End of Sale Notice:

F5 NGINX is announcing the End of Sale (EoS) for NGINX Controller API Management Module, effective January 1, 2024.

F5 maintains generous lifecycle policies that allow customers to continue support and receive product updates. Existing NGINX Controller API- Management customers can continue to use the product past the EoS date. License renewals are not available after September 30, 2024.

See our End of Sale announcement for more details.
End of Sale Notice:

F5 NGINX is announcing the End of Sale (EoS) for NGINX Controller Application Delivery Module, effective January 1, 2024.

F5 maintains generous lifecycle policies that allow customers to continue support and receive product updates. Existing NGINX Controller Application Delivery customers can continue to use the product past the EoS date. License renewals are not available after September 30, 2024.

See our End of Sale announcement for more details.

View Performance Reports for Your Instances

View graphs and system reports for your Instances.

Overview

Use the Analyzer page in the NGINX Controller Infrastructure section to see reports for your NGINX Plus instances.

View Reports for NGINX Plus Instances

The NGINX Controller Agent parses NGINX configuration files and transmits them to the backend component for further analysis. This is where NGINX Controller offers configuration recommendations to help improve the performance, reliability, and security of your applications. With well-thought-out and detailed recommendations, you’ll know exactly where the problem is, why it is a problem, and how to fix it.

To access the Analyzer page, take the following steps:

  1. Open the NGINX Controller user interface and log in.
  2. Select the NGINX Controller menu icon, then select Infrastructure.
  3. On the Infrastructure menu, select Instances > Analyzer.

When viewing the Analyzer Overview page, select a system from the Systems pane to see the associated report.

Note:
The Analyzer can only show reports for NGINX instances found by the NGINX Controller Agent. If an instance is missing, check that it is configured correctly for discovery by the Agent.

The following information is provided when a report is run against an NGINX config structure:

  • Build
    • Path to NGINX config files(s)
    • Whether the parser failed or not, and the results of nginx -t
      Note:
      Periodic NGINX configuration syntax checking with nginx -t is disabled by default. To enable this setting, select the Enable periodic “nginx -t” box on the Default Agent Settings page.
    • Last-modified info
    • 3rd party modules found
    • Breakdown of the key configuration elements (servers, locations, upstreams)
    • Breakdown of IPv4/IPv6 usage
  • Security
    • Any security advisories that apply to this version of NGINX
  • Virtual servers
    • Breakdown of the virtual host configuration (think apachectl -S)
  • SSL
    • OpenSSL version information
    • Breakdown of the number of SSL or HTTP/2 servers configured
    • Information about the configured SSL certificates
    • Warnings about common SSL configuration errors
  • Static analysis
    • Various suggestions about configuration structure
    • Typical configuration gotchas highlighted
    • Common advice about proxy configurations
    • Suggestions about simplifying rewrites for certain use cases
    • Key security measures (for example, -stub_status- is unprotected)
    • Typical errors in configuring locations, especially with -regex-

To parse SSL certificate metadata, the NGINX Controller Agent uses standard openssl(1) functions. SSL certificates are parsed and analyzed by default. To change this setting, clear the Analyze SSL certificates box on the Agent Settings page.

Static analysis will only include information about specific issues with the NGINX configuration if those are found in your NGINX setup.

Troubleshooting

If the Infrastructure > Analyzer tab doesn’t display information, it may be because the current user doesn’t belong to one of the built-in roles and the /reports/ endpoint hasn’t been enabled for a custom role.

To enable the /reports/ endpoint for a custom role, send a POST request to the Roles API endpoint similar to the following:

{
  "desiredState": {
    "permissions": [
      {
        "access": "READ",
        "path": "/reports/"
      }
    ]
  },
  "metadata": {
    "kind": "role",
    "name": "analyzer-reports"
  }
}