Nginx Plus r4 Improves Web Server Security

 
 
By Sean Michael Kerner  |  Posted 2014-07-24 Email Print this article Print
 
 
 
 
 
 
 
security

The new release of the commercially supported open-source Web server locks down SSL security.

Nginx, the lead commercial sponsor behind the open-source Nginx Web server, is out today with a new release of its Nginx Plus server. The Nginx Plus r4 release provides users with new security and load balancing features.

Nginx Plus is the commercially supported enterprise release of the widely deployed open-source Nginx Web server. According to the June 2014 Netcraft Web Server Survey, Nginx is powering 134 million sites around the world. The first Nginx Plus release debuted back in August 2013, providing users with additional high-availability features on top of the open-source base. New versions of Nginx Plus are now released every three months. The Nginx Plus r4 release is based on the open-source Nginx 1.7.3 release, which was released on July 8.

Among the new features of Nginx Plus r4 is something that company is describing as an end-to-end Secure Sockets Layer (SSL) capability. SSL is widely used as the mechanism by which data is safely encrypted and transported across the Web.

Owen Garrett, head of products at Nginx, explained that the new release now enables validation of SSL certificates against an internal list of SSL certificate authorities (CAs). CAs are supposed to be the trusted authorities that are able to issue, sign and revoke SSL certificates.

Garrett explained that the new SSL validation feature is used when Nginx Plus forwards traffic to an external API server, or to another Web server over HTTPS.

"There's generally a well-defined set of servers (specified in the Nginx configuration) that it talks to, rather than the Internet at large," Garrett said. "The purpose of the feature is to verify that the server defined in the configuration matches the certificate authority specified in the configuration."

The Nginx Plus r4 release also provides new load balancing enhancements, including a generic learn method for session persistence.

"Nginx Plus can learn when servers establish sessions, and can then identify when clients send requests in those sessions," Garrett said.

Garrett explained that by its nature, session persistence tends to be an all-or-nothing feature that fights against load balancing to control where traffic is routed, and this can create suboptimal performance if not configured correctly.

"This new learn method has two benefits—it does not need to modify traffic by inserting cookies, and it can be a lot more intelligent in creating sessions," he said.

The open-source version of Nginx is often deployed with load-balancing and caching technologies including Varnish or Squid. Those technologies are not needed for Nginx Plus, which integrates caching and load balancing.

"Our goal with Nginx Plus is to provide a single integrated solution that provides a combination of Web serving, caching and load balancing functionality so that customers can deploy simpler, more scalable application platforms without having to chain together a number of disparate solutions," Garrett commented.

Looking forward, there are a number of items on the roadmap for both the open-source Nginx and commercial Nginx Plus product lines. Gus Robertson, CEO of Nginx, told eWEEK that there are architectural improvements in development that will enable the Nginx code base to take advantage of maturing features in the Linux kernel.

"This will be particularly useful to organizations serving or caching very large volumes of content," Robertson said.

Additionally, there is a plan for centralized management tools that will provide a focus for a richer and more informed Nginx user community. There is also a third-party module API in the works that will allow for dynamic loading of modules.

"This will make it easier for Nginx users to keep up with Nginx development and run the most recent releases to take advantage of new features and other improvements," Robertson said. "It will also make it easier for third-party developers to build and package Nginx extensions."

Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.

 
 
 
 
 
 
 
 
 
 
 
 
 

Submit a Comment

Loading Comments...
 
Manage your Newsletters: Login   Register My Newsletters























 
 
 
 
 
 
 
 
 
 
 
Thanks for your registration, follow us on our social networks to keep up-to-date
Rocket Fuel