Switch to Nginx over Apache2 #2414
Comments
|
I'm totally on-board with swapping out Apache for Nginx. The big elephant in the room is the deployment story for existing installations - we'd want to try and include the swap the same time we require manual intervention for administrators. Perhaps, the same time we push out a Ubuntu 16.04 upgrade story ( #1530 ) ? We'd also have to match the functionality of the apparmor rules we are using for apache. |
|
Good idea. I agree that swapping this out shouldn't (and probably can't) be automatic, so lining it up with the Xenial upgrade would reduce the number of times we have to bother admins with running playbooks manually. |
|
Agreed with @msheiny. The transition from Apache -> Nginx is further complicated by the fact that we don't have a good configuration migration story (#1966). We should be able to handle most of the necessary config munging in postinst scripts, but will require extensive testing. Agreed that the Xenial migration is a good time to get it done. |
|
We missed the chance to do this for both Xenial and Focal, will try to catch it next time :) |
Feature request
Description
We should switch the webserver from Apache2 to Nginx.
Nginx has fewer CVEs than Apache2. Compare the two CVE summaries for the two webservers
This is echoed by this comment.
We also embed application logic in to the Apache2 configs at present.
This should be handled by the app, and the server should be a dumb proxy that only adds the security headers.
I also find the Apache config format ghastly in comparison to the Nginx format.
Additionally, if we want to support HTTP/2 to help with page load times (#1152), we'd have to add another mod to Apache. I don't particularly like this pattern.
Further related: #1389.
What I'd like to see (especially from the ops folks) is reasons why we should keep Apache2 to counter this (apart from "we already use it").
The text was updated successfully, but these errors were encountered: