Nginx announced Release 8 of the commercial version of their multi-protocol open source proxy server. The release includes HTTP/2 support, an API that persists configuration changes made at runtime and a preview implementation for integrating applications with OAuth providers like Google and Facebook.
The HTTP/2 protocol was finalized and published as an RFC in May 2015. Since then, various webservers like Apache and Jetty have added support for it. According to the article announcing the release, Nginx had added support for HTTP/2 in their previous release and the current release has a hardened implementation. InfoQ reached out to Nginx for more details about any publicly available performance benchmark results but did not receive an answer until the date of publication.
Nginx stores its configuration in configuration files, including configuration for upstream server groups. An upstream server group consists of one or more servers that are used as backend nodes when Nginx is running as a load balancer. In environments where the number of backend nodes needs to scale up and down dynamically in response to the traffic, this API enables the addition and removal of nodes from the load balancer on the fly. In addition to this kind of autoscaling, the article also notes that it’s useful in microservices architectures.
Addition or removal of backend nodes can also be done via a HTTP API. Until this release, changes made via the API were lost if Nginx were reloaded or restarted. Such changes are now persisted in the configuration files.
The OAuth open authorization standard is often used as a way for users to login to applications using their existing Google, Facebook, Twitter and similar ids. Application developers integrate OAuth as an easy way to add authorization to their apps. The OAuth flow using a third party service like Google involves taking the user to the site (Google in this case) and obtaining an access token after successful authentication to so that the application can use the user’s information from Google.
In this release Nginx has provided a preview of their implementation which attempts to offload the OAuth processing from the application to the load balancer. It can be done by including an additional Auth Request module at build time. This module adds a directive called auth_request in the configuration file. This module forwards authentication requests to a service called oauth-daemon which converts OAuth access tokens to HTTP headers. These headers are then sent to the application.
Other features in this release include scalable caching for large video files and the ability to specify multiple ports for health checks.