Tom qab ib xyoos ntawm kev loj hlob tshiab ruaj khov ceg ntawm high-performance HTTP server thiab multiprotocol proxy server , uas absorbed cov kev hloov pauv nyob rau hauv lub ntsiab ceg 1.15.x. Nyob rau hauv lub neej yav tom ntej, tag nrho cov kev hloov nyob rau hauv lub ruaj khov ceg 1.16 yuav muaj feem xyuam rau kev tshem tawm ntawm qhov yuam kev loj thiab qhov tsis zoo. Lub ceg tseem ceeb ntawm nginx 1.17 yuav raug tsim sai sai, nyob rau hauv uas txoj kev loj hlob ntawm cov yam ntxwv tshiab yuav txuas ntxiv mus. Rau cov neeg siv zoo tib yam uas tsis muaj txoj haujlwm ua kom muaj kev sib raug zoo nrog cov neeg thib peb, siv cov ceg tseem ceeb, raws li qhov kev tso tawm ntawm cov khoom lag luam Nginx Plus tau tsim txhua peb lub hlis.
Qhov tseem ceeb tshaj plaws kev txhim kho ntxiv thaum lub sij hawm kev loj hlob ntawm 1.15.x upstream ceg:
- Ntxiv qhov muaj peev xwm siv cov hloov pauv hauv 'cov lus qhia'thiab'', uas tuaj yeem siv los thauj cov ntawv pov thawj dynamically;
- Ntxiv lub peev xwm los thauj cov ntawv pov thawj SSL thiab cov yuam sij zais cia los ntawm kev hloov pauv yam tsis siv cov ntaub ntawv nruab nrab;
- Hauv block "Β» cov lus qhia tshiab tau ua tiav Β«", nrog kev pab los ntawm qhov uas koj tuaj yeem npaj cov khoom sib npaug nrog kev xaiv random ntawm tus neeg rau zaub mov xa mus rau kev sib txuas;
- Nyob rau hauv lub module variable siv ,
uas qhia txog qhov siab tshaj plaws ntawm SSL / TLS raws tu qauv uas tus neeg siv khoom txhawb nqa. Qhov hloov pauv tso cai rau kev nkag mus siv ntau yam kev cai nrog thiab tsis muaj SSL los ntawm ib qho chaw nres nkoj hauv lub network thaum proxying tsheb siv lub http thiab kwj modules. Piv txwv li, txhawm rau txhim kho kev nkag los ntawm SSH thiab HTTPS los ntawm ib qho chaw nres nkoj, chaw nres nkoj 443 tuaj yeem xa mus los ntawm lub neej ntawd rau SSH, tab sis yog tias SSL version tau txhais, xa mus rau HTTPS. - Ib qho kev hloov pauv tshiab tau ntxiv rau cov khoom siv sab saud "", uas qhia cov lej ntawm cov bytes pauv mus rau pab pawg neeg rau zaub mov;
- Rau module nyob rau hauv ib qho kev sib tham, muaj peev xwm ua tau ntau yam UDP datagrams los ntawm tus neeg siv khoom tau ntxiv;
- Cov lus qhia "", qhia txog tus naj npawb ntawm datagrams tau txais los ntawm tus neeg siv khoom, thaum ncav cuag qhov kev khi ntawm tus neeg siv khoom thiab qhov kev sib tham UDP uas twb muaj lawm raug tshem tawm. Tom qab tau txais tus naj npawb ntawm datagrams, cov datagram tom ntej tau txais los ntawm tib tus neeg siv khoom pib qhov kev sib tham tshiab;
- Cov lus qhia mloog tam sim no muaj peev xwm txheeb xyuas qhov chaw nres nkoj;
- Ntxiv cov lus qhia "Β» txhawm rau qhib hom thaum siv TLSv1.3, uas tso cai rau koj kom txuag tau yav tas los sib tham TLS kev sib txuas tsis tau thiab txo tus naj npawb ntawm RTTs rau 2 thaum rov pib qhov kev sib txuas yav dhau los;
- Cov lus qhia tshiab tau ntxiv rau kev teeb tsa Keepalive rau kev sib txuas sab nraud (ua rau lossis tsis ua haujlwm SO_KEEPALIVE kev xaiv rau cov khoom siv):
- Β«" - configures "TCP keepalive" tus cwj pwm rau kev sib txuas mus rau tus neeg rau zaub mov proxied;
- Β«" - configures "TCP keepalive" tus cwj pwm rau kev sib txuas mus rau FastCGI server;
- Β«" - configures "TCP keepalive" tus cwj pwm rau kev sib txuas mus rau gRPC server;
- Β«" - configures "TCP keepalive" tus cwj pwm rau kev sib txuas mus rau memcached server;
- Β«" - configures "TCP keepalive" tus cwj pwm rau kev sib txuas mus rau SCGI server;
- Β«" - configures "TCP keepalive" tus cwj pwm rau kev sib txuas mus rau uwsgi server.
- Hauv cov lus qhia " ntxiv qhov kev txwv tshiab "kev ncua", uas teeb tsa kev txwv tom qab qhov kev thov rov ua dua raug ncua;
- Cov lus qhia tshiab "keepalive_timeout" thiab "keepalive_requests" tau ntxiv rau "sab sauv" thaiv los teeb txwv rau Keepalive;
- Cov lus qhia "ssl" tau raug tshem tawm, hloov los ntawm "ssl" parameter hauv "saib" cov lus qhia. Cov ntawv pov thawj SSL ploj lawm tam sim no tau kuaj pom ntawm theem kev sim teeb tsa thaum siv cov lus qhia "mloog" nrog "ssl" tsis nyob hauv qhov chaw;
- Thaum siv cov lus qhia reset_timedout_connection, kev sib txuas tam sim no raug kaw nrog tus lej 444 thaum lub sijhawm tas sijhawm;
- SSL yuam kev "http thov", "https proxy thov", "tsis txaus siab raws tu qauv" thiab "version qis dhau" tam sim no tso tawm rau hauv lub cav nrog qib "info" es tsis txhob "crit";
- Ntxiv kev txhawb nqa rau txoj kev xaiv tsa ntawm Windows systems thaum siv Windows Vista thiab tom qab;
- Muaj peev xwm siv tau thaum tsim nrog lub tsev qiv ntawv BoringSSL, tsis yog OpenSSL nkaus xwb.
Tau qhov twg los: opennet.ru