With NGINX conditional logging, you can log a subset of requests which have defined characteristics. This blog uses it to solve a real-world customer use case: the need to reject obsolete and insecure SSL/TLS ciphers without excluding legitimate users of legacy devices.
Owen is a senior member of the NGINX Product Management team, covering open source and commercial NGINX products. He holds a particular responsibility for microservices and Kubernetes‑centric solutions. He’s constantly amazed by the ingenuity of NGINX users and still learns of new ways to use NGINX with every discussion.
The second post of our series about protecting SSL private keys shows how to set up HashiCorp Vault to store the passwords that protect private keys, and to configure NGINX to retrieve the passwords. We also discuss using a hardware security module for even greater security.
We describe three progressively more secure ways to protect SSL private keys when configuring NGINX to handle HTTPS traffic: allowing read access only to the root user, encrypting keys with separately stored passwords, and distributing passwords from a central repository.
TLS 1.3, the latest version of the protocol, was released in August 2018. TLS 1.3 is faster and more secure than TLS 1.2. In this webinar we cover what’s new in TLS 1.3 and how to use it with NGINX, plus other new features in NGINX Open Source and NGINX Plus.
Watch for valuable insights from our customers who have used the NGINX MRA. Learn about our upcoming service mesh solution based on NGINX Controller, a tool to help you migrate faster to Kubernetes, and new Professional Services offerings.
Release 1.4.0 of the NGINX Ingress Controller for Kubernetes includes support for TCP and UDP load balancing and a "power of two choices" load-balancing algorithm (Random with Two Choices), extended Prometheus support, and easy development of custom Annotations.
The Random with Two Choices load-balancing algorithm is NGINX's implementation of the "power of two choices" method. This biased random algorithm has been shown to be effective at balancing loads when each load balancer has an incomplete or delayed view of the traffic.
Software has replaced hardware in many application delivery stacks, but a set of single-purpose solutions is nearly as complex and hard to manage as hardware. NGINX Plus consolidates API gateway and load balancing functions into a single, lightweight platform.
Learn how to install the OWASP Core Rule Set (CRS) with NGINX and ModSecurity. The CRS protects against many types of attack, including SQL Injection (SQLi), Local File Inclusion (LFI), and Remote Code Execution (RCE).
When Security-Enhanced Linux (SELinux) is enabled for Red Hat Enterprise Linux (RHEL) and related distros, its default settings prevent NGINX and NGINX Plus from performing some operations. This article explains how to modify SELinux settings to permit full functionality.