Technical Specs
NGINX Plus is available only as a binary; it is not distributed as source code. For additional platforms and modules, contact us.
| Distribution | Supported on R33 | Supported on R32 | 
|---|---|---|
| AlmaLinux | 8 (x86_64, aarch64) 9 (x86_64, aarch64) | 8 (x86_64, aarch64) 9 (x86_64, aarch64) | 
| Alpine Linux | 3.17 (x86_64, aarch64) (deprecated) 3.18 (x86_64, aarch64) 3.19 (x86_64, aarch64) 3.20 (x86_64, aarch64) (new) | 3.16 (x86_64, aarch64) (deprecated) 3.17 (x86_64, aarch64) 3.18 (x86_64, aarch64) 3.19 (x86_64, aarch64) | 
| Amazon Linux | 2023 (x86_64, aarch64) | 2023 (x86_64, aarch64) | 
| Amazon Linux 2 | LTS (x86_64, aarch64) | LTS (x86_64, aarch64) | 
| CentOS | Not supported | 7.4+ (x86_64) (deprecated) | 
| Debian | 11 (x86_64, aarch64) 12 (x86_64, aarch64) | 11 (x86_64, aarch64) 12 (x86_64, aarch64) | 
| FreeBSD | 13 (amd64) 14 (amd64) | 13 (amd64) 14 (amd64) | 
| Oracle Linux | 8.1+ (x86_64, aarch64) 9 (x86_64) | 7.4+ (x86_64) (deprecated) 8.1+ (x86_64, aarch64) 9 (x86_64) | 
| Red Hat Enterprise Linux (RHEL) | 8.1+ (x86_64, aarch64) 9.0+ (x86_64, aarch64) | 7.4+ (x86_64) (deprecated) 8.1+ (x86_64, aarch64) 9.0+ (x86_64, aarch64) | 
| Rocky Linux | 8 (x86_64, aarch64) 9 (x86_64, aarch64) | 8 (x86_64, aarch64) 9 (x86_64, aarch64) | 
| SUSE Linux Enterprise Server (SLES) | 12 SP5 (x86_64) (deprecated) 15 SP2+ (x86_64) | 12 SP5 (x86_64) 15 SP2+ (x86_64) | 
| Ubuntu | 20.04 LTS (x86_64, aarch64) 22.04 LTS (x86_64, aarch64) 24.04 LTS (x86_64, aarch64) | 20.04 LTS (x86_64, aarch64) 22.04 LTS (x86_64, aarch64) 24.04 LTS (x86_64, aarch64 (new) | 
Dynamic modules are supported on the same distributions as NGINX Plus, unless noted otherwise in the table below.
| Module | Distribution and details | 
|---|---|
| AppProtect | AlmaLinux/Rocky Linux: Not supported Alpine Linux: Not supported Amazon Linux 2: x86_64 only Amazon Linux 2023: Not supported Debian 11: x86_64 only FreeBSD: Not supported Oracle Linux 8: x86_64 only RHEL 8: x86_64 only SLES: Not supported Ubuntu 20.04: x86_64 only | 
| GeoIP | Amazon Linux 2023  Not supported RHEL/Oracle Linux/AlmaLinux/Rocky Linux 8.0+, 9: Not supported FreeBSD: Not supported | 
| GeoIP2 | Amazon Linux 2: Not supported | 
| HA-Keepalived | FreeBSD: Not supported Alpine Linux: Not supported Amazon Linux 2: Not supported Amazon Linux 2023: Not supported | 
| NGINX sync | FreeBSD: Not supported Alpine Linux: Not supported | 
| OpenTelemetry | Amazon Linux 2: Not supported SLES: Not supported | 
NGINX Plus supports the following SSL/TLS protocols:
- SSLv2
- SSLv3
- TLSv1
- TLSv1.1
- TLSv1.2
- TLSv1.3
You can configure which protocols to enable or disable with the ssl_protocols directive.
TLSv1.2 and earlier are supported on all operating systems listed in Supported Distributions.
TLSv1.3 is supported starting from NGINX Plus R17 and is enabled by default in NGINX Plus R29 and later. It requires OpenSSL 1.1.1 or higher. Note that not all operating systems supported by NGINX Plus include OpenSSL 1.1.1. Check your operating system’s documentation to confirm TLSv1.3 compatibility.
TLSv1.2 and TLSv1.3 are the default SSL protocols starting from NGINX Plus R34 (if supported by the OpenSSL library). If OpenSSL 1.0.0 or older is used, the default SSL protocols are TLSv1 and TLSv1.1.
- Bare metal
- Container
- Public cloud: AWS, Google Cloud Platform, Microsoft Azure
- Virtual machine
See Sizing Guide for Deploying NGINX Plus on Bare Metal Servers
- Core – Control basic functioning (mutexes, events, thread pools, workers, and so on)
- Zone Sync – Synchronize shared memory zones among nodes in a cluster
- HTTP Core – Process HTTP traffic
- Addition – Prepend and append data to a response
- Auto Index – Generate directory listings
- Charset – Add character set in Content-Typefield of HTTP response header, and define or convert between character sets
- Empty GIF – Generate empty image response
- Gunzip – Decompress responses for clients that don’t support compression
- Gzip – Use GZIP to compress HTTP responses
- Gzip Static – Serve pre-compressed files from disk
- Headers – Add fields to HTTP response headers, including Cache-ControlandExpires
- Index – Specify index files used in directory requests
- Internal Redirect – Allow internal redirects after checking request or connection processing limits, and access limits
- Random Index – Select random index file for directory request
- Real IP – Determine true origin IP address for proxied traffic
- SSI – Process Server Side Includes (SSI) commands
- User ID – Set cookies that uniquely identify clients
- WebDAV – Implement WebDAV file management
- Access – Control access based on client IP address (support access control lists [ACLs])
- Auth Basic – Implement HTTP Basic Authentication scheme
- Auth JWT – Validate JSON Web Tokens
- Auth Request – Determine client authorization using subrequests to external authentication server
- OIDC – Implement authentication as a Relying Party in OpenID Connect solution
- Referer – Control access based on Refererfield in HTTP request header
- Secure Link – Process encrypted, time-limited links to content
- Browser – Create variables based on User-Agentfield in HTTP request header
- Cache Slice – Create byte-range segments of large files, for more efficient caching
- Geo – Create variables based on client IP address
- Map – Create variables based on other variables in requests
- Rewrite – Test and change URI of request
- Split Clients – Partition clients for A/B testing
- Sub – Replace text string in response (rewrite content)
- Log – Log HTTP transactions locally or to syslog
- Session Log – Log HTTP transactions aggregated per session
- F4F – Stream HDS (Adobe HTTP Dynamic Streaming; filename extensions .f4f, .f4m, .f4x)
- FLV – Stream FLV (Flash Video; filename extension .flv)
- HLS – Stream HLS (Apple HTTP Live Streaming; filename extensions .m3u8, .ts) dynamically generated from MP4 or MOV (filename extensions .m4a, .m4v, .mov, .mp4, and .qt)
- MP4 – Stream MP4 (filename extensions .m4a, .m4v, .mp4)
- Streaming of RTMP and DASH is provided by the third-party RTMP module
- FastCGI – Proxy and cache requests to FastCGI server
- gRPC – Proxy requests to gRPC server
- Memcached – Proxy requests to memcached server
- Mirror – Send copy of requests to one or more additional servers
- Proxy – Proxy and cache requests to HTTP server
- SCGI – Proxy and cache requests to SCGI server
- Upstream – Proxy and cache requests to load-balanced pool of servers
- Upstream Health Checks – Verify servers in load-balanced pool are operational
- uwsgi – Proxy and cache requests to uwsgi server
- Limit Connections – Limit concurrent connections from a client IP address or other keyed value
- Limit Requests – Limit rate of request processing for a client IP address or other keyed value
- Limit Responses – Limit rate of responses per client connection
- Mail Core – Proxy mail traffic
- Auth HTTP – Offload authentication processing from HTTP server
- IMAP – Implement capabilities and authentication methods for IMAP
- POP3 – Implement authentication methods for POP3 traffic
- Proxy – Support proxy-related parameters for mail protocols
- SMTP – Define accepted SASL authentication methods for SMTP clients
- SSL/TLS – Implement SSL, STARTTLS, and TLS for mail protocols
- NGINX Plus API – Provide REST API for accessing metrics, configuring upstream server groups dynamically, and managing key-value pairs, without the need to reload NGINX configuration
- Key-Value Store – Create variables with values taken from key-value pairs managed by the NGINX Plus API
- Management – Configure licensing and usage reporting of NGINX Plus installation to F5 licensing endpoint or NGINX Instance Manager
- Stream – Process TCP and UDP traffic
- Access – Support IP-based access control lists (ACLs)
- Geo – Create variables based on client IP address
- Limit Conn – Limit concurrent connections by key
- Log – Log TCP and UDP transactions
- Map – Create variables based on other variables in requests
- MQTT Preread – Forward MQTT traffic without processing it
- MQTT Filter – Process Message Queuing Telemetry Transport protocol (MQTT) protocol
- Proxy – Proxy requests to TCP and UDP servers
- Pass – Pass any accepted client connection to any configured listening socket in http, stream, mail, and other similar modules
- Real IP – Determine true origin IP address for proxied traffic
- Return – Return specified value to client and close connection
- Split Clients – Partition clients for A/B testing
- SSL/TLS – Process TCP traffic secured with SSL/TLS
- SSL/TLS Preread – Forward TCP traffic secured with SSL/TLS without decrypting it
- Upstream – Proxy and cache traffic to load-balanced pool of servers
- Upstream Health Checks – Verify servers in load-balanced pool are operational