2023

Learn about the updates, new features, and resolved bugs in F5 NGINX as a Service for Azure during the year 2023.

To see the latest changes, visit the Changelog page.

To see a list of currently active issues, visit the Known issues page.

  • NGINXaaS for Azure now supports new metrics

    NGINXaaS now supports the following metrics derived from NGINX Plus statistics introduced in

    API version 8:

    • SSL statistics for each HTTP upstream and stream upstream
    • SSL statistics for each HTTP server zone and stream server zone
    • Extended statistics for SSL endpoint

    API version 9:

    • Per-worker connection statistics including accepted, dropped, active and idle connections, total and current requests

    For a complete catalog of metrics, see the Metrics Catalog.

  • NGINXaaS for Azure now supports NGINX config dry-run

    NGINXaaS now supports the NGINX config dry-run. See the Config Validation documentation for instructions on how to use it.

  • NGINXaaS for Azure now supports the Image-Filter dynamic module

    NGINXaaS now supports the Image-Filter dynamic module. For a complete list of allowed directives, see the Configuration Directives List.

  • NGINXaaS for Azure is now generally available in more regions

    NGINXaaS for Azure is now available in Japan East.

    See the Supported Regions documentation for the full list of regions where NGINXaaS for Azure is available.

  • NGINXaaS for Azure now supports HTTP/3 and QUIC.

    NGINXaaS can now serve client requests through HTTP/3 connections. NGINX only supports HTTP/3 on the client side and does not support HTTP/3 to upstreams. NGINXaaS utilizes the OpenSSL library; however, the OpenSSL compatibility layer it uses does not support early data.

    nginx
    http {
       server {
          # for better compatibility it's recommended
          # to use the same port for http/3 and https
          listen 443 quic reuseport;
          listen 443 ssl;
          ssl_certificate /etc/nginx/foo.pem;
          ssl_certificate_key /etc/nginx/foo.key;
          # ...
       }
    }

    To get started using HTTP/3 and NGINXaaS:

    • Update the network security group associated with the NGINXaaS deployment’s subnet to allow inbound traffic for HTTP/3 UDP ports in the NGINX configuration. See the NGINXaaS limitations, for limits on how many unique ports may be specified in a configuration and a list of restricted ports.

    • Additionally, add a Managed Identity to your deployment and create SSL/TLS Certificates. For more information on using NGINX with HTTP/3, see the HTTP/3 module.

  • NGINXaaS for Azure is now generally available in more regions

    NGINXaaS for Azure is now available in North Europe.

    See the Supported Regions documentation for the full list of regions where NGINXaaS for Azure is available.

  • NGINXaaS for Azure supports new dynamic modules

    NGINXaaS now supports the OpenTelemetry and XSLT modules.

  • NGINXaaS for Azure now supports smaller deployments

    You can now create or scale deployments to a capacity of 10 NCUs, ideal for small workloads.

  • NGINXaaS for Azure maximum capacity increased

    The maximum capacity of NGINXaaS for Azure has been increased from 160 NCUs to 500 NCUs under the Standard plan. Existing deployments can also benefit from this new limit if users choose to scale up.

    To adjust capacity, refer to Adjusting Capacity.

    To learn more about capacity restrictions, refer to Capacity Restrictions.

  • NGINXaaS for Azure now supports serving static content

    An NGINXaaS deployment can now serve static content. See Hosting Static Content for details.

  • NGINXaaS for Azure now supports attaching a Public IP from a Public IP prefix

    In the Microsoft Azure portal, you can create a static public IP address from an IP prefix. This release of NGINXaaS introduces support for attaching public IP addresses associated with a public IP prefix to your NGINXaaS deployments.

  • NGINXaaS for Azure now deploys with a default configuration

    NGINXaaS new deployments will now include a default configuration, providing a smoother setup experience compared to the previous empty configuration.

    To learn more about configuration, refer to Upload an NGINX Configuration.

    • NGINXaaS for Azure now supports more directives

    NGINXaaS now supports new directives. For a complete list of allowed directives, see the Configuration Directives List.

  • NGINXaaS for Azure now supports higher capacity

    NGINXaaS for Azure allowed users to create deployments with a maximum capacity of 80 NCUs under the Standard plan. A recent change now allows users to deploy up to 160 NCUs. Existing NGINXaaS deployments should also scale up to 160 NCUs.

    To adjust capacity, refer Adjusting Capacity.

    To learn more about capacity restrictions, refer to Capacity Restrictions.

  • NGINXaaS for Azure automatically rotates SSL/TLS certificates

    NGINXaaS for Azure now automatically retrieves renewed certificates from Azure Key Vault and applies them to your NGINX deployment. To learn more about this new feature, refer to Certificate Rotation.

  • Improve compatibility with Azure Key Vault certificates generated through merging from an external provider (e.g. keyvault-acmebot)

    Key Vault’s certificate merge command puts the server certificate as the last certificate in the generated PFX but NGINX requires that it be the first one in the generated PEM. NGINXaaS will dynamically reorder the certificates to be in chain order with the server certificate first.

  • Support NGINX log_not_found directive (docs)

  • NGINXaaS can now proxy and load balance UDP traffic.

    To configure NGINX to handle UDP traffic, specify the stream directive in your NGINX configuration.

    nginx
    stream {
       server {
          listen 53 udp;
          # ...
       }
       # ...
    }

    To learn more about load balancing UDP traffic with NGINX, see TCP and UDP Load Balancing.

  • NGINXaaS for Azure accepts configurations larger than 60kB

    An NGINXaaS deployment can now accept configurations larger than 60kB.

  • NGINXaaS for Azure supports new directives

    NGINXaaS now allows the ssl_preread directive and most directives from the ngx_http_fastcgi_module module. For a complete list of allowed directives, see the Configuration Directives List.

  • NGINXaaS for Azure is now generally available in more regions

    NGINXaaS for Azure is now available in the following additional regions:

    • West US 3

    See the Supported Regions documentation for the full list of supported regions.

  • NGINXaaS can now proxy and load balance TCP traffic.

    To configure NGINX to handle TCP traffic, specify the stream directive in your NGINX configuration.

    nginx
    stream {
       server {
          listen 12345;
          # ...
       }
       # ...
    }

    To learn more about load balancing TCP traffic with NGINX, see TCP and UDP Load Balancing.

  • NGINXaaS for Azure supports passing traffic to gRPC servers.

    NGINXaaS can now be configured as a gateway for gRPC services. Refer to NGINX’s gRPC module for more information.

  • NGINXaaS for Azure now supports HTTP/2.

    NGINXaaS can now serve client requests through HTTP/2 connections. NGINX only supports HTTP/2 on the client side and does not support HTTP/2 to upstreams.

    nginx
    http {
       server {
          listen 443 ssl http2;
    
          ssl_certificate server.crt;
          ssl_certificate_key server.key;
          # ...
       }
    }

    To get started using HTTP/2 and NGINXaaS, add a Managed Identity to your deployment and create SSL/TLS Certificates. For more information on using NGINX with HTTP/2, see the HTTP/2 module.

  • NGINXaaS can now serve static files with the error_page directive.

  • NGINXaaS can now support NGINX configurations to secure HTTP traffic between NGINX and upstreams

    NGINXaaS now accepts NGINX directives to secure traffic between NGINX and upstream using SSL/TLS certificates.

    Refer to Securing Upstream Traffic for more details on how to configure NGINXaaS with these directives.

  • NGINX configurations may now listen on ports other than 80 and 443.

    NGINXaaS now accepts requests on ports in addition to 80 and 443. Inbound ports are specified in the NGINX configuration using the listen directive.

    NGINXaas can be configured to accept requests on up to 5 unique ports.

    nginx
    http {
       server {
          listen 8080;
          # ...
       }
    }

    Update the network security group’s inbound security rules associated with the NGINXaaS deployment’s subnet to allow inbound traffic for all listen ports in the NGINX configuration.

    See our NGINX configuration overview document for limits on how many unique ports may be specified in a configuration and a list of restricted ports.

  • Deployment configuration now succeeds after adding a managed identity.

    After adding a managed identity to a deployment, the deployment transitions from an Accepted state to a Succeeded state only after the operation to add the managed identity succeeds. The user can then proceed to configure the deployment.

  • Directives auth_jwt_key_file and auth_jwt_require are now supported.

    Refer to the auth_jwt_key_file and auth_jwt_require documentation for more information on using these directives.

    • PKCS12 certificates may now be added to your NGINXaaS deployment.

    Previously, NGINXaaS only accepted PEM formatted certificates. Now, both PEM and PKCS12 certificates are supported.

    • State files may now be used with the keyval_zone directive.

    For information on storing the state of a key-value database with a state file, see keyval_zone’s documentation.

  • Special parameters in map and geo directives are now supported.

  • The match directive is now supported.