What Is Nginx and How Can It Improve the Performance and Security of Your App?
Nginx (pronounced “engine-x”) is an open source software that was initially designed as a high-performance web server. Today, Nginx can fulfil several additional tasks, including server-side caching, reverse proxying, load balancing, security, and more.
Although Nginx is still second to the more traditional Apache server in terms of the total number of websites served, statistics focused specifically on high-traffic sites and apps show an entirely different picture. Where performance is essential, Nginx is preferred more than 60% of the times, and for good reason.
Keep reading to find out why massive websites like Netflix, Dropbox, and Zynga use Nginx.
Nginx as a Web Server
To understand why Nginx is a superior web server in terms of performance, let’s compare it to its most notable competitor, Apache.
Whenever your website is accessed from a browser, the web server hosting your site has to carry out several tasks before the visitor can view your content. To give you just a couple of examples, the client’s request must be processed and the right files must be fetched from storage before they can be delivered.
With Apache, a thread is opened for every such request. For instance, the server might tell the operating system to fetch and open a certain file, but while this is being carried out, the thread is blocked from other tasks. For the duration of several milliseconds, the CPU is no longer used and the resources allocated to the thread are redistributed. If all threads are blocked (as in waiting for a command to be completed), the CPU is idle.
This is not necessarily a problem when dozens or even hundreds of requests are made at a time, but it becomes a problem when the web server tries to address tens of thousands of concurrent requests. It’s not just that the threads are blocked, but also that whenever Apache blocks or unblocks a thread, it has to reallocate CPU resources (referred to as context switching), which takes even more time.
Nginx was first designed as an elegant solution to the C10K problem, which described the fact that, back in 1999, no server could handle over 10,000 concurrent connections. How did Nginx resolve this issue? It switched to an event-based model.
Nginx doesn’t open a thread for every request. Instead, it groups thousands of connections under a single thread and typically runs each thread on a separate CPU core. In addition, Nginx is asynchronous, which means that it can execute several requests at a time without blocking other requests.
Instead of waiting for each task to be carried out before moving on to the next (like Apache), Nginx asks the operating system to do stuff (such as retrieve files) while it continues to perform any processing required. A single thread servers thousands of concurrent requests, so very little context switching occurs overall.
The result is not only that Nginx is faster than Apache. The web server is also more stable and has the capacity to serve up to five times more files using the same hardware.
Nginx as a Reverse Proxy, Load Balancer, and Caching Tool
As Nginx grew, its developers have added several new features to the initial software. For example, some web hosts currently use Apache servers, but combine the latter with Nginx, which functions as a reverse proxy for enhanced security and speed.
A reverse proxy acts as an intermediary between client requests and the backend servers. Its job is to receive incoming traffic, which frees backend server resources for other tasks, such as accessing files and running app code.
The Nginx load balancer operates on a reverse proxy server and acts as a “traffic cop” that receives, processes, and redistributes client requests to a backend server. This is not done randomly, but rather through several algorithms that help the balancer choose the backend server most likely to deliver the fastest response.
The reverse proxy server is also a prerequisite for Nginx’s server-side caching, whereby static files are cached on the proxy and sent directly to the client when this is appropriate. As a result, backend servers no longer have to deal with the request and the additional spare resources ultimately translate into improved performance.
Using Nginx’s reverse proxy server is not only a great way to improve the performance of your website or app, but also a necessary protection measure. Since the proxy server intercepts all requests aimed at your backend servers, it can secure their identities, ensure anonymity, and provide an extra layer of protection against a variety of attacks.
In addition, you can use the Ngnix WAF (web application firewall) to further improve the security of your servers. The Nginx WAF is based on the widely used ModSecurity software and can protect your applications against all Layer 7 attacks. These include SQL injection, Local File Include, and cross-site scripting, but also HTTP protocol violations, Remote File Include, and cross-site request forgery.
As an added precaution, the firewall blocks all incoming traffic from known malicious IP addresses using the Project Honey Pot database. IP addresses are looked up in real time, but search results are cached every 24 hours for improved performance.
Even if you have expert knowledge of web servers, switching to Nginx can be a time-consuming endeavor. Nevertheless, current trends show that Nginx is a software that will only get bigger and better in time, which means that the process of becoming familiar with its core features is certainly worth the effort.
To help you hone your DevOps skills or just make the most of your Nginx server setup, the company puts a set of paid courses at your disposal. The topics covered include:
- Nginx Core – an eight-hour course that provides the basic knowledge you need to configure and administer Nginx using best practices.
- Nginx Load Balancing – a four-hour course that teaches you how to properly use Nginx as a load balancer.
- Nginx Caching – a four-hour course that focuses on how caching can help you improve the performance of your website or app.
- Nginx Controller – an eight-hour course that teaches you how to install and use Nginx Controller, a deployment platform for app development teams.
- Nginx Security – an eight-hour course that takes an in-depth approach to the security features included in Nginx Plus.
Nginx hasn’t been around as long as Apache and this sometimes shows in the fact that useful guides and tutorials for it are not readily available. With Nginx training, however, you get all the information you need to correctly setup and manage your servers while taking advantage of the software’s enhanced performance capabilities.
At the end of the day, there’s no good reason not to go with Nginx (over Apache, for example), especially if you need top server performance for your project.