About§
NGINX Unit is a polyglot app server, a reverse proxy, and a static file server, available for Unix-like systems. It was built by nginx team members from scratch to be highly efficient and fully configurable at runtime.
The latest version is 1.25.0, released on August 19, 2021.
The sources are distributed under the Apache 2.0 license.
Commercial support is available from NGINX, Inc.
Key Features§
Flexibility§
- Entire configuration is managed dynamically over HTTP via a user-friendly RESTful JSON API
- Updates to the configuration are performed granularly at runtime with zero interruption
- Requests are routed between static content, upstream servers, and local apps
- Requests are filtered and dispatched with complex matching rules that support regular expressions
- Apps in multiple languages and language versions run side by side
- App runtimes seamlessly support common language-specific APIs for each supported language
- Upstream server groups enable dynamic load balancing using a weighted round-robin method
- Originating IP identification supports
X-Forwarded-Foror similar header fields
Performance§
- Requests are asynchronously processed in threads with efficient event loops (epoll/kqueue)
- Syscalls and data copy operations are kept to a necessary minimum
- 10,000 inactive HTTP keep-alive connections take up only a few MBs of memory
- Router and app processes rely on low-latency IPC built with lock-free queues over shared memory
- The number of per-app processes is defined statically or scales preemptively within given limits
- Multithreaded request processing can be enabled for Java, Perl, Python, and Ruby apps
Security & Robustness§
- Client connections are handled by a separate non-privileged router process
- Low-resource conditions (out of memory or descriptors) and app crashes are handled gracefully
- SSL/TLS with SNI, session cache and tickets is supported seamlessly (OpenSSL 1.0.1 and later)
- Different apps are isolated in separate processes
- Apps can be containerized with namespace and file system isolation
- Static file serving can benefit from chrooting, symlink and mount point traversal restrictions
Supported App Languages§
- Assembly: via the embedded libunit library
- Go: by overloading the http module
- JavaScript (Node.js): by automatically overloading the http and websocket modules
- Java: via the Servlet Specification 3.1 and WebSocket APIs
- Perl: via PSGI
- PHP: via a custom SAPI module
- Python: via WSGI and ASGI with WebSocket support
- Ruby: via the Rack API
Reporting Issues§
All security-related issues concerning Unit should be reported to security-alert@nginx.org. For our mutual convenience, consult the CVSS v3.1 specification before reporting an issue.
With other issue types, please refer to Troubleshooting for guidance.