About§
NGINX Unit is a polyglot app server, a reverse proxy, and a static file server, available for Unix-like systems. It was built by nginx team members from scratch to be highly efficient and fully configurable at runtime.
The latest version is 1.27.0, released on June 2, 2022.
The sources are distributed under the
Apache 2.0
license.
Commercial support is available from
NGINX, Inc.
Key Features§
Flexibility§
- The entire configuration is managed dynamically over HTTP via a friendly RESTful JSON API
- Updates to the configuration are performed granularly at runtime with zero interruption
- Requests are routed between static content, upstream servers, and local apps
- Request filtering and dispatching uses elaborate matching rules that allow regular expressions
- Apps in multiple languages and language versions run side by side
- Common language-specific APIs for all supported languages run seamlessly
- Upstream server groups provide dynamic load balancing using a weighted round-robin method
- Originating IP identification
supports
X-Forwarded-For
and similar header fields
Performance§
- Requests are asynchronously processed in threads with efficient event loops (epoll, kqueue)
- Syscalls and data copy operations are kept to a necessary minimum
- 10,000 inactive HTTP keep-alive connections take up only a few MBs of memory
- Router and app processes rely on low-latency IPC built with lock-free queues over shared memory
- The number of per-app processes is defined statically or scales preemptively within given limits
- Multithreaded request processing is supported for Java, Perl, Python, and Ruby apps
Security & Robustness§
- Client connections are handled by a separate non-privileged router process
- Low-resource conditions (out of memory or descriptors) and app crashes are handled gracefully
- SSL/TLS with SNI, session cache and tickets is integrated (OpenSSL 1.0.1 and later)
- Different apps are isolated in separate processes
- Apps can be additionally containerized with namespace and file system isolation
- Static file serving benefits from chrooting, symlink and mount point traversal restrictions
Supported App Languages§
Unit interoperates with:
- Binary-compiled languages in general: using the embedded libunit library
- Go: by overriding the http module
- JavaScript (Node.js): by automatically overloading the http and websocket modules
- Java: using the Servlet Specification 3.1 and WebSocket APIs
- Perl: using PSGI
- PHP: using a custom SAPI module
- Python: using WSGI or ASGI with WebSocket support
- Ruby: using the Rack API
Reporting Issues§
Please report any security-related issues concerning Unit to security-alert@nginx.org. For our mutual convenience, specifically mention NGINX Unit in the subject and follow the CVSS v3.1 specification.
With other issue types, please refer to Troubleshooting for guidance.