX has supported it for quite some time now.
Installation
All our local installation documentation is in the install a new server procedure. The selecting a good set of ciphers section covers more detail about the perfect forward secrecy issues and installation.
