Nginx

this document provides information on configuring our hardware security modules (hsms) with nginx by using {{futurex}} pkcs #11 libraries for additional details about your hsm, see the relevant user guide about nginx nginx is a web server that can serve as a reverse proxy, load balancer, mail proxy, and hypertext transfer protocol (http) cache the software, created by igor sysoev and publicly released in 2004, is free and open source, released under the terms of the 2 clause bsd license a web server serves websites on the internet by using the http protocol the primary job of all web servers is to accept requests from clients and send a response to that request, such as the components of the page that a visitor wants to see using hsms to protect nginx private keys the nginx server can work with private keys stored on hsms, which helps prevent key disclosure and man in the middle attacks when nginx handdles hypertext transfer protocol secure (https), it relies on the openssl library to perform all transport layer security and secure sockets layer (tls/ssl) cryptographic operations, which include private key usage certificate validation handshake negotiation while nginx does not natively interact with hsms, starting with openssl 3 0 , the legacy engine interface has been officially deprecated in favor of the modern provider architecture, which enables modular, standardized cryptographic functionality, including native support for pkcs#11 via the pkcs11 provider to enable hsm integration, you must install the pkcs11 provider library by latchset , a third party plugin that bridges openssl's provider framework with {{vectera}} this library is not distributed with openssl by default, and it must be compiled from source guardian integration the {{guard}} introduces mission critical viability to core cryptographic infrastructure, including centralization of device management elimination of points of failure distribution of transaction loads group specific function blocking user defined grouping systems see the applicable guide in the {{futurex}} portal for configuring hsms with the {{guard}} , including pkcs #11 and cng configuration