SlideShare a Scribd company logo

NGINX 101: Web Traffic Encryption with SSL/TLS and NGINX

N
NGINX, Inc.

On-Demand Link: https://www.nginx.com/resources/webinars/nginx-101-web-traffic-encryption-ssl-tls/ 85% of all web traffic is encrypted. This now standard practice helps ensure that data (sensitive or not) sent over the Internet remains private and out of the hands of eavesdroppers and hackers. But how do you encrypt traffic? The answer is with SSL/TLS, an encryption protocol that protects Internet communication. Join this NGINX 101 foundational webinar to learn more about the importance of and best practices for encrypting your web, application, and API traffic. Our presenters show you how to create or procure a certificate to ensure transactions are authenticated, as well as demo how straightforward it is to encrypt and secure your web traffic using NGINX. We also answer attendee questions about NGINX and encryption. Robert Haynes Technical Marketing Manager F5

1 of 36
Downloaded 118 times
NGINX 101: Managing SSL/TLS ROBERT HAYNES
| ©2021 F5 2 Agenda TLS/SSL Overview Introduction TLS Protocols Cyphers Key Exchange Encryption Certificates Basic NGINX Config Demo NGINX SSL Configuration Extras Next Redirecting HTTP to HTTPS Recommended SSL settings Additional NGINX security offers
| ©2021 F5 3 >70% 10,000 busiest websites 440M+ websites and apps OPEN SOURCE FOOTPRINT NGINX powers the Internet . . . and most enterprises! PROVEN = 1 Million
| ©2021 F5 4 NGINX Plus Enterprise-Class Data Plane NGINX Open Source Fast, Flexible, Portable
| ©2021 F5 5 TLS/SSL Overview CONFIDENTIAL
| ©2021 F5 6 CONFIDENTIAL Clarifying some terms HTTPS SSL TLS Encrypting Web Traffic
| ©2021 F5 7 10000 Ft (3048m) View THIS IS WHAT WE ARE TRYING TO ACHIEVE Client Server Key Algorithm Key Algorithm Matching key and encryption algorithm Identity confirmed, connection established, encryption of traffic between client and server.
| ©2021 F5 8 CONFIDENTIAL Establishing an encrypted connection TCP Connection Identity and capabilities Key ‘exchange’ Bulk encryption Server Client
| ©2021 F5 9 CONFIDENTIAL Establishing Capabilities and Identity Identity and capabilities Server Client Supported Cypher Suites
| ©2021 F5 10 CONFIDENTIAL Establishing Capabilities and Identity Identity and capabilities Server Client Supported Cypher Suites Identity ECDHE-RSA-AES256-GCM-SHA384 RSA
| ©2021 F5 11 CONFIDENTIAL Creating a Shared Key Identity and capabilities Key ‘exchange’ Server Client ECDHE-RSA-AES256-GCM-SHA384 Public Value Public Value Random Secret Random Secret Public Value Public Value Public Value Public Value Intermediate Intermediate
| ©2021 F5 12 CONFIDENTIAL Creating a Shared Key Identity and capabilities Key ‘exchange’ Server Client ECDHE-RSA-AES256-GCM-SHA384 Random Secret Random Secret Intermediate Intermediate
| ©2021 F5 13 CONFIDENTIAL Bulk Encryption Identity and capabilities Key ‘exchange’ Bulk encryption Server Client ECDHE-RSA-AES256-GCM-SHA384
| ©2021 F5 14 CONFIDENTIAL Protocol == Control of Operations THE SSL/TLS PROTOCOL SETTING IS THE CONTROL STREAM Identity and capabilities Key ‘exchange’ Bulk encryption Server Client SSL1 SSL2 SSL3 TLS1 TLS1.1 TLS1.2 TLS1.3
| ©2021 F5 15 Eliminates known insecure key ciphers Mandates forward secrecy Mandates more secure bulk encryption Signs whole handshake CONFIDENTIAL Why Use TLS 1.3? LATEST AND GREATEST SAFER Reduced handshakes in TLS session setup 0-RTT connections for session resumption Simpler cipher suites, fewer possible combinations FASTER 63% of Servers prefer TLS 1.3* *F5 TLS Telemetry report 2021
| ©2021 F5 16 SSL Certificates CONFIDENTIAL
| ©2021 F5 17 CONFIDENTIAL What is an SSL Certificate used for? Establish Identity Certificate contains identity information and is signed by a trusted Certificate Authority Signing Communications A client can verify that data was sent from the server by using the public key in the SSL certificate to decrypt it
| ©2021 F5 18 CONFIDENTIAL SSL for Identity Verification Certificate from NGINX.com Root Certificate Authority (Balitmore Cybertrust) Intermediate Certificate (Cloudflare.com) Signs Signs Certificate Chain
| ©2021 F5 19 CONFIDENTIAL Certificates Self Signed CA Signed Self CA Signed Generate your own Obtain from a CA Create your CA Create your cert Certificate Warnings No warnings No warnings on browsers with your root CA Dev/Test Production Internal prod/QA
| ©2021 F5 20 NGINX SSL Configuration CONFIDENTIAL
| ©2021 F5 21 CONFIDENTIAL NGINX Config Overview http{ # HTTP block sets global http values server { # server block defines an individual config } upstream { # upstream block defines backend servers } } Server and upstream blocks are usually contained in separate files and incorporated using the include directive
| ©2021 F5 22 CONFIDENTIAL NGINX SSL Configuration server { listen 443 ssl; server_name www.example.com; ssl_certificate ssl/www.example.com.crt; ssl_certificate_key ssl/www.example.com.key; ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers HIGH:!aNULL:!MD5; ssl_conf_command Ciphersuites TLS_CHACHA20_POLY1305_SHA256; … Server Name – needs to match certificate* SSL Certificate and key name Allowable protocols Cipher string for for TLS 1.2 Port to listen on and protocol Cipher string for TLS 1.3
| ©2021 F5 23 CONFIDENTIAL ssl_ciphers Explained HIGH:!aNULL:!MD5; Use the high strength set of ciphers Explicitly exclude (!) any cipher suite offering no authentication Explicitly exclude (!) any cipher suite using MD5 for hashing See what cipher strings will be listed: openssl ciphers -V 'HIGH:!aNULL:!MD5'
| ©2021 F5 24 CONFIDENTIAL ssl_conf_command Ciphersuites TLS_CHACHA20_POLY1305_SHA256 Protocol Bulk Encryption Key Derivation TLS 1.3 has 5 recommended cipher suites (37 in TLS1.2),(319 for backward compatibility!)
| ©2021 F5 25 Demo Time CONFIDENTIAL
| ©2021 F5 26 CONFIDENTIAL Environment Me NGINX Proxy NGINX Webserver HTTPS 443 HTTPS 443 HTTP 8080
| ©2021 F5 27 Other Settings: CONFIDENTIAL
| ©2021 F5 28 CONFIDENTIAL Redirect HTTP to HTTPS server { listen 80; listen [::]:80; server_name example.com www.example.com; return 301 https://example.com$request_uri; } Add an additional server block listening on port 80, and return a HTTP redirect response to any request:
| ©2021 F5 29 CONFIDENTIAL Improving SSL Security - Key Exchange Parameters Increase the size of one of the known parameters to 4096 bytes: Generate the key: SSL_Demo> sudo openssl dhparam -out /etc/nginx/ssl/dhkey4096.pem 4096 Add the value to the NGINX config: ssl_certificate www.example.com.crt; ssl_certificate_key www.example.com.key; ssl_dhparam /etc/ssl/dhkey4096.pem;
| ©2021 F5 30 Add Strict Transport Security headers: add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; This informs a browser that a site should ONLY be accessed over HTTPS. Increase the timeout and set a session cache ssl_session_cache shared:SSL:10m; ssl_session_timeout 10m; CONFIDENTIAL Additional Security and Performance Settings
| ©2021 F5 31 NGINX Security Products CONFIDENTIAL
| ©2021 F5 32 NGINX App Protect DoS Protection against a range of DoS attacks, including hard-to-spot low and slow attacks NGINX App Protect WAF Powerful defense against layer 7 attacks Based on F5’s leading application layer firewall NGINX Kubernetes Ingress Controller Ingress control for Kubernetes, with added encryption, authentication and WAF. CONFIDENTIAL NGINX Security Products BUILT ON NGINX PLUS
| ©2021 F5 33 Summary CONFIDENTIAL
| ©2021 F5 34 CONFIDENTIAL Useful Resources Private Keys https://www.nginx.com/blog/secure-distribution-ssl-private-keys-nginx/ Cipher Suites https://www.youtube.com/watch?v=ZM3tXhPV8v0 Key Exchange https://www.youtube.com/watch?v=pa4osob1XOk TLS 1.3 https://www.nginx.com/blog/nginx-plus-r17-released/#r17-tls13
| ©2020 F5 35 Questions? CONFIDENTIAL
NGINX 101: Web Traffic Encryption with SSL/TLS and NGINX
Ad

Recommended

Get Hands-On with NGINX and QUIC+HTTP/3
Get Hands-On with NGINX and QUIC+HTTP/3Get Hands-On with NGINX and QUIC+HTTP/3
Get Hands-On with NGINX and QUIC+HTTP/3
NGINX, Inc.
 
Linux Network Stack
Linux Network StackLinux Network Stack
Linux Network Stack
Adrien Mahieux
 
Cilium - Container Networking with BPF & XDP
Cilium - Container Networking with BPF & XDPCilium - Container Networking with BPF & XDP
Cilium - Container Networking with BPF & XDP
Thomas Graf
 
How to Build a Telegraf Plugin by Noah Crowley
How to Build a Telegraf Plugin by Noah CrowleyHow to Build a Telegraf Plugin by Noah Crowley
How to Build a Telegraf Plugin by Noah Crowley
InfluxData
 
Performance Wins with eBPF: Getting Started (2021)
Performance Wins with eBPF: Getting Started (2021)Performance Wins with eBPF: Getting Started (2021)
Performance Wins with eBPF: Getting Started (2021)
Brendan Gregg
 
NGINX Installation and Tuning
NGINX Installation and TuningNGINX Installation and Tuning
NGINX Installation and Tuning
NGINX, Inc.
 
Bottom half in linux kernel
Bottom half in linux kernelBottom half in linux kernel
Bottom half in linux kernel
KrishnaPrasad630
 
gRPC Overview
gRPC OverviewgRPC Overview
gRPC Overview
Varun Talwar
 
MySQL Slow Query log Monitoring using Beats & ELK
MySQL Slow Query log Monitoring using Beats & ELKMySQL Slow Query log Monitoring using Beats & ELK
MySQL Slow Query log Monitoring using Beats & ELK
YoungHeon (Roy) Kim
 
gRPC Design and Implementation
gRPC Design and ImplementationgRPC Design and Implementation
gRPC Design and Implementation
Varun Talwar
 
5 things you didn't know nginx could do
5 things you didn't know nginx could do5 things you didn't know nginx could do
5 things you didn't know nginx could do
sarahnovotny
 
Re:invent 2016 Container Scheduling, Execution and AWS Integration
Re:invent 2016 Container Scheduling, Execution and AWS IntegrationRe:invent 2016 Container Scheduling, Execution and AWS Integration
Re:invent 2016 Container Scheduling, Execution and AWS Integration
aspyker
 
UM2019 Extended BPF: A New Type of Software
UM2019 Extended BPF: A New Type of SoftwareUM2019 Extended BPF: A New Type of Software
UM2019 Extended BPF: A New Type of Software
Brendan Gregg
 
Kafka’s New Control Plane: The Quorum Controller | Colin McCabe, Confluent
Kafka’s New Control Plane: The Quorum Controller | Colin McCabe, ConfluentKafka’s New Control Plane: The Quorum Controller | Colin McCabe, Confluent
Kafka’s New Control Plane: The Quorum Controller | Colin McCabe, Confluent
HostedbyConfluent
 
New Ways to Find Latency in Linux Using Tracing
New Ways to Find Latency in Linux Using TracingNew Ways to Find Latency in Linux Using Tracing
New Ways to Find Latency in Linux Using Tracing
ScyllaDB
 
Linux Networking Explained
Linux Networking ExplainedLinux Networking Explained
Linux Networking Explained
Thomas Graf
 
Sipwise rtpengine
Sipwise rtpengineSipwise rtpengine
Sipwise rtpengine
Andreas Granig
 
Scaling Push Messaging for Millions of Devices @Netflix
Scaling Push Messaging for Millions of Devices @NetflixScaling Push Messaging for Millions of Devices @Netflix
Scaling Push Messaging for Millions of Devices @Netflix
C4Media
 
Introduction to eBPF and XDP
Introduction to eBPF and XDPIntroduction to eBPF and XDP
Introduction to eBPF and XDP
lcplcp1
 
Nginx Internals
Nginx InternalsNginx Internals
Nginx Internals
Joshua Zhu
 
HTTP Analytics for 6M requests per second using ClickHouse, by Alexander Boc...
HTTP Analytics for 6M requests per second using ClickHouse, by Alexander Boc...HTTP Analytics for 6M requests per second using ClickHouse, by Alexander Boc...
HTTP Analytics for 6M requests per second using ClickHouse, by Alexander Boc...
Altinity Ltd
 
gRPC with java
gRPC with javagRPC with java
gRPC with java
Knoldus Inc.
 
A Day in the Life of a ClickHouse Query Webinar Slides
A Day in the Life of a ClickHouse Query Webinar Slides A Day in the Life of a ClickHouse Query Webinar Slides
A Day in the Life of a ClickHouse Query Webinar Slides
Altinity Ltd
 
gRPC
gRPCgRPC
gRPC
Majid Alaeinia
 
Linux Terminal commands for Devops.pdf
Linux Terminal commands for Devops.pdfLinux Terminal commands for Devops.pdf
Linux Terminal commands for Devops.pdf
Nambi Nam
 
The linux networking architecture
The linux networking architectureThe linux networking architecture
The linux networking architecture
hugo lu
 
How Linux Processes Your Network Packet - Elazar Leibovich
How Linux Processes Your Network Packet - Elazar LeibovichHow Linux Processes Your Network Packet - Elazar Leibovich
How Linux Processes Your Network Packet - Elazar Leibovich
DevOpsDays Tel Aviv
 
Replacing iptables with eBPF in Kubernetes with Cilium
Replacing iptables with eBPF in Kubernetes with CiliumReplacing iptables with eBPF in Kubernetes with Cilium
Replacing iptables with eBPF in Kubernetes with Cilium
Michal Rostecki
 
Cohesive Networks Support Docs: VNS3 Configuration for CenturyLink Cloud
Cohesive Networks Support Docs: VNS3 Configuration for CenturyLink Cloud Cohesive Networks Support Docs: VNS3 Configuration for CenturyLink Cloud
Cohesive Networks Support Docs: VNS3 Configuration for CenturyLink Cloud
Cohesive Networks
 
Learn to Add an SSL Certificate Boost Your Site's Security.pdf
Learn to Add an SSL Certificate Boost Your Site's Security.pdfLearn to Add an SSL Certificate Boost Your Site's Security.pdf
Learn to Add an SSL Certificate Boost Your Site's Security.pdf
ReliqusConsulting
 
Ad

More Related Content

What's hot (20)

MySQL Slow Query log Monitoring using Beats & ELK
MySQL Slow Query log Monitoring using Beats & ELKMySQL Slow Query log Monitoring using Beats & ELK
MySQL Slow Query log Monitoring using Beats & ELK
YoungHeon (Roy) Kim
 
gRPC Design and Implementation
gRPC Design and ImplementationgRPC Design and Implementation
gRPC Design and Implementation
Varun Talwar
 
5 things you didn't know nginx could do
5 things you didn't know nginx could do5 things you didn't know nginx could do
5 things you didn't know nginx could do
sarahnovotny
 
Re:invent 2016 Container Scheduling, Execution and AWS Integration
Re:invent 2016 Container Scheduling, Execution and AWS IntegrationRe:invent 2016 Container Scheduling, Execution and AWS Integration
Re:invent 2016 Container Scheduling, Execution and AWS Integration
aspyker
 
UM2019 Extended BPF: A New Type of Software
UM2019 Extended BPF: A New Type of SoftwareUM2019 Extended BPF: A New Type of Software
UM2019 Extended BPF: A New Type of Software
Brendan Gregg
 
Kafka’s New Control Plane: The Quorum Controller | Colin McCabe, Confluent
Kafka’s New Control Plane: The Quorum Controller | Colin McCabe, ConfluentKafka’s New Control Plane: The Quorum Controller | Colin McCabe, Confluent
Kafka’s New Control Plane: The Quorum Controller | Colin McCabe, Confluent
HostedbyConfluent
 
New Ways to Find Latency in Linux Using Tracing
New Ways to Find Latency in Linux Using TracingNew Ways to Find Latency in Linux Using Tracing
New Ways to Find Latency in Linux Using Tracing
ScyllaDB
 
Linux Networking Explained
Linux Networking ExplainedLinux Networking Explained
Linux Networking Explained
Thomas Graf
 
Sipwise rtpengine
Sipwise rtpengineSipwise rtpengine
Sipwise rtpengine
Andreas Granig
 
Scaling Push Messaging for Millions of Devices @Netflix
Scaling Push Messaging for Millions of Devices @NetflixScaling Push Messaging for Millions of Devices @Netflix
Scaling Push Messaging for Millions of Devices @Netflix
C4Media
 
Introduction to eBPF and XDP
Introduction to eBPF and XDPIntroduction to eBPF and XDP
Introduction to eBPF and XDP
lcplcp1
 
Nginx Internals
Nginx InternalsNginx Internals
Nginx Internals
Joshua Zhu
 
HTTP Analytics for 6M requests per second using ClickHouse, by Alexander Boc...
HTTP Analytics for 6M requests per second using ClickHouse, by Alexander Boc...HTTP Analytics for 6M requests per second using ClickHouse, by Alexander Boc...
HTTP Analytics for 6M requests per second using ClickHouse, by Alexander Boc...
Altinity Ltd
 
gRPC with java
gRPC with javagRPC with java
gRPC with java
Knoldus Inc.
 
A Day in the Life of a ClickHouse Query Webinar Slides
A Day in the Life of a ClickHouse Query Webinar Slides A Day in the Life of a ClickHouse Query Webinar Slides
A Day in the Life of a ClickHouse Query Webinar Slides
Altinity Ltd
 
gRPC
gRPCgRPC
gRPC
Majid Alaeinia
 
Linux Terminal commands for Devops.pdf
Linux Terminal commands for Devops.pdfLinux Terminal commands for Devops.pdf
Linux Terminal commands for Devops.pdf
Nambi Nam
 
The linux networking architecture
The linux networking architectureThe linux networking architecture
The linux networking architecture
hugo lu
 
How Linux Processes Your Network Packet - Elazar Leibovich
How Linux Processes Your Network Packet - Elazar LeibovichHow Linux Processes Your Network Packet - Elazar Leibovich
How Linux Processes Your Network Packet - Elazar Leibovich
DevOpsDays Tel Aviv
 
Replacing iptables with eBPF in Kubernetes with Cilium
Replacing iptables with eBPF in Kubernetes with CiliumReplacing iptables with eBPF in Kubernetes with Cilium
Replacing iptables with eBPF in Kubernetes with Cilium
Michal Rostecki
 
MySQL Slow Query log Monitoring using Beats & ELK
MySQL Slow Query log Monitoring using Beats & ELKMySQL Slow Query log Monitoring using Beats & ELK
MySQL Slow Query log Monitoring using Beats & ELK
YoungHeon (Roy) Kim
 
gRPC Design and Implementation
gRPC Design and ImplementationgRPC Design and Implementation
gRPC Design and Implementation
Varun Talwar
 
5 things you didn't know nginx could do
5 things you didn't know nginx could do5 things you didn't know nginx could do
5 things you didn't know nginx could do
sarahnovotny
 
Re:invent 2016 Container Scheduling, Execution and AWS Integration
Re:invent 2016 Container Scheduling, Execution and AWS IntegrationRe:invent 2016 Container Scheduling, Execution and AWS Integration
Re:invent 2016 Container Scheduling, Execution and AWS Integration
aspyker
 
UM2019 Extended BPF: A New Type of Software
UM2019 Extended BPF: A New Type of SoftwareUM2019 Extended BPF: A New Type of Software
UM2019 Extended BPF: A New Type of Software
Brendan Gregg
 
Kafka’s New Control Plane: The Quorum Controller | Colin McCabe, Confluent
Kafka’s New Control Plane: The Quorum Controller | Colin McCabe, ConfluentKafka’s New Control Plane: The Quorum Controller | Colin McCabe, Confluent
Kafka’s New Control Plane: The Quorum Controller | Colin McCabe, Confluent
HostedbyConfluent
 
New Ways to Find Latency in Linux Using Tracing
New Ways to Find Latency in Linux Using TracingNew Ways to Find Latency in Linux Using Tracing
New Ways to Find Latency in Linux Using Tracing
ScyllaDB
 
Linux Networking Explained
Linux Networking ExplainedLinux Networking Explained
Linux Networking Explained
Thomas Graf
 
Sipwise rtpengine
Sipwise rtpengineSipwise rtpengine
Sipwise rtpengine
Andreas Granig
 
Scaling Push Messaging for Millions of Devices @Netflix
Scaling Push Messaging for Millions of Devices @NetflixScaling Push Messaging for Millions of Devices @Netflix
Scaling Push Messaging for Millions of Devices @Netflix
C4Media
 
Introduction to eBPF and XDP
Introduction to eBPF and XDPIntroduction to eBPF and XDP
Introduction to eBPF and XDP
lcplcp1
 
Nginx Internals
Nginx InternalsNginx Internals
Nginx Internals
Joshua Zhu
 
HTTP Analytics for 6M requests per second using ClickHouse, by Alexander Boc...
HTTP Analytics for 6M requests per second using ClickHouse, by Alexander Boc...HTTP Analytics for 6M requests per second using ClickHouse, by Alexander Boc...
HTTP Analytics for 6M requests per second using ClickHouse, by Alexander Boc...
Altinity Ltd
 
gRPC with java
gRPC with javagRPC with java
gRPC with java
Knoldus Inc.
 
A Day in the Life of a ClickHouse Query Webinar Slides
A Day in the Life of a ClickHouse Query Webinar Slides A Day in the Life of a ClickHouse Query Webinar Slides
A Day in the Life of a ClickHouse Query Webinar Slides
Altinity Ltd
 
gRPC
gRPCgRPC
gRPC
Majid Alaeinia
 
Linux Terminal commands for Devops.pdf
Linux Terminal commands for Devops.pdfLinux Terminal commands for Devops.pdf
Linux Terminal commands for Devops.pdf
Nambi Nam
 
The linux networking architecture
The linux networking architectureThe linux networking architecture
The linux networking architecture
hugo lu
 
How Linux Processes Your Network Packet - Elazar Leibovich
How Linux Processes Your Network Packet - Elazar LeibovichHow Linux Processes Your Network Packet - Elazar Leibovich
How Linux Processes Your Network Packet - Elazar Leibovich
DevOpsDays Tel Aviv
 
Replacing iptables with eBPF in Kubernetes with Cilium
Replacing iptables with eBPF in Kubernetes with CiliumReplacing iptables with eBPF in Kubernetes with Cilium
Replacing iptables with eBPF in Kubernetes with Cilium
Michal Rostecki
 

Similar to NGINX 101: Web Traffic Encryption with SSL/TLS and NGINX (20)

Cohesive Networks Support Docs: VNS3 Configuration for CenturyLink Cloud
Cohesive Networks Support Docs: VNS3 Configuration for CenturyLink Cloud Cohesive Networks Support Docs: VNS3 Configuration for CenturyLink Cloud
Cohesive Networks Support Docs: VNS3 Configuration for CenturyLink Cloud
Cohesive Networks
 
Learn to Add an SSL Certificate Boost Your Site's Security.pdf
Learn to Add an SSL Certificate Boost Your Site's Security.pdfLearn to Add an SSL Certificate Boost Your Site's Security.pdf
Learn to Add an SSL Certificate Boost Your Site's Security.pdf
ReliqusConsulting
 
Control Kubernetes Ingress and Egress Together with NGINX
Control Kubernetes Ingress and Egress Together with NGINXControl Kubernetes Ingress and Egress Together with NGINX
Control Kubernetes Ingress and Egress Together with NGINX
NGINX, Inc.
 
Cisco WSA - Cisco Web Security Appliance - Appliance Configuration
Cisco WSA - Cisco Web Security Appliance - Appliance ConfigurationCisco WSA - Cisco Web Security Appliance - Appliance Configuration
Cisco WSA - Cisco Web Security Appliance - Appliance Configuration
attackying
 
HCL Domino V12 Key Security Features Overview
HCL Domino V12 Key Security Features Overview HCL Domino V12 Key Security Features Overview
HCL Domino V12 Key Security Features Overview
hemantnaik
 
presentation_4102_1493726768.pdf
presentation_4102_1493726768.pdfpresentation_4102_1493726768.pdf
presentation_4102_1493726768.pdf
ssuserf0e32f
 
Securing Your Apps & APIs in the Cloud
Securing Your Apps & APIs in the CloudSecuring Your Apps & APIs in the Cloud
Securing Your Apps & APIs in the Cloud
Olivia LaMar
 
Decrypting and Selectively Inspecting Modern Traffic
Decrypting and Selectively Inspecting Modern TrafficDecrypting and Selectively Inspecting Modern Traffic
Decrypting and Selectively Inspecting Modern Traffic
Shain Singh
 
Control Kubernetes Ingress and Egress Together with NGINX
Control Kubernetes Ingress and Egress Together with NGINXControl Kubernetes Ingress and Egress Together with NGINX
Control Kubernetes Ingress and Egress Together with NGINX
NGINX, Inc.
 
Citrix Day 2014: XenMobile Enterprise Edition
Citrix Day 2014: XenMobile Enterprise EditionCitrix Day 2014: XenMobile Enterprise Edition
Citrix Day 2014: XenMobile Enterprise Edition
Digicomp Academy AG
 
Citrix TechEdge 2014 - How to Troubleshoot Deployments of StoreFront and NetS...
Citrix TechEdge 2014 - How to Troubleshoot Deployments of StoreFront and NetS...Citrix TechEdge 2014 - How to Troubleshoot Deployments of StoreFront and NetS...
Citrix TechEdge 2014 - How to Troubleshoot Deployments of StoreFront and NetS...
David McGeough
 
Citrix TechEdge 2014 - How to Protect Against the Top 10 Web Security Issues ...
Citrix TechEdge 2014 - How to Protect Against the Top 10 Web Security Issues ...Citrix TechEdge 2014 - How to Protect Against the Top 10 Web Security Issues ...
Citrix TechEdge 2014 - How to Protect Against the Top 10 Web Security Issues ...
David McGeough
 
Adobe Connect on-premise SSL Guide
Adobe Connect on-premise SSL GuideAdobe Connect on-premise SSL Guide
Adobe Connect on-premise SSL Guide
RapidSSLOnline.com
 
SECURE SOCKET LAYER ( WEB SECURITY )
SECURE SOCKET LAYER ( WEB SECURITY )SECURE SOCKET LAYER ( WEB SECURITY )
SECURE SOCKET LAYER ( WEB SECURITY )
Monodip Singha Roy
 
PPT ON WEB SECURITY BY MONODIP SINGHA ROY
PPT ON WEB SECURITY BY MONODIP SINGHA ROYPPT ON WEB SECURITY BY MONODIP SINGHA ROY
PPT ON WEB SECURITY BY MONODIP SINGHA ROY
Monodip Singha Roy
 
The last picks
The last picksThe last picks
The last picks
Nafiur Rahman Tuhin
 
VMworld 2016: Advanced Network Services with NSX
VMworld 2016: Advanced Network Services with NSXVMworld 2016: Advanced Network Services with NSX
VMworld 2016: Advanced Network Services with NSX
VMworld
 
Introduction to Secure Sockets Layer
Introduction to Secure Sockets LayerIntroduction to Secure Sockets Layer
Introduction to Secure Sockets Layer
Nascenia IT
 
ESM_AdminGuide_6.9.0.pdf
ESM_AdminGuide_6.9.0.pdfESM_AdminGuide_6.9.0.pdf
ESM_AdminGuide_6.9.0.pdf
Protect724v2
 
Poodle sha2 open mic
Poodle sha2 open micPoodle sha2 open mic
Poodle sha2 open mic
Rahul Kumar
 
Cohesive Networks Support Docs: VNS3 Configuration for CenturyLink Cloud
Cohesive Networks Support Docs: VNS3 Configuration for CenturyLink Cloud Cohesive Networks Support Docs: VNS3 Configuration for CenturyLink Cloud
Cohesive Networks Support Docs: VNS3 Configuration for CenturyLink Cloud
Cohesive Networks
 
Learn to Add an SSL Certificate Boost Your Site's Security.pdf
Learn to Add an SSL Certificate Boost Your Site's Security.pdfLearn to Add an SSL Certificate Boost Your Site's Security.pdf
Learn to Add an SSL Certificate Boost Your Site's Security.pdf
ReliqusConsulting
 
Control Kubernetes Ingress and Egress Together with NGINX
Control Kubernetes Ingress and Egress Together with NGINXControl Kubernetes Ingress and Egress Together with NGINX
Control Kubernetes Ingress and Egress Together with NGINX
NGINX, Inc.
 
Cisco WSA - Cisco Web Security Appliance - Appliance Configuration
Cisco WSA - Cisco Web Security Appliance - Appliance ConfigurationCisco WSA - Cisco Web Security Appliance - Appliance Configuration
Cisco WSA - Cisco Web Security Appliance - Appliance Configuration
attackying
 
HCL Domino V12 Key Security Features Overview
HCL Domino V12 Key Security Features Overview HCL Domino V12 Key Security Features Overview
HCL Domino V12 Key Security Features Overview
hemantnaik
 
presentation_4102_1493726768.pdf
presentation_4102_1493726768.pdfpresentation_4102_1493726768.pdf
presentation_4102_1493726768.pdf
ssuserf0e32f
 
Securing Your Apps & APIs in the Cloud
Securing Your Apps & APIs in the CloudSecuring Your Apps & APIs in the Cloud
Securing Your Apps & APIs in the Cloud
Olivia LaMar
 
Decrypting and Selectively Inspecting Modern Traffic
Decrypting and Selectively Inspecting Modern TrafficDecrypting and Selectively Inspecting Modern Traffic
Decrypting and Selectively Inspecting Modern Traffic
Shain Singh
 
Control Kubernetes Ingress and Egress Together with NGINX
Control Kubernetes Ingress and Egress Together with NGINXControl Kubernetes Ingress and Egress Together with NGINX
Control Kubernetes Ingress and Egress Together with NGINX
NGINX, Inc.
 
Citrix Day 2014: XenMobile Enterprise Edition
Citrix Day 2014: XenMobile Enterprise EditionCitrix Day 2014: XenMobile Enterprise Edition
Citrix Day 2014: XenMobile Enterprise Edition
Digicomp Academy AG
 
Citrix TechEdge 2014 - How to Troubleshoot Deployments of StoreFront and NetS...
Citrix TechEdge 2014 - How to Troubleshoot Deployments of StoreFront and NetS...Citrix TechEdge 2014 - How to Troubleshoot Deployments of StoreFront and NetS...
Citrix TechEdge 2014 - How to Troubleshoot Deployments of StoreFront and NetS...
David McGeough
 
Citrix TechEdge 2014 - How to Protect Against the Top 10 Web Security Issues ...
Citrix TechEdge 2014 - How to Protect Against the Top 10 Web Security Issues ...Citrix TechEdge 2014 - How to Protect Against the Top 10 Web Security Issues ...
Citrix TechEdge 2014 - How to Protect Against the Top 10 Web Security Issues ...
David McGeough
 
Adobe Connect on-premise SSL Guide
Adobe Connect on-premise SSL GuideAdobe Connect on-premise SSL Guide
Adobe Connect on-premise SSL Guide
RapidSSLOnline.com
 
SECURE SOCKET LAYER ( WEB SECURITY )
SECURE SOCKET LAYER ( WEB SECURITY )SECURE SOCKET LAYER ( WEB SECURITY )
SECURE SOCKET LAYER ( WEB SECURITY )
Monodip Singha Roy
 
PPT ON WEB SECURITY BY MONODIP SINGHA ROY
PPT ON WEB SECURITY BY MONODIP SINGHA ROYPPT ON WEB SECURITY BY MONODIP SINGHA ROY
PPT ON WEB SECURITY BY MONODIP SINGHA ROY
Monodip Singha Roy
 
The last picks
The last picksThe last picks
The last picks
Nafiur Rahman Tuhin
 
VMworld 2016: Advanced Network Services with NSX
VMworld 2016: Advanced Network Services with NSXVMworld 2016: Advanced Network Services with NSX
VMworld 2016: Advanced Network Services with NSX
VMworld
 
Introduction to Secure Sockets Layer
Introduction to Secure Sockets LayerIntroduction to Secure Sockets Layer
Introduction to Secure Sockets Layer
Nascenia IT
 
ESM_AdminGuide_6.9.0.pdf
ESM_AdminGuide_6.9.0.pdfESM_AdminGuide_6.9.0.pdf
ESM_AdminGuide_6.9.0.pdf
Protect724v2
 
Poodle sha2 open mic
Poodle sha2 open micPoodle sha2 open mic
Poodle sha2 open mic
Rahul Kumar
 
Ad

More from NGINX, Inc. (20)

【NGINXセミナー】 Ingressを使ってマイクロサービスの運用を楽にする方法
【NGINXセミナー】 Ingressを使ってマイクロサービスの運用を楽にする方法【NGINXセミナー】 Ingressを使ってマイクロサービスの運用を楽にする方法
【NGINXセミナー】 Ingressを使ってマイクロサービスの運用を楽にする方法
NGINX, Inc.
 
【NGINXセミナー】 NGINXのWAFとは?その使い方と設定方法 解説セミナー
【NGINXセミナー】 NGINXのWAFとは?その使い方と設定方法 解説セミナー【NGINXセミナー】 NGINXのWAFとは?その使い方と設定方法 解説セミナー
【NGINXセミナー】 NGINXのWAFとは?その使い方と設定方法 解説セミナー
NGINX, Inc.
 
【NGINXセミナー】API ゲートウェイとしてのNGINX Plus活用方法
【NGINXセミナー】API ゲートウェイとしてのNGINX Plus活用方法【NGINXセミナー】API ゲートウェイとしてのNGINX Plus活用方法
【NGINXセミナー】API ゲートウェイとしてのNGINX Plus活用方法
NGINX, Inc.
 
Managing Kubernetes Cost and Performance with NGINX & Kubecost
Managing Kubernetes Cost and Performance with NGINX & KubecostManaging Kubernetes Cost and Performance with NGINX & Kubecost
Managing Kubernetes Cost and Performance with NGINX & Kubecost
NGINX, Inc.
 
Manage Microservices Chaos and Complexity with Observability
Manage Microservices Chaos and Complexity with ObservabilityManage Microservices Chaos and Complexity with Observability
Manage Microservices Chaos and Complexity with Observability
NGINX, Inc.
 
Accelerate Microservices Deployments with Automation
Accelerate Microservices Deployments with AutomationAccelerate Microservices Deployments with Automation
Accelerate Microservices Deployments with Automation
NGINX, Inc.
 
Unit 2: Microservices Secrets Management 101
Unit 2: Microservices Secrets Management 101Unit 2: Microservices Secrets Management 101
Unit 2: Microservices Secrets Management 101
NGINX, Inc.
 
Unit 1: Apply the Twelve-Factor App to Microservices Architectures
Unit 1: Apply the Twelve-Factor App to Microservices ArchitecturesUnit 1: Apply the Twelve-Factor App to Microservices Architectures
Unit 1: Apply the Twelve-Factor App to Microservices Architectures
NGINX, Inc.
 
NGINX基本セミナー(セキュリティ編)~NGINXでセキュアなプラットフォームを実現する方法!
NGINX基本セミナー(セキュリティ編)~NGINXでセキュアなプラットフォームを実現する方法!NGINX基本セミナー(セキュリティ編)~NGINXでセキュアなプラットフォームを実現する方法!
NGINX基本セミナー(セキュリティ編)~NGINXでセキュアなプラットフォームを実現する方法!
NGINX, Inc.
 
Easily View, Manage, and Scale Your App Security with F5 NGINX
Easily View, Manage, and Scale Your App Security with F5 NGINXEasily View, Manage, and Scale Your App Security with F5 NGINX
Easily View, Manage, and Scale Your App Security with F5 NGINX
NGINX, Inc.
 
NGINXセミナー(基本編)~いまさら聞けないNGINXコンフィグなど基本がわかる!
NGINXセミナー(基本編)~いまさら聞けないNGINXコンフィグなど基本がわかる!NGINXセミナー(基本編)~いまさら聞けないNGINXコンフィグなど基本がわかる!
NGINXセミナー(基本編)~いまさら聞けないNGINXコンフィグなど基本がわかる!
NGINX, Inc.
 
Keep Ahead of Evolving Cyberattacks with OPSWAT and F5 NGINX
Keep Ahead of Evolving Cyberattacks with OPSWAT and F5 NGINXKeep Ahead of Evolving Cyberattacks with OPSWAT and F5 NGINX
Keep Ahead of Evolving Cyberattacks with OPSWAT and F5 NGINX
NGINX, Inc.
 
Install and Configure NGINX Unit, the Universal Application, Web, and Proxy S...
Install and Configure NGINX Unit, the Universal Application, Web, and Proxy S...Install and Configure NGINX Unit, the Universal Application, Web, and Proxy S...
Install and Configure NGINX Unit, the Universal Application, Web, and Proxy S...
NGINX, Inc.
 
Protecting Apps from Hacks in Kubernetes with NGINX
Protecting Apps from Hacks in Kubernetes with NGINXProtecting Apps from Hacks in Kubernetes with NGINX
Protecting Apps from Hacks in Kubernetes with NGINX
NGINX, Inc.
 
NGINX Kubernetes API
NGINX Kubernetes APINGINX Kubernetes API
NGINX Kubernetes API
NGINX, Inc.
 
Successfully Implement Your API Strategy with NGINX
Successfully Implement Your API Strategy with NGINXSuccessfully Implement Your API Strategy with NGINX
Successfully Implement Your API Strategy with NGINX
NGINX, Inc.
 
Installing and Configuring NGINX Open Source
Installing and Configuring NGINX Open SourceInstalling and Configuring NGINX Open Source
Installing and Configuring NGINX Open Source
NGINX, Inc.
 
Shift Left for More Secure Apps with F5 NGINX
Shift Left for More Secure Apps with F5 NGINXShift Left for More Secure Apps with F5 NGINX
Shift Left for More Secure Apps with F5 NGINX
NGINX, Inc.
 
How to Avoid the Top 5 NGINX Configuration Mistakes.pptx
How to Avoid the Top 5 NGINX Configuration Mistakes.pptxHow to Avoid the Top 5 NGINX Configuration Mistakes.pptx
How to Avoid the Top 5 NGINX Configuration Mistakes.pptx
NGINX, Inc.
 
Kubernetes環境で実現するWebアプリケーションセキュリティ
Kubernetes環境で実現するWebアプリケーションセキュリティKubernetes環境で実現するWebアプリケーションセキュリティ
Kubernetes環境で実現するWebアプリケーションセキュリティ
NGINX, Inc.
 
【NGINXセミナー】 Ingressを使ってマイクロサービスの運用を楽にする方法
【NGINXセミナー】 Ingressを使ってマイクロサービスの運用を楽にする方法【NGINXセミナー】 Ingressを使ってマイクロサービスの運用を楽にする方法
【NGINXセミナー】 Ingressを使ってマイクロサービスの運用を楽にする方法
NGINX, Inc.
 
【NGINXセミナー】 NGINXのWAFとは?その使い方と設定方法 解説セミナー
【NGINXセミナー】 NGINXのWAFとは?その使い方と設定方法 解説セミナー【NGINXセミナー】 NGINXのWAFとは?その使い方と設定方法 解説セミナー
【NGINXセミナー】 NGINXのWAFとは?その使い方と設定方法 解説セミナー
NGINX, Inc.
 
【NGINXセミナー】API ゲートウェイとしてのNGINX Plus活用方法
【NGINXセミナー】API ゲートウェイとしてのNGINX Plus活用方法【NGINXセミナー】API ゲートウェイとしてのNGINX Plus活用方法
【NGINXセミナー】API ゲートウェイとしてのNGINX Plus活用方法
NGINX, Inc.
 
Managing Kubernetes Cost and Performance with NGINX & Kubecost
Managing Kubernetes Cost and Performance with NGINX & KubecostManaging Kubernetes Cost and Performance with NGINX & Kubecost
Managing Kubernetes Cost and Performance with NGINX & Kubecost
NGINX, Inc.
 
Manage Microservices Chaos and Complexity with Observability
Manage Microservices Chaos and Complexity with ObservabilityManage Microservices Chaos and Complexity with Observability
Manage Microservices Chaos and Complexity with Observability
NGINX, Inc.
 
Accelerate Microservices Deployments with Automation
Accelerate Microservices Deployments with AutomationAccelerate Microservices Deployments with Automation
Accelerate Microservices Deployments with Automation
NGINX, Inc.
 
Unit 2: Microservices Secrets Management 101
Unit 2: Microservices Secrets Management 101Unit 2: Microservices Secrets Management 101
Unit 2: Microservices Secrets Management 101
NGINX, Inc.
 
Unit 1: Apply the Twelve-Factor App to Microservices Architectures
Unit 1: Apply the Twelve-Factor App to Microservices ArchitecturesUnit 1: Apply the Twelve-Factor App to Microservices Architectures
Unit 1: Apply the Twelve-Factor App to Microservices Architectures
NGINX, Inc.
 
NGINX基本セミナー(セキュリティ編)~NGINXでセキュアなプラットフォームを実現する方法!
NGINX基本セミナー(セキュリティ編)~NGINXでセキュアなプラットフォームを実現する方法!NGINX基本セミナー(セキュリティ編)~NGINXでセキュアなプラットフォームを実現する方法!
NGINX基本セミナー(セキュリティ編)~NGINXでセキュアなプラットフォームを実現する方法!
NGINX, Inc.
 
Easily View, Manage, and Scale Your App Security with F5 NGINX
Easily View, Manage, and Scale Your App Security with F5 NGINXEasily View, Manage, and Scale Your App Security with F5 NGINX
Easily View, Manage, and Scale Your App Security with F5 NGINX
NGINX, Inc.
 
NGINXセミナー(基本編)~いまさら聞けないNGINXコンフィグなど基本がわかる!
NGINXセミナー(基本編)~いまさら聞けないNGINXコンフィグなど基本がわかる!NGINXセミナー(基本編)~いまさら聞けないNGINXコンフィグなど基本がわかる!
NGINXセミナー(基本編)~いまさら聞けないNGINXコンフィグなど基本がわかる!
NGINX, Inc.
 
Keep Ahead of Evolving Cyberattacks with OPSWAT and F5 NGINX
Keep Ahead of Evolving Cyberattacks with OPSWAT and F5 NGINXKeep Ahead of Evolving Cyberattacks with OPSWAT and F5 NGINX
Keep Ahead of Evolving Cyberattacks with OPSWAT and F5 NGINX
NGINX, Inc.
 
Install and Configure NGINX Unit, the Universal Application, Web, and Proxy S...
Install and Configure NGINX Unit, the Universal Application, Web, and Proxy S...Install and Configure NGINX Unit, the Universal Application, Web, and Proxy S...
Install and Configure NGINX Unit, the Universal Application, Web, and Proxy S...
NGINX, Inc.
 
Protecting Apps from Hacks in Kubernetes with NGINX
Protecting Apps from Hacks in Kubernetes with NGINXProtecting Apps from Hacks in Kubernetes with NGINX
Protecting Apps from Hacks in Kubernetes with NGINX
NGINX, Inc.
 
NGINX Kubernetes API
NGINX Kubernetes APINGINX Kubernetes API
NGINX Kubernetes API
NGINX, Inc.
 
Successfully Implement Your API Strategy with NGINX
Successfully Implement Your API Strategy with NGINXSuccessfully Implement Your API Strategy with NGINX
Successfully Implement Your API Strategy with NGINX
NGINX, Inc.
 
Installing and Configuring NGINX Open Source
Installing and Configuring NGINX Open SourceInstalling and Configuring NGINX Open Source
Installing and Configuring NGINX Open Source
NGINX, Inc.
 
Shift Left for More Secure Apps with F5 NGINX
Shift Left for More Secure Apps with F5 NGINXShift Left for More Secure Apps with F5 NGINX
Shift Left for More Secure Apps with F5 NGINX
NGINX, Inc.
 
How to Avoid the Top 5 NGINX Configuration Mistakes.pptx
How to Avoid the Top 5 NGINX Configuration Mistakes.pptxHow to Avoid the Top 5 NGINX Configuration Mistakes.pptx
How to Avoid the Top 5 NGINX Configuration Mistakes.pptx
NGINX, Inc.
 
Kubernetes環境で実現するWebアプリケーションセキュリティ
Kubernetes環境で実現するWebアプリケーションセキュリティKubernetes環境で実現するWebアプリケーションセキュリティ
Kubernetes環境で実現するWebアプリケーションセキュリティ
NGINX, Inc.
 
Ad

Recently uploaded (20)

Exceptional Behaviors: How Frequently Are They Tested? (AST 2025)
Exceptional Behaviors: How Frequently Are They Tested? (AST 2025)Exceptional Behaviors: How Frequently Are They Tested? (AST 2025)
Exceptional Behaviors: How Frequently Are They Tested? (AST 2025)
Andre Hora
 
Automation Techniques in RPA - UiPath Certificate
Automation Techniques in RPA - UiPath CertificateAutomation Techniques in RPA - UiPath Certificate
Automation Techniques in RPA - UiPath Certificate
VICTOR MAESTRE RAMIREZ
 
Microsoft Excel Core Points Training.pptx
Microsoft Excel Core Points Training.pptxMicrosoft Excel Core Points Training.pptx
Microsoft Excel Core Points Training.pptx
Mekonnen
 
DVDFab Crack FREE Download Latest Version 2025
DVDFab Crack FREE Download Latest Version 2025DVDFab Crack FREE Download Latest Version 2025
DVDFab Crack FREE Download Latest Version 2025
younisnoman75
 
PDF Reader Pro Crack Latest Version FREE Download 2025
PDF Reader Pro Crack Latest Version FREE Download 2025PDF Reader Pro Crack Latest Version FREE Download 2025
PDF Reader Pro Crack Latest Version FREE Download 2025
mu394968
 
Full Cracked Resolume Arena Latest Version
Full Cracked Resolume Arena Latest VersionFull Cracked Resolume Arena Latest Version
Full Cracked Resolume Arena Latest Version
jonesmichealj2
 
Innovative Approaches to Software Dev no good at all
Innovative Approaches to Software Dev no good at allInnovative Approaches to Software Dev no good at all
Innovative Approaches to Software Dev no good at all
ayeshakanwal75
 
FlakyFix: Using Large Language Models for Predicting Flaky Test Fix Categorie...
FlakyFix: Using Large Language Models for Predicting Flaky Test Fix Categorie...FlakyFix: Using Large Language Models for Predicting Flaky Test Fix Categorie...
FlakyFix: Using Large Language Models for Predicting Flaky Test Fix Categorie...
Lionel Briand
 
Download YouTube By Click 2025 Free Full Activated
Download YouTube By Click 2025 Free Full ActivatedDownload YouTube By Click 2025 Free Full Activated
Download YouTube By Click 2025 Free Full Activated
saniamalik72555
 
Proactive Vulnerability Detection in Source Code Using Graph Neural Networks:...
Proactive Vulnerability Detection in Source Code Using Graph Neural Networks:...Proactive Vulnerability Detection in Source Code Using Graph Neural Networks:...
Proactive Vulnerability Detection in Source Code Using Graph Neural Networks:...
Ranjan Baisak
 
Implementing promises with typescripts, step by step
Implementing promises with typescripts, step by stepImplementing promises with typescripts, step by step
Implementing promises with typescripts, step by step
Ran Wahle
 
Apple Logic Pro X Crack FRESH Version 2025
Apple Logic Pro X Crack FRESH Version 2025Apple Logic Pro X Crack FRESH Version 2025
Apple Logic Pro X Crack FRESH Version 2025
fs4635986
 
Revolutionizing Residential Wi-Fi PPT.pptx
Revolutionizing Residential Wi-Fi PPT.pptxRevolutionizing Residential Wi-Fi PPT.pptx
Revolutionizing Residential Wi-Fi PPT.pptx
nidhisingh691197
 
Foundation Models for Time Series : A Survey
Foundation Models for Time Series : A SurveyFoundation Models for Time Series : A Survey
Foundation Models for Time Series : A Survey
jayanthkalyanam1
 
What Do Contribution Guidelines Say About Software Testing? (MSR 2025)
What Do Contribution Guidelines Say About Software Testing? (MSR 2025)What Do Contribution Guidelines Say About Software Testing? (MSR 2025)
What Do Contribution Guidelines Say About Software Testing? (MSR 2025)
Andre Hora
 
Odoo ERP for Education Management to Streamline Your Education Process
Odoo ERP for Education Management to Streamline Your Education ProcessOdoo ERP for Education Management to Streamline Your Education Process
Odoo ERP for Education Management to Streamline Your Education Process
iVenture Team LLP
 
LEARN SEO AND INCREASE YOUR KNOWLDGE IN SOFTWARE INDUSTRY
LEARN SEO AND INCREASE YOUR KNOWLDGE IN SOFTWARE INDUSTRYLEARN SEO AND INCREASE YOUR KNOWLDGE IN SOFTWARE INDUSTRY
LEARN SEO AND INCREASE YOUR KNOWLDGE IN SOFTWARE INDUSTRY
NidaFarooq10
 
Who Watches the Watchmen (SciFiDevCon 2025)
Who Watches the Watchmen (SciFiDevCon 2025)Who Watches the Watchmen (SciFiDevCon 2025)
Who Watches the Watchmen (SciFiDevCon 2025)
Allon Mureinik
 
How to Optimize Your AWS Environment for Improved Cloud Performance
How to Optimize Your AWS Environment for Improved Cloud PerformanceHow to Optimize Your AWS Environment for Improved Cloud Performance
How to Optimize Your AWS Environment for Improved Cloud Performance
ThousandEyes
 
Get & Download Wondershare Filmora Crack Latest [2025]
Get & Download Wondershare Filmora Crack Latest [2025]Get & Download Wondershare Filmora Crack Latest [2025]
Get & Download Wondershare Filmora Crack Latest [2025]
saniaaftab72555
 
Exceptional Behaviors: How Frequently Are They Tested? (AST 2025)
Exceptional Behaviors: How Frequently Are They Tested? (AST 2025)Exceptional Behaviors: How Frequently Are They Tested? (AST 2025)
Exceptional Behaviors: How Frequently Are They Tested? (AST 2025)
Andre Hora
 
Automation Techniques in RPA - UiPath Certificate
Automation Techniques in RPA - UiPath CertificateAutomation Techniques in RPA - UiPath Certificate
Automation Techniques in RPA - UiPath Certificate
VICTOR MAESTRE RAMIREZ
 
Microsoft Excel Core Points Training.pptx
Microsoft Excel Core Points Training.pptxMicrosoft Excel Core Points Training.pptx
Microsoft Excel Core Points Training.pptx
Mekonnen
 
DVDFab Crack FREE Download Latest Version 2025
DVDFab Crack FREE Download Latest Version 2025DVDFab Crack FREE Download Latest Version 2025
DVDFab Crack FREE Download Latest Version 2025
younisnoman75
 
PDF Reader Pro Crack Latest Version FREE Download 2025
PDF Reader Pro Crack Latest Version FREE Download 2025PDF Reader Pro Crack Latest Version FREE Download 2025
PDF Reader Pro Crack Latest Version FREE Download 2025
mu394968
 
Full Cracked Resolume Arena Latest Version
Full Cracked Resolume Arena Latest VersionFull Cracked Resolume Arena Latest Version
Full Cracked Resolume Arena Latest Version
jonesmichealj2
 
Innovative Approaches to Software Dev no good at all
Innovative Approaches to Software Dev no good at allInnovative Approaches to Software Dev no good at all
Innovative Approaches to Software Dev no good at all
ayeshakanwal75
 
FlakyFix: Using Large Language Models for Predicting Flaky Test Fix Categorie...
FlakyFix: Using Large Language Models for Predicting Flaky Test Fix Categorie...FlakyFix: Using Large Language Models for Predicting Flaky Test Fix Categorie...
FlakyFix: Using Large Language Models for Predicting Flaky Test Fix Categorie...
Lionel Briand
 
Download YouTube By Click 2025 Free Full Activated
Download YouTube By Click 2025 Free Full ActivatedDownload YouTube By Click 2025 Free Full Activated
Download YouTube By Click 2025 Free Full Activated
saniamalik72555
 
Proactive Vulnerability Detection in Source Code Using Graph Neural Networks:...
Proactive Vulnerability Detection in Source Code Using Graph Neural Networks:...Proactive Vulnerability Detection in Source Code Using Graph Neural Networks:...
Proactive Vulnerability Detection in Source Code Using Graph Neural Networks:...
Ranjan Baisak
 
Implementing promises with typescripts, step by step
Implementing promises with typescripts, step by stepImplementing promises with typescripts, step by step
Implementing promises with typescripts, step by step
Ran Wahle
 
Apple Logic Pro X Crack FRESH Version 2025
Apple Logic Pro X Crack FRESH Version 2025Apple Logic Pro X Crack FRESH Version 2025
Apple Logic Pro X Crack FRESH Version 2025
fs4635986
 
Revolutionizing Residential Wi-Fi PPT.pptx
Revolutionizing Residential Wi-Fi PPT.pptxRevolutionizing Residential Wi-Fi PPT.pptx
Revolutionizing Residential Wi-Fi PPT.pptx
nidhisingh691197
 
Foundation Models for Time Series : A Survey
Foundation Models for Time Series : A SurveyFoundation Models for Time Series : A Survey
Foundation Models for Time Series : A Survey
jayanthkalyanam1
 
What Do Contribution Guidelines Say About Software Testing? (MSR 2025)
What Do Contribution Guidelines Say About Software Testing? (MSR 2025)What Do Contribution Guidelines Say About Software Testing? (MSR 2025)
What Do Contribution Guidelines Say About Software Testing? (MSR 2025)
Andre Hora
 
Odoo ERP for Education Management to Streamline Your Education Process
Odoo ERP for Education Management to Streamline Your Education ProcessOdoo ERP for Education Management to Streamline Your Education Process
Odoo ERP for Education Management to Streamline Your Education Process
iVenture Team LLP
 
LEARN SEO AND INCREASE YOUR KNOWLDGE IN SOFTWARE INDUSTRY
LEARN SEO AND INCREASE YOUR KNOWLDGE IN SOFTWARE INDUSTRYLEARN SEO AND INCREASE YOUR KNOWLDGE IN SOFTWARE INDUSTRY
LEARN SEO AND INCREASE YOUR KNOWLDGE IN SOFTWARE INDUSTRY
NidaFarooq10
 
Who Watches the Watchmen (SciFiDevCon 2025)
Who Watches the Watchmen (SciFiDevCon 2025)Who Watches the Watchmen (SciFiDevCon 2025)
Who Watches the Watchmen (SciFiDevCon 2025)
Allon Mureinik
 
How to Optimize Your AWS Environment for Improved Cloud Performance
How to Optimize Your AWS Environment for Improved Cloud PerformanceHow to Optimize Your AWS Environment for Improved Cloud Performance
How to Optimize Your AWS Environment for Improved Cloud Performance
ThousandEyes
 
Get & Download Wondershare Filmora Crack Latest [2025]
Get & Download Wondershare Filmora Crack Latest [2025]Get & Download Wondershare Filmora Crack Latest [2025]
Get & Download Wondershare Filmora Crack Latest [2025]
saniaaftab72555
 

NGINX 101: Web Traffic Encryption with SSL/TLS and NGINX

  • 2. | ©2021 F5 2 Agenda TLS/SSL Overview Introduction TLS Protocols Cyphers Key Exchange Encryption Certificates Basic NGINX Config Demo NGINX SSL Configuration Extras Next Redirecting HTTP to HTTPS Recommended SSL settings Additional NGINX security offers
  • 3. | ©2021 F5 3 >70% 10,000 busiest websites 440M+ websites and apps OPEN SOURCE FOOTPRINT NGINX powers the Internet . . . and most enterprises! PROVEN = 1 Million
  • 4. | ©2021 F5 4 NGINX Plus Enterprise-Class Data Plane NGINX Open Source Fast, Flexible, Portable
  • 5. | ©2021 F5 5 TLS/SSL Overview CONFIDENTIAL
  • 6. | ©2021 F5 6 CONFIDENTIAL Clarifying some terms HTTPS SSL TLS Encrypting Web Traffic
  • 7. | ©2021 F5 7 10000 Ft (3048m) View THIS IS WHAT WE ARE TRYING TO ACHIEVE Client Server Key Algorithm Key Algorithm Matching key and encryption algorithm Identity confirmed, connection established, encryption of traffic between client and server.
  • 8. | ©2021 F5 8 CONFIDENTIAL Establishing an encrypted connection TCP Connection Identity and capabilities Key ‘exchange’ Bulk encryption Server Client
  • 9. | ©2021 F5 9 CONFIDENTIAL Establishing Capabilities and Identity Identity and capabilities Server Client Supported Cypher Suites
  • 10. | ©2021 F5 10 CONFIDENTIAL Establishing Capabilities and Identity Identity and capabilities Server Client Supported Cypher Suites Identity ECDHE-RSA-AES256-GCM-SHA384 RSA
  • 11. | ©2021 F5 11 CONFIDENTIAL Creating a Shared Key Identity and capabilities Key ‘exchange’ Server Client ECDHE-RSA-AES256-GCM-SHA384 Public Value Public Value Random Secret Random Secret Public Value Public Value Public Value Public Value Intermediate Intermediate
  • 12. | ©2021 F5 12 CONFIDENTIAL Creating a Shared Key Identity and capabilities Key ‘exchange’ Server Client ECDHE-RSA-AES256-GCM-SHA384 Random Secret Random Secret Intermediate Intermediate
  • 13. | ©2021 F5 13 CONFIDENTIAL Bulk Encryption Identity and capabilities Key ‘exchange’ Bulk encryption Server Client ECDHE-RSA-AES256-GCM-SHA384
  • 14. | ©2021 F5 14 CONFIDENTIAL Protocol == Control of Operations THE SSL/TLS PROTOCOL SETTING IS THE CONTROL STREAM Identity and capabilities Key ‘exchange’ Bulk encryption Server Client SSL1 SSL2 SSL3 TLS1 TLS1.1 TLS1.2 TLS1.3
  • 15. | ©2021 F5 15 Eliminates known insecure key ciphers Mandates forward secrecy Mandates more secure bulk encryption Signs whole handshake CONFIDENTIAL Why Use TLS 1.3? LATEST AND GREATEST SAFER Reduced handshakes in TLS session setup 0-RTT connections for session resumption Simpler cipher suites, fewer possible combinations FASTER 63% of Servers prefer TLS 1.3* *F5 TLS Telemetry report 2021
  • 16. | ©2021 F5 16 SSL Certificates CONFIDENTIAL
  • 17. | ©2021 F5 17 CONFIDENTIAL What is an SSL Certificate used for? Establish Identity Certificate contains identity information and is signed by a trusted Certificate Authority Signing Communications A client can verify that data was sent from the server by using the public key in the SSL certificate to decrypt it
  • 18. | ©2021 F5 18 CONFIDENTIAL SSL for Identity Verification Certificate from NGINX.com Root Certificate Authority (Balitmore Cybertrust) Intermediate Certificate (Cloudflare.com) Signs Signs Certificate Chain
  • 19. | ©2021 F5 19 CONFIDENTIAL Certificates Self Signed CA Signed Self CA Signed Generate your own Obtain from a CA Create your CA Create your cert Certificate Warnings No warnings No warnings on browsers with your root CA Dev/Test Production Internal prod/QA
  • 20. | ©2021 F5 20 NGINX SSL Configuration CONFIDENTIAL
  • 21. | ©2021 F5 21 CONFIDENTIAL NGINX Config Overview http{ # HTTP block sets global http values server { # server block defines an individual config } upstream { # upstream block defines backend servers } } Server and upstream blocks are usually contained in separate files and incorporated using the include directive
  • 22. | ©2021 F5 22 CONFIDENTIAL NGINX SSL Configuration server { listen 443 ssl; server_name www.example.com; ssl_certificate ssl/www.example.com.crt; ssl_certificate_key ssl/www.example.com.key; ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers HIGH:!aNULL:!MD5; ssl_conf_command Ciphersuites TLS_CHACHA20_POLY1305_SHA256; … Server Name – needs to match certificate* SSL Certificate and key name Allowable protocols Cipher string for for TLS 1.2 Port to listen on and protocol Cipher string for TLS 1.3
  • 23. | ©2021 F5 23 CONFIDENTIAL ssl_ciphers Explained HIGH:!aNULL:!MD5; Use the high strength set of ciphers Explicitly exclude (!) any cipher suite offering no authentication Explicitly exclude (!) any cipher suite using MD5 for hashing See what cipher strings will be listed: openssl ciphers -V 'HIGH:!aNULL:!MD5'
  • 24. | ©2021 F5 24 CONFIDENTIAL ssl_conf_command Ciphersuites TLS_CHACHA20_POLY1305_SHA256 Protocol Bulk Encryption Key Derivation TLS 1.3 has 5 recommended cipher suites (37 in TLS1.2),(319 for backward compatibility!)
  • 25. | ©2021 F5 25 Demo Time CONFIDENTIAL
  • 26. | ©2021 F5 26 CONFIDENTIAL Environment Me NGINX Proxy NGINX Webserver HTTPS 443 HTTPS 443 HTTP 8080
  • 27. | ©2021 F5 27 Other Settings: CONFIDENTIAL
  • 28. | ©2021 F5 28 CONFIDENTIAL Redirect HTTP to HTTPS server { listen 80; listen [::]:80; server_name example.com www.example.com; return 301 https://example.com$request_uri; } Add an additional server block listening on port 80, and return a HTTP redirect response to any request:
  • 29. | ©2021 F5 29 CONFIDENTIAL Improving SSL Security - Key Exchange Parameters Increase the size of one of the known parameters to 4096 bytes: Generate the key: SSL_Demo> sudo openssl dhparam -out /etc/nginx/ssl/dhkey4096.pem 4096 Add the value to the NGINX config: ssl_certificate www.example.com.crt; ssl_certificate_key www.example.com.key; ssl_dhparam /etc/ssl/dhkey4096.pem;
  • 30. | ©2021 F5 30 Add Strict Transport Security headers: add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; This informs a browser that a site should ONLY be accessed over HTTPS. Increase the timeout and set a session cache ssl_session_cache shared:SSL:10m; ssl_session_timeout 10m; CONFIDENTIAL Additional Security and Performance Settings
  • 31. | ©2021 F5 31 NGINX Security Products CONFIDENTIAL
  • 32. | ©2021 F5 32 NGINX App Protect DoS Protection against a range of DoS attacks, including hard-to-spot low and slow attacks NGINX App Protect WAF Powerful defense against layer 7 attacks Based on F5’s leading application layer firewall NGINX Kubernetes Ingress Controller Ingress control for Kubernetes, with added encryption, authentication and WAF. CONFIDENTIAL NGINX Security Products BUILT ON NGINX PLUS
  • 34. | ©2021 F5 34 CONFIDENTIAL Useful Resources Private Keys https://www.nginx.com/blog/secure-distribution-ssl-private-keys-nginx/ Cipher Suites https://www.youtube.com/watch?v=ZM3tXhPV8v0 Key Exchange https://www.youtube.com/watch?v=pa4osob1XOk TLS 1.3 https://www.nginx.com/blog/nginx-plus-r17-released/#r17-tls13