
Nginx Unit - tomd
https://www.nginx.com/products/nginx-unit/
======
Waterluvian
I hate sites like this. Im probably stupid but I have no idea what precisely
it is after reading that page. I just know that marketing team wants me to
believe it's going to be my saviour.

~~~
adventist
Yeah I had a hard time finding out what this site did.

~~~
dogweather
Lol, yep:

> NGINX Unit is a new, lightweight, open source application server built to
> meet the demands of today’s dynamic and distributed applications.

That means everything and nothing. They wasted their intro sentence on it.
They probably don't have a very good idea of what it is either.

~~~
jjeaff
While it is a fluffy marketing sentence, it seems clear to me. It's an
application server.

Then the next section explains that you can run different kinds of
applications and even different versions of the base software like different
versions of PHP or python all in the same server.

------
skrebbel
This looks pretty cool, and makes me sad that Mongrel2 never became popular.
In short: Mongrel2 solves the same problem, but does it by letting your
application handle requests and websocket connections over ZeroMQ instead of
eg FastCGI.

I guess it lost momentum when ZeroMQ did. Anyone know why? Sounds like a dream
solution in the current microservice hype.

[http://mongrel2.org/](http://mongrel2.org/)

~~~
agnivade
Wait, zeromq lost momentum ? When did that happen ?

~~~
sixdimensional
Unfortunately, the founder of ZeroMQ, Pieter Hintjens passed away (due to
cancer) [1]. He was a regular on HN [2].

ZeroMQ still works great and the open source community is still maintaining it
on GitHub [3]. I just think people are also looking at other technologies. A
lot of interest popped up in things like Apache Kafka and Samsa. I still think
ZeroMQ holds a unique place due to its lightweight and simple nature.

[1]
[https://news.ycombinator.com/item?id=11547212](https://news.ycombinator.com/item?id=11547212)

[2]
[https://news.ycombinator.com/user?id=PieterH](https://news.ycombinator.com/user?id=PieterH)

[3] [https://github.com/zeromq](https://github.com/zeromq)

~~~
shoover
I have been curious how the community would hold up after Pieter's death. This
project is a unique case because of how much work went into building community
and welcoming contributions. That said, the world is a different place than in
zeromq's heyday. Other commenters refer to Martin leaving the project, C++
regret, and a poor fit with node.js. Maybe in the face of all those changes
zeromq's mature community is primarily why it lives as a project.

------
mmahemoff
Confusing description. After seeing the Github README
([https://github.com/nginx/unit#integration-with-
nginx](https://github.com/nginx/unit#integration-with-nginx)), it looks to be
Nginx's alternative to low-level, language-specific, app servers, e.g. PHP-FPM
or Rack, with the benefit that a single Unit process can support multiple
languages via its dynamic module architecture, similar to Nginx web server's
dynamic modules.

It's still intended to run behind Nginx web server (or some other web server),
much like you'd run something like PHP-FPM behind a web server.

~~~
justonepost
It's a polyglot app server with microservice orchestration. It's definitely
needed.

Some things to look for, such as registration/discovery of services, intra-
cluster load balancing (where it started, no doubt), identity propagation &
authn/z

The biggest issue to my mind though is distributed transactions and
logging/debug/development. My biggest stumbling blocks with this sort of
thing.. stepping through code over microservices is such a PITA.

~~~
FooBarWidget
You seem to be very experienced in this area. Can you explain a bit about why
you think an "app server with microservice orchestration" is needed?

~~~
flachsechs
because you can work with individual microservices across clusters without a
ton of overhead (or use a monolithic app server), aiding in deployment,
rollback, debugging, development.

~~~
FooBarWidget
How exactly does having an app server reduce overhead, compared to running
each service directly without app server? And how does having an app server
compare to putting each microservice in its own Docker container and
orchestrating them in Kubernetes, which is what more and more companies seem
to be doing?

~~~
MadcapJake
At a glance, I think this is an alternative to docker/kubernetes. The general
idea seems to be to cut the middleman/topman out and let the bottom man (app
server) be the "unit" of configuration. Like a sort of integrated
docker/<YourLang>-runtime.

~~~
zzzcpan
No, this thing is more like inetd, while kubernetes is more like an OS for
containers and docker is a package manager.

------
pilif
_> It is not recommended to expose unsecure Unit API_

why do people always use "not recommended" when they actually mean "do not
ever do this or you'll end up the laughing stock in the tech press"

Exposing this otherwise awesome API to the public will amount to a free RCE
for everybody. So not ever expose this to the public, not even behind some
authentication.

It's very cool that by design it's only listening on a domain socket. Don't
add a proxy in front of this.

~~~
korzun
Technically, you can expose the Unit API within an internal network.

~~~
zeckalpha
Why that still might not be a good idea:
[https://research.google.com/pubs/pub43231.html](https://research.google.com/pubs/pub43231.html)

~~~
korzun
Thanks for linking that. Typically, if you know what you are doing, a setup of
this nature would be segmented out from the rest of internal network.

I did compliance work for a lot of start-ups and never came across a company
that understood this concept. The majority thinks that their wireless router
is already doing this via the Guest account.

------
jimjag
I am biased, but call me underwhelmed. It seems that with every "new" feature,
nginx is copying Apache httpd, even now claiming to be the "swiss army knife"
of web-servers. Embedded languages. Dynamic modules. Support of uWSGI.
gracefull restarts. Thread pools... and yet people eat it up. Just goes to
show what having corporate-backed marketing and PR can do.

~~~
Prefinem
When I started with apache, I thought it was great, but after moving to nginx,
the speed and simplicity made me never look back. While these new features to
nginx aren't new to the world, they are a nice welcome addition to a system
that IMO is far superior to apache.

~~~
overcast
I never found Nginx especially simple to setup, the config files were always
messy. Caddy seems to have knocked this out of the park for me, especially
considering automated https, and redirection.

~~~
Prefinem
I use Caddy on all my small projects right now. I haven't used it long enough
to install enough faith for production sized systems yet, but hopefully I will
get there because it is much easier to setup. Still, nginx is a breeze
compared to apache IMO

~~~
overcast
Been pretty rock solid for everything I've put on it! Side projects +
corporate.

~~~
Prefinem
I will keep that in mind. You mind me asking what's your most complex setup
and your scale?

------
phillippschmedt
Could anyone explain to me why I would want to use this? What exactly is the
use case and benefits of it when I am for example running a go web
application?

~~~
msimpson
NGINX allows you to proxy a back-end applications giving you the ability to
load balance, handle upstream failures with custom maintenance pages, employ
server blocks (virtual hosts), and much more. However, you always need to do
the leg work to get your specific application language up and running. This
new unit system makes that job easier as you would no longer need to employ
separate middleware, like PHP-FPM for PHP applications, or use a separate init
system like systemd to run Go or Node applications. Now NGINX would assume
those responsibilities and provide you with a consistent interface.

Here you can see the configuration of workers and user/group permissions for a
Go application:

[http://unit.nginx.org/docs-configuration.html#go-
application](http://unit.nginx.org/docs-configuration.html#go-application)

~~~
Xoros
I'm sorry but I'm not sure I get it.

Is it like the apache mod_php for php for example ?

Thanks in advance for your answer

~~~
msimpson
Yes, you can generally think of it as a replacement for mod_php as Unit would
parse requests from NGINX, pass them along to the PHP parser, then return the
responses back to NGINX. That's the same job mod_php does for Apache and what
PHP-FPM (essentially) does for servers like NGINX.

You can see the PHP configuration here:

[http://unit.nginx.org/docs-configuration.html#php-
applicatio...](http://unit.nginx.org/docs-configuration.html#php-application)

And here's the configuration needed to integrate Unit with NGINX:

[http://unit.nginx.org/docs-integration-with-
nginx.html](http://unit.nginx.org/docs-integration-with-nginx.html)

~~~
msimpson
Update:

Upon first reading I thought that Unit needed to be behind NGINX to function.
When actually it listens for requests as a separate server, entirely. It only
provides an API for configuration purposes.

However, If you want to use the other features of NGINX, like providing static
files, you will need to put it in front of Unit.

------
bkeroack
It's worth noting that it's rarely necessary or desirable to put an app server
like nginx in front of Go HTTP server applications. The Go standard library
http and TLS stack are production quality and rock solid. Putting something in
front is mostly cargo culting from people more used to the worlds of
PHP/Python/Ruby/etc.

~~~
wyc
Pushing back on this a bit...for example, securely exposing a JSON endpoint to
the public internet requires extra machinery that applications like nginx
bring for free. If you simply set the router to your handler, then you accept
arbitrarily large request sizes, wide open for DoS attacks. You have to either
manually add limits or pull in some library. nginx caps these by default. Want
throttling or load balancing? Again, things that haproxy and nginx do well,
but require more cruft in your application.

~~~
bkeroack
I would argue that all is part of security-aware software engineering. If you
aren't thinking of these things you have no business writing publicly-exposed
HTTP applications.

~~~
DandyDev
Or... you spend your time building something useful, leveraging skills you do
have, and let nginx leverage its own strengths.

What you say, sounds like NIH syndrome to me.

~~~
bkeroack
Secure software isn't useful? Insecure software isn't eventually value-
destroying?

Really what this sub-thread is arguing is that security Isn't My Job(TM) as
application developer. I disagree. Furthermore telling app devs not to worry
about it because nginx takes care of everything is a false security blanket
that will bite you eventually.

Not accepting unbound input and sane rate-limiting are kind of basic stuff,
no? I'm not saying every app developer needs to be a Defcon wizard, just that
they should have some fundamental awareness of secure coding standards for web
apps if that's what they're building.

~~~
stanleydrew
> Secure software isn't useful?

Nowhere in the sub-thread is this claimed.

> Insecure software isn't eventually value-destroying?

Nowhere in this sub-thread is anyone suggesting otherwise.

> Furthermore telling app devs not to worry about it because nginx takes care
> of everything is a false security blanket that will bite you eventually.

Nobody said this. But while we're on the topic the more likely false security
blanket comes from telling app devs "just use 'net/http' and 'crypto/tls' and
everything will be fine without a reverse proxy."

In any case the straw men you've raised are distracting and not driving the
conversation forward.

~~~
Whitestrake
> > Furthermore telling app devs not to worry about it because nginx takes
> care of everything is a false security blanket that will bite you
> eventually.

> Nobody said this.

That seems dishonest to say... From the grandparent:

> Or... you spend your time building something useful, leveraging skills you
> do have, and let nginx leverage its own strengths.

Really sounds like at least one person in this thread is advocating for app
devs not to worry about things that nginx takes care of.

Agree that making straw men doesn't help. There's advice on either side
regarding which one to use and realistically both are equally 'false security
blankets'. The correct answer is to educate yourself on the benefit and
drawbacks of each and make a conscious decision about where to implement your
security.

------
jchw
Sounds like uWSGI based on the description. I wonder how it'll play along with
certain environments like Kubernetes.

~~~
fermigier
Same. I really want to like (and use) uWSGI, for many reasons, but I find it's
lacking severely in the department of documentation (searching "uwsgi" on
Amazon gives zero hits!).

A properly edited book would be awesome. I would pay for it of course.

~~~
kogepathic
_> I really want to like (and use) uWSGI, for many reasons, but I find it's
lacking severely in the department of documentation (searching "uwsgi" on
Amazon gives zero hits!)._

uWSGI definitely needs more concise tutorials on how to accomplish some tasks
(e.g. creating Hello World with python and uWSGI, or how the uWSGI emperor
works).

However I disagree with _" lacking severely in the department of
documentation"_

Sure, it's not as easy as some other projects to dive into (e.g. Django) but
IMHO the documentation is not lacking, it's just not forthcoming.

If you sit down and read through the uWSGI documentation, you'll discover a
lot of very useful functionality and a reasonable description of how to
utilise it.

What's lacking is the tl;dr way to bash something out quick and dirty.

~~~
pas
[https://uwsgi-
docs.readthedocs.io/en/latest/WSGIquickstart.h...](https://uwsgi-
docs.readthedocs.io/en/latest/WSGIquickstart.html) it seems very quick and
straight to the point (yet complete, it even starts with apt-get)

[https://uwsgi-docs.readthedocs.io/en/latest/Emperor.html](https://uwsgi-
docs.readthedocs.io/en/latest/Emperor.html) \- has config snippets too

Or maybe you mean detailed step by step instructions, a'la howtoforge?

~~~
kogepathic
_> Or maybe you mean detailed step by step instructions, a'la howtoforge?_

Yes, this is what I meant when I said

 _> IMHO the documentation is not lacking, it's just not forthcoming._

------
oelmekki
I initially thought it would allow to dynamically handle upstreams list (and
other configuration) like hipache is doing [1], which would be awesome for
dokku or other container management systems which rely on system nginx. But
after seeing languages mentioned, I'm confused.

Is it supposed to replace language specific servers, like unicorn and puma for
rails (but then, I'm confused about what such kind of support would be for Go,
since the server is directly embedded in the program)? Does it embeds
interpreter for interpreted languages, like mod_* did for apache?

[1] [https://github.com/hipache/hipache](https://github.com/hipache/hipache)

~~~
justonepost
it's like swarm - [https://docs.docker.com/engine/swarm/#feature-
highlights](https://docs.docker.com/engine/swarm/#feature-highlights) but much
more lightweight.

~~~
anentropic
and nothing to do with docker containers

in fact nothing like it really AFAICT

------
chatmasta
I'm having a hard time seeing what niche this fills. It seems to be both a
process manager and TCP proxy. What am I missing here? What makes this better
than, for example, using docker-compose?

I think a "how it works" or "design doc" would be really helpful.

That said, the source files do make for pleasant reading. The nginx team has
always set a strong example for what good C programming looks like.

EDIT: Their blog post [0] makes this more clear... nginx unit is one of four
parts in their new "nginx application platform" [1]

[0] [https://www.nginx.com/blog/introducing-nginx-application-
pla...](https://www.nginx.com/blog/introducing-nginx-application-platform/)

[1] [https://www.nginx.com/products/](https://www.nginx.com/products/)

~~~
coldtea
> _What makes this better than, for example, using docker-compose?_

Not having to use docker would be a huge plus for me.

~~~
justonepost
yes, infinitely more lightweight. but docker compose and friends are cool

------
bovermyer
More useful: [http://unit.nginx.org/docs-nginx-
unit.html](http://unit.nginx.org/docs-nginx-unit.html)

------
pkstn
What is this? I've tried to read blog post, product site, these comments and
still having really hard time figuring out what is Unit and why?

~~~
elcapitan
Seems to be a standardized replacement for language specific app servers like
fpm for php. I guess that makes it a little easier to deploy stuff, although
recently with docker containers, that hasn't been such a big deal anymore. You
can just take an off the shelf fpm container and deploy that.

~~~
rthomas6
Seems like a simple C app would take much less resources than a docker
container and have a lot lower latency, though. How much computing power would
you need for each, given the same number of users?

------
jonotime
Interesting. I like the restartless configs idea. This is becoming more common
these days with short lived microservices. This week I just switched my load
balancer setup from HAProxy to Traefik - very nice API based setup.
[https://traefik.io/](https://traefik.io/)

------
amouat
Also note github repo at
[https://github.com/nginx/unit](https://github.com/nginx/unit)

~~~
cormacrelf
If you're unfamiliar, look at this instead.

The homepage on Nginx.com is basically

> Join this webinar to learn

> \- What NGINX Unit does that has not been available before

~~~
icebraining
There's also a blog post introducing the project:
[https://www.nginx.com/blog/introducing-nginx-application-
pla...](https://www.nginx.com/blog/introducing-nginx-application-platform/)

------
bluetech
I'm happy to see this. nginx itself is excellent software, I'll be happy to
use similar tech for the application server as well (instead of uwsgi).

There are a couple of options I'd like to see added to the Python
configuration though before I could try it:

\- Ability to point it at a virtualenv.

\- Ability to set environment variables for the application.

~~~
justonepost
lol.. nginx en-masse configuration is a nightmare. i can point to a fortune 50
company that it's destroying for relying on it. I won't name names :)

~~~
etatoby
So they deployed a bad config file to all nodes and restarted the service,
which then failed to start.

How is this specific to Nginx? This same mistake is possible with any other
software ever written.

~~~
falsedan
nginx is faster at stop/starting?

~~~
falsedan
downvoters: I'm deadly serious. I've seen plenty of deployment systems which
were unbearably slow because it gave more time for a human to spot a bad
deploy and cancel it, and who were afraid to replace it with something faster
because it would lack this safety net.

------
wiradikusuma
The logo makes it as if it's read "N Unit", which is probably confusing as a
popular unit testing with such name exists:
[http://nunit.org/](http://nunit.org/)

------
metalliqaz
So in my Flask app this would replace gunicorn?

~~~
bovermyer
Yes.

------
svennek
So it looks like they basically rewrote uwsgi and slapped a rest api on top of
it.. (as a big fan of uwsgi, that seems like a reasonable thing to do...)

~~~
est
badly need settings like restart works every X requests or harakiri after #
seconds timeout.

------
agentgt
I'm still not sure I understand "Unit".

I can't speak for the other languages (PHP, Go, Python) but I have some
reservations about it helping Java (as well as Erlang and other (J)VM
languages) as FastCGI like stuff has been attempted for Java in the past with
not very good success with the exception of Resin.

I guess it would be interesting though if they did a native Servlet 3.0+
implementation like Resin but I doubt that is is what will happen. Regardless
Netty, Undertow and even Jetty have caught up speed wise to Resin (well at
least according to techempower).

~~~
user5994461
CGI for PHP/Python.

AJP/mod_jk for Java.

------
baybal2
Looks to be a good candidate to replace omnipresent nginx based API routers

~~~
thanksgiving
I have a small flask application which basically is a rest get post API
server. I'm struggling to make deployment easy. With PHP, i just push to the
application server and rsync that folder into var www html for Apache httpd
but what would I do for flask python 3?

~~~
drcongo
Use a webserver that proxies requests to a wsgi server. We tend to put Caddy
in front of Gunicorn which works really well. Also, look into running Gunicorn
under supervisord.

~~~
drcongo
Oh, and also use Fabric -
[http://docs.fabfile.org/en/latest/](http://docs.fabfile.org/en/latest/)

~~~
thanksgiving
Thank you. I'll look this things up. Haven't had to do deployment stuff in my
previous life

------
ultimoo
For Go, does anyone have opinions on how is this is advantageous than using
the in-built HTTP server (net.Listen() from net/http) that can fronted by a
regular nginx/proxy_pass?

------
foota
This would take the place of something like tomcat or uwsgi, right?

~~~
willvarfar
Java is a notable omission on the diagram on their landing page...

~~~
richdougherty
Under Features / Multi-language support:

> Full support for Go, PHP, and Python; Java and Node.JS support coming soon

~~~
seanp2k2
No Ruby support :<

~~~
shawabawa3
Also "coming soon" according to their github page

------
yeukhon
It is in beta, but I hope this won't become a commerical-only product.

~~~
unkown-unknowns
[https://github.com/nginx/unit](https://github.com/nginx/unit)

It's open source at the moment at least and I think it's reasonable to expect
at least that the parts that are open source today will remain so in the
future. Certainly they could have a commercial version with extra features
like they do with Nginx, but as long as they have a useful version of this
Nginx Unit available open source I will be happy to use it.

------
ishtu
I am surprised noone mentioned Kong [1] yet. It seems to implement most of
stuff promised by Unit and it was around for a few years.

[1] [https://getkong.org/](https://getkong.org/)

~~~
LeonidBugaev
Not sure how it is related. Unit is an app server, it runs app processes and
manages them, handles graceful restarts and etc.

Kong is just an API gateway: you run your own infrastructure as usually and
put a gateway on top of it.

~~~
ishtu
>Build the foundation of your service mesh.

Not directly related as Unit seems to be advertised as app server primarily,
but you can see quoted text on main page.

------
noway421
Any use for that on small scale (of 1 instance)? If you'd need to run nginx in
front of it anyway, does it provide any use in case where you'd normally use
php-fpm and some proxy_pass?

~~~
detaro
Interesting for me since I run not just php. Depending on what you do, maybe
the API is useful for you.

------
reificator
The concept of XUnit is so ingrained in my head that I assumed it was a unit
testing framework for NGINX.

The rest of the headline cleared it up of course, but I was curious for a
minute how that would look.

EDIT: When discussing a new product, I would think the name is a fair point of
discussion.

Furthermore after this thread's title changed, it now requires a clickthrough
to dispel similar misunderstandings.

~~~
wpietri
Yeah, given the title, I thought it was about a unit testing framework for
Nginx. Kinda like ServerSpec, but more specific:
[http://serverspec.org/](http://serverspec.org/)

------
taf2
Is this similar to openresty ? Instead of Lua - python, go and php? Or
something different?

~~~
bovermyer
No, this is a replacement for things like php-fpm, gunicorn, etc.

The REST API part of it is for updating its configuration over HTTP.

------
atemerev
So, Nginx follows exactly the way of Apache HTTP: remember mod_php, mod_perl
etc?

~~~
icebraining
This is not Nginx, it's a separate project developed by the same company. You
could put any frontend proxy in front of it.

------
mattacular
I didn't see this mentioned but is there any way to upgrade the versions of
the modules such as Go and PHP indepedendently of the core Unit package?

------
AsyncAwait
So is still standalone or do you still need to run this behind the regular
Nginx, like you would a language-specific application server?

------
lngnmn
Oh, they wrote their own uwsgi, based on what presumably started as nginx2.
That's cool.

I hope they would avoid the Second System syndrome..

------
eeZah7Ux
[honest question, not being negative] what real use-case is not already being
addressed by existing technologies?

~~~
TeMPOraL
For almost every new product you see, the answer is: none.

It's not about making something impossible possible. It's about improving
possible things in some dimension - like speed, safety, flexibility, or - in
this case - standardization and integration with already used tool.

~~~
Walkman
Great answer! I wondered about this myself for a moment :)

------
dogweather
> Run multiple applications written in different languages on the same server

Amazing progress! Someone introduce them to CGI.

------
devj
How is it different from Envoy?

~~~
daddykotex
It seems like it is quite different, you actually change your code to listen
with NGINX unit.

[https://unit.nginx.org/docs-installation.html](https://unit.nginx.org/docs-
installation.html)

------
LeicaLatte
Looks fantastic! Will be trying this over the weekend.

------
scadge
Is it an alternative to Docker Compose in some sense?

------
Antwan
Any report of the perf (VS uWSGI for example) ?

------
neo_blackcap
So does it use fastcgi to rule them all?

------
moklick
Nginx Unit > G Unit

------
mempko
But can I use Perl 6?

~~~
tribby
that was my question too. seems like no for now, and no plans either.

~~~
mempko
Sad butterfly

------
hathym
how does it compare to openresty/luajit ?

~~~
noway421
AFAIK nginx unit would still require to have an nginx in front, so they are in
different weight category with openresty.

It looks like it's more of a replacement to good old NGINX+Apache set up where
there would be mod_php, mod_cgi, mod_perl and .htaccess on backend to serve
the app.

------
marktam264
Is this like AWS Lambda you could put in your own cloud?

~~~
noway421
This type of question is indication that NGINX Inc. salesmen did fail horribly
to conceive of what the product actually is in layman engineering terms. Too
much buzzword compliance.

~~~
donatj
Yup.

I came to the comments specifically to try to figure out what the heck this
thing does.

The page itself never gets to the point of "Here's what it does".

------
argsno
So, it's an application server?

------
fgjjgutjvnu
I recently tried to deploy a python flask application, and it was quite a
mess. It relied on some services I had never heard of, and the documentation
was a mess (not the documentation of Flask but of how to deploy it properly).

If Nginx Unit could host flask applications, it would be great news.

------
smegel
> Full support for Go, PHP, and Python;

Does it do WSGI then? Did they write the equivalent of mod_wsgi?

~~~
anentropic
yes, from docs it appears the Python app type in Unit provides a WSGI host

