NGINX Plus R28 引进了针对握手错误和证书验证失败的 TLS 指标集,并且支持云平台私有服务中的 PROXY v2 协议。阅读本文了解更多新特性。
在 Kubernetes 环境中实现证书管理的自动化
通过向端点(endpoint)提供自动更新的证书来简化证书管理。
隆重推出 NGINX Plus R27
NGINX Plus R27 的全新增强特性包括:用于健康检查的 keepalive 连接、对于 Kernel TLS 的支持、更多 TLS 指标、自定义 JWT 验证失败时的错误代码等等。
Updates to NGINX Unit for Summer 2021
NGINX Unit 1.23.0 and 1.24.0 introduce support for the SNI extension to TLS, definition of OpenSSL configuration commands, MIME filtering and path restrictions for static content, and multiple Python scripts in one app. Also, you no longer need to modify Node.js apps to run them in Unit.
更新:为 NGINX 配置免费的 Let’s Encrypt SSL/TLS 证书
阅读本文了解如何使用 Let'sEncrypt 客户端生成 RSA 证书并使用最新颁发的证书来自动配置 NGINX。
Integrating Fortanix Self-Defending KMS with NGINX and NGINX Plus
With the Fortanix Self-Defending Key Management Service, you can offload TLS crytographic processing from your NGINX and NGINX Plus servers, and safely store your TLS keys for on-demand uploading into the NGINX Plus key-value store. We provide complete instructions for both use cases.
使用 NGINX Plus 键值存储保护来自 HashiCorp Vault 的临时 SSL 密钥
在高安全性环境中,将 SSL 证书密钥这类敏感数据存放在键值存储中而不是磁盘上对创建安全的环境十分重要。本文将展示如何使用 HashiCorp Vault 生成临时 SSL 密钥,并将它们存储在内存里的 NGINX Plus 键值存储中。
Ask NGINX | April 2019
In this installment of our "Ask NGINX" series, we discuss how NGINX and NGINX Plus work with Diffie-Hellman, support for Datagram Transport Layer Security, how to control the lifetime of content in the cache, and how to add the NGINX WAF to an NGINX Plus subscription.
Sampling Requests with NGINX Conditional Logging
With NGINX conditional logging, you can log a subset of requests which have defined characteristics. This blog uses it to solve a real-world customer use case: the need to reject obsolete and insecure SSL/TLS ciphers without excluding legitimate users of legacy devices.
使用 HashiCorp Vault 保护 NGINX 中的 SSL 私钥
保护 SSL 私钥系列的第二篇介绍了如何设置 HashiCorp Vault 来存储保护 SSL 密钥,以及如何配置 NGINX 来检索密码。我们还讨论了使用硬件安全模块来实现更高的安全性。