Nginx vs Varnish vs Apache Traffic Server – High Level Comparison

Categories

When building a CDN, companies have several options in terms of choosing an open source caching platform to help deliver their content to users with speed, security and reliability. While none of these proxy servers can be exclusively titled a winner over the rest, each of them have their pros and cons for building a CDN, which we’ll discuss here in a comparative view of their features and functionality.

What makes it so difficult to directly compare each of these three proxy servers is the fact that the differences in their architecture affect the features that they excel at. Beginning with Apache TS, it became widely known for its use by Yahoo!, processing over 30,000 requests per second and serving more than 30 billion web objects a day across the Yahoo! network. Since its inception as an open source software back in 2009, Apache TS has taken over the market as one of the leading proxy servers, distributing content to millions of users on a daily basis, often lauded as the most popular proxy server on the market. Apache TS uses a hybrid event-driven engine with a multi-threaded processing model to handle incoming requests. This means that it scales very well on modern multi-core servers even though it was designed for an older generation of servers.

Nginx came about in 2002 with a more direct focus on addressing concurrency issues in their architecture, using an asynchronous event-driven connection handling algorithm. They created a fast looping mechanism that continuously checks and processes events so each worker only concerns itself with a connection when a new event is triggered. This means that Nginx does not create new threads for each request, handling multiple connections and requests in one work processor.

Lastly, Varnish, the youngest of the three, was designed in 2006 with architecture similar to Apache TS, managing a thread pool that uses one thread per each connection. But unlike Apache TS or Nginx, it was written from the ground up to function solely as a high performance HTTP accelerator that functions by using the host operating system’s memory management abilities and threading abilities to cache content at higher capacities. The results proved much higher flexibility when handling the cached material and choosing what to store,

In order to better see a side by side of the objective features offered by each, below is a table reflecting their respective features.

 Features Apache TS Nginx Varnish
Reverse Proxy Yes Yes Yes
Forward Proxy Yes No No
Transparent Proxy Yes No No
Cache Yes Yes Yes
ESI Yes No Yes
ICP Yes No No
SSL Yes Yes No
SPDY Yes Yes No
Load Balancer Yes Yes Yes
DDoS Protection Yes Yes Yes
Streaming Server Yes Yes Yes
Support No Yes Yes

It’s clear from the table that Apache TS is the most inclusive in its features, but just because Apache TS offers more capabilities in one package, doesn’t make it superior in functionality.

One key function that administrators should keep in mind is the flexibility of the configuration. Apache TS and Varnish both include options to allow for a more distributed configuration on a per-directory basis by interpreting .htaccess files in the content directories. This distributes the configuration of the server, which can be useful for implementing URL rewrites, access restrictions, authorization and authentication, and caching policies.

Nginx on the other hand has less flexibility with a more centralized configuration since it does not evaluate these files out of the main configuration file. But the advantage of this proves to be that Nginx can serve requests faster by doing a single-directory search when requested. It also has proven to be more secure, ensuring the administrator has full control over the server.

Another important factor to consider is how each of these proxy servers reacts to high traffic situations. With modern Internet demands, it’s key for your caching platform to come with load balancing capabilities, but each system has its own strengths and weakness when handling increased traffic. Comparative reports to other load balancers on the market show that Nginx has more functionality than most, with a more complex configuration that supports HTTPS, heavier loads, and plugins to help distribute traffic by geo-location.

Comparatively, Varnish has a less complex infrastructure, which may be easier for configuration purposes, but does not perform as well as Nginx when monitoring back-end nodes. Also since Varnish doesn’t support SSL termination, it requires more third party components. As the newcomer, Varnish has also seen issues with supporting high volume traffic at the same power level that Apache TS has managed to sustain given their decades of growth and adaptability while forming the Yahoo! network.

One of the biggest comparative features between these three web servers is how they handle static and dynamic material. Nginx by far exceeds all others in side-by-side analysis of speed when it comes to retrieving static material. Since its server is single-threaded and processes are not spawned to handle each new connection, it does not see the same issues that Apache TS has, which may result in more memory usage and slower recovery. Varnish however excels above the others when it comes to flexibility of caching and purging content, especially when you have more complex cache structures.

Varnish is also unique in the fact that they have a Grace Mode feature that allows you to access cached material past its TTL expiration. This is useful if the backend goes down because then Varnish can keep serving stale resources until the maintenance is finished.

Another important factor to be considered in choosing a caching platform is the security. Unlike Varnish, Nginx and Apache TS have the ability to use SSL termination. You can also configure Apache TS to use multiple DNS servers to match the site’s security configuration, verifying that clients are authenticated before they can access content from the cache.

Varnish has had little vulnerabilities in security since implementation, with software founder Per Buer citing that their “security track record is excellent.” While Nginx also supports high levels of security, especially for fighting DDoS attack with features including limiting the rate of requests, limiting number of connections, closing slow connections, blacklisting IP addresses and so on.

What’s clear from looking at all three proxy servers both individually and comparatively, is that they have their pros and cons, which I’ve related for you below.

Apache Traffic Server

Pros

  •      Can be configured as both reverse and forward proxy
  •      SSL Termination to simplify and enhance security
  •      Ability to serve in a cache hierarchy—internet requests not fulfilled from one cache are routed to other regional caches
  •      Ubiquity and longevity means lots of third party support

Cons

  •      Load Balancing is only offered as an experiment plug-in.
  •      No dedicated support system
  •      Not designed with concurrency issues in mind, potential for deadlocking
  •      Analysis shows slower speeds when retrieving static material

Nginx

Pros

  •      Fastest retrieval of static content
  •      Awareness of concurrency issues leads to faster speeds and less memory usage
  •      Processes requests as URI, which allows for better function in web, mail and proxy server roles
  •      Offers Nginx Plus, a paid support resource

Cons

  •      Requires external party to retrieve dynamic content
  •      Limitations with Memcached storage. Issues with storing HTTP headers with data
  •      Module system less flexible, cannot shift between them as fluidly

Varnish

Pros

  •      Purging capabilities
  •      Grace mode: keeps objects in cache even after their TTL expired
  •      Architecture exclusively designed as a modern web accelerator
  •      ESI capabilities allows you to split up web page components and cache them individually
  •      Varnish Enterprise subscription offers support resources
  •      Internal rewriting and redirecting of URL’s

Cons

  •      No SSL or SDPY compatibility
  •      Must be paired with other caching serves to perform entire scope of functions
  •      Thread-pooling architecture must be supported by memory and CPU

Each proxy server has strengths and weakness, with some companies pairing features from different platforms to perform separate tasks, like using Nginx as the reverse proxy with Apache TS to cover the backend, for example.

Apple and Comcast recently announced that they used Apache TS to build their CDN, while other sites like Netflix and CloudFlare decided to go with Nginx. Varnish on the other hand has been on the up with Fastly using their server, praising their speeds with dynamic material and instant purging capabilities. Overall, there’s no one solution to which proxy server outranks the rest, so do your homework to weigh the options of what features and functions best suit your needs.

Scroll to Top