1

I'm wondering about the difference in performance, security and scalability for nginx and ssh tunnel for a web application.

For my case, I have a VPS set up, whos only job is to forward the traffic to my home router. This traffic travels between the 2 servers unencrypted (HTTP) and I think it would be easier to use a SSH tunnel for this case instead of having to set up HTTPS twice.

I could not find a lot of information online comparing the two. Some people said SSH tunnel was a "cheap" and "dirty" setup?

I know they do a lot of different things for its different purposes, but in this simple case I don't think nginx is necessary.


For a clarification between the two:

Nginx:

VPS (Accepts HTTPS, forwards HTTP) → Home server (Accepts HTTP)
# VPS Server configuration
server {
    listen 443 ssl;

    server_name domain.com;

    ssl on;
    ssl_certificate /etc/letsencrypt/live/domain.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/domain.com/privkey.pem; # managed by Certbot


    location /.well-known {
        root /var/www/ssl/domain/;
    }

    location / {
        proxy_pass http://95.245.xxx.xxx:80;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_cache_bypass $http_upgrade;
        real_ip_header X-Real-IP;
        real_ip_recursive on;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }
}

SSH Tunnel:

VPS (Accepts HTTPS, forwards through SSH Tunnel) → Home server (Accepts SSH)

This requires nginx to do the SSL handling

# From the VPS
ssh -A -t -g -N -L 80:localhost:80 root@95.245.xxx.xxx -o ServerAliveInterval=30

Perhaps tunneling the HTTPS itself could work, removing the use of nginx on the VPS completely, but this creates a double layer of security, that might slow it down (?)

# From the VPS
ssh -A -t -g -N -L 443:localhost:443 root@95.245.xxx.xxx -o ServerAliveInterval=30

As far as I know, I think SSH is more easier and secure to set up, but is it faster? How well does it scale (scale, as in increase in traffic) compared to nginx?

Typewar
  • 157
  • 1
  • 10

0 Answers0