A lesson from my NGINX Fundamentals course, explaining how to secure NGINX using basic auth. Get the full course: https://stackacademy.tv/nginx-fundamentals-special
A lesson from NGINX Fundamentals course, explaining how to create a basic virtual host. Get the full course: https://stackacademy.tv/nginx-fundamentals-special
NGINX makes cross-domain single sign-on easy. At Moz we power all of our user-facing application servers with the help of NGINX and Openresty with a monthly request load in the tens of millions. What you will learn: (a) How we solved Moz's problem with browser SSO with NGINX/Openresty and how simple it is to setup the stack (Openresty/Lua/Redis) to solve a problem that is now commonplace among many companies on the web. (b) How to use this lightweight HTTP server to deliver user information to web properties for free by injecting state into request headers. (c) Harness the power and simplicity of Redis to take control of your user sessions and scale with ease. (d) Other use-cases: Take this simple pattern and expand it well beyond browser authentication (think messaging platform for autonomous web properties).
Learn how some of the most innovative developers deliver apps fast and flawlessly with NGINX and NGINX Plus. The combination of web serving, load balancing, content caching, and media streaming into one package makes it easy to deploy and scale any application. To see additional case studies, visit: http://nginx.com/resources/case-studies/
Basic HTTP Authentication Review check out the LMTV show i did covering the article https://www.youtube.com/watch?v=u4kgwFf6j8o One of the things I keep my eyes peeled for are items that involve security implications. Full disclaimer, I am not a security guru, nor do I profess to be one but I do understand some of the more obvious issues. For example many of you are probably familiar with the term ‘clear text’. This is when you data or credentials are transmitted in a text format. Obviously this is not a good thing since anyone who happens to intercept this data will be able to easily see your data or credentials. Hence the introduction of encryption when your data is encoded in such a manner that only authorized applications can read the data. Unfortunately as many people know, different types of encryption have their weaknesses. In this video I cover the most simplest of http authentication; HTTP Basic. With this method, your data is encoded with Base64 in transit. Some people even go as far as stating this is encrypted, but I don’t want to go down that rabbit hole. Suffice to say that we can all agree the data is no longer in clear text. I show you that with Wireshark, and no additional downloads, plugins or scripts, Wireshark will decode the Authorization string, revealing the credentials. The syntax presente3d is simply username:password. Please keep in mind that this something specific to Wireshark, so you should take a moment to try your own protocol analyzer to see how it fairs.