Web Server Load Balancing with NGINX Plus

More than ever before, enterprises are recognizing that digital transformation is critical to their survival. In fact, the Wall Street Journal reports that executives currently see legacy operations and infrastructure as the #1 risk factor jeopardizing their ability to compete with companies that are “born digital”.

Cloud, DevOps, and microservices are key technologies that accelerate digital transformation initiatives. And they’re paying off at companies that leverage them – according to a study from Freeform Dynamics, commissioned by CA Technologies, organizations that have adopted DevOps practices have achieved 60% higher growth in revenue and profits than their peers, and are 2x more likely to be growing at more than 20% annually. Enterprises are also modernizing their app architectures – 86% of respondents in a survey commissioned by LightStep expect microservices to be their default architecture in 5 years.

We unveiled the NGINX Application Platform in late 2017 to enable enterprises undergoing digital transformation to modernize legacy, monolithic applications as well as deliver new, microservices‑based applications and APIs at scale across a multi‑cloud environment. Enterprises deploy the NGINX Application Platform to improve agility, accelerate performance, and reduce capital and operational costs. Since the launch, we have been introducing enterprise‑grade capabilities at a regular pace to all of the component solutions, including NGINX Controller, NGINX Plus, and NGINX Unit. This blog outlines key updates to the NGINX Application Platform and NGINX Ingress Controller for Kubernetes since the beginning of 2019.

The following table summarizes the new features and benefits introduced to each component since the beginning of 2019. For details, see the linked sections that follow.

Component Feature Benefits
NGINX Controller Load Balancing Module Policy‑based approach to configuration management using configuration templates Prevent misconfigurations and ensure consistency

Save time

Easily scale application of configurations across multiple NGINX Plus instances

ServiceNow integration Streamline troubleshooting workflows
NGINX Controller API Management Module Filtering and searching

Environment‑specific API definition visualizations

Improved usability:

  • More flexible API definition
  • Easy to filter and search by hostname and APIs
NGINX Plus Dynamic certificate loading

Shared configuration across cluster members

Simplified configuration workflows
Support for port ranges in server listen configuration NGINX Plus can be deployed as a proxy for an FTP server in passive mode
Certificates and keys can be stored in in‑memory key‑value store

Support for opaque session tokens

Enhanced security:

  • Secrets cannot be obtained from deployment images or filesystem backups
  • No personally identifiable information is stored on the client
TCP connection can be closed immediately when the server goes offline Improved reliability:

  • Client reconnects to a healthy server right away, eliminating delays due to timeout
NGINX Unit Experimental (beta-level) support for Java servlet containers Support for the most popular enterprise programming language brings the number of supported languages to seven
Internal routing Multiple applications can be hosted on the same IP address and port

Granular control of the target application

NGINX Ingress Controller for Kubernetes NGINX custom resources Using native Kubernetes-style API simplifies configuration
Additional Prometheus metrics Quick detection of performance and availability issues with the Ingress Controller itself
Load balancing traffic to external resources Easier migration to Kubernetes environments
Dedicated Helm chart repository Easy and effortless deployment of NGINX in Kubernetes environments

Updates in NGINX Controller 2.0–2.4

We have adopted a SaaS‑like upgrade cadence for NGINX Controller – we release a new version consisting of new features (sometimes minor, sometimes major) and bug fixes on a monthly basis.

Load Balancing Module in NGINX Controller 2.0–2.4

The Load Balancing Module in NGINX Controller enables you to configure, validate, and monitor all your NGINX Plus load balancers at scale across a multi‑cloud environment.

There are two primary enhancements to the Load Balancing Module:

  • Policy‑based approach to configuration management – You can create configuration templates for your NGINX Plus load balancers, including environment‑specific templates – for example, one for production environments and another for test environments. These templates save time, help you achieve scale, and eliminate issues due to misconfiguration. They can be version‑controlled, and you can revert to a ‘golden image’ in case there are any problems.
  • Integration with ServiceNow – You can streamline troubleshooting workflows by forwarding alerts from NGINX Controller to ServiceNow.

For more details about the changes to the Load Balancing Module, see our blog.

API Management Module in NGINX Controller 2.0 –2.4

The API Management Module empowers Infrastructure & Operations and DevOps teams to achieve full API lifecycle management including defining, publishing, securing, managing traffic, and monitoring APIs, without compromising performance. Built on an innovative architecture, and using NGINX as the data‑plane component, it is well‑suited to the needs of both traditional applications and modern distributed applications based on microservices.

The API Management Module became generally available in January of 2019. Since then, we’ve been hard at work on usability improvements to the API Definitions interface:

  • Entry point hostnames are color‑coded to indicate the state of the NGINX Plus API gateway configuration:
    • Grey – Config not pushed to the entry point
    • Green – Config pushed and all associated instances are online
    • Yellow – Config pushed but some instances remain offline
    • Red – Config pushed but all instances are offline
  • New card layout for API definitions to easily visualize and access different environments
  • Ability to filter by API name and hostname
  • Warnings when parts of the API definition are not routed to backend services
  • Error responses for unknown API endpoints (404 errors) can be customized

For details on defining APIs with the API Management Module, see our blog.

NGINX Plus R18

NGINX Plus’ flexibility, portability, and seamless integration with CI/CD automation tools help accelerate enterprise adoption of DevOps. NGINX Plus R18 advances this objective by simplifying configuration workflows and enhancing the security and reliability of your applications. Key enhancements in NGINX Plus R18 include:

  • Simplified configuration workflows

    • Dynamic certificate loading – TLS certificates are loaded into memory only when a request is made for a matching hostname. You can save time and effort by automating the upload of certificates and private keys into the key‑value store using the NGINX Plus API. This is especially ideal for deployments with large numbers of certificates or when configuration reloads are very frequent.
    • Support for port ranges for server configurations – You can specify port ranges for a virtual server to listen on, rather than just individual ports. This also allows NGINX Plus to act as a proxy for an FTP server in passive mode.
    • Simplified cluster management – NGINX Plus R15 introduced synchronization of runtime state across a cluster of NGINX Plus instances. This release enhances clustering by enabling the same clustering configuration to be used on all members of the cluster. This is particularly helpful in dynamic environments such as AWS Auto Scaling groups or containerized clusters.
  • Enhanced security

    • Minimizing exposure of certificates – With this release, NGINX Plus can load certificates and the associated private keys directly from the in‑memory key‑value store. Not storing secrets on disk means attackers can no longer obtain copies of them from deployment images or backups of the filesystem.
    • Support for opaque session tokens – NGINX Plus supports OpenID Connect authentication and single sign‑on for backend applications. NGINX Plus R18 adds support for opaque session tokens issued by OpenID Connect. Opaque tokens contain no personally identifiable information about the user so that no sensitive information is stored at the client.
  • Improved reliability

    • Enabling clients to reconnect upon failed health checks – NGINX Plus active health checks continually probe the health of upstream servers to ensure traffic does not get forwarded to servers that are offline. With this release, client connections can also be terminated immediately when a server goes offline for any of several reasons. As client applications then reconnect, they are proxied to a healthy backend server, thereby improving the reliability of your applications.

For more details about NGINX Plus R18, see our blog.

NGINX Unit 1.8.0

NGINX Unit is an open source lightweight, flexible, dynamic, polyglot app server that currently supports seven different languages. So far this year we have improved NGINX Unit with:

  • Experimental support for Java servlet containers – According to a report from the Cloud Foundry Foundation, an open source Platform-as-a-service project, Java is the dominant language for enterprise development. Addressing a request from many of our users, we introduced beta‑level support for Java servlet containers in NGINX Unit 1.8.0. Java is a registered trademark of Oracle and/or its affiliates.
  • Internal routing – Internal routing enables granular control over the target application. With this support, you can run many applications on the same IP address and port. NGINX Unit can determine which application to forward requests to based on host, URI, and HTTP method. Sample use cases for internal routing include:
    • POST requests that are handled by a special app, maybe written in a different language.
    • Requests to administrative URLs that need a different security group and fewer application processes than the main application.

For more details about NGINX Unit 1.8.0, see our blog.

NGINX Ingress Controller for Kubernetes 1.5.0

NGINX is the most deployed Ingress controller in Kubernetes environments. NGINX Ingress Controller for Kubernetes provides advanced load balancing capabilities including session persistence, WebSocket, HTTP/2, and gRPC for complex applications consisting of many microservices. Release 1.5.0 introduces the following capabilities:

  • Defining ingress policies using NGINX custom resources – This is a new approach to configuration that follows the Kubernetes API style so that developers get the same experience as when using the Ingress resource. With this approach, users don’t have to use annotations – all features must now be part of the spec. It also enables us to support RBAC and other capabilities in a scalable and predictable manner.
  • Additional metrics – Provided by a streamlined Prometheus exporter, new metrics have been introduced in this release to quickly detect performance degradations and “uptime” of NGINX Ingress Controller itself.
  • Support for load balancing traffic to external services – The NGINX Plus Ingress Controller can now load balance requests to destinations outside of the cluster, making it easier to migrate to Kubernetes environments.
  • Dedicated Helm chart repository – Helm is becoming the preferred way to package applications on Kubernetes. Release 1.5.0 of the NGINX Plus Ingress Controller is available via our Helm repo.

For more details about NGINX Ingress Controller for Kubernetes 1.5.0, see our blog.

Continued Investments in NGINX

Looking ahead, now that we are part of F5 Networks we are planning to bolster our investments in open source as well as the NGINX Application Platform. F5 is committed to the NGINX open source technology, developers, and community. We anticipate that the additional investments will inject new vigor into open source initiatives and will enable us to develop open source features, host more open source events, and produce more open source content. Read this blog from Gus Robertson, GM of the NGINX business unit, on F5’s commitment to open source.

We also expect more cross‑pollination across our solutions – we want to leverage the rich security capabilities that F5 offers and embed them into NGINX solutions. F5 solutions will become more agile, flexible, and portable without compromising on reliability, security, and governance. We are excited for what comes next. Follow us on Twitter and LinkedIn to learn about updates to the NGINX Application Platform.

Please attend NGINX Conf 2019 to learn more about our vision for the future with F5. You will hear about new product releases and our roadmap plans as well as have an opportunity to learn from industry luminaries.

Hero image
NGINX 企阅版全解析



Karthik Krishnaswamy

Director, Product Marketing for NGINX


F5, Inc. 是备受欢迎的开源软件 NGINX 背后的商业公司。我们为现代应用的开发和交付提供一整套技术。我们的联合解决方案弥合了 NetOps 和 DevOps 之间的横沟,提供从代码到用户的多云应用服务。访问 了解更多相关信息。