Watch the webinar on demand at: nginx.com/resources/webinars/whats-new-in-nginx-plus-r8
Learn how you can achieve flawless application delivery faster with NGINX Plus Release 8 (R8). This latest release of our application delivery platform has great new features such as:
- The ability to offload OAuth processing to NGINX
- A better way to do service discovery with our improved on-the-fly reconfiguration API
- Production ready HTTP/2 support
- Scalable video caching with our new cache-slicing feature.
- Improved application health checking to support more complex applications
- And more...
Watch the webinar on demand at: nginx.com/resources/webinars/whats-new-in-nginx-plus-r8
5. MORE INFORMATION AT
NGINX.COM
What’s New?
NGINX Plus R8
● OAuth2 Technology Preview
○ Industry standard for user identity management
○ NGINX Plus can offload processing of it from the
application
● Fully production supported HTTP/2
○ Hardened based on real word usage
○ Confidently move to HTTP/2 in production
● Persistent on-the-fly reconfiguration API
○ A better way to do service discovery
● Scalable caching for large video files
○ Segment rather than file based caching
● Improved health checking and other new features
7. MORE INFORMATION AT
NGINX.COM
● Technology behind Facebook, Google, etc. logins
● High level workflow
• User clicks on “Login In with Facebook” button on airbnb
• User logins to Facebook (authorization server)
• User sent back to airbnb with “Access Token”
• airbnb validates “Access Token” and extracts user info
● A better user experience
• Less passwords
• More secure
What is OAuth2?
From airbnb.com
8. MORE INFORMATION AT
NGINX.COM
How OAuth2 is implemented today
● Facebook/Google provide a JavaScript SDK to developers (front end)
• Other identity providers may require implementation of OAuth as back end code
● Developers bake SDK in to application
● Usually a separate login mechanism exists for the legacy application-internal password
database
● The problem with this approach:
• Authentication tasks handled by developers and app servers
• Supporting multiple identity providers requires integration with multiple SDKs
• How does all this work with the legacy password database?
10. MORE INFORMATION AT
NGINX.COM
Why NGINX Plus for OAuth2?
● Offload the OAuth2 workflow from the application
• Less work for developers and application servers
● Consolidate OAuth2 authentication and move it to the edge
• Rather than on each application server
● NGINX Plus does all the work and passes the decoded “Access Token” to the application
• User info extracted and put into standard HTTP headers
• Application can easily consume HTTP headers
• Application can be agnostic to whether Facebook or Google was used
• Existing password database can be converted to send HTTP headers so that a single
mechanism can be used at the back end, regardless of identity provider
11. MORE INFORMATION AT
NGINX.COM
Why Technology Preview?
● OAuth2 code is not part of the NGINX Plus binary
• External Python script
• Leverages NGINX http_auth_request module
● Not recommended for production deployments
• Take the demo app and play with it
• Customers encouraged to integrate their apps in development environment
● Plan is for a future NGINX Plus release to have a fully supported implementation
● Only Facebook and Google supported in this release
17. MORE INFORMATION AT
NGINX.COM
Why NGINX Plus for HTTP/2?
• HTTP/2 Gateway - HTTP/2 translated back into a protocol existing app servers can understand
• Backwards Compatibility - HTTP/2 and HTTP/1.x supported side-by-side
18. MORE INFORMATION AT
NGINX.COM
• Fully Production Supported
• Hardened based on internal and real world testing
• bug fixes, tweaks, etc.
• Part of main nginx-plus and nginx-plus-extras package
• SPDY support removed from NGINX Plus
• For you
• The most stable and battle tested implementation available
• Move to HTTP/2 with confidence
So what’s new?
20. MORE INFORMATION AT
NGINX.COM
• HTTP-based API to add, remove, or modify servers without restarting NGINX or touching a
config file
• Why is this useful?
• Quick, temporary changes to load-balancing configuration
• No need to reload NGINX Plus – preserve state, stats, no burst in resource usage
• Simple security model - no need to access configuration and restart NGINX
On-the-fly Reconfiguration – an existing API in NGINX Plus
21. MORE INFORMATION AT
NGINX.COM
• It’s persistent- changes are no longer temporary:
• New configuration directive to define a file that holds the current servers and what state they
are in
• API updates modify state in-memory and update state file in case of a restart
What’s new in R8?
upstream backend {
zone backend 64k;
state /etc/nginx/conf.d/backend.state;
}
22. MORE INFORMATION AT
NGINX.COM
What does this have to do with service discovery?
The problem
• Existing solutions:
• Rely on configuration templates and restarting NGINX for each change
• Require root access to NGINX servers
• Not scalable if done repeatedly throughout each day, especially if using
long lived connections (e.g. websockets)
23. MORE INFORMATION AT
NGINX.COM
What does this have to do with service discovery?
• Services all register
with a central
repository
• NGINX can
automatically create
routes to new service
instances, and scale
existing services
24. MORE INFORMATION AT
NGINX.COM
What does this have to do with service discovery?
The solution
• With NGINX Plus:
• Use on-the-fly reconfiguration API instead of config templates
• Easily scalable with no restarting
• In Action: Pre-built demo
• Consul integrated with NGINX Plus on-the-fly reconfiguration
• nginx.com/consul-r8
26. MORE INFORMATION AT
NGINX.COM
• When watching video on the internet we:
• Rewind
• Fast forward
• Skip to the end
• End early
• In general, watch it non sequentially
• When we cache in NGINX, it is done sequentially:
• Can cause delays with non-sequential watching
• Whole file has to be cached before it can be served out of the cache to other users
Scalable caching for video
27. MORE INFORMATION AT
NGINX.COM
• Slice the video files into
small fragments
• Cache the small fragments
• No more delays!
Scalable caching for video
28. MORE INFORMATION AT
NGINX.COM
proxy_cache_path /tmp/mycache keys_zone=mycache:10m;
location / {
slice 1m;
proxy_cache mycache;
proxy_cache_key $uri$is_args$args$slice_range;
proxy_set_header Range $slice_range;
proxy_cache_valid 200 206 1h;
proxy_pass http://localhost:8000;
}
Scalable caching for video
• $slice_range added to cache key to differentiate between fragments
• Overwrite Range header as user range request may not match up with NGINX
https://www.nginx.com/blog/smart-efficient-byte-range-caching-nginx/
30. MORE INFORMATION AT
NGINX.COM
• Specify Health Check port - New port
parameter allows NGINX to use a different port
for health checks. Monitor many services on the
same host.
Even more features
location / {
proxy_pass http://backend;
health_check port=8080;
}
• HEAD request caching - Cached as standard GET requests by default. A HEAD request is
identical to a standard GET request, except that the response body is not returned. Useful for
testing links for validity, accessibility, and recent modification.
• New variable, $realip_remote_addr, original client IP address with the Real IP module.
• Syslog - The new nohostname parameter to the access_log and error_log directives
disables logging of the hostname field to syslog; the hostname is unnecessary when logging
to a local syslog server.
31. MORE INFORMATION AT
NGINX.COM
The following modules in the NGINX Plus Extras package have been updated:
• The Headers-More module is updated to 0.28
• The Lua module is updated to 0.9.20
• The Phusion Passenger Open Source module is updated to 5.0.22
• The Redis module is updated to 0.21
The following packages will no longer be built:
• nginx-plus-http2 - HTTP/2 support is now rolled into the nginx-plus and nginx-plus-extras
packages. SPDY is no longer supported with NGINX Plus
• nginx-plus-lua - For Lua support, please use the nginx-plus-extras package
Housekeeping
33. MORE INFORMATION AT
NGINX.COM
Summary
• OAuth2 Technology Preview can offload OAuth2 complexities from the application
• Fully production supported HTTP/2 from the #1 web server for HTTP/2
• Persistent on-the-fly reconfiguration for better service discovery
• Scalable caching for large video files
• … and many more features to help you achieve flawless application delivery faster
34. MORE INFORMATION AT
NGINX.COM
Next steps
Upgrade to NGINX Plus R8
• apt-get install / yum install nginx-plus
Enable HTTP/2
• listen 443 ssl http2;
Configure your dashboard and persistent state
Try out the NGINX OAuth2 technology preview
• nginx.com/oauth-r8
35. MORE INFORMATION AT
NGINX.COM
• NGINX Plus R8 overview with code samples
• nginx.com/r8
• An overview of the OAuth Technology preview along with a demo app
• nginx.com/oauth-r8
• Smart and efficient byte range caching with NGINX Plus
• nginx.com/caching-r8
• Scalable service discovery with NGINX Plus R8 and Consul
• nginx.com/consul-r8
Learn more
Notas do Editor
GP – you need to di endpoint management and traffic management for your microservices instances. Here’s why
What drives us today is what has driven us from the beginning of the project: to make flawless application delivery easy for everyone – from the smallest, lightest apps up to the world’s largest platforms and experiences
What drives us today is what has driven us from the beginning of the project: to make flawless application delivery easy for everyone – from the smallest, lightest apps up to the world’s largest platforms and experiences
Our vision for the product is to provide flawless application delivery for the modern web.