Nginx by default on Shared Hosting

I would love to see nginx by default on Shared Hosting.

How it would Work?

When someone add a new domain, like in the VPS, it would be possible to see nginx and apache2.

If someone chooses Apache2, or if there’s already other Apache2 sites on the server, the vhost at nginx would proxy pass to Apache2 in a different port, like 81 or 8080. It would not break anything if nginx is enabled by default.

If someone choose nginx, a normal vhost is created and a include pointing to /home/username/nginx/ file is added to the vhost file so the users could manipulate their vhost directives without root access.

What do you guys think about it? (:

By default? Definitely not. nginx is not a drop-in replacement for Apache, and does not support many of the features that our customers expect to have available, including, .htaccess files and mod_rewrite syntax.

As an option? Highly unlikely, sorry. As a general rule, we don’t allow persistent server processes on shared hosting; allowing nginx as a special case would be kind of inconsistent. (There are also a number of rather difficult security issues that would have to be resolved to make this viable.)

Apache2 doesn’t fit the “persistent server processes”?Which difficult security issues?

We run a shared Apache server as part of our shared hosting infrastructure. An nginx server, by its nature, would have to be run separately for each user. (For a variety of reasons, including: there’s no “official” way to get per-user configuration, nor any way to make it pick up configuration changes without a restart, and a bad configuration file will make it fail to start up.)

As far as security issues go, some of the details would depend on the specific implementation, but in short, it would be very difficult to prevent users from tampering with nginx servers run by other users on the same shared server.

Please excuse me for presuming but I come across a fair amount of clients who ask for NGINX because they’re under the impression it provides better performance over Apache. You’ll see many “cases” bought forward but they only compare the default set ups of NGINX php-fpm vs Apache using mod_php. There are other ways to configure Apache which can surpass NGINX’s performance by simply doing the following:

  1. turn off .htaccess files by setting “AllowOverride None” in Apache config
  2. run Apache 2.4 using the event MPM and proxypass php-fpm

Result? NGINX in the rear view.

@Andrew F: I don’t think you should do this either but what he’s suggesting is running NGINX for static content and Apache for dynamic using proxy pass so it’s completely safe. It’s a good model and can reduce resource consumption and in some ways increase performance because NGINX is faster at serving static content than Apache 2.2 is.

The configuration you’re describing is totally viable, and is in fact quite similar to something we considered for our nginx implementation on DreamHost VPS. The problem, as always, is in the details.

See, Apache gives users a lot of flexibility in how they can configure their sites. mod_rewrite, directory aliases, and a number of other Apache features can all conspire to make it very difficult, or even impossible, for a front-end server like nginx to figure out where to serve files from. Worse, such a configuration could potentially end up bypassing security measures set up in .htaccess files, like password protection, IP blocks, or “Deny from all”.

For a carefully architected application designed with this architecture in mind, a reverse proxy setup like this would be no problem. Experience, however, has taught us that some of our customers’ applications are often… less than that.

In any case, the performance advantages of nginx are generally not relevant to sites running on shared hosting. If your site is busy enough that you feel that Apache is holding you back, your site should probably be on a VPS or dedicated server.