ProHoster > Blog > litaba tsa inthanete > nginx 1.20.0 tokollo

nginx 1.20.0 tokollo

Ka mor'a selemo sa tsoelo-pele, lekala le lecha le tsitsitseng la ts'ebetso e phahameng ea HTTP le seva sa protocol nginx 1.20.0 e kentsoe, e kenyelletsang liphetoho tse bokelitsoeng lekaleng le ka sehloohong la 1.19.x. Nakong e tlang, liphetoho tsohle lekaleng le tsitsitseng 1.20 li tla amana le ho felisoa ha liphoso tse tebileng le bofokoli. Haufinyane lekala le ka sehloohong la nginx 1.21 le tla thehoa, moo ntlafatso ea likarolo tse ncha e tla tsoela pele. Bakeng sa basebelisi ba tloaelehileng ba se nang mosebetsi oa ho etsa bonnete ba ho lumellana le li-module tsa batho ba boraro, ho kgothaletswa ho sebelisa lekala le ka sehloohong, motheong oa hore lihlahisoa tsa sehlahisoa sa khoebo sa Nginx Plus li thehoa likhoeli tse ling le tse ling tse tharo.

Ho ea ka tlaleho ea March ho tloha Netcraft, nginx e sebelisoa ho 20.15% ea libaka tsohle tse sebetsang (selemo se fetileng 19.56%, lilemong tse peli tse fetileng 20.73%), e lumellanang le sebaka sa bobeli sa botumo sehlopheng sena (kabelo ea Apache e lumellana le 25.38% (selemong se fetileng 27.64%), Google - 10.09%, Cloudflare - 8.51% Ka nako e ts'oanang, ha ho nahanoa ka libaka tsohle, nginx e boloka boeta-pele ba eona mme e nka 35.34% ea 'maraka (selemong se fetileng 36.91%, lilemo tse peli tse fetileng - 27.52%), ha karolo ea Apache e lumellana le 25.98%, OpenResty ( sethala se thehiloeng ho nginx le LuaJIT.) - 6.55%, Microsoft IIS - 5.96%.

Har'a libaka tse limilione tse eteloang haholo lefatšeng, karolo ea nginx ke 25.55% (selemong se fetileng 25.54%, lilemo tse peli tse fetileng 26.22%). Hajoale, liwebsaete tse ka bang limilione tse 419 li tsamaisa Nginx (limilione tse 459 selemong se fetileng). Ho ea ka W3Techs, nginx e sebelisoa ho 33.7% ea libaka ho tsoa ho limilione tse eteloang ka ho fetisisa, ka April selemong se fetileng palo ena e ne e le 31.9%, selemo pele ho - 41.8% (ho fokotseha ho hlalosoa ke phetoho ea ho arola likarabello tsa Cloudflare http seva). Kabelo ea Apache e theohile ho theosa le selemo ho tloha ho 39.5% ho isa ho 34%, mme karolo ea Microsoft IIS ho tloha ho 8.3% ho isa ho 7%. Kabelo ea LiteSpeed ​​​​e holile ho tloha ho 6.3% ho ea ho 8.4%, le Node.js ho tloha ho 0.8% ho ea ho 1.2%. Russia, nginx e sebelisoa ho 79.1% ea libaka tse eteloang ka ho fetisisa (selemong se fetileng - 78.9%).

Lintlafatso tse hlokomelehang tse ekelitsoeng nakong ea nts'etsopele ea lekala la 1.19.x le holimo:

  • E kentse bokhoni ba ho netefatsa litifikeiti tsa bareki ho sebelisoa lits'ebeletso tsa kantle tse ipapisitseng le protocol ea OCSP (Online Certificate Status Protocol). Ho etsa hore cheke, ho fanoe ka taelo ea ssl_ocsp, ho hlophisa boholo ba cache - ssl_opsp_cache, ho hlalosa bocha URL ea mohlokomeli oa OCSP e boletsoeng setifikeiting - ssl_ocsp_responder.
  • ngx_stream_set_module module e kenyelelitsoe, e leng se u lumellang hore u fane ka boleng ho seva se fapaneng { mamela 12345; beha $ 'nete 1; }
  • E kentse taelo ea proxy_cookie_flags ho hlakisa lifolakha tsa Li-cookies ho likhokahano tsa proxied. Ka mohlala, ho kenya "httponly" folakha ho Cookie "one", le "nosecure" le "samesite=strict" lifolakha bakeng sa Li-cookie tse ling kaofela, u ka sebelisa mohaho o latelang: proxy_cookie_flags e le 'ngoe httponly; proxy_cookie_flags ~ nosecure samesite=thata;

    Taelo e ts'oanang ea userid_flags bakeng sa ho kenyelletsa lifolakha ho Li-Cookie le eona e kentsoe tšebetsong ngx_http_userid module.

  • Litaelo tse kentsoeng “ssl_conf_command”, “proxy_ssl_conf_command”, “grpc_ssl_conf_command” le “uwsgi_ssl_conf_command”, tseo ka tsona u ka behang liparamente tse ling tsa ho lokisa OpenSSL. Ka mohlala, ho beha pele ChaCha ciphers le tlhophiso e tsoetseng pele ea TLSv1.3 ciphers, o ka hlalosa ssl_conf_command Options PrioritizeChaCha; ssl_conf_command Ciphersuites TLS_CHACHA20_POLY1305_SHA256;
  • Ho ekelitsoe taelo ea "ssl_reject_handshake", e laelang ho hana liteko tsohle tsa ho buisana le likhokahano tsa SSL (mohlala, e ka sebelisoa ho hana mehala eohle e nang le mabitso a baamoheli a sa tsejoeng lebaleng la SNI). seva {mamela 443 ssl; ssl_reject_handshake on; } seva {mamela 443 ssl; server_name example.com; mohlala oa ssl_certificate.com.crt; ssl_certificate_key example.com.key; }
  • Taelo ea proxy_smtp_auth e kentsoe ho moemeli oa lengolo-tsoibila, e o lumellang ho netefatsa mosebelisi e ka morao o sebelisa taelo ea AUTH le mochini oa PLAIN SASL.
  • E kentse taelo ea "keepalive_time", e fokotsang nako ea bophelo bohle ba ho boloka bophelo bo bong le bo bong, ka mor'a moo khokahanyo e tla koaloa (e se ke ea ferekanngoa le keepalive_timeout, e hlalosang nako ea ho se sebetse ka mor'a moo khokahanyo ea ho boloka bophelo e koetsoe).
  • E kenyellelitse $connection_time variable, eo ka eona u ka fumanang tlhahisoleseling mabapi le nako ea khokahano ka metsotsoana ka ho nepahala ha millisecond.
  • Ho kenyellelitsoe parameter ea "min_free" ho "proxy_cache_path", "fastcgi_cache_path", "scgi_cache_path" le litaelo tsa "uwsgi_cache_path", tse laolang boholo ba cache ho latela ho khetholla boholo ba bonyane ba sebaka sa mahala sa disk.
  • Litaelo tsa "lingering_close", "lingering_time" le "lingering_timeout" li fetotsoe hore li sebetse le HTTP/2.
  • Khoutu ea ts'ebetso ea khokahano ho HTTP/2 e haufi le ts'ebetsong ea HTTP/1.x. Tšehetso bakeng sa litlhophiso tsa "http2_recv_timeout", "http2_idle_timeout" le "http2_max_requests" ha e sa sebelisoa molemong oa litaelo tse akaretsang "keepalive_timeout" le "keepalive_requests". Litlhophiso tsa "http2_max_field_size" le "http2_max_header_size" li tlositsoe 'me "large_client_header_buffers" li lokela ho sebelisoa sebakeng sa eona.
  • E kentse khetho e ncha ea mola oa taelo "-e", e u lumellang hore u hlalose faele e 'ngoe bakeng sa ho ngola tlaleho ea phoso, e tla sebelisoa ho e-na le log e boletsoeng ho litlhophiso. Sebakeng sa lebitso la faele, o ka hlakisa boleng bo khethehileng ba stderr.

Source: opennet.ru

Eketsa ka tlhaloso