分类: 专业技术

The $ssl_preread_protocol variable introduced in NGINX 1.15.2 allows you to distinguish between SSL/TLS and other protocols when forwarding traffic using a TCP proxy. This is useful if you want to avoid firewall restrictions by running (for example) SSL/TLS and SSH services on the same port.

The NGINX Web Application Firewall (WAF) is now certified in the Google Cloud Security Partner Ecosystem, protecting applications hosted on the Google Cloud Platform from Layer 7 attacks like SQLi and RCE.

Red Hat OpenShift is a container platform built on top of Kubernetes. It's available as an open source project, OpenShift Origin, and a commercially supported product, OpenShift Container Platform. You can now use NGINX and NGINX Plus as a Router within OpenShift.

NGINX Unit 1.3, available now, adds configuration parameters for various timeouts, configurable request body size, Ansible integration, and more. As in previous releases, all parameters can be defined dynamically, with no disruption to running services or loss of connectivity.

NGINX Controller R1, a new management tool for NGINX Plus instances, was released June 26th, 2018. It offers simplified configuration management; monitoring, alerting and troubleshooting; tagging; a configuration analyzer; instance inventory; and multi-cloud support.

NGINX Controller launches today. With an intuitive interface, Controller helps you configure, deploy, and monitor instances, set up alerts, create dashboards, and troubleshoot. With NGINX Controller, you can reduce costs and improve performance, reliability, and availability for NGINX Plus.

NGINX Unit 1.2, available now, adds environment variables across application languages, versions, and sessions; php.ini configuration; and command-line configuration for Go executables. Parameters can still be defined dynamically, with no disruption to running services or loss of connectivity.

It's easy to implement PCI DSS best practices, such as using new versions of TLS rather than the older SSL, encrypting upstream as well as downstream communications, and adding a WAF, with NGINX Plus. Taking these steps will help you pass PCI DSS audits. Here's how to implement them.

The NGINX JavaScript module released with NGINX Plus R15 supports subrequests, adding a whole new class of use cases for NGINX Plus. This complete example also uses the NGINX Plus API and Key-Value modules to convert client API requests to separate requests to the microservices APIs that make up an app.

A newly discovered security threat exploits a configuration that allows remote users to specify the server for a request in the HTTP Host header, and thus access potentially sensitive information. In this post we explain how to prevent this "cloud metadata" attack.