NGINX R17銇屻儶銉兗銈广仌銈屻伨銇椼仧

鎶曠ǹ鑰: | 2018骞12鏈14鏃

銇撱倱銇仭銈忋併偟銈ゃ偑銈广儐銈儙銉偢銉笺伄鍘熴仹銇欍

2018骞12鏈11鏃ャ伀NGINX Plus R17銇屻儶銉兗銈广仌銈屻伨銇椼仧銆
浠婂洖銇儶銉兗銈广仹銇疶LS1.3銇偟銉濄兗銉堛併儸銉笺儓鍒堕檺銇儭銈姐儍銉夎拷鍔犮乻tream/zone_sync銉€偢銉ャ兗銉伄鏇存柊銇ㄣ仾銈娿伨銇欍

浠ヤ笅銆佽┏绱般倰鍜岃ǔ銇楄杓夈仐銇俱仚銆

——————————————————————————————————————————————–

  • ssl_protocols銉囥偅銉偗銉嗐偅銉栥伄TLSv 1.3銉戙儵銉°兗銈裤倰鐢ㄣ亜銇烼LS1.3銇偟銉濄兗銉 
  • 2娈甸殠銉兗銉堝埗闄愩伄銈点儩銉笺儓銆傞亷搴︺伄銉偗銈ㄣ偣銉堛伀瀵俱仐銇︽渶鍒濄伀閬呭欢銇椼仱銇ゃ佹渶绲傜殑銇伅鎷掑惁銇曘倢銇俱仚銆
  • JSON Web銉堛兗銈兂锛圝WT锛夈儮銈搞儱銉笺儷銇搞伄Ed25519銇娿倛銇矱d448鏆楀彿銈€儷銈淬儶銈恒儬銇偟銉濄兗銉堛亴杩藉姞銇曘倢銇俱仐銇熴
  • auth_jwt_key_request銉囥偅銉偗銉嗐偅銉栥仹OpenID Connect銈掍娇鐢ㄣ仐銇︺亜銈嬪牬鍚堛併偄銈ゃ儑銉炽儐銈c儐銈c儣銉儛銈ゃ儉锛圛dP锛夈亱銈夌洿鎺SON Web銈兗锛圝WK锛夈倰鍙栧緱銇欍倠姗熻兘銈掕拷鍔犮仌銈屻伨銇椼仧銆
  • 鏂般仐銇刾roxy_socket_keepalive銉囥偅銉偗銉嗐偅銉栥伀銈堛倞銆丯GINX Plus銇ㄣ儣銉偔銈枫仌銈屻仧銈点兗銉愩伄闁撱仹TCP keepalive銈掓湁鍔广伀銇欍倠銇撱仺銇屻仹銇嶃伨銇
  • keepalive_timeout銉囥偅銉偗銉嗐偅銉栥伅銆併偄銈ゃ儔銉姸鎱嬨伄HTTP銈兗銉椼偄銉┿偆銉栨帴缍氥亴NGINX Plus銇ㄣ儣銉偔銈枫仌銈屻仧銈点兗銉愰枔銇ч枊銇勩仧銇俱伨銇仾銈嬫檪闁撱倰鍒跺尽銇椼伨銇
  • stream銉€偢銉ャ兗銉伄proxy_requests銉囥偅銉偗銉嗐偅銉栥伅銆併仢銇偟銉笺儛銇搞伄鏂般仐銇刄DP銆屻偦銉冦偡銉с兂銆嶃倰闁嬪銇欍倠鍓嶃伀銆丯GINX Plus銇嬨倝銉椼儹銈偡銇曘倢銇熴偟銉笺儛銇佷俊銇曘倢銈嬨儜銈便儍銉堛伄鏁般倰瀹氱京銇椼伨銇
  • zone_sync銉€偢銉ャ兗銉伅銆亃one_sync_ssl_server_name銉囥偅銉偗銉嗐偅銉栥倰浣跨敤銇椼仸銈点兗銉愩兗鍚嶆瑷笺伄銇熴倎銇偗銉┿偣銈裤儙銉笺儔銇帴缍氥仚銈嬨仺銇嶃伀SNI銈掍娇鐢ㄣ仐銇︺偟銉笺儛銉煎悕銈掓浮銇欍亾銇ㄣ亴銇с亶銈嬨倛銇嗐伀銇倞銇俱仐銇熶互涓嬨丯GINX Java Script銉€偢銉ャ兗銉亴鏇存柊銇曘倢銇俱仐銇熴
    • 寮曟暟銈儢銈搞偋銈儓銇偟銉濄兗銉
    • 闈炴暣鏁板垎鏁般伄銈点儩銉笺儓
    • 杩藉姞鏅傞枔銉°偨銉冦儔銇偟銉濄兗銉堬細console.time()銇娿倛銇砪onsole.timeEnd()
    • 澶夋暟銇ㄩ枹鏁般倰鍐嶅瑷鍑烘潵銈嬨倛銇嗐伀銇倞銇俱仐銇熴
    • TCP/UDP銈€儣銉偙銉笺偡銉с兂鐢ㄣ伄NGINX stream銉€偢銉ャ兗銉仺銇当鍚堛伅鍏ュ姏銉堛儵銉曘偅銉冦偗澶夋洿銇欍倠銇熴倎銇畇end()銉°偨銉冦儔銇仼銆佹銆呫仾return闁㈡暟銈掍娇鐢ㄥ嚭鏉ャ倠銈堛亞銇儶銉曘偂銈偪銉兂銈般仌銈屻伨銇椼仧銆傘伨銇熷嚭鍔涖儓銉┿儠銈c儍銈伅銈炽兗銉儛銉冦偗銈掍粙銇椼仸鍒╃敤銇с亶銈嬨倛銇嗐伀銇倞銇俱仐銇熴

——————————————————————————————————————————————–

浠ヤ笅銆佸師鏂囥倰瑷樿級銇椼伨銇欍

——————————————————————————————————————————————–

NGINX open source build 1.15.7, 11 December 2018

NGINX Plus R17 is a feature release:

  • Support for TLS 1.3 using TLSv1.3 parameter to ssl_protocols directive
  • Support for two stage rate limiting with the new delay= parameter; excessive requests are initially delayed and then ultimately rejected
  • Added support for the Ed25519 and Ed448 cryptographic algorithms to the JSON Web Token (JWT) module
  • Ability to fetch JSON Web Keys (JWK) directly from identity provider (IdP) when using OpenID Connect with the new auth_jwt_key_request directive
  • New proxy_socket_keepalive directive allows TCP keepalives to be enabled between NGINX Plus and the proxied server
  • New keepalive_timeout directive controls how long an idle HTTP keepalive connection will stay open between NGINX Plus and the proxied server
  • New proxy_requests directive for the stream module defines how many packets will be sent from NGINX Plus to the proxied server before starting a new UDP 鈥渟ession鈥 to that server
  • The zone_sync module can now pass the server name using SNI when connecting to cluster nodes for server name verification with new zone_sync_ssl_server_name directive
  • The NGINX JavaScript module has been updated:
    • Support for arguments objects
    • Support for non-integer fractions
    • Support for additional time methods: console.time() and console.timeEnd()
    • Variables and functions can now be redeclared
    • Integration with the NGINX Stream module for TCP/UDP applications has been refactored to use various return functions, including a send() method for modifying ingress traffic. Egress traffic is now available through a callback.

——————————————————————————————————————————————–