NGINX, Inc. is proud to announce the availability of NGINX Plus Release 8 (R8), the latest release of our application delivery platform. Prominent among the features in NGINX Plus R8 is the OAuth Technology Preview, an implementation of OAuth-based authentication. OAuth 2.0 is the industry standard for authentication and authorization. It can be used to add Single Sign On (SSO) to your applications as well as control access to your APIs.
In addition, this release includes a fully production-ready and hardened implementation of HTTP/2, a persistent on-the-fly reconfiguration API, scalable caching for large video files, and many more features to ensure flawless application delivery.
The key new features in NGINX Plus R8 are:
-
OAuth Technology Preview – OAuth 2.0 has become the industry standard for managing user identity on the Internet. When you use your Facebook or Google account to log in to another website, OAuth is brokering that transaction behind the scenes. OAuth defines how log-in details stored by an authentication server, such as Facebook or Google, are securely exchanged with resource servers such as Spotify, Airbnb, and many others. OAuth greatly improves the user experience, as users no longer have to maintain a separate login and password for each website they use, and improves security by reducing the number of separate (and potentially hackable) authentication systems.
As a reverse proxy and load balancer, NGINX Plus sits in front of applications, and is ideally positioned to simplify application development by offloading OAuth processing from application servers. In the OAuth Technology Preview (OTP), we’re sharing a candidate implementation of OAuth 2.0. We welcome your feedback on how NGINX Plus can help to offload and streamline complex authentication tasks.
-
Fully production-ready HTTP/2 implementation – In NGINX Plus R7 we introduced support for HTTP/2 less than seven months after the protocol was ratified. NGINX is now the #1 web server for HTTP/2. Our development efforts didn’t end with that release, and we’ve continued working hard to improve our implementation. With NGINX Plus R8, we’re proud to provide a fully supported, production-ready and hardened implementation of the HTTP/2 standard.
HTTP/2 improves performance of websites by up to 30%. With NGINX Plus R8 you can continue to add HTTP/2 support to your new and existing sites, with no changes required to your application.
-
Persistent on-the-fly reconfiguration API – With NGINX Plus’ on-the-fly reconfiguration API, you can add or remove upstream servers without restarting NGINX Plus or manually modifying and reloading the configuration file. This is a great feature for autoscaling and service discovery, enabling you to modify the load balancing pool on demand. Starting with NGINX Plus R8, the changes you make with the API can persist across a restart or configuration reload.
With this update to the API, you can make permanent changes to your NGINX Plus load-balancing configuration, adding and removing servers and changing their load balancing priorities. Using this easily-secured API, changes can be made as frequently as needed.
- Scalable caching for large video files – With NGINX Plus R8 we’ve improved our scalable content cache to better handle large video files, such as HTML5 video. Rather than store the entire video file as a single cache entry, NGINX Plus breaks it up into smaller fragments and then caches those fragments. Structuring the cache in this way better aligns to how users consume video on the Internet (fast forwarding, ending early, etc.), and reduces user latency as well as network traffic to and from origin servers.
NGINX Plus R8 Features in Detail
This section provides a detailed overview of all the new features and functionality in NGINX Plus R8.
OAuth Technology Preview
OAuth 2.0 has emerged as the common standard for managing user authentication and access controls on the web. Rather than having a separate account and password for each app we use, we store our relevant information with a central authentication server, such as Facebook or Google. A resource server, such as a music streaming service, then gets our personal information from the authentication server, including whether or not we authenticated successfully. OAuth defines the protocol for exchanging this information securely between the authentication server and the resource server.
OAuth uses an access token to represent the user’s personal information. If users attempt to access an OAuth-enabled site without a valid access token, they are first redirected to the authentication server to log in and obtain the access token. The authentication server then redirects them back to the original resource server, now with the access token. The resource server then validates the access token with the authentication server before granting access.
With NGINX Plus R8 you can add OAuth support to your existing sites and apps with ease. NGINX Plus performs the OAuth authentication procedure and returns the access token in the form of HTTP headers that your application already understands. This means that your application code does not have to implement any of the OAuth protocol flow.
If a user attempts to access a restricted resource without a valid token, NGINX Plus redirects the user to your login page, which in turn can offer the user a choice of authentication servers from which to obtain the token. NGINX Plus also validates the token before resubmitting the request to the application. Offloading this work to NGINX Plus reduces the load on application servers, and enables developers to focus on core application logic rather than supporting OAuth in each application.
Production-Ready HTTP/2 Implementation
HTTP/2 is the latest version of the HTTP protocol. It fixes a lot of the problems in the original version of the HTTP protocol, leading to better overall performance and more efficient resource utilization.
The usage of HTTP/2 has been steadily increasing since the standard was ratified in February 2015. As of this writing, 6% of all websites use HTTP/2 and 69% of users on the Internet use a browser that supports HTTP/2.
With NGINX Plus R8, you are getting the most battle-tested, stable, and reliable implementation of HTTP/2 available today. 71% of HTTP/2-enabled websites are powered by NGINX and NGINX Plus, and we’ve incorporated feedback from our early adopters into the product. Our HTTP/2 implementation is fully supported for production use and can scale to handle the toughest workloads.
NGINX Plus acts as an “HTTP/2 gateway” to ease transition to the new protocol. On the frontend, NGINX Plus talks HTTP/2 to client web browsers that support it. On the backend, NGINX Plus talks HTTP/1.x (or FastCGI, SCGI, uwsgi, etc.), just as before. In between, NGINX Plus translates between HTTP/2 and HTTP/1.x (or FastCGI, etc). This means that servers and applications proxied by NGINX Plus are unaffected by the move to HTTP/2, and don’t really even need to know whether their clients are using HTTP/2. Websites and applications that service HTTP/2 clients must use TLS/SSL, however, as required by all web browsers that support HTTP/2.
The only NGINX Plus or NGINX configuration change you need to make is adding the http2
parameter to listen
directives:
listen 443 ssl http2 default_server;
For more details on HTTP/2 in NGINX Plus and NGINX, please see our white paper and on-demand webinar.
Persistent On-the-Fly Reconfiguration
NGINX Plus provides an HTTP-based API for adding, removing, and modifying backend servers dynamically and without having to reload the configuration. This is a great feature for service discovery, autoscaling, and other applications that require adding and removing servers on demand.
With NGINX Plus R8, changes made using this API can now be persistent across NGINX Plus restarts and configuration reloads. Add the new state
directive in an upstream
block to name the file in which NGINX Plus stores state information for the servers in the upstream group. Changes that you make with the on-the-fly reconfiguration API are recorded in the file. NGINX Plus reads the file at startup, which is how your changes persist across restarts.
upstream backend {
zone backend 64k;
state /etc/nginx/conf.d/backend.state;
}
Scalable Caching for Large Video Files
Caching is one of the quickest ways to accelerate delivery of web content. Not only does caching place content closer to the end user, reducing latency, it also reduces the number of requests to the upstream origin server, lowering bandwidth usage and effectively increasing capacity. Video, especially HTML5 video, is a prime target for caching, because the content is static and tends to be heavily requested when first published.
With HTML5 video, the browser pseudostreams content by making HTTP byte-range requests. It requests the first minute of video, for example, and then the second minute, and so on. Streaming in this way also makes it easy to implement fast-forward and rewind functionality, as the browser can just skip over sections of video it doesn’t need, instead beginning the requested byte range at the point the user fast-forwarded or rewinded to.
NGINX Plus R8 includes the new Slice module to better support this style of browser-server interaction for cached video files. The module breaks up files into smaller fragments and then caches those fragments. Structuring the cache in this way better aligns with modern video streaming techniques, such as those used by HTML5 video.
To enable cache slicing, include the slice
directive:
proxy_cache_path /tmp/mycache keys_zone=mycache:10m;
location / {
slice 1m;
proxy_cache mycache;
proxy_cache_key $uri$is_args$args$slice_range;
proxy_set_header Range $slice_range;
proxy_cache_valid 200 206 1h;
proxy_pass http://localhost:8000;
}
In this sample configuration, NGINX Plus breaks video files into 1-MB fragments. You must also set the cache key to differentiate between the fragments of the original file, by including the proxy_cache_key
directive with the new $slice_range
variable in the defined key. Also include the proxy_set_header
directive to overwrite the Range
header in the HTTP request with $slice_range
. This is required because the byte range requested by the client might not line up with the boundaries between the fragments created by NGINX Plus, in which case NGINX Plus needs to make multiple subrequests to get all the data in the client’s byte-range request.
Additional Features
NGINX Plus R8 also introduces a number of additional improvements to aid you in flawless application delivery, including:
-
More flexible health checks for complex applications. By default, NGINX Plus sends health-check messages to the port specified by the
server
directive in theupstream
block. With NGINX Plus R8 you can now specify an alternate port for a given service. This is particularly helpful when monitoring the health of many services on the same host.Include the new
port
parameter to thehealth_check
directive:location / {
proxy_pass http://backend;
health_check port=8080;
} -
By default, NGINX Plus now caches HTTP
HEAD
requests (it converts them toGET
requests before caching them). To disable this type of caching, include theproxy_cache_convert_head
off
directive.A
HEAD
request is identical to a standardGET
request, except that the response body is not returned.HEAD
requests are useful for testing links for validity, accessibility, and recent modification. - A new variable,
$realip_remote_addr
, captures the original client IP address based on the contents of theX-REAL-IP
header. This is useful for logging requests when NGINX Plus is behind a proxy, because you can log the real client IP address instead of the proxy’s IP address. - The new
nohostname
parameter to theaccess_log
anderror_log
directives disables logging of the hostname field to syslog; the hostname is unnecessary when logging to a local syslog server.
The following modules in the NGINX Plus Extras package have been updated:
- The Headers-More module is updated to 0.28
- The Lua module is updated to 0.9.20
- The Phusion Passenger Open Source module is updated to 5.0.22
- The Redis module is updated to 0.21
The following packages are no longer available:
- nginx-plus-http2 – HTTP/2 support is now rolled into the nginx-plus and nginx-plus-extras packages. NGINX Plus no longer supports SPDY.
- nginx-plus-lua – For Lua support, please use the nginx-plus-extras package.
Upgrade or Try NGINX Plus
If you’re running NGINX Plus, we strongly encourage you to upgrade to Release 8 as soon as possible. You’ll pick up a number of fixes and improvements, and it will help us to help you if you need to raise a support ticket. Installation and upgrade instructions can be found at the customer portal.
If you’ve not tried NGINX Plus, we encourage you to try it out for web acceleration, load balancing, and application delivery, or as a fully supported web server with enhanced monitoring and management APIs. You can get started for free today with a 30-day evaluation and see for yourself how NGINX Plus can help you deliver and scale out your applications.
The post Announcing NGINX Plus R8 appeared first on NGINX.
Source: nginx