Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Time for me to slowly start looking for an alternative.

There was a time when I wanted to move away from it and was eyeing HAProxy, but the lack of the ability to serve static files didn't convince me. Then there was Traefik, but I never looked too much into it, because Nginx is working just fine for me.

My biggest hope was Cloudflare's Rust-based Pingora pre-announcement, which was then never published as Open Source.

Now that I googled for the Pingora name I found Oxy, which might be Pingora? Googling for this yields

> Although Pingora, another proxy server developed by us in Rust, shares some similarities with Oxy, it was intentionally designed as a separate proxy server with a different objective.

Any non-Apache recommendations? It should be able to serve static files.



Maybe take a look at Caddy (https://caddyserver.com/)


Well, until you read https://news.ycombinator.com/item?id=39351026


That's a third party plugin, not core Caddy.


Ohhh I didn’t realize.

Then nothing


And?

(That isn't about Caddy, rather a third-party plugin.)


Also, it's not always about vulnerabilities directly, but how well / fast things are patched.


Have you finally decided to match FQDN URLs correctly?

I'd love to get rid of the part of my clients' codebase that starts with // workaround for broken caddy servers


I'm going to third the suggestions for caddy, I've replaced nginx as a reverse proxy in a couple places with caddy and it's been so much easier to maintain.


Caddy, simple & easy, almost zeroconf.


I mean I’m not sure how it’s good to want to move to a dev who is against CVEs and disclosures…


I think people are seeing this as a very generic "big bad globocorp destroying OSS community", and not moving past the headlines. I'm with you, this seems like a foolish thing to decide to fork the project over. Probably there is other conflict brewing, and this was just a convenient opportunity.


Did I miss something regarding that Maxim didn't want CVEs and disclosures? I was not aware of this. And F5 are the ones wanting to add the CVEs (as happened in the announcement which was released an hour earlier)?

I could have sworn that I've read about Nginx CVEs in the past.


Well it seems he didn’t think this particular thing should have one despite the criteria being clear.


I did miss the post [1] where he explains that experimental features should not get assigned a CVE if the feature is experimental.

In that case I'd agree with his view, though I think his reaction is a bit over the top.

[0] https://freenginx.org/pipermail/nginx/2024-February/000007.h...




Consider applying for YC's Summer 2026 batch! Applications are open till May 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: