SlideShare a Scribd company logo
Securing Your Containerized
Applications with NGINX
Kevin Jones
Sr Product Manager
NGINX, now part of F5
@webopsx
• Benefits of a Reverse Proxy for Security
• NGINX Best Practices for TLS
• Running NGINX in Docker
• Q&A
Todays talk!
Benefits of a Reverse
Proxy
● HTTP Security and Façade Routing
● TLS Offload
● Authentication / Authorization Offload
HTTP Security & Façade Routing
● Restrict Access to Specific URLs
● Intercept Response Headers from Upstream Servers
● Control Request Methods
● Control Domain Level Access
● Provide a Layer of Façade URLs for Routing to
Microservices
● Rewrite URLs for Backwards Compatibility
● API Version Control / Testing (A/B)
A Reverse Proxy can…
Service C
Service B
Service AService A
Login
Service
/login
:32706
Service B
Inventory
Service
/inventory
:32717
Service C
Partner
API
/api/beta
:32724
api.example.com
*:80
/api/v2/login
/api/v1/inventory
/admin/
partner.example.com
*:80
/api/v1
GET
Reverse Proxy /
Gateway
PUT
PATCH
Service C
Service B
Service AService A
Login
Service
/login
:32706
Service B
Inventory
Service
/inventory
:32717
Service C
Partner
API
/api/beta
:32724
api.example.com
*:80
/api/v2/login
/api/v1/inventory
/admin/
partner.example.com
*:80
/api/v1
Reverse Proxy /
GatewayNGINX Directive
server_name
listen
location
limit_except
proxy_pass
upstream
map
if
PUT
PATCH
GET
SSL/TLS
● SSL/TLS Protocols
● Ciphers
● Sessions
● Certificate and Key Management
● OCSP
● Performance Degradation
● Security Vulnerabilities and Patching
Complexities of TLSComplexities of TLS RSA, DH, ECDH,
SRP, PSK??!
Let's Encrypt
● A Cron process can update
certificates and keys
NGINX
API
Cron (Certbot)
● The certificates and keys can be
stored on disk or in memory
depending on security
requirements
● If you are using NGINX,
certificates and keys can be
loaded from disk on demand
(lazy load)
● If using NGINX Plus, your
certificates and keys can be
stored in the NGINX Plus key-
value database
Authentication &
Authorization
● Offload credential validation
● Intercept unauthenticated requests
● Support integration with an IDP or other
authentication flows
● Support multi factor requirements
● Once that client is validated, authorization provides
policy enforcement on specific HTTP access
Authentication and
Authorization
GET w/ JSON Web
Token
JSON Web Key
Payload
{
"alg": "HS256",
"typ": "JWT"
}
Header
{
"alg": "HS256",
"typ": "JWT"
}
Authorization: Bearer
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzd
WIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gR
G9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.N3Hb-
h4CdvYDpm6iT-kQVAXt_q2vBnnZ-BDLfOPrd18
Raffle Time! Check the chat to
see if you've won!
NGINX Best Practices
For Configuring TLS
https://www.ssllabs.com/ssltest/
server {
listen 443 ssl default_server;
server_name example.com;
ssl_certificate /path/to/cert.pem;
ssl_certificate_key /path/to/key.pem;
# SSL protocols
ssl_protocols TLSv1.3 TLSv1.2;
# SSL ciphers
ssl_prefer_server_ciphers on;
ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-
SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384;
# DH parameters and curve
ssl_dhparam /path/to/dhparam.pem;
ssl_ecdh_curve secp384r1;
}
CODE EDITOR
Generate
stronger DH
parameters
• This will take a while, be
patient
• For highest security, It is
recommended to use a bit
length of 4096
CODE EDITOR
$ openssl dhparam -out /etc/ssl/certsdhparam.pem 4096
Generating DH parameters, 4096 bit long safe prime, generator 2
This is going to take a long time
............+.......................+..................................................................
.........................................................................................................
...........................+............................................................................
............................................................+...........................................
.........................................................................................................
..................................................................................................+.....
.........+...........................+.................................................................
https://www.ssllabs.com/ssltest/
CODE EDITOR
server {
# HTTP STS
add_header Strict-Transport-Security "max-
age=31536000; includeSubDomains; preload" always;
}
Enable HTTP
Strict
Transport
Security
• Informs browsers to always
interact with your site over
HTTPS
• This will protect your site
against various attacks such as
downgrade attacks and
possible cookie hijacking
https://www.ssllabs.com/ssltest/
Deploying NGINX on
Docker
Service C
Service B
Service AService A
Login
Service
:32706
Service B
Inventory
Service
:32717
Service C
Partner
API
:32724
api.example.com
*:80 / *:443
/api/v2/login
/api/v1/inventory
/admin/
partner.example.com
:443
/api/v1
Reverse Proxy /
Gateway
api.example.com
*:80 / *:443
/api/v2/login
/api/v1/inventory
/admin
partner.example.com
:443
/api/v1
Configure
NGINX with
Docker Compose
• Configure services you want
to communicate thru NGINX
using "expose"
• Link your services together
with the "links" option
• Then publish your NGINX
service using the "ports"
mapping
CODE EDITOR
nginx:
build: ./nginx
container_name: nginx
restart: always
links:
- login
ports:
- "80:80"
volumes:
- ./etc/nginx/conf.d/server.conf:/etc/nginx/conf.d/server.conf
login:
build: ./login
container_name: login
restart: always
expose:
- "80"
NGINX
Configuration
CODE EDITOR
user nginx;
events {
worker_connections 1024;
}
http {
server {
listen 80;
location /login {
proxy_pass http://login:80;
}
}
}
Use the proxy_pass
directive to configure
NGINX to resolve the
embedded Docker DNS
server; this will support
any scaling of your
services while using
Docker Compose
Login
Servicelogin.example.com
Reverse Proxy
Inventory
Serviceinventory.example.com
Reverse Proxy
Partner
APIpartner.example.com
Reverse Proxy
Login
Service
127.0.0.1:9001login.example.com
Sidecar Proxy
Inventory
Service
127.0.0.1:7001inventory.example.com
Sidecar Proxy
Partner
API
127.0.0.1:5001partner.example.com
Sidecar Proxy
Sidecar
Proxy
Deploying NGINX as a
Sidecar Proxy provides
the ability to optimize
TLS, standardize on
HTTP protocol behavior
and offload functionality
that is already designed
into NGINX without the
need of developing it as
code, such as
authentication and
authorization
Sidecar Proxy
• Using proxy_pass you can
route requests to your
application listening on
localhost within the
container
CODE EDITOR
http {
server {
listen 80;
server_name partner.example.com;
location /api/v2 {
proxy_pass http://127.0.0.1:5001;
}
}
}
Partner
API
127.0.0.1:5001partner.example.com
Sidecar Proxy
Thank you for watching!
Visit https://swag-nginx.com
Use code: DOCKERCON30
For 30% off!
Questions?
kevin@nginx.com
Title font Monserrat bold 30pt
Secondary headline font Monserrat 18pt
CODE EDITOR
{
“Lorem”: “ipsum”,
“laudantium”: 42
}
Side title
Secondary
headline
CODE EDITOR
{
“Lorem”: “ipsum”,
“laudantium”: 42
}Sed ut perspiciatis unde
omnis iste natus error sit
voluptatem accusantium
dolor laudantium, totam
rem aperiam, eaque ipsa
quae ab illo inventore
veritatis et quasi
architecto beatae vitae.
Side title
Secondary
headline
CODE EDITOR
{
“Lorem”: “ipsum”,
“laudantium”: 42
} Sed ut perspiciatis unde
omnis iste natus error sit
voluptatem accusantium
dolor laudantium, totam
rem aperiam, eaque ipsa
quae ab illo inventore
veritatis et quasi
architecto beatae vitae.
At vero eos et accusamus et
iusto odio dignissimos ducimus
qui blanditiis praesentium
voluptatum deleniti atque
corrupti.
Headline here
Slide title / 2 line max.
Secondary headline / 1 line max. Delete if slide title is
2 lines.
Sed ut perspiciatis unde omnis iste natus error sit
voluptatem accusantium doloremque laudantium, totam
rem aperiam, eaque ipsa quae ab illo inventore veritatis et
quasi architecto beatae vitae dicta sunt explicabo.
Nemo enim ipsam voluptatem quia voluptas sit aspernatur
aut odit aut fugit, sed quia consequuntur.
Slide title / 2 line max.
Secondary headline / 1 line max. Delete if slide title is
2 lines.
Sed ut perspiciatis unde omnis iste natus error sit
voluptatem accusantium doloremque laudantium, totam
rem aperiam, eaque ipsa quae ab illo inventore veritatis et
quasi architecto beatae vitae dicta sunt explicabo.
Nemo enim ipsam voluptatem quia voluptas sit aspernatur
aut odit aut fugit, sed quia consequuntur.
Paragraph font Open Sans 18pt.
Title font Monserrat bold 30pt
Secondary headline font Monserrat 18pt
Paragraph font Open Sans 18pt.
Title font Monserrat bold 30pt
Secondary headline font Monserrat 18pt
Section title.
Sed ut perspiciatis unde omnis iste natus error sit voluptatem accusantium
doloremque laudantium, totam rem aperiam.
Section title.
Sed ut perspiciatis unde omnis iste natus error sit voluptatem accusantium
doloremque laudantium, totam rem aperiam.
Title font Monserrat bold 30pt
Secondary headline font Monserrat 18pt
Section title.
Sed ut perspiciatis unde omnis iste natus error sit voluptatem accusantium
doloremque laudantium, totam rem aperiam.
Section title.
Sed ut perspiciatis unde omnis iste natus error sit voluptatem accusantium
doloremque laudantium, totam rem aperiam.
Title font Monserrat bold 30pt
Secondary headline font Monserrat 18pt
Section title.
Nemo enim ipsam voluptatem quia voluptas
sit aspernatur aut odit aut fugit, sed quia
consequuntur. Sed ut perspiciatis unde
omnis iste natus error sit voluptatem
accusantium doloremque laudantium, totam
rem aperiam.
Title font Monserrat bold 30pt
Secondary headline font Monserrat 18pt
Section title.
Nemo enim ipsam voluptatem quia voluptas
sit aspernatur aut odit aut fugit, sed quia
consequuntur. Sed ut perspiciatis unde
omnis iste natus error sit voluptatem
accusantium doloremque laudantium, totam
rem aperiam.
Title font Monserrat bold 30pt
Secondary headline font Monserrat 18pt
Section title.
Nemo enim ipsam voluptatem quia voluptas
sit aspernatur aut odit aut fugit, sed quia
consequuntur. Sed ut perspiciatis unde
omnis iste natus error sit voluptatem
accusantium doloremque laudantium, totam
rem aperiam.
Section title.
Nemo enim ipsam voluptatem quia voluptas
sit aspernatur aut odit aut fugit, sed quia
consequuntur. Sed ut perspiciatis unde
omnis iste natus error sit voluptatem
accusantium doloremque laudantium, totam
rem aperiam.
Title font Monserrat bold 30pt
Secondary headline font Monserrat 18pt
Section title.
Nemo enim ipsam voluptatem
quia voluptas sit aspernatur
aut odit aut fugit, sed quia
consequuntur. Sed ut
perspiciatis unde omnis.
Section title.
Nemo enim ipsam voluptatem
quia voluptas sit aspernatur
aut odit aut fugit, sed quia
consequuntur. Sed ut
perspiciatis unde omnis.
Section title.
Nemo enim ipsam voluptatem
quia voluptas sit aspernatur
aut odit aut fugit, sed quia
consequuntur. Sed ut
perspiciatis unde omnis.
● Bullet One
● Bullet Two
● Bullet Three
● Bullet Four
● Bullet Five
● Bullet Six
Title font Monserrat bold 30pt
Secondary headline font Monserrat 18pt
1. Bullet One
2. Bullet Two
3. Bullet Three
4. Bullet Four
5. Bullet Five
6. Bullet Six
Title font Monserrat bold 30pt
Secondary headline font Monserrat 18pt
Side title
Secondary
headline 1,000+
Paragraph title bold 14pt
Body copy open sans 14pt
1,000+
Paragraph title bold 14pt
Body copy open sans 14pt
1,000+
Paragraph title bold 14pt
Body copy open sans 14pt
1,000+
Paragraph title bold 14pt
Body copy open sans 14pt
Title here
Sed ut perspiciatis unde omnis iste natus error
sit voluptatem accusantium doloremque
laudantium, totam rem aperiam, eaque ipsa quae
ab illo inventore veritatis et quasi architecto
beatae vitae dicta sunt explicabo.
Nemo enim ipsam voluptatem quia voluptas sit
aspernatur aut odit aut fugit, sed quia
consequuntur magni dolores eos qui ratione
voluptatem sequi nesciunt.
● Lorem ipsum
● Lorem ipsum
● Lorem ipsum
● Lorem ipsum
● Lorem ipsum
● Lorem ipsum
Image &
diagram Slides
Title font Monserrat bold 30pt
Secondary headline font Monserrat 18pt
Section title.
Nemo enim ipsam voluptatem quia voluptas
sit aspernatur aut odit aut fugit, sed quia
consequuntur. Sed ut perspiciatis unde
omnis.
Nemo enim ipsam voluptatem quia voluptas
sit aspernatur aut odit aut fugit.
Title font Monserrat bold 30pt
Secondary headline font Monserrat 18pt
Section title.
Nemo enim ipsam voluptatem quia voluptas
sit aspernatur aut odit aut fugit, sed quia
consequuntur. Sed ut perspiciatis unde
omnis.
Nemo enim ipsam voluptatem quia voluptas
sit aspernatur aut odit aut fugit.
Title font Monserrat bold 30pt
Title font Monserrat bold 30pt
Secondary headline font Monserrat 18pt
Title here
Sed ut perspiciatis unde omnis iste natus
error sit voluptatem accusantium
doloremque laudantium, totam rem
aperiam, eaque ipsa quae ab illo inventore
veritatis et quasi architecto beatae vitae
dicta sunt explicabo.
Nemo enim ipsam voluptatem quia
voluptas sit aspernatur aut odit aut fugit,
sed quia consequuntur magni dolores eos
qui ratione voluptatem.
Title here
● Bullet One
● Bullet Two
● Bullet Three
● Bullet Four
● Bullet Five
● Bullet Six
Title font Monserrat
Title font Monserrat
Screenshot Slides
Title font Monserrat bold 30pt
Secondary headline font Monserrat 18pt
Side title
Secondary
headline
Side title
Secondary headline
Code block Slides
Title font Monserrat bold 30pt
Secondary headline font Monserrat 18pt
CODE EDITOR
{
“Lorem”: “ipsum”,
“laudantium”: 42
}
Side title
Secondary
headline
CODE EDITOR
{
“Lorem”: “ipsum”,
“laudantium”: 42
}Sed ut perspiciatis unde
omnis iste natus error sit
voluptatem accusantium
dolor laudantium, totam
rem aperiam, eaque ipsa
quae ab illo inventore
veritatis et quasi
architecto beatae vitae.
Side title
Secondary
headline
CODE EDITOR
{
“Lorem”: “ipsum”,
“laudantium”: 42
} Sed ut perspiciatis unde
omnis iste natus error sit
voluptatem accusantium
dolor laudantium, totam
rem aperiam, eaque ipsa
quae ab illo inventore
veritatis et quasi
architecto beatae vitae.
Callout Slides
Callout or quote text
Monserrat bold 36pt
Body copy font Monserrat 18pt
Logos on dark
Docker Logos
Docker Logos
Logos on white
Text styles
Display
Slide Title
Section Title
BodyParagraph Title
Caption
Small BodySmall Paragraph Title
Large Body
LABEL
Color Palette
Primary
Color Palette
Secondary
Color Palette
Icons
Icons
Icons

More Related Content

What's hot

5 things you didn't know nginx could do velocity
5 things you didn't know nginx could do   velocity5 things you didn't know nginx could do   velocity
5 things you didn't know nginx could do velocitysarahnovotny
 
Altitude SF 2017: Optimizing your hit rate
Altitude SF 2017: Optimizing your hit rateAltitude SF 2017: Optimizing your hit rate
Altitude SF 2017: Optimizing your hit rateFastly
 
Maximizing PHP Performance with NGINX
Maximizing PHP Performance with NGINXMaximizing PHP Performance with NGINX
Maximizing PHP Performance with NGINXNGINX, Inc.
 
Nginx internals
Nginx internalsNginx internals
Nginx internalsliqiang xu
 
Nginx Deep Dive Kubernetes Ingress
Nginx Deep Dive Kubernetes IngressNginx Deep Dive Kubernetes Ingress
Nginx Deep Dive Kubernetes IngressKnoldus Inc.
 
Lcu14 Lightning Talk- NGINX
Lcu14 Lightning Talk- NGINXLcu14 Lightning Talk- NGINX
Lcu14 Lightning Talk- NGINXLinaro
 
Introduction to Nginx
Introduction to NginxIntroduction to Nginx
Introduction to NginxKnoldus Inc.
 
Delivering High-Availability Web Services with NGINX Plus on AWS
Delivering High-Availability Web Services with NGINX Plus on AWSDelivering High-Availability Web Services with NGINX Plus on AWS
Delivering High-Availability Web Services with NGINX Plus on AWSNGINX, Inc.
 
NGINX: Basics and Best Practices
NGINX: Basics and Best PracticesNGINX: Basics and Best Practices
NGINX: Basics and Best PracticesNGINX, Inc.
 
NGINX Ingress Controller for Kubernetes
NGINX Ingress Controller for KubernetesNGINX Ingress Controller for Kubernetes
NGINX Ingress Controller for KubernetesNGINX, Inc.
 
NGINX 101 - now with more Docker
NGINX 101 - now with more DockerNGINX 101 - now with more Docker
NGINX 101 - now with more DockerSarah Novotny
 
NGINX: Basics & Best Practices - EMEA Broadcast
NGINX: Basics & Best Practices - EMEA BroadcastNGINX: Basics & Best Practices - EMEA Broadcast
NGINX: Basics & Best Practices - EMEA BroadcastNGINX, Inc.
 
Apache Kafka – (Pattern and) Anti-Pattern
Apache Kafka – (Pattern and) Anti-PatternApache Kafka – (Pattern and) Anti-Pattern
Apache Kafka – (Pattern and) Anti-Patternconfluent
 
Nginx A High Performance Load Balancer, Web Server & Reverse Proxy
Nginx A High Performance Load Balancer, Web Server & Reverse ProxyNginx A High Performance Load Balancer, Web Server & Reverse Proxy
Nginx A High Performance Load Balancer, Web Server & Reverse ProxyAmit Aggarwal
 
The 3 Models in the NGINX Microservices Reference Architecture
The 3 Models in the NGINX Microservices Reference ArchitectureThe 3 Models in the NGINX Microservices Reference Architecture
The 3 Models in the NGINX Microservices Reference ArchitectureNGINX, Inc.
 
High Availability Content Caching with NGINX
High Availability Content Caching with NGINXHigh Availability Content Caching with NGINX
High Availability Content Caching with NGINXNGINX, Inc.
 
Altitude SF 2017: Logging at the edge
Altitude SF 2017: Logging at the edgeAltitude SF 2017: Logging at the edge
Altitude SF 2017: Logging at the edgeFastly
 

What's hot (20)

5 things you didn't know nginx could do velocity
5 things you didn't know nginx could do   velocity5 things you didn't know nginx could do   velocity
5 things you didn't know nginx could do velocity
 
Altitude SF 2017: Optimizing your hit rate
Altitude SF 2017: Optimizing your hit rateAltitude SF 2017: Optimizing your hit rate
Altitude SF 2017: Optimizing your hit rate
 
Maximizing PHP Performance with NGINX
Maximizing PHP Performance with NGINXMaximizing PHP Performance with NGINX
Maximizing PHP Performance with NGINX
 
Nginx internals
Nginx internalsNginx internals
Nginx internals
 
Nginx Essential
Nginx EssentialNginx Essential
Nginx Essential
 
Nginx Deep Dive Kubernetes Ingress
Nginx Deep Dive Kubernetes IngressNginx Deep Dive Kubernetes Ingress
Nginx Deep Dive Kubernetes Ingress
 
Lcu14 Lightning Talk- NGINX
Lcu14 Lightning Talk- NGINXLcu14 Lightning Talk- NGINX
Lcu14 Lightning Talk- NGINX
 
Introduction to Nginx
Introduction to NginxIntroduction to Nginx
Introduction to Nginx
 
Delivering High-Availability Web Services with NGINX Plus on AWS
Delivering High-Availability Web Services with NGINX Plus on AWSDelivering High-Availability Web Services with NGINX Plus on AWS
Delivering High-Availability Web Services with NGINX Plus on AWS
 
Nginx
NginxNginx
Nginx
 
NGINX Plus on AWS
NGINX Plus on AWSNGINX Plus on AWS
NGINX Plus on AWS
 
NGINX: Basics and Best Practices
NGINX: Basics and Best PracticesNGINX: Basics and Best Practices
NGINX: Basics and Best Practices
 
NGINX Ingress Controller for Kubernetes
NGINX Ingress Controller for KubernetesNGINX Ingress Controller for Kubernetes
NGINX Ingress Controller for Kubernetes
 
NGINX 101 - now with more Docker
NGINX 101 - now with more DockerNGINX 101 - now with more Docker
NGINX 101 - now with more Docker
 
NGINX: Basics & Best Practices - EMEA Broadcast
NGINX: Basics & Best Practices - EMEA BroadcastNGINX: Basics & Best Practices - EMEA Broadcast
NGINX: Basics & Best Practices - EMEA Broadcast
 
Apache Kafka – (Pattern and) Anti-Pattern
Apache Kafka – (Pattern and) Anti-PatternApache Kafka – (Pattern and) Anti-Pattern
Apache Kafka – (Pattern and) Anti-Pattern
 
Nginx A High Performance Load Balancer, Web Server & Reverse Proxy
Nginx A High Performance Load Balancer, Web Server & Reverse ProxyNginx A High Performance Load Balancer, Web Server & Reverse Proxy
Nginx A High Performance Load Balancer, Web Server & Reverse Proxy
 
The 3 Models in the NGINX Microservices Reference Architecture
The 3 Models in the NGINX Microservices Reference ArchitectureThe 3 Models in the NGINX Microservices Reference Architecture
The 3 Models in the NGINX Microservices Reference Architecture
 
High Availability Content Caching with NGINX
High Availability Content Caching with NGINXHigh Availability Content Caching with NGINX
High Availability Content Caching with NGINX
 
Altitude SF 2017: Logging at the edge
Altitude SF 2017: Logging at the edgeAltitude SF 2017: Logging at the edge
Altitude SF 2017: Logging at the edge
 

Similar to Securing Your Containerized Applications with NGINX

BDD to the Bone: Using Behave and Selenium to Test-Drive Web Applications
BDD to the Bone: Using Behave and Selenium to Test-Drive Web ApplicationsBDD to the Bone: Using Behave and Selenium to Test-Drive Web Applications
BDD to the Bone: Using Behave and Selenium to Test-Drive Web ApplicationsPatrick Viafore
 
如何使用 iframe 製作一個易於更新及更安全的前端套件
如何使用 iframe 製作一個易於更新及更安全的前端套件如何使用 iframe 製作一個易於更新及更安全的前端套件
如何使用 iframe 製作一個易於更新及更安全的前端套件Mu Chun Wang
 
From ZERO to REST in an hour
From ZERO to REST in an hour From ZERO to REST in an hour
From ZERO to REST in an hour Cisco DevNet
 
JWT: jku x5u
JWT: jku x5uJWT: jku x5u
JWT: jku x5usnyff
 
Workshop KrakYourNet2016 - Web applications hacking Ruby on Rails example
Workshop KrakYourNet2016 - Web applications hacking Ruby on Rails example Workshop KrakYourNet2016 - Web applications hacking Ruby on Rails example
Workshop KrakYourNet2016 - Web applications hacking Ruby on Rails example Anna Klepacka
 
Monitoring at scale: Migrating to Prometheus at Fastly
Monitoring at scale: Migrating to Prometheus at FastlyMonitoring at scale: Migrating to Prometheus at Fastly
Monitoring at scale: Migrating to Prometheus at FastlyMarcus Barczak
 
Managing microservices with istio on OpenShift - Meetup
Managing microservices with istio on OpenShift - MeetupManaging microservices with istio on OpenShift - Meetup
Managing microservices with istio on OpenShift - MeetupJosé Román Martín Gil
 
Pentesting RESTful webservices
Pentesting RESTful webservicesPentesting RESTful webservices
Pentesting RESTful webservicesMohammed A. Imran
 
Hacking Client Side Insecurities
Hacking Client Side InsecuritiesHacking Client Side Insecurities
Hacking Client Side Insecuritiesamiable_indian
 
RoR Workshop - Web applications hacking - Ruby on Rails example
RoR Workshop - Web applications hacking - Ruby on Rails exampleRoR Workshop - Web applications hacking - Ruby on Rails example
RoR Workshop - Web applications hacking - Ruby on Rails exampleRailwaymen
 
DEF CON 27 - BEN SADEGHIPOUR - owning the clout through ssrf and pdf generators
DEF CON 27 - BEN SADEGHIPOUR  - owning the clout through ssrf and pdf generatorsDEF CON 27 - BEN SADEGHIPOUR  - owning the clout through ssrf and pdf generators
DEF CON 27 - BEN SADEGHIPOUR - owning the clout through ssrf and pdf generatorsFelipe Prado
 
支撐英雄聯盟戰績網的那條巨蟒
支撐英雄聯盟戰績網的那條巨蟒支撐英雄聯盟戰績網的那條巨蟒
支撐英雄聯盟戰績網的那條巨蟒Toki Kanno
 
DockerCon Live 2020 - Securing Your Containerized Application with NGINX
DockerCon Live 2020 - Securing Your Containerized Application with NGINXDockerCon Live 2020 - Securing Your Containerized Application with NGINX
DockerCon Live 2020 - Securing Your Containerized Application with NGINXKevin Jones
 
Developer's Guide to JavaScript and Web Cryptography
Developer's Guide to JavaScript and Web CryptographyDeveloper's Guide to JavaScript and Web Cryptography
Developer's Guide to JavaScript and Web CryptographyKevin Hakanson
 
Take a Groovy REST
Take a Groovy RESTTake a Groovy REST
Take a Groovy RESTRestlet
 
how to use openstack api
how to use openstack apihow to use openstack api
how to use openstack apiLiang Bo
 
the grinder testing certification
the grinder testing certificationthe grinder testing certification
the grinder testing certificationVskills
 

Similar to Securing Your Containerized Applications with NGINX (20)

BDD to the Bone: Using Behave and Selenium to Test-Drive Web Applications
BDD to the Bone: Using Behave and Selenium to Test-Drive Web ApplicationsBDD to the Bone: Using Behave and Selenium to Test-Drive Web Applications
BDD to the Bone: Using Behave and Selenium to Test-Drive Web Applications
 
如何使用 iframe 製作一個易於更新及更安全的前端套件
如何使用 iframe 製作一個易於更新及更安全的前端套件如何使用 iframe 製作一個易於更新及更安全的前端套件
如何使用 iframe 製作一個易於更新及更安全的前端套件
 
From ZERO to REST in an hour
From ZERO to REST in an hour From ZERO to REST in an hour
From ZERO to REST in an hour
 
JWT: jku x5u
JWT: jku x5uJWT: jku x5u
JWT: jku x5u
 
Workshop KrakYourNet2016 - Web applications hacking Ruby on Rails example
Workshop KrakYourNet2016 - Web applications hacking Ruby on Rails example Workshop KrakYourNet2016 - Web applications hacking Ruby on Rails example
Workshop KrakYourNet2016 - Web applications hacking Ruby on Rails example
 
Monitoring at scale: Migrating to Prometheus at Fastly
Monitoring at scale: Migrating to Prometheus at FastlyMonitoring at scale: Migrating to Prometheus at Fastly
Monitoring at scale: Migrating to Prometheus at Fastly
 
Managing microservices with istio on OpenShift - Meetup
Managing microservices with istio on OpenShift - MeetupManaging microservices with istio on OpenShift - Meetup
Managing microservices with istio on OpenShift - Meetup
 
Pentesting RESTful webservices
Pentesting RESTful webservicesPentesting RESTful webservices
Pentesting RESTful webservices
 
Hacking Client Side Insecurities
Hacking Client Side InsecuritiesHacking Client Side Insecurities
Hacking Client Side Insecurities
 
RoR Workshop - Web applications hacking - Ruby on Rails example
RoR Workshop - Web applications hacking - Ruby on Rails exampleRoR Workshop - Web applications hacking - Ruby on Rails example
RoR Workshop - Web applications hacking - Ruby on Rails example
 
2023-May.pptx
2023-May.pptx2023-May.pptx
2023-May.pptx
 
NullMQ @ PDX
NullMQ @ PDXNullMQ @ PDX
NullMQ @ PDX
 
DEF CON 27 - BEN SADEGHIPOUR - owning the clout through ssrf and pdf generators
DEF CON 27 - BEN SADEGHIPOUR  - owning the clout through ssrf and pdf generatorsDEF CON 27 - BEN SADEGHIPOUR  - owning the clout through ssrf and pdf generators
DEF CON 27 - BEN SADEGHIPOUR - owning the clout through ssrf and pdf generators
 
支撐英雄聯盟戰績網的那條巨蟒
支撐英雄聯盟戰績網的那條巨蟒支撐英雄聯盟戰績網的那條巨蟒
支撐英雄聯盟戰績網的那條巨蟒
 
DockerCon Live 2020 - Securing Your Containerized Application with NGINX
DockerCon Live 2020 - Securing Your Containerized Application with NGINXDockerCon Live 2020 - Securing Your Containerized Application with NGINX
DockerCon Live 2020 - Securing Your Containerized Application with NGINX
 
Developer's Guide to JavaScript and Web Cryptography
Developer's Guide to JavaScript and Web CryptographyDeveloper's Guide to JavaScript and Web Cryptography
Developer's Guide to JavaScript and Web Cryptography
 
Kubernetes debug like a pro
Kubernetes debug like a proKubernetes debug like a pro
Kubernetes debug like a pro
 
Take a Groovy REST
Take a Groovy RESTTake a Groovy REST
Take a Groovy REST
 
how to use openstack api
how to use openstack apihow to use openstack api
how to use openstack api
 
the grinder testing certification
the grinder testing certificationthe grinder testing certification
the grinder testing certification
 

More from Docker, Inc.

Containerize Your Game Server for the Best Multiplayer Experience
Containerize Your Game Server for the Best Multiplayer Experience Containerize Your Game Server for the Best Multiplayer Experience
Containerize Your Game Server for the Best Multiplayer Experience Docker, Inc.
 
How to Improve Your Image Builds Using Advance Docker Build
How to Improve Your Image Builds Using Advance Docker BuildHow to Improve Your Image Builds Using Advance Docker Build
How to Improve Your Image Builds Using Advance Docker BuildDocker, Inc.
 
Build & Deploy Multi-Container Applications to AWS
Build & Deploy Multi-Container Applications to AWSBuild & Deploy Multi-Container Applications to AWS
Build & Deploy Multi-Container Applications to AWSDocker, Inc.
 
How To Build and Run Node Apps with Docker and Compose
How To Build and Run Node Apps with Docker and ComposeHow To Build and Run Node Apps with Docker and Compose
How To Build and Run Node Apps with Docker and ComposeDocker, Inc.
 
Distributed Deep Learning with Docker at Salesforce
Distributed Deep Learning with Docker at SalesforceDistributed Deep Learning with Docker at Salesforce
Distributed Deep Learning with Docker at SalesforceDocker, Inc.
 
The First 10M Pulls: Building The Official Curl Image for Docker Hub
The First 10M Pulls: Building The Official Curl Image for Docker HubThe First 10M Pulls: Building The Official Curl Image for Docker Hub
The First 10M Pulls: Building The Official Curl Image for Docker HubDocker, Inc.
 
Monitoring in a Microservices World
Monitoring in a Microservices WorldMonitoring in a Microservices World
Monitoring in a Microservices WorldDocker, Inc.
 
COVID-19 in Italy: How Docker is Helping the Biggest Italian IT Company Conti...
COVID-19 in Italy: How Docker is Helping the Biggest Italian IT Company Conti...COVID-19 in Italy: How Docker is Helping the Biggest Italian IT Company Conti...
COVID-19 in Italy: How Docker is Helping the Biggest Italian IT Company Conti...Docker, Inc.
 
Predicting Space Weather with Docker
Predicting Space Weather with DockerPredicting Space Weather with Docker
Predicting Space Weather with DockerDocker, Inc.
 
Become a Docker Power User With Microsoft Visual Studio Code
Become a Docker Power User With Microsoft Visual Studio CodeBecome a Docker Power User With Microsoft Visual Studio Code
Become a Docker Power User With Microsoft Visual Studio CodeDocker, Inc.
 
How to Use Mirroring and Caching to Optimize your Container Registry
How to Use Mirroring and Caching to Optimize your Container RegistryHow to Use Mirroring and Caching to Optimize your Container Registry
How to Use Mirroring and Caching to Optimize your Container RegistryDocker, Inc.
 
Monolithic to Microservices + Docker = SDLC on Steroids!
Monolithic to Microservices + Docker = SDLC on Steroids!Monolithic to Microservices + Docker = SDLC on Steroids!
Monolithic to Microservices + Docker = SDLC on Steroids!Docker, Inc.
 
Kubernetes at Datadog Scale
Kubernetes at Datadog ScaleKubernetes at Datadog Scale
Kubernetes at Datadog ScaleDocker, Inc.
 
Labels, Labels, Labels
Labels, Labels, Labels Labels, Labels, Labels
Labels, Labels, Labels Docker, Inc.
 
Using Docker Hub at Scale to Support Micro Focus' Delivery and Deployment Model
Using Docker Hub at Scale to Support Micro Focus' Delivery and Deployment ModelUsing Docker Hub at Scale to Support Micro Focus' Delivery and Deployment Model
Using Docker Hub at Scale to Support Micro Focus' Delivery and Deployment ModelDocker, Inc.
 
Build & Deploy Multi-Container Applications to AWS
Build & Deploy Multi-Container Applications to AWSBuild & Deploy Multi-Container Applications to AWS
Build & Deploy Multi-Container Applications to AWSDocker, Inc.
 
From Fortran on the Desktop to Kubernetes in the Cloud: A Windows Migration S...
From Fortran on the Desktop to Kubernetes in the Cloud: A Windows Migration S...From Fortran on the Desktop to Kubernetes in the Cloud: A Windows Migration S...
From Fortran on the Desktop to Kubernetes in the Cloud: A Windows Migration S...Docker, Inc.
 
Developing with Docker for the Arm Architecture
Developing with Docker for the Arm ArchitectureDeveloping with Docker for the Arm Architecture
Developing with Docker for the Arm ArchitectureDocker, Inc.
 
Sharing is Caring: How to Begin Speaking at Conferences
Sharing is Caring: How to Begin Speaking at ConferencesSharing is Caring: How to Begin Speaking at Conferences
Sharing is Caring: How to Begin Speaking at ConferencesDocker, Inc.
 

More from Docker, Inc. (20)

Containerize Your Game Server for the Best Multiplayer Experience
Containerize Your Game Server for the Best Multiplayer Experience Containerize Your Game Server for the Best Multiplayer Experience
Containerize Your Game Server for the Best Multiplayer Experience
 
How to Improve Your Image Builds Using Advance Docker Build
How to Improve Your Image Builds Using Advance Docker BuildHow to Improve Your Image Builds Using Advance Docker Build
How to Improve Your Image Builds Using Advance Docker Build
 
Build & Deploy Multi-Container Applications to AWS
Build & Deploy Multi-Container Applications to AWSBuild & Deploy Multi-Container Applications to AWS
Build & Deploy Multi-Container Applications to AWS
 
How To Build and Run Node Apps with Docker and Compose
How To Build and Run Node Apps with Docker and ComposeHow To Build and Run Node Apps with Docker and Compose
How To Build and Run Node Apps with Docker and Compose
 
Hands-on Helm
Hands-on Helm Hands-on Helm
Hands-on Helm
 
Distributed Deep Learning with Docker at Salesforce
Distributed Deep Learning with Docker at SalesforceDistributed Deep Learning with Docker at Salesforce
Distributed Deep Learning with Docker at Salesforce
 
The First 10M Pulls: Building The Official Curl Image for Docker Hub
The First 10M Pulls: Building The Official Curl Image for Docker HubThe First 10M Pulls: Building The Official Curl Image for Docker Hub
The First 10M Pulls: Building The Official Curl Image for Docker Hub
 
Monitoring in a Microservices World
Monitoring in a Microservices WorldMonitoring in a Microservices World
Monitoring in a Microservices World
 
COVID-19 in Italy: How Docker is Helping the Biggest Italian IT Company Conti...
COVID-19 in Italy: How Docker is Helping the Biggest Italian IT Company Conti...COVID-19 in Italy: How Docker is Helping the Biggest Italian IT Company Conti...
COVID-19 in Italy: How Docker is Helping the Biggest Italian IT Company Conti...
 
Predicting Space Weather with Docker
Predicting Space Weather with DockerPredicting Space Weather with Docker
Predicting Space Weather with Docker
 
Become a Docker Power User With Microsoft Visual Studio Code
Become a Docker Power User With Microsoft Visual Studio CodeBecome a Docker Power User With Microsoft Visual Studio Code
Become a Docker Power User With Microsoft Visual Studio Code
 
How to Use Mirroring and Caching to Optimize your Container Registry
How to Use Mirroring and Caching to Optimize your Container RegistryHow to Use Mirroring and Caching to Optimize your Container Registry
How to Use Mirroring and Caching to Optimize your Container Registry
 
Monolithic to Microservices + Docker = SDLC on Steroids!
Monolithic to Microservices + Docker = SDLC on Steroids!Monolithic to Microservices + Docker = SDLC on Steroids!
Monolithic to Microservices + Docker = SDLC on Steroids!
 
Kubernetes at Datadog Scale
Kubernetes at Datadog ScaleKubernetes at Datadog Scale
Kubernetes at Datadog Scale
 
Labels, Labels, Labels
Labels, Labels, Labels Labels, Labels, Labels
Labels, Labels, Labels
 
Using Docker Hub at Scale to Support Micro Focus' Delivery and Deployment Model
Using Docker Hub at Scale to Support Micro Focus' Delivery and Deployment ModelUsing Docker Hub at Scale to Support Micro Focus' Delivery and Deployment Model
Using Docker Hub at Scale to Support Micro Focus' Delivery and Deployment Model
 
Build & Deploy Multi-Container Applications to AWS
Build & Deploy Multi-Container Applications to AWSBuild & Deploy Multi-Container Applications to AWS
Build & Deploy Multi-Container Applications to AWS
 
From Fortran on the Desktop to Kubernetes in the Cloud: A Windows Migration S...
From Fortran on the Desktop to Kubernetes in the Cloud: A Windows Migration S...From Fortran on the Desktop to Kubernetes in the Cloud: A Windows Migration S...
From Fortran on the Desktop to Kubernetes in the Cloud: A Windows Migration S...
 
Developing with Docker for the Arm Architecture
Developing with Docker for the Arm ArchitectureDeveloping with Docker for the Arm Architecture
Developing with Docker for the Arm Architecture
 
Sharing is Caring: How to Begin Speaking at Conferences
Sharing is Caring: How to Begin Speaking at ConferencesSharing is Caring: How to Begin Speaking at Conferences
Sharing is Caring: How to Begin Speaking at Conferences
 

Recently uploaded

Powerful Start- the Key to Project Success, Barbara Laskowska
Powerful Start- the Key to Project Success, Barbara LaskowskaPowerful Start- the Key to Project Success, Barbara Laskowska
Powerful Start- the Key to Project Success, Barbara LaskowskaCzechDreamin
 
Knowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backKnowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backElena Simperl
 
The architecture of Generative AI for enterprises.pdf
The architecture of Generative AI for enterprises.pdfThe architecture of Generative AI for enterprises.pdf
The architecture of Generative AI for enterprises.pdfalexjohnson7307
 
Transforming The New York Times: Empowering Evolution through UX
Transforming The New York Times: Empowering Evolution through UXTransforming The New York Times: Empowering Evolution through UX
Transforming The New York Times: Empowering Evolution through UXUXDXConf
 
Enterprise Security Monitoring, And Log Management.
Enterprise Security Monitoring, And Log Management.Enterprise Security Monitoring, And Log Management.
Enterprise Security Monitoring, And Log Management.Boni Yeamin
 
Introduction to Open Source RAG and RAG Evaluation
Introduction to Open Source RAG and RAG EvaluationIntroduction to Open Source RAG and RAG Evaluation
Introduction to Open Source RAG and RAG EvaluationZilliz
 
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptxIOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptxAbida Shariff
 
Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)
Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)
Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)Julian Hyde
 
Designing for Hardware Accessibility at Comcast
Designing for Hardware Accessibility at ComcastDesigning for Hardware Accessibility at Comcast
Designing for Hardware Accessibility at ComcastUXDXConf
 
Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya Halder
Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya HalderCustom Approval Process: A New Perspective, Pavel Hrbacek & Anindya Halder
Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya HalderCzechDreamin
 
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...CzechDreamin
 
Connecting the Dots in Product Design at KAYAK
Connecting the Dots in Product Design at KAYAKConnecting the Dots in Product Design at KAYAK
Connecting the Dots in Product Design at KAYAKUXDXConf
 
IESVE for Early Stage Design and Planning
IESVE for Early Stage Design and PlanningIESVE for Early Stage Design and Planning
IESVE for Early Stage Design and PlanningIES VE
 
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptxUnpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptxDavid Michel
 
UiPath Test Automation using UiPath Test Suite series, part 2
UiPath Test Automation using UiPath Test Suite series, part 2UiPath Test Automation using UiPath Test Suite series, part 2
UiPath Test Automation using UiPath Test Suite series, part 2DianaGray10
 
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
 
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMsTo Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMsPaul Groth
 
AI presentation and introduction - Retrieval Augmented Generation RAG 101
AI presentation and introduction - Retrieval Augmented Generation RAG 101AI presentation and introduction - Retrieval Augmented Generation RAG 101
AI presentation and introduction - Retrieval Augmented Generation RAG 101vincent683379
 
Strategic AI Integration in Engineering Teams
Strategic AI Integration in Engineering TeamsStrategic AI Integration in Engineering Teams
Strategic AI Integration in Engineering TeamsUXDXConf
 
JMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and GrafanaJMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and GrafanaRTTS
 

Recently uploaded (20)

Powerful Start- the Key to Project Success, Barbara Laskowska
Powerful Start- the Key to Project Success, Barbara LaskowskaPowerful Start- the Key to Project Success, Barbara Laskowska
Powerful Start- the Key to Project Success, Barbara Laskowska
 
Knowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backKnowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and back
 
The architecture of Generative AI for enterprises.pdf
The architecture of Generative AI for enterprises.pdfThe architecture of Generative AI for enterprises.pdf
The architecture of Generative AI for enterprises.pdf
 
Transforming The New York Times: Empowering Evolution through UX
Transforming The New York Times: Empowering Evolution through UXTransforming The New York Times: Empowering Evolution through UX
Transforming The New York Times: Empowering Evolution through UX
 
Enterprise Security Monitoring, And Log Management.
Enterprise Security Monitoring, And Log Management.Enterprise Security Monitoring, And Log Management.
Enterprise Security Monitoring, And Log Management.
 
Introduction to Open Source RAG and RAG Evaluation
Introduction to Open Source RAG and RAG EvaluationIntroduction to Open Source RAG and RAG Evaluation
Introduction to Open Source RAG and RAG Evaluation
 
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptxIOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
 
Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)
Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)
Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)
 
Designing for Hardware Accessibility at Comcast
Designing for Hardware Accessibility at ComcastDesigning for Hardware Accessibility at Comcast
Designing for Hardware Accessibility at Comcast
 
Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya Halder
Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya HalderCustom Approval Process: A New Perspective, Pavel Hrbacek & Anindya Halder
Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya Halder
 
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
 
Connecting the Dots in Product Design at KAYAK
Connecting the Dots in Product Design at KAYAKConnecting the Dots in Product Design at KAYAK
Connecting the Dots in Product Design at KAYAK
 
IESVE for Early Stage Design and Planning
IESVE for Early Stage Design and PlanningIESVE for Early Stage Design and Planning
IESVE for Early Stage Design and Planning
 
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptxUnpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
 
UiPath Test Automation using UiPath Test Suite series, part 2
UiPath Test Automation using UiPath Test Suite series, part 2UiPath Test Automation using UiPath Test Suite series, part 2
UiPath Test Automation using UiPath Test Suite series, part 2
 
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
 
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMsTo Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
 
AI presentation and introduction - Retrieval Augmented Generation RAG 101
AI presentation and introduction - Retrieval Augmented Generation RAG 101AI presentation and introduction - Retrieval Augmented Generation RAG 101
AI presentation and introduction - Retrieval Augmented Generation RAG 101
 
Strategic AI Integration in Engineering Teams
Strategic AI Integration in Engineering TeamsStrategic AI Integration in Engineering Teams
Strategic AI Integration in Engineering Teams
 
JMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and GrafanaJMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and Grafana
 

Securing Your Containerized Applications with NGINX

  • 1. Securing Your Containerized Applications with NGINX Kevin Jones Sr Product Manager NGINX, now part of F5 @webopsx
  • 2. • Benefits of a Reverse Proxy for Security • NGINX Best Practices for TLS • Running NGINX in Docker • Q&A Todays talk!
  • 3. Benefits of a Reverse Proxy ● HTTP Security and Façade Routing ● TLS Offload ● Authentication / Authorization Offload
  • 4. HTTP Security & Façade Routing
  • 5. ● Restrict Access to Specific URLs ● Intercept Response Headers from Upstream Servers ● Control Request Methods ● Control Domain Level Access ● Provide a Layer of Façade URLs for Routing to Microservices ● Rewrite URLs for Backwards Compatibility ● API Version Control / Testing (A/B) A Reverse Proxy can…
  • 6. Service C Service B Service AService A Login Service /login :32706 Service B Inventory Service /inventory :32717 Service C Partner API /api/beta :32724 api.example.com *:80 /api/v2/login /api/v1/inventory /admin/ partner.example.com *:80 /api/v1 GET Reverse Proxy / Gateway PUT PATCH
  • 7. Service C Service B Service AService A Login Service /login :32706 Service B Inventory Service /inventory :32717 Service C Partner API /api/beta :32724 api.example.com *:80 /api/v2/login /api/v1/inventory /admin/ partner.example.com *:80 /api/v1 Reverse Proxy / GatewayNGINX Directive server_name listen location limit_except proxy_pass upstream map if PUT PATCH GET
  • 9. ● SSL/TLS Protocols ● Ciphers ● Sessions ● Certificate and Key Management ● OCSP ● Performance Degradation ● Security Vulnerabilities and Patching Complexities of TLSComplexities of TLS RSA, DH, ECDH, SRP, PSK??!
  • 10. Let's Encrypt ● A Cron process can update certificates and keys NGINX API Cron (Certbot) ● The certificates and keys can be stored on disk or in memory depending on security requirements ● If you are using NGINX, certificates and keys can be loaded from disk on demand (lazy load) ● If using NGINX Plus, your certificates and keys can be stored in the NGINX Plus key- value database
  • 12. ● Offload credential validation ● Intercept unauthenticated requests ● Support integration with an IDP or other authentication flows ● Support multi factor requirements ● Once that client is validated, authorization provides policy enforcement on specific HTTP access Authentication and Authorization
  • 13. GET w/ JSON Web Token JSON Web Key Payload { "alg": "HS256", "typ": "JWT" } Header { "alg": "HS256", "typ": "JWT" } Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzd WIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gR G9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.N3Hb- h4CdvYDpm6iT-kQVAXt_q2vBnnZ-BDLfOPrd18
  • 14. Raffle Time! Check the chat to see if you've won!
  • 15. NGINX Best Practices For Configuring TLS
  • 17. server { listen 443 ssl default_server; server_name example.com; ssl_certificate /path/to/cert.pem; ssl_certificate_key /path/to/key.pem; # SSL protocols ssl_protocols TLSv1.3 TLSv1.2; # SSL ciphers ssl_prefer_server_ciphers on; ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM- SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384; # DH parameters and curve ssl_dhparam /path/to/dhparam.pem; ssl_ecdh_curve secp384r1; } CODE EDITOR
  • 18. Generate stronger DH parameters • This will take a while, be patient • For highest security, It is recommended to use a bit length of 4096 CODE EDITOR $ openssl dhparam -out /etc/ssl/certsdhparam.pem 4096 Generating DH parameters, 4096 bit long safe prime, generator 2 This is going to take a long time ............+.......................+.................................................................. ......................................................................................................... ...........................+............................................................................ ............................................................+........................................... ......................................................................................................... ..................................................................................................+..... .........+...........................+.................................................................
  • 20. CODE EDITOR server { # HTTP STS add_header Strict-Transport-Security "max- age=31536000; includeSubDomains; preload" always; } Enable HTTP Strict Transport Security • Informs browsers to always interact with your site over HTTPS • This will protect your site against various attacks such as downgrade attacks and possible cookie hijacking
  • 23. Service C Service B Service AService A Login Service :32706 Service B Inventory Service :32717 Service C Partner API :32724 api.example.com *:80 / *:443 /api/v2/login /api/v1/inventory /admin/ partner.example.com :443 /api/v1 Reverse Proxy / Gateway api.example.com *:80 / *:443 /api/v2/login /api/v1/inventory /admin partner.example.com :443 /api/v1
  • 24. Configure NGINX with Docker Compose • Configure services you want to communicate thru NGINX using "expose" • Link your services together with the "links" option • Then publish your NGINX service using the "ports" mapping CODE EDITOR nginx: build: ./nginx container_name: nginx restart: always links: - login ports: - "80:80" volumes: - ./etc/nginx/conf.d/server.conf:/etc/nginx/conf.d/server.conf login: build: ./login container_name: login restart: always expose: - "80"
  • 25. NGINX Configuration CODE EDITOR user nginx; events { worker_connections 1024; } http { server { listen 80; location /login { proxy_pass http://login:80; } } } Use the proxy_pass directive to configure NGINX to resolve the embedded Docker DNS server; this will support any scaling of your services while using Docker Compose
  • 26. Login Servicelogin.example.com Reverse Proxy Inventory Serviceinventory.example.com Reverse Proxy Partner APIpartner.example.com Reverse Proxy Login Service 127.0.0.1:9001login.example.com Sidecar Proxy Inventory Service 127.0.0.1:7001inventory.example.com Sidecar Proxy Partner API 127.0.0.1:5001partner.example.com Sidecar Proxy Sidecar Proxy Deploying NGINX as a Sidecar Proxy provides the ability to optimize TLS, standardize on HTTP protocol behavior and offload functionality that is already designed into NGINX without the need of developing it as code, such as authentication and authorization
  • 27. Sidecar Proxy • Using proxy_pass you can route requests to your application listening on localhost within the container CODE EDITOR http { server { listen 80; server_name partner.example.com; location /api/v2 { proxy_pass http://127.0.0.1:5001; } } } Partner API 127.0.0.1:5001partner.example.com Sidecar Proxy
  • 28. Thank you for watching! Visit https://swag-nginx.com Use code: DOCKERCON30 For 30% off! Questions? kevin@nginx.com
  • 29. Title font Monserrat bold 30pt Secondary headline font Monserrat 18pt CODE EDITOR { “Lorem”: “ipsum”, “laudantium”: 42 }
  • 30. Side title Secondary headline CODE EDITOR { “Lorem”: “ipsum”, “laudantium”: 42 }Sed ut perspiciatis unde omnis iste natus error sit voluptatem accusantium dolor laudantium, totam rem aperiam, eaque ipsa quae ab illo inventore veritatis et quasi architecto beatae vitae.
  • 31. Side title Secondary headline CODE EDITOR { “Lorem”: “ipsum”, “laudantium”: 42 } Sed ut perspiciatis unde omnis iste natus error sit voluptatem accusantium dolor laudantium, totam rem aperiam, eaque ipsa quae ab illo inventore veritatis et quasi architecto beatae vitae.
  • 32. At vero eos et accusamus et iusto odio dignissimos ducimus qui blanditiis praesentium voluptatum deleniti atque corrupti. Headline here
  • 33. Slide title / 2 line max. Secondary headline / 1 line max. Delete if slide title is 2 lines. Sed ut perspiciatis unde omnis iste natus error sit voluptatem accusantium doloremque laudantium, totam rem aperiam, eaque ipsa quae ab illo inventore veritatis et quasi architecto beatae vitae dicta sunt explicabo. Nemo enim ipsam voluptatem quia voluptas sit aspernatur aut odit aut fugit, sed quia consequuntur.
  • 34. Slide title / 2 line max. Secondary headline / 1 line max. Delete if slide title is 2 lines. Sed ut perspiciatis unde omnis iste natus error sit voluptatem accusantium doloremque laudantium, totam rem aperiam, eaque ipsa quae ab illo inventore veritatis et quasi architecto beatae vitae dicta sunt explicabo. Nemo enim ipsam voluptatem quia voluptas sit aspernatur aut odit aut fugit, sed quia consequuntur.
  • 35. Paragraph font Open Sans 18pt. Title font Monserrat bold 30pt Secondary headline font Monserrat 18pt
  • 36. Paragraph font Open Sans 18pt. Title font Monserrat bold 30pt Secondary headline font Monserrat 18pt
  • 37. Section title. Sed ut perspiciatis unde omnis iste natus error sit voluptatem accusantium doloremque laudantium, totam rem aperiam. Section title. Sed ut perspiciatis unde omnis iste natus error sit voluptatem accusantium doloremque laudantium, totam rem aperiam. Title font Monserrat bold 30pt Secondary headline font Monserrat 18pt
  • 38. Section title. Sed ut perspiciatis unde omnis iste natus error sit voluptatem accusantium doloremque laudantium, totam rem aperiam. Section title. Sed ut perspiciatis unde omnis iste natus error sit voluptatem accusantium doloremque laudantium, totam rem aperiam. Title font Monserrat bold 30pt Secondary headline font Monserrat 18pt
  • 39. Section title. Nemo enim ipsam voluptatem quia voluptas sit aspernatur aut odit aut fugit, sed quia consequuntur. Sed ut perspiciatis unde omnis iste natus error sit voluptatem accusantium doloremque laudantium, totam rem aperiam. Title font Monserrat bold 30pt Secondary headline font Monserrat 18pt Section title. Nemo enim ipsam voluptatem quia voluptas sit aspernatur aut odit aut fugit, sed quia consequuntur. Sed ut perspiciatis unde omnis iste natus error sit voluptatem accusantium doloremque laudantium, totam rem aperiam.
  • 40. Title font Monserrat bold 30pt Secondary headline font Monserrat 18pt Section title. Nemo enim ipsam voluptatem quia voluptas sit aspernatur aut odit aut fugit, sed quia consequuntur. Sed ut perspiciatis unde omnis iste natus error sit voluptatem accusantium doloremque laudantium, totam rem aperiam. Section title. Nemo enim ipsam voluptatem quia voluptas sit aspernatur aut odit aut fugit, sed quia consequuntur. Sed ut perspiciatis unde omnis iste natus error sit voluptatem accusantium doloremque laudantium, totam rem aperiam.
  • 41. Title font Monserrat bold 30pt Secondary headline font Monserrat 18pt Section title. Nemo enim ipsam voluptatem quia voluptas sit aspernatur aut odit aut fugit, sed quia consequuntur. Sed ut perspiciatis unde omnis. Section title. Nemo enim ipsam voluptatem quia voluptas sit aspernatur aut odit aut fugit, sed quia consequuntur. Sed ut perspiciatis unde omnis. Section title. Nemo enim ipsam voluptatem quia voluptas sit aspernatur aut odit aut fugit, sed quia consequuntur. Sed ut perspiciatis unde omnis.
  • 42. ● Bullet One ● Bullet Two ● Bullet Three ● Bullet Four ● Bullet Five ● Bullet Six Title font Monserrat bold 30pt Secondary headline font Monserrat 18pt
  • 43. 1. Bullet One 2. Bullet Two 3. Bullet Three 4. Bullet Four 5. Bullet Five 6. Bullet Six Title font Monserrat bold 30pt Secondary headline font Monserrat 18pt
  • 44. Side title Secondary headline 1,000+ Paragraph title bold 14pt Body copy open sans 14pt 1,000+ Paragraph title bold 14pt Body copy open sans 14pt 1,000+ Paragraph title bold 14pt Body copy open sans 14pt 1,000+ Paragraph title bold 14pt Body copy open sans 14pt
  • 45. Title here Sed ut perspiciatis unde omnis iste natus error sit voluptatem accusantium doloremque laudantium, totam rem aperiam, eaque ipsa quae ab illo inventore veritatis et quasi architecto beatae vitae dicta sunt explicabo. Nemo enim ipsam voluptatem quia voluptas sit aspernatur aut odit aut fugit, sed quia consequuntur magni dolores eos qui ratione voluptatem sequi nesciunt. ● Lorem ipsum ● Lorem ipsum ● Lorem ipsum ● Lorem ipsum ● Lorem ipsum ● Lorem ipsum
  • 47. Title font Monserrat bold 30pt Secondary headline font Monserrat 18pt Section title. Nemo enim ipsam voluptatem quia voluptas sit aspernatur aut odit aut fugit, sed quia consequuntur. Sed ut perspiciatis unde omnis. Nemo enim ipsam voluptatem quia voluptas sit aspernatur aut odit aut fugit.
  • 48. Title font Monserrat bold 30pt Secondary headline font Monserrat 18pt Section title. Nemo enim ipsam voluptatem quia voluptas sit aspernatur aut odit aut fugit, sed quia consequuntur. Sed ut perspiciatis unde omnis. Nemo enim ipsam voluptatem quia voluptas sit aspernatur aut odit aut fugit.
  • 49. Title font Monserrat bold 30pt
  • 50. Title font Monserrat bold 30pt Secondary headline font Monserrat 18pt
  • 51. Title here Sed ut perspiciatis unde omnis iste natus error sit voluptatem accusantium doloremque laudantium, totam rem aperiam, eaque ipsa quae ab illo inventore veritatis et quasi architecto beatae vitae dicta sunt explicabo. Nemo enim ipsam voluptatem quia voluptas sit aspernatur aut odit aut fugit, sed quia consequuntur magni dolores eos qui ratione voluptatem.
  • 52. Title here ● Bullet One ● Bullet Two ● Bullet Three ● Bullet Four ● Bullet Five ● Bullet Six
  • 56. Title font Monserrat bold 30pt Secondary headline font Monserrat 18pt
  • 59.
  • 61. Title font Monserrat bold 30pt Secondary headline font Monserrat 18pt CODE EDITOR { “Lorem”: “ipsum”, “laudantium”: 42 }
  • 62. Side title Secondary headline CODE EDITOR { “Lorem”: “ipsum”, “laudantium”: 42 }Sed ut perspiciatis unde omnis iste natus error sit voluptatem accusantium dolor laudantium, totam rem aperiam, eaque ipsa quae ab illo inventore veritatis et quasi architecto beatae vitae.
  • 63. Side title Secondary headline CODE EDITOR { “Lorem”: “ipsum”, “laudantium”: 42 } Sed ut perspiciatis unde omnis iste natus error sit voluptatem accusantium dolor laudantium, totam rem aperiam, eaque ipsa quae ab illo inventore veritatis et quasi architecto beatae vitae.
  • 65. Callout or quote text Monserrat bold 36pt Body copy font Monserrat 18pt
  • 66.
  • 67.
  • 68.
  • 69.
  • 70.
  • 75. Text styles Display Slide Title Section Title BodyParagraph Title Caption Small BodySmall Paragraph Title Large Body LABEL
  • 77. Icons
  • 78. Icons
  • 79. Icons