Does managing your application stack feel like a mission to Mars?
When it comes to the size of your app stack, less is more
An NGINX Project
When building web applications, we typically build out a stack of reverse proxies, web servers, and application servers. NGINX Unit puts everything you need to build cloud-native applications in a single server component.
Overcome the antipattern of co-locating microservices in a single container because Unit has a single daemon that manages multiple applications.
A cloud-native monolith might sound like an oxymoron, but it isn’t!
Unit brings RESTful configuration, a container-friendly footprint, and modern TLS implementation to traditional apps.
Modernize your enterprise Java apps with NGINX Unit.
Delivering true end-to-end TLS requires certificate management at the application runtime. Unit makes it easier to manage TLS certificates, decoupling them from the application without exposing the plaintext.
Bring cgroup isolation, chrooted environments and separate runusers to your applications even if you’re not using containers.
"listeners": {
"*:443": {
"pass": "routes"
},
"*:8081": {
"pass": "application/blogs"
},
}
High performance, open source HTTP engine written by the original NGINX team, and inspired by over a decade of learnings from the world's most popular web server.
Natively run applications in seven different languages. Control your entire application configuration, from the network layer, through to the runtime. Deploy a single application, or easily co-locate multiple microservices in a single container.
Applications are independently isolated with cgroups, chrooted environments and segregated user accounts.
Unit supports applications written in Java, Go, Node.JS, PHP, Perl, Python & Ruby.
"applications": {
"blogs": {
"type": "php",
"targets": {
"direct": {
"root": "/www/blogs/"
}
},
},
"login": {
"type": "python",
"path": "/www/login",
"module": "oauth",
},
}
"routes": [
{
"action": {
"share": "/sites/${host}${uri}"
}
}
]
A cloud-native web server with simple JSON configuration. To augment server-side code or deliver complete single page applications.
Some application URIs are served elsewhere. Unit can proxy and load balance to backend services without the need to deploy a separate reverse proxy.
"upstreams": {
"files-backend": {
"servers": {
"192.168.0.1:80": {},
"192.168.0.2:80": {
"weight": 0.5
}
}
}
}
"certificates": {
"bundle": {
"key": "RSA (4096 bits)",
"chain": [
{
"subject": {
"common_name": "example.com",
},
"issuer": {...},
"validity": {...},
}
]
}
}
Terminate TLS connections within the same daemon as that is running the application code to ensure no plaintext is passed across network interfaces. Without any changes to application.
Unit automatically matches TLS certificates to incoming requests, removing the effort of painstakingly associating private keys and certificates with virtual servers.
Change one part of Unit's configuration, or replace it entirely, with a single HTTP request. Everything is controlled with a simple JSON/REST interface, and all changes are immediately applied without disrupting in-flight requests.
$ curl -X PUT --data-binary
@unitconf.json localhost:8080/config
{
"success": "Reconfiguration done."
}
$_
Unit is written in pure C with minimum external dependencies and puts a focus on performance, low latency, and scalability. We utilize a complex, asynchronous, multithreading architecture comprising multiple processes to achieve security and robustness while getting the most out of modern computing platforms. We minimize syscalls and use lock-free queues over shared-memory IPC to communicate with application processes with almost zero overhead.
