nginx

Integrating Fortanix Self-Defending KMS with NGINX and NGINX Plus

2020-08-26 KENNETH 0

Integrating Fortanix Self-Defending KMS with NGINX and NGINX Plus If you have a large number of NGINX servers, it can be a challenge to manage their TLS keys and certificates. One solution is to manage them centrally with a key management system (KMS), one example of which is a hardware security module (HSM). Enterprises with modern applications deployed in public or hybrid clouds need a KMS that is cloud‑agnostic, highly secure, scalable, and highly available so it can offload crypto operations from web applications deployed on a variety of platforms across the globe. In the interest of maximum security, many organizations want full control and ownership of the KMS and its operations, which rules out many cloud HSMs and SaaS offerings. The Fortanix Self‑Defending Key Management Service™ (Self‑Defending KMS) meets all of these requirements: Cloud‑agnostic – Can be accessed by applications [ more… ]

No Image

Real-Time APIs: Stories from the Real World

2020-08-19 KENNETH 0

Real-Time APIs: Stories from the Real World Real‑time APIs have become part of our daily lives. From ordering food from to buying and selling stocks using our mobile phones, many day-to-day activities entail interaction with real‑time APIs. But what does this look like from the perspective of the API publisher? What market demands are driving companies to serve APIs in real time? How are NGINX customers achieving real‑time performance? Let’s look at some examples. Managing API Traffic at Scale for a Microservices‑Based Application Situation African Bank was founded in 2016 in South Africa to provide digital banking services to underserved and rural customers. They built a modern application using microservices from the ground up. Challenge A sophisticated microservices architecture based on a reference architecture from NGINX provided speed-to-market and cost advantages, but introduced complexity around API scalability and inter‑service communication. Solution [ more… ]

A Reference Architecture for Real-Time APIs

2020-08-13 KENNETH 0

A Reference Architecture for Real-Time APIs In a previous blog, we showed how real‑time APIs play a critical role in our lives. As companies seek to compete in the digital era, APIs become a critical IT and business resource. Architecting the right underlying infrastructure ensures not only that your APIs are stable and secure, but also that they qualify as real‑time APIs, able to process API calls end-to-end within 30 milliseconds. API architectures are broadly broken up into two components: the data plane, or API gateway, and the control plane, which includes policy and developer portal servers. A real‑time API architecture depends mostly on the API gateway, which acts as a proxy to process API traffic. It’s the critical link in the performance chain. API gateways perform a variety of functions including authenticating API calls, routing requests to the right backends, [ more… ]

No Image

Announcing the First NGINX for Good Hackathon

2020-08-12 KENNETH 0

Announcing the First NGINX for Good Hackathon This September we will be holding our first NGINX for Good hackathon, and we’re excited. As the name “NGINX for Good” indicates, we’re inviting participants to build a website or application that helps others, with the site or app running on our dynamic application server, NGINX Unit. Perhaps you have an idea to help underprivileged youth, homeless people, or those struggling with the impacts of COVID‑19. Maybe you want to tackle an issue like climate change or social justice. There’s no limit to what you can do, and it can apply at any scale – your local neighborhood or town, a community in need, or people around the world. Who The hackathon is open to anyone who’s developed code, or has a good idea: you don’t have to be an expert developer to participate. Come [ more… ]

No Image

Filesystem Isolation in NGINX Unit

2020-08-11 KENNETH 0

Filesystem Isolation in NGINX Unit In November 2019 (which already seems like half a century ago) we announced the addition of namespace isolation to NGINX Unit. Now we’re here to discuss the most recent addition to the isolation mechanism, namely the rootfs option of the isolation object. As mentioned in the blog post announcing NGINX Unit 1.18.0, the rootfs option enables you to designate an arbitrary directory as the filesystem root of an application. Thus, you can configure and run apps as lightweight, on‑demand containers, improving their security, isolating them from each other and the underlying OS, and enhancing the granularity of your infrastructure. Yet, this power doesn’t come without responsibilities. Caveats and Technicalities Perhaps the most important thing to mention is that the rootfs feature is available only on Linux and Unix‑based systems that support bind mounts or the nullfs filesystem. [ more… ]