Technical Specs

Platforms supported by NGINX Open Source Subscription and dynamically loaded modules, supported SSL/TLS versions, supported deployment environments, and list of modules built into NGINX Open Source Subscription.

NGINX Open Source Subscription is packaged software, built from the official sources. Please inquire for additional platforms and modules.

Supported Distributions

Alpine Linux

  • 3.13 (x86_64, aarch64)
  • 3.14 (x86_64, aarch64)
  • 3.15 (x86_64, aarch64)
  • 3.16 (x86_64, aarch64)

CentOS/RHEL

  • 7.4+ (x86_64, aarch64)
  • 8.1+ (x86_64, aarch64, s390x)
  • 9.0+ (x86_64, aarch64, s390x)

Debian

  • 10 (x86_64, aarch64)
  • 11 (x86_64, aarch64)

SUSE Linux Enterprise Server (SLES)

  • 12 SP5+ (x86_64)
  • 15 SP2+ (x86_64)

Ubuntu

  • 18.04 LTS (x86_64, aarch64)
  • 20.04 LTS (x86_64, aarch64, s390x)
  • 22.04 LTS (x86_64, aarch64, s390x)

Dynamic Modules

Modules available as software packages in the NGINX Open Source Subscription software repository:

Except as specified below, dynamic modules are supported on the same distributions as NGINX Open Source Subscription.

GeoIP

  • CentOS/RHEL/Oracle Linux 8.0+: Not supported

Supported SSL/TLS Versions

NGINX Open Source Subscription supports TLSv1, TLSv1.1, TLSv1.2, and TLSv1.3. Configure the choice of enabled protocols with the ssl_protocols directive.

  • TLSv1.2 and earlier is supported on all the operating systems listed in Supported Distributions.
  • TLSv1.3 requires OpenSSL 1.1.1 which is not available for every operating system supported by NGINX Open Source Subscription. To determine if an operating system supports TLSv1.3, consult the vendor documentation.

Supported Deployment Environments

  • Bare metal
  • Virtual machine
  • Container
  • Public cloud: AWS, Google Cloud Platform, Microsoft Azure

Modules in the NGINX Open Source Subscription Package

Core

  • Core – Control basic functioning (mutexes, events, thread pools, workers, and so on)

HTTP Core

  • HTTP Core – Process HTTP traffic
  • Addition – Prepend and append data to a response
  • Auto Index – Generate directory listings
  • Charset – Add character set in Content-Type field of HTTP response header, and define or convert * between character sets
  • Empty GIF – Generate empty image response
  • Gunzip – Decompress responses for clients that don’t support compression
  • Gzip - Use GZIP to compress HTTP responses
  • Gzip Static – Serve pre-compressed files from disk
  • Headers – Add fields to HTTP response headers, including Cache-Control and Expires
  • Index – Specify index files used in directory requests
  • Random Index – Select random index file for directory request
  • Real IP – Determine true origin IP address for proxied traffic
  • SSI – Process Server Side Includes (SSI) commands
  • User ID – Set cookies that uniquely identify clients
  • WebDAV – Implement WebDAV file management

HTTP Access Control and Authentication

  • Access – Control access based on client IP address (support access control lists [ACLs])
  • Auth Basic – Implement HTTP Basic Authentication scheme
  • Auth Request – Determine client authorization using subrequests to external authentication server
  • Referer – Control access based on Referer field in HTTP request header
  • Secure Link – Process encrypted, time-limited links to content

HTTP Advanced Configuration

  • Browser – Create variables based on User-Agent field in HTTP request header
  • Cache Slice – Create byte-range segments of large files, for more efficient caching
  • Geo – Create variables based on client IP address
  • Map – Create variables based on other variables in requests
  • Rewrite – Test and change URI of request
  • Split Clients – Partition clients for A/B testing
  • Sub – Replace text string in response (rewrite content)

HTTP Logging

  • Log – Log HTTP transactions locally or to syslog
  • Session Log – Log HTTP transactions aggregated per session

HTTP Media Delivery

  • FLV – Stream FLV (Flash Video; filename extension .flv)
  • MP4 – Stream MP4 (filename extensions .m4a, .m4v, .mp4)
  • Streaming of RTMP and DASH is provided by the third-party RTMP module

HTTP Proxying

  • FastCGI – Proxy and cache requests to FastCGI server
  • gRPC – Proxy requests to gRPC server
  • Memcached – Proxy requests to memcached server
  • Mirror – Send copy of requests to one or more additional servers
  • Proxy – Proxy and cache requests to HTTP server
  • SCGI – Proxy and cache requests to SCGI server
  • Upstream – Proxy and cache requests to load-balanced pool of servers
  • uwsgi – Proxy and cache requests to uwsgi server

HTTP Transaction Shaping

  • Limit Connections – Limit concurrent connections from a client IP address or other keyed value
  • Limit Requests – Limit rate of request processing for a client IP address or other keyed value
  • Limit Responses – Limit rate of responses per client connection

HTTP/2 and SSL/TLS

  • HTTP/2 – Process HTTP/2 traffic
  • SSL/TLS – Process HTTPS traffic

Mail

  • Mail Core – Proxy mail traffic
  • Auth HTTP – Offload authentication processing from HTTP server
  • IMAP – Implement capabilities and authentication methods for IMAP
  • POP3 – Implement authentication methods for POP3 traffic
  • Proxy – Support proxy-related parameters for mail protocols
  • SMTP – Define accepted SASL authentication methods for SMTP clients
  • SSL/TLS – Implement SSL, STARTTLS, and TLS for mail protocols

TCP and UDP Load Balancing

  • Stream – Process TCP and UDP traffic
  • Access – Support IP-based access control lists (ACLs)
  • Geo – Create variables based on client IP address
  • Limit Conn – Limit concurrent connections by key
  • Log – Log TCP and UDP transactions
  • Map – Create variables based on other variables in requests
  • Proxy – Proxy requests to TCP and UDP servers
  • Real IP – Determine true origin IP address for proxied traffic
  • Return – Return specified value to client and close connection
  • Split Clients – Partition clients for A/B testing
  • SSL/TLS – Process TCP traffic secured with SSL/TLS
  • SSL/TLS Preread – Forward TCP traffic secured with SSL/TLS without decrypting it
  • Upstream – Proxy and cache requests to load-balanced pool of servers