I-ProHoster > Π‘Π»ΠΎΠ³ > izindaba ze-inthanethi > nginx 1.16.0 ukukhululwa

nginx 1.16.0 ukukhululwa

Ngemva konyaka wentuthuko kwethulwe igatsha elisha elizinzile leseva ye-HTTP esebenza kahle kakhulu kanye neseva elibamba ye-multiprotocol nginx 1.16.0, ebambe izinguquko ezinqwabelene ngaphakathi kwegatsha elikhulu 1.15.x. Ngokuzayo, zonke izinguquko egatsheni elizinzile 1.16 zizohlotshaniswa nokuqedwa kwamaphutha amakhulu kanye nokuba sengozini. Igatsha eliyinhloko le-nginx 1.17 lizokwakhiwa maduze, lapho ukuthuthukiswa kwezici ezintsha kuzoqhubeka. Kubasebenzisi abajwayelekile abangenawo umsebenzi wokuqinisekisa ukuhambisana namamojula ezinkampani zangaphandle, kunconyiwe sebenzisa igatsha eliyinhloko, ngesisekelo lapho ukukhishwa komkhiqizo wezohwebo i-Nginx Plus kwakhiwa njalo ezinyangeni ezintathu.

Ukuthuthukiswa okuphawuleka kakhulu okwengezwe ngesikhathi sokuthuthukiswa kwegatsha elikhuphuka nomfula elingu-1.15.x:

  • Kwengezwe amandla okusebenzisa okuguquguqukayo ' kuziqondisossl_isitifiketi'ΠΈ'ssl_certificate_key', engasetshenziswa ukulayisha izitifiketi ngokuguquguqukayo;
  • Kwengezwe ikhono lokulayisha izitifiketi ze-SSL nokhiye abayimfihlo kusuka kokuguquguqukayo ngaphandle kokusebenzisa amafayela aphakathi;
  • Emgqeni "umfulaΒ» isiqondiso esisha senziwe Β«Okungahleliwe", ngosizo ongakwazi ukuhlela ukulinganisa komthwalo ngokukhetha okungahleliwe kweseva ukuze udlulisele uxhumano;
  • Kumojula ngx_stream_ssl_preread okuguquguqukayo kwenziwe $ssl_preread_protocol,
    ecacisa inguqulo ephezulu kakhulu yephrothokholi ye-SSL/TLS esekelwa iklayenti. Okuguquguqukayo kuvumela dala ukucupha ukuze ufinyelele usebenzisa izivumelwano ezihlukahlukene nge-SSL nangaphandle kwayo ngembobo yenethiwekhi eyodwa lapho ubamba ithrafikhi usebenzisa i-http kanye namamojula okusakaza. Isibonelo, ukuhlela ukufinyelela nge-SSH ne-HTTPS ngembobo eyodwa, imbobo 443 ingadluliselwa ngokuzenzakalelayo ku-SSH, kodwa uma inguqulo ye-SSL ichazwa, dlulisela ku-HTTPS.

  • Okuhlukile okusha kwengezwe kumojula yomfula "$upstream_bytes_sent", ebonisa inani lamabhayithi adluliselwe kuseva yeqembu;
  • Ukuze module Ukusakaza phakathi neseshini eyodwa, ikhono lokucubungula idathagram ye-UDP eminingana engenayo evela kuklayenti lengeziwe;
  • Umyalelo "izicelo_zommeleli", icacisa inani lama-datagrams atholwe kuklayenti, lapho kufinyelelwa khona lapho kususwa ukubophezela phakathi kweklayenti nesikhathi esikhona se-UDP. Ngemva kokuthola inombolo eshiwo yama-datagram, idathagram elandelayo etholwe kuklayenti elifanayo iqala iseshini entsha;
  • Umyalelo wokulalela manje unamandla okucacisa ububanzi bembobo;
  • Umyalelo owengeziwe "ssl_early_dataΒ»ukuvumela imodi 0-RTT uma usebenzisa i-TLSv1.3, ekuvumela ukuthi ulondoloze amapharamitha wokuxhuma we-TLS okwaxoxiswane ngawo ngaphambilini futhi wehlise inani lama-RTT ukuya ku-2 lapho uqalisa kabusha uxhumano olusungulwe ngaphambilini;
  • Iziqondiso ezintsha zengeziwe ukuze kulungiselelwe ukugcinwa kokuphila kokuxhumana okuphumayo (ukunika amandla noma ukukhubaza inketho ye-SO_KEEPALIVE yamasokhethi):

    • Β«i-proxy_socket_keepalive" - ilungiselela ukuziphatha kwe-"TCP keepalive" ekuxhumekeni okuphumayo kuseva elibamba;
    • Β«fastcgi_socket_keepalive" - ilungiselela ukuziphatha kwe-"TCP keepalive" ekuxhumekeni okuphumayo kuseva ye-FastCGI;
    • Β«grpc_socket_keepalive" - ilungiselela ukuziphatha kwe-"TCP keepalive" ekuxhumekeni okuphumayo kuseva ye-gRPC;
    • Β«memcached_socket_keepalive" - ilungiselela ukuziphatha kwe-"TCP keepalive" ekuxhumekeni okuphumayo kuseva egcinwe kwi-memcached;
    • Β«scgi_socket_keepalive" - ilungiselela ukuziphatha kwe-"TCP keepalive" ekuxhumekeni okuphumayo kuseva ye-SCGI;
    • Β«uwsgi_socket_keepalive" - ilungiselela "TCP keepalive" ukuziphatha koxhumano oluphumayo kuseva ye-uwsgi.
  • Kumyalelo "limit_req" wengeze ipharamitha entsha β€œukubambezeleka”, ebeka umkhawulo okuthi ngemva kwalokho izicelo ezingafuneki zibambezeleke;
  • Iziqondiso ezintsha "keepalive_timeout" kanye "keepalive_requests" zengezwe ebhulokhini "ekhuphukayo" ukuze kubekwe imikhawulo ye-Keepalive;
  • Umyalelo we-"ssl" wehlisiwe, esikhundleni sawo yipharamitha ye-"ssl" kumyalelo othi "lalela". Izitifiketi ze-SSL ezingekho manje sezitholwa esigabeni sokuhlola ukucushwa lapho kusetshenziswa isiyalelo esithi "lalela" ngepharamitha ye-"ssl" kuzilungiselelo;
  • Uma usebenzisa i-reset_timedout_connection Direction, ukuxhumana manje kuvalwe ngekhodi engu-444 uma isikhathi sokuvala siphela;
  • Amaphutha e-SSL "isicelo se-http", "isicelo sommeleli we-https", "iphrothokholi engasekelwe" kanye "nenguqulo iphansi kakhulu" manje aboniswa kulogi nezinga elithi "ulwazi" esikhundleni sokuthi "crit";
  • Ukwesekwa okwengeziwe kwendlela yokuvota kumasistimu e-Windows uma usebenzisa i-Windows Vista futhi kamuva;
  • Amathuba wokusebenzisa I-TLSv1.3 lapho wakha ngomtapo wezincwadi we-BoringSSL, hhayi nje i-OpenSSL.

Source: opennet.ru

Engeza amazwana