Recently, a former employee of F5 and main contributor of the Nginx project announced the fork Freenginx of the popular web server. The new project was started to address a security dispute and wants to be a drop-in replacement of Nginx, run by developers rather than corporate entities. Maxim Dounin, formerly principal software engineer at F5, provides insights into the fork:
Unfortunately, some new non-technical management at F5 recently decided that they know better how to run open-source projects. In particular, they decided to interfere with the security policy Nginx has used for years, ignoring both the policy and the developers' position.
Originally developed by Igor Sysoev and currently maintained by F5, Nginx is open-source software for web serving, reverse proxying, caching, load balancing, and media streaming. According to the Web Server Survey, even two decades after its initial launch, Ngnix remains the leading web server serving 23.21% of all sites. In a popular thread on Hacker News, user sevg points out:
Worth noting that there are only two active "core" devs, Maxim Dounin (the OP) and Roman Arutyunyan. Maxim is the biggest contributor that is still active. Maxim and Roman account for basically 99% of the current development. So this is a pretty impactful fork.
In his announcement on the nginx-devel mailing list, Dounin highlights the initial dispute that prompted Nginx to issue a security patch addressing two critical vulnerabilities. He adds:
I am no longer able to control which changes are made in Nginx within F5, and I no longer see Nginx as a free and open-source project developed and maintained for the public good. As such, starting from today, I will no longer participate in Nginx development as run by F5. Instead, I am starting an alternative project, which is going to be run by developers, and not corporate.
Freenginx is not the first fork and drop-in replacement for Nginx: Angie was created by other Russian Nginx developers when F5 left Russia in 2020 and it is currently managed by the Russian company Web Server. Diogo Baeder, lead backend developer at DeepOpinion, comments:
Nginx is an incredible software and platform, but I was wondering if it wouldn't be time to just bite the bullet and create a more modern solution based on Rust. Having a solution that follows a similar model, "understands" the Nginx configuration language, and reaches similar performance levels, but with the memory safety and wide community adoption of Rust could lead to an amazing new project - perhaps even doing to Nginx what Nginx did to Apache HTTP.
Vincentz Petzholtz, network engineer and architect, is less optimistic and adds:
Sometimes a fork is all you can do when a project is taken into a difficult direction. In the end, the users will vote with the adoption and install-base.
The first release version is Freenginx-1.25.4 under the same BSD license as Nginx. Dounin has provided access to a read-only Mercurial repository, discarding for now the option to migrate to GitHub. The project started a new developer mailing list.