Ask NGINX | March 2019

Original: https://www.nginx.com/blog/ask-nginx-march-2019/

Last month, we launched a new blog series, Ask NGINX, where every month we share the expertise of our team by answering great questions we’ve received from both our customers and open source users. These questions range from how to use our products in a variety of use cases to how to effectively integrate third‑party tools and platforms with NGINX software.

These answers come from our experts including technical architects, systems engineers, and our award‑winning customer support specialists.

Can I use Nagios with NGINX Open Source and NGINX Plus?

Yes. (For those who don’t know, Nagios is open source and commercially supported software for network, server, and application monitoring.)

Nagios Exchange hosts NGINX plug‑ins from third‑party developers; the descriptions suggest they are for NGINX Open Source. For NGINX Plus customers, the NGINX Plus API outputs an extensive set of metrics in JSON format, which you can easily pass to monitoring tools like Nagios. Nagios Exchange also hosts third‑party JSON plug‑ins, including some for parsing JSON input to Nagios.

Do NGINX Open Source and NGINX Plus support single sign‑on?

Yes! You can enable single sign‑on (SSO) to your apps that are proxied by NGINX Plus, with any implementation of OpenID Connect that complies with the OpenID Connect specifications. OpenID publishes a list of certified OpenID Connect implementations, and we publish a reference implementation that is supported for NGINX Plus customers (see our blog for details).

For NGINX Open Source, SSO is possible with a third‑party module (not supported by NGINX, Inc.). The module implements SPNEGO (defined in RFC 4178) for Kerberos authentication using the Generic Security Service API (GSS‑API). The GSS‑API enables authentication – although not authorization – with tokens passed across non‑secure networks.

Can NGINX Plus be configured to use cookies stored locally, instead of sending them to the client to be presented along with requests?

Yes, this is possible. The cookie can be stored in the NGINX Plus key‑value store, but some information that uniquely identifies the originating client still must be passed to the client. For further assistance and advice, get in touch with our support team.

Do NGINX and NGINX Plus support MQTT?

The Stream module proxies and load balances TCP and so can process MQTT traffic (like HTTP, MQTT is a Layer 7 protocol that uses TCP at the transport layer [Layer 4]). NGINX and NGINX Plus cannot inspect the content of MQTT payloads like it can HTTP payloads, but you can implement that capability with your own JavaScript code and the NGINX JavaScript module. For use cases and sample code, see our blog.

I’ve just upgraded from a trial of NGINX Plus to a paid subscription. What do I do with the license?

In order to continue using NGINX Plus after you upgrade, you must replace the trial certificate with the subscription certificate; otherwise NGINX Plus will fail to start after the trial certificate expires. You can retrieve your subscription certificate from the NGINX Plus Customer Portal. Once you have that, copy it to the /etc/ssl/nginx directory, replacing the trial certificate. NGINX Plus will continue as normal, but if you have any problems with this, contact our support team.

Ask Us!

Got a question for our Ask NGINX series? Leave a comment below or get in touch with our team, and we’d be happy to help!

Retrieved by Nick Shadrin from nginx.com website.