nginx

Back to Basics: Web Traffic Encryption with SSL/TLS and NGINX The determination and clever behavior of bad actors on the Internet seems to know no bounds. Nearly every day, news about another network breach, data theft, or ransomware attack hits the headlines. The consequences can be catastrophic, making it increasingly important to protect web assets and traffic from falling into the malicious hands of hackers. As one of the major types of Internet traffic, HTTP traffic between browsers and websites, is of course subject to these attacks. One fundamental way to protect HTTP traffic from eavesdropping and tampering is to encrypt it using the Transport Layer Security (TLS) protocol. Encrypted traffic is properly called HTTPS traffic, with the S standing for secure, but in most cases plain HTTP is used to refer to both traffic types. You can tell whether [ more… ]

Learn to Configure NGINX Unit with Zero Pain in Our Video Course NGINX Unit is a universal web application server that can be used as a building block for any web architecture, regardless of its complexity – from personal websites to startups to enterprise‑grade production deployments. NGINX Unit compresses multiple layers of the typical web application stack by solving for multiple use cases, including simplifying modern microservices environments and modernizing legacy and monolithic applications. With NGINX Unit, you can: Serve static assets as a web server Natively run application code in multiple languages Proxy requests to backend servers Achieve true end-to-end TLS for your web apps Reconfigure runtime behavior on the fly with the control API Given its many capabilities, where do you start learning about NGINX Unit? Well, we’ve developed a comprehensive video course with over a dozen lessons that cover all the [ more… ]

Which 12 Metrics to Monitor for a Successful API Strategy As companies adopt API‑first design practices to build modern applications, measuring the operational performance and value of those APIs becomes a top priority. Establishing a framework that clearly defines and connects API metrics with key performance indicators (KPIs) is one of the most important steps to ensure a successful API strategy. Typically, KPIs are tied to specific goals. They have a defined time frame and are aligned to the outcomes that your API strategy needs to deliver. API metrics, in contrast, are significant data points. Not every metric is a KPI, but every KPI begins as a metric. So, how do you start? First, you need to be clear – at the outset – about the goal of your API strategy and then choose the metrics that align with that goal. Remember [ more… ]

Apply Fine-Grained Access Control and Routing with API Connectivity Manager An important part of managing APIs across their lifecycle is fine‑grained control over API access and traffic routing. Access tokens have emerged as the de facto standard for managing access to APIs. One of the advantages of authentication schemes based on JSON Web Tokens (JWTs) is being able to leverage the claims in the JWT to implement that fine level of access control. Permissions can be encoded as custom claims, which API owners can use to control access to their APIs. Once the API proxy has validated the JWT, it has access to all the fields in the token as variables and can base access decisions on them. In a previous post, we discussed how API Connectivity Manager can help operators and developers work better together. The teams from different [ more… ]