Owen Garrett

Release 1.6.0 of the NGINX Ingress Controller for Kubernetes, with improvements to NGINX Ingress Resources, support for OpenTracing, and much more.

We provide guidance on using NGINX to mitigate the recently discovered vulnerability in PHP-FPM (CVE-2019-11043). The vulnerability is triggered when the PATH_INFO variable passed to PHP-FPM with an invalid value, which can happen in a common NGINX configuration.

The NGINX agent for NS1 provides rich load and availability data to the NS1 global server load balancing service, for more agile and sophisticated DNS-based load balancing for sites and apps proxied by NGINX Plus at multiple locations. Our deployment guide provides complete instructions.

Service mesh is one of the hottest emerging technologies. But do you really need a service mesh? Attend this webinar to learn about the app modernization journey and traffic management approaches for microservice-based apps. We'll help you figure out if you really need a service mesh.

Service mesh is one of the hottest emerging technologies. But do you really need a service mesh? Attend this webinar to learn about the app modernization journey and traffic management approaches for microservice-based apps. We'll help you figure out if you really need a service mesh.

NGINX and NGINX Plus act as a "shock absorber" for traffic spikes like the ones on Black Friday and Cyber Monday. Thanks to enterprise-grade load balancing, connection and rate limiting, and caching, you can provide the flawless shopping experience that keeps your customers coming back.

Release 1.5.0 of the NGINX Ingress Controller for Kubernetes introduces a new configuration schema, extended Prometheus-based metrics, simplifications to TLS configuration, support for load balancing traffic to ExternalName services, and a new repository for Helm charts.

With NGINX conditional logging, you can log a subset of requests which have defined characteristics. This blog uses it to solve a real-world customer use case: the need to reject obsolete and insecure SSL/TLS ciphers without excluding legitimate users of legacy devices.

The second post of our series about protecting SSL private keys shows how to set up HashiCorp Vault to store the passwords that protect private keys, and to configure NGINX to retrieve the passwords. We also discuss using a hardware security module for even greater security.

We describe three progressively more secure ways to protect SSL private keys when configuring NGINX to handle HTTPS traffic: allowing read access only to the root user, encrypting keys with separately stored passwords, and distributing passwords from a central repository.