ProHoster > Blog > internet nhau > Sunungura nginx 1.16.0

Sunungura nginx 1.16.0

Mushure megore rebudiriro yakaunzwa bazi idzva rakagadzikana repamusoro-inoshanda HTTP sevha uye multiprotocol proxy server nginx 1.16.0, iyo yakabata shanduko dzakaunganidzwa mukati mebazi guru 1.15.x. Mune ramangwana, shanduko dzose mubazi rakagadzikana 1.16 richave rakabatana nekubviswa kwezvikanganiso zvakakomba uye kushaya simba. Iro bazi guru re nginx 1.17 richakurumidza kuumbwa, mukati umo kuvandudzwa kwezvinhu zvitsva zvichaenderera mberi. Kune vashandisi vakajairwa vasina basa rekuona kuenderana neyechitatu-bato modules, yakakurudzirwa shandisa iyo huru bazi, pahwaro hwekuburitswa kwechigadzirwa chekutengesa Nginx Plus inoumbwa mwedzi mitatu yega yega.

Mabhindauko anocherechedzwa akawedzerwa panguva yekuvandudzwa kwe1.15.x kumusoro kwepamusoro bazi:

  • Yakawedzera kugona kushandisa zvinosiyana mu 'directivesssl_certificate'uye'ssl_certificate_kiyi', inogona kushandiswa kurodha zvitupa zvine simba;
  • Yakawedzera kugona kurodha zvitupa zveSSL uye makiyi akavanzika kubva kune akasiyana pasina kushandisa epakati mafaera;
  • Mu block "nechokumusoro kwerwiziΒ» chirevo chitsva chaitwa Β«chibhubhubhu", nerubatsiro rwaunokwanisa kuronga kuyera kuyera nesarudzo isina kurongeka yeseva yekutumira chinongedzo;
  • Mune module ngx_stream_ssl_preread variable yakaitwa $ssl_preread_protocol,
    iyo inotsanangura iyo yepamusoro vhezheni yeSSL/TLS protocol inotsigirwa nemutengi. Iyo yakasiyana inobvumira kugadzira zvigadziriso yekuwana uchishandisa akasiyana maprotocol ane uye asina SSL kuburikidza netiweki chiteshi kana proxy traffic uchishandisa iyo http uye stream modules. Semuenzaniso, kuronga kupinda kuburikidza neSSH uye HTTPS kuburikidza nechiteshi chimwe chete, port 443 inogona kuendeswa nekusarudzika kuSSH, asi kana iyo SSL vhezheni yakatsanangurwa, kumberi kuHTTPS.

  • Shanduko nyowani yakawedzerwa kune inokwira module "$upstream_bytes_sent", iyo inoratidza nhamba yemabhaiti anoendeswa kune server yeboka;
  • Ku module chikova mukati mechikamu chimwe chete, kugona kugadzirisa akati wandei anouya UDP datagrams kubva kumutengi akawedzerwa;
  • The directive "proxy_requests", inotsanangura nhamba yedatagrams yakagamuchirwa kubva kumutengi, kana yasvika iyo inosunga pakati pemutengi neiyo UDP sesheni iripo inobviswa. Mushure mekugamuchira nhamba yakatarwa yedatagrams, iyo inotevera datagram yakagamuchirwa kubva kumutengi mumwe chete inotanga chikamu chitsva;
  • Iyo yekuteerera dhairekitori ikozvino ine kugona kutsanangura chiteshi chiteshi;
  • Added directive "ssl_early_dataΒ»kugonesa iyo modhi 0-RTT paunenge uchishandisa TLSv1.3, iyo inokubvumira kuchengetedza zvakambotaurirana TLS yekubatanidza paramita uye kuderedza nhamba yeRTTs kusvika ku2 paunotangazve kubatana kwakambosimbiswa;
  • Mitemo mitsva yakawedzerwa kugadzirisa kuchengetedza kune inobuda yekubatanidza (kugonesa kana kudzima iyo SO_KEEPALIVE sarudzo yezvigadziko):

  • Mukuraira "limit_req" yakawedzera parameter nyowani "kunonoka", iyo inoisa muganhu mushure mezvo zvikumbiro zvisingaverengeki zvinononoka;
  • Mitemo mitsva "keepalive_timeout" uye "keepalive_requests" yakawedzerwa kune "kumusoro" block yekuisa miganhu yeKeepalive;
  • Iyo "ssl" dhairekitori yakabviswa, yakatsiviwa ne "ssl" parameter mune "teerera" kuraira. Zvitupa zveSSL zvisipo zvave kuonekwa padanho rekuyedzwa kana uchishandisa β€œteerera” rairo ne β€œssl” parameter muzvirongwa;
  • Paunenge uchishandisa reset_timedout_connection dhairekitori, zvinongedzo zvave kuvharwa ne444 kodhi kana nguva yekubuda yapera;
  • Zvikanganiso zveSSL "http chikumbiro", "https proxy chikumbiro", "isina kutsigirwa protocol" uye "shanduro yakaderera zvakanyanya" zvave kuratidzwa mulogi ine nhanho "info" pachinzvimbo che "crit";
  • Yakawedzera rutsigiro rwenzira yekuvhota paWindows masisitimu kana uchishandisa Windows Vista uye gare gare;
  • Mukana wekushandisa TLSv1.3 paunenge uchivaka neBoringSSL raibhurari, kwete chete OpenSSL.

Source: opennet.ru

Voeg