What's new in NGINX Plus R18
|Richard Harris in Enterprise Tuesday, April 16, 2019|
NGINX has announced the general availability of NGINX Plus R18 – the only all-in-one load balancer, content cache, web server, proxy, API gateway, and Kubernetes Ingress Controller.
NGINX, Inc. has announced the general availability of NGINX Plus R18. NGINX Plus is an all-in-one load balancer, content cache, web server, proxy, API gateway, and Kubernetes Ingress Controller. This versatility enables you to simplify your architecture for delivering both traditional applications and new ones based on microservices.
NGINX’s flexibility, portability and seamless integration with CI/CD automation tools help accelerate enterprise adoption of DevOps. NGINX Plus R18 advances this objective by simplifying configuration workflows and enhancing the security and reliability of your applications.
New capabilities introduced in R18 include:
Simplifying configuration workflows:
- Dynamic certificate loading: NGINX Plus introduces lazy loading of TLS certificates. With lazy loading, TLS certificates are only loaded into memory when a request is made for a matching hostname. This simplifies the NGINX Plus configuration and reduces its size as multiple certificates can be handled within a single server block. Furthermore, you can save time and effort by automating the upload of certificates and private keys into the key-value store using the NGINX Plus API. This is especially ideal for deployments with large numbers of certificates or when there is a high frequency of configuration reloads.
- Support for port ranges for server configurations: With this release, users can specify port ranges rather than just specific ports. Port ranges can be specified for both HTTP and TCP/UDP applications (Stream module). This also allows NGINX Plus to act as a proxy for an FTP server in passive mode.
- Simplified cluster management: NGINX Plus R15 introduced synchronization of runtime state across a cluster of NGINX Plus instances. This release enhances clustering by enabling a single configuration to be used for each member of the cluster. This is particularly suitable for dynamic environments such as auto-scaling groups or containerized clusters.
- Minimizing exposure of certificates: When managing TLS/SSL certificates for secure sites and applications, users configure NGINX Plus to specify the certificate and associated private key as files on disk. With this release, NGINX Plus loads certificates directly from the key-value store where they reside in memory. Keeping secrets off the filesystem makes it difficult for an attacker to obtain the private key for a server certificate.
- Support for opaque session tokens: NGINX Plus supports OpenID Connect authentication and single sign-on for backend applications. With this release, NGINX Plus supports opaque session tokens issued by OpenID Connect. Opaque tokens contain no personally identifiable information about the user so that no sensitive information is stored at the client.
- Enabling clients to reconnect upon failed health checks: NGINX Plus active health checks continually probe the health of upstream servers to ensure traffic does not get forwarded to servers that are offline. With this release, existing client connections can be terminated when an active health check fails. This enables client applications to reconnect, at which point they are proxied to a healthy backend server, thereby improving the reliability of your applications.