2.11.0 release notes

June 12, 2023

NGINX Instance Manager 2.11.0 release notes

Upgrade Paths

NGINX Instance Manager 2.11.0 supports upgrades from these previous versions:

  • 2.8.0 - 2.10.1

If your NGINX Instance Manager version is older, you may need to upgrade to an intermediate version before upgrading to the target version.

What’s new

This release includes the following updates:

  • The config editor now lets you see auxiliary files

    Auxiliary files, such as certificate files and other non-config files on managed instances or instance groups, are now visible in the file tree of the config editor view. This improvement makes it easier to reference these files within a configuration.

  • Introducing new predefined log profiles for F5 WAF for NGINX

    Now, managing your F5 WAF for NGINX configuration is even easier with new predefined log profiles. In addition to the existing log_all, log_blocked, log_illegal, and log_secops log profiles, the following new predefined log profiles are now available:

    • log_f5_arcsight
    • log_f5_splunk
    • log_grpc_all
    • log_grpc_blocked
    • log_grpc_illegal

    These new log profiles make it even easier to integrate F5 WAF for NGINX with other logging systems, such as Splunk, ArcSight, and gRPC.

  • You can now install Advanced Metrics automatically when you install NGINX Agent

    When installing the NGINX Agent with NGINX Management Suite, you can include the -a or --advanced-metrics flag. Including this option installs the Advanced Metrics module along with the NGINX Agent. With this module, you gain access to extra metrics and insights that enrich the monitoring and analysis capabilities of the NGINX Management Suite, empowering you to make more informed decisions.

  • NGINX Management Suite can send telemetry data to F5 NGINX

    In order to enhance product development and support the success of our users with NGINX Management Suite, we offer the option to send limited telemetry data to F5 NGINX. This data provides valuable insights into software usage and adoption. By default, telemetry is enabled, but you have the flexibility to disable it through the web interface or API. For detailed information about the transmitted data, please refer to our documentation.

Changes in default behavior

This release has the following changes in default behavior:

  • The location of agent-dynamic.conf has changed

    In this release, the agent-dynamic.conf file has been moved from /etc/nginx-agent/ to /var/lib/nginx-agent/. To assign an instance group and tags to an instance, you will now need to edit the file located in /var/lib/nginx-agent/.

  • ⚠ Action required: Update OIDC configurations for management plane after upgrading to Instance Manager 2.11.0

    In Instance Manager 2.11.0, we added support for telemetry to the OIDC configuration files. Existing OIDC configurations will continue to work, but certain telemetry events, such as login, may not be captured.

  • Configuration file permissions have been lowered to strengthen security

    To strengthen the security of configuration details, certain file permissions have been modified. Specifically, the following configuration files now have lowered permissions, granting Owner Read/Write access and Group Read access (also referred to as 0640 or rw-r-----):

    • /etc/nms/nginx.conf
    • /etc/nginx/conf.d/nms-http.conf
    • /etc/nms/nginx/oidc/openid_configuration.conf
    • /etc/nms/nginx/oidc/openid_connect.conf

    Additionally, the following file permissions have been lowered to Owner Read/Write and Group Read/Write access (also known as 0660 or rw-rw-----):

    • /logrotate.d/nms.conf
    • /var/log/nms/nms.log

    These changes aim to improve the overall security of the system by restricting access to sensitive configuration files while maintaining necessary privileges for authorized users.

Resolved issues

This release fixes the following issues. Use your browser’s search function to find the issue ID in the page.

  • Count of NGINX Plus graph has a delay in being populated (37705)
  • When upgrading to Instance Manager 2.10, the publish status on App Security pages shows "Invalid Date" (42108)
  • Duplicate Certificate and Key published for managed certificates (42182)
  • The Metrics module is interrupted during installation on Red Hat 9 (42219)
  • Certificate file is not updated automatically under certain conditions (42425)
  • Certificate updates allow for multiples certs to share the same serial number (42429)

Known issues

You can find information about known issues in the Known Issues topic.

View source
Edit this page
Create a new issue