diff --git a/security-guide/source/api-endpoints/api-endpoint-configuration-recommendations.rst b/security-guide/source/api-endpoints/api-endpoint-configuration-recommendations.rst index cd5ff12d..53c74a87 100644 --- a/security-guide/source/api-endpoints/api-endpoint-configuration-recommendations.rst +++ b/security-guide/source/api-endpoints/api-endpoint-configuration-recommendations.rst @@ -151,5 +151,5 @@ It is key that the operator carefully plans and considers the individual performance needs of users and services within their OpenStack cloud when configuring and implementing any rate limiting functionality. -Common solutions for providing rate-limiting are NGINX, HAProxy, OpenRepose, or +Common solutions for providing rate-limiting are Nginx, HAProxy, OpenRepose, or Apache Modules such as mod_ratelimit, mod_qos, or mod_security. diff --git a/security-guide/source/dashboard/domains-dashboard-upgrades-basic-web-server-configuration.rst b/security-guide/source/dashboard/domains-dashboard-upgrades-basic-web-server-configuration.rst index e107c10b..2de9f53a 100644 --- a/security-guide/source/dashboard/domains-dashboard-upgrades-basic-web-server-configuration.rst +++ b/security-guide/source/dashboard/domains-dashboard-upgrades-basic-web-server-configuration.rst @@ -42,11 +42,11 @@ Basic web server configuration The dashboard should be deployed as a Web Services Gateway Interface (WSGI) application behind an HTTPS proxy such as -Apache or nginx. If Apache is not already in use, we recommend -nginx since it is lightweight and easier to configure +Apache or Nginx. If Apache is not already in use, we recommend +Nginx since it is lightweight and easier to configure correctly. -When using nginx, we recommend +When using Nginx, we recommend `gunicorn `_ as the WSGI host with an appropriate number of synchronous workers. When using Apache, we recommend diff --git a/security-guide/source/dashboard/front-end-caching-session-back-end.rst b/security-guide/source/dashboard/front-end-caching-session-back-end.rst index 6faf6a92..94d67a03 100644 --- a/security-guide/source/dashboard/front-end-caching-session-back-end.rst +++ b/security-guide/source/dashboard/front-end-caching-session-back-end.rst @@ -10,7 +10,7 @@ dashboard. The dashboard is rendering dynamic content resulting directly from OpenStack API requests and front-end caching layers such as varnish can prevent the correct content from being displayed. In Django, static media is directly served from Apache -or nginx and already benefits from web host caching. +or Nginx and already benefits from web host caching. Session back end ~~~~~~~~~~~~~~~~ diff --git a/security-guide/source/secure-communication/tls-proxies-and-http-services.rst b/security-guide/source/secure-communication/tls-proxies-and-http-services.rst index 11bc411e..75ea5e96 100644 --- a/security-guide/source/secure-communication/tls-proxies-and-http-services.rst +++ b/security-guide/source/secure-communication/tls-proxies-and-http-services.rst @@ -12,7 +12,7 @@ that can be used for this purpose: * `Pound `_ * `Stud `_ -* `nginx `_ +* `Nginx `_ * `Apache httpd `_ In cases where software termination offers insufficient performance, @@ -209,10 +209,10 @@ However, it is not provided by default. # Disabling this until we upgrade to HAProxy 1.5 write-proxy = off -nginx +Nginx ----- -This nginx example requires TLS v1.1 or v1.2 for maximum security. The +This Nginx example requires TLS v1.1 or v1.2 for maximum security. The ``ssl_ciphers`` line can be tweaked based on your needs, however this is a reasonable starting place. The default configuration file is ``/etc/nginx/nginx.conf``.