在高安全性环境中,将 SSL 证书密钥这类敏感数据存放在键值存储中而不是磁盘上对创建安全的环境十分重要。本文将展示如何使用 HashiCorp Vault 生成临时 SSL 密钥,并将它们存储在内存里的 NGINX Plus 键值存储中。
NGINX 版本更新:修复了 2019 年 8 月发现的 HTTP/2 漏洞
We have released updates to NGINX Open Source and NGINX Plus to fix vulnerabilities in the HTTP/2 protocol that were announced today (CVE-2019-9511, CVE-2019-9513, and CVE-2019-9516). Upgrade as soon as possible to NGINX 1.17.3, NGINX 1.16.1, or NGINX Plus R18 P1.
NGINX 快问快答 | 2019 年 4 月
In this installment of our "Ask NGINX" series, we discuss how NGINX and NGINX Plus work with Diffie-Hellman, support for Datagram Transport Layer Security, how to control the lifetime of content in the cache, and how to add the NGINX WAF to an NGINX Plus subscription.
使用 HashiCorp Vault 保护 NGINX 中的 SSL 私钥
保护 SSL 私钥系列的第二篇介绍了如何设置 HashiCorp Vault 来存储保护 SSL 密钥,以及如何配置 NGINX 来检索密码。我们还讨论了使用硬件安全模块来实现更高的安全性。
借助 NGINX Controller API 管理模块保护您的 API 生态系统
The NGINX Controller API Management Module secures your APIs at every API touchpoint – authenticating and authorizing third-party client applications and developers, rate limiting API calls to mitigate DDoS attacks, and protecting backend applications that process the API calls.
NGINX Plus 的 PCI DSS 最佳实践
It's easy to implement PCI DSS best practices, such as using new versions of TLS rather than the older SSL, encrypting upstream as well as downstream communications, and adding a WAF, with NGINX Plus. Taking these steps will help you pass PCI DSS audits. Here's how to implement them.
不信任任何人:信任用户输入的风险
A newly discovered security threat exploits a configuration that allows remote users to specify the server for a request in the HTTP Host header, and thus access potentially sensitive information. In this post we explain how to prevent this "cloud metadata" attack.
NGINX 对 Meltdown 和 Spectre 漏洞的响应
The Meltdown and Spectre vulnerabilities stem from commonly found security flaws in microprocessors. They require patches to most OSs.
2017 年 NGINX 博客文章前 5 名 – NGINX Plus R12、微服务等等
Top 5 2017 blog posts: NGINX Plus Release 12, microservices, load balancing, security, and the NGINX Application Platform.
ModSecurity:日志记录和错误调试
In this blog post, we describe the basics of logging and debugging with ModSecurity and provide audit log and debug log examples