Several years ago I tried an introduction to nginx, to see whether this alternative to Apache offered any advantages. At the time I wasn’t convinced, particularly as nginx had some major limitations such as a lack of support for dynamic modules. Certainly the advantages didn’t outweigh the downsides and the time it would take me to learn another piece of software. Apache was doing a reasonable job and there was no pressing reason to migrate.
Recently though I’ve been setting up new servers and decided that this was an opportunity to try nginx again. A lot has changed in three years, and the nginx developers have now addressed some of the issues I experienced, including adding support for dynamic modules.
I still encountered some issues, mostly around enabling TLS support:
- The default for Diffie-Hellman key exchange is 1024 bits, whereas a minimum of 2048 bits is recommended. Easily fixed by generating a new file (using
- Telling nginx to listen on port 443 doesn’t make HTTPS work by itself. You have to state
listen 443 sslinstead.
- Using PHP-FPM instead of mod_php meant I had to specify some extra configuration options, although for the most part I could simply include a file which ships with nginx.
None of these issues were particularly difficult to work around, and now that I’m aware of them any future nginx installations will be easier. Effectively things which were enabled by default in Apache, and therefore I had taken for granted, needed to be explicitly configured in nginx.
On the plus side, the following things were much easier than their Apache equivalent:
- Redirecting from HTTP to HTTPS is as simple as:
return 301 https://$host$request_uri;
- Configuration files are much cleaner as they don’t have XML-like tags.
- nginx appears to use less RAM and CPU, although I haven’t performed extensive benchmarking to confirm this and quantify the difference.
Overall, once I had got my head around the differences in configuration, nginx is an improvement over Apache. I don’t think I’ll be replacing Apache on all my existing infrastructure, but I will be using it for all new deployments.