
Nginx 1.12.0 stable - ymse
https://nginx.org/en/CHANGES-1.12
======
jbergstroem
One key missing piece in nginx is a way to interact with the configuration
without having to edit the config file. This is such a vital piece of a modern
infrastructure; where backends are added/removed on demand.

You can interact with haproxy via lua[1] or use etcd to have traefik load its
configuration[2].

Seeing how [as others also mentioned] nginx seems to favor pro customers in
terms of functionality, it would only seem wise to choose another proxy/load
balancer for your next project.

[1]: [http://www.arpalert.org/src/haproxy-lua-
api/1.7/#Proxy.serve...](http://www.arpalert.org/src/haproxy-lua-
api/1.7/#Proxy.servers)

[2]: [https://docs.traefik.io/toml/#etcd-
backend](https://docs.traefik.io/toml/#etcd-backend)

~~~
ploxiln
nginx can reload the config files without closing the listening port or
interrupting any existing requests. haproxy can't do that. So you can actually
live-update on-demand much more of the nginx configuration than you can the
haproxy configuration.

~~~
jbergstroem
Logging in to machines to update configs doesn't scale well. You often end up
building your own framework/api "only" to edit the config file.

Or paying $2500/instance/year for nginx plus.

~~~
ploxiln
Executing a template, writing it to a file, and sending SIGHUP, is not that
hugely different from composing a request and writing it to a control socket.

Maybe nginx isn't better than haproxy for many purposes. But updating
configuration isn't the reason :)

------
ajuhasz
We're having great luck using traefik
([https://traefik.io](https://traefik.io)) as a kubernetes ingress, we just
couldn't get nginx working well and ever since the switch it's been rock-
solid.

~~~
dorfsmay
What was the reasoning of traefik vs haproxy?

~~~
nikcub
Traefik was written before haproxy had hot reloading configuration in 1.7

It does one thing and does it well - auto configured and discoverable lb and
proxying designed to run in container environments

Easy to get running, easy to know everything it can do and without much effort
it gets a lot accomplished

Not that nginx and HAProxy still don't have their place, but if you want to
front a docker swarm or k8 stack traefik is just easy whereas nginx/haproxy
have to be configured for that task

------
xfalcox
Was hopping to get HTTP2 server push on 1.12 since H20, Caddy and even Apache
already support it.

~~~
ehllo
you should have a look at the Nginx fork from tabao/alibaba

[https://github.com/alibaba/tengine](https://github.com/alibaba/tengine)

[http://tengine.taobao.org/](http://tengine.taobao.org/)

------
frik
The only thing pretty bitter about Nginx is that the access to the server
status in the open source community edition.

You get only so much with "ngx_http_stub_status_module" that you have to
compile in yourself, as distros don't compile it in:
[https://nginx.org/en/docs/http/ngx_http_stub_status_module.h...](https://nginx.org/en/docs/http/ngx_http_stub_status_module.html)

With Nginx plus you get access to so much more ("ngx_http_status_module") of
the server status. It's not about the pretty frontend, it's about the values.

[http://nginx.org/en/docs/http/ngx_http_status_module.html](http://nginx.org/en/docs/http/ngx_http_status_module.html)

Why isn't there a CentOS-style distro apt/rpm package of Nginx (think of free
RedHat) with the status module enabled, as based on open source Nginx?

~~~
simonw
This is the classic downside of open source that's supported by a "pro"
edition: it encourages maintainers to actively avoid adding features that
would compete with the paid product.

~~~
inopinatus
This is similar to the classic blunder by service product strategists who tier
pricing by both capability and scale, rather than one or the other. This
results in nonselection of the product rather than the hoped-for upsell.

~~~
exhilaration
"Nonselection"? Did you see the HN post a few days ago [1] about Nginx
reaching 33% market share? They seem to be doing very well.

[1]
[https://news.ycombinator.com/item?id=14078589](https://news.ycombinator.com/item?id=14078589)

~~~
inopinatus
Markets are measured in dollars, not usage. The last press release I read from
Nginx* says they have barely more than 1,000 paying customers, and shied away
from real revenue numbers, but I doubt anyone would place a bet that it is on
the order of magnitude of revenues due to e.g. IIS on Windows Server, or even
the revenues that Oracle & IBM collect for their rebadged Apache.

* [https://www.nginx.com/press/nginx-carries-strong-business-mo...](https://www.nginx.com/press/nginx-carries-strong-business-momentum-2017/)

------
jsiepkes
We used NGINX with Consul (template) and Vault quite extensively until I
recently found out about eBay's Fabio (
[https://github.com/eBay/fabio](https://github.com/eBay/fabio) ). Fabio is
really great as an NGINX reverse proxy alternative in an environment with
Consul or etcd. I highly recommend it.

~~~
MHordecki
What made you switch?

~~~
jsiepkes
Home made consul template duct tape with NGINX vs. solution that was designed
from the ground up to be what we mangled NGINX to be with Consul template.

Concrete example; Fabio is far more resilient to operator mistakes then our
own NGINX Consul template duct tape solution (which is totally unforgiving).

~~~
magiconair
Glad you like it. :)

Disclaimer: I'm the author.

------
ePierre
> Changes with nginx 1.12.0 12 Apr 2017

> *) 1.12.x stable branch.

Well, thank you very much, that's a very informative changelog. :)

------
_kyran
On the topic of Nginx, does anyone know if it's possible/how one could fire
off a http request (GET or POST) to an external service to log requests in
real time (rather than say logging to a text file then processing that)?

~~~
nhumrich
Syslog

~~~
otterley
But you really don't want to do that if you need accurate log collection and
aggregation. Having a local log file is essential to coping with backpressure
from the log consumers. Consider what might happen if the remote syslog server
goes down or is overburdened.

------
Zikes
I'm surprised by the lack of first-class ACME/Let's Encrypt support. I figured
once Caddy paved the way in that regard that nginx wouldn't be far behind.

~~~
pfg
I'm all for adding native ACME support to web servers, but I can understand
that they'd rather wait till ACME reaches RFC status (which hopefully won't be
long now - the draft is in WG Last-Call).

Once that's done, I'd definitely be disappointed if web servers still decide
it's not in scope for their core product.

~~~
Zikes
I don't think it's unreasonable to expect an officially supported optional
module, at the very least. It's how they've handled experimental features in
the past.

