In high-security environments, it's important to store sensitive data like SSL certificate-key pairs in memory only, not on disk. Here we show how to generate ephemeral SSL key pairs using HashiCorp Vault and store them in the in-memory NGINX Plus key-value store.
Tag: SSL/TLS
Tag: SSL/TLS
Ask NGINX | April 2019
In this installment of our "Ask NGINX" series, we discuss how NGINX and NGINX Plus work with Diffie-Hellman, support for Datagram Transport Layer Security, how to control the lifetime of content in the cache, and how to add the NGINX WAF to an NGINX Plus subscription.
Sampling Requests with NGINX Conditional Logging
With NGINX conditional logging, you can log a subset of requests which have defined characteristics. This blog uses it to solve a real-world customer use case: the need to reject obsolete and insecure SSL/TLS ciphers without excluding legitimate users of legacy devices.
Protecting SSL Private Keys in NGINX with HashiCorp Vault
The second post of our series about protecting SSL private keys shows how to set up HashiCorp Vault to store the passwords that protect private keys, and to configure NGINX to retrieve the passwords. We also discuss using a hardware security module for even greater security.
Announcing NGINX Plus R18
NGINX Plus R18 introduces dynamic loading of SSL/TLS certificates, enhances our OpenID Connect reference implementation, and supports port ranges for virtual servers. It also includes enhancements to the key-value store, health checks, NGINX Plus clustering, and the NGINX JavaScript module.
Secure Distribution of SSL Private Keys with NGINX
We describe three progressively more secure ways to protect SSL private keys when configuring NGINX to handle HTTPS traffic: allowing read access only to the root user, encrypting keys with separately stored passwords, and distributing passwords from a central repository.
Announcing NGINX Plus R17
NGINX Plus R17 introduces support for two-stage rate limiting and TLS 1.3, the latest version of the Transport Layer Security protocol. Configuration of OpenID Connect is simpler and NGINX WAF is 2x faster than before. The NGINX JavaScript module has also been updated.
NGINX Unit Now Supports TLS and JavaScript Apps with Node.js
NGINX Unit 1.5 adds support for Node.js applications, which extends the set of supported languages to six: Go, JavaScript (Node.js), Perl, PHP, Python, and Ruby. It also adds support for encrypting connections with SSL/TLS, and dynamic updating of security certificates.
Running SSL and Non-SSL Protocols over the Same Port with NGINX 1.15.2
The $ssl_preread_protocol variable introduced in NGINX 1.15.2 allows you to distinguish between SSL/TLS and other protocols when forwarding traffic using a TCP proxy. This is useful if you want to avoid firewall restrictions by running (for example) SSL/TLS and SSH services on the same port.
Top 5 NGINX Blog Posts for 2017 – R12, Microservices, & More
Top 5 2017 blog posts: NGINX Plus Release 12, microservices, load balancing, security, and the NGINX Application Platform.