ProHoster > Блог > rongo ipurangi > nginx 1.20.0 tuku

nginx 1.20.0 tuku

I muri i te tau o te whakawhanaketanga, kua whakauruhia he peka pumau hou o te tūmau HTTP mahi nui me te tūmau takawaenga maha-kawa nginx 1.20.0, e whakauru ana i nga huringa kua whakaemihia i roto i te peka matua 1.19.x. I te wa kei te heke mai, ko nga huringa katoa o te peka pumau 1.20 ka pa ki te whakakore i nga hapa nui me nga whakaraerae. Kaore i roa ka hangaia te peka matua o nginx 1.21, ka haere tonu te whanaketanga o nga ahuatanga hou. Mo nga kaiwhakamahi noa kaore he mahi ki te whakarite i te hototahi ki nga waahanga tuatoru-tuatoru, e taunaki ana kia whakamahia te peka matua, i runga i nga whakaputanga o te hua arumoni Nginx Plus ka hangaia ia toru marama.

E ai ki te ripoata a Maehe mai i Netcraft, ka whakamahia te nginx i runga i te 20.15% o nga waahi kaha katoa (he tau ki muri 19.56%, e rua tau ki muri 20.73%), e rite ana ki te waahi tuarua i roto i te rongonui i tenei waahanga (ko te wahanga o Apache e rite ana ki te 25.38% (he tau ki muri 27.64%), Google - 10.09%, Cloudflare - 8.51%. I te wa ano, ka whakaarohia nga waahi katoa, ka mau tonu te nginx i tana kaiarahi me te noho i te 35.34% o te maakete (he tau ki muri 36.91%, e rua tau ki muri - 27.52%), i te wa e rite ana te wahanga o Apache ki te 25.98%, OpenResty ( turanga i runga i te nginx me te LuaJIT.) - 6.55%, Microsoft IIS - 5.96%.

I roto i nga miriona o nga waahi kua torohia i te ao, ko te wahanga a nginx he 25.55% (he tau ki muri 25.54%, e rua tau ki muri 26.22%). I tenei wa, tata ki te 419 miriona paetukutuku kei te whakahaere i a Nginx (459 miriona i te tau ki muri). E ai ki a W3Techs, kei te whakamahia te nginx i runga i te 33.7% o nga waahi i roto i te miriona e tino torohia ana, i te marama o Paenga-whāwhā i te tau kua hipa ko te 31.9% tenei ahua, i te tau i mua - 41.8% (ko te heke ka whakamaramahia e te whakawhiti ki te kaute wehe o te Cloudflare http tūmau). I heke te wahanga o Apache i te tau mai i te 39.5% ki te 34%, me te wahanga a Microsoft IIS mai i te 8.3% ki te 7%. Ko te wahanga o LiteSpeed ​​i tipu mai i te 6.3% ki te 8.4%, me te Node.js mai i te 0.8% ki te 1.2%. I Rūhia, ka whakamahia te nginx i runga i te 79.1% o nga waahi e tino torohia ana (he tau ki muri - 78.9%).

Ko nga whakapainga tino rongonui i taapirihia i te wa o te whanaketanga o te peka whakarunga 1.19.x:

  • Kua taapirihia te kaha ki te manatoko i nga tiwhikete kiritaki ma te whakamahi i nga ratonga o waho i runga i te kawa OCSP (Online Certificate Status Protocol). Kia taea ai te haki, ka tukuna te tohutohu ssl_ocsp, ki te whirihora i te rahi o te keteroki - ssl_ocsp_cache, ki te tautuhi ano i te URL o te kaihautu OCSP i tohua ki te tiwhikete - ssl_ocsp_responder.
  • Kua whakauruhia te ngx_stream_set_module module, e taea ai e koe te tautapa he uara ki te tūmau taurangi {whakarongo 12345; tautuhi $pono 1; }
  • Kua taapirihia he tohu tohu proxy_cookie_flags hei tohu haki mo nga Pihikete i roto i nga hononga takawaenga. Hei tauira, ki te taapiri i te haki “httpanae” ki te Pihikete “one”, me nga haki “ihu” me te “samesite=strict” mo etahi atu Pihikete katoa, ka taea e koe te whakamahi i te hanga e whai ake nei: proxy_cookie_flags kotahi http anake; proxy_cookie_flags ~ nosecure samesite = tino;

    Ka whakatinanahia ano he tohutohu userid_flags mo te taapiri haki ki nga Pihikete mo te kōwae ngx_http_userid.

  • Kua taapirihia nga tohutohu "ssl_conf_command", "proxy_ssl_conf_command", "grpc_ssl_conf_command" me "uwsgi_ssl_conf_command", ka taea e koe te whakarite i nga tawhā mo te whirihora i te OpenSSL. Hei tauira, ki te whakarite i te ChaCha ciphers me te whirihoranga matatau o TLSv1.3 ciphers, ka taea e koe te tohu ssl_conf_command Options PrioritizeChaCha; ssl_conf_command Ciphersuites TLS_CHACHA20_POLY1305_SHA256;
  • Kua taapirihia te tohutohu "ssl_reject_handshake", e tohutohu ana kia paopao i nga nganatanga katoa ki te whiriwhiringa hononga SSL (hei tauira, ka taea te whakamahi ki te whakakore i nga waea katoa me nga ingoa kaihautu e kore e mohiotia i te mara SNI). tūmau {whakarongo 443 ssl; ssl_reject_handshake on; } tūmau {whakarongo 443 ssl; ingoa_server example.com; ssl_certificate example.com.crt; ssl_certificate_key example.com.key; }
  • Kua taapirihia te tohu takawaenga_smtp_auth ki te takawaenga mēra, ka taea e koe te whakamotuhēhē i te kaiwhakamahi kei te tuara ma te whakamahi i te tono AUTH me te tikanga PLAIN SASL.
  • Kua taapirihia te tohutohu "keepalive_time", e whakawhāiti ana i te katoa o te ora o ia hononga pupuri-ora, ka mutu ka kati te hononga (kaore e pohehe ki te keepalive_timeout, e tohu ana i te wa kore mahi i muri ka kati te hononga pupuri-ora).
  • Kua taapirihia te taurangi $connection_time, ka taea e koe te tiki korero mo te roanga o te hononga i roto i nga hēkona me te tika o te mirihakona.
  • Kua taapirihia he tawhā "min_free" ki te "proxy_cache_path", "fastcgi_cache_path", "scgi_cache_path" me "uwsgi_cache_path" tohutohu, e whakarite ana i te rahi o te keteroki i runga i te whakatau i te iti rawa o te mokowā kōpae koreutu.
  • Ko nga tohutohu "lingering_close", "lingering_time" me "lingering_timeout" kua whakatikahia kia mahi tahi me HTTP/2.
  • Ko te waehere tukatuka hononga i roto i te HTTP / 2 e tata ana ki te whakatinanatanga HTTP / 1.x. Ko te tautoko mo nga tautuhinga takitahi "http2_recv_timeout", "http2_idle_timeout" me "http2_max_requests" kua whakamutua hei tautoko i nga tohutohu whanui "keepalive_timeout" me "keepalive_requests". Ko nga tautuhinga "http2_max_field_size" me "http2_max_header_size" kua tangohia, me whakamahi "large_client_header_buffers".
  • Kua taapirihia he whiringa raina whakahau hou "-e", ka taea e koe te tautuhi i tetahi konae rereke mo te tuhi i te raarangi hapa, ka whakamahia hei utu mo te raarangi kua tohua ki nga tautuhinga. Engari i te ingoa kōnae, ka taea e koe te tohu i te uara motuhake stderr.

Source: opennet.ru

Tāpiri i te kōrero