FIPS Status Check
For F5 NGINX Plus, the cryptographic boundary includes all functionality that is implemented by the http_ssl, http_v2, stream_ssl, and mail_ssl modules. These modules implement SSL and TLS operations for inbound and outbound connections which use HTTP, HTTP/2, TCP, and mail protocols.
-
Check the Technical Specifications page to verify that the module is supported by your operating system.
-
Make sure that your operating system is configured to retrieve binary packages from the official NGINX Plus repository. See installation instructions for your operating system on the Installing NGINX Plus page.
-
Install the FIPS module package
nginx-plus-module-fips-checkfrom the official NGINX Plus repository.For Amazon Linux 2, CentOS, Oracle Linux, and RHEL:
sudo yum update && \ sudo yum install nginx-plus-module-fips-checkfor Amazon Linux 2023, AlmaLinux, Rocky Linux:
sudo dnf update && \ sudo dnf install nginx-plus-module-fips-checkFor Debian and Ubuntu:
sudo apt update && \ sudo apt install nginx-plus-module-fips-checkFor SLES:
sudo zypper refresh && \ sudo zypper install nginx-plus-module-fips-checkFor Alpine:
apk add nginx-plus-module-fips-checkFor FreeBSD:
sudo pkg update && \ sudo pkg install nginx-plus-module-fips-check
After installation you will need to enable and configure the module in NGINX Plus configuration file nginx.conf.
-
Enable dynamic loading of the module with the
load_moduledirective specified in the top-level (“main”) context:load_module modules/ngx_fips_check_module.so; http { # ... } -
Perform additional configuration as required by the module.
-
Test the NGINX Plus configuration. In a terminal, type-in the command:
nginx -tExpected output of the command:
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok nginx: configuration file /etc/nginx/nginx.conf is successful -
Reload the NGINX Plus configuration to enable the module:
nginx -s reload