nginx

Addressing the PHP-FPM Vulnerability (CVE-2019-11043) with NGINX A recently reported vulnerability, tracked as CVE-2019-11043, can affect websites that use PHP‑FPM to execute PHP pages. PHP‑FPM usage is particularly common at NGINX‑powered websites because NGINX does not have an in‑process PHP runtime. Instead, NGINX acts as a reverse proxy for application servers and process managers such as PHP‑FPM. The vulnerability lies in PHP‑FPM itself, not NGINX, so the only guaranteed solution is to upgrade to the patched release (or later) of your PHP version: PHP 7.1.33, PHP 7.2.24, or PHP 7.3.11. What Is the Nature of the Vulnerability? NGINX communicates with PHP‑FPM using the FastCGI protocol. Each FastCGI message contains a set of environment variables. One of these, PATH_INFO, is derived from other request parameters. If its value is unexpectedly empty, this can ultimately cause memory corruption in the PHP‑FPM binary. It is possible [ more… ]

APIs Need Secure and Scalable Delivery Too Most discussions of application delivery focus on traditional web‑based applications. Enterprises create web apps (or purchase them from third parties) and deploy them on their websites behind a human‑friendly UI layer so that customers can access goods and services via a browser or mobile device anytime and from anywhere. It’s well‑established that flawless delivery of web apps is critical to a company’s success. Less often discussed is the importance of providing flawless access to application programming interfaces (APIs), which enable applications to communicate directly with one another. Indeed APIs actually underlie much of the traffic on the Internet – when the human user accesses a website, his or her web browser actually makes calls to the web app’s API to request the assets needed to build the web page. Like web apps, many systems [ more… ]

NGINX Unit 1.11.0 Is Now Available, Introduces Static File Serving Hot on the heels of last month’s NGINX Unit release, we’re back with not one but two fresh versions, 1.11.0 and 1.12.0. Version 1.12.0 is mostly a bug‑fix release, but also adds support for PHP 7.4 in preparation for its general availability (scheduled for late November). NGINX Unit 1.11.0, however, brings two formidable extensions to the table: serving of static files, and application isolation. Serving Static Files Static file serving is perhaps the most eagerly awaited new feature in NGINX Unit. Almost since day one, users have been peppering us with requests to support it. The wait is over: starting with version 1.11.0, NGINX Unit can serve static files. The implementation is rather simple. Remember the routes configuration object? Of course you do – it was introduced in version 1.8.0. As you might recall, a route specifies how to process [ more… ]

NGINX and DevOps Methodologies Go Hand in Hand DevOps has seen explosive growth recently, as organizations look to deliver releases and features faster by automating operations with an Infrastructure as Code approach. This shift in the industry is making for some very interesting transformations, both in how organizations deploy applications and what is expected from IT operations. DevOps plays a big role, not just in the delivery of infrastructure, but in the application deployment process itself. Many times, DevOps and development go hand in hand, with infrastructure deployed for the sole purpose of developing an application pipeline. The lifecycle of an application has become nimbler with the adoption of modern deployment methodologies, and NGINX can provide flexibility to enhance this process. Hardware appliances for application delivery are traditionally fairly static and don’t lend themselves well to the agility that is [ more… ]