Nooca cusub ee nginx 1.22.0 ayaa mar hore la sii daayay

Darkcrizt

Daqiiqado 4

Kadib 13 bilood oo horumar ah laan cusub oo xasilloon oo la sii daayay Adeegga HTTP oo waxqabadkiisu sarreeyo iyo server-ka proxy-ka badan ee borotokoolka nginx 1.22.0, kaas oo ku dara isbeddelada ku ururay 1.21.x laanta ugu weyn.

Mustaqbalka, Dhammaan isbeddellada ku yimaadda 1.22 laanta deggan waxay la xidhiidhi doonaan khaladka iyo baylahda halista ah. Qaybta ugu weyn ee nginx 1.23 ayaa la samayn doonaa dhawaan, kaas oo horumarinta sifooyinka cusubi ay sii wadi doonaan.

Isticmaalayaasha caadiga ah ee aan haysanin hawsha hubinta in ay la socdaan qaybaha saddexaad, waxaa lagu talinayaa in la isticmaalo laanta ugu weyn, iyada oo ku saleysan noocyada badeecada ganacsiga ee Nginx Plus la sameeyo saddexdii biloodba mar.

Warka ugu weyn ee nginx 1.22.0

Noocan cusub ee nginx 1.22.0 ee la soo bandhigay, ayaa Kahortagga la xoojiyey ee ka dhanka ah Codsiga HTTP weerarrada fasalka Nidaamyada dambe-dhamaadka hore kuwaas oo kuu oggolaanaya inaad gasho nuxurka codsiyada isticmaaleyaasha kale ee lagu farsameeyay isla dunta u dhaxaysa dhamaadka-hore iyo dhamaadka-dambe. Nginx hadda had iyo jeer waxay soo celisaa qalad marka la isticmaalayo habka ku xidhidh; iyadoo si isku mar ah loo qeexayo "Content-Length" iyo "Tranfer-Encoding" madaxyada; marka ay jiraan meelo bannaan ama xarfo koontaroolaya xargaha weydiinta, magaca cinwaanka HTTP, ama qiimaha madaxa "Host".

Mid kale oo ugub ah oo ka muuqda noocaan cusub ayaa ah taas taageero lagu daray doorsoomayaasha tilmaamaha "proxy_ssl_certificate", "proxy_ssl_certificate_key", "grpc_ssl_certificate", "grpc_ssl_certificate_key", "uwsgi_ssl_certificate" iyo "uwsgi_ssl_certificate_key".

Intaa waxaa dheer, waxaa sidoo kale la xusay in lagu daray Taageerada habka "tuubo-qaadista". si loogu diro codsiyo badan oo POP3 ama IMAP isku mid ah oo ku saabsan moduleka wakiilnimada boostada, iyo sidoo kale dardaaran cusub "max_errors" oo qeexaya tirada ugu badan ee khaladaadka borotokoolka ka dib xiriirku waa la xiri doonaa.

Madaxa "Auth-SSL-Protocol" iyo "Auth-SSL-Cipher" waxa loo gudbiyaa server-ka xaqiijinta wakiilnimada, oo lagu daray taageerada ALPN TLS kordhinta ayaa lagu daray moduleka gudbinta. Si loo go'aamiyo liiska borotokoolka ALPN ee la taageeray (h2, http/1.1), dardaaranka ssl_alpn ayaa la soo jeediyay, iyo si loo helo macluumaadka ku saabsan nidaamka ALPN ee lagu heshiiyey macmiilka, doorsoomaha $ssl_alpn_protocol.

Isbeddelada kale taagan:

  • Joojinta codsiyada HTTP/1.0 oo ay ku jiraan "Transfer-Encoding" cinwaanka HTTP (oo lagu soo bandhigay nooca borotokoolka HTTP/1.1).
  • Qalabka FreeBSD waxa uu wanaajiyay taageerada wicitaanka nidaamka dirida, kaas oo loogu talagalay in lagu abaabulo wareejinta tooska ah ee xogta u dhaxaysa sharraxa faylka iyo godka. Qaabka sendfile(SF_NODISKIO) si joogto ah waa loo dajiyay waxaana lagu daray taageerada qaabka sendfile(SF_NOCACHE).
  • Halbeegga "fastopen" ayaa lagu daray moduleka gudbinta, kaasoo awood u siinaya habka "TCP Fast Open" ee saldhigyada dhegeysiga.
  • Ka baxsashada go'an ee jilayaasha """, "<", ">", "\", "^", "`", "{", "|" iyo "}" markaad isticmaaleyso wakiil leh isbeddel URI.
  • Dardaaranka proxy_half_close ayaa lagu daray moduleka qulqulka, kaas oo hab-dhaqanka marka xiriiriyaha TCP la xiro hal dhinac ("TCP nus-dhow") la habeyn karo.
  • Waxaa lagu daray dardaaran mp4_start_key_frame cusub moduleka ngx_http_mp4_module si uu muuqaal uga soo daayo qaab-dhismeedka muhiimka ah.
  • Lagu daray $ssl_curve doorsoome si loo soo celiyo nooca qalooca elliptik ee loo doortay gorgortanka muhiimka ah fadhiga TLS.
  • Dardaaranka sendfile_max_chunk wuxuu u beddelay qiimihii caadiga ahaa 2 megabyte;
  • Taageerada lagu bixiyo maktabadda OpenSSL 3.0 Taageero lagu daray wac SSL_sendfile() marka la isticmaalayo OpenSSL 3.0.
  • Isku-xidhka maktabadda PCRE2 waxa loo sahlay si caadi ah oo waxay bixisaa hawlo lagu habeeyo tibaaxaha caadiga ah.
  • Marka la shubayo shahaadooyinka server-ka, isticmaalka heerarka amniga waa la taageeray ilaa OpenSSL 1.1.0 oo lagu dejiyay xadka "@SECLEVEL=N" ee dardaaranka ssl_ciphers waa la hagaajiyay.
  • Taageerada suite dhoofinta ee meesha laga saaray.
  • Codsiga shaandhaynta API-ga, kaydinta xogta la farsameeyay waa la oggol yahay.
  • Taageerada meesha laga saaray ee samaynta xidhiidhada HTTP/2 iyadoo la isticmaalayo NPN (Next Protocol Negotiation) kordhinta halkii ALPN.

Finalmente hadaad xiisaynayso inaad waxbadan ka ogaato, waad hubin kartaa faahfaahinta Xiriirka soo socda.


Ka tag faalladaada

cinwaanka email aan la daabacin doonaa. Beeraha loo baahan yahay waxaa lagu calaamadeeyay la *

*

*

  1. Masuul ka ah xogta: Miguel Ángel Gatón
  2. Ujeedada xogta: Xakamaynta SPAM, maaraynta faallooyinka.
  3. Sharci: Oggolaanshahaaga
  4. Isgaarsiinta xogta: Xogta looma gudbin doono dhinacyada saddexaad marka laga reebo waajibaadka sharciga ah.
  5. Kaydinta xogta: Macluumaadka ay martigelisay Shabakadaha Occentus (EU)
  6. Xuquuqda: Waqti kasta oo aad xadidi karto, soo ceshan karto oo tirtiri karto macluumaadkaaga.