How do you run Phoenix without using Nginx? Do you use iptables or authbind?
Edit: Added link below.
How do you run Phoenix without using Nginx? Do you use iptables or authbind?
Edit: Added link below.
iptables seems the easiest / most reliable. I tried redir
too a while back but this does not really bring any advantages over 2 lines of iptables config.
Thanks for sharing. I actually havenât tried any of these yet. I have always been using Nginx as a proxy for the web apps I built. Port redirection/port binding wasnât part of my vocabulary until I was researching about Elixir/Phoenix deployment best practices recently. I hope more experienced developers would share their experiences and strategies on this because the Elixir/Phoenix docs and books I read donât teach anything about this.
out of curiosity, why you donât want to have Nginx running? I tend to still use it by default. This comes in handy when I need to temporarily bring the site down for maintenance / upgrades for example, I just set up some temporary landing page. Or in case app crashes for some reason I get the opportunity to set up custom 500 page.
Itâs not that I donât want to have Nginx running. I saw Jose Valimâs comment on this stackoverflow question and I realized that it would be more straightforward to serve Phoenix directly.
Your points for using Nginx to handle situations when the site is down are important to keep in mind. Thanks.
There is also the issue of static files. Nginx is faster in serving static files. When using Nginx, the Phoenix server will be free to handle only dynamic requests.
Well on one of our Windows servers here at work we have IIS in front of a Phoenix server. I would not recommend that, at allâŠ
I second Joseâs suggestion - why do you need Nginx? Start with the simplest and then build up. Phoenix/Erlang is mighty amazing at serving static files too. If that is a bottle neck then by all means use nginx.
Iâm using iptables for my blog.
When I deploy new version, I start another docker container with the new image, reroute iptables, and then stop the previous one. Actually itâs a bit more involved than that, but thatâs the general idea which allows me simple âdowntimelessâ updates without needing to use OTP release handling.
This should be easy to do with some simple maintenance plug somewhere at the top of the endpoint. The same thing holds for a custom 500 page.
If supported by OS, static plug will use sendfile
syscall, meaning that a file will be sent to the socket from kernel, and its content wonât be loaded into BEAM OS process. It should of course be measured, but Iâd expect serving files from Phoenix shouldnât be âsignificantlyâ slower compared to nginx.
Also, dynamic requests should be somewhat faster with Phoenix alone, because thereâs one hop less. More importantly, the architecture is simpler, because you need one component less on the server. This is the main reason why Iâd advise starting with just Phoenix, and moving to nginx for some specific reasons. You start simple, and reach for additional technology if you really need it.
@sasajuric ⊠Thank you that was informative⊠I ran some testing using weighttp
tool and here are the results:
Root page /
:
Phoenix alone: ~ 2100 req / sec
Nginx + Phoenix: ~ 1600 req / sec
Static image:
Phoenix alone: ~ 2400 req / sec
Nginx + Phoenix: ~ 12000 (12 thousand) req / sec
what kind of hardware/os/vm were you running these tests?
I wonder if Cowboy does the same network optimizations that Nginx does. Looking at the results from @acrolink I have strong doubts that it does. More info of what they did in Nginx: https://t37.net/nginx-optimization-understanding-sendfile-tcp_nodelay-and-tcp_nopush.html
out of curiosity, why you donât want to have Nginx running? I tend to still use it by default.
Late to this, but â in the Real World, all my servers, regardless of
what kind of app theyâre running, are constantly flooded with attack
ârequestsâ for âadmin.phpâ, âfoo.aspxâ, etc.
Using nginx as a front end to discard those saves my app cycles in
generating 404s, bandwidth in returning them, and polluting my app
logs with pointless entries.
YMMV.
Hassan Schroeder ------------------------ hassan.schroeder@gmail.com
Hassan Schroeder | about.me
twitter: @hassan
Consulting Availability : Silicon Valley or remote
@hassan ⊠I experience the same, Nginx can block and filter those kinds of unwanted activities at the entry point and it does this task very wellâŠ
OpenSUSE Leap 42.1, 4 G.B. Ram, 2 CPU cores on a shared server environment running Intel Xeon CPU E5-2680 v3 @ 2.50GHz
I interpret it as @hassan prefering not to run nginx because of the numerous entries and serving of 404âs etc. But I could be totally misinterpreting this of course
I interpret it as @hassan prefering not to run nginx because of the numerous entries and serving of 404âs etc. But I could be totally misinterpreting this of course
Yeah, I was saying exactly the opposite - nginx as a front-end filter
keeps the trash out of my logs and prevents wasting bandwidth on
servicing nonsensical ârequestsâ
Hassan Schroeder ------------------------ hassan.schroeder@gmail.com
Hassan Schroeder | about.me
twitter: @hassan
Consulting Availability : Silicon Valley or remote
Yeah I have to state that I have a lot of âdead-pathsâ in my nginx configs as well, that really is a great boon.
That makes sense. Thanks for clearing it up!
If you really do not want to use Nginx, but your VPS does not support port redirection with iptables (which is the case for many OpenVZ based VPS) you can always use xinetd (https://github.com/xinetd-org/xinetd).