NI
Uploaded byNGINX, Inc.
PPTX, PDF143 views

NGINX Plus R20 Webinar EMEA

The document outlines the new features and improvements introduced in NGINX Plus R20, including enhanced monitoring and logging capabilities, rate limiting in dry-run mode, dynamic bandwidth control, and key-value store enhancements. It also highlights the support for multiple DNS resolvers per upstream group, security improvements for HTTP/2, and updates to NGINX's scripting language, njs. Notable features include real-time connection limiting metrics and the ability to dynamically route Layer 7 traffic with prefix matching.

Embed presentation

Downloaded 25 times
NGINX Plus R20 NEW FEATURES AND HIGHLIGHTS Liam Crilly Director, Product Management 22-Jan-2020
NGINX Overview UNIFIED APPLICATION DELIVERY AND API MANAGEMENT SOLUTION
Internet Web Server Serve content from disk Reverse Proxy FastCGI, uWSGI, gRPC… Load Balancer Caching, SSL termination… HTTP traffic - Basic load balancer - Content Cache - Web Server - Reverse Proxy - SSL termination - Rate limiting - Basic authentication - 7 metrics NGINX Open Source NGINX Plus + Advanced load balancer + Health checks + Session persistence + Least time algos + Cache purging + HA/Clustering + JWT Authentication + OpenID Connect SSO + NGINX Plus API + Key-value store + Dynamic modules + 90+ metrics What is NGINX?
4 “... when I started NGINX, I focused on a very specific problem – how to handle more customers per a single server.” - Igor Sysoev, NGINX creator and founder
Introducing NGINX 5 2004 • NGINX 0.1 2007 • “Viable” e” 2011 • NGINX, Inc. Inc. • NGINX 1.0 2013 • NGINX Plus R1 R1 2018 • NGINX Unit 1.0 • Controller 1.0 2019 • Controller 2.0 2.0 (API mgmt.) • Acquired by F5 Networks • NGINX Plus R20
Previously on… • More flexible monitoring ◦ Finer-grained insight and analysis of metrics - Location block - DNS lookup activity - Cluster state sharing. ◦ Metrics can be exported in Prometheus or JSON format. ◦ Live dashboard is extended to include additional metrics. • Rate limiting in dry-run mode ◦ Recognize and log the effects of rate limits without applying it in production • Dynamic bandwidth control ◦ Set bandwidth limits based on attributes of incoming requests • Enhancements to the Key-Value Store ◦ Entries support IP subnets with CIDR annotation for dynamic whitelisting/blacklisting Watch On Demand: search “r19 webinar” at nginx.com
NGINX Plus R20 Overview • Real-time monitoring and logging of rate/connection limiting activity ◦ Get real-time data on request/connection limiting with the NGINX Plus API • Key-Value prefix matching ◦ Dynamically route L7 traffic with prefix matching • Support for DNS resolver per upstream group ◦ Designate a DNS resolver for each upstream group giving more control to backend service owners • Extract PROXY Protocol server metadata ◦ New NGINX variables included that capture information of the originating client and TCP proxies • Security improvements for HTTP/2
Rate limit metrics and logging 8 • Each request can either be passed, delayed, or rejected • All requests not passed are logged in the reject.log file • All requests are logged in the access.log file • API endpoint* /api/6/http/limit_reqs limit_req_zone $request_uri zone=by_uri:10m rate=1r/s; log_format kv 'client=$remote_addr uri=$request_uri' 'limit_req=$limit_req_status'; map $limit_req_status $in_excess { default 1; PASSED 0; } server { listen 80; location /by-uri/burst5_nodelay { limit_req zone=by_uri burst=5 nodelay; limit_req_dry_run on; proxy_pass http://my_backend; } access_log /var/log/nginx/access.log main; access_log /var/log/nginx/reject.log kv if=$in_excess; } *NGINX Plus
Connection Metrics and Logging 9 • Connections can either get passed or rejected • API endpoint* /api/6/http/limit_conns • Extended with the same enhancements to rate limiting in R19 ◦ Dry run mode ◦ New $limit_conn_status variable limit_conn_zone $realip_remote_addr zone=by_ip:2m; server { listen 80; location / { limit_conn_by_ip 10; limit_conn_dry_run on; if ($limit_conn_status = REJECTED_DRY_RUN) { limit_rate 100; } proxy_pass http://my_backend; } } *NGINX Plus
Keyval prefix match 11 • type=prefix parameter to keyval_zone • Ideal for matching on URI paths • Dynamic routing tables and more keyval_zone zone=paths:128K type=prefix timeout=2m; keyval $uri $cache_control_dir zone=paths; server { listen 80; location / { proxy_pass http://my_backend add_header Cache-Control $cache_control_dir } } NGINX Plus
DNS Resolvers per Upstream 13 • Different DNS servers or registries are designated to each upstream group Note: We are including the status_zone parameter for monitoring resolver activity upstream website { zone website 64k; resolver 192.168.56.101 valid=300s status_zone=website; resolver_timeout 5s; server www-backend.prod.example.com resolve; } upstream mobile { zone mobile_app 64k; resolver 192.168.57.55 192.168.57.56 status_zone=consul; resolver_timeout 10s; server mobile.prod.example.com resolve; } server { listen 443 ssl; ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3; ssl_certificate /etc/ssl/nginx/example.crt; ssl_certificate_key /etc/ssl/nginx/example.key; location / { proxy_pass http://website; } } NGINX Plus
Additional Features • HTTP/2 improvements • Variables for PROXY Protocol ◦ $proxy_protocol_server_addr – IP address of the proxy server to which client originally connected to. ◦ $proxy_protocol_server_port – Port of proxy server to which the client connected to. • NJS features and improvements added ◦ https://www.nginx.com/blog/introduction-nginscript/ ◦ https://www.nginx.com/en/docs/njs/index.html
Summary • Monitoring and logging rate/connection limiting metrics with the NGINX Plus API • Dry-run for connection limiting • Prefix matching for keyval (type=prefix) • DNS resolver per upstream group • Variables capturing metadata of the PROXY protocol • Security improvements with HTTP/2 • Supporting more JavaScript objects with njs
NGINX Plus R20 Webinar EMEA

More Related Content

PPTX
NGINX as a Content Cache
byNGINX, Inc.
 
PDF
NGINX: Basics and Best Practices EMEA
byNGINX, Inc.
 
PPTX
NGINX Plus R20 Webinar
byNGINX, Inc.
 
PDF
Kubernetes Networking
byNGINX, Inc.
 
PPTX
What's new in NGINX Plus R19
byNGINX, Inc.
 
PPTX
Migrating from BIG-IP Deployment to NGINX ADC
byNGINX, Inc.
 
PDF
Architecting for now & the future with NGINX London April 19
byNGINX, Inc.
 
PPTX
NGINX: High Performance Load Balancing
byNGINX, Inc.
 
NGINX as a Content Cache
byNGINX, Inc.
 
NGINX: Basics and Best Practices EMEA
byNGINX, Inc.
 
NGINX Plus R20 Webinar
byNGINX, Inc.
 
Kubernetes Networking
byNGINX, Inc.
 
What's new in NGINX Plus R19
byNGINX, Inc.
 
Migrating from BIG-IP Deployment to NGINX ADC
byNGINX, Inc.
 
Architecting for now & the future with NGINX London April 19
byNGINX, Inc.
 
NGINX: High Performance Load Balancing
byNGINX, Inc.
 

What's hot

PPTX
MRA AMA Part 10: Kubernetes and the Microservices Reference Architecture
byNGINX, Inc.
 
PDF
NGINX ADC: Basics and Best Practices – EMEA
byNGINX, Inc.
 
PPTX
Session: A Reference Architecture for Running Modern APIs with NGINX Unit and...
byNGINX, Inc.
 
PDF
NGINX Controller: Configuration, Management, and Troubleshooting at Scale – EMEA
byNGINX, Inc.
 
PDF
NGINX ADC: Basics and Best Practices
byNGINX, Inc.
 
PPTX
Global Server Load Balancing with NS1 and NGINX
byNGINX, Inc.
 
PDF
From Code to Customer with F5 and NGNX London Nov 19
byNGINX, Inc.
 
PPTX
Dynamic SSL Certificates and Other New Features in NGINX Plus R18 and NGINX O...
byNGINX, Inc.
 
PPTX
What’s New in NGINX Plus R16?
byNGINX, Inc.
 
PPTX
NGINX Basics: Ask Me Anything – EMEA
byNGINX, Inc.
 
PDF
NGINX: HTTP/2 Server Push and gRPC – EMEA
byNGINX, Inc.
 
PDF
Using NGINX and NGINX Plus as a Kubernetes Ingress
byKevin Jones
 
PDF
NGINX Ingress Controller for Kubernetes
byNGINX, Inc.
 
PPTX
Nginx Deep Dive Kubernetes Ingress
byKnoldus Inc.
 
PDF
NGINX Microservices Reference Architecture: What’s in Store for 2019 – EMEA
byNGINX, Inc.
 
PDF
NGINX Plus R19 : EMEA
byNGINX, Inc.
 
PPTX
What’s New in NGINX Ingress Controller for Kubernetes Release 1.5.0
byNGINX, Inc.
 
PDF
How to Get Started With NGINX
byNGINX, Inc.
 
PPTX
What's New in NGINX Plus R10?
byNGINX, Inc.
 
PPTX
What’s New in NGINX Plus R15?
byNGINX, Inc.
 
MRA AMA Part 10: Kubernetes and the Microservices Reference Architecture
byNGINX, Inc.
 
NGINX ADC: Basics and Best Practices – EMEA
byNGINX, Inc.
 
Session: A Reference Architecture for Running Modern APIs with NGINX Unit and...
byNGINX, Inc.
 
NGINX Controller: Configuration, Management, and Troubleshooting at Scale – EMEA
byNGINX, Inc.
 
NGINX ADC: Basics and Best Practices
byNGINX, Inc.
 
Global Server Load Balancing with NS1 and NGINX
byNGINX, Inc.
 
From Code to Customer with F5 and NGNX London Nov 19
byNGINX, Inc.
 
Dynamic SSL Certificates and Other New Features in NGINX Plus R18 and NGINX O...
byNGINX, Inc.
 
What’s New in NGINX Plus R16?
byNGINX, Inc.
 
NGINX Basics: Ask Me Anything – EMEA
byNGINX, Inc.
 
NGINX: HTTP/2 Server Push and gRPC – EMEA
byNGINX, Inc.
 
Using NGINX and NGINX Plus as a Kubernetes Ingress
byKevin Jones
 
NGINX Ingress Controller for Kubernetes
byNGINX, Inc.
 
Nginx Deep Dive Kubernetes Ingress
byKnoldus Inc.
 
NGINX Microservices Reference Architecture: What’s in Store for 2019 – EMEA
byNGINX, Inc.
 
NGINX Plus R19 : EMEA
byNGINX, Inc.
 
What’s New in NGINX Ingress Controller for Kubernetes Release 1.5.0
byNGINX, Inc.
 
How to Get Started With NGINX
byNGINX, Inc.
 
What's New in NGINX Plus R10?
byNGINX, Inc.
 
What’s New in NGINX Plus R15?
byNGINX, Inc.
 

Similar to NGINX Plus R20 Webinar EMEA

PDF
What’s New in NGINX Plus R16? – EMEA
byNGINX, Inc.
 
PPTX
What's New in NGINX Plus R7?
byNGINX, Inc.
 
PPTX
What's New in NGINX Plus R8
byNGINX, Inc.
 
PPTX
NGINX Plus R18: What's new
byNGINX, Inc.
 
PPTX
NGINX Lunch and Learn Event: Kubernetes and the NGINX Plus Ingress controller
byKatherine Bagood
 
PPTX
Flawless Application Delivery with NGINX Plus
byPeter Guagenti
 
PPTX
What's new in NGINX Plus R9
byNGINX, Inc.
 
PPTX
Accelerating Your Web Application with NGINX
byKevin Jones
 
PDF
NGINX: The Past, Present and Future of the Modern Web
byKevin Jones
 
PDF
ITB2017 - Nginx ppf intothebox_2017
byOrtus Solutions, Corp
 
PDF
Kubernetes and the NGINX Plus Ingress Controller
byKatherine Bagood
 
PPTX
3 Ways to Automate App Deployments with NGINX
byNGINX, Inc.
 
PDF
What’s New in NGINX Plus R15? - EMEA
byNGINX, Inc.
 
PPTX
Accélérez vos déploiements applicatifs avec NGINX Controller
byNGINX, Inc.
 
PPTX
Using an API Gateway for Microservices
byNGINX, Inc.
 
PDF
What's New in NGINX Plus R12?
byNGINX, Inc.
 
PPTX
Building a Secure, Performant Network Fabric for Microservice Applications
byinovia
 
PPTX
NGINX: High Performance Load Balancing
byNGINX, Inc.
 
PPTX
Maximizing PHP Performance with NGINX
byNGINX, Inc.
 
PDF
Complete-NGINX-Cookbook-2019.pdf
byTomaszWojciechowski22
 
What’s New in NGINX Plus R16? – EMEA
byNGINX, Inc.
 
What's New in NGINX Plus R7?
byNGINX, Inc.
 
What's New in NGINX Plus R8
byNGINX, Inc.
 
NGINX Plus R18: What's new
byNGINX, Inc.
 
NGINX Lunch and Learn Event: Kubernetes and the NGINX Plus Ingress controller
byKatherine Bagood
 
Flawless Application Delivery with NGINX Plus
byPeter Guagenti
 
What's new in NGINX Plus R9
byNGINX, Inc.
 
Accelerating Your Web Application with NGINX
byKevin Jones
 
NGINX: The Past, Present and Future of the Modern Web
byKevin Jones
 
ITB2017 - Nginx ppf intothebox_2017
byOrtus Solutions, Corp
 
Kubernetes and the NGINX Plus Ingress Controller
byKatherine Bagood
 
3 Ways to Automate App Deployments with NGINX
byNGINX, Inc.
 
What’s New in NGINX Plus R15? - EMEA
byNGINX, Inc.
 
Accélérez vos déploiements applicatifs avec NGINX Controller
byNGINX, Inc.
 
Using an API Gateway for Microservices
byNGINX, Inc.
 
What's New in NGINX Plus R12?
byNGINX, Inc.
 
Building a Secure, Performant Network Fabric for Microservice Applications
byinovia
 
NGINX: High Performance Load Balancing
byNGINX, Inc.
 
Maximizing PHP Performance with NGINX
byNGINX, Inc.
 
Complete-NGINX-Cookbook-2019.pdf
byTomaszWojciechowski22
 

More from NGINX, Inc.

PDF
【NGINXセミナー】 Ingressを使ってマイクロサービスの運用を楽にする方法
byNGINX, Inc.
 
PDF
【NGINXセミナー】 NGINXのWAFとは?その使い方と設定方法 解説セミナー
byNGINX, Inc.
 
PDF
【NGINXセミナー】API ゲートウェイとしてのNGINX Plus活用方法
byNGINX, Inc.
 
PPTX
Get Hands-On with NGINX and QUIC+HTTP/3
byNGINX, Inc.
 
PPTX
Managing Kubernetes Cost and Performance with NGINX & Kubecost
byNGINX, Inc.
 
PDF
Manage Microservices Chaos and Complexity with Observability
byNGINX, Inc.
 
PDF
Accelerate Microservices Deployments with Automation
byNGINX, Inc.
 
PDF
Unit 2: Microservices Secrets Management 101
byNGINX, Inc.
 
PDF
Unit 1: Apply the Twelve-Factor App to Microservices Architectures
byNGINX, Inc.
 
PDF
NGINX基本セミナー(セキュリティ編)~NGINXでセキュアなプラットフォームを実現する方法!
byNGINX, Inc.
 
PDF
Easily View, Manage, and Scale Your App Security with F5 NGINX
byNGINX, Inc.
 
PDF
NGINXセミナー(基本編)~いまさら聞けないNGINXコンフィグなど基本がわかる!
byNGINX, Inc.
 
PDF
Keep Ahead of Evolving Cyberattacks with OPSWAT and F5 NGINX
byNGINX, Inc.
 
PPTX
Install and Configure NGINX Unit, the Universal Application, Web, and Proxy S...
byNGINX, Inc.
 
PPTX
Protecting Apps from Hacks in Kubernetes with NGINX
byNGINX, Inc.
 
PPTX
NGINX Kubernetes API
byNGINX, Inc.
 
PPTX
Successfully Implement Your API Strategy with NGINX
byNGINX, Inc.
 
PPTX
Installing and Configuring NGINX Open Source
byNGINX, Inc.
 
PPTX
Shift Left for More Secure Apps with F5 NGINX
byNGINX, Inc.
 
PPTX
How to Avoid the Top 5 NGINX Configuration Mistakes.pptx
byNGINX, Inc.
 
【NGINXセミナー】 Ingressを使ってマイクロサービスの運用を楽にする方法
byNGINX, Inc.
 
【NGINXセミナー】 NGINXのWAFとは?その使い方と設定方法 解説セミナー
byNGINX, Inc.
 
【NGINXセミナー】API ゲートウェイとしてのNGINX Plus活用方法
byNGINX, Inc.
 
Get Hands-On with NGINX and QUIC+HTTP/3
byNGINX, Inc.
 
Managing Kubernetes Cost and Performance with NGINX & Kubecost
byNGINX, Inc.
 
Manage Microservices Chaos and Complexity with Observability
byNGINX, Inc.
 
Accelerate Microservices Deployments with Automation
byNGINX, Inc.
 
Unit 2: Microservices Secrets Management 101
byNGINX, Inc.
 
Unit 1: Apply the Twelve-Factor App to Microservices Architectures
byNGINX, Inc.
 
NGINX基本セミナー(セキュリティ編)~NGINXでセキュアなプラットフォームを実現する方法!
byNGINX, Inc.
 
Easily View, Manage, and Scale Your App Security with F5 NGINX
byNGINX, Inc.
 
NGINXセミナー(基本編)~いまさら聞けないNGINXコンフィグなど基本がわかる!
byNGINX, Inc.
 
Keep Ahead of Evolving Cyberattacks with OPSWAT and F5 NGINX
byNGINX, Inc.
 
Install and Configure NGINX Unit, the Universal Application, Web, and Proxy S...
byNGINX, Inc.
 
Protecting Apps from Hacks in Kubernetes with NGINX
byNGINX, Inc.
 
NGINX Kubernetes API
byNGINX, Inc.
 
Successfully Implement Your API Strategy with NGINX
byNGINX, Inc.
 
Installing and Configuring NGINX Open Source
byNGINX, Inc.
 
Shift Left for More Secure Apps with F5 NGINX
byNGINX, Inc.
 
How to Avoid the Top 5 NGINX Configuration Mistakes.pptx
byNGINX, Inc.
 

Recently uploaded

PPTX
Fast-tracking quality for hundreds applications with automated testing layers
byBogdan Plieshka
 
PDF
DSD-INT 2025 Latest Developments for HydroMT and wflow - Meshgi
byDeltares
 
PPTX
AI Clinic Management Software for Pulmonology Clinics Bringing Clarity, Contr...
byEasy Clinic
 
PPTX
NSF Converter Software to Convert NSF to PST, EML, MSG
byNSF Converter Software
 
PDF
Using Agentic RAG for Research - Demonstration of NotebookLM
byRathish Chandra Gatti,Ph.D
 
PPTX
Code Assessment Tools .pptx
byCodexpro
 
PDF
Virtual Study Circles Innovative Ways to Collaborate Online.pdf
byExplain Learning
 
PPTX
Computer_Virus_Presentation_With_Slide7.pptx
byHEVISLIVE
 
PDF
How NetSuite Cloud ERP Helps Businesses Overcome Legacy System Downtime.
byTechWize
 
PDF
DSD-INT 2025 Managing low flows in the International Meuse Basin with Nature-...
byDeltares
 
PPTX
AI Agent Overview - Why we need AI Agent
byAlokGope
 
PPTX
OTT Content Analytics Enhanced by ALTBalaji Data Scraping.pptx
byyashpatric
 
PDF
DSD-INT 2025 Hydrological Modelling in Society Assumptions, Impacts, and Appl...
byDeltares
 
PPTX
SAP FICO Training Agenda for new learners
bysasidhar unnagiri
 
PDF
Design and Analysis of Algorithms(DAA): Unit-II Asymptotic Notations and Basi...
byKuvempu University
 
PDF
DSD-INT 2025 Introduction to Hydrology Suite - Slootjes
byDeltares
 
PDF
BCS-FACS Peter Landin Semantics Seminar - Formal Methods: Whence and Whither?
byJonathan Bowen
 
PDF
Jeremy Millul - An NYU Computer Science Graduate
byJeremy Millul
 
PDF
From Experiment to Enterprise: Scaling AI Coding Assistants Across Engineerin...
byMaxim Salnikov
 
PPTX
SNG460-CNG489_Week8_17-21Nov25_Chp8-OdtuClass.pptx
byberayseray382
 
Fast-tracking quality for hundreds applications with automated testing layers
byBogdan Plieshka
 
DSD-INT 2025 Latest Developments for HydroMT and wflow - Meshgi
byDeltares
 
AI Clinic Management Software for Pulmonology Clinics Bringing Clarity, Contr...
byEasy Clinic
 
NSF Converter Software to Convert NSF to PST, EML, MSG
byNSF Converter Software
 
Using Agentic RAG for Research - Demonstration of NotebookLM
byRathish Chandra Gatti,Ph.D
 
Code Assessment Tools .pptx
byCodexpro
 
Virtual Study Circles Innovative Ways to Collaborate Online.pdf
byExplain Learning
 
Computer_Virus_Presentation_With_Slide7.pptx
byHEVISLIVE
 
How NetSuite Cloud ERP Helps Businesses Overcome Legacy System Downtime.
byTechWize
 
DSD-INT 2025 Managing low flows in the International Meuse Basin with Nature-...
byDeltares
 
AI Agent Overview - Why we need AI Agent
byAlokGope
 
OTT Content Analytics Enhanced by ALTBalaji Data Scraping.pptx
byyashpatric
 
DSD-INT 2025 Hydrological Modelling in Society Assumptions, Impacts, and Appl...
byDeltares
 
SAP FICO Training Agenda for new learners
bysasidhar unnagiri
 
Design and Analysis of Algorithms(DAA): Unit-II Asymptotic Notations and Basi...
byKuvempu University
 
DSD-INT 2025 Introduction to Hydrology Suite - Slootjes
byDeltares
 
BCS-FACS Peter Landin Semantics Seminar - Formal Methods: Whence and Whither?
byJonathan Bowen
 
Jeremy Millul - An NYU Computer Science Graduate
byJeremy Millul
 
From Experiment to Enterprise: Scaling AI Coding Assistants Across Engineerin...
byMaxim Salnikov
 
SNG460-CNG489_Week8_17-21Nov25_Chp8-OdtuClass.pptx
byberayseray382
 

NGINX Plus R20 Webinar EMEA

  • 1.
    NGINX Plus R20 NEWFEATURES AND HIGHLIGHTS Liam Crilly Director, Product Management 22-Jan-2020
  • 2.
    NGINX Overview UNIFIED APPLICATIONDELIVERY AND API MANAGEMENT SOLUTION
  • 3.
    Internet Web Server Serve contentfrom disk Reverse Proxy FastCGI, uWSGI, gRPC… Load Balancer Caching, SSL termination… HTTP traffic - Basic load balancer - Content Cache - Web Server - Reverse Proxy - SSL termination - Rate limiting - Basic authentication - 7 metrics NGINX Open Source NGINX Plus + Advanced load balancer + Health checks + Session persistence + Least time algos + Cache purging + HA/Clustering + JWT Authentication + OpenID Connect SSO + NGINX Plus API + Key-value store + Dynamic modules + 90+ metrics What is NGINX?
  • 4.
    4 “... when Istarted NGINX, I focused on a very specific problem – how to handle more customers per a single server.” - Igor Sysoev, NGINX creator and founder
  • 5.
    Introducing NGINX 5 2004 • NGINX 0.1 2007 •“Viable” e” 2011 • NGINX, Inc. Inc. • NGINX 1.0 2013 • NGINX Plus R1 R1 2018 • NGINX Unit 1.0 • Controller 1.0 2019 • Controller 2.0 2.0 (API mgmt.) • Acquired by F5 Networks • NGINX Plus R20
  • 6.
    Previously on… • Moreflexible monitoring ◦ Finer-grained insight and analysis of metrics - Location block - DNS lookup activity - Cluster state sharing. ◦ Metrics can be exported in Prometheus or JSON format. ◦ Live dashboard is extended to include additional metrics. • Rate limiting in dry-run mode ◦ Recognize and log the effects of rate limits without applying it in production • Dynamic bandwidth control ◦ Set bandwidth limits based on attributes of incoming requests • Enhancements to the Key-Value Store ◦ Entries support IP subnets with CIDR annotation for dynamic whitelisting/blacklisting Watch On Demand: search “r19 webinar” at nginx.com
  • 7.
    NGINX Plus R20Overview • Real-time monitoring and logging of rate/connection limiting activity ◦ Get real-time data on request/connection limiting with the NGINX Plus API • Key-Value prefix matching ◦ Dynamically route L7 traffic with prefix matching • Support for DNS resolver per upstream group ◦ Designate a DNS resolver for each upstream group giving more control to backend service owners • Extract PROXY Protocol server metadata ◦ New NGINX variables included that capture information of the originating client and TCP proxies • Security improvements for HTTP/2
  • 8.
    Rate limit metricsand logging 8 • Each request can either be passed, delayed, or rejected • All requests not passed are logged in the reject.log file • All requests are logged in the access.log file • API endpoint* /api/6/http/limit_reqs limit_req_zone $request_uri zone=by_uri:10m rate=1r/s; log_format kv 'client=$remote_addr uri=$request_uri' 'limit_req=$limit_req_status'; map $limit_req_status $in_excess { default 1; PASSED 0; } server { listen 80; location /by-uri/burst5_nodelay { limit_req zone=by_uri burst=5 nodelay; limit_req_dry_run on; proxy_pass http://my_backend; } access_log /var/log/nginx/access.log main; access_log /var/log/nginx/reject.log kv if=$in_excess; } *NGINX Plus
  • 9.
    Connection Metrics andLogging 9 • Connections can either get passed or rejected • API endpoint* /api/6/http/limit_conns • Extended with the same enhancements to rate limiting in R19 ◦ Dry run mode ◦ New $limit_conn_status variable limit_conn_zone $realip_remote_addr zone=by_ip:2m; server { listen 80; location / { limit_conn_by_ip 10; limit_conn_dry_run on; if ($limit_conn_status = REJECTED_DRY_RUN) { limit_rate 100; } proxy_pass http://my_backend; } } *NGINX Plus
  • 11.
    Keyval prefix match 11 •type=prefix parameter to keyval_zone • Ideal for matching on URI paths • Dynamic routing tables and more keyval_zone zone=paths:128K type=prefix timeout=2m; keyval $uri $cache_control_dir zone=paths; server { listen 80; location / { proxy_pass http://my_backend add_header Cache-Control $cache_control_dir } } NGINX Plus
  • 13.
    DNS Resolvers perUpstream 13 • Different DNS servers or registries are designated to each upstream group Note: We are including the status_zone parameter for monitoring resolver activity upstream website { zone website 64k; resolver 192.168.56.101 valid=300s status_zone=website; resolver_timeout 5s; server www-backend.prod.example.com resolve; } upstream mobile { zone mobile_app 64k; resolver 192.168.57.55 192.168.57.56 status_zone=consul; resolver_timeout 10s; server mobile.prod.example.com resolve; } server { listen 443 ssl; ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3; ssl_certificate /etc/ssl/nginx/example.crt; ssl_certificate_key /etc/ssl/nginx/example.key; location / { proxy_pass http://website; } } NGINX Plus
  • 14.
    Additional Features • HTTP/2improvements • Variables for PROXY Protocol ◦ $proxy_protocol_server_addr – IP address of the proxy server to which client originally connected to. ◦ $proxy_protocol_server_port – Port of proxy server to which the client connected to. • NJS features and improvements added ◦ https://www.nginx.com/blog/introduction-nginscript/ ◦ https://www.nginx.com/en/docs/njs/index.html
  • 15.
    Summary • Monitoring andlogging rate/connection limiting metrics with the NGINX Plus API • Dry-run for connection limiting • Prefix matching for keyval (type=prefix) • DNS resolver per upstream group • Variables capturing metadata of the PROXY protocol • Security improvements with HTTP/2 • Supporting more JavaScript objects with njs

Editor's Notes

  • #4 NGINX Plus gives you all the tools you need to deliver your application reliably. Web Server NGINX is a fully featured web server that can directly serve static content. NGINX Plus can scale to handle hundreds of thousands of clients simultaneously, and serve hundreds of thousands of content resources per second. Application Gateway NGINX handles all HTTP traffic, and forwards requests in a smooth, controlled manner to PHP, Ruby, Java, and other application types, using FastCGI, uWSGI, and Linux sockets. Reverse Proxy NGINX is a reverse proxy that you can put in front of your applications. NGINX can cache both static and dynamic content to improve overall performance, as well as load balance traffic enabling you to scale-out.
  • #6 NGINX 1.0 and Unit 1.0 released 12th Apr (International Day of Human Space Flight – Yuri Gagarin)
  • #9 Metrics can be collected per location blocks Allows you to debug complex rewrites Three HTTP zones defined in this configuration Metrics can be viewed from using the NGINX plus API or or in the dashboard.
  • #12 curl -X POST -d ‘{“/images/":”max-age=500"}' http://localhost:8080/api/6/http/keyvals/paths curl -X POST -d ‘{“/reports/":”no-cache"}' http://localhost:8080/api/6/http/keyvals/paths
  • #15 HTTP/2: fixed possible alert about left open socket on shutdown.This could happen when graceful shutdown configured by worker_shutdown_timeout times out and is then followed by another timeout such as proxy_read_timeout. In this case, the HEADERS frame is added to the output queue, but attempt to send it fails (due to c->error forcibly set during graceful shutdown timeout). This triggers request finalization which attempts to close the stream. But the stream cannot be closed because there is a frame in the output queue, and the connection cannot be finalized. This leaves the connection open without any timer events leading to alert.The fix is to post write event when sending output queue fails on c->error. That will finalize the connection. 4:09 AM HTTP/2: avoid segfault with unbuffered request body in error_page.If a final request body part arrived after redirect, request body handler was called one more time. This led to duplicate upstream initialization observed as "http request count is zero" alert and c->log use-after-free.
  • #16 Target release mid-December
  • #17 Sample questions here