nginx

Ask NGINX | April 2019 Every month, we take a moment to share the expertise of our team, and answer a number of great questions we’ve received from both our customers and open source users. These questions range from how to use our products in a variety of use cases to how to effectively integrate third‑party tools and platforms with NGINX. These answers come from our experts including technical architects, systems engineers, and our award‑winning customer support specialists. Does NGINX Plus work with Diffie‑Hellman? Yes. For those who don’t know: Diffie‑Hellman is a protocol used to create a secret key shared by two parties (this operation is commonly referred to as the SSL/TLS “handshake”). The two parties then use the key to encrypt subsequent communication between them. A more precise answer is that NGINX Open Source and NGINX Plus work with [ more… ]

Level Up at NGINX Conf 2019 in Seattle! NGINX Conf is a two‑day event for developers, operators, and architects looking to modernize their application delivery infrastructure, API infrastructure, and applications.   NGINX is thrilled to announce that registration is now open for our exciting two‑day NGINX Conf, taking place in Seattle, WA, September 9–10 at the Sheraton Grand Seattle. Join us to enjoy keynotes from industry luminaries and NGINX experts, and to learn about new product releases, roadmap elements, and company announcements. Technical NGINX users can extend their conference experience with full days of onsite training before and after the event. What to Expect at NGINX Conf 2019 NGINX Conf is designed to help businesses at every point on the journey to digital transformation, ranging from initial plans to modernize hardware‑based delivery of legacy applications all the way to service mesh implementations for advanced microservices [ more… ]

Sampling Requests with NGINX Conditional Logging NGINX can record a very detailed log of every transaction it processes. Such logs are known as access logs, and you can fine‑tune the detail that is recorded for different services or locations with a customizable log‑file format. By default, NGINX logs every transaction it processes. This might be necessary for compliance or security purposes, but for a busy website, the volume of data generated can be overwhelming. In this article, we show how to selectively log transactions based on various criteria, and how to use that knowledge to sample data points about requests in a quick and lightweight way. Except as noted, this post applies to both NGINX Open Source and NGINX Plus. For ease of reading, we’ll refer to NGINX throughout. Background – Quick Overview of NGINX Access Log Configuration NGINX access logs are [ more… ]

Protecting SSL Private Keys in NGINX with HashiCorp Vault In the first post in this series, we describe several approaches to improving the security of your SSL private keys. The post finished with a demonstration of a remote password distribution point (PDP) used to securely share encryption passwords with NGINX instances. Secrets management systems like HashiCorp Vault operate in a similar fashion to that sample PDP: They use a central (or highly available and distributed) secrets service that is accessed using HTTPS or another API Clients are authenticated by authentication tokens or other means Tokens can be revoked as required to control access to the secret In this post, we show how to set up HashiCorp Vault to distribute SSL passwords. For even more security, you can set up an external hardware security module (HSM). This post applies to both NGINX Open [ more… ]