Inguqulo entsha ye-nginx 1.22.0 isikhishiwe

Darkcrizt

Imizuzu ye-4

Ngemva kwezinyanga ezingu-13 zokuthuthukiswa igatsha elisha elizinzile likhululiwe Iseva ye-HTTP esebenza kahle kakhulu kanye neseva elibamba enamaphrothokholi amaningi nginx 1.22.0, okufaka izinguquko ezinqwabelene egatsheni eliyinhloko le-1.21.x.

Esikhathini esizayo, zonke izinguquko egatsheni elizinzile le-1.22 zizohlotshaniswa nokususa iphutha kanye nobuthakathaka obukhulu. Igatsha eliyinhloko le-nginx 1.23 lizokwakhiwa maduze, lapho ukuthuthukiswa kwezici ezintsha kuzoqhubeka.

Kubasebenzisi abajwayelekile abangenawo umsebenzi wokuqinisekisa ukuhambisana namamojula wezinkampani zangaphandle, kunconywa ukusebenzisa igatsha eliyinhloko, ngokusekelwe kulokho okutholakala kuzo izinguqulo zomkhiqizo wezohwebo i-Nginx Plus njalo ngemva kwezinyanga ezintathu.

Izindaba eziphambili ku-nginx 1.22.0

Kule nguqulo entsha ye-nginx 1.22.0 eyethulwa, i Ukuvikeleka okuthuthukisiwe ekuhlaselweni kwekilasi Lokushushumbisa Isicelo se-HTTP kumasistimu we-front-end-backend akuvumela ukuthi ufinyelele okuqukethwe kwezicelo zabanye abasebenzisi ezicutshungulwe kuchungechunge olufanayo phakathi kwe-front-end kanye ne-back-end. I-Nginx manje ihlale ibuyisela iphutha lapho isebenzisa indlela ye-CONNECT; ngokucacisa ngasikhathi sinye izihloko ze-"Content-Length" kanye "Ne-Transfer-Encoding"; uma kunezikhala noma izinhlamvu zokulawula kuyunithi yezinhlamvu zombuzo, igama lesihloko se-HTTP, noma inani lesihloko elithi "Isingethe".

Okunye okusha okugqamayo kule nguqulo entsha ukuthi wengeze ukwesekwa kokuguquguqukayo kuziqondiso "proxy_ssl_certificate", "proxy_ssl_certificate_key", "grpc_ssl_certificate", "grpc_ssl_certificate_key", "uwsgi_ssl_certificate" kanye "uwsgi_ssl_certificate_key".

Ngaphezu kwalokho, kuphinde kuphawulwe ukuthi yengezwe ukusekela imodi "yokufaka amapayipi". ukuthumela izicelo eziningi ze-POP3 noma ze-IMAP ekuxhumekeni okufanayo kumojula yommeleli wemeyili, kanye nomyalelo omusha othi "max_errors" ocacisa inani eliphakeme lamaphutha ephrothokholi okuthi ngemva kwalokho uxhumo luvalwe.

Izihloko "I-Auth-SSL-Protocol" kanye ne-"Auth-SSL-Cipher" idluliselwa kuseva yokuqinisekisa yommeleli wemeyili, kanye nokusekelwa kwesandiso se-ALPN TLS kwengezwe kumojula yokudlulisela. Ukuze kunqunywe uhlu lwezivumelwano ezisekelwayo ze-ALPN (h2, http/1.1), kuhlongozwa iziqondiso ze-ssl_alpn, kanye nokuthola ulwazi mayelana nephrothokholi ye-ALPN okuvunyelwane ngayo neklayenti, okuguquguqukayo okungu-$ssl_alpn_protocol.

Kwezinye izinguquko okugqamile:

  • Ukuvimbela izicelo ze-HTTP/1.0 ezihlanganisa isihloko se-HTTP esithi "Dlulisa-Umbhalo Wekhodi" (eyethulwe ngenguqulo yephrothokholi ye-HTTP/1.1).
  • Inkundla yeFreeBSD ithuthukise ukwesekwa kwekholi yesistimu ye-sendfile, eklanyelwe ukuhlela ukudluliswa okuqondile kwedatha phakathi kwesichazi sefayela nesokhethi. Imodi yokuthumela(SF_NODISKIO) inikwe amandla unomphela futhi usekelo lwemodi yokuthumela(SF_NOCACHE) yengeziwe.
  • Ipharamitha ethi "fastopen" yengezwe kumojula yokudlulisa, eyenza imodi ye-"TCP Fast Open" ibe namasokhethi okulalela.
  • Kulungiswe ukuphunyuka kwezinhlamvu """, "<", ">", "\", "^", "`", "{", "|" kanye nokuthi "}" uma usebenzisa ummeleli onokushintsha kwe-URI.
  • I-proxy_half_close Directive yengezwe kumojuli yokusakaza, lapho ukuziphatha lapho uxhumano lommeleli we-TCP luvaliwe ohlangothini olulodwa ("i-TCP-close half") ingalungiselelwa.
  • Kwengezwe isiqondiso esisha se-mp4_start_key_frame kumojula ye-ngx_http_mp4_module ukuze usakaze ividiyo ngozimele ongukhiye.
  • Kwengezwe okuhlukile kwe-$ssl_curve ukuze kubuyiselwe uhlobo lwejika eliyielliptic elikhethelwe ukuxoxisana ngokhiye kuseshini ye-TLS.
  • Umyalelo we-sendfile_max_chunk uguqule inani elimisiwe laba amamegabhayithi angu-2;
  • Ukusekelwa okuhlinzekwa ngelabhulali ye-OpenSSL 3.0. Ukwesekwa okwengeziwe kokushayela i-SSL_sendfile() uma usebenzisa i-OpenSSL 3.0.
  • Ukuhlanganisa nomtapo wezincwadi we-PCRE2 kunikwe amandla ngokuzenzakalela futhi kunikeza imisebenzi yokucubungula izinkulumo ezivamile.
  • Lapho kulayishwa izitifiketi zeseva, ukusetshenziswa kwamazinga okuphepha asekelwa kusukela ku-OpenSSL 1.1.0 futhi asethwa ngepharamitha ethi "@SECLEVEL=N" kumyalelo we-ssl_ciphers kulungisiwe.
  • Kususwe ukusekelwa kwe-export cipher suite.
  • Ku-API yokuhlunga umzimba wesicelo, ukugcina kumthamo wedatha ecutshunguliwe kuvunyelwe.
  • Kususwe usekelo lokuqalisa uxhumo lwe-HTTP/2 kusetshenziswa isandiso Se-Negotiation Yephrothokholi Elandelayo (NPN) esikhundleni se-ALPN.

Okokugcina uma unentshisekelo yokwazi kabanzi ngakho, ungabheka imininingwane Kulesi sixhumanisi esilandelayo.


Shiya umbono wakho

Ikheli lakho le ngeke ishicilelwe. Ezidingekayo ibhalwe nge *

*

*

  1. Ubhekele imininingwane: Miguel Ángel Gatón
  2. Inhloso yedatha: Lawula Ugaxekile, ukuphathwa kwamazwana.
  3. Ukusemthethweni: Imvume yakho
  4. Ukuxhumana kwemininingwane: Imininingwane ngeke idluliselwe kubantu besithathu ngaphandle kwesibopho esisemthethweni.
  5. Isitoreji sedatha: Idatabase ebanjwe yi-Occentus Networks (EU)
  6. Amalungelo: Nganoma yisiphi isikhathi ungakhawulela, uthole futhi ususe imininingwane yakho.