The second post of our series about protecting SSL private keys shows how to set up HashiCorp Vault to store the passwords that protect private keys, and to configure NGINX to retrieve the passwords. We also discuss using a hardware security module for even greater security.

This blog describes the performance you can achieve with the NGINX Ingress Controller for Kubernetes, in terms of three metrics: requests per second, SSL/TLS transactions per second, and throughput. The full NGINX and Kubernetes configurations we used are included.

One of the biggest challenges in scaling deployments on the Internet of Things is device management, particularly over-the-air updates, commonly called OTA. Guest blogger DeveloperSteve shows how to automate OTA using NGINX as an API gateway, along with the NGINX JavaScript module.

NGINX Plus R18 introduces dynamic loading of SSL/TLS certificates, enhances our OpenID Connect reference implementation, and supports port ranges for virtual servers. It also includes enhancements to the key-value store, health checks, NGINX Plus clustering, and the NGINX JavaScript module.

We describe three progressively more secure ways to protect SSL private keys when configuring NGINX to handle HTTPS traffic: allowing read access only to the root user, encrypting keys with separately stored passwords, and distributing passwords from a central repository.

In this installment of our "Ask NGINX" series, we describe how NGINX and NGINX Plus support Nagios, single sign-on, and MQTT; discuss storing cookies in the NGINX Plus key-value store; and explain how to upgrade NGINX Plus licenses from a free trial to a paid subscription.

The NGINX Controller API Management Module secures your APIs at every API touchpoint – authenticating and authorizing third-party client applications and developers, rate limiting API calls to mitigate DDoS attacks, and protecting backend applications that process the API calls.

With NGINX Controller’s API Management Module, you define an API just once and publish it to as many environments as you want. This “create once, publish many” approach eliminates user errors as well as saving time and effort, especially if you have to define a lot of APIs.

NGINX Unit 1.8.0 introduces internal routing of requests based on host, URL, and HTTP method, This sets the framework for full Layer 7 request processing, necessary for further development of Unit's web server functionality.

The Signal Sciences Certified Module for NGINX Plus brings additional modern web and API security to the NGINX Plus platform. The combined solution helps enterprises replace outdated legacy WAF and load-balancing appliances, such as the F5 Advanced WAF and F5 BIG-IP.