nginx 1.16.0 kumasulidwa

Pambuyo pa chaka cha chitukuko yoyimiriridwa ndi nthambi yatsopano yokhazikika ya seva yogwira ntchito kwambiri ya HTTP ndi seva ya protocol ya multiprotocol nginx 1.16.0, yomwe idatenga zosintha zomwe zidasonkhanitsidwa mkati mwa nthambi yayikulu 1.15.x. M'tsogolomu, kusintha konse mu nthambi yokhazikika 1.16 kudzakhudzana ndi kuthetsa zolakwika zazikulu ndi zofooka. Nthambi yayikulu ya nginx 1.17 idzapangidwa posachedwa, momwe chitukuko cha zinthu zatsopano chidzapitilira. Kwa ogwiritsa ntchito wamba omwe alibe ntchito yowonetsetsa kuti akugwirizana ndi ma module a chipani chachitatu, analimbikitsa gwiritsani ntchito nthambi yayikulu, pamaziko omwe kutulutsidwa kwa malonda a Nginx Plus kumapangidwa miyezi itatu iliyonse.

Zowoneka bwino zomwe zidawonjezedwa pakukula kwa nthambi yakumtunda kwa 1.15.x:

• Anawonjezera kuthekera kogwiritsa ntchito zosinthika mu 'directivesssl_certificate'ndi'ssl_certificate_key', yomwe ingagwiritsidwe ntchito kunyamula ziphaso zosinthika;
• Anawonjezera kuthekera kokweza ziphaso za SSL ndi makiyi achinsinsi kuchokera pazosintha popanda kugwiritsa ntchito mafayilo apakatikati;
• Mu block "kumtunda» malangizo atsopano akhazikitsidwa «zopanda pake", mothandizidwa ndi zomwe mungathe kukonza kusanja katundu ndi seva yosankhidwa mwachisawawa kuti mutumize kulumikizana;
• Mu module ngx_stream_ssl_preread kusintha kwakhazikitsidwa $ssl_preread_protocol,
  yomwe imatchula mtundu wapamwamba kwambiri wa protocol ya SSL/TLS yomwe kasitomala amathandizira. Kusintha kumalola pangani masinthidwe Kuti mupeze mwayi wogwiritsa ntchito ma protocol osiyanasiyana ndi opanda SSL kudzera pa doko limodzi la netiweki mukamagwiritsa ntchito ma module a http ndi stream. Mwachitsanzo, kukonza zolowera kudzera pa SSH ndi HTTPS kudzera pa doko limodzi, doko 443 litha kutumizidwa mwachisawawa ku SSH, koma ngati mtundu wa SSL wafotokozedwa, pita ku HTTPS.

• Kusintha kwatsopano kwawonjezeredwa ku module yakumtunda "$upstream_bytes_sent", yomwe imawonetsa kuchuluka kwa ma byte omwe amatumizidwa ku seva ya gulu;
• Ku module mtsinje mkati mwa gawo limodzi, kuthekera kokonza ma datagram angapo a UDP omwe akubwera kuchokera kwa kasitomala awonjezedwa;
• Malangizo "proxy_requests", imatchula kuchuluka kwa ma datagram omwe alandilidwa kuchokera kwa kasitomala, akafika pomwe kulumikizana pakati pa kasitomala ndi gawo la UDP lomwe lilipo kumachotsedwa. Pambuyo polandira chiwerengero chodziwika cha datagrams, detagram yotsatira yolandira kuchokera kwa kasitomala yemweyo imayamba gawo latsopano;
• Lamulo lomvera tsopano lili ndi kuthekera kofotokozera madoko;
• Malangizo owonjezera "ssl_early_data»kuti muyambitse mode 0-RTT mukamagwiritsa ntchito TLSv1.3, zomwe zimakupatsani mwayi wosunga magawo olumikizirana a TLS omwe adakambirana kale ndikuchepetsa kuchuluka kwa RTTs mpaka 2 mukayambiranso kulumikizana komwe kudakhazikitsidwa kale;
• Malangizo atsopano awonjezedwa kuti mukonzekere kusungabe maulumikizidwe otuluka (kupangitsa kapena kuletsa njira ya SO_KEEPALIVE ya sockets):
  • «proxy_socket_keepalive" - imakonza "TCP keepalive" machitidwe olumikizirana ndi seva yolumikizidwa;
  • «fastcgi_socket_keepalive" - imakonza "TCP keepalive" yolumikizirana ndi seva ya FastCGI;
  • «grpc_socket_keepalive" - imakonza machitidwe a "TCP keepalive" pamalumikizidwe otuluka ku seva ya gRPC;
  • «memcached_socket_keepalive" - imakonza "TCP keepalive" machitidwe olumikizirana ndi seva yosungidwa;
  • «scgi_socket_keepalive" - imakonza "TCP keepalive" khalidwe la mauthenga otuluka ku seva ya SCGI;
  • «uwsgi_socket_keepalive" - ikonza khalidwe la "TCP keepalive" pamalumikizidwe otuluka ku seva ya uwsgi.
• Mu malangizo "malire_req" adawonjezera "kuchedwa" kwatsopano, komwe kumayika malire pambuyo pake zopempha zosafunikira zimachedwa;
• Malangizo atsopano "keepalive_timeout" ndi "keepalive_requests" awonjezedwa ku "kumtunda" chipika kuti muyike malire a Keepalive;
• Lamulo la "ssl" latsitsidwa, m'malo mwa "ssl" parameter mu "mverani" malangizo. Ziphaso za SSL zomwe zikusowa tsopano zazindikirika poyesa kosinthidwe mukamagwiritsa ntchito chilangizo cha "mverani" chokhala ndi "ssl" parameter muzokonda;
• Mukamagwiritsa ntchito reset_timedout_connection malangizo, maulumikizidwe tsopano amatsekedwa ndi code 444 pamene nthawi yomaliza yatha;
• Zolakwa za SSL "pempho la http", "https proxy request", "proxy protocol" ndi "version yotsika kwambiri" tsopano zikuwonetsedwa mu chipika chokhala ndi mulingo wa "info" m'malo mwa "crit";
• Thandizo lowonjezera la njira yovotera pamakina a Windows mukamagwiritsa ntchito Windows Vista ndi pambuyo pake;
• Kuthekera kogwiritsa ntchito TLSv1.3 pomanga ndi laibulale ya BoringSSL, osati OpenSSL yokha.

Source: opennet.ru