Iyo itsva vhezheni ye nginx 1.22.0 yakatoburitswa

Darkcrizt

4 maminitsi

Mushure memwedzi ye13 yekuvandudzwa bazi idzva rakabudiswa Yepamusoro-inoshanda HTTP sevha uye yakawanda-protocol proxy server nginx 1.22.0, iyo inobatanidza shanduko dzakaunganidzwa mubazi guru re 1.21.x.

Munguva yemberi, shanduko dzese mubazi 1.22 yakatsiga ichave ine chekuita nekubvisa uye hurema hwakakomba. Iro bazi guru re nginx 1.23 richaumbwa munguva pfupi, umo kuvandudzwa kwezvinhu zvitsva zvichaenderera mberi.

Kune vashandisiwo zvavo vasina basa rekuona kuenderana nevechitatu-bato modules, zvinokurudzirwa kushandisa iyo main bazi, zvichienderana nekuti ndeapi mavhezheni echigadzirwa chekutengesa Nginx Plus anoumbwa mwedzi mitatu yega yega.

Nhau huru mu nginx 1.22.0

Muiyi vhezheni itsva ye nginx 1.22.0 inoratidzwa, iyo Kudzivirirwa kwakawedzerwa kubva kuHTTP Chikumbiro cheSmuggling class kurwisa kumberi-kumashure-kumashure masisitimu ayo anobvumidza iwe kuti uwane zviri mukati mevamwe vashandisi zvikumbiro zvinogadziriswa mune imwechete shinda pakati pemberi-kumagumo uye kumashure-kumagumo. Nginx ikozvino inogara ichidzorera chikanganiso kana uchishandisa nzira yeCONNECT; nekutsanangura panguva imwe chete iyo "Content-Length" uye "Transfer-Encoding" misoro; kana paine nzvimbo kana mavara ekudzora mumutsara tambo, HTTP musoro zita, kana "Host" kukosha kwemusoro.

Chimwe chitsva chinomira pachena mune iyi vhezheni itsva ndechekuti yakawedzera tsigiro yezvinosiyana kune mirairo "proxy_ssl_certificate", "proxy_ssl_certificate_key", "grpc_ssl_certificate", "grpc_ssl_certificate_key", "uwsgi_ssl_certificate" uye "uwsgi_ssl_certificate_key".

Mukuwedzera, zvinoonekwawo kuti yakawedzerwa rutsigiro rwe "pipelining" modhi kutumira akawanda maPOP3 kana IMAP zvikumbiro pakubatana kumwechete kune mail proxy module, pamwe netsva "max_errors" dhairekitori inodonongodza huwandu hwemhosho dzeprotocol mushure mekuvhara.

Misoro "Auth-SSL-Protocol" uye "Auth-SSL-Cipher" inopfuudzwa kune mail proxy yekusimbisa server, pamwe nerutsigiro rweALPN TLS yekuwedzera yakawedzerwa kune yekufambisa module. Kuti uone rondedzero yezvibvumirano zveALPN zvinotsigirwa (h2, http/1.1), ssl_alpn rairo inotsanangurwa, uye kuwana ruzivo nezve ALPN protocol yakabvumiranwa nemutengi, shanduko $ssl_alpn_protocol.

Yeimwe shanduko izvo zvinomira pachena:

  • Kuvharisa zvikumbiro zveHTTP/1.0 zvinosanganisira "Transfer-Encoding" HTTP musoro (wakaunzwa muHTTP/1.1 protocol vhezheni).
  • Iyo FreeBSD papuratifomu yakavandudza tsigiro yekutumira file system kufona, iyo yakagadzirirwa kuronga yakananga kuendesa data pakati peiyo faira descriptor uye socket. Iyo sendfile(SF_NODISKIO) modhi inogoneswa zvachose uye rutsigiro rwekutumira faira(SF_NOCACHE) modhi yawedzerwa.
  • Iyo "fastopen" paramende yakawedzerwa kune yekufambisa module, iyo inogonesa "TCP Fast Open" modhi yekuteerera masokisi.
  • Yakagadzika kutiza kwemavara """, "<", ">", "\", "^", "`", "{", "|" uye "}" paunenge uchishandisa proxy ine URI shanduko.
  • Iyo proxy_half_close dhairekitori yakawedzerwa kune stream module, iyo maitiro kana proxy TCP yekubatanidza yakavharwa kune rimwe divi ("TCP half-close") inogona kugadzirwa.
  • Yakawedzera mutsva mp4_start_key_frame rairo kune ngx_http_mp4_module module kutambisa vhidhiyo kubva pakiyi furemu.
  • Yakawedzerwa $ssl_curve musiyano kudzosa rudzi rweelliptic curve yakasarudzwa pakiyi nhaurirano muchikamu cheTLS.
  • Iyo sendfile_max_chunk dhairekitori yakashandura kukosha kwekutanga kuita 2 megabytes;
  • Tsigiro yakapihwa neiyo OpenSSL 3.0 raibhurari. Yakawedzera rutsigiro rwekufona SSL_sendfile() paunenge uchishandisa OpenSSL 3.0.
  • Gungano nePCRE2 raibhurari inogoneswa nekusarudzika uye inopa mabasa ekugadzirisa zvinogara zvichitaurwa.
  • Pakurodha zvitupa zvesevha, kushandiswa kwemazinga ekuchengetedza anotsigirwa kubva OpenSSL 1.1.0 uye kusetwa kuburikidza ne "@SECLEVEL=N" parameter mune ssl_ciphers rairo yakagadziridzwa.
  • Yakabviswa export cipher suite rutsigiro.
  • Mune yekukumbira muviri kusefa API, buffering yedata yakagadziriswa inobvumidzwa.
  • Yakabviswa tsigiro yekumisikidza HTTP/2 yekubatanidza uchishandisa iyo Inotevera Protocol Negotiation (NPN) yekuwedzera pane ALPN.

Finalmente kana iwe uchifarira kuziva zvakawanda nezvazvo, unogona kutarisa ruzivo Mune inotevera chinongedzo.


Siya yako yekutaura

Your kero e havazobvumirwi ichibudiswa. Raida minda anozivikanwa ne *

*

*

  1. Inotarisira iyo data: Miguel Ángel Gatón
  2. Chinangwa cheiyo data: Kudzora SPAM, manejimendi manejimendi.
  3. Legitimation: Kubvuma kwako
  4. Kutaurirana kwedata
  5. Dhata yekuchengetedza: Dhatabhesi inobatwa neOccentus Networks (EU)
  6. Kodzero: Panguva ipi neipi iwe unogona kudzora, kupora uye kudzima ruzivo rwako