NGINX Plus Technical Specifications
NGINX Plus is available in binary form only; it is not available in source form. Please inquire for additional platforms and modules.
Supported Distributions
Ubuntu
- 14.04 LTS (i386, x86_64, aarch64)
- 16.04 LTS (i386, x86_64, ppc64le, aarch64)
- 18.04 LTS (x86_64)
- 18.10 LTS (x86_64)
Notes:
- CentOS, Oracle Linux, and Red Hat Enterprise Linux 6.5 users: see this advisory when upgrading to version 6.6.
nginx-sync
andnginx-ha-keepalive
modules not supported in Alpine Linux.
Dynamic Modules
Except as specified below, dynamic modules are supported on the same distributions as NGINX Plus.
Brotli
- Alpine: Not supported
- Amazon/CentOS/Oracle/RedHat: Not supported
- Debian: Not supported
- SUSE Linux Enterprise Server 12, 12 SP1: Not supported
- Ubuntu 14.04: Not supported
- Ubuntu 16.04, 18.04, 18.10: i386 and x86_64 support only, no aarch64 or ppc64le
GeoIP2
- CentOS/Oracle/RedHat 7.0: No ppc64le support
- Debian 8.0: Not supported
- SUSE Linux Enterprise Server: Not supported
- Ubuntu 14.04: Not supported
Supported SSL/TLS Versions
NGINX Plus supports SSLv2, SSLv3, TLSv1, TLSv1.1, TLSv1.2, and TLSv1.3. The choice of which protocols is enabled is configurable using the ssl_protocols directive. TLSv1.2 and earlier is supported on all the operating systems listed above. TLSv1.3 is the latest version of the SSL/TLS protocol and is only supported on operating systems that ship with OpenSSL 1.1.1 or later. That includes the following:
- Alpine Linux 3.9
- FreeBSD 12.0
- Ubuntu 18.10
Supported Deployment Environments
- Bare metal
- Container
- Public cloud: AWS, Google Cloud Platform, Microsoft Azure
- Virtual machine
Recommended Hardware
Please see: Sizing Guide for Deploying NGINX Plus on Bare Metal Servers
Modules in the NGINX Plus Package
Core
- Core – Control basic functioning (mutexes, events, thread pools, workers, and so on)
Clustering
- Zone Sync – Synchronize shared memory zones between nodes of a cluster
HTTP Core
- HTTP Core – Process HTTP traffic
- Addition – Prepend and append data to a response
- Auto Index – Generate directory listings
- Charset – Add character set in
Content-Type
field of HTTP response header, and define or convert between character sets - Empty GIF – Generate empty image response
- Gzip – Use GZIP to compress HTTP responses
- Gzip Static – Serve pre-compressed files from disk
- Gunzip – Decompress responses for clients that don’t support compression
- Headers – Add fields to HTTP response headers, including
Cache-Control
andExpires
- Index – Specify index files used in directory requests
- Random Index – Select random index file for directory request
- Real IP – Determine true origin IP address for proxied traffic
- SSI – Process Server Side Includes (SSI) commands
- User ID – Set cookies that uniquely identify clients
- WebDAV – Implement WebDAV file management
HTTP Access Control and Authentication
- Access – Control access based on client IP address (support access control lists [ACLs])
- Auth Basic – Implement HTTP Basic Authentication scheme
- Auth JWT – Validate JSON Web Tokens
- Auth Request – Determine client authorization using subrequests to external authentication server
- Referer – Control access based on
Referer
field in HTTP request header - Secure Link – Process encrypted, time-limited links to content
HTTP Advanced Configuration
- Browser – Create variables based on
User-Agent
field in HTTP request header - Cache Slice – Create byte-range segments of large files, for more efficient caching
- Geo – Create variables based on client IP address
- Map – Create variables based on other variables in requests
- Rewrite – Test and change URI of request
- Split Clients – Partition clients for A/B testing
- Sub – Replace text string in response (rewrite content)
HTTP Logging
- Log – Log HTTP transactions locally or to
syslog
- Session Log – Log HTTP transactions aggregated per session
HTTP Media Delivery
- F4F – Stream HDS (Adobe HTTP Dynamic Streaming; filename extensions .f4f, .f4m, .f4x)
- FLV – Stream FLV (Flash Video; filename extension .flv)
- HLS – Stream HLS (Apple HTTP Live Streaming; filename extensions .m3u8, .ts) dynamically generated from MP4 or MOV (filename extensions .m4a, .m4v, .mov, .mp4, and .qt)
- MP4 – Stream MP4 (filename extensions .m4a, .m4v, .mp4)
- Streaming of RTMP and DASH is provided by the third-party RTMP module
HTTP Proxying
- FastCGI – Proxy and cache requests to FastCGI application
- Memcached – Proxy requests to memcached application
- Proxy – Proxy and cache requests to HTTP server
- SCGI – Proxy and cache requests to SCGI server
- Upstream – Proxy and cache requests to load-balanced pools of application servers
- uwsgi – Proxy and cache requests to uwsgi server
HTTP Transaction Shaping
- Limit Connections – Limit concurrent connections from a client IP address or other keyed value
- Limit Requests – Limit rate of request processing for a client IP address or other keyed value
- Limit Responses – Limit rate of responses per client connection
- Mail Core – Proxy mail traffic
- Auth HTTP – Offload authentication processing from HTTP server
- IMAP – Implement capabilities and authentication methods for IMAP
- POP3 – Implement authentication methods for POP3 traffic
- Proxy – Support proxy-related parameters for mail protocols
- SMTP – Define accepted SASL authentication methods for SMTP clients
- SSL/TLS – Implement SSL, STARTTLS, and TLS for mail protocols
Programmability and Monitoring
- NGINX Plus API – Provides REST API for accessing various status information, configuring upstream server groups on-the-fly, and managing key-value pairs without the need of reconfiguring nginx
- Key-Value Store – Creates variables with values taken from key-value pairs managed by the NGINX Plus API
TCP and UDP Load Balancing
- Stream – Process TCP and UDP traffic
- Access – Support IP-based access control lists (ACLs)
- Geo – Create variables based on client IP address
- Limit Conn – Limit concurrent connections by key
- Log – Log TCP and UDP transactions
- Map – Create variables based on other variables in requests
- Proxy – Proxy requests to TCP and UDP servers
- Real IP – Determine true origin IP address for proxied traffic
- Return – Return specified value to client and close connection
- Split Clients – Partition clients for A/B testing
- SSL/TLS – Process TCP traffic secured with SSL/TLS
- SSL/TLS Preread – Forward TCP traffic secured with SSL/TLS without decrypting it
- Upstream – Proxy and cache requests to load-balanced pools of servers