The article explains HTTP’s plaintext nature and its susceptibility to man‑in‑the‑middle attacks, then details how HTTPS (TLS) uses asymmetric key exchange, certificates, and a trusted CA hierarchy to establish encrypted communication and prevent such attacks.
This article introduces an out‑of‑the‑box Nginx visual management platform that can be deployed with a single Docker‑Compose command, offering a web UI for configuring reverse proxies, SSL termination, advanced settings, and includes step‑by‑step setup, Docker network tips, health‑check configuration, and a link to the GitHub repository.
This comprehensive guide explains Nginx’s multi‑process architecture, worker process mechanics, CPU affinity, connection handling, and key directives such as worker_processes, worker_connections, and worker_rlimit_nofile, then details load‑balancing methods, proxy buffering, caching, compression, SSL/TLS optimization, system tuning, validation, and troubleshooting for high‑performance deployments.
This guide explains how to integrate the lightweight Cerebro monitoring tool with Easysearch, covering core features, configuration steps, and detailed solutions for frequent issues such as Java version conflicts, SSL certificate errors, and authentication mismatches.
This comprehensive guide walks you through installing Nginx 1.27 on Ubuntu 24.04 LTS and Rocky Linux 9.4, configuring reverse proxy, load balancing, SSL/TLS, WebSocket and gRPC support, tuning kernel and Nginx parameters, setting up health checks, high‑availability with Keepalived, and monitoring with Prometheus and Grafana, all with ready‑to‑use code snippets and scripts.
This guide introduces Nginx UI, a visual management tool for Nginx, and walks through installing it via Docker, configuring server metrics, SSL certificates, static and dynamic proxy settings, and deploying a sample e‑commerce project, demonstrating dashboard use, site and location setup, and user management.
HTTPS secures web communication by replacing plaintext HTTP with TLS encryption, using asymmetric key exchange to protect symmetric keys, and relying on a hierarchical CA certificate chain to verify server identities, thereby preventing man‑in‑the‑middle attacks that exploit HTTP’s unencrypted traffic.
After updating a core API's SSL certificate, a partner reported repeated SSLHandshakeException errors, mistakenly labeling the cert as a development version; thorough verification revealed the issue stemmed from an outdated Java trust store lacking the new Sectigo root, leading to a set of concrete remediation steps and best‑practice lessons.
This article explains how HTTPS upgrades plain HTTP by adding authentication, encryption, and integrity checks, walks through its three security layers, traces the protocol’s evolution from SSL 2.0 to TLS 1.3, and discusses the practical benefits, costs, and adoption challenges of securing web traffic.
This article explains why HTTPS is essential for secure web communication, detailing how it upgrades plain HTTP by adding certificate‑based identity verification, TLS handshake negotiation, and AES‑GCM encryption with MAC verification to protect against eavesdropping, tampering, and phishing attacks.
Let’s Encrypt will shorten default TLS/SSL certificate lifetimes from 90 to 45 days and reduce domain‑validation reuse windows to seven hours, rolling out a trial in May 2026, a default change in July 2027, and full enforcement in August 2028, while also introducing a persistent DNS‑TXT validation method.
This article explains the fundamentals of SSL/TLS, why transport‑layer encryption is essential, and provides a hands‑on guide to using OpenSSL on Linux for symmetric and asymmetric encryption, hashing, password generation, random number creation, and base64 encoding with clear command‑line examples.
After adding an HTTPS certificate to an Nginx site, browsers load the page fine but curl requests are reset; this article walks through network tests, configuration tweaks, packet captures, and the eventual discovery that enabling ssl_session_cache resolves the issue.
After adding an HTTPS certificate to an Nginx server, browsers load the site fine but curl requests are reset; the article walks through network checks, cipher and buffer tweaks, a certificate swap, and ultimately shows that configuring the ssl_session_cache directive resolves the reset issue.
Learn how to transform a vulnerable MySQL 8 instance into a militarized, audit‑ready database in just half an hour by applying six ready‑to‑run shell and SQL scripts that disable high‑risk accounts, enable enterprise audit logging, enforce SSL, prune privileges, rotate root passwords, and generate compliance reports.
Even if your database appears functional and backed up, a single SQL injection can expose all data; this article reveals five often‑overlooked MySQL security configurations—disabling remote root login, turning off dangerous functions, enabling audit logs, enforcing SSL, and cleaning ghost accounts—to dramatically harden your database in under 30 minutes.
This guide explains how to use the Acme-Companion container alongside nginx‑proxy to automatically obtain, renew, and apply free Let’s Encrypt certificates for Dockerized web services, covering core concepts, benefits, feature highlights, and a detailed installation workflow.
This guide walks through designing and implementing a highly available Nginx load‑balancing solution—covering applicable scenarios, prerequisites, environment matrix, step‑by‑step configuration of Nginx, Keepalived, SSL termination, health checks, monitoring, performance tuning, security hardening, troubleshooting, and a concise list of best‑practice recommendations.
This comprehensive guide walks you through migrating a Spring Boot 3.0 JavaWeb application from HTTP to HTTPS, covering certificate acquisition (including Let’s Encrypt), conversion to Java keystore, Spring Boot and reverse‑proxy configuration, application adjustments, automated renewal, testing, rollback, and ongoing monitoring.
This guide walks through using the open‑source Elasticdump tool to migrate an Elasticsearch index—including mapping, settings, and data—to Easysearch, covering environment setup, SSL handling, step‑by‑step commands, verification methods, common errors, and performance‑tuning tips.
This guide walks through a zero‑downtime migration from Elasticsearch 9.0 to the Easysearch compatible branch using Logstash, covering project goals, solution selection, detailed input/filter/output configurations, SSL handling, batch tuning, execution steps, and verification to ensure data integrity and ID consistency.
Version 0.4.0 of the TrueAsync PHP library introduces major performance and memory‑management enhancements, adds asynchronous UDP socket support and SSL for socket streams, fixes numerous bugs, and outlines new requirements and breaking API changes for developers.
This guide explains Nginx's core configuration concepts—including directives, contexts, server and location blocks—provides practical examples for setting up virtual hosts, reverse proxies, load balancing, SSL/TLS, gzip compression, and custom error pages, and offers performance‑optimisation tips for production environments.
This article walks through a real‑world case where HTTPS requests made with curl are reset on an Nginx server, detailing the step‑by‑step investigation, configuration tweaks—including client buffers and SSL session cache—and the final resolution that restores successful connections.
This article compares Logstash 9.x with previous releases, shows a working 9.x configuration, explains why root execution is blocked, details the deprecation of the cacert setting in favor of ssl_certificate_authorities, and provides step‑by‑step troubleshooting tips—including permission checks and the --config.test_and_exit flag—to resolve typical startup and data‑ingestion issues.
This guide explains the fundamentals of SSL/TLS, why encryption occurs at the transport layer, and provides comprehensive OpenSSL command‑line examples for symmetric encryption/decryption, asymmetric key generation, hashing, password creation, and random number generation, illustrating each operation with clear syntax and usage notes.
This comprehensive guide walks you through Nginx's core features, configuration syntax, and practical modules such as server blocks, load balancing, SSL, gzip compression, CORS handling, access control, and caching, complete with clear code snippets and real‑world deployment examples.
This guide explains what mkcert is, its key features, and provides step‑by‑step instructions for installing the tool, generating trusted local SSL/TLS certificates for multiple domains and IPs, and configuring Nginx to enable HTTPS in a local development environment across Windows, macOS, and Linux.
This guide explains the difference between one‑way and two‑way SSL/TLS authentication, shows how to generate self‑signed and CA certificates with keytool, configures Spring Boot for mutual authentication, and demonstrates testing the setup using Postman, including detailed steps, code snippets, and troubleshooting tips.
This guide shows how to generate a self‑signed SSL certificate for an internal IP address using OpenSSL, configure Nginx to serve HTTPS without security warnings, and import the certificate into Chrome with the necessary extensions to avoid common name errors.
This article presents the ten most frequently asked SSL/TLS questions, covering protocol differences, handshake mechanics, certificate structure, PKI, common vulnerabilities, perfect forward secrecy, cipher suites, revocation methods, certificate pinning, and the improvements introduced in TLS 1.3, while also highlighting why mastering these concepts is essential for security professionals.
This tutorial walks you through obtaining or generating SSL certificates, configuring Spring Boot to use JKS or PKCS12 keystores, redirecting HTTP to HTTPS, and distributing the certificate to clients, with complete command‑line examples and code snippets for a production‑ready setup.
This article outlines common challenges in multi‑platform domain and HTTPS certificate management, introduces a unified management platform with features like automated syncing, Let’s Encrypt integration, and multi‑channel alerts, provides a step‑by‑step Docker deployment guide, and shares a curated collection of popular open‑source monitoring tools.
mkcert, an open‑source tool by Filippo Valsorda, lets developers quickly create and trust local SSL/TLS certificates across Linux, macOS, and Windows without manual configuration, offering zero‑setup installation, multi‑domain support, advanced features, and simple Nginx integration for secure local testing.
This article explains how to protect MySQL connections by using SSL/TLS, various password authentication plugins, digital signatures, and client/server certificate verification to prevent impersonation, password leakage, and data tampering.
This article introduces the open‑source mkcert tool for effortlessly creating locally trusted SSL/TLS certificates, provides step‑by‑step installation and usage commands for multiple platforms, shows how to configure Nginx with the generated files, and then promotes related AI and ChatGPT community offers and paid resources.
This article provides a step‑by‑step guide to configuring Nginx for both HTTP and HTTPS, including how to set up separate proxy passes for multiple APIs, define URL rewrite rules, configure SSL certificates, and customize error page handling using concrete configuration examples.
This article explains why Nginx reverse‑proxying to an HTTPS upstream can return a 502 Bad Gateway error when SNI is not sent, shows the relevant SSL handshake log, and provides a complete configuration example—including enabling proxy_ssl_server_name—to fix the issue and avoid reload‑related socket problems.
This guide explains the fundamentals of HTTPS, walks through creating a self‑signed certificate with OpenSSL, and shows step‑by‑step how to set up Nginx inside a Docker container to serve secure traffic on port 443.
This guide walks you through installing Certbot, obtaining a free DV SSL certificate from Let’s Encrypt, configuring Nginx for HTTPS, and setting up automatic renewal so your website stays securely encrypted without the hassle of paid certificates.
Learn how to install and configure the visual Nginx management tool nginx‑proxy‑manager using Docker, set up static and dynamic proxy hosts, enable automatic SSL, and integrate it with a SpringBoot‑Vue e‑commerce project, complete with step‑by‑step commands and screenshots.
This guide walks you through four progressive stages—basic configuration, SSL encryption, SCRAM authentication, and combined SSL+SASL—showing how to harden Kafka with certificates, keystores, and client settings to achieve financial‑level protection.
This comprehensive guide walks system administrators and developers through essential Nginx hardening steps—including hiding version info, restricting sensitive directories, custom error pages, CSP, HTTPS, SSL tuning, file permissions, security headers, rate limiting, IP whitelisting, and logging—to dramatically improve web server security.
This guide provides a comprehensive, step‑by‑step hardening roadmap for Nginx, covering version hiding, directory protection, HTTPS enablement, custom error pages, CSP, file permissions, security headers, connection limits, IP whitelisting, SSL optimization, secure file uploads, common attack mitigations, logging best practices, and additional hardening measures to protect web services from a wide range of threats.
This guide introduces mkcert, a free open‑source tool that quickly creates locally trusted SSL/TLS certificates, outlines its key features, provides step‑by‑step installation and usage instructions—including Nginx configuration—and explains how it streamlines secure development environments.
This tutorial walks through installing acme.sh, configuring JD Cloud DNS API credentials, issuing and installing SSL certificates for Nginx (or Docker‑based Nginx), and setting up automatic 60‑day renewal, providing all necessary commands and configuration examples.
This guide walks you through using OpenSSL to create a private key, generate a certificate signing request, configure extensions, and produce a self‑signed CA and server certificate, including commands for key encryption, password removal, and PEM/CRT output.
This guide explains common certificate formats (PEM, DER, CRT, CER), shows how to generate a CA key, CSR, and signed certificate with OpenSSL, demonstrates format conversions, and provides commands for inspecting and verifying certificates, all essential for secure operations.
SSL/TLS certificates secure data between browsers and servers, but while one‑way authentication verifies only the server, mutual (two‑way) authentication also validates the client using personal authentication certificates, requiring additional keys and CA roots, making it ideal for high‑security enterprise environments.
This guide explains how to use OpenSSL to create private keys, certificate signing requests, and signed SSL/TLS certificates, covering key generation, password removal, PEM creation, extension configuration, and the final issuance of server.crt and server.key files.
This article introduces the open‑source tool mkcert, explains its key features, provides step‑by‑step installation and certificate generation commands, shows how to configure Nginx for HTTPS, and includes promotional notes about related community resources.
Enterprises should follow a six‑phase plan—inventorying domains, securing and installing SSL certificates, configuring servers, redirecting traffic, updating links and sitemaps, testing, and finally enforcing HTTPS‑only access—while monitoring performance impacts such as latency, bandwidth, CPU load, and handshake overhead.
This article introduces the open‑source tool mkcert, explains its features, shows how to install it on various operating systems, generate multi‑domain certificates, and configure Nginx for HTTPS, while also noting additional community resources and promotional offers.
This guide walks through installing OpenSSL, generating a self‑signed SSL key and certificate for an internal IP address, configuring Nginx to use the certificate, and importing the certificate into Chrome and Firefox, including necessary extensions to avoid common name errors.
This guide explains how to prepare the environment, install required Python libraries, and use a complete script that connects to a remote server via SSH to check SSL certificate expiration dates and send email alerts when certificates are near expiry.
This guide explains what ServBay Local CA is, how to locate it using macOS Keychain Access, and provides step‑by‑step instructions for reinstalling or deleting the certificate to resolve HTTPS errors during local development.
This article explains the fundamentals of the HTTP protocol, illustrates its vulnerability to man‑in‑the‑middle attacks, demonstrates why plain HTTP is insecure, and shows how HTTPS, TLS/SSL, asymmetric encryption, and certificate authorities together protect communications from interception and tampering.
This guide walks through practical MySQL 8.0 security hardening steps using SQL statements to enforce strong passwords, enable SSL, configure connection control, manage user authentication, set file permissions, and verify encryption of logs and tables.
This guide explains how to switch the embedded web server in Spring Boot 3.2.5, disable it, customize ports (including random and range ports), enable HTTP compression, configure SSL and HTTP/2, add servlets, filters, listeners, set up logging, and fine‑tune Tomcat and Undertow settings, all with practical code examples.
This article explains the fundamentals of the HTTP protocol, illustrates its susceptibility to man‑in‑the‑middle attacks, discusses symmetric and asymmetric encryption attempts, and then details how HTTPS (TLS) and the CA trust model protect data transmission from interception and tampering.
This guide explains how to troubleshoot a Java SSLHandshakeException caused by an untrusted third‑party HTTPS endpoint when fetching PDF files, covering certificate installation, trustStore configuration, and a custom TrustManager solution to bypass verification.
The article walks through diagnosing a Java SSLHandshakeException caused by an untrusted HTTPS certificate when fetching a PDF, and presents three solutions: using InstallCert to add the certificate, configuring trustStore properties, and finally bypassing verification with a custom TrustManager and HostnameVerifier.
This tutorial explains the differences between PEM and DER certificate formats, lists common file extensions, and provides step‑by‑step OpenSSL commands for generating a CA key, creating CSRs, signing certificates, converting formats, and verifying the results.
This article explains the fundamentals of SSL/TLS certificates, compares one‑way server authentication with mutual (two‑way) authentication using client certificates, and outlines the handshake processes, required components, and typical enterprise use cases.
This guide explains why separate ports are normally required for multiple SSL sites, how Nginx’s SNI support lets you share a single IP and port, and provides step‑by‑step compilation and configuration examples for www, live, and vod domains.
Learn how to secure MySQL 8 connections by enabling SSL, covering the protocol’s encryption and authentication principles, generating certificates, configuring server and client settings, and testing the encrypted connection with detailed commands and practical examples.
This guide walks Java developers through essential keytool commands on CentOS 7, covering keystore creation, key pair generation, CSR creation, certificate import, listing entries, and exporting certificates to simplify SSL/TLS handling.
This article explains how to quickly set up Nginx Proxy Manager with Docker, covering project goals, key features, step‑by‑step deployment, default credentials, advanced Docker network and health‑check configurations, and provides useful code snippets and screenshots for reference.
This guide shows how to configure Nginx to proxy both unsecured WebSocket (ws) and secure WebSocket (wss) traffic, using standard HTTP ports 80 and 443, by setting upgrade headers, defining upstream servers, and adding SSL certificates for encrypted connections.
This guide walks you through obtaining a valid SSL certificate, installing Nginx on a Linux server, configuring the HTTPS server block, converting certificates to PEM format, and testing the secure connection, providing step‑by‑step commands and example configurations.
nginxWebUI is a web‑based graphical interface that simplifies configuring, managing, and deploying Nginx across single or multiple servers, offering HTTP/TCP forwarding, reverse proxy, load balancing, SSL automation, Docker support, systemd service setup, and detailed command‑line installation instructions.
This article explains how an Ingress Controller automatically translates Ingress resources into routing rules, updates service routing tables, configures load balancers, and sets up SSL/TLS by providing clear examples and YAML manifests for Kubernetes environments.
This article explains why backend developers should switch from HTTP to HTTPS for user-facing services, highlights the key differences—including SSL and TLS—and points to a concise five‑minute video that visually demonstrates how HTTPS works and secures web traffic.
This guide explains how to prepare the environment, enable SSL transport encryption for OceanBase OBServer and ODP via OBProxy, configure certificates and whitelist settings, and verify the encryption using MySQL and RPC ports, while highlighting common pitfalls and reference links.
During a migration from Nginx to APISIX, the team encountered TLS handshake failures caused by missing SNI fields and legacy SSLv2Hello usage, leading to a detailed investigation, protocol explanations, and configuration fixes to restore secure connections without modifying client code.
This article explains how to secure PHP communications using HTTPS by obtaining SSL certificates, configuring cURL options, creating requests, verifying server certificates, and handling SSL errors, with complete code examples for developers.
This guide explains three ways to generate SSL certificates using OpenSSL, including creating a private key, self‑signed certificate, and CSR‑based signing, and shows how to configure Nginx to enable HTTPS with the generated certificates.
This guide outlines practical Nginx configuration techniques to mitigate DDoS, SQL injection, path traversal, XSS, host header injection, clickjacking, and other security threats while also covering SSL/TLS encryption, server token hiding, and essential command‑line operations.
This article walks through a real‑world Nginx reverse‑proxy SSL issue, explains the root cause of 502 and handshake failures caused by missing SNI support, and provides step‑by‑step configuration changes and code snippets to resolve the problem.
This article explains why and how to upgrade an HTTP website to HTTPS, introduces the differences between the protocols, compares paid and free CA certificates, and provides a step‑by‑step tutorial for installing, issuing, installing, and automatically renewing certificates with the acme.sh script.
This article describes a MySQL replication issue where the I/O thread could not connect to the master due to the replication user’s SSL requirement, explains the analysis steps, reproduces the error, and provides a solution by disabling the SSL enforcement and adjusting CHANGE MASTER parameters.
This comprehensive guide explains the CIAA security model for network transmission, details confidentiality, integrity, authentication, and availability, and walks through building a private CA with OpenSSL, configuring TLS 1.2/1.3, HTTPS authentication modes, SNI/ESNI extensions, and upgrading curl for HTTP/2 support.
This article explains how to secure an Nginx web server by configuring rate limiting, restricting access to sensitive directories, mitigating DDoS attacks, and strengthening SSL/TLS settings, providing detailed code examples and annotations for each security measure.
An engineer troubleshoots a .NET application login freeze by capturing a dump with WinDbg, discovers the thread blocked in MySQL SSL handshake, verifies the MySQL driver version, and resolves the issue by disabling SSL via the connection string, illustrating effective debugging without source code or logs.
This tutorial explains how to set up Nginx Proxy Manager using Docker, covering its key features, Docker‑Compose installation, login credentials, configuring a reverse proxy for a backend interface, obtaining Let’s Encrypt SSL certificates, and enabling HTTPS access.
This tutorial introduces Nginx Proxy Manager, a visual reverse‑proxy management interface, and provides step‑by‑step instructions for installing it via Docker‑Compose, configuring domains, setting up SSL with Let’s Encrypt, and managing proxy hosts through its web UI.
This guide walks you through installing Nginx Proxy Manager via Docker, configuring reverse proxy hosts, obtaining Let’s Encrypt SSL certificates, and securing access with HTTPS, all using a user‑friendly web interface suitable for beginners.
This extensive tutorial walks through Nginx concepts, environment setup, reverse‑proxy load balancing, static‑dynamic separation, resource compression, buffering, caching, IP whitelist/blacklist, CORS handling, anti‑hotlinking, large‑file configuration, SSL certificate setup, high‑availability with Keepalived, and key performance optimizations.
This article provides a step‑by‑step tutorial on installing Nginx, setting up reverse proxy and various load‑balancing methods, configuring upstream directives, enabling SSL, and building high‑availability clusters using Keepalived and LVS with detailed command examples and configuration snippets.
This article examines the ten most common website security attacks—from XSS and SQL injection to DDoS and phishing—explaining their motivations, mechanisms, and practical mitigation strategies such as WAF deployment, input sanitization, SSL encryption, and regular updates to help protect any online presence.
This article explains the fundamentals of HTTP, demonstrates how its plaintext nature enables man‑in‑the‑middle attacks, explores symmetric and asymmetric encryption attempts to mitigate the risk, and shows how HTTPS—through TLS handshakes, certificate validation, and a trusted CA hierarchy—provides robust protection.
This extensive tutorial walks through Nginx fundamentals, environment setup, reverse‑proxy load balancing, static‑dynamic separation, resource compression, buffering, proxy caching, IP black‑white listing, anti‑hotlinking, large‑file handling, SSL configuration, high‑availability with Keepalived, and key performance‑tuning techniques for production deployments.
This comprehensive guide walks you through Nginx fundamentals, from installing and configuring load balancing, static asset handling, compression, buffering, caching, IP access control, cross‑origin support, anti‑hotlinking, large file handling, SSL setup, high‑availability with Keepalived, and performance tuning techniques for robust backend services.
This extensive tutorial walks through installing Nginx from source, setting up environment, configuring reverse proxy load balancing, static resource handling, compression, buffering, caching, IP black‑white lists, anti‑hotlinking, large file transfer, SSL certificates, high availability with Keepalived, and advanced performance tuning techniques.
This article explains the fundamentals of SSL certificates, details Android’s certificate verification process, walks through common pitfalls such as expired or mismatched certificates, and provides practical solutions—including custom TrustManager implementations, revocation checks, and debugging techniques—to ensure reliable secure communication in Android apps.
This article introduces nginxWebUI, a web‑based graphical interface for managing Nginx configurations, explains its technical architecture, provides step‑by‑step installation instructions for jar, Docker and systemd service on Linux, and demonstrates how to use the UI for HTTP, TCP, SSL, load‑balancing, and remote server management.
This article walks through the complete process of acquiring a free SSL certificate, exporting it as a PFX file, and configuring the server settings to enable HTTPS for a mini‑program, while highlighting common pitfalls and required tools.
This guide provides a comprehensive walkthrough of nginxWebUI—a graphical web interface for configuring and controlling Nginx—including feature overview, installation via JAR or Docker, systemd service setup, command‑line options, SSL automation, backup management, API usage, and password recovery.
This article explains why reducing Nginx HTTPS latency is crucial for instant‑search services, describes how TLS handshakes add round‑trips, and provides concrete Nginx configuration tweaks—including enabling HTTP/2, optimizing cipher suites, activating OCSP stapling, adjusting ssl_buffer_size and SSL session cache—that together cut end‑to‑end request latency by roughly 30%.
This guide shows how to enable HTTPS on Nginx by either obtaining a free Alibaba Cloud SSL certificate—generating a CSR, submitting it, and configuring the server—or creating a self‑signed OpenSSL certificate with custom SANs, installing it, updating hosts, and verifying the secure connection.
