perf: update nginx to 1.16.1 and optimize configuration files

pull/44/head v2.8
Mashiro 2020-04-16 21:13:34 +08:00
parent 055cdfd8cf
commit ef8d815d52
12 changed files with 950 additions and 320 deletions

View File

@ -35,292 +35,5 @@ http {
#gzip on;
upstream www-pixiv-net {
server 210.140.131.223:443;
server 210.140.131.225:443;
server 210.140.131.220:443;
}
upstream sketch-pixiv-net {
server 210.140.174.37:443;
server 210.140.170.179:443;
server 210.140.175.130:443;
}
upstream sketch-hls-server {
server 210.140.214.211:443;
server 210.140.214.212:443;
server 210.140.214.213:443;
}
upstream imgaz-pixiv-net {
server 210.140.131.145:443;
server 210.140.131.144:443;
server 210.140.131.147:443;
server 210.140.131.153:443;
}
upstream i-pximg-net {
server 210.140.92.140:443;
server 210.140.92.137:443;
server 210.140.92.139:443;
server 210.140.92.142:443;
server 210.140.92.134:443;
server 210.140.92.141:443;
server 210.140.92.143:443;
server 210.140.92.136:443;
server 210.140.92.138:443;
server 210.140.92.144:443;
server 210.140.92.145:443;
}
server {
listen 80 default_server;
rewrite ^(.*) https://$host$1 permanent;
}
server {
listen 443 ssl;
server_name pixiv.net;
server_name www.pixiv.net;
server_name ssl.pixiv.net;
server_name accounts.pixiv.net;
server_name touch.pixiv.net;
server_name oauth.secure.pixiv.net;
ssl on;
ssl_certificate ca/pixiv.net.crt;
ssl_certificate_key ca/pixiv.net.key;
client_max_body_size 50M;
location / {
proxy_pass https://www-pixiv-net;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real_IP $remote_addr;
proxy_set_header User-Agent $http_user_agent;
proxy_set_header Accept-Encoding '';
proxy_buffering off;
}
}
server {
listen 443 ssl;
server_name i.pximg.net;
ssl on;
ssl_certificate ca/pixiv.net.crt;
ssl_certificate_key ca/pixiv.net.key;
location / {
proxy_pass https://i-pximg-net;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real_IP $remote_addr;
proxy_set_header User-Agent $http_user_agent;
proxy_set_header Accept-Encoding '';
proxy_buffering off;
}
}
server {
listen 443 ssl;
server_name sketch.pixiv.net;
ssl on;
ssl_certificate ca/pixiv.net.crt;
ssl_certificate_key ca/pixiv.net.key;
location / {
proxy_pass https://sketch-pixiv-net;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real_IP $remote_addr;
proxy_set_header User-Agent $http_user_agent;
proxy_set_header Accept-Encoding '';
proxy_buffering off;
}
# Proxying WebSockets
location /ws/ {
proxy_pass https://sketch-pixiv-net;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
}
}
server {
listen 443 ssl;
server_name *.pixivsketch.net;
ssl on;
ssl_certificate ca/pixiv.net.crt;
ssl_certificate_key ca/pixiv.net.key;
location / {
proxy_pass https://sketch-hls-server;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real_IP $remote_addr;
proxy_set_header User-Agent $http_user_agent;
proxy_set_header Accept-Encoding '';
proxy_buffering off;
}
}
server {
listen 443 ssl;
server_name factory.pixiv.net;
ssl on;
ssl_certificate ca/pixiv.net.crt;
ssl_certificate_key ca/pixiv.net.key;
location / {
proxy_pass https://210.140.131.180/;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real_IP $remote_addr;
proxy_set_header User-Agent $http_user_agent;
proxy_set_header Accept-Encoding '';
proxy_buffering off;
}
}
server {
listen 443 ssl;
server_name dic.pixiv.net;
server_name en-dic.pixiv.net;
server_name sensei.pixiv.net;
server_name fanbox.pixiv.net;
server_name payment.pixiv.net.pixiv.net;
ssl on;
ssl_certificate ca/pixiv.net.crt;
ssl_certificate_key ca/pixiv.net.key;
location / {
proxy_pass https://210.140.131.222/;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real_IP $remote_addr;
proxy_set_header User-Agent $http_user_agent;
proxy_set_header Accept-Encoding '';
proxy_buffering off;
}
}
server {
listen 443 ssl;
server_name imgaz.pixiv.net;
server_name comic.pixiv.net;
server_name novel.pixiv.net;
server_name source.pixiv.net;
server_name i1.pixiv.net;
server_name i2.pixiv.net;
server_name i3.pixiv.net;
server_name i4.pixiv.net;
ssl on;
ssl_certificate ca/pixiv.net.crt;
ssl_certificate_key ca/pixiv.net.key;
location / {
proxy_pass https://imgaz-pixiv-net;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real_IP $remote_addr;
proxy_set_header User-Agent $http_user_agent;
proxy_set_header Accept-Encoding '';
proxy_buffering off;
}
}
upstream wikipedia-server {
server 198.35.26.96:443;
server 103.102.166.224:443;
}
server {
listen 443 ssl;
server_name *.wikipedia.org;
server_name *.m.wikipedia.org;
ssl on;
ssl_certificate ca/pixiv.net.crt;
ssl_certificate_key ca/pixiv.net.key;
location / {
proxy_pass https://wikipedia-server/;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real_IP $remote_addr;
proxy_set_header User-Agent $http_user_agent;
proxy_set_header Accept-Encoding '';
proxy_buffering off;
}
}
server {
listen 443 ssl;
server_name *.steamcommunity.com;
server_name steamcommunity.com;
ssl on;
ssl_certificate ca/pixiv.net.crt;
ssl_certificate_key ca/pixiv.net.key;
location / {
proxy_pass https://23.61.176.149/;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real_IP $remote_addr;
proxy_set_header User-Agent $http_user_agent;
proxy_set_header Accept-Encoding '';
proxy_buffering off;
}
}
server {
listen 443 ssl;
server_name *.steampowered.com;
server_name steampowered.com;
ssl on;
ssl_certificate ca/pixiv.net.crt;
ssl_certificate_key ca/pixiv.net.key;
location / {
proxy_pass https://104.112.84.145/;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real_IP $remote_addr;
proxy_set_header User-Agent $http_user_agent;
proxy_set_header Accept-Encoding '';
proxy_buffering off;
}
}
server {
listen 443 ssl;
server_name *.archiveofourown.org;
server_name archiveofourown.org;
ssl on;
ssl_certificate ca/pixiv.net.crt;
ssl_certificate_key ca/pixiv.net.key;
location / {
proxy_pass https://104.153.64.122/;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real_IP $remote_addr;
proxy_set_header User-Agent $http_user_agent;
proxy_set_header Accept-Encoding '';
proxy_buffering off;
}
}
include pixiv.conf;
}

335
conf/pixiv.conf 100644
View File

@ -0,0 +1,335 @@
upstream www-pixiv-net {
#server 104.18.12.135:443;
#server 104.18.13.135:443;
server 210.140.131.223:443;
server 210.140.131.225:443;
server 210.140.131.220:443;
}
upstream account-pixiv-net {
server 210.140.131.226:443;
server 210.140.131.218:443;
server 210.140.131.222:443;
}
upstream sketch-pixiv-net {
server 210.140.174.37:443;
server 210.140.170.179:443;
server 210.140.175.130:443;
}
upstream sketch-hls-server {
server 210.140.214.211:443;
server 210.140.214.212:443;
server 210.140.214.213:443;
}
upstream imgaz-pixiv-net {
server 210.140.131.145:443;
server 210.140.131.144:443;
server 210.140.131.147:443;
server 210.140.131.153:443;
}
upstream i-pximg-net {
server 210.140.92.140:443;
server 210.140.92.137:443;
server 210.140.92.139:443;
server 210.140.92.142:443;
server 210.140.92.134:443;
server 210.140.92.141:443;
server 210.140.92.143:443;
server 210.140.92.136:443;
server 210.140.92.138:443;
server 210.140.92.144:443;
server 210.140.92.145:443;
}
server {
listen 80 default_server;
rewrite ^(.*) https://$host$1 permanent;
}
server {
listen 443 ssl;
server_name www.pixiv.net;
ssl_certificate ca/pixiv.net.crt;
ssl_certificate_key ca/pixiv.net.key;
client_max_body_size 50M;
location / {
#proxy_ssl_server_name on;
proxy_pass https://www-pixiv-net;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real_IP $remote_addr;
proxy_set_header User-Agent $http_user_agent;
proxy_set_header Accept-Encoding '';
proxy_buffering off;
}
}
server {
listen 443 ssl;
server_name pixiv.net;
server_name ssl.pixiv.net;
server_name accounts.pixiv.net;
server_name touch.pixiv.net;
server_name oauth.secure.pixiv.net;
ssl_certificate ca/pixiv.net.crt;
ssl_certificate_key ca/pixiv.net.key;
client_max_body_size 50M;
location / {
proxy_pass https://account-pixiv-net;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real_IP $remote_addr;
proxy_set_header User-Agent $http_user_agent;
proxy_set_header Accept-Encoding '';
proxy_buffering off;
}
}
server {
listen 443 ssl;
server_name i.pximg.net;
ssl_certificate ca/pixiv.net.crt;
ssl_certificate_key ca/pixiv.net.key;
location / {
proxy_pass https://i-pximg-net;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real_IP $remote_addr;
proxy_set_header User-Agent $http_user_agent;
proxy_set_header Accept-Encoding '';
proxy_buffering off;
}
}
server {
listen 443 ssl;
server_name sketch.pixiv.net;
ssl_certificate ca/pixiv.net.crt;
ssl_certificate_key ca/pixiv.net.key;
location / {
proxy_pass https://sketch-pixiv-net;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real_IP $remote_addr;
proxy_set_header User-Agent $http_user_agent;
proxy_set_header Accept-Encoding '';
proxy_buffering off;
}
# Proxying WebSockets
location /ws/ {
proxy_pass https://sketch-pixiv-net;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
}
}
server {
listen 443 ssl;
server_name *.pixivsketch.net;
ssl_certificate ca/pixiv.net.crt;
ssl_certificate_key ca/pixiv.net.key;
location / {
proxy_pass https://sketch-hls-server;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real_IP $remote_addr;
proxy_set_header User-Agent $http_user_agent;
proxy_set_header Accept-Encoding '';
proxy_buffering off;
}
}
server {
listen 443 ssl;
server_name factory.pixiv.net;
ssl_certificate ca/pixiv.net.crt;
ssl_certificate_key ca/pixiv.net.key;
location / {
proxy_pass https://210.140.131.180/;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real_IP $remote_addr;
proxy_set_header User-Agent $http_user_agent;
proxy_set_header Accept-Encoding '';
proxy_buffering off;
}
}
server {
listen 443 ssl;
server_name dic.pixiv.net;
server_name en-dic.pixiv.net;
server_name sensei.pixiv.net;
server_name fanbox.pixiv.net;
server_name payment.pixiv.net.pixiv.net;
ssl_certificate ca/pixiv.net.crt;
ssl_certificate_key ca/pixiv.net.key;
location / {
proxy_pass https://210.140.131.222/;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real_IP $remote_addr;
proxy_set_header User-Agent $http_user_agent;
proxy_set_header Accept-Encoding '';
proxy_buffering off;
}
}
server {
listen 443 ssl;
server_name imgaz.pixiv.net;
server_name comic.pixiv.net;
server_name novel.pixiv.net;
server_name source.pixiv.net;
server_name i1.pixiv.net;
server_name i2.pixiv.net;
server_name i3.pixiv.net;
server_name i4.pixiv.net;
ssl_certificate ca/pixiv.net.crt;
ssl_certificate_key ca/pixiv.net.key;
location / {
proxy_pass https://imgaz-pixiv-net;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real_IP $remote_addr;
proxy_set_header User-Agent $http_user_agent;
proxy_set_header Accept-Encoding '';
proxy_buffering off;
}
}
server {
listen 443 ssl;
server_name www.google.com;
ssl_certificate ca/pixiv.net.crt;
ssl_certificate_key ca/pixiv.net.key;
location ^~ /recaptcha/ {
rewrite ^(.*)$ https://www.recaptcha.net$1 break;
}
location / {
default_type text/html;
charset utf-8;
return 200 'Pixiv-Nginx提醒本工具默认代理了www.google.com用于加载P站登陆时的验证码插件如果你有方法正常访问www.google.com并且不希望看到这个页面那么将 <code>C:\Windows\System32\drivers\etc\hosts</code> 中 <code>127.0.0.1 www.google.com</code> 的那行记录删除即可。如果删除后刷新网页还是看到这个页面,请先清除一下浏览器缓存。';
}
}
upstream wikipedia-server {
server 198.35.26.96:443;
server 103.102.166.224:443;
}
server {
listen 443 ssl;
server_name *.wikipedia.org;
server_name *.m.wikipedia.org;
ssl_certificate ca/pixiv.net.crt;
ssl_certificate_key ca/pixiv.net.key;
location / {
proxy_pass https://wikipedia-server/;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real_IP $remote_addr;
proxy_set_header User-Agent $http_user_agent;
proxy_set_header Accept-Encoding '';
proxy_buffering off;
}
}
server {
listen 443 ssl;
server_name *.steamcommunity.com;
server_name steamcommunity.com;
ssl_certificate ca/pixiv.net.crt;
ssl_certificate_key ca/pixiv.net.key;
location / {
proxy_pass https://23.61.176.149/;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real_IP $remote_addr;
proxy_set_header User-Agent $http_user_agent;
proxy_set_header Accept-Encoding '';
proxy_buffering off;
}
}
server {
listen 443 ssl;
server_name *.steampowered.com;
server_name steampowered.com;
ssl_certificate ca/pixiv.net.crt;
ssl_certificate_key ca/pixiv.net.key;
location / {
proxy_pass https://104.112.84.145/;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real_IP $remote_addr;
proxy_set_header User-Agent $http_user_agent;
proxy_set_header Accept-Encoding '';
proxy_buffering off;
}
}
server {
listen 443 ssl;
server_name *.archiveofourown.org;
server_name archiveofourown.org;
ssl_certificate ca/pixiv.net.crt;
ssl_certificate_key ca/pixiv.net.key;
location / {
proxy_pass https://104.153.64.122/;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real_IP $remote_addr;
proxy_set_header User-Agent $http_user_agent;
proxy_set_header Accept-Encoding '';
proxy_buffering off;
}
}

View File

@ -108,6 +108,7 @@ syn keyword ngxDirectiveControl contained set
syn keyword ngxDirectiveError contained error_page
syn keyword ngxDirectiveError contained post_action
syn keyword ngxDirectiveDeprecated contained limit_zone
syn keyword ngxDirectiveDeprecated contained proxy_downstream_buffer
syn keyword ngxDirectiveDeprecated contained proxy_upstream_buffer
syn keyword ngxDirectiveDeprecated contained spdy_chunk_size
@ -118,6 +119,7 @@ syn keyword ngxDirectiveDeprecated contained spdy_pool_size
syn keyword ngxDirectiveDeprecated contained spdy_recv_buffer_size
syn keyword ngxDirectiveDeprecated contained spdy_recv_timeout
syn keyword ngxDirectiveDeprecated contained spdy_streams_index_size
syn keyword ngxDirectiveDeprecated contained ssl
syn keyword ngxDirectiveDeprecated contained upstream_conf
syn keyword ngxDirective contained absolute_redirect
@ -136,6 +138,7 @@ syn keyword ngxDirective contained alias
syn keyword ngxDirective contained allow
syn keyword ngxDirective contained ancient_browser
syn keyword ngxDirective contained ancient_browser_value
syn keyword ngxDirective contained api
syn keyword ngxDirective contained auth_basic
syn keyword ngxDirective contained auth_basic_user_file
syn keyword ngxDirective contained auth_http
@ -143,7 +146,11 @@ syn keyword ngxDirective contained auth_http_header
syn keyword ngxDirective contained auth_http_pass_client_cert
syn keyword ngxDirective contained auth_http_timeout
syn keyword ngxDirective contained auth_jwt
syn keyword ngxDirective contained auth_jwt_claim_set
syn keyword ngxDirective contained auth_jwt_header_set
syn keyword ngxDirective contained auth_jwt_key_file
syn keyword ngxDirective contained auth_jwt_key_request
syn keyword ngxDirective contained auth_jwt_leeway
syn keyword ngxDirective contained auth_request
syn keyword ngxDirective contained auth_request_set
syn keyword ngxDirective contained autoindex
@ -229,6 +236,7 @@ syn keyword ngxDirective contained fastcgi_read_timeout
syn keyword ngxDirective contained fastcgi_request_buffering
syn keyword ngxDirective contained fastcgi_send_lowat
syn keyword ngxDirective contained fastcgi_send_timeout
syn keyword ngxDirective contained fastcgi_socket_keepalive
syn keyword ngxDirective contained fastcgi_split_path_info
syn keyword ngxDirective contained fastcgi_store
syn keyword ngxDirective contained fastcgi_store_access
@ -255,6 +263,7 @@ syn keyword ngxDirective contained grpc_pass_header
syn keyword ngxDirective contained grpc_read_timeout
syn keyword ngxDirective contained grpc_send_timeout
syn keyword ngxDirective contained grpc_set_header
syn keyword ngxDirective contained grpc_socket_keepalive
syn keyword ngxDirective contained grpc_ssl_certificate
syn keyword ngxDirective contained grpc_ssl_certificate_key
syn keyword ngxDirective contained grpc_ssl_ciphers
@ -330,6 +339,8 @@ syn keyword ngxDirective contained keepalive
syn keyword ngxDirective contained keepalive_disable
syn keyword ngxDirective contained keepalive_requests
syn keyword ngxDirective contained keepalive_timeout
syn keyword ngxDirective contained keyval
syn keyword ngxDirective contained keyval_zone
syn keyword ngxDirective contained kqueue_changes
syn keyword ngxDirective contained kqueue_events
syn keyword ngxDirective contained large_client_header_buffers
@ -367,6 +378,7 @@ syn keyword ngxDirective contained memcached_next_upstream_timeout
syn keyword ngxDirective contained memcached_next_upstream_tries
syn keyword ngxDirective contained memcached_read_timeout
syn keyword ngxDirective contained memcached_send_timeout
syn keyword ngxDirective contained memcached_socket_keepalive
syn keyword ngxDirective contained merge_slashes
syn keyword ngxDirective contained min_delete_depth
syn keyword ngxDirective contained mirror
@ -375,9 +387,9 @@ syn keyword ngxDirective contained modern_browser
syn keyword ngxDirective contained modern_browser_value
syn keyword ngxDirective contained mp4
syn keyword ngxDirective contained mp4_buffer_size
syn keyword ngxDirective contained mp4_max_buffer_size
syn keyword ngxDirective contained mp4_limit_rate
syn keyword ngxDirective contained mp4_limit_rate_after
syn keyword ngxDirective contained mp4_max_buffer_size
syn keyword ngxDirective contained msie_padding
syn keyword ngxDirective contained msie_refresh
syn keyword ngxDirective contained multi_accept
@ -456,11 +468,13 @@ syn keyword ngxDirective contained proxy_protocol_timeout
syn keyword ngxDirective contained proxy_read_timeout
syn keyword ngxDirective contained proxy_redirect
syn keyword ngxDirective contained proxy_request_buffering
syn keyword ngxDirective contained proxy_requests
syn keyword ngxDirective contained proxy_responses
syn keyword ngxDirective contained proxy_send_lowat
syn keyword ngxDirective contained proxy_send_timeout
syn keyword ngxDirective contained proxy_set_body
syn keyword ngxDirective contained proxy_set_header
syn keyword ngxDirective contained proxy_socket_keepalive
syn keyword ngxDirective contained proxy_ssl
syn keyword ngxDirective contained proxy_ssl_certificate
syn keyword ngxDirective contained proxy_ssl_certificate_key
@ -481,6 +495,7 @@ syn keyword ngxDirective contained proxy_temp_path
syn keyword ngxDirective contained proxy_timeout
syn keyword ngxDirective contained proxy_upload_rate
syn keyword ngxDirective contained queue
syn keyword ngxDirective contained random
syn keyword ngxDirective contained random_index
syn keyword ngxDirective contained read_ahead
syn keyword ngxDirective contained real_ip_header
@ -533,6 +548,7 @@ syn keyword ngxDirective contained scgi_pass_request_headers
syn keyword ngxDirective contained scgi_read_timeout
syn keyword ngxDirective contained scgi_request_buffering
syn keyword ngxDirective contained scgi_send_timeout
syn keyword ngxDirective contained scgi_socket_keepalive
syn keyword ngxDirective contained scgi_store
syn keyword ngxDirective contained scgi_store_access
syn keyword ngxDirective contained scgi_temp_file_write_size
@ -565,7 +581,6 @@ syn keyword ngxDirective contained ssi_min_file_chunk
syn keyword ngxDirective contained ssi_silent_errors
syn keyword ngxDirective contained ssi_types
syn keyword ngxDirective contained ssi_value_length
syn keyword ngxDirective contained ssl
syn keyword ngxDirective contained ssl_buffer_size
syn keyword ngxDirective contained ssl_certificate
syn keyword ngxDirective contained ssl_certificate_key
@ -573,6 +588,7 @@ syn keyword ngxDirective contained ssl_ciphers
syn keyword ngxDirective contained ssl_client_certificate
syn keyword ngxDirective contained ssl_crl
syn keyword ngxDirective contained ssl_dhparam
syn keyword ngxDirective contained ssl_early_data
syn keyword ngxDirective contained ssl_ecdh_curve
syn keyword ngxDirective contained ssl_engine
syn keyword ngxDirective contained ssl_handshake_timeout
@ -664,6 +680,7 @@ syn keyword ngxDirective contained uwsgi_pass_request_headers
syn keyword ngxDirective contained uwsgi_read_timeout
syn keyword ngxDirective contained uwsgi_request_buffering
syn keyword ngxDirective contained uwsgi_send_timeout
syn keyword ngxDirective contained uwsgi_socket_keepalive
syn keyword ngxDirective contained uwsgi_ssl_certificate
syn keyword ngxDirective contained uwsgi_ssl_certificate_key
syn keyword ngxDirective contained uwsgi_ssl_ciphers
@ -701,6 +718,26 @@ syn keyword ngxDirective contained xslt_string_param
syn keyword ngxDirective contained xslt_stylesheet
syn keyword ngxDirective contained xslt_types
syn keyword ngxDirective contained zone
syn keyword ngxDirective contained zone_sync
syn keyword ngxDirective contained zone_sync_buffers
syn keyword ngxDirective contained zone_sync_connect_retry_interval
syn keyword ngxDirective contained zone_sync_connect_timeout
syn keyword ngxDirective contained zone_sync_interval
syn keyword ngxDirective contained zone_sync_recv_buffer_size
syn keyword ngxDirective contained zone_sync_server
syn keyword ngxDirective contained zone_sync_ssl
syn keyword ngxDirective contained zone_sync_ssl_certificate
syn keyword ngxDirective contained zone_sync_ssl_certificate_key
syn keyword ngxDirective contained zone_sync_ssl_ciphers
syn keyword ngxDirective contained zone_sync_ssl_crl
syn keyword ngxDirective contained zone_sync_ssl_name
syn keyword ngxDirective contained zone_sync_ssl_password_file
syn keyword ngxDirective contained zone_sync_ssl_protocols
syn keyword ngxDirective contained zone_sync_ssl_server_name
syn keyword ngxDirective contained zone_sync_ssl_trusted_certificate
syn keyword ngxDirective contained zone_sync_ssl_verify
syn keyword ngxDirective contained zone_sync_ssl_verify_depth
syn keyword ngxDirective contained zone_sync_timeout
" 3rd party modules list taken from
" https://github.com/freebsd/freebsd-ports/blob/master/www/nginx-devel/Makefile
@ -876,6 +913,8 @@ syn keyword ngxDirectiveThirdParty contained more_set_input_headers
" NGINX WebDAV missing commands support (PROPFIND & OPTIONS)
" https://github.com/arut/nginx-dav-ext-module
syn keyword ngxDirectiveThirdParty contained dav_ext_lock
syn keyword ngxDirectiveThirdParty contained dav_ext_lock_zone
syn keyword ngxDirectiveThirdParty contained dav_ext_methods
" ngx_eval
@ -895,6 +934,7 @@ syn keyword ngxDirectiveThirdParty contained fancyindex_directories_first
syn keyword ngxDirectiveThirdParty contained fancyindex_exact_size
syn keyword ngxDirectiveThirdParty contained fancyindex_footer
syn keyword ngxDirectiveThirdParty contained fancyindex_header
syn keyword ngxDirectiveThirdParty contained fancyindex_hide_parent_dir
syn keyword ngxDirectiveThirdParty contained fancyindex_hide_symlinks
syn keyword ngxDirectiveThirdParty contained fancyindex_ignore
syn keyword ngxDirectiveThirdParty contained fancyindex_localtime
@ -937,8 +977,17 @@ syn keyword ngxDirectiveThirdParty contained notice_type
" nchan
" https://github.com/slact/nchan
syn keyword ngxDirectiveThirdParty contained nchan_access_control_allow_credentials
syn keyword ngxDirectiveThirdParty contained nchan_access_control_allow_origin
syn keyword ngxDirectiveThirdParty contained nchan_authorize_request
syn keyword ngxDirectiveThirdParty contained nchan_benchmark
syn keyword ngxDirectiveThirdParty contained nchan_benchmark_channels
syn keyword ngxDirectiveThirdParty contained nchan_benchmark_message_padding_bytes
syn keyword ngxDirectiveThirdParty contained nchan_benchmark_messages_per_channel_per_minute
syn keyword ngxDirectiveThirdParty contained nchan_benchmark_publisher_distribution
syn keyword ngxDirectiveThirdParty contained nchan_benchmark_subscriber_distribution
syn keyword ngxDirectiveThirdParty contained nchan_benchmark_subscribers_per_channel
syn keyword ngxDirectiveThirdParty contained nchan_benchmark_time
syn keyword ngxDirectiveThirdParty contained nchan_channel_event_string
syn keyword ngxDirectiveThirdParty contained nchan_channel_events_channel_id
syn keyword ngxDirectiveThirdParty contained nchan_channel_group
@ -974,15 +1023,19 @@ syn keyword ngxDirectiveThirdParty contained nchan_publisher_upstream_request
syn keyword ngxDirectiveThirdParty contained nchan_pubsub
syn keyword ngxDirectiveThirdParty contained nchan_pubsub_channel_id
syn keyword ngxDirectiveThirdParty contained nchan_pubsub_location
syn keyword ngxDirectiveThirdParty contained nchan_redis_connect_timeout
syn keyword ngxDirectiveThirdParty contained nchan_redis_fakesub_timer_interval
syn keyword ngxDirectiveThirdParty contained nchan_redis_idle_channel_cache_timeout
syn keyword ngxDirectiveThirdParty contained nchan_redis_namespace
syn keyword ngxDirectiveThirdParty contained nchan_redis_nostore_fastpublish
syn keyword ngxDirectiveThirdParty contained nchan_redis_optimize_target
syn keyword ngxDirectiveThirdParty contained nchan_redis_pass
syn keyword ngxDirectiveThirdParty contained nchan_redis_pass_inheritable
syn keyword ngxDirectiveThirdParty contained nchan_redis_ping_interval
syn keyword ngxDirectiveThirdParty contained nchan_redis_publish_msgpacked_max_size
syn keyword ngxDirectiveThirdParty contained nchan_redis_server
syn keyword ngxDirectiveThirdParty contained nchan_redis_storage_mode
syn keyword ngxDirectiveThirdParty contained nchan_redis_subscribe_weights
syn keyword ngxDirectiveThirdParty contained nchan_redis_url
syn keyword ngxDirectiveThirdParty contained nchan_redis_wait_after_connecting
syn keyword ngxDirectiveThirdParty contained nchan_shared_memory_size
@ -1280,6 +1333,7 @@ syn keyword ngxDirectiveThirdParty contained lua_package_cpath
syn keyword ngxDirectiveThirdParty contained lua_package_path
syn keyword ngxDirectiveThirdParty contained lua_regex_cache_max_entries
syn keyword ngxDirectiveThirdParty contained lua_regex_match_limit
syn keyword ngxDirectiveThirdParty contained lua_sa_restart
syn keyword ngxDirectiveThirdParty contained lua_shared_dict
syn keyword ngxDirectiveThirdParty contained lua_socket_buffer_size
syn keyword ngxDirectiveThirdParty contained lua_socket_connect_timeout
@ -1355,9 +1409,15 @@ syn keyword ngxDirectiveThirdParty contained rules_enabled
" https://www.phusionpassenger.com/library/config/nginx/reference/
syn keyword ngxDirectiveThirdParty contained passenger_abort_on_startup_error
syn keyword ngxDirectiveThirdParty contained passenger_abort_websockets_on_process_shutdown
syn keyword ngxDirectiveThirdParty contained passenger_admin_panel_auth_type
syn keyword ngxDirectiveThirdParty contained passenger_admin_panel_password
syn keyword ngxDirectiveThirdParty contained passenger_admin_panel_url
syn keyword ngxDirectiveThirdParty contained passenger_admin_panel_username
syn keyword ngxDirectiveThirdParty contained passenger_anonymous_telemetry_proxy
syn keyword ngxDirectiveThirdParty contained passenger_app_env
syn keyword ngxDirectiveThirdParty contained passenger_app_file_descriptor_ulimit
syn keyword ngxDirectiveThirdParty contained passenger_app_group_name
syn keyword ngxDirectiveThirdParty contained passenger_app_log_file
syn keyword ngxDirectiveThirdParty contained passenger_app_rights
syn keyword ngxDirectiveThirdParty contained passenger_app_root
syn keyword ngxDirectiveThirdParty contained passenger_app_type
@ -1373,8 +1433,10 @@ syn keyword ngxDirectiveThirdParty contained passenger_data_buffer_dir
syn keyword ngxDirectiveThirdParty contained passenger_debugger
syn keyword ngxDirectiveThirdParty contained passenger_default_group
syn keyword ngxDirectiveThirdParty contained passenger_default_user
syn keyword ngxDirectiveThirdParty contained passenger_disable_anonymous_telemetry
syn keyword ngxDirectiveThirdParty contained passenger_disable_security_update_check
syn keyword ngxDirectiveThirdParty contained passenger_document_root
syn keyword ngxDirectiveThirdParty contained passenger_dump_config_manifest
syn keyword ngxDirectiveThirdParty contained passenger_enabled
syn keyword ngxDirectiveThirdParty contained passenger_env_var
syn keyword ngxDirectiveThirdParty contained passenger_file_descriptor_log_file
@ -1402,6 +1464,7 @@ syn keyword ngxDirectiveThirdParty contained passenger_max_requests
syn keyword ngxDirectiveThirdParty contained passenger_memory_limit
syn keyword ngxDirectiveThirdParty contained passenger_meteor_app_settings
syn keyword ngxDirectiveThirdParty contained passenger_min_instances
syn keyword ngxDirectiveThirdParty contained passenger_monitor_log_file
syn keyword ngxDirectiveThirdParty contained passenger_nodejs
syn keyword ngxDirectiveThirdParty contained passenger_pass_header
syn keyword ngxDirectiveThirdParty contained passenger_pool_idle_time
@ -1778,6 +1841,8 @@ syn keyword ngxDirectiveThirdParty contained vhost_traffic_status_filter
syn keyword ngxDirectiveThirdParty contained vhost_traffic_status_filter_by_host
syn keyword ngxDirectiveThirdParty contained vhost_traffic_status_filter_by_set_key
syn keyword ngxDirectiveThirdParty contained vhost_traffic_status_filter_check_duplicate
syn keyword ngxDirectiveThirdParty contained vhost_traffic_status_filter_max_node
syn keyword ngxDirectiveThirdParty contained vhost_traffic_status_histogram_buckets
syn keyword ngxDirectiveThirdParty contained vhost_traffic_status_limit
syn keyword ngxDirectiveThirdParty contained vhost_traffic_status_limit_check_duplicate
syn keyword ngxDirectiveThirdParty contained vhost_traffic_status_limit_traffic
@ -1899,11 +1964,11 @@ syn keyword ngxDirectiveThirdParty contained form_auth_remote_user
" ngx_http_accounting_module
" https://github.com/Lax/ngx_http_accounting_module
syn keyword ngxDirectiveThirdParty contained http_accounting
syn keyword ngxDirectiveThirdParty contained http_accounting_id
syn keyword ngxDirectiveThirdParty contained http_accounting_interval
syn keyword ngxDirectiveThirdParty contained http_accounting_log
syn keyword ngxDirectiveThirdParty contained http_accounting_perturb
syn keyword ngxDirectiveThirdParty contained accounting
syn keyword ngxDirectiveThirdParty contained accounting_id
syn keyword ngxDirectiveThirdParty contained accounting_interval
syn keyword ngxDirectiveThirdParty contained accounting_log
syn keyword ngxDirectiveThirdParty contained accounting_perturb
" concatenating files in a given context: CSS and JS files usually
" https://github.com/alibaba/nginx-http-concat

View File

@ -1,7 +1,263 @@
Changes with nginx 1.14.0 17 Apr 2018
Changes with nginx 1.16.1 13 Aug 2019
*) 1.14.x stable branch.
*) Security: when using HTTP/2 a client might cause excessive memory
consumption and CPU usage (CVE-2019-9511, CVE-2019-9513,
CVE-2019-9516).
Changes with nginx 1.16.0 23 Apr 2019
*) 1.16.x stable branch.
Changes with nginx 1.15.12 16 Apr 2019
*) Bugfix: a segmentation fault might occur in a worker process if
variables were used in the "ssl_certificate" or "ssl_certificate_key"
directives and OCSP stapling was enabled.
Changes with nginx 1.15.11 09 Apr 2019
*) Bugfix: in the "ssl_stapling_file" directive on Windows.
Changes with nginx 1.15.10 26 Mar 2019
*) Change: when using a hostname in the "listen" directive nginx now
creates listening sockets for all addresses the hostname resolves to
(previously, only the first address was used).
*) Feature: port ranges in the "listen" directive.
*) Feature: loading of SSL certificates and secret keys from variables.
*) Workaround: the $ssl_server_name variable might be empty when using
OpenSSL 1.1.1.
*) Bugfix: nginx/Windows could not be built with Visual Studio 2015 or
newer; the bug had appeared in 1.15.9.
Changes with nginx 1.15.9 26 Feb 2019
*) Feature: variables support in the "ssl_certificate" and
"ssl_certificate_key" directives.
*) Feature: the "poll" method is now available on Windows when using
Windows Vista or newer.
*) Bugfix: if the "select" method was used on Windows and an error
occurred while establishing a backend connection, nginx waited for
the connection establishment timeout to expire.
*) Bugfix: the "proxy_upload_rate" and "proxy_download_rate" directives
in the stream module worked incorrectly when proxying UDP datagrams.
Changes with nginx 1.15.8 25 Dec 2018
*) Feature: the $upstream_bytes_sent variable.
Thanks to Piotr Sikora.
*) Feature: new directives in vim syntax highlighting scripts.
Thanks to Gena Makhomed.
*) Bugfix: in the "proxy_cache_background_update" directive.
*) Bugfix: in the "geo" directive when using unix domain listen sockets.
*) Workaround: the "ignoring stale global SSL error ... bad length"
alerts might appear in logs when using the "ssl_early_data" directive
with OpenSSL.
*) Bugfix: in nginx/Windows.
*) Bugfix: in the ngx_http_autoindex_module on 32-bit platforms.
Changes with nginx 1.15.7 27 Nov 2018
*) Feature: the "proxy_requests" directive in the stream module.
*) Feature: the "delay" parameter of the "limit_req" directive.
Thanks to Vladislav Shabanov and Peter Shchuchkin.
*) Bugfix: memory leak on errors during reconfiguration.
*) Bugfix: in the $upstream_response_time, $upstream_connect_time, and
$upstream_header_time variables.
*) Bugfix: a segmentation fault might occur in a worker process if the
ngx_http_mp4_module was used on 32-bit platforms.
Changes with nginx 1.15.6 06 Nov 2018
*) Security: when using HTTP/2 a client might cause excessive memory
consumption (CVE-2018-16843) and CPU usage (CVE-2018-16844).
*) Security: processing of a specially crafted mp4 file with the
ngx_http_mp4_module might result in worker process memory disclosure
(CVE-2018-16845).
*) Feature: the "proxy_socket_keepalive", "fastcgi_socket_keepalive",
"grpc_socket_keepalive", "memcached_socket_keepalive",
"scgi_socket_keepalive", and "uwsgi_socket_keepalive" directives.
*) Bugfix: if nginx was built with OpenSSL 1.1.0 and used with OpenSSL
1.1.1, the TLS 1.3 protocol was always enabled.
*) Bugfix: working with gRPC backends might result in excessive memory
consumption.
Changes with nginx 1.15.5 02 Oct 2018
*) Bugfix: a segmentation fault might occur in a worker process when
using OpenSSL 1.1.0h or newer; the bug had appeared in 1.15.4.
*) Bugfix: of minor potential bugs.
Changes with nginx 1.15.4 25 Sep 2018
*) Feature: now the "ssl_early_data" directive can be used with OpenSSL.
*) Bugfix: in the ngx_http_uwsgi_module.
Thanks to Chris Caputo.
*) Bugfix: connections with some gRPC backends might not be cached when
using the "keepalive" directive.
*) Bugfix: a socket leak might occur when using the "error_page"
directive to redirect early request processing errors, notably errors
with code 400.
*) Bugfix: the "return" directive did not change the response code when
returning errors if the request was redirected by the "error_page"
directive.
*) Bugfix: standard error pages and responses of the
ngx_http_autoindex_module module used the "bgcolor" attribute, and
might be displayed incorrectly when using custom color settings in
browsers.
Thanks to Nova DasSarma.
*) Change: the logging level of the "no suitable key share" and "no
suitable signature algorithm" SSL errors has been lowered from "crit"
to "info".
Changes with nginx 1.15.3 28 Aug 2018
*) Feature: now TLSv1.3 can be used with BoringSSL.
*) Feature: the "ssl_early_data" directive, currently available with
BoringSSL.
*) Feature: the "keepalive_timeout" and "keepalive_requests" directives
in the "upstream" block.
*) Bugfix: the ngx_http_dav_module did not truncate destination file
when copying a file over an existing one with the COPY method.
*) Bugfix: the ngx_http_dav_module used zero access rights on the
destination file and did not preserve file modification time when
moving a file between different file systems with the MOVE method.
*) Bugfix: the ngx_http_dav_module used default access rights when
copying a file with the COPY method.
*) Workaround: some clients might not work when using HTTP/2; the bug
had appeared in 1.13.5.
*) Bugfix: nginx could not be built with LibreSSL 2.8.0.
Changes with nginx 1.15.2 24 Jul 2018
*) Feature: the $ssl_preread_protocol variable in the
ngx_stream_ssl_preread_module.
*) Feature: now when using the "reset_timedout_connection" directive
nginx will reset connections being closed with the 444 code.
*) Change: a logging level of the "http request", "https proxy request",
"unsupported protocol", and "version too low" SSL errors has been
lowered from "crit" to "info".
*) Bugfix: DNS requests were not resent if initial sending of a request
failed.
*) Bugfix: the "reuseport" parameter of the "listen" directive was
ignored if the number of worker processes was specified after the
"listen" directive.
*) Bugfix: when using OpenSSL 1.1.0 or newer it was not possible to
switch off "ssl_prefer_server_ciphers" in a virtual server if it was
switched on in the default server.
*) Bugfix: SSL session reuse with upstream servers did not work with the
TLS 1.3 protocol.
Changes with nginx 1.15.1 03 Jul 2018
*) Feature: the "random" directive inside the "upstream" block.
*) Feature: improved performance when using the "hash" and "ip_hash"
directives with the "zone" directive.
*) Feature: the "reuseport" parameter of the "listen" directive now uses
SO_REUSEPORT_LB on FreeBSD 12.
*) Bugfix: HTTP/2 server push did not work if SSL was terminated by a
proxy server in front of nginx.
*) Bugfix: the "tcp_nopush" directive was always used on backend
connections.
*) Bugfix: sending a disk-buffered request body to a gRPC backend might
fail.
Changes with nginx 1.15.0 05 Jun 2018
*) Change: the "ssl" directive is deprecated; the "ssl" parameter of the
"listen" directive should be used instead.
*) Change: now nginx detects missing SSL certificates during
configuration testing when using the "ssl" parameter of the "listen"
directive.
*) Feature: now the stream module can handle multiple incoming UDP
datagrams from a client within a single session.
*) Bugfix: it was possible to specify an incorrect response code in the
"proxy_cache_valid" directive.
*) Bugfix: nginx could not be built by gcc 8.1.
*) Bugfix: logging to syslog stopped on local IP address changes.
*) Bugfix: nginx could not be built by clang with CUDA SDK installed;
the bug had appeared in 1.13.8.
*) Bugfix: "getsockopt(TCP_FASTOPEN) ... failed" messages might appear
in logs during binary upgrade when using unix domain listen sockets
on FreeBSD.
*) Bugfix: nginx could not be built on Fedora 28 Linux.
*) Bugfix: request processing rate might exceed configured rate when
using the "limit_req" directive.
*) Bugfix: in handling of client addresses when using unix domain listen
sockets to work with datagrams on Linux.
*) Bugfix: in memory allocation error handling.
Changes with nginx 1.13.12 10 Apr 2018

View File

@ -1,7 +1,271 @@
Изменения в nginx 1.14.0 17.04.2018
Изменения в nginx 1.16.1 13.08.2019
*) Стабильная ветка 1.14.x.
*) Безопасность: при использовании HTTP/2 клиент мог вызвать чрезмерное
потребление памяти и ресурсов процессора (CVE-2019-9511,
CVE-2019-9513, CVE-2019-9516).
Изменения в nginx 1.16.0 23.04.2019
*) Стабильная ветка 1.16.x.
Изменения в nginx 1.15.12 16.04.2019
*) Исправление: в рабочем процессе мог произойти segmentation fault,
если в директивах ssl_certificate или ssl_certificate_key
использовались переменные и был включён OCSP stapling.
Изменения в nginx 1.15.11 09.04.2019
*) Исправление: в директиве ssl_stapling_file на Windows.
Изменения в nginx 1.15.10 26.03.2019
*) Изменение: теперь при использовании имени хоста в директиве listen
nginx создаёт listen-сокеты для всех адресов, соответствующих этому
имени (ранее использовался только первый адрес).
*) Добавление: диапазоны портов в директиве listen.
*) Добавление: возможность загрузки SSL-сертификатов и секретных ключей
из переменных.
*) Изменение: переменная $ssl_server_name могла быть пустой при
использовании OpenSSL 1.1.1.
*) Исправление: nginx/Windows не собирался с Visual Studio 2015 и новее;
ошибка появилась в 1.15.9.
Изменения в nginx 1.15.9 26.02.2019
*) Добавление: директивы ssl_certificate и ssl_certificate_key
поддерживают переменные.
*) Добавление: метод poll теперь доступен на Windows при использовании
Windows Vista и новее.
*) Исправление: если при использовании метода select на Windows
происходила ошибка при установлении соединения с бэкендом, nginx
ожидал истечения таймаута на установление соединения.
*) Исправление: директивы proxy_upload_rate и proxy_download_rate в
модуле stream работали некорректно при проксировании UDP-пакетов.
Изменения в nginx 1.15.8 25.12.2018
*) Добавление: переменная $upstream_bytes_sent.
Спасибо Piotr Sikora.
*) Добавление: новые директивы в скриптах подсветки синтаксиса для vim.
Спасибо Геннадию Махомеду.
*) Исправление: в директиве proxy_cache_background_update.
*) Исправление: в директиве geo при использовании unix domain
listen-сокетов.
*) Изменение: при использовании директивы ssl_early_data с OpenSSL в
логах могли появляться сообщения "ignoring stale global SSL error ...
bad length".
*) Исправление: в nginx/Windows.
*) Исправление: в модуле ngx_http_autoindex_module на 32-битных
платформах.
Изменения в nginx 1.15.7 27.11.2018
*) Добавление: директива proxy_requests в модуле stream.
*) Добавление: параметр "delay" директивы "limit_req".
Спасибо Владиславу Шабанову и Петру Щучкину.
*) Исправление: утечки памяти в случае ошибок при переконфигурации.
*) Исправление: в переменных $upstream_response_time,
$upstream_connect_time и $upstream_header_time.
*) Исправление: в рабочем процессе мог произойти segmentation fault,
если использовался модуль ngx_http_mp4_module на 32-битных
платформах.
Изменения в nginx 1.15.6 06.11.2018
*) Безопасность: при использовании HTTP/2 клиент мог вызвать чрезмерное
потреблению памяти (CVE-2018-16843) и ресурсов процессора
(CVE-2018-16844).
*) Безопасность: при обработке специально созданного mp4-файла модулем
ngx_http_mp4_module содержимое памяти рабочего процесса могло быть
отправлено клиенту (CVE-2018-16845).
*) Добавление: директивы proxy_socket_keepalive,
fastcgi_socket_keepalive, grpc_socket_keepalive,
memcached_socket_keepalive, scgi_socket_keepalive и
uwsgi_socket_keepalive.
*) Исправление: если nginx был собран с OpenSSL 1.1.0, а использовался с
OpenSSL 1.1.1, протокол TLS 1.3 всегда был разрешён.
*) Исправление: при работе с gRPC-бэкендами могло расходоваться большое
количество памяти.
Изменения в nginx 1.15.5 02.10.2018
*) Исправление: при использовании OpenSSL 1.1.0h и новее в рабочем
процессе мог произойти segmentation fault; ошибка появилась в 1.15.4.
*) Исправление: незначительных потенциальных ошибок.
Изменения в nginx 1.15.4 25.09.2018
*) Добавление: теперь директиву ssl_early_data можно использовать с
OpenSSL.
*) Исправление: в модуле ngx_http_uwsgi_module.
Спасибо Chris Caputo.
*) Исправление: соединения к некоторым gRPC-бэкендам могли не
кэшироваться при использовании директивы keepalive.
*) Исправление: при использовании директивы error_page для
перенаправления ошибок, возникающих на ранних этапах обработки
запроса, в частности ошибок с кодом 400, могла происходить утечка
сокетов.
*) Исправление: директива return при возврате ошибок не изменяла код
ответа, если запрос был перенаправлен с помощью директивы error_page.
*) Исправление: стандартные сообщения об ошибках и ответы модуля
ngx_http_autoindex_module содержали атрибут bgcolor, что могло
приводить к их некорректному отображению при использовании
пользовательских настроек цветов в браузерах.
Спасибо Nova DasSarma.
*) Изменение: уровень логгирования ошибок SSL "no suitable key share" и
"no suitable signature algorithm" понижен с уровня crit до info.
Изменения в nginx 1.15.3 28.08.2018
*) Добавление: теперь TLSv1.3 можно использовать с BoringSSL.
*) Добавление: директива ssl_early_data, сейчас доступна при
использовании BoringSSL.
*) Добавление: директивы keepalive_timeout и keepalive_requests в блоке
upstream.
*) Исправление: модуль ngx_http_dav_module при копировании файла поверх
существующего файла с помощью метода COPY не обнулял целевой файл.
*) Исправление: модуль ngx_http_dav_module при перемещении файла между
файловыми системами с помощью метода MOVE устанавливал нулевые права
доступа на результирующий файл и не сохранял время изменения файла.
*) Исправление: модуль ngx_http_dav_module при копировании файла с
помощью метода COPY для результирующего файла использовал права
доступа по умолчанию.
*) Изменение: некоторые клиенты могли не работать при использовании
HTTP/2; ошибка появилась в 1.13.5.
*) Исправление: nginx не собирался с LibreSSL 2.8.0.
Изменения в nginx 1.15.2 24.07.2018
*) Добавление: переменная $ssl_preread_protocol в модуле
ngx_stream_ssl_preread_module.
*) Добавление: теперь при использовании директивы
reset_timedout_connection nginx сбрасывает соединения, закрываемые с
кодом 444.
*) Изменение: уровень логгирования ошибок SSL "http request", "https
proxy request", "unsupported protocol" и "version too low" понижен с
уровня crit до info.
*) Исправление: запросы к DNS-серверу не отправлялись повторно, если при
первой попытке отправки происходила ошибка.
*) Исправление: параметр reuseport директивы listen игнорировался, если
количество рабочих процессов было задано после директивы listen.
*) Исправление: при использовании OpenSSL 1.1.0 и новее директиву
ssl_prefer_server_ciphers нельзя было выключить в виртуальном
сервере, если она была включена в сервере по умолчанию.
*) Исправление: повторное использование SSL-сессий к бэкендам не
работало с протоколом TLS 1.3.
Изменения в nginx 1.15.1 03.07.2018
*) Добавление: директива random в блоке upstream.
*) Добавление: улучшена производительность при использовании директив
hash и ip_hash совместно с директивой zone.
*) Добавление: параметр reuseport директивы listen теперь использует
SO_REUSEPORT_LB на FreeBSD 12.
*) Исправление: HTTP/2 server push не работал, если SSL терминировался
прокси-сервером перед nginx'ом.
*) Исправление: директива tcp_nopush всегда использовалась для
соединений к бэкендам.
*) Исправление: при отправке сохранённого на диск тела запроса на
gRPC-бэкенд могли возникать ошибки.
Изменения в nginx 1.15.0 05.06.2018
*) Изменение: директива "ssl" теперь считается устаревшей; вместо неё
следует использовать параметр ssl директивы listen.
*) Изменение: теперь при использовании директивы listen с параметром ssl
nginx определяет отсутствие SSL-сертификатов при тестировании
конфигурации.
*) Добавление: теперь модуль stream умеет обрабатывать несколько
входящих UDP-пакетов от клиента в рамках одной сессии.
*) Исправление: в директиве proxy_cache_valid можно было указать
некорректный код ответа.
*) Исправление: nginx не собирался gcc 8.1.
*) Исправление: логгирование в syslog останавливалось при изменении
локального IP-адреса.
*) Исправление: nginx не собирался компилятором clang, если был
установлен CUDA SDK; ошибка появилась в 1.13.8.
*) Исправление: при использовании unix domain listen-сокетов на FreeBSD
в процессе обновления исполняемого файла в логе могли появляться
сообщения "getsockopt(TCP_FASTOPEN) ... failed".
*) Исправление: nginx не собирался на Fedora 28 Linux.
*) Исправление: при использовании директивы limit_req заданная скорость
обработки запросов могла не соблюдаться.
*) Исправление: в обработке адресов клиентов при использовании unix
domain listen-сокетов для работы с датаграммами на Linux.
*) Исправление: в обработке ошибок выделения памяти.
Изменения в nginx 1.13.12 10.04.2018

View File

@ -1,6 +1,6 @@
/*
* Copyright (C) 2002-2018 Igor Sysoev
* Copyright (C) 2011-2018 Nginx, Inc.
* Copyright (C) 2002-2019 Igor Sysoev
* Copyright (C) 2011-2019 Nginx, Inc.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without

View File

@ -4,22 +4,20 @@
The OpenSSL toolkit stays under a double license, i.e. both the conditions of
the OpenSSL License and the original SSLeay license apply to the toolkit.
See below for the actual license texts. Actually both licenses are BSD-style
Open Source licenses. In case of any license issues related to OpenSSL
please contact openssl-core@openssl.org.
See below for the actual license texts.
OpenSSL License
---------------
/* ====================================================================
* Copyright (c) 1998-2018 The OpenSSL Project. All rights reserved.
* Copyright (c) 1998-2019 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
@ -74,21 +72,21 @@
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
*
*
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
*
*
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
*
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
@ -103,10 +101,10 @@
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
* 4. If you include any Windows specific code (or a derivative thereof) from
* 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
*
*
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@ -118,7 +116,7 @@
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
*
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence

View File

@ -25,7 +25,7 @@ Email domain: cam.ac.uk
University of Cambridge Computing Service,
Cambridge, England.
Copyright (c) 1997-2018 University of Cambridge
Copyright (c) 1997-2019 University of Cambridge
All rights reserved.
@ -34,9 +34,9 @@ PCRE JUST-IN-TIME COMPILATION SUPPORT
Written by: Zoltan Herczeg
Email local part: hzmester
Emain domain: freemail.hu
Email domain: freemail.hu
Copyright(c) 2010-2018 Zoltan Herczeg
Copyright(c) 2010-2019 Zoltan Herczeg
All rights reserved.
@ -45,9 +45,9 @@ STACK-LESS JUST-IN-TIME COMPILER
Written by: Zoltan Herczeg
Email local part: hzmester
Emain domain: freemail.hu
Email domain: freemail.hu
Copyright(c) 2009-2018 Zoltan Herczeg
Copyright(c) 2009-2019 Zoltan Herczeg
All rights reserved.

View File

@ -15,7 +15,7 @@
<p>Sorry, the page you are looking for is currently unavailable.<br/>
Please try again later.</p>
<p>If you are the system administrator of this resource then you should check
the <a href="http://nginx.org/r/error_log">error log</a> for details.</p>
the error log for details.</p>
<p><em>Faithfully yours, nginx.</em></p>