保护 SSL 私钥系列的第二篇介绍了如何设置 HashiCorp Vault 来存储保护 SSL 密钥,以及如何配置 NGINX 来检索密码。我们还讨论了使用硬件安全模块来实现更高的安全性。
![](https://www.nginx-cn.net/wp-content/uploads/2024/05/nginx-cn.net_弹窗图_-_560x666-1.png)
Accept cookies for analytics, social media, and advertising, or learn more and adjust your preferences. These cookies are on by default for visitors outside the UK and EEA. Privacy Notice.
保护 SSL 私钥系列的第二篇介绍了如何设置 HashiCorp Vault 来存储保护 SSL 密钥,以及如何配置 NGINX 来检索密码。我们还讨论了使用硬件安全模块来实现更高的安全性。
NGINX Plus R18 introduces dynamic loading of SSL/TLS certificates, enhances our OpenID Connect reference implementation, and supports port ranges for virtual servers. It also includes enhancements to the key-value store, health checks, NGINX Plus clustering, and the NGINX JavaScript module.
针对 NGINX 处理 HTTPS 流量的情景,我们介绍了三种保护 SSL 私钥的方式(这三种方式的保护程度逐步提高):仅允许 root 用户进行读取访问、配置独立存储的密码加密密钥、创建中央密码分发点。
NGINX Plus R17 introduces support for two-stage rate limiting and TLS 1.3, the latest version of the Transport Layer Security protocol. Configuration of OpenID Connect is simpler and NGINX WAF is 2x faster than before. The NGINX JavaScript module has also been updated.
NGINX Unit 1.5 adds support for Node.js applications, which extends the set of supported languages to six: Go, JavaScript (Node.js), Perl, PHP, Python, and Ruby. It also adds support for encrypting connections with SSL/TLS, and dynamic updating of security certificates.
The $ssl_preread_protocol variable introduced in NGINX 1.15.2 allows you to distinguish between SSL/TLS and other protocols when forwarding traffic using a TCP proxy. This is useful if you want to avoid firewall restrictions by running (for example) SSL/TLS and SSH services on the same port.
Top 5 2017 blog posts: NGINX Plus Release 12, microservices, load balancing, security, and the NGINX Application Platform.
Alexey Ivanov, Site Reliability Engineer at Dropbox, goes into depth on optimizing NGINX web servers for high throughput and low latency.
Deploy a microservices application on OpenShift, using the Fabric Model of the NGINX MRA for service discovery, persistent SSL connections, & health checks.
Take advantage of the early bird discount for nginx.conf 2016 now! Read about customer and partner speakers in this blog post.