Join Log in
Score:0
Typewar avatar Server

Performance, Security and Scalability of nginx proxy vs ssh tunnel

in flag
Typewar

I'm wondering about the difference in performance, security and scalability for nginx and ssh tunnel for a web application.

For my case, I have a VPS set up, whos only job is to forward the traffic to my home router. This traffic travels between the 2 servers unencrypted (HTTP) and I think it would be easier to use a SSH tunnel for this case instead of having to set up HTTPS twice.

I could not find a lot of information online comparing the two. Some people said SSH tunnel was a "cheap" and "dirty" setup?

I know they do a lot of different things for its different purposes, but in this simple case I don't think nginx is necessary.

For a clarification between the two:

Nginx:

VPS (Accepts HTTPS, forwards HTTP) → Home server (Accepts HTTP)

# VPS Server configuration
server {
    listen 443 ssl;

    server_name domain.com;

    ssl on;
    ssl_certificate /etc/letsencrypt/live/domain.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/domain.com/privkey.pem; # managed by Certbot


    location /.well-known {
        root /var/www/ssl/domain/;
    }

    location / {
        proxy_pass http://95.245.xxx.xxx:80;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_cache_bypass $http_upgrade;
        real_ip_header X-Real-IP;
        real_ip_recursive on;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }
}

SSH Tunnel:

VPS (Accepts HTTPS, forwards through SSH Tunnel) → Home server (Accepts SSH)

This requires nginx to do the SSL handling

# From the VPS
ssh -A -t -g -N -L 80:localhost:80 [email protected] -o ServerAliveInterval=30

Perhaps tunneling the HTTPS itself could work, removing the use of nginx on the VPS completely, but this creates a double layer of security, that might slow it down (?)

# From the VPS
ssh -A -t -g -N -L 443:localhost:443 [email protected] -o ServerAliveInterval=30

As far as I know, I think SSH is more easier and secure to set up, but is it faster? How well does it scale (scale, as in increase in traffic) compared to nginx?

29
0 + 0
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.