Managing NGINX Configuration at Scale with Instance Manager

Jason Clopper Thumbnail
Jason Clopper
Published March 20, 2023

Since releasing NGINX Instance Manager in early 2021, we have continually added functionality based on feedback from our users about their top priorities and pain points. Instance Manager is now the core module of NGINX Management Suite, our collection of management‑plane modules which make it easier to manage and monitor NGINX at scale. After two years of focused work, today’s Instance Manager is, quite simply, better than ever.

Some of the most notable recent enhancements to Instance Manager are:

  • Remote configuration and configuration groups to help you scale
  • Robust and granular role‑based access control (RBAC) to empower multiple teams to manage their deployments
  • Improved monitoring options that offer more flexibility and deeper insight
  • Enhanced security with capabilities for monitoring and managing NGINX App Protect WAF

In this post we focus on the enhancements to Instance Manager’s configuration‑management features. One of biggest reasons for NGINX’s popularity is the wide range of use cases it covers, from web serving and content caching to reverse proxying and load balancing. As you scale out your NGINX deployment across more use cases, configurations grow more complex and diverse across your NGINX estate, and accurately setting and tracking them manually becomes tedious and prone to errors.

Instance Manager greatly eases scaling as a centralized control station for remote management of your entire NGINX fleet. It helps ensure that your customers have a consistent and high‑quality user experience no matter how complex your systems become.

In this post we focus on three Instance Manager configuration‑management features that help you scale.

Remote Configuration Management Saves Time

With Instance Manager, you manage all your NGINX Open Source and NGINX Plus configurations remotely from a single pane of glass. You can navigate among hundreds of managed NGINX instances to make updates and monitor status and traffic, either using the web interface or the API. The API makes it easy to integrate NGINX configuration management into your CI/CD pipeline.

The configuration editor built into the web interface is powered by the open source Monaco editor and makes it easy to edit NGINX configuration. The Instance Manager Analyzer automatically highlights errors as you edit and recommends fixes based on best practices.

Screenshot of configuration editor in NGINX Management Suite Instance manager 2.8.0

With instance groups, you can apply the same configuration to multiple instances. This makes scaling much easier because you maintain just a single copy of the configuration and apply it to all instances in the group with the single press of a button. As you create additional instances, add them to an instance group during onboarding for instant application of the correct configuration.

With staged configurations, you can create a configuration from scratch or copy the configuration from an individual instance, and save it to be deployed later on one or more instances.

Efficient SSL/TLS Certificate Management Maintains Security

Secure communication between NGINX instances and their clients relies on proper management of SSL/TLS certificates and their associated keys. Expired or invalid certificates can put the integrity of your entire organization at risk.

With Instance Manager you can conveniently track, manage, and deploy SSL/TLS certificates on all your instances, using either the web interface or API. The web interface highlights any certs that are expired or are expiring soon, helping you avert costly and time‑consuming outages.

Role-Based Access Control Improves Workflows

As they adopt DevOps practices, organizations are increasingly delegating responsibility for app and infrastructure management to development teams. This makes it more complicated, but no less critical, to ensure that the right users have the right levels of access. With Instance Manager, you can seamlessly integrate your single sign‑on (SSO) solution and use role‑based access control (RBAC) to create “swim lanes” for different teams.

RBAC ensures that security and compliance policies are properly enforced, but also empowers teams to manage their own resources. You can create roles that assign permissions broken down along both functional and resource lines.

With RBAC, teams can focus on their areas of expertise and therefore work faster and more efficiently. At the same time, administrators can be assured that the entire organization is adhering to important guidelines and policies.

Get Started

The recent enhancements to Instance Manager’s tools for managing remote configurations, SSL/TLS certificates, and access control make it easier and more convenient than ever to manage your NGINX fleet as it scales.

To try Instance Manager for yourself, start a 30-day free trial of NGINX Management Suite. You can also trial NGINX Plus for production‑grade traffic management.

"This blog post may reference products that are no longer available and/or no longer supported. For the most current information about available F5 NGINX products and solutions, explore our NGINX product family. NGINX is now part of F5. All previous links will redirect to similar NGINX content on"