Tom qab ib xyoos ntawm txoj kev loj hlob, ib ceg ruaj khov tshiab ntawm HTTP neeg rau zaub mov ua haujlwm siab thiab ntau tus txheej txheem npe neeg rau zaub mov nginx 1.20.0 tau qhia, uas suav nrog cov kev hloov pauv hauv cov ceg tseem ceeb 1.19.x. Nyob rau hauv lub neej yav tom ntej, tag nrho cov kev hloov nyob rau hauv lub ruaj khov ceg 1.20 yuav muaj feem xyuam rau kev tshem tawm ntawm qhov yuam kev loj thiab qhov tsis zoo. Tsis ntev los no cov ceg tseem ceeb ntawm nginx 1.21 yuav raug tsim, uas txoj kev loj hlob ntawm cov yam ntxwv tshiab yuav txuas ntxiv mus. Rau cov neeg siv zoo tib yam uas tsis muaj lub luag haujlwm los ua kom muaj kev sib raug zoo nrog cov neeg thib peb, nws raug nquahu kom siv cov ceg tseem ceeb, raws li kev tshaj tawm cov khoom lag luam Nginx Plus yog tsim txhua peb lub hlis.
Raws li tsab ntawv ceeb toom lub Peb Hlis Ntuj los ntawm Netcraft, nginx yog siv rau 20.15% ntawm tag nrho cov chaw nquag (ib xyoos dhau los 19.56%, ob xyoos dhau los 20.73%), uas sib haum rau qhov chaw thib ob hauv kev muaj koob npe hauv pawg no (Apache's shares sib raug rau 25.38% (ib xyoos dhau los 27.64%), Google - 10.09%, Cloudflare - 8.51%. 35.34%), thaum feem ntawm Apache sib raug rau 36.91%, OpenResty ( platform raws li nginx thiab LuaJIT.) - 27.52%, Microsoft IIS - 25.98%.
Ntawm ntau lab qhov chaw uas tau mus xyuas hauv ntiaj teb no, nginx feem ntau yog 25.55% (ib xyoos dhau los 25.54%, ob xyoos dhau los 26.22%). Tam sim no, txog 419 lab lub vev xaib tau khiav Nginx (459 lab ib xyoos dhau los). Raws li W3Techs, nginx yog siv rau ntawm 33.7% ntawm qhov chaw tawm ntawm ntau lab tus neeg tuaj xyuas feem ntau, thaum lub Plaub Hlis xyoo tas los no daim duab no yog 31.9%, xyoo ua ntej - 41.8% (qhov kev poob qis yog piav qhia los ntawm kev hloov pauv mus rau cais accounting ntawm Cloudflare http server). Apache txoj kev sib faib tau poob rau lub xyoo los ntawm 39.5% mus rau 34%, thiab Microsoft IIS feem ntawm 8.3% mus rau 7%. LiteSpeed qhov sib faib tau nce los ntawm 6.3% mus rau 8.4%, thiab Node.js los ntawm 0.8% mus rau 1.2%. Nyob rau hauv Russia, nginx yog siv rau 79.1% ntawm cov chaw mus xyuas tshaj plaws (ib xyoos dhau los - 78.9%).
Qhov tseem ceeb tshaj plaws kev txhim kho ntxiv thaum lub sij hawm kev loj hlob ntawm 1.19.x upstream ceg:
- Ntxiv lub peev xwm los txheeb xyuas daim ntawv pov thawj tus neeg siv khoom siv cov kev pabcuam sab nraud raws li OCSP (Online Certificate Status Protocol) raws tu qauv. Txhawm rau ua kom tau daim tshev, cov lus qhia ssl_ocsp tau npaj tseg, txhawm rau teeb tsa lub cache loj - ssl_ocsp_cache, txhawm rau txheeb xyuas qhov URL ntawm OCSP tus tuav ntaub ntawv teev tseg hauv daim ntawv pov thawj - ssl_ocsp_responder.
- Lub ngx_stream_set_module module suav nrog, uas tso cai rau koj muab tus nqi rau tus neeg rau zaub mov sib txawv { mloog 12345; teeb $true 1; }
- Ntxiv proxy_cookie_flags cov lus qhia kom qhia cov chij rau ncuav qab zib hauv kev sib txuas sib txuas. Piv txwv li, ntxiv "httponly" chij rau ncuav qab zib "ib", thiab "nosecure" thiab "samesite = nruj" chij rau tag nrho lwm cov ncuav qab zib, koj tuaj yeem siv cov kev tsim kho hauv qab no: proxy_cookie_flags ib httponly; proxy_cookie_flags ~ nosecure samesite = nruj;
Ib qho piv txwv userid_flags cov lus qhia ntxiv rau cov chij rau ncuav qab zib kuj yog siv rau ngx_http_userid module.
- Ntxiv cov lus qhia “ssl_conf_command”, “proxy_ssl_conf_command”, “grpc_ssl_conf_command” thiab “uwsgi_ssl_conf_command”, uas koj tuaj yeem teeb tsa qhov tsis txaus ntseeg rau kev teeb tsa OpenSSL. Piv txwv li, txhawm rau muab qhov tseem ceeb ntawm ChaCha ciphers thiab kev teeb tsa qib siab ntawm TLSv1.3 ciphers, koj tuaj yeem hais qhia ssl_conf_command Options PrioritizeChaCha; ssl_conf_command Ciphersuites TLS_CHACHA20_POLY1305_SHA256;
- Ntxiv "ssl_reject_handshake" cov lus qhia, uas qhia kom tsis lees paub txhua qhov kev sim sib tham SSL kev sib txuas (piv txwv li, tuaj yeem siv tsis lees paub txhua qhov kev hu nrog lub npe tsis paub hauv SNI teb). server { mloog 443 ssl; ssl_reject_handshake rau; } server { mloog 443 ssl; server_name example.com; ssl_certificate example.com.crt; ssl_certificate_key example.com.key; }
- Cov lus qhia proxy_smtp_auth tau ntxiv rau lub npe xa ntawv, tso cai rau koj txheeb xyuas tus neeg siv ntawm lub backend siv AUTH hais kom ua thiab PLAIN SASL mechanism.
- Ntxiv rau "keepalive_time" cov lus qhia, uas txwv tag nrho lub neej ntawm txhua qhov kev sib txuas kom ciaj sia, tom qab ntawd qhov kev sib txuas yuav raug kaw (tsis yog yuav tsum tsis meej pem nrog keepalive_timeout, uas txhais tau tias lub sijhawm tsis ua haujlwm tom qab qhov kev sib txuas ruaj khov raug kaw).
- Ntxiv $connection_time sib txawv, los ntawm qhov uas koj tuaj yeem tau txais cov ntaub ntawv hais txog kev sib txuas ntev hauv vib nas this nrog millisecond precision.
- Ib qho "min_free" parameter tau ntxiv rau "proxy_cache_path", "fastcgi_cache_path", "scgi_cache_path" thiab "uwsgi_cache_path" cov lus qhia, uas tswj cov cache loj raws li kev txiav txim siab yam tsawg kawg nkaus ntawm qhov chaw dawb disk.
- Cov lus qhia "lingering_close", "lingering_time" thiab "lingering_timeout" cov lus qhia tau raug coj los ua haujlwm nrog HTTP / 2.
- Qhov kev sib txuas ua tiav hauv HTTP / 2 yog ze rau HTTP / 1.x kev siv. Kev them nyiaj yug rau tus kheej qhov chaw "http2_recv_timeout", "http2_idle_timeout" thiab "http2_max_requests" tau raug txiav tawm raws li cov lus qhia dav dav "keepalive_timeout" thiab "keepalive_requests". Cov chaw "http2_max_field_size" thiab "http2_max_header_size" tau raug tshem tawm thiab "loj_client_header_buffers" yuav tsum tau siv los hloov.
- Ntxiv ib qho kev xaiv kab lus tshiab "-e", uas tso cai rau koj los qhia txog lwm cov ntaub ntawv rau kev sau cov ntawv yuam kev, uas yuav siv los hloov lub cav teev hauv qhov chaw. Hloov cov npe ntawm cov ntaub ntawv, koj tuaj yeem qhia tus nqi tshwj xeeb stderr.
Tau qhov twg los: opennet.ru