Bayan watanni 13 na ci gaba sabon barga reshe fito Sabar HTTP mai girma da kuma uwar garken wakili na yarjejeniya da yawa nginx 1.22.0, wanda ya haɗa da canje-canjen da aka tara a cikin babban reshe na 1.21.x.
Nan gaba, duk canje-canje a cikin 1.22 barga reshe zai kasance da alaka da debugging da kuma mummunan rauni. Babban reshe na nginx 1.23 zai kasance nan ba da jimawa ba, wanda za a ci gaba da haɓaka sabbin abubuwa.
Ga masu amfani na yau da kullun waɗanda ba su da aikin tabbatar da dacewa tare da samfuran ɓangare na uku, ana ba da shawarar yin amfani da babban reshe, dangane da nau'ikan samfuran kasuwanci na Nginx Plus kowane watanni uku.
Babban labarai a cikin nginx 1.22.0
A cikin wannan sabon sigar nginx 1.22.0 da aka gabatar, da Ingantacciyar kariya daga hare-haren ajin masu fasa kwauri na HTTP a tsarin gaba-karshen baya wanda ke ba ka damar samun damar abun ciki na buƙatun masu amfani da aka sarrafa a cikin zaren guda ɗaya tsakanin ƙarshen gaba da ƙarshen baya. Nginx yanzu koyaushe yana dawo da kuskure yayin amfani da hanyar CONNECT; ta lokaci guda ƙayyadaddun ƙayyadaddun taken "Tsarin Abun ciki" da "Transfer-Encoding"; lokacin da akwai sarari ko haruffa masu sarrafawa a cikin kirtan tambaya, sunan taken HTTP, ko ƙimar taken "Mai watsa shiri".
Wani sabon abu da ya yi fice a cikin wannan sabuwar sigar ita ce ƙarin tallafi don masu canji zuwa umarni "proxy_ssl_certificate", "proxy_ssl_certificate_key", "grpc_ssl_certificate", "grpc_ssl_certificate_key", "uwsgi_ssl_certificate" da "uwsgi_ssl_certificate_key".
Bugu da ƙari, an kuma lura cewa an ƙara shi goyon baya ga yanayin "bututu". don aika buƙatun POP3 ko IMAP da yawa akan haɗin kai ɗaya zuwa tsarin saƙon wasiƙa, da kuma sabon umarnin "max_errors" wanda ke ƙayyadad da matsakaicin adadin kurakuran yarjejeniya bayan haka haɗin zai rufe.
Kwallaye "Auth-SSL-Protocol" da "Auth-SSL-Cipher" an wuce zuwa uwar garken wakili na saƙo, da goyon baya ga tsawo na ALPN TLS an ƙara zuwa tsarin watsawa. Don tantance jerin ƙa'idodin ALPN masu goyan bayan (h2, http/1.1), ana ba da shawarar umarnin ssl_alpn, kuma don samun bayani game da ka'idar ALPN da aka amince da abokin ciniki, madaidaicin $ssl_alpn_protocol.
Na sauran canje-canje cewa tsaya a waje:
- Kashe buƙatun HTTP/1.0 waɗanda suka haɗa da taken "Transfer-Encoding" HTTP (wanda aka gabatar a sigar HTTP/1.1).
- Dandalin FreeBSD ya inganta tallafi don kiran tsarin aika fayil, wanda aka tsara don tsara hanyar canja wurin bayanai kai tsaye tsakanin mai siffanta fayil da soket. An kunna yanayin aikawa (SF_NODISKIO) na dindindin kuma an ƙara goyan bayan yanayin sendfile(SF_NOCACHE).
- An ƙara ma'aunin "fastopen" zuwa tsarin watsawa, wanda ke ba da damar yanayin "TCP Fast Buɗe" don sauraran sauti.
- Kafaffen tserewa daga haruffa """, "<", ">", "\", "^", "`", "{", "|" da "}" lokacin amfani da wakili tare da canjin URI.
- An ƙara umarnin proxy_half_close a cikin tsarin rafi, wanda tare da halayen lokacin da aka rufe haɗin TCP wakili a gefe ɗaya ("TCP rabin-kusa") za'a iya daidaita shi.
- An ƙara sabon umarnin mp4_start_key_frame zuwa ngx_http_mp4_module module don yawo bidiyo daga firam ɗin maɓalli.
- Ƙara $ssl_curve m don dawo da nau'in lanƙwan elliptik da aka zaɓa don tattaunawa mai mahimmanci a cikin zaman TLS.
- Umarnin sendfile_max_chunk ya canza tsohuwar ƙimar zuwa megabyte 2;
- An bayar da tallafi tare da ɗakin karatu na OpenSSL 3.0. Ƙara goyon baya don kiran SSL_sendfile() lokacin amfani da OpenSSL 3.0.
- Ana kunna taro tare da ɗakin karatu na PCRE2 ta tsohuwa kuma yana ba da ayyuka don sarrafa maganganu na yau da kullun.
- Lokacin loda takaddun shaida na uwar garken, ana goyan bayan amfani da matakan tsaro tun daga OpenSSL 1.1.0 kuma an saita ta hanyar sigar "@SECLEVEL=N" a cikin umarnin ssl_ciphers.
- An cire tallafin cipher suite na fitarwa.
- A cikin API ɗin tace jikin buƙatun, ana ba da izinin ɓoye bayanan da aka sarrafa.
- Cire goyon baya don kafa haɗin HTTP/2 ta amfani da Tsawaita Tattaunawa na Ƙarfafa (NPN) maimakon ALPN.
Finalmente idan kuna sha'awar ƙarin sani game da shi, zaka iya duba bayanan A cikin mahaɗin mai zuwa.