
Nginx v1.10.0 Stable Version Released - conductor
http://nginx.org/en/download.html
======
emgee3
I have a love-hate relationship with nginx. I love that it's fast and rock
solid. But recently I keep on getting tripped up when the directive I'm trying
to configure is only available in the paid plan, the pricing of which puts it
out of (my) reach.

Also, there really should be separate docs for the open source vs paid plan.

That said, I do plan on kicking the tires on the HTTP/2 support.

~~~
pritambaral
> the directive I'm trying to configure is only available in the paid plan

Sadly, this is how the developers of nginx can earn and continue to make good
software. Some of the new features in this release has been directly supported
by the commercial edition, and some has been open sourced after being made for
the commercial edition because clients demanded them.

Also, the nginx team is open to a feature being sponsored by a third-party,
non-client in order to add it to the open source edition. Some of the
significant features in nginx have been built this way (http/2, spdy,
websocket support etc.)

If nothing, even patching or writing modules for nginx is not that hard
(assuming you know how to develop, and in C). It is one of the more well-
designed codebases. (Some others are: Redis, Postgres, Git).

> there really should be separate docs for the open source vs paid plan

I thought nginx.org contained only open-source info, save for an occasional ad
about the paid offering. Is there any documentation on nginx.org that doesn't
apply to the open source edition?

~~~
Maxious
[http://nginx.org/en/docs/http/ngx_http_upstream_module.html](http://nginx.org/en/docs/http/ngx_http_upstream_module.html)

"Dynamically configurable group, available as part of our commercial
subscription:"

"Additionally, the following parameters are available as part of our
commercial subscription:"

"This directive is available as part of our commercial subscription."

------
dchest
_Note that accepting HTTP /2 connections over TLS requires the “Application-
Layer Protocol Negotiation” (ALPN) TLS extension support, which is available
only since OpenSSL version 1.0.2. Using the “Next Protocol Negotiation” (NPN)
TLS extension for this purpose (available since OpenSSL version 1.0.1) is not
guaranteed._

[http://nginx.org/en/docs/http/ngx_http_v2_module.html](http://nginx.org/en/docs/http/ngx_http_v2_module.html)

Hmm, so Ubuntu 14.04 LTS won't support it (ships OpenSSL 1.0.1f), need to
upgrade to 16.04.

~~~
pritambaral
Nor Debian Stable's version of OpenSSL. At work, we use Debian stable with
openssl picked specifically from unstable. apt-pinning FTW!

~~~
takeda
> apt-pinning FTW!

You should take look at OpenSuSE's zypper.

\- 3 sat solver for dependencies (not just greedy algorithm; If there are
conflicts it can propose you possible solutions that include uninstalling
upgrading/downgrading packages)

\- packages stick by default to the repositories they were installed from

\- patches (i.e. sets of updated packages to address specific issue) it tells
you what was fixed. You can for example only install patches that fix specific
security issue, by using --cve opetion.

\- zypper ps tells you which processes need to be restarted after upgrade to
make changes effective

\- OBS (Open Build System), basically it's like a github for packages. You
upload spec files and it generates packages for you. You can fork someone's
definitions and make customizations etc. The repo is searchable from
[http://software.opensuse.org](http://software.opensuse.org). This actually
supports other distributions and packaging systems, but unfortunately most
packages there are for SuSE.

~~~
pritambaral
Wow, that reads like features a modern package manager should have!

Now I am torn three-ways on the question of the next distro/package manager I
should try out: nix is a strong attraction because it also does a lot of cool
stuff (especially the multiple versions thing, which I think is a better
solution than 3-sat solving), and Ubuntu's snap{d,craft,-whatever} because it
is a better real-world solution for third-party packaging needs.

------
DanielDent
Nginx is annoyingly complicated in a microservices environment.

IP addresses of upstream servers change, and sometimes DNS doesn't resolve
until another service is brought up. Nginx does not work well in such an
environment unless you (1) have ugly configuration hacks, (2) add
OpenResty/LUA to your configuration, (3) add a watchdog process, or (4) buy
their nginx Plus version and keep track of how many instances of nginx you
have.

I want simple. If you need a webserver that can use DNS, Nginx is a lot of
extra work.

~~~
HorizonXP
I use it just fine in my Kubernetes deployment. Nginx resolves via DNS to the
microservices I run, without having to do complicated configuration hacks.

Would something like that work for you?

~~~
DanielDent
Depending on how you are using it, Kubernetes may be hiding the problem for
you via Kubernetes-managed load balancers.

If the IP address of the microservice nginx depends on changes, in a standard
nginx config, nginx will not be updated. A Kubernetes health check could also
hide this issue.

------
pritambaral
My favourite bits in this release:

1\. Fix of the repeated-tries of non-idempotent requests bug.

2\. Dynamic modules.

3\. HTTP/2!!

4\. reuseport in listen.

5\. SSLv3 disabled by default.

6\. UDP Load Balancing.

~~~
takeda
> UDP Load Blancing

Isn't that just a feature creep?

Doesn't look like anything that would be useful in a web server and load
balancing of UDP is different than TCP. Layer 3 load balancing (e.g. LVS)
would probably be more suitable.

~~~
pritambaral
Nginx is not a web server. Nginx is a reverse-proxy.

Nginx's sees a massive share of its usage as a web server, sure, but – from
the very beginning – it was always intended to be a good reverse-proxy.

Apart from http, nginx also supports mail (imap, pop3, smtp), stream sockets
(tcp and unix), and few third-party ones too (like rtmp). And now, UDP as
well.

One of most needed features expected of a good reverse-proxy is load-
balancing. Nginx is already quite good at it, but lacked UDP load balancing
(like HAproxy – another reverse-proxy – does). That is no longer the case, and
I'm sure the people that have asked HAproxy to support UDP will be pleased
that nginx does it now.

~~~
jimjag
As a reverse proxy though, it is hardly the best, either in performance or
compliance. As far as in creating an (unjustified) reputation for itself, it
is superior.

www.slideshare.net/bryan_call/choosing-a-proxy-server-apachecon-2014

www.slideshare.net/AllThingsOpen/battle-of-the-stacks

~~~
Jeronimo2
Just for the information: Jim Jagielski, the director of Apache Foundation,
who won't miss any opportunity to say how he hates nginx, and how bad nginx
is. Well done!

~~~
jimjag
It's called "Battling FUD" :-)

------
Thaxll
UDP loadbalancing is huge, since HAProxy can't do it you had to do it with
LVS.

~~~
takeda
Feels like feature creep. What would you use UDP load balancing for? Layer 3
load balancing is probably the best approach for load balancing UDP traffic.

Edit: If you have to downvote, go ahead, but at least state why you don't
agree, so I can know why I'm wrong and can revise my opinion.

~~~
mholt
I'll upvote you b/c I have the same question.

