NGINX One Update: New Features Released

Published June 13, 2024

We announced NGINX ONE — a SaaS solution for modern application management and delivery — in February 2024 at AppWorld in San Jose, California. NGINX One is the next phase of our journey and an effort to make all NGINX products easier to configure, secure, scale and manage. Since our announcement, we have added many new capabilities to NGINX One that we believe significantly improve the product experience. During the Early Access phase of NGINX One, all of these new capabilities are free, as is the NGINX One service.

Automated Configuration Recommendations Based on Your Config Files

Platform teams and application delivery teams spend a lot of time properly configuring their NGINX deployments. This has long been a source of friction for users. Configuring NGINX has not been as easy as it should be. To address this issue, NGINX One users now can access specific recommendations on how to optimize their instances. We group these recommendations so that platform teams and developers can better understand the purpose, and we highlight these recommended changes. The recommendations are based on NGINX’s own best practices. This can save significant toil and also make it easier to maintain a better security posture. You can see how this works in this 2-minute video.

CVE Detection and Severity to Improve Your Security Posture

At NGINX, we pride ourselves on our CVE transparency and getting fixes out as fast as possible. Commercial solutions from many different vendors scan for unpatched CVE’s, including NGINX CVEs. Because NGINX is so widely deployed (top five most pulled images on docker hub), we wanted to give our customers an easy way to focus on and more easily fix CVE’s in their NGINX fleets.

To address this, we surface CVE’s in two ways in NGINX One. First, when added a “CVEs Detected” column to your instance list with color code indicating severity. This allows you to quickly identify where to put energy making fixes.

Second, we provide a dedicated top-down view of CVE’s as a tile on the NGINX One console home page. This provides a comprehensive overview of your NGINX security posture, including the number of instances impacted and severity. Security and DevOps teams can quickly scan the list to prioritize remediations and be more proactive with their vulnerability fixes.

Clustering: Synchronize Configurations Across Grouped Instances

Before cloud computing, advanced users deployed clustering (using Layer 2 and Layer 3) to group multiple NGINX instances together, achieving high availability, load balancing, and scalability for web applications and services. With cloud computing, load balancing became table stakes. Layer 3 and Layer 2 failover mechanisms fell out of favor. However, the new cloud architecture did not solve the problem of maintaining identical configurations on NGINX instances. Equally challenging, in dynamic environments, simply finding which instances were serving which applications or services, as well as their corresponding IP, DNS and other relevant records, might require reaching out and waiting for multiple teams during a configuration upgrade or CVE patching cycle.

NGINX One now lets you group your NGINX instances into logical groups called Clusters. The Cluster dashboard shows the synchronization status of all instances managed by NGINX One. Changes made to any instance in the cluster will automatically mirror over to all members of the group, automatically synchronizing updates and configuration changes. With Clusters, high availability is click-ops or a brief CLI push, with minimal toil.

New Method for Connecting Containers to NGINX One

NGINX One uses an Agent, a very powerful pattern growing in popularity across the world of tech. NGINX Agent runs as a Linux process and communicates back-and-forth to NGINX and the NGINX One SaaS console. Agent pushes metrics, stats, and observability from NGINX to NGINX One and propagates changes from NGINX One down to NGINX. In the past, you needed to build your own Dockerfile that included Agent to deploy NGINX containerized workloads and connect them to NGINX One. We released an official Image hosted in our private registry to make this easy. We plan to release an Image soon for NGINX Open source, as well.

Update on NGINX One Pricing

After collecting initial feedback from customers, sellers, and our F5 operations functions, we have decided to defer the delivery of a consumption-based pricing model for NGINX One. At launch, we will maintain our current per-instance and per-node pricing models to minimize disruption and provide a seamless transition for existing customers. However, we intend to offer consumption pricing options in the future as we continue to monitor customer needs and incorporate feedback.

Coming Soon…Chatbots, Docker Pulls, Advanced DNS and Multi-Cloud Security!

In the coming months we will be adding many new features to NGINX One. Some things on our roadmap include:

  • Setting up a “docker pull” with pre-built NGINX Plus Agent containers, in public registries and more options for pre-built configurations in our private registries for NGINX Plus
  • Staged configurations that allow you to create configurations and stage them for review, approval and later publication
  • Alerting and notifications on critical items like upcoming certificate expiry, newly found Instances, and other important events such as new CVE’s
  • Application Performance Monitoring for detailed visibility into the performance and behavior of your individual applications including requests, responses, roundtrip times, and other performance indicators — in real-time.
  • SSL certificate management capabilities, including adding, updating, and deleting SSL certificates, as well as viewing all SSL certificates, for both managed and unmanaged NGINX instances.
  • AI-powered chatbots and more in-application engagement including guided tours, interactive configuration help and setup guidance.
  • Expanding NGINX One to connect with NGINX Ingress Controller for Kubernetes clusters and NGINX Unit.
  • Enabling new capabilities that work across both NGINX and F5 Distributed Cloud such as advanced DNS, multi-cloud load balancing and networking, and WAAP (Web Applicaiton and API Protection) Security integration.

Conclusion: A Better Way to NGINX

The beauty of SaaS is that the model allows us to push code changes and new features far more quickly and securely. We are building NGINX One in partnership with our customers and watching closely to see how they use the product to guide our feature prioritization. Our hope is that NGINX One gives all our users a better way to NGINX that saves them toil, simplifies troubleshooting, improves security, and helps them deliver a better application experience to their users. We’ve done a lot in three months and plan to keep our foot on the accelerator, pushing out new features regularly and quickly. So please keep an eye out for changes in NGINX One because it's only going to get better. As always, we welcome your feedback.

Are you a professional interested in trying NGINX One with your own NGINX Plus or NGINX Open Source instances? We invite you to Click here to join the early access waitlist, space is limited, so we recommend that you sign up today.

"This blog post may reference products that are no longer available and/or no longer supported. For the most current information about available F5 NGINX products and solutions, explore our NGINX product family. NGINX is now part of F5. All previous links will redirect to similar NGINX content on"