2023
Learn about the updates, new features, and resolved bugs in F5 NGINXaaS for Azure during the year 2023.
To see the latest changes, visit the Changelog page.
To see a list of currently active issues, visit the Known issues page.
NGINXaaS now supports the following metrics derived from NGINX Plus statistics introduced in
API version 8:
- SSL statistics for each HTTP upstream and stream upstream
- SSL statistics for each HTTP server zone and stream server zone
- Extended statistics for SSL endpoint
API version 9:
- Per-worker connection statistics including accepted, dropped, active and idle connections, total and current requests
For a complete catalog of metrics, see the Metrics Catalog.
NGINXaaS now supports the NGINX config dry-run. See the Config Validation documentation for instructions on how to use it.
NGINXaaS now supports the Image-Filter dynamic module. For a complete list of allowed directives, see the Configuration Directives List.
NGINXaaS for Azure is now available in Japan East.
See the Supported Regions documentation for the full list of regions where NGINXaaS for Azure is available.
NGINXaaS can now serve client requests through HTTP/3 connections. NGINX only supports HTTP/3 on the client side and does not support HTTP/3 to upstreams. NGINXaaS utilizes the OpenSSL library; however, the OpenSSL compatibility layer it uses does not support early data.
http {
server {
# for better compatibility it's recommended
# to use the same port for http/3 and https
listen 443 quic reuseport;
listen 443 ssl;
ssl_certificate /etc/nginx/foo.pem;
ssl_certificate_key /etc/nginx/foo.key;
# ...
}
}To get started using HTTP/3 and NGINXaaS:
-
Update the network security group associated with the NGINXaaS deployment’s subnet to allow inbound traffic for HTTP/3 UDP ports in the NGINX configuration. See the NGINXaaS limitations, for limits on how many unique ports may be specified in a configuration and a list of restricted ports.
-
Additionally, add a Managed Identity to your deployment and create SSL/TLS Certificates. For more information on using NGINX with HTTP/3, see the HTTP/3 module.
NGINXaaS for Azure is now available in North Europe.
See the Supported Regions documentation for the full list of regions where NGINXaaS for Azure is available.
NGINXaaS now supports the OpenTelemetry and XSLT modules.
You can now create or scale deployments to a capacity of 10 NCUs, ideal for small workloads.
The maximum capacity of NGINXaaS for Azure has been increased from 160 NCUs to 500 NCUs under the Standard plan. Existing deployments can also benefit from this new limit if users choose to scale up.
To adjust capacity, refer to Adjusting Capacity.
To learn more about capacity restrictions, refer to Capacity Restrictions.
An NGINXaaS deployment can now serve static content. See Hosting Static Content for details.
In the Microsoft Azure portal, you can create a static public IP address from an IP prefix. This release of NGINXaaS introduces support for attaching public IP addresses associated with a public IP prefix to your NGINXaaS deployments.
NGINXaaS new deployments will now include a default configuration, providing a smoother setup experience compared to the previous empty configuration.
To learn more about configuration, refer to Upload an NGINX Configuration.
NGINXaaS now supports new directives. For a complete list of allowed directives, see the Configuration Directives List.
NGINXaaS for Azure allowed users to create deployments with a maximum capacity of 80 NCUs under the Standard plan. A recent change now allows users to deploy up to 160 NCUs. Existing NGINXaaS deployments should also scale up to 160 NCUs.
To adjust capacity, refer Adjusting Capacity.
To learn more about capacity restrictions, refer to Capacity Restrictions.
NGINXaaS for Azure now automatically retrieves renewed certificates from Azure Key Vault and applies them to your NGINX deployment. To learn more about this new feature, refer to Certificate Rotation.
Key Vault’s certificate merge command puts the server certificate as the last certificate in the generated PFX but NGINX requires that it be the first one in the generated PEM. NGINXaaS will dynamically reorder the certificates to be in chain order with the server certificate first.
To configure NGINX to handle UDP traffic, specify the stream directive in your NGINX configuration.
stream {
server {
listen 53 udp;
# ...
}
# ...
}To learn more about load balancing UDP traffic with NGINX, see TCP and UDP Load Balancing.
An NGINXaaS deployment can now accept configurations larger than 60kB.
NGINXaaS now allows the ssl_preread directive and most directives from the ngx_http_fastcgi_module module. For a complete list of allowed directives, see the Configuration Directives List.
NGINXaaS for Azure is now available in the following additional regions:
- West US 3
See the Supported Regions documentation for the full list of supported regions.
To configure NGINX to handle TCP traffic, specify the stream directive in your NGINX configuration.
stream {
server {
listen 12345;
# ...
}
# ...
}To learn more about load balancing TCP traffic with NGINX, see TCP and UDP Load Balancing.
NGINXaaS can now be configured as a gateway for gRPC services. Refer to NGINX’s gRPC module for more information.
NGINXaaS can now serve client requests through HTTP/2 connections. NGINX only supports HTTP/2 on the client side and does not support HTTP/2 to upstreams.
http {
server {
listen 443 ssl http2;
ssl_certificate server.crt;
ssl_certificate_key server.key;
# ...
}
}To get started using HTTP/2 and NGINXaaS, add a Managed Identity to your deployment and create SSL/TLS Certificates. For more information on using NGINX with HTTP/2, see the HTTP/2 module.
NGINXaaS now accepts NGINX directives to secure traffic between NGINX and upstream using SSL/TLS certificates.
Refer to Securing Upstream Traffic for more details on how to configure NGINXaaS with these directives.
NGINXaaS now accepts requests on ports in addition to 80 and 443. Inbound ports are specified in the NGINX configuration using the listen directive.
NGINXaas can be configured to accept requests on up to 5 unique ports.
http {
server {
listen 8080;
# ...
}
}Update the network security group’s inbound security rules associated with the NGINXaaS deployment’s subnet to allow inbound traffic for all listen ports in the NGINX configuration.
See our NGINX configuration overview document for limits on how many unique ports may be specified in a configuration and a list of restricted ports.
After adding a managed identity to a deployment, the deployment transitions from an Accepted state to a Succeeded state only after the operation to add the managed identity succeeds. The user can then proceed to configure the deployment.
Refer to the auth_jwt_key_file and auth_jwt_require documentation for more information on using these directives.
Previously, NGINXaaS only accepted PEM formatted certificates. Now, both PEM and PKCS12 certificates are supported.
For information on storing the state of a key-value database with a state file, see keyval_zone’s documentation.
We are pleased to announce the general availability of NGINXaaS for Azure, a first-party-like experience as a service co-developed by Microsoft and NGINX and tightly integrated into the Azure ecosystem.
NGINXaaS, powered by NGINX Plus, is a fully managed service that removes the burden of deploying your own NGINX Plus cluster, installing libraries, upgrading, and managing it.
NGINXaaS simplifies the process of moving your existing NGINX configuration to the Azure cloud. Once your configurations are moved to Azure, securely manage SSL/TLS certificates and keys stored in Azure Key Vault and reference them within your NGINX configurations. You can watch your application’s traffic in real time with Azure monitoring and alerts, and scale your deployment to fit your needs, maximizing cost efficiency. You can create, update, and delete your NGINXaaS deployment using the Azure Resource Manager, the Azure SDK, CLI, and Terraform in addition to the Azure portal.
Our new “Standard” plan is ready for production workloads.
To learn more, refer to the following NGINXaaS documentation:
- NGINXaaS for Azure overview
- NGINXaaS, NGINX Plus, and NGINX Open Source feature comparison
- NGINXaaS billing details