ProHoster > Blog > internet nhau > Nginx 1.26.0 yakaburitswa neHTTP/3 rutsigiro

Nginx 1.26.0 yakaburitswa neHTTP/3 rutsigiro

Mushure megore rekuvandudza, bazi idzva rakagadzikana repamusoro-kushanda kweHTTP sevha uye multi-protocol proxy server nginx 1.26.0 yakadhindwa, iyo inobatanidza shanduko dzakaunganidzwa mubazi guru 1.25.x. Mune ramangwana, shanduko dzese mubazi rakagadzikana 1.26 richave rakabatana nekubviswa kwezvikanganiso zvakakomba uye kushaya simba. Nenguva isipi bazi guru re nginx 1.27 richaumbwa, umo kuvandudzwa kwezvinhu zvitsva zvichaenderera mberi. Kune vashandisiwo zvavo vasina basa rekuona kuenderana nevechitatu-bato modules, zvinokurudzirwa kushandisa iyo huru bazi, pahwaro hwekuburitswa kwechigadzirwa chekutengesa Nginx Plus inoumbwa mwedzi mitatu yega yega.

Maererano neshumo yaKurume kubva kuNetcraft, angangoita mamirioni mazana maviri nemakumi mana nematatu mawebhusaiti ari kuita Nginx (243 miriyoni gore rapfuura). Nginx inoshandiswa pa289% yenzvimbo dzese dzinoshanda (gore rapfuura 18.15%, makore maviri apfuura 18.94%), iyo inoenderana nenzvimbo yechipiri mukuzivikanwa muchikamu ichi (mugove weApache unoenderana ne20.08% (gore rapfuura 20.09, makore maviri yapfuura 20.52%), Cloudflare - 22.58% (14.12%, 11.32%), Google - 10.42% (10.41%, 9.89%) Panguva imwe chete, kana uchitarisa nzvimbo dzose, nginx inochengetedza hutungamiri hwayo uye inotora 8.89% yemusika. (gore rapfuura 22.31%, makore maviri apfuura - 25.94%), nepo mugove weApache uchienderana ne31.13% (20.17, 20.58%), Cloudflare - 23.08% (11.24, 10.17%), OpenResty (nginx uye LuaJIT yakavakirwa papuratifomu5.49) - 7.93. % (7.94%, 8.01%).

Pakati pemamiriyoni enzvimbo dzakashanyirwa zvakanyanya munyika, chikamu chenginx chiri 20.63% (gore rapfuura 21.37%, makore maviri apfuura 21.79%), Cloudflare - 22.59% (gore rapfuura 21.62%), Apache httpd - 20.09% (21.18) %). Maererano neW3Techs, nginx inoshandiswa pa 34.3% yemamiriyoni akashanyirwa nzvimbo, muna Kubvumbi gore rakapera nhamba iyi yaiva 34.5%, gore rakapfuura - 33.1%. Chikamu cheApache chakadonha mugore kubva pa32.2% kuenda pa%30.1, uye chikamu cheMicrosoft IIS chakadonha kubva pa5.6% kuenda pa4.8%. Node.js' share yakawedzera kubva pa2.4% kusvika pa3.2%, uye LiteSpeed's share kubva pa11.8% kusvika 12.9%.

Mabhindauko anocherechedzwa akawedzerwa panguva yekuvandudzwa kwe1.25.x kumusoro kwepamusoro bazi:

  • Yakawedzerwa ngx_http_v3 module ine kuyedza tsigiro yeHTTP/3 protocol. Kuvaka iyo module, iyo "--ne-http_v3_module" sarudzo inopihwa. HTTP/3 inotsanangura kushandiswa kweprotocol yeQUIC (Quick UDP Internet Connections) sekutakura kweHTTP/2. QUIC ndeyekuwedzeredzwa kweprotocol yeUDP inotsigira kuwanda kwekubatanidza kwakawanda uye inopa nzira dzekunyorera dzakafanana neTLS/SSL. Iyo protocol yakagadzirwa mu2013 neGoogle seimwe nzira kune TCP + TLS musanganiswa weWebhu, kugadzirisa matambudziko nekureba kwekubatanidza kuseta uye nguva dzekutaurirana muTCP uye kubvisa kunonoka kana mapaketi akarasika panguva yekufambisa data.
  • Iyo yakaparadzana "http2" dhairekitori yakawedzerwa kuti isarudze kugonesa iyo HTTP/2 protocol ine chekuita nemaseva (inogona kushandiswa mune akaparadzana "server" zvidhinha). Iyo "http2" parameter mu "teerera" dhiraivha yarambwa.
  • Dziviriro kubva kune zvisiri zvenguva dzose zveHTTP/2 vatengi yakasimbiswa, uye, kunyanya, kurwisa DoS kurwiswa kwe "Rapid Reset" kirasi, umo nhamba huru yekukurumidza kusetazve tambo inogadzirwa mukati meimwe HTTP/2 yekubatanidza. Muchigadziro chekugadzirisa, kurwiswa kwakadaro kunoganhurirwa nehuwandu hwezvikumbiro pakubatanidza "keepalive_requests" (mushure mezvikumbiro zana zvega zvega kubatana kunogadzikiswa) uye zvirambidzo "limit_req". Kuti upindure kare mafashama nezvikumbiro kuburikidza nenhamba huru yeshinda, imwezve miganho yakawedzerwa iyo isingatenderi kugadzirwa kweanopfuura mazana maviri nemakumi mashanu nenhanhatu (1000 * max_concurrent_streams) tambo nyowani pachiitiko chekugadzirisa chiitiko nekusarudzika. Muganho mutsva unoita kuti zvibvire kutanga kuvharira zvikumbiro kusati kwasvika muganho wakazara pahuwandu hwetambo dzenguva imwe chete, semuenzaniso kana tambo dzichigadziriswa asynchronously kana kupeperetswa.
  • Rutsigiro rwawedzerwa ku stream module. virtual servers, iyo magadzirirwo ayo anotsanangurwa mu "server { … }" block uchishandisa server_name directive. server { server_name ~^(www\.)?(.+)$; proxy_pass www.$2:12345; }
  • Yakawedzera module itsva, ngx_stream_pass_module, yakagadzirirwa kutumira ma connections anogamuchirwa zvakananga kune chero soketi yekuteerera ine chekuita nema modules akadai se http, stream, uye mail. stream { server { listen 12345 Ssl; ssl_certificate domain.crt; ssl_certificate_key domain.key; pass 127.0.0.1:8000; } }
  • Iyo yekuteerera inoraira yerukova module inoshandisa tsigiro ye "yakadzoserwa" (inogonesa kudzoreredzwa kubvuma), "kugamuchira_filter" (inouya yekubatanidza sefa inoiswa isati yadaidza basa rekugamuchira) uye "setfib" (kuseta tafura yenzira) paramita.
  • Kune mamwe mavakirwo, rutsigiro rwakaitwa pakuona saizi yeblock (cache line) inoshandiswa kuendesa data pakati peCPU cache uye ndangariro.
  • Yakavandudzwa manejimendi emabhafa anoshandiswa kana aona otomatiki kubatana kweHTTP/2.
  • Kuita kwekutanga zvigadziriso nehuwandu hukuru hwe "nzvimbo" mirairo yakagadziridzwa.
  • Yakabviswa rutsigiro rweServer push tekinoroji muHTTP/2.
  • Tsigiro ye "ssl" dhiraivha, yakambodzikiswa, yakadonhedzwa.

Kuburitswa kwakagadzikana kweiyo FreeNginx 1.26.0 chirongwa, icho chinogadzira forogo yeNginx, chakaburitswa mavhiki maviri apfuura. Iyo forogo iri kuvandudzwa naMaxim Dunin, mumwe weakakosha maNginx vagadziri. FreeNginx inomisikidzwa senge isingabatsiri purojekiti inopa kusimudzira kweiyo Nginx kodhi base pasina kupindira kwekambani.

Source: opennet.ru

Tenga inovimbika yekutambira kwemasaiti ane DDoS dziviriro, VPS VDS maseva 🔥 Tenga webhusaiti yakavimbika ine dziviriro yeDDoS, maseva eVPS VDS | ProHoster