Published: Sep 14, 2020
On 14 September 2020 we released an update to the NGINX Plus ModSecurity module (for NGINX Plus R20, R21, and R22) in response to CVE-2020-15598. We encourage NGINX Plus subscribers to upgrade to the patched module.
Published: Oct 29, 2019
We provide guidance on using NGINX to mitigate the recently discovered vulnerability in PHP-FPM (CVE-2019-11043). The vulnerability is triggered when the PATH_INFO variable passed to PHP-FPM with an invalid value, which can happen in a common NGINX configuration.
Published: Apr 24, 2019
With NGINX conditional logging, you can log a subset of requests which have defined characteristics. This blog uses it to solve a real-world customer use case: the need to reject obsolete and insecure SSL/TLS ciphers without excluding legitimate users of legacy devices.
Published: Apr 16, 2019
The second post of our series about protecting SSL private keys shows how to set up HashiCorp Vault to store the passwords that protect private keys, and to configure NGINX to retrieve the passwords. We also discuss using a hardware security module for even greater security.
Published: Apr 2, 2019
We describe three progressively more secure ways to protect SSL private keys when configuring NGINX to handle HTTPS traffic: allowing read access only to the root user, encrypting keys with separately stored passwords, and distributing passwords from a central repository.
Published: Nov 12, 2018
The Random with Two Choices load-balancing algorithm is NGINX's implementation of the "power of two choices" method. This biased random algorithm has been shown to be effective at balancing loads when each load balancer has an incomplete or delayed view of the traffic.
Published: Aug 17, 2018
When Security-Enhanced Linux (SELinux) is enabled for Red Hat Enterprise Linux (RHEL) and related distros, its default settings prevent NGINX and NGINX Plus from performing some operations. This article explains how to modify SELinux settings to permit full functionality.
Published: Feb 20, 2018
HTTP/2 Server Push is new in NGINX 1.13.9. Learn how to use it to accelerate your website performance in this blog post.
Published: Jan 24, 2017
Maximize the capacity of your web cache by sharding the cache across multiple NGINX or NGINX Plus web cache servers. Learn how in this post.
Published: Oct 25, 2016
Compile dynamic modules in NGINX Plus R11 and later to take advantage of the broad range of additional functionality contributed by NGINX community members.
Published: Aug 24, 2016
I'll talk about how NGINX functions with respect to content caching and performance, and I'll give you some tips for control over how NGINX caches content.
Published: Aug 5, 2016
Security firm Imperva found four potential security vulnerabilities in HTTP/2, and one affects older versions of NGINX. Here are mitigation suggestions.
Published: Jul 18, 2016
Use NGINX/NGINX Plus to prevent the HTTPoxy vulnerability, which attacks CGI and FastCGI-like application interfaces, from being exploited on your servers.
Published: Jun 22, 2015
Learn how to use the request_auth module in NGINX Plus & NGINX to direct to an LDP server authentication requests from users accessing protected resources
Published: Jun 10, 2015
Take a deep dive inside NGINX and learn why NGINX is perfectly suited for applications and servers that require high performance and scalability
Published: Nov 15, 2014
Learn how to protect NGINX and NGINX Plus from the recent NGINX POODLE attack (CVE-2014-3566) against SSLv3
Published: Sep 25, 2014
Get details about NGINX and the CVE-2014-6271 Bash advisory. Find out if you are running on an affected host system, and upgrade bash if necessary
Published: Jun 5, 2014
The OpenSSL project announced fixes to 7 security vulnerabilities on 5 June 2014. An update to OpenSSL is generally sufficient to address this.
Published: Mar 17, 2014
Learn how to apply advanced load balancing techniques using the enhanced features in NGINX Plus
Published: Mar 14, 2014
Learn why some servers don't achieve their benchmarked performance and how NGINX can transform your real-world performance back to your local benchmarks
Published: Feb 20, 2014
Learn how to load balance with NGINX & how NGINX Plus adds application load balancing, session persistence & dynamically configurable load-balancing pools.
Published: Jan 1, 2014
The ‘Welcome to NGINX!’ page is presented when NGINX web server software is installed on a computer but has not finished configuring