Part II: Security and Access
This is Part II of III of NGINX Cookbook. This part will focus on
security aspects and features of NGINX and NGINX Plus, the
licensed version of the NGINX server. Throughout this part, you
will learn the basics about controlling access and limiting abuse and
misuse of your web assets and applications. Security concepts such
as encryption of your web traffic as well as basic HTTP authentica‐
tion will be explained as applicable to the NGINX server. More
advanced topics are covered as well, such as setting up NGINX to
verify authentication via third-party systems as well as through
JSON Web Token Signature validation and integrating with Single
sign-on providers. This part covers some amazing features of
NGINX and NGINX Plus such as securing links for time-limited
access and security as well as enabling Web Application Firewall
capabilities of NGINX Plus with the ModSecurity module. Some of
the plug-and-play modules in this part are only available through
the paid NGINX Plus subscription, however this does not mean that
the core open source NGINX server is not capable of these securi‐
ties.
本书的第二部分将讲解 NGINX 和 NGINX PLUS 版本的安全特性。通过第二部分
相关知识,您将掌握如何配置 NGINX 服务器才能有效控制服务器资源不被应用
程序滥用。学习安全配置,如 NGINX 服务器如何使用对请求数据加密和基本的
HTTP 认证。更高级的安全配置,像 NGINX 服务器如何使用第三方认证系统进
行身份认证,如何使用 JSON 令牌校验和单点登录功能等。此外,您还将学习
NGINX 和 NGINX PLUS 版本更多惊艳的特性,如访问次数控制、使用 NGINX
PLUS 版本的 ModSecurity 模块开启防火墙功能等等。对于一些即插即用(
plug-and-pay)模块,仅能通过 NGINX PLUS 版本订阅获取,然而,这并不意
味着免费版的 NGINX 服务器不能使用。