NI
Uploaded byNGINX, Inc.
PDF, PPTX501 views

NGINX Plus R19 : EMEA

The document outlines the new features and highlights of NGINX Plus R19, including improved monitoring and observability, a dry-run mode for rate limiting, and dynamic bandwidth limiting. Key updates include per-location metrics, DNS resolver metrics, and enhancements to the key-value store for enhanced traffic management. It serves as a comprehensive overview for users to understand the latest advancements in NGINX Plus R19.

Embed presentation

Download as PDF, PPTX
NGINX Plus R19 New Features & Highlights 1
MORE INFORMATION AT NGINX.COM Agenda • Introducing NGINX and F5 Networks • New features in NGINX Plus R19 - Monitoring and observability - Dry-run mode for rate limiting - Dynamic bandwidth limiting • Summary and Q&A 2 Liam Crilly Director, Product Management, NGINX l.crilly@f5.com @liamcrilly
3 “... when I started NGINX, I focused on a very specific problem – how to handle more customers per a single server.” - Igor Sysoev, NGINX creator and founder
Introducing NGINX 4 2004 • NGINX 0.1 2007 • “Viable” 2011 • NGINX, Inc. • NGINX 1.0 2013 • NGINX Plus R1 2018 • NGINX Unit 1.0 • Controller 1.0 2019 • Controller 2.0 (API mgmt.) • NGINX Plus R19 • Acquired by F5 Networks
Source: W3Techs Web server ranking, 15-Oct-2019 #1“Most websites use NGINX” The busiest sites choose NGINX 33% 37% 41% 42% Top 1M Top 100K Top 10K Top 1K Source: Netcraft April 2019 Web Server Survey
What is NGINX? Internet Web Server Serve content from disk Reverse Proxy FastCGI, uWSGI, gRPC… Load Balancer Caching, SSL termination… HTTP traffic - Basic load balancer - Content Cache - Web Server - Reverse Proxy - SSL termination - Rate limiting - Basic authentication - 7 metrics NGINX Open Source NGINX Plus + Advanced load balancer + Health checks + Session persistence + Least time algos + Cache purging + HA/Clustering + JWT Authentication + OpenID Connect SSO + NGINX Plus API + Key-value store + Dynamic modules + 90+ metrics
Previously on NGINX Plus R18 • Dynamic SSL/TLS certificate loading – provisioning options: ◦ Copy to NGINX without configuration reload ◦ POST to key-value store through the NGINX Plus API so that private key is never-on-disk • OpenID Connect enhancements ◦ Opaque session tokens with key-value store as JWT cache for enhanced security ◦ https://github.com/nginxinc/nginx-openid-connect for our OIDC reference implementation • Port ranges for virtual servers ◦ Support a broader range of applications • Define health checks by testing the value of any variables ◦ Increased flexibility in active health checks Visit https://www.nginx.com/blog/nginx-plus-r18-released/ for all details
Monitoring and observability R19 Per location metrics •Collect metrics anywhere DNS resolver metrics •Track DNS request types and error responses Extended Activity Dashboard •Live dashboard extended to include the new metrics and cluster-wide state sharing Prometheus Module •Export NGINX Plus metrics to Prometheus Rate limiting in dry-run mode •Log excessive requests without enforcing the rate limit
Per-location metrics 11 • Just use status_zone anywhere! • Differentiate multiple apps on same hostname • Debug complex rewrites (did I get here?) • API endpoint /api/5/http/location_zones • Appears under “HTTP Zones” in dashboard server { listen 80; server_name www.example.com; status_zone www.example.com; # Collect metrics location / { root /var/docroot/www.example.com; } location /admin/ { status_zone www_admin; # Collect metrics if ($is_args) { status_zone www_admin_query; # Conditional } proxy_pass http://my_backend; } } NGINX Plus
Resolver metrics 13 • API endpoint /api/5/resolvers • Single resolver directive may specifiy multiple DNS servers ◦ Metrics collected under single status_zone resolver 8.8.8.8 8.8.4.4 valid=5s status_zone=google8888; resolver_timeout 10ms; upstream f1_api { zone f1_api 64k; server ergast.com resolve; } server { listen 80; server_name api.example.com; location /api/f1/ { proxy_pass http://f1_api; } location / { resolver 1.1.1.1 valid=5s status_zone=cloudflare1111; proxy_pass http://sports.example.com; } } NGINX Plus
Dashboard Update 14 • Per-location metrics ◦ Under “HTTP Zones” • Resolver metrics • Cluster state sharing metrics NGINX Plus
Dry-run mode for rate limiting 15 • limit_req_dry_run directive • Monitors limit_req zone only • Logs excess events to error_log • Logs marked with dry run limit_req_zone $binary_remote_addr zone=ip:1m rate=1r/s; limit_req_status 429; server { listen 80; location / { limit_req_dry_run on; limit_req zone=ip burst=2 delay=1; limit_req_log_level warn; error_page 429 @too_many_requests; proxy_pass http://my_backend; add_header Duration $request_time; } } NGINX OSS
Prometheus Module 17 • Export all NGINX Plus metrics in Prometheus format • JavaScript module converts JSON to ”prom” text/plain format load_module modules/ngx_http_js_module.so; http { js_include /usr/share/nginx-plus-module-prometheus/main.js; server { location = /metrics { js_content prometheus_metrics; } } } NGINX Plus $ … install nginx-plus-module-prometheus
Additional Features • Enhancements to the Key-Value Store ◦ Support for Network Ranges – Dynamically blacklist/whitelist IP subnets using CIDR annotations. ◦ Entry Expiration Timeouts – Set specific timeouts for individual Key-Value store entries. • Apply bandwidth limits based on attributes of incoming traffic ◦ limit_rate directive – Sets the rate (in bytes per second) that NGINX Plus will issue an HTTP response back to the client. ◦ limit_rate_after directive – Sets the number of bytes NGINX sends before the rate is applied.
Keyval with networks 20 • type=ip parameter to keyval_zone • curl -X POST -d '{"192.168.13.0/24":"1"}' http://localhost:8080/api/5/h ttp/keyvals/whitelist keyval_zone zone=whitelist:128K type=ip timeout=2m; keyval $remote_addr $client_net zone=whitelist; server { listen 80; location / { default_type text/plain; if ($client_net) { return 200 'Hello $remote_addr you are from $client_netn'; } return 403 'Goodbye $remote_addr, you are not on the listn'; } } NGINX Plus
Dynamic Bandwith Limits 21 • Limit bandwith based on TLS version • Apply rate limit after headers are sent back to the client map $ssl_protocol $response_rate { "TLSv1.1" 10k; "TLSv1.2" 100k; "TLSv1.3" 1000k; } server { listen 443 ssl; ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3; ssl_certificate /etc/ssl/nginx/example.crt; ssl_certificate_key /etc/ssl/nginx/example.key; location / { limit_rate $response_rate; limit_rate_after 512; proxy_pass http://my_backend; } } NGINX OSS
Summary • Per-location metrics • Resolver metrics • Dashboard updated with new metrics, and zone_sync • Prometheus module • Dry-run mode for rate limiting • CIDR notation for keyval (type=ip) • Per-entry timeout for keyval • Variables support for bandwidth limiting
nginx.com | @nginxnginx.com | @nginx Q&A

More Related Content

PPTX
What's new in NGINX Plus R19
byNGINX, Inc.
 
PPTX
Dynamic SSL Certificates and Other New Features in NGINX Plus R18 and NGINX O...
byNGINX, Inc.
 
PPTX
NGINX Plus R18: What's new
byNGINX, Inc.
 
PPTX
Analyzing NGINX Logs with Datadog
byNGINX, Inc.
 
PPTX
Scale your application to new heights with NGINX and AWS
byNGINX, Inc.
 
PDF
From Code to Customer with F5 and NGNX London Nov 19
byNGINX, Inc.
 
PPTX
TLS 1.3 and Other New Features in NGINX Plus R17 and NGINX Open Source
byNGINX, Inc.
 
PPTX
What’s New in NGINX Ingress Controller for Kubernetes Release 1.5.0
byNGINX, Inc.
 
What's new in NGINX Plus R19
byNGINX, Inc.
 
Dynamic SSL Certificates and Other New Features in NGINX Plus R18 and NGINX O...
byNGINX, Inc.
 
NGINX Plus R18: What's new
byNGINX, Inc.
 
Analyzing NGINX Logs with Datadog
byNGINX, Inc.
 
Scale your application to new heights with NGINX and AWS
byNGINX, Inc.
 
From Code to Customer with F5 and NGNX London Nov 19
byNGINX, Inc.
 
TLS 1.3 and Other New Features in NGINX Plus R17 and NGINX Open Source
byNGINX, Inc.
 
What’s New in NGINX Ingress Controller for Kubernetes Release 1.5.0
byNGINX, Inc.
 

What's hot

PDF
What’s New in NGINX Plus R15? - EMEA
byNGINX, Inc.
 
PDF
APIs: Intelligent Routing, Security, & Management
byNGINX, Inc.
 
PDF
Architecting for now & the future with NGINX London April 19
byNGINX, Inc.
 
PDF
Achieve Full API Lifecycle Management Using NGINX Controller – EMEA
byNGINX, Inc.
 
PDF
MRA AMA Part 8: Secure Inter-Service Communication
byNGINX, Inc.
 
PPTX
NGINX, Istio, and the Move to Microservices and Service Mesh
byNGINX, Inc.
 
PPTX
What’s New in NGINX Plus R15?
byNGINX, Inc.
 
PDF
NGINX Controller: Configuration, Management, and Troubleshooting at Scale – EMEA
byNGINX, Inc.
 
PDF
NGINX: Basics and Best Practices EMEA
byNGINX, Inc.
 
PPTX
Simplify Microservices with the NGINX Application Platform
byNGINX, Inc.
 
PPTX
NGINX Basics: Ask Me Anything – EMEA
byNGINX, Inc.
 
PDF
Using NGINX and NGINX Plus as a Kubernetes Ingress
byKevin Jones
 
PPTX
NGINX Plus R20 Webinar
byNGINX, Inc.
 
PPTX
ModSecurity 3.0 and NGINX: Getting Started
byNGINX, Inc.
 
PPTX
NGINX Plus R20 Webinar EMEA
byNGINX, Inc.
 
PPTX
MRA AMA Part 10: Kubernetes and the Microservices Reference Architecture
byNGINX, Inc.
 
PDF
NGINX Microservices Reference Architecture: What’s in Store for 2019 – EMEA
byNGINX, Inc.
 
PPTX
Migrating from BIG-IP Deployment to NGINX ADC
byNGINX, Inc.
 
PPTX
ModSecurity 3.0 and NGINX: Getting Started - EMEA
byNGINX, Inc.
 
PPTX
ModSecurity and NGINX: Tuning the OWASP Core Rule Set (Updated)
byNGINX, Inc.
 
What’s New in NGINX Plus R15? - EMEA
byNGINX, Inc.
 
APIs: Intelligent Routing, Security, & Management
byNGINX, Inc.
 
Architecting for now & the future with NGINX London April 19
byNGINX, Inc.
 
Achieve Full API Lifecycle Management Using NGINX Controller – EMEA
byNGINX, Inc.
 
MRA AMA Part 8: Secure Inter-Service Communication
byNGINX, Inc.
 
NGINX, Istio, and the Move to Microservices and Service Mesh
byNGINX, Inc.
 
What’s New in NGINX Plus R15?
byNGINX, Inc.
 
NGINX Controller: Configuration, Management, and Troubleshooting at Scale – EMEA
byNGINX, Inc.
 
NGINX: Basics and Best Practices EMEA
byNGINX, Inc.
 
Simplify Microservices with the NGINX Application Platform
byNGINX, Inc.
 
NGINX Basics: Ask Me Anything – EMEA
byNGINX, Inc.
 
Using NGINX and NGINX Plus as a Kubernetes Ingress
byKevin Jones
 
NGINX Plus R20 Webinar
byNGINX, Inc.
 
ModSecurity 3.0 and NGINX: Getting Started
byNGINX, Inc.
 
NGINX Plus R20 Webinar EMEA
byNGINX, Inc.
 
MRA AMA Part 10: Kubernetes and the Microservices Reference Architecture
byNGINX, Inc.
 
NGINX Microservices Reference Architecture: What’s in Store for 2019 – EMEA
byNGINX, Inc.
 
Migrating from BIG-IP Deployment to NGINX ADC
byNGINX, Inc.
 
ModSecurity 3.0 and NGINX: Getting Started - EMEA
byNGINX, Inc.
 
ModSecurity and NGINX: Tuning the OWASP Core Rule Set (Updated)
byNGINX, Inc.
 

Similar to NGINX Plus R19 : EMEA

PDF
What’s New in NGINX Plus R16? – EMEA
byNGINX, Inc.
 
PPTX
What’s New in NGINX Plus R16?
byNGINX, Inc.
 
PPTX
What's New in NGINX Plus R7?
byNGINX, Inc.
 
PPTX
What's New in NGINX Plus R8
byNGINX, Inc.
 
PPTX
What's New in NGINX Plus R10?
byNGINX, Inc.
 
PPTX
NGINX Lunch and Learn Event: Kubernetes and the NGINX Plus Ingress controller
byKatherine Bagood
 
PPTX
What's new in NGINX Plus R9
byNGINX, Inc.
 
PPTX
Accelerating Your Web Application with NGINX
byKevin Jones
 
PPTX
Flawless Application Delivery with NGINX Plus
byPeter Guagenti
 
PDF
NGINX: The Past, Present and Future of the Modern Web
byKevin Jones
 
PDF
ITB2017 - Nginx ppf intothebox_2017
byOrtus Solutions, Corp
 
PDF
What's New in NGINX Plus R12?
byNGINX, Inc.
 
PDF
Kubernetes and the NGINX Plus Ingress Controller
byKatherine Bagood
 
PPTX
3 Ways to Automate App Deployments with NGINX
byNGINX, Inc.
 
PPTX
Accélérez vos déploiements applicatifs avec NGINX Controller
byNGINX, Inc.
 
PDF
Simplify Microservices with the NGINX Application Platform - EMEA
byNGINX, Inc.
 
PDF
Complete-NGINX-Cookbook-2019.pdf
byTomaszWojciechowski22
 
PPTX
NGINX Kubernetes Ingress Controller: Getting Started – EMEA
byAine Long
 
PPTX
NGINX Basics and Best Practices Workshop
byNGINX, Inc.
 
PDF
NGINX ADC: Basics and Best Practices – EMEA
byNGINX, Inc.
 
What’s New in NGINX Plus R16? – EMEA
byNGINX, Inc.
 
What’s New in NGINX Plus R16?
byNGINX, Inc.
 
What's New in NGINX Plus R7?
byNGINX, Inc.
 
What's New in NGINX Plus R8
byNGINX, Inc.
 
What's New in NGINX Plus R10?
byNGINX, Inc.
 
NGINX Lunch and Learn Event: Kubernetes and the NGINX Plus Ingress controller
byKatherine Bagood
 
What's new in NGINX Plus R9
byNGINX, Inc.
 
Accelerating Your Web Application with NGINX
byKevin Jones
 
Flawless Application Delivery with NGINX Plus
byPeter Guagenti
 
NGINX: The Past, Present and Future of the Modern Web
byKevin Jones
 
ITB2017 - Nginx ppf intothebox_2017
byOrtus Solutions, Corp
 
What's New in NGINX Plus R12?
byNGINX, Inc.
 
Kubernetes and the NGINX Plus Ingress Controller
byKatherine Bagood
 
3 Ways to Automate App Deployments with NGINX
byNGINX, Inc.
 
Accélérez vos déploiements applicatifs avec NGINX Controller
byNGINX, Inc.
 
Simplify Microservices with the NGINX Application Platform - EMEA
byNGINX, Inc.
 
Complete-NGINX-Cookbook-2019.pdf
byTomaszWojciechowski22
 
NGINX Kubernetes Ingress Controller: Getting Started – EMEA
byAine Long
 
NGINX Basics and Best Practices Workshop
byNGINX, Inc.
 
NGINX ADC: Basics and Best Practices – EMEA
byNGINX, Inc.
 

More from NGINX, Inc.

PDF
【NGINXセミナー】 Ingressを使ってマイクロサービスの運用を楽にする方法
byNGINX, Inc.
 
PDF
【NGINXセミナー】 NGINXのWAFとは?その使い方と設定方法 解説セミナー
byNGINX, Inc.
 
PDF
【NGINXセミナー】API ゲートウェイとしてのNGINX Plus活用方法
byNGINX, Inc.
 
PPTX
Get Hands-On with NGINX and QUIC+HTTP/3
byNGINX, Inc.
 
PPTX
Managing Kubernetes Cost and Performance with NGINX & Kubecost
byNGINX, Inc.
 
PDF
Manage Microservices Chaos and Complexity with Observability
byNGINX, Inc.
 
PDF
Accelerate Microservices Deployments with Automation
byNGINX, Inc.
 
PDF
Unit 2: Microservices Secrets Management 101
byNGINX, Inc.
 
PDF
Unit 1: Apply the Twelve-Factor App to Microservices Architectures
byNGINX, Inc.
 
PDF
NGINX基本セミナー(セキュリティ編)~NGINXでセキュアなプラットフォームを実現する方法!
byNGINX, Inc.
 
PDF
Easily View, Manage, and Scale Your App Security with F5 NGINX
byNGINX, Inc.
 
PDF
NGINXセミナー(基本編)~いまさら聞けないNGINXコンフィグなど基本がわかる!
byNGINX, Inc.
 
PDF
Keep Ahead of Evolving Cyberattacks with OPSWAT and F5 NGINX
byNGINX, Inc.
 
PPTX
Install and Configure NGINX Unit, the Universal Application, Web, and Proxy S...
byNGINX, Inc.
 
PPTX
Protecting Apps from Hacks in Kubernetes with NGINX
byNGINX, Inc.
 
PPTX
NGINX Kubernetes API
byNGINX, Inc.
 
PPTX
Successfully Implement Your API Strategy with NGINX
byNGINX, Inc.
 
PPTX
Installing and Configuring NGINX Open Source
byNGINX, Inc.
 
PPTX
Shift Left for More Secure Apps with F5 NGINX
byNGINX, Inc.
 
PPTX
How to Avoid the Top 5 NGINX Configuration Mistakes.pptx
byNGINX, Inc.
 
【NGINXセミナー】 Ingressを使ってマイクロサービスの運用を楽にする方法
byNGINX, Inc.
 
【NGINXセミナー】 NGINXのWAFとは?その使い方と設定方法 解説セミナー
byNGINX, Inc.
 
【NGINXセミナー】API ゲートウェイとしてのNGINX Plus活用方法
byNGINX, Inc.
 
Get Hands-On with NGINX and QUIC+HTTP/3
byNGINX, Inc.
 
Managing Kubernetes Cost and Performance with NGINX & Kubecost
byNGINX, Inc.
 
Manage Microservices Chaos and Complexity with Observability
byNGINX, Inc.
 
Accelerate Microservices Deployments with Automation
byNGINX, Inc.
 
Unit 2: Microservices Secrets Management 101
byNGINX, Inc.
 
Unit 1: Apply the Twelve-Factor App to Microservices Architectures
byNGINX, Inc.
 
NGINX基本セミナー(セキュリティ編)~NGINXでセキュアなプラットフォームを実現する方法!
byNGINX, Inc.
 
Easily View, Manage, and Scale Your App Security with F5 NGINX
byNGINX, Inc.
 
NGINXセミナー(基本編)~いまさら聞けないNGINXコンフィグなど基本がわかる!
byNGINX, Inc.
 
Keep Ahead of Evolving Cyberattacks with OPSWAT and F5 NGINX
byNGINX, Inc.
 
Install and Configure NGINX Unit, the Universal Application, Web, and Proxy S...
byNGINX, Inc.
 
Protecting Apps from Hacks in Kubernetes with NGINX
byNGINX, Inc.
 
NGINX Kubernetes API
byNGINX, Inc.
 
Successfully Implement Your API Strategy with NGINX
byNGINX, Inc.
 
Installing and Configuring NGINX Open Source
byNGINX, Inc.
 
Shift Left for More Secure Apps with F5 NGINX
byNGINX, Inc.
 
How to Avoid the Top 5 NGINX Configuration Mistakes.pptx
byNGINX, Inc.
 

Recently uploaded

PPTX
‘Analyzing Application Logs Using AI’ Webinar
byTier1 app
 
PDF
MySQL Routing Guidelines: Designing Smarter Query Routing Together
byMiguel Araújo
 
PDF
Ontwikkel sneller en veiliger met GitHub Copilot
byDelta-N
 
PDF
eresource Xcel ERP for Maunfacturing - Best Manufacturing ERP for SME
byeresource Infotech Pvt.Ltd
 
PDF
What is a stablecoin and business adoption in 2026.pdf
bymeerasingh12189
 
PPTX
Data Skills for Business Analysts: What You Need to Succeed
byScott W. Ambler
 
PPTX
Connecting to MCP Servers in OutSystems Platform
byOzanCali
 
PDF
GET /Ready How to master being a Master of Ceremonies (MC)
byImma Valls Bernaus
 
PPTX
40m_wAIred_DigitalPlatformRabobank_10022026.pptx
bySimonedeGijt
 
PDF
Jira, Powered by Enterprise-Grade Intelligence from NeoroTalks.pdf
byNeoro Talks
 
PDF
Langchain4J – An Introduction for Impatient Developers
byJuarez Junior
 
PDF
Doctor On Call App Development for Digital Healthcare.
byV3CUBE TECHNOLABS
 
PDF
Versnel innovatie met GitHub Enterprise - Rick Smit GitHub
byDelta-N
 
PDF
Supercharging Grafana with Community Plugins
byImma Valls Bernaus
 
PDF
Powering Spring AI with Model Context Protocol Integration
byJuarez Junior
 
PDF
Lost Android Phone Recovery_ Steps That Work Fast.pdf
byIsabella Reed
 
PDF
Routing Guidelines: Unlocking Smarter Query Routing in MySQL Architectures
byMiguel Araújo
 
PDF
Building production-ready AI Agents with Strands Agents and Amazon Bedrock Ag...
byVadym Kazulkin
 
PDF
Ready, Set, REST! Introducing MySQL's Built-In REST Service
byMiguel Araújo
 
PPTX
How CFD Simulations Support Sustainable Data Center Design Optimization
byWeb Synergies
 
‘Analyzing Application Logs Using AI’ Webinar
byTier1 app
 
MySQL Routing Guidelines: Designing Smarter Query Routing Together
byMiguel Araújo
 
Ontwikkel sneller en veiliger met GitHub Copilot
byDelta-N
 
eresource Xcel ERP for Maunfacturing - Best Manufacturing ERP for SME
byeresource Infotech Pvt.Ltd
 
What is a stablecoin and business adoption in 2026.pdf
bymeerasingh12189
 
Data Skills for Business Analysts: What You Need to Succeed
byScott W. Ambler
 
Connecting to MCP Servers in OutSystems Platform
byOzanCali
 
GET /Ready How to master being a Master of Ceremonies (MC)
byImma Valls Bernaus
 
40m_wAIred_DigitalPlatformRabobank_10022026.pptx
bySimonedeGijt
 
Jira, Powered by Enterprise-Grade Intelligence from NeoroTalks.pdf
byNeoro Talks
 
Langchain4J – An Introduction for Impatient Developers
byJuarez Junior
 
Doctor On Call App Development for Digital Healthcare.
byV3CUBE TECHNOLABS
 
Versnel innovatie met GitHub Enterprise - Rick Smit GitHub
byDelta-N
 
Supercharging Grafana with Community Plugins
byImma Valls Bernaus
 
Powering Spring AI with Model Context Protocol Integration
byJuarez Junior
 
Lost Android Phone Recovery_ Steps That Work Fast.pdf
byIsabella Reed
 
Routing Guidelines: Unlocking Smarter Query Routing in MySQL Architectures
byMiguel Araújo
 
Building production-ready AI Agents with Strands Agents and Amazon Bedrock Ag...
byVadym Kazulkin
 
Ready, Set, REST! Introducing MySQL's Built-In REST Service
byMiguel Araújo
 
How CFD Simulations Support Sustainable Data Center Design Optimization
byWeb Synergies
 

NGINX Plus R19 : EMEA

  • 1.
    NGINX Plus R19 NewFeatures & Highlights 1
  • 2.
    MORE INFORMATION ATNGINX.COM Agenda • Introducing NGINX and F5 Networks • New features in NGINX Plus R19 - Monitoring and observability - Dry-run mode for rate limiting - Dynamic bandwidth limiting • Summary and Q&A 2 Liam Crilly Director, Product Management, NGINX l.crilly@f5.com @liamcrilly
  • 3.
    3 “... when Istarted NGINX, I focused on a very specific problem – how to handle more customers per a single server.” - Igor Sysoev, NGINX creator and founder
  • 4.
    Introducing NGINX 4 2004 • NGINX0.1 2007 • “Viable” 2011 • NGINX, Inc. • NGINX 1.0 2013 • NGINX Plus R1 2018 • NGINX Unit 1.0 • Controller 1.0 2019 • Controller 2.0 (API mgmt.) • NGINX Plus R19 • Acquired by F5 Networks
  • 5.
    Source: W3Techs Webserver ranking, 15-Oct-2019 #1“Most websites use NGINX” The busiest sites choose NGINX 33% 37% 41% 42% Top 1M Top 100K Top 10K Top 1K Source: Netcraft April 2019 Web Server Survey
  • 7.
    What is NGINX? Internet WebServer Serve content from disk Reverse Proxy FastCGI, uWSGI, gRPC… Load Balancer Caching, SSL termination… HTTP traffic - Basic load balancer - Content Cache - Web Server - Reverse Proxy - SSL termination - Rate limiting - Basic authentication - 7 metrics NGINX Open Source NGINX Plus + Advanced load balancer + Health checks + Session persistence + Least time algos + Cache purging + HA/Clustering + JWT Authentication + OpenID Connect SSO + NGINX Plus API + Key-value store + Dynamic modules + 90+ metrics
  • 8.
    Previously on NGINXPlus R18 • Dynamic SSL/TLS certificate loading – provisioning options: ◦ Copy to NGINX without configuration reload ◦ POST to key-value store through the NGINX Plus API so that private key is never-on-disk • OpenID Connect enhancements ◦ Opaque session tokens with key-value store as JWT cache for enhanced security ◦ https://github.com/nginxinc/nginx-openid-connect for our OIDC reference implementation • Port ranges for virtual servers ◦ Support a broader range of applications • Define health checks by testing the value of any variables ◦ Increased flexibility in active health checks Visit https://www.nginx.com/blog/nginx-plus-r18-released/ for all details
  • 10.
    Monitoring and observability R19 Perlocation metrics •Collect metrics anywhere DNS resolver metrics •Track DNS request types and error responses Extended Activity Dashboard •Live dashboard extended to include the new metrics and cluster-wide state sharing Prometheus Module •Export NGINX Plus metrics to Prometheus Rate limiting in dry-run mode •Log excessive requests without enforcing the rate limit
  • 11.
    Per-location metrics 11 • Justuse status_zone anywhere! • Differentiate multiple apps on same hostname • Debug complex rewrites (did I get here?) • API endpoint /api/5/http/location_zones • Appears under “HTTP Zones” in dashboard server { listen 80; server_name www.example.com; status_zone www.example.com; # Collect metrics location / { root /var/docroot/www.example.com; } location /admin/ { status_zone www_admin; # Collect metrics if ($is_args) { status_zone www_admin_query; # Conditional } proxy_pass http://my_backend; } } NGINX Plus
  • 13.
    Resolver metrics 13 • APIendpoint /api/5/resolvers • Single resolver directive may specifiy multiple DNS servers ◦ Metrics collected under single status_zone resolver 8.8.8.8 8.8.4.4 valid=5s status_zone=google8888; resolver_timeout 10ms; upstream f1_api { zone f1_api 64k; server ergast.com resolve; } server { listen 80; server_name api.example.com; location /api/f1/ { proxy_pass http://f1_api; } location / { resolver 1.1.1.1 valid=5s status_zone=cloudflare1111; proxy_pass http://sports.example.com; } } NGINX Plus
  • 14.
    Dashboard Update 14 • Per-locationmetrics ◦ Under “HTTP Zones” • Resolver metrics • Cluster state sharing metrics NGINX Plus
  • 15.
    Dry-run mode forrate limiting 15 • limit_req_dry_run directive • Monitors limit_req zone only • Logs excess events to error_log • Logs marked with dry run limit_req_zone $binary_remote_addr zone=ip:1m rate=1r/s; limit_req_status 429; server { listen 80; location / { limit_req_dry_run on; limit_req zone=ip burst=2 delay=1; limit_req_log_level warn; error_page 429 @too_many_requests; proxy_pass http://my_backend; add_header Duration $request_time; } } NGINX OSS
  • 17.
    Prometheus Module 17 • Exportall NGINX Plus metrics in Prometheus format • JavaScript module converts JSON to ”prom” text/plain format load_module modules/ngx_http_js_module.so; http { js_include /usr/share/nginx-plus-module-prometheus/main.js; server { location = /metrics { js_content prometheus_metrics; } } } NGINX Plus $ … install nginx-plus-module-prometheus
  • 19.
    Additional Features • Enhancementsto the Key-Value Store ◦ Support for Network Ranges – Dynamically blacklist/whitelist IP subnets using CIDR annotations. ◦ Entry Expiration Timeouts – Set specific timeouts for individual Key-Value store entries. • Apply bandwidth limits based on attributes of incoming traffic ◦ limit_rate directive – Sets the rate (in bytes per second) that NGINX Plus will issue an HTTP response back to the client. ◦ limit_rate_after directive – Sets the number of bytes NGINX sends before the rate is applied.
  • 20.
    Keyval with networks 20 •type=ip parameter to keyval_zone • curl -X POST -d '{"192.168.13.0/24":"1"}' http://localhost:8080/api/5/h ttp/keyvals/whitelist keyval_zone zone=whitelist:128K type=ip timeout=2m; keyval $remote_addr $client_net zone=whitelist; server { listen 80; location / { default_type text/plain; if ($client_net) { return 200 'Hello $remote_addr you are from $client_netn'; } return 403 'Goodbye $remote_addr, you are not on the listn'; } } NGINX Plus
  • 21.
    Dynamic Bandwith Limits 21 •Limit bandwith based on TLS version • Apply rate limit after headers are sent back to the client map $ssl_protocol $response_rate { "TLSv1.1" 10k; "TLSv1.2" 100k; "TLSv1.3" 1000k; } server { listen 443 ssl; ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3; ssl_certificate /etc/ssl/nginx/example.crt; ssl_certificate_key /etc/ssl/nginx/example.key; location / { limit_rate $response_rate; limit_rate_after 512; proxy_pass http://my_backend; } } NGINX OSS
  • 23.
    Summary • Per-location metrics •Resolver metrics • Dashboard updated with new metrics, and zone_sync • Prometheus module • Dry-run mode for rate limiting • CIDR notation for keyval (type=ip) • Per-entry timeout for keyval • Variables support for bandwidth limiting
  • 24.