Nginx (pronounced "engine x") has become so popular as a Web server, with an estimated installed base of 140 million websites, that it now runs 38.8 percent of the top 1,000 websites as ranked by Alexa this spring, surpassing Microsoft and Apache servers. It also has attracted the attention of Canonical, which has decided to support it as a component of its Ubuntu Server Linux distribution.
The first-ever Nginx Conference was held in Burlingame, Calif., this week, further affirming the open source Web server's status as a member of the big leagues of technology. InfoWorld Editor-at-Large Paul Krill dropped in on the event and chatted with Igor Sysoev, co-founder of Nginx and developer of its namesake technology, and Andrew Alexeev, also a co-founder, to talk about what to expect from Nginx and touch on issues surrounding it.
InfoWorld: What was your intent in developing Nginx? Did you develop it because of weaknesses in the Apache Web server in serving up high-volume traffic, or were there other reasons?
Sysoev: I have developed Nginx to be more scalable than the Apache Web server, to be able to handle even hundreds of thousands of connections.
InfoWorld: According to W3Techs, Nginx is now the most popular Web server among top sites. Does this surprise you?
Sysoev: No, it does not surprise me.
InfoWorld: What is next for Nginx? What features are you planning to add?
InfoWorld: When do you see these enhancements being added to Nginx?
Sysoev: Probably in the next year.
InfoWorld: Due to its growing popularity, Nginx has become an attack target. What steps are being taken to secure Nginx?
Sysoev: We try to make Nginx as secure as possible. Nginx is actually has a minor number of security bugs, security issues…. The main goals when I started to develop Nginx were scalability, robustness, and security.
Alexeev: We have a regular process of security audits. We have automated code analysis ongoing, and people fix the security issues all the time. Like Igor mentioned, Nginx has a history of being quite a secure product, basically. And it is open source, so people actually audit it themselves, and the largest companies use it. It's being used by 40 percent of the biggest websites in the world. Many large companies also do continuous audits of security and send us improvements.
InfoWorld: InfoWorld columnist Simon Phipps was critical of the release of the Nginx Plus Web server. He called the move a turn toward the proprietary. How do you respond to this criticism?
Alexeev: The existence of the company and the company doing commercial offerings is more beneficial to the open source product than the situation when the company didn't exist, because it allows us to maintain a team of core developers that work 100 percent of the time on the project versus doing it half time or in their spare time or on the weekends.
This addresses your question about security as well. Imagine what would happen if we have a security incident and there is no one to fix it, like in the next hour. What would happen? We have a team available to work on these issues, for instance, and this is simple because the company exists.
Prior to starting this company, Igor was doing it almost singlehandedly for 10 years. One of the main reasons for this company was that he wanted to establish a coherent, solid, professional development team for Nginx so the open source project [can exist]. That was one of the key reasons. To do that, we need to lead as a company, and to do well as a company, you need to [have] some commercial customers, and this is what we do.