The second post of our series about protecting SSL private keys shows how to set up HashiCorp Vault to store the passwords that protect private keys, and to configure NGINX to retrieve the passwords. We also discuss using a hardware security module for even greater security.
Owen Garrett leads the product and go-to-market strategy for NGINX’s web acceleration and delivery technologies. Owen has over 15 years of experience in software engineering and product leadership at companies such as Riverbed. Today, Owen uses his technical and management expertise to optimize NGINX products and customer satisfaction.
We describe three progressively more secure ways to protect SSL private keys when configuring NGINX to handle HTTPS traffic: allowing read access only to the root user, encrypting keys with separately stored passwords, and distributing passwords from a central repository.
"Service mesh" is a hot topic, but as of early 2019 most implementations are not production-ready. In this blog we offer advice on adopting existing technologies that are likely to meet the needs of all but the most complex applications until such time as service mesh is more mature.
The latest version of the TLS protocol, TLS 1.3, was just released in August 2018. TLS 1.3 is faster and more secure than TLS 1.2. In this webinar we cover what’s new in TLS 1.3 and how to use it with NGINX, plus other new features in NGINX Open Source and NGINX Plus.
Join us to hear about valuable insights from our customers who have used the NGINX MRA. Learn about our approach to a service mesh solution based on our control plane, NGINX Controller, new tool to migrate faster to KuberNetes as well as new Professional Services offerings.
The way we build applications has changed a lot since 1996, when F5 BIG-IP was released. Companies that use F5 BIG-IP complain of high cost and lack of agility. In this webinar we describe how to replace or augment your F5 BIG-IP deployment with NGINX Plus for cost savings and greater agility.
Release 1.4.0 of the NGINX Ingress Controller for Kubernetes includes support for TCP and UDP load balancing and a "power of two choices" load-balancing algorithm (Random with Two Choices), extended Prometheus support, and easy development of custom Annotations.
The Random with Two Choices load-balancing algorithm is NGINX's implementation of the "power of two choices" method. This biased random algorithm has been shown to be effective at balancing loads when each load balancer has an incomplete or delayed view of the traffic.
Software has replaced hardware in many application delivery stacks, but a set of single-purpose solutions is nearly as complex and hard to manage as hardware. NGINX Plus consolidates API gateway and load balancing functions into a single, lightweight platform.
In this webinar we discuss how to install the OWASP Core Rule Set (CRS) w/ NGINX & ModSecurity. The CRS protects against many types of attack, including SQL Injection (SQLi), Local File Inclusion (LFI), & Remote Code Execution (RCE).