Nginx adds OAuth 2 authentication, other tools to its application delivery platform

Open-source web server provider Nginx has launched Plus R8 with features the company says will improve the delivery and operation of complex and high-performance web applications.
Written by Asha Barbaschow, Contributor

Nginx on Tuesday released its latest product offering, the Plus R8, which includes an initial release of OAuth 2-based authentication.

Nginx CEO Gus Robertson said that many of today's most popular sites and applications, like Spotify and Uber, use the OAuth 2 authorisation framework to allow its users to log in to its application by using existing credentials from an identity provider.

"With both user expectation and competition high, developers and organisations must deliver their applications with the maximum performance and uptime, or risk losing out to a competitor who can," he said.

When Robertson joined the Russian-founded company in 2011, the company provided the web server -- or reverse proxy -- for around 60 million websites globally. As of this month, Nginx is pushing 157 million.

Nginx has been successful because it is very fast, as Nginx does not spawn new processes or threads for each web page request, and it also uses far fewer resources than Apache or Microsoft Internet Information Server (IIS).

"Apache is a process-driven architecture which means that every time it creates a connection it blocks a certain amount of CPU and memory for that connection which limits the amount of connections it can handle," Robertson said.

"Nginx can handle ten, to a hundred, even a thousand times more connections than Apache can.

"Apache was written in the early 90s and it was built for a different world and a different type of web. Now we're looking at things like Uber, Netflix, and Facebook where there are billions of users at once on Facebook -- that's a different paradigm."

Robertson touted Nginx being used by large number of retailers, as well as sites such as Pinterest, Instagram, and Tumblr.

"Anyone that takes a credit card transaction over the internet typically is using Nginx because of the security," he said.

"Anywhere you are entering a username or password, or anywhere where confidential or private information is travelling across the web, you want to encrypt that and you want to protect that, and that's where Nginx plays a strong role. Google is now rating websites that have HTTPS above others that don't -- so if you don't have a secure website, your ranking in Google is going to go south."

In addition to OAuth 2 authentication, Nginx's update also adds fully supported implementation of HTTP/2, with Nginx previously assisting open-source developers to work on their implementation.

"HTTP/2 is the first change in internet protocol in over 20 years," Robertson said. "So we've built that into Nginx and have been running that through the open source community to create a better delivery method ... in this release we have put HTTP/2 as production-ready," Robertson said.

"All of the workarounds that websites needed to do to increase performance are now built in as a standard part of the protocol -- in fact those workarounds will now negatively impact your site such as encryption, de-sharding, multiplexing."

Despite this new industry standard being labelled a game changer for a business by improving website performance by up to 30 percent, Robertson said that the end user should not notice anything other than greater performance, greater speed, and a secure website.

HTML5 video caching has also been added to Nginx Plus R8 as a result of the increasing demand for instant content from services such as Netflix.

"Media streaming, or over the top network such as Netflix, are running videos on demand -- Nginx is a default standard for delivering video over the internet," he said.

The Australian ex-pat said that streaming services use HTML5 to stream video to their users as it plays the video directly in the browser, which eliminates the need for browser plugins, which can ultimately open the user up to security vulnerabilities.

Nginx has also added persistent upstream configuration API which allows organisations to add or remove upstream servers without restarting Nginx.

Editorial standards