NGINX Full Version

隆重推出 NGINX Plus R7

NGINX, Inc. is proud to announce the availability of NGINX Plus Release 7 (R7), the latest release of our application delivery platform. The update provides a fully supported implementation of the new HTTP/2 web standard, the first of its kind for a leading web server. NGINX Plus can be deployed as a frontend HTTP/2 gateway and accelerator for both new and existing web services.

[Editor – This post has been updated to refer to the NGINX Plus API, which replaces and deprecates the separate status module mentioned in the original version of the post.]

The latest update also adds dramatic improvements and additional capabilities to ensure organizations can deliver their applications with the performance, security, and reliability required for enterprise applications. These include significant enhancements to make application monitoring, management, and debugging easier, and additional security and performance‑optimizing features.

Editor – For more details about key new features in NGINX Plus R7, see these related blog posts:

Also check out our on‑demand webinar, What’s New in NGINX Plus R7?

Key features in this release include:

“We have helped hundreds of new customers deploy their applications with NGINX Plus in the past year, and our latest release is really about providing them with even more tools to ensure the best possible experience for their users,” states Gus Robertson, CEO at NGINX, Inc. “We are the fabric of our customer’s infrastructure, and that puts us in a unique place to be able to provide unparalleled visibility and control over the applications they deploy. We take our critical role in our customer’s business seriously, and the new capabilities in NGINX Plus R7 reflect that.”

Adoption of NGINX has grown considerably in recent months. NGINX is the #1 web server at the top 100,000 websites, with nearly half of the world’s busiest sites using NGINX to deliver their applications to billions of users. NGINX, Inc. continues to invest heavily in both our open source and commercially supported tools to make flawless application delivery easy for everyone – from the smallest, lightest apps up to the world’s largest platforms.

NGINX Plus R7 Features in Detail

This section provides a detailed overview of all the new features and functionality in NGINX Plus R7.

Fully Supported Implementation of HTTP/2

NGINX Plus R7 delivers support for HTTP/2, the latest version of the HTTP protocol, via the new nginx-plus-http2 package. HTTP/2 brings increased performance and security to modern web applications. NGINX Plus support for HTTP/2 works seamlessly with your existing sites and apps, without requiring any changes to them and only very minimal changes to the NGINX Plus configuration. NGINX Plus R7 is fully backward compatible and can deliver both HTTP/1.x and HTTP/2 traffic in parallel, for the best experience no matter what browser your users choose.

To ease the transition to HTTP/2, NGINX Plus acts as an “HTTP/2 gateway”. On the front end, NGINX Plus talks HTTP/2 to client web browsers that support it, and on the back end it talks HTTP/1.x (or FastCGI, SCGI, uWSGI, etc.) just as before. This means that servers and applications proxied by NGINX Plus will be unaffected by the move to HTTP/2, and don’t really even need to know which HTTP version their clients are using.

To support HTTPS and HTTP/2 side by side, NGINX Plus supports both the Next Protocol Negotiation (NPN) and Application‑Layer Protocol Negotiation (ALPN) extensions in TLS. These extensions are used to seamlessly upgrade an HTTPS connection to HTTP/2 if both client and server support HTTP/2.

The only configuration change required is to add the http2 parameter to existing listen directives. Please note HTTP/2 is only supported when the ssl parameter is also included:

server {
    listen 443 ssl http2 default_server;
}

To enable HTTP/2 support, install the nginx-plus-http2 package from the NGINX Plus repository. This package does not support SPDY/3.1. The standard nginx-plus and nginx-plus-extras packages support SPDY/3.1 rather than HTTP/2, and are currently recommended for production sites due to wider browser support and code maturity. Note that we currently don’t build an HTTP/2‑enabled version of the nginx-plus-extras package.

To learn more about HTTP/2:

Significantly Improved Performance

NGINX Plus R7 includes a number of performance enhancements that can help your applications perform even better. It adds support for thread‑pool optimization, which offloads potentially blocking disk operations and improves the performance of workloads (such as content caching) that involve heavy disk I/O. NGINX Plus R7 also includes the socket sharding optimization (Linux 3.9+ or Dragonfly BSD required) that improves efficiency on large, multicore servers where large numbers of nginx processes handle traffic. They have been tested in the field in NGINX Open Source deployments, and are now fully supported as part of NGINX Plus.

Thread Pools

Using thread pools in NGINX Plus can give you 9x better performance. It’s well known that NGINX uses an asynchronous, event‑driven approach to handling connections. But the asynchronous, event‑driven approach still has a problem: blocking. On Linux, disk operations are blocking, so during operations that involve a lot of disk I/O NGINX can spend a lot of time blocking rather than doing productive work.

Allocating a pool of threads that handle disk I/O alleviates this problem. Instead of going to disk itself, the NGINX worker process hands off the I/O operation to an available thread in the pool and then goes back to processing traffic as usual. When the disk operation is complete, the NGINX worker process is notified and can continue whatever work remains to be done to satisfy the request.

To enable thread pools just add the aio threads directive to a location block:

location / {
    root /storage;
    aio threads;
}

For a thorough overview of thread pools in NGINX, please see this blog post.

Socket Sharding

Socket sharding was first introduced in NGINX 1.9.1. This feature leverages the SO_REUSEPORT socket option introduced in version 3.9 of the Linux kernel. When the option is enabled, the Linux kernel itself distributes new connections evenly across the NGINX worker processes in a round‑robin fashion. The worker processes then do the work of request limiting, caching, load balancing, and everything else you have configured.

Without SO_REUSEPORT, new connections are put up for grabs to all available worker processes. The first to take a connection off the queue gets it. As there is no algorithm for distributing the load evenly, it can easily get skewed, with a few worker processes taking the majority of the load while others are underutilized. Its also inefficient to have processes fight over packets, as this can lead to lock contention.

Socket sharding can improve performance up to 3x by ensuring work is distributed evenly among NGINX worker processes. To enable this functionality, add the new reuseport parameter to existing listen directives.

server {
    listen 12345 reuseport;
    # ...
}

To learn more about this feature, please refer to this blog post.

Note: This feature requires Linux kernel version 3.9 or later. Ubuntu 13.10 and later and Red Hat Enterprise Linux 7 and later include the required functionality.

Access Control and Security Enhancements

NGINX Plus R7 adds even more features to improve the security of your applications. This section provides an overview of those features.

TCP Access Control and Limiting

New features for TCP proxy and load balancing improve access control (limit by IP address), connection limiting (limit the number of concurrent connections per client or service), and bandwidth usage (limit the upstream or downstream bandwidth per connection). These features are already available for HTTP load balancing, and are used with great success for API metering and DDoS protection.

For more details, please see the related blog post, TCP Load Balancing in NGINX Plus R7.

NTLM Support

In response to popular demand, NGINX Plus R7 can proxy and load balance applications that use Microsoft NT LAN Manager (NTLM) for authentication. NTLM is an authentication protocol used by many Microsoft products, particularly with legacy applications.

Our support for NTLM fulfills the security requirement that connections to backend servers are kept alive but not multiplexed, so that each NTLM‑authenticated client has a unique dedicated connection to the backend server.

To enable NTLM support, add the ntlm directive in the configuration of HTTP upstream groups:

upstream backend {
    server 192.168.1.10;
    server 192.168.1.11;
    ntlm;
}

You can now confidently deploy NGINX as a proxy, load balancer, and HTTP/2 accelerator in front of Microsoft applications, supporting the widest possible range of client devices.

Improved Monitoring and Diagnostics

NGINX Plus provides detailed monitoring and statistics to make it easy to observe, optimize, and debug applications and infrastructure. Building on that capability, NGINX Plus R7 comes loaded with new counters and stats. These counters help you tune your NGINX Plus deployments, and make informed decisions about when you might need to scale up or out to handle more load. The new stats and counters are:

Like all other counters, you enable the new counters by including the api directive in the configuration.

Updated, Interactive NGINX Plus Dashboard

The NGINX Plus dashboard is greatly improved in R7, displaying key system information in a concise format, even for large and complex configurations:

To learn more, please see the related blog post, The New NGINX Plus Dashboard.

A Few More Goodies

NGINX Plus R7 has a number of additional enhancements that don’t fall into any of the above categories:

Upgrading Phusion Passenger Open Source to Be Compatible with NGINX Plus

If you use Phusion Passenger Open Source with NGINX Plus (the passenger_root directive is included in your configuration), you must upgrade your Passenger runtime to version 5.0.15 at the same time you upgrade to the NGINX Plus R7 nginx-plus-extras package. Perform these steps (the commands are appropriate for Ubuntu):

  1. Stop NGINX Plus:

    # service nginx stop
  2. Upgrade your Phusion Passenger runtime to 5.0.15:

    # apt-get install passenger
  3. Upgrade the NGINX Plus Extras package to R7:

    # apt-get install nginx-plus-extras
  4. Make required updates to NGINX Plus configuration directives as described in the Phusion Passenger upgrade notes.

  5. Start NGINX Plus:

    # service nginx start

Full installation and upgrade instructions are available at the NGINX Plus customer portal.

Upgrade or Try NGINX Plus

If you’re running NGINX Plus, we strongly encourage you to upgrade to Release 7 as soon as possible. You’ll pick up a number of fixes and improvements, and it will help us to help you if you need to raise a support ticket. Installation and upgrade instructions can be found at the customer portal.

If you’ve not tried NGINX Plus, we encourage you to try it out for web acceleration, load balancing, and application delivery, or as a fully supported web server with enhanced monitoring and management APIs. You can get started for free today with a 30‑day evaluation and see for yourself how NGINX Plus can help you scale out and deliver your applications.

Caveats