NGINX Plus Technical Specifications
NGINX Plus is available in binary form only; it is not available in source form. Please inquire for additional platforms and modules.
Supported Distributions
Ubuntu
- 14.04 LTS (i386, x86_64, aarch64)
- 16.04 LTS (i386, x86_64, ppc64le, aarch64)
- 17.10 (i386, x86_64)
Note: CentOS, Oracle Linux, and Red Hat Enterprise Linux 6.5 users: see this advisory when upgrading to version 6.6.
Dynamic Modules
Except as specified below, dynamic modules are supported on the same distributions as NGINX Plus.
Supported Deployment Environments
- Bare metal
- Container
- Public cloud: AWS, Google Cloud Platform, Microsoft Azure
- Virtual machine
Recommended Hardware
The table below outlines the performance levels you can achieve with NGINX Plus running bare metal on specific server sizes. Each row details the specifications of the hardware you need to achieve each level of performance, along with the typical cost for that hardware.
Hardware cost 1 | Hardware Specs | Expected Performance |
---|---|---|
$1,200 |
|
|
$1,400 |
|
|
$2,200 |
|
|
$3,000 |
|
|
$8,000 |
|
|
$11,000 |
|
|
1 Prices are based on Dell PowerEdge servers
2 Testing done with Intel Xeon E5-2699 v3 CPUs @ 2.3 GHz
3 1‑KB response size with keepalive connection
4 RSA 2048 bit, ECDHE-RSA-AES256-GCM-SHA384
5 ECC 256 bit, ECDHE-ECDSA-AES256-GCM-SHA384
6 1‑MB response size
Notes:
- NGINX, Inc. does not sell hardware; the costs presented here are typical costs you would expect to pay when purchasing from a reseller.
- The performance numbers in this section are based on running NGINX bare metal on industry standard x86 servers.
- A PDF version of this sizing guide is available.
- For details of the testing done, see our blog.
Modules in the NGINX Plus Package
Core
- Core – Control basic functioning (mutexes, events, thread pools, workers, and so on)
HTTP Core
- HTTP Core – Process HTTP traffic
- Addition – Prepend and append data to a response
- Auto Index – Generate directory listings
- Charset – Add character set in
Content-Type
field of HTTP response header, and define or convert between character sets - Empty GIF – Generate empty image response
- Gzip – Use GZIP to compress HTTP responses
- Gzip Static – Serve pre-compressed files from disk
- Gunzip – Decompress responses for clients that don’t support compression
- Headers – Add fields to HTTP response headers, including
Cache-Control
andExpires
- Index – Specify index files used in directory requests
- Random Index – Select random index file for directory request
- Real IP – Determine true origin IP address for proxied traffic
- SSI – Process Server Side Includes (SSI) commands
- User ID – Set cookies that uniquely identify clients
- WebDAV – Implement WebDAV file management
HTTP Access Control and Authentication
- Access – Control access based on client IP address (support access control lists [ACLs])
- Auth Basic – Implement HTTP Basic Authentication scheme
- Auth JWT – Validate JSON Web Tokens
- Auth Request – Determine client authorization using subrequests to external authentication server
- Referer – Control access based on
Referer
field in HTTP request header - Secure Link – Process encrypted, time-limited links to content
HTTP Advanced Configuration
- Browser – Create variables based on
User-Agent
field in HTTP request header - Cache Slice – Create byte-range segments of large files, for more efficient caching
- Geo – Create variables based on client IP address
- Map – Create variables based on other variables in requests
- Rewrite – Test and change URI of request
- Split Clients – Partition clients for A/B testing
- Sub – Replace text string in response (rewrite content)
HTTP Logging and Monitoring
- Log – Log HTTP transactions locally or to
syslog
- Session Log – Log HTTP transactions aggregated per session
- Status – Implement live activity monitoring
HTTP Media Delivery
- F4F – Stream HDS (Adobe HTTP Dynamic Streaming; filename extensions .f4f, .f4m, .f4x)
- FLV – Stream FLV (Flash Video; filename extension .flv)
- HLS – Stream HLS (Apple HTTP Live Streaming; filename extensions .m3u8, .ts) dynamically generated from MP4 or MOV (filename extensions .m4a, .m4v, .mov, .mp4, and .qt)
- MP4 – Stream MP4 (filename extensions .m4a, .m4v, .mp4)
- Streaming of RTMP and DASH is provided by the third-party RTMP module
HTTP Proxying and APIs
- FastCGI – Proxy and cache requests to FastCGI application
- Memcached – Proxy requests to memcached application
- Proxy – Proxy and cache requests to HTTP server
- SCGI – Proxy and cache requests to SCGI server
- Upstream-Conf – Reconfigure upstream groups without restarting NGINX Plus
- Upstream – Proxy and cache requests to load-balanced pools of application servers
- uwsgi – Proxy and cache requests to uwsgi server
HTTP Transaction Shaping
- Limit Connections – Limit concurrent connections from a client IP address or other keyed value
- Limit Requests – Limit rate of request processing for a client IP address or other keyed value
- Limit Responses – Limit rate of responses per client connection
- Mail Core – Proxy mail traffic
- Auth HTTP – Offload authentication processing from HTTP server
- IMAP – Implement capabilities and authentication methods for IMAP
- POP3 – Implement authentication methods for POP3 traffic
- Proxy – Support proxy-related parameters for mail protocols
- SMTP – Define accepted SASL authentication methods for SMTP clients
- SSL/TLS – Implement SSL, STARTTLS, and TLS for mail protocols
TCP and UDP Load Balancing
- Stream – Process TCP and UDP traffic
- Access – Support IP-based access control lists (ACLs)
- Geo – Create variables based on client IP address
- Limit Conn – Limit concurrent connections by key
- Log – Log TCP and UDP transactions
- Map – Create variables based on other variables in requests
- Proxy – Proxy requests to TCP and UDP servers
- Real IP – Determine true origin IP address for proxied traffic
- Return – Return specified value to client and close connection
- Split Clients – Partition clients for A/B testing
- SSL/TLS – Process TCP traffic secured with SSL/TLS
- SSL/TLS Preread – Forward TCP traffic secured with SSL/TLS without decrypting it
- Upstream – Proxy and cache requests to load-balanced pools of servers