I-ProHoster > Блог > izindaba ze-inthanethi > nginx 1.20.0 ukukhululwa

nginx 1.20.0 ukukhululwa

Ngemva konyaka wokuthuthukiswa, igatsha elisha elizinzile leseva ye-HTTP esebenza kahle kakhulu kanye neseva elibamba lephrothokholi eminingi nginx 1.20.0 yethulwe, ehlanganisa izinguquko eziqoqwe egatsheni eliyinhloko 1.19.x. Ngokuzayo, zonke izinguquko egatsheni elizinzile 1.20 zizohlotshaniswa nokuqedwa kwamaphutha amakhulu kanye nokuba sengozini. Maduze igatsha eliyinhloko le-nginx 1.21 lizokwakhiwa, lapho ukuthuthukiswa kwezici ezintsha kuzoqhubeka. Kubasebenzisi abajwayelekile abangenawo umsebenzi wokuqinisekisa ukuhambisana namamojula wezinkampani zangaphandle, kunconywa ukusebenzisa igatsha eliyinhloko, ngesisekelo lapho ukukhishwa komkhiqizo wezohwebo i-Nginx Plus kwakhiwa njalo ezinyangeni ezintathu.

Ngokombiko ka-March ovela kwa-Netcraft, i-nginx isetshenziswa ku-20.15% yazo zonke izingosi ezisebenzayo (onyakeni odlule i-19.56%, eminyakeni emibili edlule i-20.73%), ehambelana nendawo yesibili ekudumeni kulesi sigaba (isabelo se-Apache sihambisana ne-25.38% (onyakeni odlule i-27.64%), i-Google - 10.09%, Cloudflare - 8.51%. Ngesikhathi esifanayo, lapho ucubungula zonke izingosi, i-nginx igcina ubuholi bayo futhi ithatha i-35.34% yemakethe (onyakeni odlule 36.91%, eminyakeni emibili edlule - 27.52%), kuyilapho isabelo se-Apache sihambisana no-25.98%, i-OpenResty ( isiteji esisekelwe ku-nginx ne-LuaJIT.) - 6.55%, i-Microsoft IIS - 5.96%.

Phakathi kwezigidi zezindawo ezivakashelwa kakhulu emhlabeni, isabelo se-nginx singama-25.55% (onyakeni odlule 25.54%, eminyakeni emibili edlule 26.22%). Njengamanje, cishe amawebhusayithi ayizigidi ezingama-419 asebenzisa i-Nginx (izigidi ezingama-459 ngonyaka owedlule). Ngokusho kwe-W3Techs, i-nginx isetshenziswa ku-33.7% wamasayithi ezigidini ezivakashelwe kakhulu, ngo-Ephreli ngonyaka odlule lesi sibalo sasingu-31.9%, unyaka owandulele - 41.8% (ukwehla kuchazwa yinguquko yokuhlukanisa i-accounting ye-Cloudflare http iseva). Isabelo sika-Apache sehle ngonyaka sisuka ku-39.5% saya ku-34%, kanti isabelo seMicrosoft IIS sisuka ku-8.3% saya ku-7%. Isabelo se-LiteSpeed ​​​​sikhule sisuka ku-6.3% saya ku-8.4%, kanti i-Node.js sisuka ku-0.8% saya ku-1.2%. E-Russia, i-nginx isetshenziswa ku-79.1% yezindawo ezivakashelwe kakhulu (ngonyaka odlule - 78.9%).

Ukuthuthukiswa okuphawuleka kakhulu okwengezwe ngesikhathi sokuthuthukiswa kwegatsha elikhuphuka nomfula elingu-1.19.x:

  • Kwengezwe amandla okuqinisekisa izitifiketi zeklayenti kusetshenziswa amasevisi angaphandle asekelwe kuphrothokholi ye-OCSP (Online Certificate Status Protocol). Ukuze unike amandla ukuhlola, umyalo we-ssl_osp uyahlongozwa, ukuze kumiswe usayizi wenqolobane - ssl_opsp_cache, ukuchaza kabusha i-URL yesibambi se-OCSP esicaciswe kusitifiketi - ssl_ocsp_responder.
  • I-ngx_stream_set_module module ifakiwe, evumela ukuthi unikeze inani kuseva eguquguqukayo {lalela i-12345; setha i-$ 1 yeqiniso; }
  • Kwengezwe isiqondiso se-proxy_cookie_flags ukuze ucacise amafulegi Amakhukhi kuxhumo olunamaphroksi. Isibonelo, ukwengeza ifulegi elithi “httponly” ku-Cookie “one”, kanye namafulegi “e-nosecure” kanye “ne-samesite=strict” kuwo wonke amanye ama-Cookies, ungasebenzisa ukwakhiwa okulandelayo: i-proxy_cookie_flags eyodwa httponly; proxy_cookie_flags ~ nosecure samesite=strict;

    Umyalelo ofanayo we-usid_flags wokwengeza amafulegi kuma-Cookies nawo uyasetshenziswa kumojula ethi ngx_http_userid.

  • Iziqondiso ezingeziwe “ssl_conf_command”, “proxy_ssl_conf_command”, “grpc_ssl_conf_command” kanye ne-“uwsgi_ssl_conf_command”, ongamisa ngazo amapharamitha angenangqondo ukuze ulungiselele i-OpenSSL. Isibonelo, ukubeka phambili ama-ciphers e-ChaCha kanye nokucushwa okuthuthukile kwama-ciphers we-TLSv1.3, ungacacisa ssl_conf_command Options PrioritizeChaCha; ssl_conf_command Ciphersuites TLS_CHACHA20_POLY1305_SHA256;
  • Kwengezwe umyalelo othi "ssl_reject_handshake", oyalela ukwenqaba yonke imizamo yokuxoxisana noxhumo lwe-SSL (isibonelo, ingasetshenziswa ukunqabela zonke izingcingo ezinamagama omethuleli angaziwa endaweni ye-SNI). iseva {lalela i-443 ssl; ssl_reject_handshake kuvuliwe; } iseva {lalela 443 ssl; server_name example.com; ssl_certificate example.com.crt; ssl_certificate_key example.com.key; }
  • Umyalelo we-proxy_smtp_auth wengeziwe kummeleli wemeyili, okuvumela ukuthi uqinisekise umsebenzisi ongemuva usebenzisa umyalo we-AUTH kanye nendlela ye-PLAIN SASL.
  • Kwengezwe umyalelo othi "keepalive_time", okhawulela impilo yonke yokuxhumana ngakunye kokugcina uphila, ngemva kwalokho ukuxhumeka kuzovalwa (akumele kudidaniswe ne-keepalive_timeout, echaza isikhathi sokungasebenzi ngemva kwalokho ukuxhumeka kokugcina kuphila kuvalwa).
  • Kwengezwe okuguquguqukayo kwe-$connection_time, ongathola ngakho ulwazi mayelana nobude besikhathi sokuxhuma ngemizuzwana ngokunemba kwe-millisecond.
  • Ipharamitha ethi “min_free” yengezwe kuziqondiso ze-“proxy_cache_path”, “fastcgi_cache_path”, “scgi_cache_path” kanye “ne-uwsgi_cache_path”, elawula usayizi wenqolobane ngokusekelwe ekunqumeni usayizi omncane wesikhala samahhala sediski.
  • Iziqondiso ze-"lingering_close", "lingering_time" kanye ne-"lingering_timeout" ziguqulelwe ukuze zisebenze ne-HTTP/2.
  • Ikhodi yokucubungula uxhumano ku-HTTP/2 iseduze nokuqaliswa kwe-HTTP/1.x. Usekelo lwezilungiselelo ezingazodwana "http2_recv_timeout", "http2_idle_timeout" kanye ne-"http2_max_requests" kunqanyuliwe kuvumela iziqondiso ezijwayelekile "keepalive_timeout" kanye "nezicelo_zokugcina". Izilungiselelo "http2_max_field_size" kanye "http2_max_header_size" zikhishiwe futhi "large_client_header_buffers" kufanele zisetshenziswe esikhundleni salokho.
  • Kwengezwe inketho yomugqa womyalo omusha “-e”, okuvumela ukuthi ucacise elinye ifayela lokubhala ilogu yephutha, elizosetshenziswa esikhundleni selogi eshiwo kuzilungiselelo. Esikhundleni segama lefayela, ungacacisa inani elikhethekile stderr.

Source: opennet.ru

Engeza amazwana