Is Cowboy a production ready server?

IIRC phoenix uses cowboy, which it wouldn’t do if it wasn’t production ready.



You can get Cowboy support if you need it.

And if you’re using phoenix in production, you should really be supporting Cowboy at some level.

6 Likes covers a basic NGINX configuration for using it as a reverse proxy.


Heroku’s router is based on cowboy if that’s any indication of its production readiness


Thanks, to all of you. So the opinions have split, and since we do not know if heroku use a ngingx in front of cowboy and even phoenix tutorial have nginx part i would probably set up a reverse proxy…

but it would be great to know why am i doing it and not just in case.

1 Like

@chrismccord to be 100% fair, Heroku forked and improved early version of Cowboy. They are not aligned with upstream at all, and they develop cowboy’s fork on their own. So it’s not the same Cowboy Phoenix uses at all, and this argument probably should not be used ;). The differences in code base are massive, I checked that a while ago (heroku’s for is on github).


You know some of the answer to your question depends on how you define “Production Ready” If you’re expecting 10 requests/second, then yes Phoenix is more than production ready. If you’re expecting 10_000 requests/second, yes Phoenix is production ready but other web servers might not qualify under that criteria.

I’d say you’re expecting a specific answer to a pretty generic question and it’d be helpful if you added some of the problem parameters you’re considering.


That’s absolutely fair. As far as i remember performance is not an issue for cowboy (mb except for static assets). So i define production readiness only in case of security (DoS absence and so on).


Shouldn’t that be handled by the security on the server? Rather than the application server @insider?

Personally I would consider an app server production ready if it is working fine in production for 90 to 95% of use-cases without any known problematic issues.


This paragraph in the linked Phoenix guide explains one reason you might want to set up a proxy:

In a lot of cases, we’re going to have more than one application running in our hosting environment, all of which might need to be accessible on port 80. Since only one application can listen on a single port at a time, we need to use something to proxy our application. Typically, Apache (with mod_proxy enabled) or nginx is used for this, and we’ll be setting up nginx in this case.


Also while talking about proxying, look at HAProxy as well (it’s what we use on this server):


Yes, this is especially useful with Cowboy, since it does not have the concept of virtual hosts at all. You can spawn multiple cowboy instances on the same machine, moreover, you can start multiple Cowboy instances in the same Elixir application cluster, but they need to listen on separate ports.

I have hacked something around that allowed you to use the same Cowboy instance to “proxy” to different Phoenix applications, but it was far from perfect and in the end I abandoned the effort altogether.

This is the case when you want to have separate admin app, reporting app, web interfacr/api and maybe legacy app all running on the same cluster. In such cases you may spawn X Cowboys, but you’ll need something like Nginx to make it all presented to the user as you want.

One more thing worth mentioning about Cowboy: it is very much reversed concept of web server to what you would expect from say Apache or Nginx. Cowboy does not start your application/scripts/web pages, it’s the other way around: your app starts Cowboy. it’s a HTTP server embedded into your app.


FWIW Cowboy has code to protect against slow requests: … though I have not tested if that is sufficient in practice.

That said, cowboy is used a lot in production environments, and while no software can be considered 100% secure, it seems to be quite solid in practice.

On the topic of porxying, I would definitely recommend haproxy over apache, and even nginx. Apache is far more than one needs for a simple proxy (overhead, config management, …) and while nginx makes for a fine proxy (and not just for http), haproxy is a magical combination of small, fast and extremely featureful. It does all the SSL/TLS offloading along with a variety of load-balancing and port-forwarding goodies (and a reasonable integrated web app for monitoring) while consuming minimal resources … unless you are actually needing a web server (in which case nginx can make sense; forward some requests, serve up static content for others), just use haproxy.


I’m a newcomer from the Ruby world where there are many choices of Rack servers such as Unicorn and Puma and Thin. Are there any application servers besides Cowboy in the Elixir world?

1 Like

Here are some:


Thanks a lot @mpugach. I will definitely check those servers.

1 Like

There are some other web servers, but if you want to use Phoenix, I think you will end up going with Cowboy. There are plug bindings to elli, but I do not think it’s general purpose web server - it targets APIs.

I think if you want to use Plug/Phoenix, at this moment in time Cowboy is the only option that will work for most use cases.


As far as I know, the situation described above happened a long time ago, before Cowboy reached 1.0. If this is the repository you were referring to, you can verify there are no commits after the middle of 2015. From my understanding they are using Cowboy 1.0 with custom transports (to support things such as HTTP 2.0 for example).


In any case, your comment is from May 2016 and now there are many companies using Cowboy in production through Phoenix, such as Bleacher Report, CargoSense and others. :slight_smile: Many Erlang-based companies, such as Klarna, are using it in production too.


Yeah, wow, is so old already <3.

I have no idea if they still use it or not internally on Heroku, but you are right that the activity seems slowed dow a lot. Possibly it’s being phased out or already not used.

@josevalim I was referring to this fork: which has slightly more activity but not much.