nginx

Announcing gRPC Support in NGINX Today, we’re excited to share the first native support for gRPC traffic within NGINX. If you’re as keen as we are, you can pull the snapshot from our repository and share your feedback. If initial feedback is positive, we’ll include this capability in the next NGINX OSS release (1.13.10). The next NGINX Plus release, R15, will inherit this support for gRPC as well as the support for HTTP/2 server push support introduced in NGINX 1.13.9. NGINX can already proxy gRPC TCP connections. This new capability can terminate, inspect, and route gRPC method calls. You can use it to: Publish a gRPC service, and then use NGINX to apply HTTP/2 TLS encryption, rate limits, IP‑based access control lists, and logging. You can operate the service using unencrypted HTTP/2 (h2c cleartext) or wrap TLS encryption and authentication around the service. Publish [ more… ]

Celebrating Pi Day with Much More Than Pie Pi Day is an annual celebration of the mathematical constant, pi. It’s observed every year on March 14th, or 3/14, because those are the first few digits of pi. Look at Frank, the physicist. This is the guy who loves pi. He’s the original prince of Pi Day. This year for Pi Day, I wanted to do more than just tweet photos of our team here at the NGINX SF offices eating pie, so I googled the holiday and learned some pretty cool stuff. The earliest known celebration happened right here in San Francisco at the awesome playground of science, the Exploratorium. Founded in 1969 by the physicist Frank Oppenheimer, the Exploratorium was long housed at The Palace of Fine Arts, built during the 1915 World’s Fair. I bring this up because [ more… ]

Conditional Access Control with Microsoft Azure Active Directory For many organizations, Microsoft Active Directory represents the single, canonical source of truth for the identities of employees and trusted users. When building and deploying cloud‑based business applications, the Azure platform is particularly attractive due to its native integration with Active Directory. Microsoft Azure supports a wide range of standards‑based federated identity and single sign‑on technologies to help developers authenticate, consume, and make decisions based on the identities of users defined in Active Directory. However, there are some scenarios where it is challenging or undesirable to implement these standards‑based technologies at the application level, such as: When moving existing applications to the cloud, it can be difficult to modernize the underlying authentication system to support single sign‑on. When building a microservices‑style application, it is preferable to centralize the authentication and access control [ more… ]

Save the Date! NGINX Conf 2018 in Atlanta, October 8-10 We at NGINX request the pleasure of your company at NGINX Conf 2018, the fourth annual NGINX conference. It will begin Monday, October 8 with a training day, followed by the conference on Tuesday, October 9th and Wednesday, October 10, all in Atlanta, Georgia, USA. Why Atlanta, and why October? Atlanta, “the new cultural capital of America“, is the star of an award-winning show on FX and the major filming site for the movie Black Panther. Attractions include the Atlanta Botanical Garden, the Georgia Aquarium, and the Martin Luther King, Jr. National Historic Site. Restaurants are world-class, and nightlife is rich and varied. The weather should be great. The average daytime temperature for Atlanta in early October is a summery 75F (24C), with night-time lows “plunging” to about 55F (13C). [ more… ]

Authentication and Content-Based Routing with JWTs and NGINX Plus NGINX Plus Release 10 introduced support for offloading authentication from web and API services with JSON Web Tokens (JWTs, pronounced “jots”). Since the release of R10, we’ve continued to increase functionality in each new release. Starting in NGINX Plus R14, NGINX Plus supports JWTs that contain nested claims and array data. When used in an API gateway scenario, NGINX Plus can use JWTs to authenticate clients that are requesting connections to backend services and API destinations. I’ve occasionally been asked to provide a basic configuration that uses NGINX Plus to authenticate JWTs, and then makes more advanced load‑balancing decisions based on JWT information. The most straightforward solution is simply to allow access to a service if authentication is successful, and block or redirect the connection if unsuccessful. The walkthrough in this post is a soup-to-nuts [ more… ]