Web Server Load Balancing with NGINX Plus

Navigation

NGINX Documentation

NGINX Plus Technical Specifications

NGINX Plus is available in binary form only; it is not available in source form. Please inquire for additional platforms and modules.

Supported Distributions

Alpine Linux

  • 3.8 (x86_64)
  • 3.9 (x86_64)

Amazon Linux

  • 2018.03+ (x86_64)

Amazon Linux 2

  • LTS (x86_64)

CentOS

  • 6.5+ (i386, x86_64)
  • 7.4+ (x86_64, ppc64le)

Debian

  • 8.0 (i386, x86_64)
  • 9.0 (i386, x86_64)

FreeBSD

  • 11.2+ (x86_64)
  • 12.0 (x86_64)

Oracle Linux

  • 6.5+ (i386, x86_64)
  • 7.4+ (x86_64)

Red Hat Enterprise Linux

  • 6.5+ (i386, x86_64)
  • 7.4+ (x86_64, ppc64le)
  • 8 (x86_64)

SUSE Linux Enterprise Server

  • 12, 12 SP1 (x86_64)
  • 15 (x86_64)

Ubuntu

  • 14.04 LTS (i386, x86_64, aarch64)
  • 16.04 LTS (i386, x86_64, ppc64le, aarch64)
  • 18.04 LTS (x86_64)
  • 18.10 LTS (x86_64)

Notes:

  • CentOS, Oracle Linux, and Red Hat Enterprise Linux 6.5 users: see this advisory when upgrading to version 6.6.
  • nginx-sync and nginx-ha-keepalive modules not supported in Alpine Linux.

Dynamic Modules

Except as specified below, dynamic modules are supported on the same distributions as NGINX Plus.

Brotli

  • Alpine: Not supported
  • Amazon/CentOS/Oracle/RedHat: Not supported
  • Debian: Not supported
  • SUSE Linux Enterprise Server 12, 12 SP1: Not supported
  • Ubuntu 14.04: Not supported
  • Ubuntu 16.04, 18.04, 18.10: i386 and x86_64 support only, no aarch64 or ppc64le

GeoIP2

  • CentOS/Oracle/RedHat 7.0: No ppc64le support
  • Debian 8.0: Not supported
  • SUSE Linux Enterprise Server: Not supported
  • Ubuntu 14.04: Not supported

NGINX WAF (ModSecurity)

  • CentOS/Oracle/RedHat: x86_64 support only, no i386 or ppc64le
  • Ubuntu: i386 and x86_64 support only, no aarch64 or ppc64le

OpenTracing

  • Centos/Oracle/RedHat 6.5: Not supported
  • Debian 8.0: Not supported
  • SUSE Linux Enterprise Server 12, 12 SP1: Not supported

Supported SSL/TLS Versions

NGINX Plus supports SSLv2, SSLv3, TLSv1, TLSv1.1, TLSv1.2, and TLSv1.3. The choice of which protocols is enabled is configurable using the ssl_protocols directive. TLSv1.2 and earlier is supported on all the operating systems listed above. TLSv1.3 is the latest version of the SSL/TLS protocol and is only supported on operating systems that ship with OpenSSL 1.1.1 or later. That includes the following:

  • Alpine Linux 3.9
  • FreeBSD 12.0
  • Ubuntu 18.10

Supported Deployment Environments

  • Bare metal
  • Container
  • Public cloud: AWS, Google Cloud Platform, Microsoft Azure
  • Virtual machine

Modules in the NGINX Plus Package

Core

  • Core – Control basic functioning (mutexes, events, thread pools, workers, and so on)

Clustering

HTTP Core

  • HTTP Core – Process HTTP traffic
  • Addition – Prepend and append data to a response
  • Auto Index – Generate directory listings
  • Charset – Add character set in Content-Type field of HTTP response header, and define or convert between character sets
  • Empty GIF – Generate empty image response
  • Gzip – Use GZIP to compress HTTP responses
  • Gzip Static – Serve pre-compressed files from disk
  • Gunzip – Decompress responses for clients that don’t support compression
  • Headers – Add fields to HTTP response headers, including Cache-Control and Expires
  • Index – Specify index files used in directory requests
  • Random Index – Select random index file for directory request
  • Real IP – Determine true origin IP address for proxied traffic
  • SSI – Process Server Side Includes (SSI) commands
  • User ID – Set cookies that uniquely identify clients
  • WebDAV – Implement WebDAV file management

HTTP Access Control and Authentication

  • Access – Control access based on client IP address (support access control lists [ACLs])
  • Auth Basic – Implement HTTP Basic Authentication scheme
  • Auth JWT – Validate JSON Web Tokens
  • Auth Request – Determine client authorization using subrequests to external authentication server
  • Referer – Control access based on Referer field in HTTP request header
  • Secure Link – Process encrypted, time-limited links to content

HTTP Advanced Configuration

  • Browser – Create variables based on User-Agent field in HTTP request header
  • Cache Slice – Create byte-range segments of large files, for more efficient caching
  • Geo – Create variables based on client IP address
  • Map – Create variables based on other variables in requests
  • Rewrite – Test and change URI of request
  • Split Clients – Partition clients for A/B testing
  • Sub – Replace text string in response (rewrite content)

HTTP Logging

  • Log – Log HTTP transactions locally or to syslog
  • Session Log – Log HTTP transactions aggregated per session

HTTP Media Delivery

  • F4F – Stream HDS (Adobe HTTP Dynamic Streaming; filename extensions .f4f, .f4m, .f4x)
  • FLV – Stream FLV (Flash Video; filename extension .flv)
  • HLS – Stream HLS (Apple HTTP Live Streaming; filename extensions .m3u8, .ts) dynamically generated from MP4 or MOV (filename extensions .m4a, .m4v, .mov, .mp4, and .qt)
  • MP4 – Stream MP4 (filename extensions .m4a, .m4v, .mp4)
  • Streaming of RTMP and DASH is provided by the third-party RTMP module

HTTP Proxying

  • FastCGI – Proxy and cache requests to FastCGI application
  • Memcached – Proxy requests to memcached application
  • Proxy – Proxy and cache requests to HTTP server
  • SCGI – Proxy and cache requests to SCGI server
  • Upstream – Proxy and cache requests to load-balanced pools of application servers
  • uwsgi – Proxy and cache requests to uwsgi server

HTTP Transaction Shaping

  • Limit Connections – Limit concurrent connections from a client IP address or other keyed value
  • Limit Requests – Limit rate of request processing for a client IP address or other keyed value
  • Limit Responses – Limit rate of responses per client connection

HTTP/2 and SSL/TLS

  • HTTP/2 – Process HTTP/2 traffic
  • SSL/TLS – Process HTTPS traffic

Mail

  • Mail Core – Proxy mail traffic
  • Auth HTTP – Offload authentication processing from HTTP server
  • IMAP – Implement capabilities and authentication methods for IMAP
  • POP3 – Implement authentication methods for POP3 traffic
  • Proxy – Support proxy-related parameters for mail protocols
  • SMTP – Define accepted SASL authentication methods for SMTP clients
  • SSL/TLS – Implement SSL, STARTTLS, and TLS for mail protocols

Programmability and Monitoring

  • NGINX Plus API – Provides REST API for accessing various status information, configuring upstream server groups on-the-fly, and managing key-value pairs without the need of reconfiguring nginx
  • Key-Value Store – Creates variables with values taken from key-value pairs managed by the NGINX Plus API

TCP and UDP Load Balancing

  • Stream – Process TCP and UDP traffic
  • Access – Support IP-based access control lists (ACLs)
  • Geo – Create variables based on client IP address
  • Limit Conn – Limit concurrent connections by key
  • Log – Log TCP and UDP transactions
  • Map – Create variables based on other variables in requests
  • Proxy – Proxy requests to TCP and UDP servers
  • Real IP – Determine true origin IP address for proxied traffic
  • Return – Return specified value to client and close connection
  • Split Clients – Partition clients for A/B testing
  • SSL/TLS – Process TCP traffic secured with SSL/TLS
  • SSL/TLS Preread – Forward TCP traffic secured with SSL/TLS without decrypting it
  • Upstream – Proxy and cache requests to load-balanced pools of servers
previous

NGINX Plus Releases

next

Open Source Components

Navigation

Need help from NGINX directly?

free trial contact us today