NGINX, Inc. is proud to announce the availability of NGINX Plus Release 7 (R7), the latest release of our application delivery platform. The update provides a fully supported implementation of the new HTTP/2 web standard, the first of its kind for a leading web server. NGINX Plus can be deployed as a frontend HTTP/2 gateway and accelerator for both new and existing web services.
[Editor – This post has been updated to refer to the NGINX Plus API, which replaces and deprecates the separate status module mentioned in the original version of the post.]
The latest update also adds dramatic improvements and additional capabilities to ensure organizations can deliver their applications with the performance, security, and reliability required for enterprise applications. These include significant enhancements to make application monitoring, management, and debugging easier, and additional security and performance‑optimizing features.
Editor – For more details about key new features in NGINX Plus R7, see these related blog posts:
Also check out our on‑demand webinar, What’s New in NGINX Plus R7?
Key features in this release include:
Note: Based on user testing of the alpha‑level patch, and with the early support from corporate co‑sponsors Automattic and Dropbox, the final open source version of HTTP/2 will become available following the release of R7.
SO_REUSEPORT
option and currently requires Linux 3.9+ or DragonFly BSD.“We have helped hundreds of new customers deploy their applications with NGINX Plus in the past year, and our latest release is really about providing them with even more tools to ensure the best possible experience for their users,” states Gus Robertson, CEO at NGINX, Inc. “We are the fabric of our customer’s infrastructure, and that puts us in a unique place to be able to provide unparalleled visibility and control over the applications they deploy. We take our critical role in our customer’s business seriously, and the new capabilities in NGINX Plus R7 reflect that.”
Adoption of NGINX has grown considerably in recent months. NGINX is the #1 web server at the top 100,000 websites, with nearly half of the world’s busiest sites using NGINX to deliver their applications to billions of users. NGINX, Inc. continues to invest heavily in both our open source and commercially supported tools to make flawless application delivery easy for everyone – from the smallest, lightest apps up to the world’s largest platforms.
NGINX Plus R7 Features in Detail
This section provides a detailed overview of all the new features and functionality in NGINX Plus R7.
NGINX Plus R7 delivers support for HTTP/2, the latest version of the HTTP protocol, via the new nginx-plus-http2 package. HTTP/2 brings increased performance and security to modern web applications. NGINX Plus support for HTTP/2 works seamlessly with your existing sites and apps, without requiring any changes to them and only very minimal changes to the NGINX Plus configuration. NGINX Plus R7 is fully backward compatible and can deliver both HTTP/1.x and HTTP/2 traffic in parallel, for the best experience no matter what browser your users choose.
To ease the transition to HTTP/2, NGINX Plus acts as an “HTTP/2 gateway”. On the front end, NGINX Plus talks HTTP/2 to client web browsers that support it, and on the back end it talks HTTP/1.x (or FastCGI, SCGI, uWSGI, etc.) just as before. This means that servers and applications proxied by NGINX Plus will be unaffected by the move to HTTP/2, and don’t really even need to know which HTTP version their clients are using.
To support HTTPS and HTTP/2 side by side, NGINX Plus supports both the Next Protocol Negotiation (NPN) and Application‑Layer Protocol Negotiation (ALPN) extensions in TLS. These extensions are used to seamlessly upgrade an HTTPS connection to HTTP/2 if both client and server support HTTP/2.
The only configuration change required is to add the http2
parameter to existing listen
directives. Please note HTTP/2 is only supported when the ssl
parameter is also included:
server { listen 443 ssl http2 default_server;
}
To enable HTTP/2 support, install the nginx-plus-http2 package from the NGINX Plus repository. This package does not support SPDY/3.1. The standard nginx-plus and nginx-plus-extras packages support SPDY/3.1 rather than HTTP/2, and are currently recommended for production sites due to wider browser support and code maturity. Note that we currently don’t build an HTTP/2‑enabled version of the nginx-plus-extras package.
To learn more about HTTP/2:
NGINX Plus R7 includes a number of performance enhancements that can help your applications perform even better. It adds support for thread‑pool optimization, which offloads potentially blocking disk operations and improves the performance of workloads (such as content caching) that involve heavy disk I/O. NGINX Plus R7 also includes the socket sharding optimization (Linux 3.9+ or Dragonfly BSD required) that improves efficiency on large, multicore servers where large numbers of nginx processes handle traffic. They have been tested in the field in NGINX Open Source deployments, and are now fully supported as part of NGINX Plus.
Using thread pools in NGINX Plus can give you 9x better performance. It’s well known that NGINX uses an asynchronous, event‑driven approach to handling connections. But the asynchronous, event‑driven approach still has a problem: blocking. On Linux, disk operations are blocking, so during operations that involve a lot of disk I/O NGINX can spend a lot of time blocking rather than doing productive work.
Allocating a pool of threads that handle disk I/O alleviates this problem. Instead of going to disk itself, the NGINX worker process hands off the I/O operation to an available thread in the pool and then goes back to processing traffic as usual. When the disk operation is complete, the NGINX worker process is notified and can continue whatever work remains to be done to satisfy the request.
To enable thread pools just add the aio
threads
directive to a location
block:
location / { root /storage;
aio threads;
}
For a thorough overview of thread pools in NGINX, please see this blog post.
Socket sharding was first introduced in NGINX 1.9.1. This feature leverages the SO_REUSEPORT
socket option introduced in version 3.9 of the Linux kernel. When the option is enabled, the Linux kernel itself distributes new connections evenly across the NGINX worker processes in a round‑robin fashion. The worker processes then do the work of request limiting, caching, load balancing, and everything else you have configured.
Without SO_REUSEPORT
, new connections are put up for grabs to all available worker processes. The first to take a connection off the queue gets it. As there is no algorithm for distributing the load evenly, it can easily get skewed, with a few worker processes taking the majority of the load while others are underutilized. Its also inefficient to have processes fight over packets, as this can lead to lock contention.
Socket sharding can improve performance up to 3x by ensuring work is distributed evenly among NGINX worker processes. To enable this functionality, add the new reuseport
parameter to existing listen
directives.
server { listen 12345 reuseport;
# ...
}
To learn more about this feature, please refer to this blog post.
Note: This feature requires Linux kernel version 3.9 or later. Ubuntu 13.10 and later and Red Hat Enterprise Linux 7 and later include the required functionality.
NGINX Plus R7 adds even more features to improve the security of your applications. This section provides an overview of those features.
New features for TCP proxy and load balancing improve access control (limit by IP address), connection limiting (limit the number of concurrent connections per client or service), and bandwidth usage (limit the upstream or downstream bandwidth per connection). These features are already available for HTTP load balancing, and are used with great success for API metering and DDoS protection.
For more details, please see the related blog post, TCP Load Balancing in NGINX Plus R7.
In response to popular demand, NGINX Plus R7 can proxy and load balance applications that use Microsoft NT LAN Manager (NTLM) for authentication. NTLM is an authentication protocol used by many Microsoft products, particularly with legacy applications.
Our support for NTLM fulfills the security requirement that connections to backend servers are kept alive but not multiplexed, so that each NTLM‑authenticated client has a unique dedicated connection to the backend server.
To enable NTLM support, add the ntlm
directive in the configuration of HTTP upstream groups:
upstream backend { server 192.168.1.10;
server 192.168.1.11;
ntlm;
}
You can now confidently deploy NGINX as a proxy, load balancer, and HTTP/2 accelerator in front of Microsoft applications, supporting the widest possible range of client devices.
NGINX Plus provides detailed monitoring and statistics to make it easy to observe, optimize, and debug applications and infrastructure. Building on that capability, NGINX Plus R7 comes loaded with new counters and stats. These counters help you tune your NGINX Plus deployments, and make informed decisions about when you might need to scale up or out to handle more load. The new stats and counters are:
499
errors – Per‑server counter that tracks 499
errors, which occur when the client closes the connection before the backend server finishes processing its request. A few 499
errors are acceptable (people often close their web browsers in the middle of a session), but a large number can indicate that the server is overloaded and taking a long time to process requests.Like all other counters, you enable the new counters by including the api
directive in the configuration.
The NGINX Plus dashboard is greatly improved in R7, displaying key system information in a concise format, even for large and complex configurations:
To learn more, please see the related blog post, The New NGINX Plus Dashboard.
NGINX Plus R7 has a number of additional enhancements that don’t fall into any of the above categories:
start
, end
, and offset
arguments on HLS .m3u8 URIs. This allows content publishers to easily publish links to fragments of a video stream.Content modification – Previously, NGINX Plus could make just one simple content change to the content of a response, substituting one string for another. The sub_filter
directive has been extended to support variables and chains of substitutions, making more complex changes possible.
The expanded content‑modification capabilities make it easy to adapt web content, for example changing the method (https:// instead of http://), domain, or other path elements in hyperlinks in the message contents. You can also use it to insert content into HTML pages, such as boilerplate text or JavaScript snippets, without having to modify the original HTML content.
$upstream_connect_time
variable – A new NGINX variable that tracks the time it takes to connect to a backend server, making it easier to identify slow servers.‑T
flag on the nginx
command dumps the parsed NGINX configuration to stdout in a clear and standardized format. This is useful for archiving purposes or when filing a support ticket.proxy_bind
, proxy_protocol
, and tcp_nodelay
directives, and the backlog
parameter to the listen
directive, are now supported for TCP traffic (stream module) as well as for HTTP traffic. For more details, please see TCP Load Balancing in NGINX Plus R7.If you use Phusion Passenger Open Source with NGINX Plus (the passenger_root
directive is included in your configuration), you must upgrade your Passenger runtime to version 5.0.15 at the same time you upgrade to the NGINX Plus R7 nginx-plus-extras package. Perform these steps (the commands are appropriate for Ubuntu):
Stop NGINX Plus:
# service nginx stop
Upgrade your Phusion Passenger runtime to 5.0.15:
# apt-get install passenger
Upgrade the NGINX Plus Extras package to R7:
# apt-get install nginx-plus-extras
Make required updates to NGINX Plus configuration directives as described in the Phusion Passenger upgrade notes.
Start NGINX Plus:
# service nginx start
Full installation and upgrade instructions are available at the NGINX Plus customer portal.
If you’re running NGINX Plus, we strongly encourage you to upgrade to Release 7 as soon as possible. You’ll pick up a number of fixes and improvements, and it will help us to help you if you need to raise a support ticket. Installation and upgrade instructions can be found at the customer portal.
If you’ve not tried NGINX Plus, we encourage you to try it out for web acceleration, load balancing, and application delivery, or as a fully supported web server with enhanced monitoring and management APIs. You can get started for free today with a 30‑day evaluation and see for yourself how NGINX Plus can help you scale out and deliver your applications.
spdy
parameter on all listen
directives in your configuration (replace it with the http2
and ssl
parameters to enable support for HTTP/2). With the nginx-plus-http2 package, NGINX Plus fails to start if any listen
directives have the spdy
parameter."This blog post may reference products that are no longer available and/or no longer supported. For the most current information about available F5 NGINX products and solutions, explore our NGINX product family. NGINX is now part of F5. All previous NGINX.com links will redirect to similar NGINX content on F5.com."