
OpenBSD imports nginx into tree as future apache replacement - b3n
http://marc.info/?l=openbsd-cvs&m=131673440721777&w=2
======
unwind
Pretty amusing, in a weird sort of way (perhaps just a sign of some stupid
tech-snobbery on my part) to see a very recent message indicating that a
large, pretty high-profile and deeply entrenched and respected software
project is using CVS.

I'm so used to the constant bombardment about Git (and other DVCS:es) here,
that even projects using Subversion seem to be a bit "left behind", and here's
all of OpenBSD doing their thing with CVS.

I guess it proves that the tools aren't everything.

~~~
alnayyir
>I guess it proves that the tools aren't everything.

Sort of, it proves that a psychotic mob of minutiae obsessed sufferers of
Autism are capable of incredible productivity in spite of anachronistic
tooling.

Cf. people that build houses using pre-19th century technology and refuse to
use modern plumbing.

~~~
throwawaysnipe
Tools are just means to an end. The OpenBSD devs can write better software
with punch cards than you can with a modern language. Take your hipsterer-
than-thou attitude and shove it.

tl;dr fed the troll.

~~~
alnayyir
>The OpenBSD devs can write better software with punch cards than you can with
a modern language.

I'm a coder that lives inside of Emacs and m-x shell. What about what I just
said would make you believe anything other than that I consider the person to
be more important than the tool?

------
jacques_chester
Does OpenBSD still maintain their own fork of Apache 1.3? If so, that might
explain their interest in a replacement.

~~~
throwaway32
yes, it is heavily patched to support things like IPv6 (which the Apache
foundation claimed was "impossible"). However, the code-base is getting a bit
long in the tooth, a more modern replacement will be nice. I am curious
however about how they are going to implement CGI with nginx, as tons of
applications still rely on this.

~~~
madhouse
nginx supports FastCGI, and CGIs can be supported via fcgiwrap and similar
tools, it works remarkably well, and configuration's easy.

~~~
lobster_johnson
Nginx is a well-engineered piece of software. The only problem, in my opinion,
is that does not support loadable modules; any features you want or don't want
need to be configured at compile-time, and those are only the official ones
that are part of the mainline code. Third-party "modules" such as Phusion
Passenger are essentially patches. Since Nginx has a modular architecture,
those patches are admittedly very clean, but it's still a pretty ugly
situation compared to Apache's elegant loadable module system.

~~~
rcoder
For a base web server included in OpenBSD by default, I don't think dynamic
loading is actually a huge win. Auditing and hardening a single, statically-
compiled binary is easier than doing the same thing for one that loads shared
objects at runtime.

Since adding and removing Apache modules already requires a restart of the
httpd process, a good source-based build system like ports can make adding and
removing modules via build flags nearly as straightforward as dynamic loading.

~~~
lobster_johnson
Not for OpenBSD, maybe, but for other operating systems based on precompiled
binary packages. Nginx uses a forked worker model that probably would allow
adding/removing modules without restarting the entire server.

~~~
mfjordvald
Considering that you can upgrade the binary without any downtime then yeah, it
probably would. I personally think there are bigger issues that needs to be
covered first, such as support for persistent connections to backends and
HTTP/1.1 support when reverse proxying. (Was just added in 1.1.4, now it just
needs testing!)

------
jvdongen
Though not a bsd user myself, I'm glad to see this happening. A few extra
security-minded eyes on the nginx source code can only make it better.

------
pwaring
I presume they mean nginx will be the default web server, rather than removing
Apache altogether? You can't just replace Apache with nginx, they're two
different pieces of software - admittedly with some overlap.

~~~
antoncohen
> I presume they mean nginx will be the default web server, rather than
> removing Apache altogether?

It says "to provide an apache replacement for base." OpenBSD has a Base
system, plus it has Packages and Ports. Packages and Ports do not go through
the same security audit as the Base system. Currently the version of httpd in
Base is 1.3.x, which is all patched and secure, Packages/Ports has httpd
2.2.x. I suspect they mean nginx will replace httpd in the Base system, while
httpd will still be in Packages/Ports.

~~~
thomasknowles
Or in other words it'll be on the CD and Apache'll be in a repo.

~~~
elehack
No - that's not how things work in *BSD systems.

On Linux distributions, all software is typically "equal" - everything is a
package, and the only difference is what repository it comes from.

In BSD, the base system and ports are entirely distinct. The base system is a
single coherent unit installed and upgraded as one piece (although the
installer allows you to omit some portions of it).

The ports provide additional software packages installed and managed
separately on top of the base system. The base system is maintained and
patched by the core developers and officially supported by the organization.
The ports are provided effectively as a convenience, and are not covered by
the same security and maintenance procedures as the base system.

------
CasimirCelerity
Some more discussion on reddit where the original poster found this link and
title:
[http://www.reddit.com/r/BSD/comments/kp3e7/openbsd_imports_n...](http://www.reddit.com/r/BSD/comments/kp3e7/openbsd_imports_nginx_into_tree_as_future_apache/)

------
andrewcooke
what's the usr.sbin in the path? why isn't that usr/sbin? this looks like some
convention i've never met before (and i have no idea how to google for it...)

~~~
tobiasu
It looks like this way of organising the source (src) tree started in 4.1BSD
(1982?). Before that, all the commands lived under /usr/src/cmd/. See
<http://minnie.tuhs.org/cgi-bin/utree.pl?file=4.1cBSD/usr/src> and
<http://minnie.tuhs.org/cgi-bin/utree.pl?file=4BSD/usr/src>

I guess it's there to flatten the source tree depth and probably had something
to do with tiny disks of the time, shells without tab-complete or it was just
a whim. In any case the convention stuck and it is now that way in all modern
BSDs.

