Tag: nginx

Total 12 Posts

Let's Encrypt with DNS Round-Robin

I was having a period of really high load on securityheaders.io earlier and whilst I looked into it and sorted out the root cause I wanted to throw some more cloud behind the site to bolster it. That introduced an interesting problem that I wanted to solve quickly. DNS…

Continue Reading

CSP Nonce support in Nginx

Content Security Policy is an incredibly powerful security feature but in some circumstances it can be a little difficult to deploy. Removing inline scripts or styles often comes up as one of the hurdles. Here's how I introduced CSP nonce support in Nginx to counter the problem. Content Security Policy…

Continue Reading

Doing the ChaCha with Nginx

ChaCha20-Poly1305 is the combination of a new cipher, ChaCha20, and a new MAC, Poly1305, to give us a new AEAD cipher suite. AEADs will be the only option that will be available going forwards in TLSv1.3 so alongside AES-GCM, ChaCha20-Poly1305 will be our only other choice. There are also…

Continue Reading

Brotli Compression

Following a few performance related blogs recently this one is following a similar trend and is going to look at Brotli compression. It was announced by Google in September 2015 and it claims to offer 20%-26% better compression than existing compression algorithms. That's a pretty noteworthy improvement to compression…

Continue Reading