FIPS Status Check
For F5 NGINX Plus, the cryptographic boundary includes all functionality that is implemented by the http_ssl
, http_v2
, stream_ssl
, and mail_ssl
modules. These modules implement SSL and TLS operations for inbound and outbound connections which use HTTP, HTTP/2, TCP, and mail protocols.
-
Check the Technical Specifications page to verify that the module is supported by your operating system.
-
Make sure that your operating system is configured to retrieve binary packages from the official NGINX Plus repository. See installation instructions for your operating system on the Installing NGINX Plus page.
-
Install the FIPS module package
nginx-plus-module-fips-check
from the official NGINX Plus repository.For Amazon Linux 2, CentOS, Oracle Linux, and RHEL:
sudo yum update && \ sudo yum install nginx-plus-module-fips-check
for Amazon Linux 2023, AlmaLinux, Rocky Linux:
sudo dnf update && \ sudo dnf install nginx-plus-module-fips-check
For Debian and Ubuntu:
sudo apt update && \ sudo apt install nginx-plus-module-fips-check
For SLES:
sudo zypper refresh && \ sudo zypper install nginx-plus-module-fips-check
For Alpine:
apk add nginx-plus-module-fips-check
For FreeBSD:
sudo pkg update && \ sudo pkg install nginx-plus-module-fips-check
After installation you will need to enable and configure the module in NGINX Plus configuration file nginx.conf
.
-
Enable dynamic loading of the module with the
load_module
directive specified in the top-level (“main
”) context:load_module modules/ngx_fips_check_module.so; http { # ... }
-
Perform additional configuration as required by the module.
-
Test the NGINX Plus configuration. In a terminal, type-in the command:
nginx -t
Expected output of the command:
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok nginx: configuration file /etc/nginx/nginx.conf is successful
-
Reload the NGINX Plus configuration to enable the module:
nginx -s reload