nginx 1.16.0 mwepụta

Mgbe otu afọ mmepe gasịrị nọchiri anya ya alaka ọhụrụ kwụsiri ike nke sava HTTP dị elu yana sava proxy multiprotocol nginx 1.16.0, nke na-etinye uche na mgbanwe ndị a chịkọbara n'ime alaka isi 1.15.x. N'ọdịnihu, mgbanwe niile na alaka ụlọ ọrụ 1.16 kwụsiri ike ga-ejikọta na mkpochapụ nke njehie dị njọ na adịghị ike. A ga-emepụta alaka isi nke nginx 1.17 n'oge na-adịghị anya, n'ime nke mmepe nke atụmatụ ọhụrụ ga-aga n'ihu. Maka ndị ọrụ nkịtị na-enweghị ọrụ ịhụ ndakọrịta na modul ndị ọzọ, ka akwadoro jiri ngalaba isi, na ndabere nke ewepụtara ngwaahịa azụmaahịa Nginx Plus kwa ọnwa atọ.

Ọganihu kachasị ama ama agbakwunyere n'oge mmepe nke ngalaba elu 1.15.x:

• Agbakwunyere ikike iji mgbanwe na ntuziaka 'ssl_certificate'Na'ssl_certificate_key', nke a pụrụ iji dynamically ibu asambodo;
• Agbakwunyere ike ibunye asambodo SSL na igodo nzuzo site na mgbanwe na-ejighi faịlụ etiti;
• N'ime ngọngọ"elu ugwu» ntuziaka ọhụrụ etinyere «random", site n'enyemaka nke ị nwere ike ịhazi nhazi ibu na nhọrọ nke ihe nkesa maka iziga njikọ;
• Na modul ngx_stream_ssl_preread agbanwe emejuputa atumatu $ssl_preread_protocol,
  nke na-akọwapụta ụdị kachasị elu nke protocol SSL/TLS nke onye ahịa na-akwado. Ihe agbanwe agbanwe na-enye ohere mepụta nhazi maka ịnweta site na iji protocol dị iche iche na na-enweghị SSL site na otu ọdụ ụgbọ mmiri mgbe ị na-ebufe okporo ụzọ site na iji http na iyi modul. Dịka ọmụmaatụ, iji hazie ohere site na SSH na HTTPS site na otu ọdụ ụgbọ mmiri, enwere ike ibuga ọdụ ụgbọ mmiri 443 na ndabara na SSH, mana ọ bụrụ na akọwapụtara ụdị SSL, gaa na HTTPS.

• Agbakwunyela mgbanwe ọhụrụ na modul elu "$upstream_bytes_sent", nke na-egosiputa ọnụọgụ bytes bufee na nkesa otu;
• Ka modul stream n'ime otu nnọkọ, agbakwunyere ike ịhazi ọtụtụ datagram UDP na-abata site na onye ahịa;
• Ntuziaka"arịrịọ proxy_request", na-akọwapụta ọnụ ọgụgụ nke datagrams natara n'aka onye ahịa, mgbe iru eru nke ewepụrụ njikọ dị n'etiti onye ahịa na nnọkọ UDP dị ugbu a. Mgbe ị nwetachara ọnụ ọgụgụ datagram ndị akọwapụtara, datagram ọzọ natara n'aka otu onye ahịa ahụ na-amalite nnọkọ ọhụrụ;
• Ntuziaka ntị ugbu a nwere ikike ịkọwapụta ọdụ ụgbọ mmiri;
• Ntuziaka agbakwunyere"ssl_early_data» iji mee ka ọnọdụ ahụ nwee ike 0-RTT mgbe ị na-eji TLSv1.3, nke na-enye gị ohere ịchekwa paramita njikọ njikọ TLS kwurịtara na mbụ ma belata ọnụ ọgụgụ RTT na 2 mgbe ịmaliteghachi njikọ eguzobeburu;
• Agbakwunyela ntuziaka ọhụrụ iji hazie keepalive maka njikọ ndị na-apụ apụ (na-enyere ma ọ bụ gbanyụọ nhọrọ SO_KEEPALIVE maka sọket):
  • «proxy_socket_keepalive"- na-ahazi omume "TCP keepalive" maka njikọ ọpụpụ na sava proxied;
  • «fastcgi_socket_keepalive"- na-ahazi omume "TCP keepalive" maka njikọ ọpụpụ na sava FastCGI;
  • «grpc_socket_keepalive"- na-ahazi omume "TCP keepalive" maka njikọ ọpụpụ na sava gRPC;
  • «memcached_socket_keepalive"- na-ahazi omume "TCP keepalive" maka njikọ ọpụpụ na ihe nkesa memcached;
  • «scgi_socket_keepalive"- na-ahazi omume "TCP keepalive" maka njikọ ọpụpụ na sava SCGI;
  • «uwsgi_socket_keepalive"- na-ahazi omume "TCP keepalive" maka njikọ ọpụpụ na sava uwsgi.
• N'ime ntuziaka "limit_req" agbakwunyere oke “ogbu oge” ọhụrụ, nke na-esetịpụ oke mgbe nke a ga-egbu oge arịrịọ na-enweghị isi;
• agbakwunyere ntuziaka ọhụrụ "keepalive_timeout" na "keepalive_requests" na ngọngọ "elu iyi" iji tọọ oke maka Keepalive;
• Akwụsịla ntuziaka "ssl", jiri akara "ssl" dochie ya na ntuziaka "ntị". A na-achọpụta asambodo SSL na-efu efu ugbu a na nhazi ule nhazi mgbe ị na-eji ntuziaka “ntị” yana oke “ssl” na ntọala;
• Mgbe ị na-eji ntuziaka reset_timedout_connection, njikọ na-eji koodu 444 mechie ugbu a mgbe oge agwụla;
• Egosiputa njehie SSL "arịrịọ http", "arịrịọ proxy https", "protocol akwadoghị" na "ụdị dị ala" na ndekọ nke nwere ọkwa "ozi" kama ịbụ "crit";
• Nkwado agbakwunyere maka usoro ntuli aka na sistemụ Windows mgbe ị na-eji Windows Vista na emesia;
• Enwere ike iji TLSv1.3 mgbe ị na-eji ọbá akwụkwọ BoringSSL na-ewu, ọ bụghị naanị OpenSSL.

isi: opennet.ru