Emva konyaka wophuhliso, isebe elitsha elizinzileyo lomncedisi we-HTTP ophezulu kunye ne-protocol ye-protocol ye-nginx 1.20.0 iye yaziswa, ebandakanya utshintsho oluqokelelwe kwisebe eliphambili le-1.19.x. Kwixesha elizayo, zonke iinguqu kwisebe elizinzile 1.20 ziya kuhambelana nokupheliswa kweempazamo ezinzulu kunye nobuthathaka. Kungekudala isebe eliphambili le-nginx 1.21 liya kwenziwa, apho ukuphuhliswa kweempawu ezintsha kuya kuqhubeka. Kubasebenzisi abaqhelekileyo abangenawo umsebenzi wokuqinisekisa ukuhambelana neemodyuli zeqela lesithathu, kucetyiswa ukuba kusetyenziswe isebe eliphambili, ngesiseko sokukhutshwa kwemveliso yorhwebo i-Nginx Plus yenziwe rhoqo emva kweenyanga ezintathu.
Ngokutsho kwengxelo kaMatshi evela kwi-Netcraft, i-nginx isetyenziswe kwi-20.15% yazo zonke iziza ezisebenzayo (unyaka odlulileyo i-19.56%, iminyaka emibini edlulileyo i-20.73%), ehambelana nendawo yesibini ekudumeni kolu didi (isabelo se-Apache sihambelana ne-25.38% (ngonyaka odlulileyo i-27.64%), iGoogle - 10.09%, Cloudflare - 8.51% Ngexesha elifanayo, xa uqwalasela zonke iisayithi, i-nginx igcina ubunkokeli bayo kwaye ithatha i-35.34% yeemarike (unyaka odlulileyo 36.91%, kwiminyaka emibini edlulileyo - 27.52%), ngelixa isabelo se-Apache sihambelana ne-25.98%, i-OpenResty (iqonga elisekelwe kwi-nginx kunye ne-LuaJIT.) - 6.55%, iMicrosoft IIS - 5.96%.
Phakathi kwezigidi ezityelelwe kakhulu kwiindawo zehlabathi, isabelo se-nginx si-25.55% (unyaka odlulileyo 25.54%, kwiminyaka emibini edlulileyo 26.22%). Okwangoku, malunga ne-419 yezigidi zewebhusayithi zisebenzisa i-Nginx (i-459 yezigidi ngonyaka odlulileyo). Ngokutsho kwe-W3Techs, i-nginx isetyenziswe kwi-33.7% yeendawo kwizigidi ezityelelwe kakhulu, ngo-Ephreli kunyaka ophelileyo eli nani laliyi-31.9%, unyaka ngaphambi - i-41.8% (ukwehla kuchazwa yinguqu yokwahlula i-accounting ye-Cloudflare http umncedisi). Isabelo se-Apache sehle ngonyaka ukusuka kwi-39.5% ukuya kwi-34%, kunye nesabelo seMicrosoft IIS ukusuka kwi-8.3% ukuya kwi-7%. Isabelo seLiteSpeed sikhule ukusuka kwi-6.3% ukuya kwi-8.4%, kunye ne-Node.js ukusuka kwi-0.8% ukuya kwi-1.2%. ERashiya, i-nginx isetyenziswe kwi-79.1% yeendawo ezityelelwe kakhulu (ngonyaka odlulileyo - 78.9%).
Olona phuculo luphawulekayo longezwe ngexesha lophuhliso lwe-1.19.x yesebe elingasentla:
- Kongezwe ukukwazi ukuqinisekisa izatifikethi zabaxumi kusetyenziswa iinkonzo zangaphandle ezisekelwe kwi-OCSP (iProtokholi yeSimo seSatifikethi se-Intanethi). Ukwenza itshekhi isebenze, umyalelo we-ssl_osp uyacetywa, ukuqwalasela ubungakanani be-cache - ssl_opsp_cache, ukuchaza kwakhona i-URL yomphathi we-OCSP echazwe kwisatifikethi - ssl_osp_responder.
- Imodyuli ye-ngx_stream_set_module ifakiwe, ekuvumela ukuba unike ixabiso kumncedisi oguqukayo { mamela 12345; misela i-$ 1; }
- Kongezwe imiyalelo ye-proxy_cookie_flags ukucacisa iiflegi zeeKuki kuqhagamshelo lweproxied. Umzekelo, ukongeza iflegi ethi "httponly" kwiCookie "enye", kunye ne "nosecure" kunye ne "samesite=strict" iflegi kuzo zonke ezinye iiKuki, ungasebenzisa ulwakhiwo olulandelayo: proxy_cookie_flags enye httponly; i-proxy_cookie_flags ~ nosecure samesite=ngqongqo;
Umyalelo ofanayo we- userid_flags wokongeza iiflegi kwiiKuki ukwaphunyeziwe kwimodyuli ye-ngx_http_userid.
- Izikhokelo ezongeziweyo “ssl_conf_command”, “proxy_ssl_conf_command”, “grpc_ssl_conf_command” kunye “uwsgi_ssl_conf_command”, apho unokuseta iiparameters ezingafanelekanga ukulungiselela i-OpenSSL. Ngokomzekelo, ukubeka phambili i-ChaCha ciphers kunye noqwalaselo oluphambili lwe-TLSv1.3 ciphers, ungacacisa ssl_conf_command Options PrioritizeChaCha; ssl_conf_command Ciphersuites TLS_CHACHA20_POLY1305_SHA256;
- Umyalelo wongeziweyo "ssl_reject_handshake", oyalela ukwala zonke iinzame zokuthethathethana ngemidibaniso ye-SSL (umzekelo, ingasetyenziselwa ukwala zonke iifowuni ezinamagama enginginya angaziwayo kwindawo ye-SNI). umncedisi {mamela 443 ssl; ssl_reject_handshake; } umncedisi { mamela 443 ssl; iseva_yegama umzekelo.com; ssl_certificate umzekelo.com.crt; ssl_certificate_key example.com.key; }
- Umyalelo we-proxy_smtp_auth wongeziwe kwi-imeyile yommeli, ikuvumela ukuba ungqinisise umsebenzisi kwicala elingasemva usebenzisa umyalelo we-AUTH kunye ne-PLAIN SASL indlela.
- Kongezwe umyalelo othi "keepalive_time", othintela ubomi bubonke bonxibelelwano ngalunye lokuhlala, emva koko uxhulumaniso luya kuvalwa (ungadideki kunye ne-keepalive_timeout, echaza ixesha lokungasebenzi emva kokuba uxhulumaniso lokugcina luvaliwe).
- Kongezwe i-$connection_time variable, apho unokufumana khona ulwazi malunga nobude bexesha lokuxhuma kwimizuzwana ngokuchaneka kwe-millisecond.
- I-parameter "min_free" yongezwe kwi-"proxy_cache_path", "fastcgi_cache_path", "scgi_cache_path" kunye ne-"uwsgi_cache_path" imiyalelo, elawula ubungakanani be-cache esekelwe ekumiseni ubungakanani obuncinci bendawo yediski yamahhala.
- I-"lingering_close", "lingering_time" kunye ne "lingering_timeout" izikhokelo zilungelelaniswe ukusebenza kunye ne-HTTP/2.
- Ikhowudi yokucubungula uqhagamshelwano kwi-HTTP/2 isondele ekuphunyezweni kweHTTP/1.x. Inkxaso yeesethingi zomntu ngamnye "http2_recv_timeout", "http2_idle_timeout" kunye ne-"http2_max_requests" iye yapheliswa ngokuxhasa imiyalelo ngokubanzi "keepalive_timeout" kunye no-"keepalive_requests". Isetingi "http2_max_field_size" kunye "http2_max_header_size" zisusiwe kwaye endaweni yoko kufuneka kusetyenziswe "large_client_header_buffers".
- Kongezwe ukhetho olutsha lomyalelo "-e", okuvumela ukuba uchaze enye ifayile yokubhala ilogi yephutha, eya kusetyenziswa endaweni yelogi echazwe kwizicwangciso. Endaweni yegama lefayile, ungakhankanya ixabiso elikhethekileyo stderr.
umthombo: opennet.ru