Data protection

NGINX

3min

This document provides information about configuring our HSMs with Nginx by using

 PKCS #11 libraries. For additional details about your HSM, see the relevant user guide.

About Nginx

Nginx is a web server that can serve as a reverse proxy, load balancer, mail proxy, and HTTP cache. The software, created by Igor Sysoev and publicly released in 2004, is free and open-source, released under the terms of the 2-clause BSD license.

A web server serves websites on the internet by using HTTP protocol. The primary job of all web servers is to accept requests from clients and send a response to that request, such as the components of the page that a visitor wants to see.

Using HSMs to protect Nginx private keys

The Nginx Server can work with private keys stored on hardware security modules (HSMs), which helps to prevent key disclosure and man-in-the-middle attacks.

For secure communication with the HTTPS protocol, the Nginx server uses the OpenSSL library, but OpenSSL does not support PKCS #11 natively. To use HSMs, install the openssl-pkcs11 package on CentOS or the libenginepkcs11-openssl package on Ubuntu. These packages provide access to PKCS #11 modules through the engine interface. You can use a PKCS #11 URI instead of a regular file name to specify a server key and use a certificate in the configuration file for the appropriate website.

Guardian integration