ΠΡΠ΅Π΄ΡΡΠ°Π²Π»Π΅Π½ Π²ΡΠΏΡΡΠΊ Π²ΡΡΠΎΠΊΠΎΠΏΡΠΎΠΈΠ·Π²ΠΎΠ΄ΠΈΡΠ΅Π»ΡΠ½ΠΎΠ³ΠΎ HTTP-ΡΠ΅ΡΠ²Π΅ΡΠ° ΠΈ ΠΌΠ½ΠΎΠ³ΠΎΠΏΡΠΎΡΠΎΠΊΠΎΠ»ΡΠ½ΠΎΠ³ΠΎ ΠΏΡΠΎΠΊΡΠΈ-ΡΠ΅ΡΠ²Π΅ΡΠ° Angie 1.8.0, ΠΎΡΠ²Π΅ΡΠ²Π»ΡΠ½Π½ΠΎΠ³ΠΎ ΠΎΡ Nginx Π³ΡΡΠΏΠΏΠΎΠΉ Π±ΡΠ²ΡΠΈΡ ΡΠ°Π·ΡΠ°Π±ΠΎΡΡΠΈΠΊΠΎΠ² ΠΏΡΠΎΠ΅ΠΊΡΠ°, ΡΠ²ΠΎΠ»ΠΈΠ²ΡΠΈΡ ΡΡ ΠΈΠ· ΠΊΠΎΠΌΠΏΠ°Π½ΠΈΠΈ F5 Network. ΠΡΡ ΠΎΠ΄Π½ΡΠ΅ ΡΠ΅ΠΊΡΡΡ Angie Π΄ΠΎΡΡΡΠΏΠ½Ρ ΠΏΠΎΠ΄ Π»ΠΈΡΠ΅Π½Π·ΠΈΠ΅ΠΉ BSD. ΠΡΠΎΠ΅ΠΊΡ ΠΏΠΎΠ»ΡΡΠΈΠ» ΡΠ΅ΡΡΠΈΡΠΈΠΊΠ°ΡΡ ΡΠΎΠ²ΠΌΠ΅ΡΡΠΈΠΌΠΎΡΡΠΈ Ρ ΡΠΎΡΡΠΈΠΉΡΠΊΠΈΠΌΠΈ ΠΎΠΏΠ΅ΡΠ°ΡΠΈΠΎΠ½Π½ΡΠΌΠΈ ΡΠΈΡΡΠ΅ΠΌΠ°ΠΌΠΈ Π Π΅Π΄ ΠΠ‘, Astra Linux Uhlelo Olukhethekile, i-Rosa Chrome Server, i-Alt kanye nezinguqulo ze-FSTEC ze-Alt.
Intuthuko isekelwa yinkampani yeWeb Server, eyasungulwa ekwindla ka-2022 futhi yathola ukutshalwa kwezimali kwezigidi eziyi-1 zamaRandi. Phakathi kwabanikazi abambisene benkampani yeWeb Server kukhona u-Valentin Bartenev (umholi weqembu elakha umkhiqizo we-Nginx Unit), u-Ivan Poluyanov (owayeyinhloko yabathuthukisi abaphambili kwa-Rambler and Mail.Ru), u-Oleg Mamontov (oyinhloko yethimba labasekeli bezobuchwepheshe be-NGINX Inc), noRuslan Ermilov (ru@FreeBSD.org).
Izinguquko ku-Angie 1.8.0:
- Amandla emojula ye-http_acme, eklanyelwe ukwenza ngokuzenzakalelayo ukwamukela nokuvuselelwa kwezitifiketi ezivela kwabasemagunyeni bezitifiketi ze-Let's Encrypt sisebenzisa iphrothokholi ye-ACME (Automatic Certificate Management Environment), anwetshiwe:
- Usekelo olungeziwe lwendlela yokuqinisekisa ye-DNS-01, edingekayo ukuze uthole izitifiketi ezinamamaski ahlanganisa iqembu lezizinda ezingaphansi (ngokwesibonelo, *.example.com).
- Umyalelo we-βacme_hookβ wengeziwe, lapho ungalungisa khona ukubiza izinhlelo zokusebenza zangaphandle nezibambi ngenqubo yokuqinisekisa ubunikazi besizinda. Izibambi ezinjalo zingasetshenziselwa ukuhlanganiswa nezinsizakalo zangaphandle nabahlinzeki be-DNS.
- Ukuze kube lula ukuxilongwa, kufakwe ulwazi olwengeziwe kulogi, njengesizathu sokubuyekeza isitifiketi, uhlu oluphelele i-Π΄ΠΎΠΌΠ΅Π½ΠΎΠ², i-ID ye-akhawunti yekhasimende, imininingwane yokungasebenzi, kanye nesizinda esihlolwayo.
- Kungezwe ipharamitha ethi "account_key" kusiqondiso esithi "acme_client" ukuze kusetshenziswe kabusha ukhiye wokufinyelela okhona iseva I-ACME, esikhundleni sokukhiqiza ngokuzenzakalelayo ukhiye omusha.
- Ikhono lokucacisa okuhlukile kusiqondiso esithi βstatus_zoneβ elisetshenziswa ekusakazeni kanye namamojula we-http selifakiwe. Okuguquguqukayo kungasetshenziswa ukuze urekhode ngokuguqukayo izibalo ngokuhlobene nabasingathi abangabodwana abachazwe "endaweni" eyodwa noma ibhulokhi "yeseva". iseva {lalela 80; Igama_leseva *.example.com; status_zone $host zone=host_zone:10; indawo / {proxy_pass http://example.com; }}
- Imojuli yokucindezela ye-gzip iyahambisana ne-zlib-ng 2.2 nezinguqulo ezintsha.
- Ukuqaliswa komyalelo we-max_headers, okhawulela inombolo enkulu yezihloko ze-HTTP esicelweni, ususiwe kuphrojekthi ye-freenginx, engaba usizo ekuvikeleni ukuhlaselwa kwe-DoS.
- Kwengezwe http3_max_table_capacity kanye neziqondiso ze-proxy_http3_max_table_capacity ukuze kukhawulwe usayizi wethebula elisetshenziselwa ukucindezelwa kwesihloko ku-HTTP/3.
- Usekelo olungeziwe lokuhlanganisa - ukwakhiwa manje kungenziwa ngaphandle kwesidingo sokuqalisa izikripthi ze-autotest endaweni eqondiwe.
- Ushintsho lususiwe ku-freenginx oluxazulula inkinga ngamaphutha okulethwa kwempendulo phakathi nokuvalwa okuhle kwezinqubo zesibambi - ukuxhumana okugcina uphila manje kuvalwa kuphela ngemva kokuba isikhathi sokuvala esishiwo kumyalelo wokuvala_ukuphelelwa yisikhathi sekuphelelwe yisikhathi.
- Ukuze uthole amanani asesikhathini samanje uma usebenzisa abasingathi ababonakalayo, ukugcinwa kwenqolobane kwegama le-$ssl_server_, $ssl_server_cert_type, $ssl_preread_protocol kanye nokuhlukahluka kwegama le-$ssl_preread_server_name kukhutshaziwe kumojuli yokusakaza.
- Izinguquko ezihlongozwayo kunguqulo ye-nginx 1.27.3 zisusiwe endaweni yokugcina iphrojekthi ye-nginx.
Source: opennet.ru
