With NGINX App Protect, you no longer have to choose between security and performance. It combines the proven effectiveness of F5’s advanced WAF technology with the agility and performance of NGINX Plus, to address the security challenges facing modern DevOps environments.
Using the NGINX Plus Key-Value Store to Secure Ephemeral SSL Keys from HashiCorp Vault
In high-security environments, it's important to store sensitive data like SSL certificate-key pairs in memory only, not on disk. Here we show how to generate ephemeral SSL key pairs using HashiCorp Vault and store them in the in-memory NGINX Plus key-value store.
NGINX Updates Mitigate the August 2019 HTTP/2 Vulnerabilities
We have released updates to NGINX Open Source and NGINX Plus to fix vulnerabilities in the HTTP/2 protocol that were announced today (CVE-2019-9511, CVE-2019-9513, and CVE-2019-9516). Upgrade as soon as possible to NGINX 1.17.3, NGINX 1.16.1, or NGINX Plus R18 P1.
Ask NGINX | April 2019
In this installment of our "Ask NGINX" series, we discuss how NGINX and NGINX Plus work with Diffie-Hellman, support for Datagram Transport Layer Security, how to control the lifetime of content in the cache, and how to add NGINX ModSecurity WAF to an NGINX Plus subscription.
Protecting SSL Private Keys in NGINX with HashiCorp Vault
The second post of our series about protecting SSL private keys shows how to set up HashiCorp Vault to store the passwords that protect private keys, and to configure NGINX to retrieve the passwords. We also discuss using a hardware security module for even greater security.
Secure Distribution of SSL Private Keys with NGINX
We describe three progressively more secure ways to protect SSL private keys when configuring NGINX to handle HTTPS traffic: allowing read access only to the root user, encrypting keys with separately stored passwords, and distributing passwords from a central repository.
Securing Your API Ecosystem with the NGINX Controller API Management Module
The NGINX Controller API Management Module secures your APIs at every API touchpoint – authenticating and authorizing third-party client applications and developers, rate limiting API calls to mitigate DDoS attacks, and protecting backend applications that process the API calls.
PCI DSS Best Practices with NGINX Plus
It's easy to implement PCI DSS best practices, such as using new versions of TLS rather than the older SSL, encrypting upstream as well as downstream communications, and adding a WAF, with NGINX Plus. Taking these steps will help you pass PCI DSS audits. Here's how to implement them.
Trust No One: The Perils of Trusting User Input
A newly discovered security threat exploits a configuration that allows remote users to specify the server for a request in the HTTP Host header, and thus access potentially sensitive information. In this post we explain how to prevent this "cloud metadata" attack.
Top 5 NGINX Blog Posts for 2017 – NGINX Plus R12, Microservices, & More
Top 5 2017 blog posts: NGINX Plus Release 12, microservices, load balancing, security, and the NGINX Application Platform.
