We are excited to announce the availability of NGINX Plus Release 11 (R11). With this release we are providing a number of new features in NGINX Plus to make the product easier to extend and customize, and to support an even broader range of deployments.
NGINX Plus R11 introduces binary compatibility for dynamic modules. This means that dynamic modules that have been compiled against NGINX Open Source can be loaded into NGINX Plus.
You can leverage the large number of third‑party NGINX modules to extend and add functionality to NGINX Plus, drawing from a range of open source and commercially produced modules. Developers can create custom extensions, add‑ons, and new products based on the supported NGINX Plus core.
NGINX Plus R11 also adds a number of other enhancements:
- Improved TCP/UDP load balancing – New features include SSL server name routing, new logging functionality, additional variables, and improved PROXY protocol support. These new features enhance debugging capabilities and enable you to support a broader range of enterprise applications.
- Better geolocation by IP address – The third‑party GeoIP2 module is now certified and provided to NGINX Plus customers. This new version provides localized and richer location detail than the original GeoIP module.
NGINX Plus R11 in Detail
Binary Compatibility for Dynamic Modules
We build and maintain some of these third‑party modules for NGINX Plus, updating them with each release and distributing them via our NGINX Plus repository. These builds are certified to work correctly with NGINX Plus and our support team provides installation and basic configuration technical support.
With the R11 release, you can now compile any compliant third‑party modules against the corresponding NGINX Open Source release and then load these modules safely into NGINX Plus.
Each release of NGINX Plus is built on top of a version of NGINX Open Source. Run
-v to determine the matching open source version number; for NGINX Plus R11, that is NGINX 1.11.5.
$ nginx -v
nginx version: nginx/1.11.5 (nginx-plus-r11)
To compile dynamic modules, you first obtain the NGINX source code that your NGINX Plus version is based on (here,
nginx-1.11.5 for NGINX Plus R11):
$ wget https://nginx.org/download/nginx-1.11.5.tar.gz
$ tar -xzvf nginx-1.11.5.tar.gz
Then you run the
configure command with the new
--with-compat argument to create a standard build environment that is compatible with NGINX Plus:
$ cd nginx-1.11.5
$ ./configure --with-compat --add-dynamic-module=/path/to/module
$ make modules
For more details on compiling your own modules for operation with NGINX Plus, see Compiling Dynamic Modules for NGINX Plus on our blog.
Modules that you compile yourself (community modules, modules provided by third‑party partners, and custom modules) are not tested or supported by NGINX. If you seek technical support for a problem, the NGINX technical support team may ask you to remove an unsupported module and reproduce the fault as part of our technical support process, so that they can verify whether or not the fault is caused by the unsupported module.
Improved TCP/UDP Load Balancing
NGINX Plus R11 supports a broader range of applications with key enhancements to TCP and UDP load balancing.
SSL Server Name Routing
You can now use NGINX Plus’ TCP/UDP load balancer to load balance SSL/TLS connections without decrypting them. This is useful in a secure or high‑traffic environment where you want to forward SSL/TLS‑encrypted connections to a remote server.
With the new SSL server name preread feature, NGINX Plus R11 can inspect each incoming SSL/TLS connection and determine the target domain (such as the Server Name Indication [SNI] value) to which to route the connection.
The SSL server name is provided in the new
$ssl_preread_server_name variable. It contains the name of the target host as extracted from the SNI field of the SSL/TLS handshake.
You can use the variable as the argument to the
proxy_pass directive or as a field in the virtual server access log. Note that to enable this feature you must include the
ssl_preread directive in the configuration, as shown in this example:
Support for Access Logging
The new Stream Log module in NGINX Plus R11 provides the same kind of access logging for TCP/UDP connections as was available in previous releases for HTTP connections. You can now log each TCP/UDP session processed by the Stream module, inspecting data rates, load‑balancing decisions, error conditions, and so on. This is a vital feature when debugging or auditing TCP or UDP transactions.
The Stream module exposes a large number of variables and all of them can be logged. You can customize the default log format, using variables in the following fashion:
Improved PROXY Protocol Support
This release makes our support for the PROXY protocol for TCP connections more comprehensive, by enabling NGINX Plus to accept TCP connections that are enhanced using the PROXY protocol.
This feature improves your ability to manage TCP connections with NGINX Plus, because you can determine the true source IP address of the connection for logging or authentication purposes.
Additional Extended Status Metrics
Along with the new
access_log command in the Stream Log module, the additional metrics make it easier to monitor the behavior of TCP and UDP services and detect when there’s an unexpected rate of errors.
GeoIP2 Module for Better Geolocation
The third‑party GeoIP2 module is now certified and available to NGINX Plus users in our repository. The GeoIP2 module uses the MaxMind GeoIP2‑format databases, which provide localized names and are richer in detail than the ones used by the original GeoIP module.
To obtain the new module, run these commands (appropriate for Debian and Ubuntu):
$ apt-get update
$ apt-get install nginx-plus-module-geoip2
In the main (top‑level) context in /etc/nginx/nginx.conf, add a
load_module directive for the newly installed module:
For further information on the GeoIP2 module, see the official GitHub page.
This post has been updated to use the refactored session (
Improved Caching Performance
NGINX Plus operates a separate cache manager process that is responsible for pruning the disk cache. Under certain circumstances, the cache manager might need to delete a large number of files, for example when a large amount of memory needs to be recovered.
With the new ‘unlink throttling’ capability, you can specify a maximum rate of deletion for cached files. A lower rate can reduce the load on the underlying disk and therefore improve system performance.
The deletion rate is controlled by the new
manager_sleep parameters to the
Upgrade or Try NGINX Plus
If you’re running NGINX Plus, we encourage you to upgrade to Release 11 when convenient. You’ll pick up a number of fixes and improvements, and it will help us to help you if you need to raise a support ticket. Installation and upgrade instructions can be found at the customer portal.
Note: As was previously announced, NGINX Plus R11 and later does not include the nginx-plus-extras package. If you are still using that package, you must instead deploy the nginx-plus package and dynamically load the additional modules you require from the NGINX Plus module repository.
If you’ve not tried NGINX Plus, we encourage you to try it out for web acceleration, load balancing, and application delivery, or as a fully supported web server with enhanced monitoring and management APIs. You can get started today with a free 30-day trial and see for yourself how NGINX Plus can help you deliver and scale out your applications.