Ferron is a fast, production-ready web server with automatic TLS and configuration that stays readable — so you can go live in minutes.
Watch, as Ferron serves a website with automatic TLS setup in minutes.
Configuration should be clear, predictable, and calm — not something you have to wrestle with.
A simple reverse proxy grows into dozens of directives. Nested blocks. Hidden interactions. Small changes feel risky.
Which rule runs first? Why did that condition match? What changed after reload?
TLS needs extra setup. Reloads feel uncertain. Debugging requires guesswork.
Built for fast setup, predictable behavior, and reliable performance in production.
Simple, intuitive configuration with sensible, secure defaults and comprehensive documentation.
Automatic SSL/TLS certificate acquisition and renewal with Let's Encrypt integration.
Thoroughly optimized for speed with support for high concurrency.
Built with memory safety as a priority, eliminating common security vulnerabilities.
Advanced reverse proxy capabilities with support for load balancing and health checks.
Predictable behavior under load, with automatic retries and optional health checks.
Choose your platform and get Ferron running with a single command.
Command not availableClear defaults. Minimal directives. Predictable behavior, even as your setup grows.
server {
listen 80;
listen 443 ssl http2;
server_name example.com;
server_tokens off;
# Assuming you use Certbot for automatic certificate management
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
root /var/www/html;
gzip on;
location / {
try_files $uri $uri/ =404;
}
}// TLS certificate is obtained automatically by Ferron
example.com {
root "/var/www/html"
}upstream backend {
server localhost:3000;
keepalive 32;
}
server {
listen 80;
listen 443 ssl http2;
server_name example.com;
server_tokens off;
# Assuming you use Certbot for automatic certificate management
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
location / {
proxy_pass http://backend/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}// TLS certificate is obtained automatically by Ferron
example.com {
proxy "http://localhost:3000"
}server {
listen 80;
listen 443 ssl http2;
server_name example.com;
server_tokens off;
# Assuming you use Certbot for automatic certificate management
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
root /var/www/html;
index index.php index.html index.htm;
location / {
gzip on;
try_files $uri $uri/ =404;
}
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php/php-fpm.sock;
set $path_info $fastcgi_path_info;
fastcgi_param PATH_INFO $path_info;
fastcgi_index index.php;
# The "fastcgi.conf" is located in the NGINX configuration directory (at least on Debian-based systems)
include fastcgi.conf;
}
}// TLS certificate is obtained automatically by Ferron
example.com {
root "/var/www/html"
// Check if the PHP-FPM socket file is accessible by the web server user, often "ferron"
fcgi_php "unix:///var/run/php/php-fpm.sock"
}High performance under real-world web workloads, without having to do expert-level tuning.
Designed for large numbers of simultaneous connections without artificial keep-alive limits or backend pool starvation.
Optimized for modern protocols (HTTP/2 and experimental HTTP/3), allowing for efficient multiplexing and low-latency connections.
Asynchronous event-driven architecture provides predictable performance and lower memory usage under load.
High performance out of the box; you don't have to adjust worker counts, pools, or any other hidden limits.
Ferron is an open-source project built by developers like you. Whether you're a contributor or just using Ferron, you're welcome to join its community.
Improve Ferron by reporting issues, suggesting features, or submitting code.
Join our community on Matrix to chat with others who use Ferron.
Don't take our word for it; hear from people who have seen Ferron and are using it every day.
You may want to check out what Ferron is doing. I've been using it for a few months. Highly recommend. (...) Significantly easier to set up than nginx, and by far the most effortless auto TLS integration. (...) Highly recommend using the v2 docker images though. It now uses KDL for configuration, which is much cleaner than YAML. The syntax is versatile enough that you can create a custom DSL of sorts. Ferron uses it to replicate if statements, and uses them to filter access by IP or headers.
Michael Murphy
Engineer at System76 and Pop!_OS maintainer
I just switched to @ferronweb on my pi to serve services at home. Imho ferron is just way easier to configure than anything else.
Andreas Wachter
just tried it for serving a fastapi. It's fantastic. Instant TLS via Let's Encrypt. There may be other webservers that are equally easy, but this one is certainly easier than Apache or ngninx, which I used so far. Love it.
Thomas Walther
Founded and sold an AI startup to Spotify
Deploy in minutes, configure with clarity, and run with confidence — from first setup to production.