针对 NGINX 处理 HTTPS 流量的情景，我们介绍了三种保护 SSL 私钥的方式（这三种方式的保护程度逐步提高）：仅允许 root 用户进行读取访问、配置独立存储的密码加密密钥、创建中央密码分发点。
Owen is a senior member of the NGINX Product Management team, covering open source and commercial NGINX products. He holds a particular responsibility for microservices and Kubernetes‑centric solutions. He’s constantly amazed by the ingenuity of NGINX users and still learns of new ways to use NGINX with every discussion.
"Service mesh" is a hot topic, but as of early 2019 most implementations are not production-ready. In this blog we offer advice on adopting existing technologies that are likely to meet the needs of all but the most complex applications until such time as service mesh is more mature.
Release 1.4.0 of the NGINX Ingress Controller for Kubernetes includes support for TCP and UDP load balancing and a "power of two choices" load-balancing algorithm (Random with Two Choices), extended Prometheus support, and easy development of custom Annotations.
The Random with Two Choices load-balancing algorithm is NGINX's implementation of the "power of two choices" method. This biased random algorithm has been shown to be effective at balancing loads when each load balancer has an incomplete or delayed view of the traffic.
Software has replaced hardware in many application delivery stacks, but a set of single-purpose solutions is nearly as complex and hard to manage as hardware. NGINX Plus consolidates API gateway and load balancing functions into a single, lightweight platform.
When Security-Enhanced Linux (SELinux) is enabled for Red Hat Enterprise Linux (RHEL) and related distros, its default settings prevent NGINX and NGINX Plus from performing some operations. This article explains how to modify SELinux settings to permit full functionality.
NGINX has released version 1.3.0 of the NGINX Ingress Controller for Kubernetes. This release features Prometheus support, better Helm charts, mergeable Ingress resources, easier custom template management, health checks, and status reporting. Come to Github and get it.
A newly discovered security threat exploits a configuration that allows remote users to specify the server for a request in the HTTP Host header, and thus access potentially sensitive information. In this post we explain how to prevent this "cloud metadata" attack.
Two NGINX APIs - status, which reads extended status data, and upstream_conf, which manages upstream group configuration - have been deprecated. They will be removed as of the upcoming NGINX Plus R16 release! Read this blog post to learn how to switch over to the new, unified NGINX Plus API.
NGINX Unit 1.0, a multi-language applications server, launched today. Unit supports Python, PHP, Perl, Ruby, and Go, with more languages to come. Unit is dynamically configured using a REST API; there are no process reloads or service interruptions required for configuration changes to take effect.