Mushure megore rebudiriro
Mabhindauko anocherechedzwa akawedzerwa panguva yekuvandudzwa kwe1.15.x kumusoro kwepamusoro bazi:
- Yakawedzera kugona kushandisa zvinosiyana mu 'directives
ssl_certificate 'uye'ssl_certificate_kiyi ', inogona kushandiswa kurodha zvitupa zvine simba; - Yakawedzera kugona kurodha zvitupa zveSSL uye makiyi akavanzika kubva kune akasiyana pasina kushandisa epakati mafaera;
- Mu block "
nechokumusoro kwerwizi Β» chirevo chitsva chaitwa Β«chibhubhubhu ", nerubatsiro rwaunokwanisa kuronga kuyera kuyera nesarudzo isina kurongeka yeseva yekutumira chinongedzo; - Mune module
ngx_stream_ssl_preread variable yakaitwa$ssl_preread_protocol ,
iyo inotsanangura iyo yepamusoro vhezheni yeSSL/TLS protocol inotsigirwa nemutengi. Iyo yakasiyana inobvumirakugadzira zvigadziriso yekuwana uchishandisa akasiyana maprotocol ane uye asina SSL kuburikidza netiweki chiteshi kana proxy traffic uchishandisa iyo http uye stream modules. Semuenzaniso, kuronga kupinda kuburikidza neSSH uye HTTPS kuburikidza nechiteshi chimwe chete, port 443 inogona kuendeswa nekusarudzika kuSSH, asi kana iyo SSL vhezheni yakatsanangurwa, kumberi kuHTTPS. - Shanduko nyowani yakawedzerwa kune inokwira module "
$upstream_bytes_sent ", iyo inoratidza nhamba yemabhaiti anoendeswa kune server yeboka; - Ku module
chikova mukati mechikamu chimwe chete, kugona kugadzirisa akati wandei anouya UDP datagrams kubva kumutengi akawedzerwa; - The directive "
proxy_requests ", inotsanangura nhamba yedatagrams yakagamuchirwa kubva kumutengi, kana yasvika iyo inosunga pakati pemutengi neiyo UDP sesheni iripo inobviswa. Mushure mekugamuchira nhamba yakatarwa yedatagrams, iyo inotevera datagram yakagamuchirwa kubva kumutengi mumwe chete inotanga chikamu chitsva; - Iyo yekuteerera dhairekitori ikozvino ine kugona kutsanangura chiteshi chiteshi;
- Added directive "
ssl_early_data Β»kugonesa iyo modhi0-RTT paunenge uchishandisa TLSv1.3, iyo inokubvumira kuchengetedza zvakambotaurirana TLS yekubatanidza paramita uye kuderedza nhamba yeRTTs kusvika ku2 paunotangazve kubatana kwakambosimbiswa; - Mitemo mitsva yakawedzerwa kugadzirisa kuchengetedza kune inobuda yekubatanidza (kugonesa kana kudzima iyo SO_KEEPALIVE sarudzo yezvigadziko):
- Β«
proxy_socket_keepalive " - inogadzirisa "TCP keepalive" maitiro ekubuda kwekubatanidza kune proxied server; - Β«
fastcgi_socket_keepalive " - inogadzirisa "TCP keepalive" maitiro ekubuda kwekubatanidza kune FastCGI server; - Β«
grpc_socket_keepalive " - inogadzirisa "TCP keepalive" maitiro ekubuda kwekubatanidza kune gRPC server; - Β«
memcached_socket_keepalive " - inogadzirisa "TCP keepalive" maitiro ekubuda kwekubatanidza kune memcached server; - Β«
scgi_socket_keepalive " - inogadzirisa "TCP keepalive" maitiro ekubuda kwekubatanidza kune SCGI server; - Β«
uwsgi_socket_keepalive " - inogadzirisa "TCP keepalive" maitiro ekubuda kwekubatanidza kune uwsgi server.
- Β«
- Mukuraira "
limit_req" yakawedzera parameter nyowani "kunonoka", iyo inoisa muganhu mushure mezvo zvikumbiro zvisingaverengeki zvinononoka; - Mitemo mitsva "keepalive_timeout" uye "keepalive_requests" yakawedzerwa kune "kumusoro" block yekuisa miganhu yeKeepalive;
- Iyo "ssl" dhairekitori yakabviswa, yakatsiviwa ne "ssl" parameter mune "teerera" kuraira. Zvitupa zveSSL zvisipo zvave kuonekwa padanho rekuyedzwa kana uchishandisa βteereraβ rairo ne βsslβ parameter muzvirongwa;
- Paunenge uchishandisa reset_timedout_connection dhairekitori, zvinongedzo zvave kuvharwa ne444 kodhi kana nguva yekubuda yapera;
- Zvikanganiso zveSSL "http chikumbiro", "https proxy chikumbiro", "isina kutsigirwa protocol" uye "shanduro yakaderera zvakanyanya" zvave kuratidzwa mulogi ine nhanho "info" pachinzvimbo che "crit";
- Yakawedzera rutsigiro rwenzira yekuvhota paWindows masisitimu kana uchishandisa Windows Vista uye gare gare;
- Mukana wekushandisa
TLSv1.3 paunenge uchivaka neBoringSSL raibhurari, kwete chete OpenSSL.
Source: opennet.ru