nginx

Application Isolation With NGINX Unit One of the most recent developments in NGINX Unit’s feature set is the support for application isolation, introduced in version 1.11.0 and implemented via Linux namespaces. It was announced just a few weeks ago, and there’s a reason for that: the developer behind the feature, Tiago de Bem Natel de Moura, joined the NGINX Unit team only this summer. Let’s start with a brief recap of Linux namespaces: essentially, they are a kernel mechanism that enables a group of processes to share several types of system resources separately from the resources shared by other groups of processes. The kernel ensures that processes in a namespace access only the resources assigned to that namespace. Although processes in two different namespaces can share some resources, other resources are “invisible” to processes in the other namespace. The types of resources that [ more… ]

The Microservices World of Tomorrow…Today The current IT landscape is littered with buzzwords competing to be the next big trend that will dominate the future of the industry. Digital transformation, multi‑cloud, and predictive analytics are just a few of the topics that analysts proclaim organizations must consider in the near future, if they aren’t already moving in those directions. The truth is that technology is changing so fast that companies need to be extremely agile to stay ahead of the competition, no matter the industry segment. I’d argue that digital transformation involves focusing time and effort on pivoting towards new technology that can improve business outcomes. Microservices is one technology that is leading the march towards digital transformation in the world of application development. Compared to monolithic applications, a microservices architecture combines individual services, each with its own distinct function. [ more… ]

Addressing the PHP-FPM Vulnerability (CVE-2019-11043) with NGINX A recently reported vulnerability, tracked as CVE-2019-11043, can affect websites that use PHP‑FPM to execute PHP pages. PHP‑FPM usage is particularly common at NGINX‑powered websites because NGINX does not have an in‑process PHP runtime. Instead, NGINX acts as a reverse proxy for application servers and process managers such as PHP‑FPM. The vulnerability lies in PHP‑FPM itself, not NGINX, so the only guaranteed solution is to upgrade to the patched release (or later) of your PHP version: PHP 7.1.33, PHP 7.2.24, or PHP 7.3.11. What Is the Nature of the Vulnerability? NGINX communicates with PHP‑FPM using the FastCGI protocol. Each FastCGI message contains a set of environment variables. One of these, PATH_INFO, is derived from other request parameters. If its value is unexpectedly empty, this can ultimately cause memory corruption in the PHP‑FPM binary. It is possible [ more… ]

APIs Need Secure and Scalable Delivery Too Most discussions of application delivery focus on traditional web‑based applications. Enterprises create web apps (or purchase them from third parties) and deploy them on their websites behind a human‑friendly UI layer so that customers can access goods and services via a browser or mobile device anytime and from anywhere. It’s well‑established that flawless delivery of web apps is critical to a company’s success. Less often discussed is the importance of providing flawless access to application programming interfaces (APIs), which enable applications to communicate directly with one another. Indeed APIs actually underlie much of the traffic on the Internet – when the human user accesses a website, his or her web browser actually makes calls to the web app’s API to request the assets needed to build the web page. Like web apps, many systems [ more… ]