Nginx's Web server update beefs up security and load balancing

Latest commercial version of fast-rising Nginx Web server adds professional features only available to paying customers

Nginx Plus, the commercial edition of the open source Web server that's elbowed out Apache HTTPD on many top-traffic sites, unveiled its fourth major version today.

Officially named Nginx Plus r4, this new version is based on the 1.7.3 build of the open source edition of Nginx and continues in the tradition of adding enterprise- and professional-centric features to Nginx via a for-pay subscription edition of the product.

The new features for Nginx Plus r4 fall into three basic buckets:

Security: Three new features in Nginx were added to protect the security of connections both between clients and other upstream servers. Certificate verification, by way of strict SSL, ensures that a given server is what it purports to be and helps offset man-in-the-middle attacks. Server name indication support allows Nginx to connect securely to multiple sites hosted on the same IP that share the same certificates, which Nginx bills as "help[ing] scale out complex upstream services securely."

A third security feature, an external passphrase store, allows passphrases for SSL private keys to be kept in a file apart from the Nginx configuration itself. As explained by Owen Garrett, head of products for Nnginx, it "allows you to encrypt the private keys in the configuration, but only Nginx machines that have a copy of the passphrase store are able to decrypt them."

Monitoring: A new feature called Conditional Logging allows an Nginx instance to only log events of a certain type as a way to narrow the amount of reporting and filtering that needs to be done on them in the first place.This wouldn't completely obviate the need for a third-party log-analysis solution like Splunk or Graylog2, but it ought to help make quick-and-dirty troubleshooting easier.

An existing feature, the Extended Status module, allows Nginx to provide details about its status in JSON format. In Nginx Plus r4, Extended Status gains a RESTful API that allows an admin to retrieve specific pieces of status data -- such as solely the number of connections -- so that status reports don't have to be retrieved whole and then parsed to be useful.

Load balancing and caching: These features are the biggest selling points for Nginx's commercial edition over its open source version. This rev introduces hash-based load balancing, which allows loads to be balanced across an Nginx cluster based on a specific key value. It's a way to distribute loads based on factors like the port number of the incoming traffic or a specific attribute in the URL.

Another new mechanism for session affinity, "learn," allows the server to figure out how to maintain affinity for a given session for a specific server in a cluster. That way, requests from a client that have the same attributes as that session -- typically a cookie setting -- get passed back to the same server to automatically maintain sessions.

If the release schedule of previous Nginx Plus editions is any hint, newer versions of the commercial product are due to come along quite consistently, as r4 comes only a few months after the commercial r3 release (April 2014), and r2 only out a few months before that.

The first of these commercial editions of Nginx came out in August 2013, sparking both great curiosity and some controversy, mainly out of worry that Nginx's open source version would be of less use. That said, Nginx offers 30-day trials for the commercial version of the product, and recently released an AWS-hosted version of Nginx Plus that can be run for as little as 6 cents an hour.

This story, "Nginx's Web server update beefs up security and load balancing," was originally published at InfoWorld.com. Get the first word on what the important tech news really means with the InfoWorld Tech Watch blog. For the latest developments in business technology news, follow InfoWorld.com on Twitter.

Recommended
Join the discussion
Be the first to comment on this article. Our Commenting Policies