NGINX
This document provides information about configuring our HSMs with Nginx by using PKCS #11 libraries. For additional details about your HSM, see the relevant user guide.
Nginx is a web server that can serve as a reverse proxy, load balancer, mail proxy, and HTTP cache. The software, created by Igor Sysoev and publicly released in 2004, is free and open-source, released under the terms of the 2-clause BSD license.
A web server serves websites on the internet by using HTTP protocol. The primary job of all web servers is to accept requests from clients and send a response to that request, such as the components of the page that a visitor wants to see.
The Nginx Server can work with private keys stored on hardware security modules (HSMs), which helps to prevent key disclosure and man-in-the-middle attacks.
For secure communication with the HTTPS protocol, the Nginx server uses the OpenSSL library, but OpenSSL does not support PKCS #11 natively. To use HSMs, install the openssl-pkcs11 package on CentOS or the libenginepkcs11-openssl package on Ubuntu. These packages provide access to PKCS #11 modules through the engine interface. You can use a PKCS #11 URI instead of a regular file name to specify a server key and use a certificate in the configuration file for the appropriate website.