Pulogalamu ya ProHoster > Blog > nkhani zapaintaneti > nginx 1.20.0 kumasulidwa

nginx 1.20.0 kumasulidwa

Pambuyo pa chaka cha chitukuko, nthambi yatsopano yokhazikika ya seva yapamwamba ya HTTP ndi seva ya protocol multi-protocol nginx 1.20.0 yakhazikitsidwa, yomwe imaphatikizapo kusintha komwe kunapezeka mu nthambi yaikulu 1.19.x. M'tsogolomu, kusintha konse mu nthambi yokhazikika 1.20 kudzakhudzana ndi kuthetsa zolakwika zazikulu ndi zofooka. Posachedwa nthambi yayikulu ya nginx 1.21 idzapangidwa, momwe chitukuko cha zatsopano chidzapitirira. Kwa ogwiritsa ntchito wamba omwe alibe ntchito yowonetsetsa kuti akugwirizana ndi ma module a chipani chachitatu, tikulimbikitsidwa kugwiritsa ntchito nthambi yayikulu, pamaziko omwe kutulutsidwa kwa malonda a Nginx Plus kumapangidwa miyezi itatu iliyonse.

Malinga ndi lipoti la Marichi kuchokera ku Netcraft, nginx imagwiritsidwa ntchito pa 20.15% ya malo onse ogwira ntchito (chaka chapitacho 19.56%, zaka ziwiri zapitazo 20.73%), zomwe zimagwirizana ndi malo achiwiri kutchuka m'gululi (gawo la Apache likufanana ndi 25.38% (chaka chapitacho 27.64%), Google - 10.09%, Cloudflare - 8.51%.Pa nthawi yomweyo, poganizira malo onse, nginx imasunga utsogoleri wake ndipo imakhala ndi 35.34% ya msika (chaka chapitacho 36.91%, zaka ziwiri zapitazo - 27.52%), pamene gawo la Apache likufanana ndi 25.98%, OpenResty ( nsanja yochokera ku nginx ndi LuaJIT.) - 6.55%, Microsoft IIS - 5.96%.

Pakati pa malo miliyoni omwe adayendera kwambiri padziko lonse lapansi, gawo la nginx ndi 25.55% (chaka chapitacho 25.54%, zaka ziwiri zapitazo 26.22%). Pakadali pano, masamba pafupifupi 419 miliyoni akuyendetsa Nginx (459 miliyoni chaka chapitacho). Malingana ndi W3Techs, nginx imagwiritsidwa ntchito pa 33.7% ya malo kuchokera pa milioni yomwe adayendera kwambiri, mu April chaka chatha chiwerengerochi chinali 31.9%, chaka chatha - 41.8% (kutsika kumafotokozedwa ndi kusintha kwa kusiyana kowerengera ndalama za Cloudflare http seva). Gawo la Apache lidatsika chaka kuchokera 39.5% mpaka 34%, ndipo gawo la Microsoft IIS kuchokera 8.3% mpaka 7%. Gawo la LiteSpeed ​​​​linakula kuchoka pa 6.3% kufika pa 8.4%, ndi Node.js kuchoka pa 0.8% kufika pa 1.2%. Ku Russia, nginx imagwiritsidwa ntchito pa 79.1% ya malo omwe adayendera kwambiri (chaka chapitacho - 78.9%).

Zowoneka bwino zomwe zidawonjezedwa pakukula kwa nthambi yakumtunda kwa 1.19.x:

  • Anawonjezera kuthekera kotsimikizira ziphaso za kasitomala pogwiritsa ntchito ntchito zakunja kutengera protocol ya OCSP (Online Certificate Status Protocol). Kuti mutsegule cheke, lamulo la ssl_opsp likuperekedwa, kuti musinthe kukula kwa cache - ssl_opsp_cache, kutanthauziranso ulalo wa chogwirizira cha OCSP chomwe chafotokozedwa mu satifiketi - ssl_ocsp_responder.
  • The ngx_stream_set_module module ikuphatikizidwa, yomwe imakulolani kuti mupereke mtengo kwa seva yosinthika {mverani 12345; khalani $zoona 1; }
  • Adawonjezedwa malangizo a proxy_cookie_flags kuti atchule mbendera za Ma cookie mumalumikizidwe a proxied. Mwachitsanzo, kuwonjezera mbendera ya "httponly" ku Cookie "imodzi", ndi mbendera za "nosecure" ndi "samesite=strict" za Ma Cookies ena onse, mutha kugwiritsa ntchito zomanga zotsatirazi: proxy_cookie_flags imodzi httponly; proxy_cookie_flags ~ nosecure samesite=zovuta;

    Dongosolo lofananira la userid_flags lowonjezera mbendera ku Ma cookie limakhazikitsidwanso pagawo la ngx_http_userid.

  • Maupangiri owonjezera "ssl_conf_command", "proxy_ssl_conf_command", "grpc_ssl_conf_command" ndi "uwsgi_ssl_conf_command", omwe mutha kuyika nawo magawo ena osintha OpenSSL. Mwachitsanzo, kuika patsogolo ChaCha ciphers ndi kasinthidwe kapamwamba ka TLSv1.3 ciphers, mukhoza kufotokoza ssl_conf_command Options PrioritizeChaCha; ssl_conf_command Ciphersuites TLS_CHACHA20_POLY1305_SHA256;
  • Wowonjezera "ssl_reject_handshake" malangizo, omwe amalangiza kukana zoyesayesa zonse zokambilana ma SSL (mwachitsanzo, angagwiritsidwe ntchito kukana mafoni onse okhala ndi mayina odziwika osadziwika mugawo la SNI). seva {mverani 443 ssl; ssl_reject_kugwirana chanza; } seva {mverani 443 ssl; seva_name example.com; ssl_certificate example.com.crt; ssl_certificate_key example.com.key; }
  • Proxy_smtp_auth malangizo awonjezedwa ku projekiti yamakalata, kukulolani kuti mutsimikizire wogwiritsa ntchito patsamba lakumbuyo pogwiritsa ntchito lamulo la AUTH ndi makina a PLAIN SASL.
  • Anawonjezera chitsogozo cha "keepalive_time", chomwe chimachepetsa nthawi yonse ya moyo wa kugwirizana kulikonse kokhala ndi moyo, pambuyo pake kugwirizana kudzatsekedwa (osasokonezedwa ndi keepalive_timeout, yomwe imatanthawuza nthawi yosagwira ntchito pambuyo pake kugwirizana kwamoyo kumatsekedwa).
  • Wowonjezera $connection_time variable, momwe mungapezere zambiri za nthawi yolumikizira mumasekondi ndi kulondola kwa millisecond.
  • Gawo la "min_free" lawonjezedwa ku "proxy_cache_path", "fastcgi_cache_path", "scgi_cache_path" ndi malangizo a "uwsgi_cache_path", omwe amawongolera kukula kwa cache potengera kukula kwa disk yaulere.
  • Malangizo a "lingering_close", "linging_time" ndi "lingering_timeout" asinthidwa kuti azigwira ntchito ndi HTTP/2.
  • Khodi yolumikizira mu HTTP/2 ili pafupi ndi kukhazikitsa kwa HTTP/1.x. Kuthandizira pazokonda payokha "http2_recv_timeout", "http2_idle_timeout" ndi "http2_max_requests" kwathetsedwa mokomera malangizo onse "keepalive_timeout" ndi "keepalive_requests". Zokonda "http2_max_field_size" ndi "http2_max_header_size" zachotsedwa ndipo "large_client_header_buffers" ziyenera kugwiritsidwa ntchito m'malo mwake.
  • Onjezani njira yatsopano yopangira "-e", yomwe imakupatsani mwayi wofotokozera fayilo ina yolemba chipika cholakwa, chomwe chidzagwiritsidwa ntchito m'malo mwa chipika chomwe chafotokozedwa pazosintha. M'malo mwa dzina lafayilo, mutha kufotokoza mtengo wapadera stderr.

Source: opennet.ru

Kuwonjezera ndemanga