No announcement yet.

OpenBSD's Custom HTTP Web Server Is Set To Replace Nginx

  • Filter
  • Time
  • Show
Clear All
new posts

  • #11
    Originally posted by jake_lesser View Post
    blah blah blah.
    Terrible grammar, lack of technical details, and obvious bias makes you a shitty anti-BSD spokesperson. Go grind your ax somewhere else...


    • #12
      Originally posted by TheOne View Post
      Maybe they should just used hiawatha
      Well, the reason the moved to Nginx in the first place was it being more minimal and cleaner than their version of Apache. Then Heartbleed happened, and OpenBSD went full bore on making sure everything in base is well behaved in its memory handling. Nginx makes use of a lot of insane optimizations that make it incredibly speedy but hell to audit.

      Then last year at a hackathon the legend goes Reyk had realized relayd, an existing OpenBSD component he worked on was missing only a couple small bits of functionality to be a webserver. Those bits were added and httpd was born.

      When discussing OpenBSD security it is important to realize that most of where OpenBSD excels is in their extreme focus on handling memory safety. It's why when Google needed a libc for Android they mostly took OpenBSD's. Sure, they also put crypto where ever they can and do stuff like arc4random (which no longer uses arc4 so its now a backronym for "a replacement call for random) to make their crypto work as well as it can.

      Considering their goal of providing a base set of utilities which allow a person to do quite a bit with the tools in the default installation I appreciate that OpenBSD now provides a http server which better matches their approach on memory safety. Are there a number of cases where I'm more likely to use Nginx from ports on a production OpenBSD webserver, sure. It is much harder though to chase extra security through throwing dollars at a problem, when dollars can easily buy higher performing hardware.