Last checked and updated on 13 Jun 2026
What Is New in NGINX 1.30
The stable NGINX 1.30 release integrates significant features and fixes from the 1.29.x mainline branch. This table summarizes the key updates.
| Category | Key Changes |
|---|---|
| New Features | Early Hints (103 status code), HTTP/2 proxying to upstream servers, Encrypted ClientHello (ECH), Sticky sessions for upstreams, Multipath TCP (MPTCP) support. |
| Core Improvements | Default proxy HTTP version changed to HTTP/1.1 with keepalive connections enabled. The ssl_conf_command directive support was added. |
| Bug Fixes | Multiple fixes across HTTP, Stream, Mail modules, and the core system for stability and correctness. |
How does Early Hints improve page load performance?
Early Hints allows NGINX to send a 103 Interim Response header while it prepares the full final response. This lets browsers preload critical resources like CSS or JavaScript much earlier.
You enable it with the http2_push_preload directive or by using the Link header with rel=preload. In practice, this reduces Largest Contentful Paint (LCP) times for sites with heavy backend processing. The feature builds on HTTP/2 or HTTP/3, so your connection must support one of those.
Can NGINX now use HTTP/2 when talking to backend servers?
Yes, NGINX 1.30 can communicate with upstream servers using HTTP/2. Previously, proxy connections were limited to HTTP/1.1 or fastcgi. This matters because it reduces latency and improves throughput for modern backends.
Set proxy_http_version 2; in your location block. You'll also need to configure proxy_set_header directives appropriately. This is a game-changer for microservices architectures where backends also speak HTTP/2.
What is Encrypted ClientHello (ECH) and how is it configured?
Encrypted ClientHello is a TLS extension that hides the Server Name Indication (SNI), enhancing privacy by preventing eavesdroppers from seeing which site you're connecting to. NGINX 1.30 adds support for it.
Configuration is done via the ssl_conf_command directive. For example: ssl_conf_command Options ECH;. This feature requires TLSv1.3 and compatible client/browser support. It's a step forward for making TLS handshakes completely private.
How do sticky sessions work for upstream load balancing?
Sticky sessions use a cookie or an internal routing key to persistently send a client to the same upstream server. This is crucial for stateful applications that can't share session data across servers easily.
The new sticky directive in the upstream block defines the method, like cookie or route. It's more flexible and integrated than older third-party modules. You'll still need a strategy for handling server failures, as the stickiness isn't fault-tolerant by itself.
Is Multipath TCP (MPTCP) ready for production use with NGINX?
MPTCP support allows a single TCP connection to use multiple network paths, increasing redundancy and throughput. NGINX 1.30 includes experimental support in the Stream module.
You enable it with the listen directive's mptcp parameter. This requires kernel support and client compatibility. For now, consider it for specific use cases like mobile networks, not as a default for all traffic.
FAQ
Does the new default proxy HTTP version (1.1 with keepalive) break existing configurations?
No, it's backward compatible. The change from HTTP/1.0 to HTTP/1.1 as the default means connections to backends are now reused by default, which should improve performance without any config changes. If you depend on the old short-lived behavior, you can explicitly set proxy_http_version 1.0;.
What's the simplest way to test Early Hints?
Add a Link header in your backend response or use the http2_push_preload directive with http2_push. Then check your browser's network tab for a 103 status code. Tools like curl with the --head flag can also show it.
Can I use both sticky sessions and health checks for upstreams?
Yes, they work together. Health checks will mark a server down, and the sticky session logic should then route new requests to a healthy server. Existing sticky assignments might be broken if a server fails, so session data should be resilient.
Are there any new variables or directives for logging with these features?
The release notes mention several new variables, like $ssl_ech for Encrypted ClientHello status. Check the official docs for the full list. Always verify variable availability in your specific module configuration context.
Is HTTP/2 to backend supported for both SSL and non-SSL upstreams?
Yes, HTTP/2 proxying works for both. For SSL upstreams, you'll configure proxy_ssl parameters as usual. The protocol negotiation is handled by the ALPN extension during the TLS handshake with the backend.