ProHoster > Π‘Π»ΠΎΠ³ > wararka internetka > nginx 1.20.0 sii deynta

nginx 1.20.0 sii deynta

Sannad ka dib horumarinta, laan cusub oo xasilloon oo ka mid ah server-ka HTTP ee waxqabadka sare leh iyo server-ka proxy-ka badan ee nginx 1.20.0 ayaa la soo bandhigay, kaas oo ku daraya isbeddelada ku ururay laanta ugu weyn 1.19.x. Mustaqbalka, dhammaan isbeddelada laanta xasilloon ee 1.20 waxay la xiriiri doonaan ciribtirka khaladaadka halista ah iyo dayacanka. Dhawaan laanta ugu weyn ee nginx 1.21 ayaa la samayn doonaa, kaas oo horumarinta sifooyinka cusubi ay sii wadi doonaan. Isticmaalayaasha caadiga ah ee aan haysanin hawsha hubinta in ay la jaanqaadaan qaybaha saddexaad, waxaa lagu talinayaa in la isticmaalo laanta ugu weyn, taas oo ku saleysan sii deynta badeecada ganacsiga Nginx Plus ayaa la sameeyaa saddexdii biloodba mar.

Marka loo eego warbixinta March ee Netcraft, nginx waxaa loo isticmaalaa 20.15% dhammaan goobaha firfircoon (sanad ka hor 19.56%, laba sano ka hor 20.73%), taas oo u dhiganta booska labaad ee caanka ah ee qaybtan (qaybta Apache waxay u dhigantaa 25.38% (sanad ka hor 27.64%), Google - 10.09%, Cloudflare - 8.51% Isla mar ahaantaana, marka la tixgeliyo dhammaan goobaha, nginx waxay sii haysaa hoggaankeeda waxayna ku jirtaa 35.34% suuqa (sanad ka hor 36.91%, laba sano ka hor - 27.52%), halka saamiga Apache ay u dhiganto 25.98%, OpenResty ( platform ku salaysan nginx iyo LuaJIT.) - 6.55%, Microsoft IIS - 5.96%.

Ka mid ah milyanka goobaha loogu booqashada badan yahay adduunka, saamiga nginx waa 25.55% (sanad ka hor 25.54%, laba sano ka hor 26.22%). Waqtigan xaadirka ah, qiyaastii 419 milyan oo shabakadood ayaa maamula Nginx (459 milyan sanad ka hor). Sida laga soo xigtay W3Techs, nginx waxaa loo isticmaalaa 33.7% goobaha milyan ee ugu badan ee la booqdo, bishii Abriil ee sannadkii hore tiradani waxay ahayd 31.9%, sannadkii hore - 41.8% (hoos u dhaca waxaa lagu sharaxay kala-guurka xisaabinta Cloudflare http. server). Saamiga Apache ayaa hoos uga dhacay sanadka 39.5% ilaa 34%, iyo saamiga Microsoft IIS 8.3% ilaa 7%. Saamiga LiteSpeed ​​​​wuxuu ka kacay 6.3% ilaa 8.4%, iyo Node.js 0.8% ilaa 1.2%. Ruushka, nginx waxaa loo isticmaalaa 79.1% goobaha inta badan la booqdo (sanad ka hor - 78.9%).

Horumarka ugu caansan ee lagu daray inta lagu jiro horumarinta laanta sare ee 1.19.x:

  • Waxaa lagu daray awoodda lagu xaqiijinayo shahaadooyinka macmiilka iyadoo la adeegsanayo adeegyada dibadda ee ku saleysan borotokoolka OCSP (Online Certificate Status Protocol). Si aad awood ugu siiso jeegga, dardaaranka ssl_ocsp ayaa la soo jeediyay, si loo habeeyo cabbirka kaydka -ssl_ocsp_cache, si dib loogu qeexo URL maamulaha OCSP ee lagu sheegay shahaadada -ssl_ocsp_responder.
  • Moduleka ngx_stream_set_module ayaa lagu soo daray, kaas oo kuu ogolaanaya inaad qiimeyso server-ka doorsoomaha ah {dhegayso 12345; dhigay $ run 1; }
  • Lagu darey dardaaranka proxy_cookie_flags si loo cayimo calamada Kukiyada ee isku xirka wakiilada. Tusaale ahaan, in lagu daro calanka "httponly" kukiyada "hal", iyo "nosecure" iyo "samesite=strict" calamada dhammaan Kukiyada kale, waxaad isticmaali kartaa dhismaha soo socda: proxy_cookie_flags hal httponly; proxy_cookie_flags ~ nosecure samesite= adag;

    Dardaaran la mid ah userid_flags ee ku darida calamada Kukiyada ayaa sidoo kale loo hirgeliyay moduleka ngx_http_userid.

  • Dardaaranka lagu daray "ssl_conf_command", "proxy_ssl_conf_command", "grpc_ssl_conf_command" iyo "uwsgi_ssl_conf_command", kuwaas oo aad ku dejin karto cabbirro aan sabayn oo loogu talagalay habaynta OpenSSL. Tusaale ahaan, si loo kala hormariyo ciphers ChaCha iyo qaabaynta sare ee TLSv1.3 ciphers, waxaad cayimi kartaa ssl_conf_command Options PrioritizeChaCha; ssl_conf_command Ciphersuites TLS_CHACHA20_POLY1305_SHA256;
  • Waxaa lagu daray dardaaranka "ssl_reject_handshake", kaas oo faraya in la diido dhammaan isku dayga lagu gorgortamayo isku xirka SSL (tusaale ahaan, waxaa loo isticmaali karaa in lagu diido dhammaan wicitaannada aan la garanayn martigeliyaha ee goobta SNI). server {dhagayso 443 ssl; ssl_diiday_gacanta; } server {dhagayso 443 ssl; server_name example.com; ssl_certificate tusaale.com.crt; ssl_certificate_key example.com.key; }
  • Dardaaranka proxy_smtp_auth ayaa lagu daray wakiilka boostada, taasoo kuu ogolaanaysa inaad ku cadayso isticmaalaha dhabarka dambe adoo isticmaalaya amarka AUTH iyo habka PLAIN SASL.
  • Waxaa lagu daray dardaaranka "keepalive_time", kaas oo xaddidaya wadarta cimriga xidhiidh kasta oo sii noole, ka bacdina xidhiidhku wuu xidhmi doonaa (ma aha in lagu khaldo keepalive_timeout, kaas oo qeexaya wakhtiga dhaqdhaqaaq la'aanta ka dib kaas oo xidhidhiyaha nooluhu xidhmo).
  • Lagu daray $connection_time variable, kaas oo aad ku heli karto macluumaadka ku saabsan mudada isku xidhka ilbidhiqsiyo leh sax millisecond.
  • Halbeegyada "min_free" ayaa lagu daray "proxy_cache_path", "fastcgi_cache_path", "scgi_cache_path" iyo "uwsgi_cache_path", kaas oo nidaaminaya cabbirka kaydinta iyadoo lagu saleynayo go'aaminta cabbirka ugu yar ee booska diskka bilaashka ah.
  • Dardaaranka "lingering_close", "time_time" iyo "dajinta_timeout" ayaa la waafajiyay si ay ula shaqeeyaan HTTP/2.
  • Koodhka habaynta isku xidhka ee HTTP/2 waxa uu u dhawyahay hirgalinta HTTP/1.x Taageerada goobaha gaarka ah "http2_recv_timeout", "http2_idle_timeout" iyo "http2_max_requests" waa la joojiyay iyadoo la raacayo tilmaamaha guud "keepalive_timeout" iyo "keepalive_requests". Dejinta "http2_max_field_size" iyo "http2_max_header_size" waa laga saaray oo "large_client_header_buffers" waa in la adeegsadaa.
  • Waxaa lagu daray khad cusub oo ikhtiyaari ah "-e", kaas oo kuu ogolaanaya inaad qeexdo fayl kale oo aad ku qorto diiwaanka qaladka, kaas oo loo isticmaali doono halkii log ee lagu cayimay goobaha. Halkii magaca faylka, waxaad qeexi kartaa qiimaha gaarka ah ee stderr.

Source: opennet.ru

Add a comment