Selfhosted

There's a lot of good resources for Nginx, it's fast (faster than Caddy), and has a ton of features, so you can use it for pretty much anything HAProxy, Apache, or Caddy can do, and not sacrifice much in performance.

That said, I mostly use HAProxy and Caddy. Here's my basic setup:

1. HAProxy at the edge VPS - routes requests to machines based on SNI
2. WireGuard VPN - connects my internal devices to my VPS
3. Caddy in Docker - runs on internal network on my NAS/homelab - manages LetsEncrypt renewals and reverse proxies to internal Docker network
4. Nginx in Docker - FE for NextCloud; this simplifies things so all my TLS is handled in one place, and Caddy doesn't need to touch files

I use a local DNS server on my router so my domains can route directly to Caddy instead of going over the internet when on my network, otherwise I may just have HAProxy handle LetsEncrypt certificates.

From what I can tell, Nginx is a little more efficient than Caddy, but Caddy is plenty fast for my needs. I'm considering switching from NextCloud to the new ownCloud Infinite Scale, and if I do, I'd ditch nginx completely.

Nginx "just works(tm)" had never got into the way, its been rock solid and has not changed significantly over the years.

Why would I need something else?

Often I already have nginx running for serving some static content anyway.

Otherwise, I’m traefik all the way.

Nginx was the easiest to setup for me at the time and I've no reason to fix what isn't broken.

Caddy's developer gives me the ick. He's way too pompous in PRs on GH. nginx is just a constant -- it does exactly what you need to and does it well.

• simple config & setup
• good performance
• popular/packaged by every single distro
• just works

TLDR: probably a lot of people continue using the thing that they know if it just works as long as it works well enough not to be a bother.

Many many years ago when I learned, I think the only ones I found were Apache and IIS. I had a Mac at the time which came pre installed with Apache2, so I learned Apache2 and got okay at it. While by release dates Nginx and HAProxy most definitely existed, I don't think I came across either in my research. I don't have any notes from the time because I didn't take any because I was in high school.

When I started Linux things, I kept using Apache for a while because I knew it. Found Nginx, learned it in a snap because the config is more natural language and hierarchical than Apache's XMLish monstrosity. Then for the next decade I kept using Nginx whenever I needed a webserver fast because I knew it would work with minimal tinkering.

Now, as of a few years ago, I knew that haproxy, caddy, and traefik all existed. I even tried out Caddy on my homelab reverse proxy server (which has about a dozen applications routed through it), and the first few sites were easy - just let the auto-LetsEncrypt do its job - but once I got to the sites that needed manual TLS (I have both an internal CA and utilize Cloudflare' origin HTTPS cert), and other special config, Caddy started becoming as cumbersome as my Nginx conf.d directory. At the time, I also didn't have a way to get software updates easily on my then-CentOS 7 server, so Caddy was okay-enough, but it was back to Nginx with me because it was comparatively easier to manage.

HAProxy is something I've added to my repertoire more recently. It took me quite a while and lots of trial and error to figure out the config syntax which is quite different from anything I'd used before (except maybe kinda like Squid, which I had learned not a year prior...), but once it clicked, it clicked. Now I have an internal high availability (+keepalived) load balancer than can handle so many backend servers and do wildcard TLS termination and validate backend TLS certs. I even got LDAP and LDAPS load balancing to AD working on that for services like Gitea that don't behave well when there's more than one LDAPS backend server.

So, at some point I'll get around to converting that everything reverse proxy to HAProxy. But I'll probably need to deploy another VM or two because the existing one also has a static web server and I've been meaning to break up that server's roles anyways (long ago, it was my everything server before I used VMs).

The only reason that I tend to use it is because of the included webserver. It's not bad but the paywalling of functionality needed for it to be a proper LB left a bad taste in my mouth. That and HAProxy blows out of the water in all tests that I've done over the years where availability is at all a concern. HAProxy also is much more useful when routing TCP.

Caddy certainly was the easier option but it's as complex as nginx now and id argue it's hard to to use.

I use Traefik because it solved a problem with the static configuration approach which Nginx had / still has.

In a scenario with multiple services behind Nginx, taking one down or replacing an instance is massive headache. I tried to script around it, but basically the Nginx container would choke on the fact that a service does not [yet / anymore] exist, and together with the docker networking stack it turned out to be an insurmountable problem.

Traefik otoh discovers services based on (in my case) labels on the docker containers running locally. And then updates the configuration on the fly.

Basically the static approach to configuration resulted in massive headache when I needed to enable zero downtime deployments and updates behind Nginx. And Traefik handled it perfectly without dropping a single request.

Nowadays I manage my dynamic configuration with ansible and update the values in for the file-based configuration provider with a playbook. I don't need a UI to manage my inventory, I use ansible for that. Traefik handles the rest perfectly.

Why not? Why should I use Apache instead of Nginx? I don't know about Caddy, Nginx is simple enough not to care about simpler solutions. But in general, I know Nginx and it does the job.

It's pretty good, innit?

Security

Caddy is good but it tried to do to much. This means that security bugs could be way more common. It has been audited by outside people and the issues they found were fixed but I am will very doubtful that it is secure yet

It just works and it's in every distros default repo, it's pretty easy to set up and can be a webserver for static files, PHP sites, etc.. It can be a reverse proxy for HTTP(s) traffic or just forward TCP/UDP.

There's also endless documentation out there for how to do something in nginx.

HAProxy is a nightmare to use in my experience. It just feels so clunky and old.

Caddy is nice, but downloading and updating it is a pain because you need modules that aren't included in the repo version.

I learned nginx when I was hosting websites. I had it set up and running when it was time to add reverse proxies into my setup. It didn't take much more from the virtual hosts I was already using.

Now, I don't host many individual sites anymore and haproxy has a plugin on my firewall for the handful of services I run now.

Counter question: Why does everyone call it "engine X" and not "enjinx", which would be the way cooler pronunciation?

Traefik + CrowdSec + Authelia ftw