Re: [users@httpd] Is it true that Nginx is faster, more secure and better than Apache?

2023-10-04 Thread Daniel Gruno 

On 2023-10-04 14:01, Antony Stone wrote:

On Wednesday 04 October 2023 at 20:48:19, Jason Long wrote:


Hello,Thanks again.Why has Apache Foundation never tested Apache
performance with Nginx?


I am not affiliated with the Apache Foundation in any way, but I would guess
that the primary reason is that one can make statistics say almost whatever
one wants them to, simply by selecting the data or analysis which supports the
desired outcome.  Therefore nobody is going to trust numbers put out either by
the Apache Foundation, or by Nginx, showing how they compare against the
competition.  I'm not saying that either of these organisations would be
lying, but they'd be expected to choose the tests and scenarios which show
them up in the most favourable comparative light possible.

A secondary reason is that one person's use of a web server is not the same as
another's, so any benchmarks showing Apache vs. Nginx would be idealistic and
almost certainly not what any specific real-world implementation would achieve.

Suppose you wanted to compare two makes of cars to find out which is "faster,
more secure and better" (to quote from the subject line of your email).  Would
you want such a comparison to be done by manufacturer A, manufacturer B, or an
independent third party?  No matter who it's done by, does their definition of
"better" match with yours (assuming you're a potential purchaser of one of the
cars)?


The more official, canonical reason is that NGINX is a commercial 
company making an "open core" product, while the ASF is a non-profit.


The ASF cannot and does not want to compete with other products or 
companies. It is not our mission, and we frankly do not care about 
market shares or the likes. We are volunteers working on making a free 
piece of software that can be used by whomever wants to use it.





Antony.




-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Is it true that Nginx is faster, more secure and better than Apache?

2023-10-04 Thread Antony Stone 
On Wednesday 04 October 2023 at 20:48:19, Jason Long wrote:

> Hello,Thanks again.Why has Apache Foundation never tested Apache
> performance with Nginx?

I am not affiliated with the Apache Foundation in any way, but I would guess 
that the primary reason is that one can make statistics say almost whatever 
one wants them to, simply by selecting the data or analysis which supports the 
desired outcome.  Therefore nobody is going to trust numbers put out either by 
the Apache Foundation, or by Nginx, showing how they compare against the 
competition.  I'm not saying that either of these organisations would be 
lying, but they'd be expected to choose the tests and scenarios which show 
them up in the most favourable comparative light possible.

A secondary reason is that one person's use of a web server is not the same as 
another's, so any benchmarks showing Apache vs. Nginx would be idealistic and 
almost certainly not what any specific real-world implementation would achieve.

Suppose you wanted to compare two makes of cars to find out which is "faster, 
more secure and better" (to quote from the subject line of your email).  Would 
you want such a comparison to be done by manufacturer A, manufacturer B, or an 
independent third party?  No matter who it's done by, does their definition of 
"better" match with yours (assuming you're a potential purchaser of one of the 
cars)?


Antony.

-- 
The Free Software Foundation was formed on this day in 1985
https://www.fsf.org

   Please reply to the list;
 please *don't* CC me.

-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

RE: [users@httpd] Is it true that Nginx is faster, more secure and better than Apache?

2023-10-04 Thread Marc 
I know that with nginx you can't configure your chain certificate separately, 
super annoying.

> 
> Hello,
> Thanks again.
> Why has Apache Foundation never tested Apache performance with Nginx?
> 
> 
> 
> 
>   On Sat, Sep 30, 2023 at 12:00 PM, Frank Gingras
>wrote:
>   There might be some online, however, due to the different
> architectures, they are not likely to be terribly useful. Do avoid the ones
> that bash needlessly either product.
> 
>   On Sat, Sep 30, 2023 at 3:09 AM Jason Long
>  wrote:
> 
> 
>   Hello,
>   Thank you so much for your info.
>   Why are they trollish? I am curious to learn more.
>   Is there a fair comparison between Apache and Nginx?
> 
> 
> 
>   On Saturday, September 30, 2023 at 10:35:12 AM GMT+3:30, Frank
> Gingras mailto:thu...@apache.org> > wrote:
> 
> 
> 
> 
> 
>   Additionally, your recent string of questions to this mailing
> list come off as a bit trollish.
> 
>   On Sat, Sep 30, 2023 at 3:04 AM Frank Gingras   > wrote:
>   > If any of the mod_php extensions are not thread-safe, you will
> need to use the prefork mpm, which will indeed bloat every httpd worker.
> This is not the ideal nor recommended configuration.
>   >
>   > Instead, use the event mpm and proxy_fcgi to pass the request
> to php-fpm.
>   >
>   > Alternatively, you can recompile php to be thread-safe and use
> event mpm with mod_php, which will give you a small execution speed
> advantage.
>   >
>   > The statement you posted is more or less FUD which leaves out
> very important details.
>   >
>   > On Sat, Sep 30, 2023 at 2:56 AM Jason Long
>  wrote:
>   >> Hello,
>   >> Is the following sentence correct?
>   >> "The way Apache loads PHP in its standard setup (with
> mod_php) compared to Nginx alone puts it at a disadvantage. You will see
> performance gains, particularly in memory usage, just by switching to
> Nginx, given you're using a PHP-driven application."
>   >>
>   >> Thank you.
>   >>
>   >> -
> 
>   >> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> 
>   >> For additional commands, e-mail: users-h...@httpd.apache.org
> 
>   >>
>   >>
>   >
> 
> 
>   
> -
>   To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> 
>   For additional commands, e-mail: users-h...@httpd.apache.org
> 
> 
>

Re: [users@httpd] Is it true that Nginx is faster, more secure and better than Apache?

2023-10-04 Thread Jason Long 
Hello,Thanks again.Why has Apache Foundation never tested Apache performance 
with Nginx?

 
 
  On Sat, Sep 30, 2023 at 12:00 PM, Frank Gingras wrote:   
There might be some online, however, due to the different architectures, they 
are not likely to be terribly useful. Do avoid the ones that bash needlessly 
either product.
On Sat, Sep 30, 2023 at 3:09 AM Jason Long  wrote:

Hello,
Thank you so much for your info.
Why are they trollish? I am curious to learn more.
Is there a fair comparison between Apache and Nginx?



On Saturday, September 30, 2023 at 10:35:12 AM GMT+3:30, Frank Gingras 
 wrote: 





Additionally, your recent string of questions to this mailing list come off as 
a bit trollish.

On Sat, Sep 30, 2023 at 3:04 AM Frank Gingras  wrote:
> If any of the mod_php extensions are not thread-safe, you will need to use 
> the prefork mpm, which will indeed bloat every httpd worker. This is not the 
> ideal nor recommended configuration.
> 
> Instead, use the event mpm and proxy_fcgi to pass the request to php-fpm.
> 
> Alternatively, you can recompile php to be thread-safe and use event mpm with 
> mod_php, which will give you a small execution speed advantage.
> 
> The statement you posted is more or less FUD which leaves out very important 
> details.
> 
> On Sat, Sep 30, 2023 at 2:56 AM Jason Long  
> wrote:
>> Hello,
>> Is the following sentence correct?
>> "The way Apache loads PHP in its standard setup (with mod_php) compared to 
>> Nginx alone puts it at a disadvantage. You will see performance gains, 
>> particularly in memory usage, just by switching to Nginx, given you're using 
>> a PHP-driven application."
>> 
>> Thank you.
>> 
>> -
>> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
>> For additional commands, e-mail: users-h...@httpd.apache.org
>> 
>> 
> 


-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Is it true that Nginx is faster, more secure and better than Apache?

2023-10-04 Thread Jason Long 
Hello,Thank you so much for your reply.Is the following sentence correct?

"If you did make mod_php thread safe, it wouldn’t change the fact that you’re 
going to blow up your memory usage as Apache will load PHP into every single 
worker process that spins up."

 
 
  On Sun, Oct 1, 2023 at 12:26 PM, Deepak Goel wrote:   

On Sat, 30 Sept 2023, 12:26 Jason Long,  wrote:

Hello,
Is the following sentence correct?
"The way Apache loads PHP in its standard setup (with mod_php) compared to 
Nginx alone puts it at a disadvantage. You will see performance gains, 
particularly in memory usage, just by switching to Nginx, given you're using a 
PHP-driven application."


You will have to performance benchmark both Apache, Nginx to make a statement.
We use Apache with PHP.


Thank you.

-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] proxying SSL -> SSL

2023-10-04 Thread Frank Gingras 
First, do not define vhosts as :PORT, but rather either *:443 or
IP:443.

Secondly, to proxy from TLS to TLS, you need both SSLEngine on and
SSLProxyEngine on.

Avoid proxying from a  block, unless strictly necessary. Use the
vhost context. You can use the Location block to set headers instead.

Lastly, your TLS vhost requires SSLCertificateFile and
SSLCertificateKeyFile.

On Wed, Oct 4, 2023 at 7:38 AM lejeczek  wrote:

>
>
> On 04/10/2023 10:40, lejeczek wrote:
>
> Hi guys.
>
> I've sroogled & have found people suggesting working examples, I thought I
> had some notes but now I'm thinking I read that it should not work..
> so I'm not sure what to think of this seemingly setup:
>
> 
>   ServerAdmin web...@lemko.xyz
>   ServerName siem.mine.priv
>
>   ErrorLog /var/log/httpd/siem.mine.priv-error_log
>   CustomLog /var/log/httpd/siem.mine.priv-access_log common
>
>   SSLProxyEngine on
>   #SSLEngine on
>   #SSLProxyVerify none
>   #SSLProxyCheckPeerCN off
>   SSLCertificateFile  /etc/pki/tls/certs/siem.mine.priv.crt
>   SSLCertificateKeyFile   /etc/pki/tls/private/siem.mine.priv.key
>   #SSLProxyCACertificateFile /etc/wazuh-indexer/certs/root-ca.pem
>   #SSLProxyMachineCertificateFile /etc/wazuh-indexer/certs/admin.pem
>
>   RequestHeader set X-Forwarded-Proto “https”
>   RequestHeader set X-Forwarded-Port “443”
>
>   ProxyRequests Off
>   #ProxyPreserveHost on
>   #ProxyPass /  https://127.0.0.1:8443/
>   #ProxyPassReverse  /  https://127.0.0.1:8443/
>
>   
> # preserve Host header to avoid cross-origin problems
> ProxyPreserveHost on
> # proxy to
> ProxyPass https://127.0.0.1:8443/
> ProxyPassReverse  https://127.0.0.1:8443/
>   
>
> 
>
> As you can see I've fiddle whit all those options in different
> combinations but nothing works for me.
> Would you know how to fix or... perhaps you have Apache rev-proxying to
> Wazuh?
>
> errors in log:
> 
> [Wed Oct 04 10:34:54.179364 2023] [proxy:error] [pid 1069029:tid 1069198]
> (20014)Internal error (specific information not available): [client
> 10.3.9.144:46858] AH01084: pass request body failed to 127.0.0.1:8443
> (127.0.0.1)
> [Wed Oct 04 10:34:54.179394 2023] [proxy:error] [pid 1069029:tid 1069198]
> [client 10.3.9.144:46858] AH00898: Error during SSL Handshake with remote
> server returned by /
> [Wed Oct 04 10:34:54.179397 2023] [proxy_http:error] [pid 1069029:tid
> 1069198] [client 10.3.9.144:46858] AH01097: pass request body failed to
> 127.0.0.1:8443 (127.0.0.1) from 10.3.9.144 ()
>
> many thanks, L.
>
> ought... sometimes systemctl's _reload_ will not do but "full" restart will
>

Re: [users@httpd] proxying SSL -> SSL

2023-10-04 Thread lejeczek 



On 04/10/2023 10:40, lejeczek wrote:

Hi guys.

I've sroogled & have found people suggesting working 
examples, I thought I had some notes but now I'm thinking 
I read that it should not work..

so I'm not sure what to think of this seemingly setup:


  ServerAdmin web...@lemko.xyz
  ServerName siem.mine.priv

  ErrorLog /var/log/httpd/siem.mine.priv-error_log
  CustomLog /var/log/httpd/siem.mine.priv-access_log common

  SSLProxyEngine on
  #SSLEngine on
  #SSLProxyVerify none
  #SSLProxyCheckPeerCN off
  SSLCertificateFile /etc/pki/tls/certs/siem.mine.priv.crt
  SSLCertificateKeyFile 
/etc/pki/tls/private/siem.mine.priv.key
  #SSLProxyCACertificateFile 
/etc/wazuh-indexer/certs/root-ca.pem
  #SSLProxyMachineCertificateFile 
/etc/wazuh-indexer/certs/admin.pem


  RequestHeader set X-Forwarded-Proto “https”
  RequestHeader set X-Forwarded-Port “443”

  ProxyRequests Off
  #ProxyPreserveHost on
  #ProxyPass / https://127.0.0.1:8443/
  #ProxyPassReverse  / https://127.0.0.1:8443/

  
    # preserve Host header to avoid cross-origin problems
    ProxyPreserveHost on
    # proxy to
    ProxyPass https://127.0.0.1:8443/
    ProxyPassReverse https://127.0.0.1:8443/
  



As you can see I've fiddle whit all those options in 
different combinations but nothing works for me.
Would you know how to fix or... perhaps you have Apache 
rev-proxying to Wazuh?


errors in log:

[Wed Oct 04 10:34:54.179364 2023] [proxy:error] [pid 
1069029:tid 1069198] (20014)Internal error (specific 
information not available): [client 10.3.9.144:46858] 
AH01084: pass request body failed to 127.0.0.1:8443 
(127.0.0.1)
[Wed Oct 04 10:34:54.179394 2023] [proxy:error] [pid 
1069029:tid 1069198] [client 10.3.9.144:46858] AH00898: 
Error during SSL Handshake with remote server returned by /
[Wed Oct 04 10:34:54.179397 2023] [proxy_http:error] [pid 
1069029:tid 1069198] [client 10.3.9.144:46858] AH01097: 
pass request body failed to 127.0.0.1:8443 (127.0.0.1) 
from 10.3.9.144 ()


many thanks, L.
ought... sometimes systemctl's _reload_ will not do but 
"full" restart will

RE: [users@httpd] proxying SSL -> SSL

2023-10-04 Thread Marc 
> 
> Hi guys.
> 
> I've sroogled & have found people suggesting working examples, I thought I
> had some notes but now I'm thinking I read that it should not work..
> so I'm not sure what to think of this seemingly setup:
> 
> 
>   ServerAdmin web...@lemko.xyz 
>   ServerName siem.mine.priv
> 
>   ErrorLog /var/log/httpd/siem.mine.priv-error_log
>   CustomLog /var/log/httpd/siem.mine.priv-access_log common
> 
>   SSLProxyEngine on
>   #SSLEngine on
>   #SSLProxyVerify none
>   #SSLProxyCheckPeerCN off
>   SSLCertificateFile  /etc/pki/tls/certs/siem.mine.priv.crt
>   SSLCertificateKeyFile   /etc/pki/tls/private/siem.mine.priv.key
>   #SSLProxyCACertificateFile /etc/wazuh-indexer/certs/root-ca.pem
>   #SSLProxyMachineCertificateFile /etc/wazuh-indexer/certs/admin.pem
> 
>   RequestHeader set X-Forwarded-Proto “https”
>   RequestHeader set X-Forwarded-Port “443”
> 
>   ProxyRequests Off
>   #ProxyPreserveHost on
>   #ProxyPass /  https://127.0.0.1:8443/
>   #ProxyPassReverse  /  https://127.0.0.1:8443/
> 
>   
> # preserve Host header to avoid cross-origin problems
> ProxyPreserveHost on
> # proxy to
> ProxyPass https://127.0.0.1:8443/
> ProxyPassReverse  https://127.0.0.1:8443/
>   
> 
> 
> 
> As you can see I've fiddle whit all those options in different combinations
> but nothing works for me.
> Would you know how to fix or... perhaps you have Apache rev-proxying to
> Wazuh?
> 

Have you added this 
SSLProxyEngine on