Nginx like webserver implemented in rust


#1

Do you know any rust project as a nginx like webserver?
I mean a drop-in replacement for nginx?
Nginx is good but it’s implemented in C and it’s working with lots of untrusted inputs …is it safe for that purpose? can we implement a better one?
And I mean a completely similar webserver to nginx which works with existing configuration files and the user just need to replace nginx with that and everything working.


#2

I was just thinking about this today too, on the back of the Cloudflare issue (not an nginx issue itself though, per se). It would be a lot of work to reimplement, but probably a fun project. Surprisingly (given its proliferation and being exposed to the wild web), (AFAIK) nginx hasn’t had many security issues.


#3

the truth is nginx didn’t have many security issues but who knows what will happen tomorrow?
I personally use nginx myself and if I know there is a stable and safer software out there which I can use without re configuring all the stuff, I will replace my nginx without doubt.


#4

Right, a safer (by construction) but just as performant alternative would be great. I was merely pointing out that it’s somewhat impressive that it hasn’t been pwned more :slight_smile:


#5

I mean a drop-in replacement for nginx ?

There isn’t any. Certainly not drop-in. And one of the problems would be that Nginx supports (and is widely used) on platforms not supported by Rust.

http://nginx.org/en/security_advisories.html

Perhaps not many compared to some of its competitors, but still some. And that list doesn’t include many 3rd party modules.

can we implement a better one?

We certainly could.


#6

What do you mean by platform? can you give me an example?


#7

I meant CPU architectures: various ARM variants and others. See https://forge.rust-lang.org/platform-support.html for a list of things where Rust does work, I am not sure there is a list of architectures where it doesn’t, but it wouldn’t be small.


#8

I think that’s not a big deal!
Supporting major and common architecture could be a great starting point.
As rust grows we can grow and support more architectures.


#9

This would be a massive undertaking. nginx has a significant number of features. I have thought about this as well, and with the hyper crate getting futures/tokio support soon, this will be even easier. But there is still a serious number of features to implement, so having a drop in replacement could take quite a bit of time.

It might be interesting to collect the most common use cases people have as an initial MVP/feature set and build towards that. I have been considering doing this for a custom layer4/7 router, but have yet to find a reason not to just use nginx…


#10

there is no doubt that nginx is a good webserver and that’s not the point!
Rust community need projects that can actually show how powerful is Rust.
this project is a good candidate!


#11

No doubt this would be a lot of fun. I’m not suggesting at all that it wouldn’t be an awesome thing to start. I’m for Rust all the things!

I’ve wanted this myself, and for the specific use case I mentioned. The challenge I have is selling this project at work. I may have a reason to do it that involves implementing health monitors on the router for different nodes. This would be cool because of the ease of implementing state machines in Rust, it would be great for me.

The point I’m making is that if we can collect usecases, we can start working towards a common goal… I’ve decided to hold off until the hyper integration with tokio stabilizes before starting something like this.


#12

I have started https://github.com/hjr3/weldr with this goal in mind. I have some opinions that are different from nginx, but I hope to create a compelling alternative.

You can read http://hermanradtke.com/2017/02/15/weldr-reverse-proxy-initial-release-rust.html for some of my future thoughts.


#13

For a start you can write nginx modules in Rust.

Linking with C programs is where Rust shines, and in nginx the modules are the place where most complex and less-tested code lives. Cloudbleed was caused by a custom nginx module, not the nginx core itself.


#14

Writing nginx modules in Rust might be better than in plain C.
However, without good wrapper of nginx API in Rust, it should be a lot of unsafe code, .
Maybe it could be a starting point of making nginx more safe (writing Rust wrapper for nginx API).


#15

I know @pcwalton has been dreaming of doing this. It’d be a great way to show off Rust and Tokio/Hyper…


#16

I have the same idea for drop-in replacement for Nginx, what would be the languages to be supported?

Perhaps, more like Vert.x to supported a few languages? It will be a huge undertaking.


#17

There is this project https://github.com/swindon-rs/swindon