Part II: Security and Access

This is Part II of III of NGINX Cookbook. This part will focus on

security aspects and features of NGINX and NGINX Plus, the

licensed version of the NGINX server. Throughout this part, you

will learn the basics about controlling access and limiting abuse and

misuse of your web assets and applications. Security concepts such

as encryption of your web traffic as well as basic HTTP authentica‐

tion will be explained as applicable to the NGINX server. More

advanced topics are covered as well, such as setting up NGINX to

verify authentication via third-party systems as well as through

JSON Web Token Signature validation and integrating with Single

sign-on providers. This part covers some amazing features of

NGINX and NGINX Plus such as securing links for time-limited

access and security as well as enabling Web Application Firewall

capabilities of NGINX Plus with the ModSecurity module. Some of

the plug-and-play modules in this part are only available through

the paid NGINX Plus subscription, however this does not mean that

the core open source NGINX server is not capable of these securi‐

ties.

本书的第二部分将讲解 NGINX 和 NGINX PLUS 版本的安全特性。通过第二部分

相关知识，您将掌握如何配置 NGINX 服务器才能有效控制服务器资源不被应用

程序滥用。学习安全配置，如 NGINX 服务器如何使用对请求数据加密和基本的

HTTP 认证。更高级的安全配置，像 NGINX 服务器如何使用第三方认证系统进

行身份认证，如何使用 JSON 令牌校验和单点登录功能等。此外，您还将学习

NGINX 和 NGINX PLUS 版本更多惊艳的特性，如访问次数控制、使用 NGINX

PLUS 版本的 ModSecurity 模块开启防火墙功能等等。对于一些即插即用(

plug-and-pay)模块，仅能通过 NGINX PLUS 版本订阅获取，然而，这并不意

味着免费版的 NGINX 服务器不能使用。