C:\Windows\System32\drivers\etc\hosts 中 127.0.0.1 www.google.com 的那行记录删除即可。如果删除后刷新网页还是看到这个页面,请先清除一下浏览器缓存。';
+ }
+}
+
+upstream wikipedia-server {
+ server 198.35.26.96:443;
+ server 103.102.166.224:443;
+}
+
+server {
+ listen 443 ssl;
+ server_name *.wikipedia.org;
+ server_name *.m.wikipedia.org;
+
+
+ ssl_certificate ca/pixiv.net.crt;
+ ssl_certificate_key ca/pixiv.net.key;
+
+ location / {
+ proxy_pass https://wikipedia-server/;
+ proxy_set_header Host $http_host;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header X-Real_IP $remote_addr;
+ proxy_set_header User-Agent $http_user_agent;
+ proxy_set_header Accept-Encoding '';
+ proxy_buffering off;
+ }
+}
+
+server {
+ listen 443 ssl;
+ server_name *.steamcommunity.com;
+ server_name steamcommunity.com;
+
+
+ ssl_certificate ca/pixiv.net.crt;
+ ssl_certificate_key ca/pixiv.net.key;
+
+ location / {
+ proxy_pass https://23.61.176.149/;
+ proxy_set_header Host $http_host;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header X-Real_IP $remote_addr;
+ proxy_set_header User-Agent $http_user_agent;
+ proxy_set_header Accept-Encoding '';
+ proxy_buffering off;
+ }
+}
+
+server {
+ listen 443 ssl;
+ server_name *.steampowered.com;
+ server_name steampowered.com;
+
+
+ ssl_certificate ca/pixiv.net.crt;
+ ssl_certificate_key ca/pixiv.net.key;
+
+ location / {
+ proxy_pass https://104.112.84.145/;
+ proxy_set_header Host $http_host;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header X-Real_IP $remote_addr;
+ proxy_set_header User-Agent $http_user_agent;
+ proxy_set_header Accept-Encoding '';
+ proxy_buffering off;
+ }
+}
+ server {
+ listen 443 ssl;
+ server_name *.archiveofourown.org;
+ server_name archiveofourown.org;
+
+
+ ssl_certificate ca/pixiv.net.crt;
+ ssl_certificate_key ca/pixiv.net.key;
+
+ location / {
+ proxy_pass https://104.153.64.122/;
+ proxy_set_header Host $http_host;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header X-Real_IP $remote_addr;
+ proxy_set_header User-Agent $http_user_agent;
+ proxy_set_header Accept-Encoding '';
+ proxy_buffering off;
+ }
+}
\ No newline at end of file
diff --git a/contrib/vim/syntax/nginx.vim b/contrib/vim/syntax/nginx.vim
index 075b19a..6bee7a2 100644
--- a/contrib/vim/syntax/nginx.vim
+++ b/contrib/vim/syntax/nginx.vim
@@ -108,6 +108,7 @@ syn keyword ngxDirectiveControl contained set
syn keyword ngxDirectiveError contained error_page
syn keyword ngxDirectiveError contained post_action
+syn keyword ngxDirectiveDeprecated contained limit_zone
syn keyword ngxDirectiveDeprecated contained proxy_downstream_buffer
syn keyword ngxDirectiveDeprecated contained proxy_upstream_buffer
syn keyword ngxDirectiveDeprecated contained spdy_chunk_size
@@ -118,6 +119,7 @@ syn keyword ngxDirectiveDeprecated contained spdy_pool_size
syn keyword ngxDirectiveDeprecated contained spdy_recv_buffer_size
syn keyword ngxDirectiveDeprecated contained spdy_recv_timeout
syn keyword ngxDirectiveDeprecated contained spdy_streams_index_size
+syn keyword ngxDirectiveDeprecated contained ssl
syn keyword ngxDirectiveDeprecated contained upstream_conf
syn keyword ngxDirective contained absolute_redirect
@@ -136,6 +138,7 @@ syn keyword ngxDirective contained alias
syn keyword ngxDirective contained allow
syn keyword ngxDirective contained ancient_browser
syn keyword ngxDirective contained ancient_browser_value
+syn keyword ngxDirective contained api
syn keyword ngxDirective contained auth_basic
syn keyword ngxDirective contained auth_basic_user_file
syn keyword ngxDirective contained auth_http
@@ -143,7 +146,11 @@ syn keyword ngxDirective contained auth_http_header
syn keyword ngxDirective contained auth_http_pass_client_cert
syn keyword ngxDirective contained auth_http_timeout
syn keyword ngxDirective contained auth_jwt
+syn keyword ngxDirective contained auth_jwt_claim_set
+syn keyword ngxDirective contained auth_jwt_header_set
syn keyword ngxDirective contained auth_jwt_key_file
+syn keyword ngxDirective contained auth_jwt_key_request
+syn keyword ngxDirective contained auth_jwt_leeway
syn keyword ngxDirective contained auth_request
syn keyword ngxDirective contained auth_request_set
syn keyword ngxDirective contained autoindex
@@ -229,6 +236,7 @@ syn keyword ngxDirective contained fastcgi_read_timeout
syn keyword ngxDirective contained fastcgi_request_buffering
syn keyword ngxDirective contained fastcgi_send_lowat
syn keyword ngxDirective contained fastcgi_send_timeout
+syn keyword ngxDirective contained fastcgi_socket_keepalive
syn keyword ngxDirective contained fastcgi_split_path_info
syn keyword ngxDirective contained fastcgi_store
syn keyword ngxDirective contained fastcgi_store_access
@@ -255,6 +263,7 @@ syn keyword ngxDirective contained grpc_pass_header
syn keyword ngxDirective contained grpc_read_timeout
syn keyword ngxDirective contained grpc_send_timeout
syn keyword ngxDirective contained grpc_set_header
+syn keyword ngxDirective contained grpc_socket_keepalive
syn keyword ngxDirective contained grpc_ssl_certificate
syn keyword ngxDirective contained grpc_ssl_certificate_key
syn keyword ngxDirective contained grpc_ssl_ciphers
@@ -330,6 +339,8 @@ syn keyword ngxDirective contained keepalive
syn keyword ngxDirective contained keepalive_disable
syn keyword ngxDirective contained keepalive_requests
syn keyword ngxDirective contained keepalive_timeout
+syn keyword ngxDirective contained keyval
+syn keyword ngxDirective contained keyval_zone
syn keyword ngxDirective contained kqueue_changes
syn keyword ngxDirective contained kqueue_events
syn keyword ngxDirective contained large_client_header_buffers
@@ -367,6 +378,7 @@ syn keyword ngxDirective contained memcached_next_upstream_timeout
syn keyword ngxDirective contained memcached_next_upstream_tries
syn keyword ngxDirective contained memcached_read_timeout
syn keyword ngxDirective contained memcached_send_timeout
+syn keyword ngxDirective contained memcached_socket_keepalive
syn keyword ngxDirective contained merge_slashes
syn keyword ngxDirective contained min_delete_depth
syn keyword ngxDirective contained mirror
@@ -375,9 +387,9 @@ syn keyword ngxDirective contained modern_browser
syn keyword ngxDirective contained modern_browser_value
syn keyword ngxDirective contained mp4
syn keyword ngxDirective contained mp4_buffer_size
-syn keyword ngxDirective contained mp4_max_buffer_size
syn keyword ngxDirective contained mp4_limit_rate
syn keyword ngxDirective contained mp4_limit_rate_after
+syn keyword ngxDirective contained mp4_max_buffer_size
syn keyword ngxDirective contained msie_padding
syn keyword ngxDirective contained msie_refresh
syn keyword ngxDirective contained multi_accept
@@ -456,11 +468,13 @@ syn keyword ngxDirective contained proxy_protocol_timeout
syn keyword ngxDirective contained proxy_read_timeout
syn keyword ngxDirective contained proxy_redirect
syn keyword ngxDirective contained proxy_request_buffering
+syn keyword ngxDirective contained proxy_requests
syn keyword ngxDirective contained proxy_responses
syn keyword ngxDirective contained proxy_send_lowat
syn keyword ngxDirective contained proxy_send_timeout
syn keyword ngxDirective contained proxy_set_body
syn keyword ngxDirective contained proxy_set_header
+syn keyword ngxDirective contained proxy_socket_keepalive
syn keyword ngxDirective contained proxy_ssl
syn keyword ngxDirective contained proxy_ssl_certificate
syn keyword ngxDirective contained proxy_ssl_certificate_key
@@ -481,6 +495,7 @@ syn keyword ngxDirective contained proxy_temp_path
syn keyword ngxDirective contained proxy_timeout
syn keyword ngxDirective contained proxy_upload_rate
syn keyword ngxDirective contained queue
+syn keyword ngxDirective contained random
syn keyword ngxDirective contained random_index
syn keyword ngxDirective contained read_ahead
syn keyword ngxDirective contained real_ip_header
@@ -533,6 +548,7 @@ syn keyword ngxDirective contained scgi_pass_request_headers
syn keyword ngxDirective contained scgi_read_timeout
syn keyword ngxDirective contained scgi_request_buffering
syn keyword ngxDirective contained scgi_send_timeout
+syn keyword ngxDirective contained scgi_socket_keepalive
syn keyword ngxDirective contained scgi_store
syn keyword ngxDirective contained scgi_store_access
syn keyword ngxDirective contained scgi_temp_file_write_size
@@ -565,7 +581,6 @@ syn keyword ngxDirective contained ssi_min_file_chunk
syn keyword ngxDirective contained ssi_silent_errors
syn keyword ngxDirective contained ssi_types
syn keyword ngxDirective contained ssi_value_length
-syn keyword ngxDirective contained ssl
syn keyword ngxDirective contained ssl_buffer_size
syn keyword ngxDirective contained ssl_certificate
syn keyword ngxDirective contained ssl_certificate_key
@@ -573,6 +588,7 @@ syn keyword ngxDirective contained ssl_ciphers
syn keyword ngxDirective contained ssl_client_certificate
syn keyword ngxDirective contained ssl_crl
syn keyword ngxDirective contained ssl_dhparam
+syn keyword ngxDirective contained ssl_early_data
syn keyword ngxDirective contained ssl_ecdh_curve
syn keyword ngxDirective contained ssl_engine
syn keyword ngxDirective contained ssl_handshake_timeout
@@ -664,6 +680,7 @@ syn keyword ngxDirective contained uwsgi_pass_request_headers
syn keyword ngxDirective contained uwsgi_read_timeout
syn keyword ngxDirective contained uwsgi_request_buffering
syn keyword ngxDirective contained uwsgi_send_timeout
+syn keyword ngxDirective contained uwsgi_socket_keepalive
syn keyword ngxDirective contained uwsgi_ssl_certificate
syn keyword ngxDirective contained uwsgi_ssl_certificate_key
syn keyword ngxDirective contained uwsgi_ssl_ciphers
@@ -701,6 +718,26 @@ syn keyword ngxDirective contained xslt_string_param
syn keyword ngxDirective contained xslt_stylesheet
syn keyword ngxDirective contained xslt_types
syn keyword ngxDirective contained zone
+syn keyword ngxDirective contained zone_sync
+syn keyword ngxDirective contained zone_sync_buffers
+syn keyword ngxDirective contained zone_sync_connect_retry_interval
+syn keyword ngxDirective contained zone_sync_connect_timeout
+syn keyword ngxDirective contained zone_sync_interval
+syn keyword ngxDirective contained zone_sync_recv_buffer_size
+syn keyword ngxDirective contained zone_sync_server
+syn keyword ngxDirective contained zone_sync_ssl
+syn keyword ngxDirective contained zone_sync_ssl_certificate
+syn keyword ngxDirective contained zone_sync_ssl_certificate_key
+syn keyword ngxDirective contained zone_sync_ssl_ciphers
+syn keyword ngxDirective contained zone_sync_ssl_crl
+syn keyword ngxDirective contained zone_sync_ssl_name
+syn keyword ngxDirective contained zone_sync_ssl_password_file
+syn keyword ngxDirective contained zone_sync_ssl_protocols
+syn keyword ngxDirective contained zone_sync_ssl_server_name
+syn keyword ngxDirective contained zone_sync_ssl_trusted_certificate
+syn keyword ngxDirective contained zone_sync_ssl_verify
+syn keyword ngxDirective contained zone_sync_ssl_verify_depth
+syn keyword ngxDirective contained zone_sync_timeout
" 3rd party modules list taken from
" https://github.com/freebsd/freebsd-ports/blob/master/www/nginx-devel/Makefile
@@ -876,6 +913,8 @@ syn keyword ngxDirectiveThirdParty contained more_set_input_headers
" NGINX WebDAV missing commands support (PROPFIND & OPTIONS)
" https://github.com/arut/nginx-dav-ext-module
+syn keyword ngxDirectiveThirdParty contained dav_ext_lock
+syn keyword ngxDirectiveThirdParty contained dav_ext_lock_zone
syn keyword ngxDirectiveThirdParty contained dav_ext_methods
" ngx_eval
@@ -895,6 +934,7 @@ syn keyword ngxDirectiveThirdParty contained fancyindex_directories_first
syn keyword ngxDirectiveThirdParty contained fancyindex_exact_size
syn keyword ngxDirectiveThirdParty contained fancyindex_footer
syn keyword ngxDirectiveThirdParty contained fancyindex_header
+syn keyword ngxDirectiveThirdParty contained fancyindex_hide_parent_dir
syn keyword ngxDirectiveThirdParty contained fancyindex_hide_symlinks
syn keyword ngxDirectiveThirdParty contained fancyindex_ignore
syn keyword ngxDirectiveThirdParty contained fancyindex_localtime
@@ -937,8 +977,17 @@ syn keyword ngxDirectiveThirdParty contained notice_type
" nchan
" https://github.com/slact/nchan
+syn keyword ngxDirectiveThirdParty contained nchan_access_control_allow_credentials
syn keyword ngxDirectiveThirdParty contained nchan_access_control_allow_origin
syn keyword ngxDirectiveThirdParty contained nchan_authorize_request
+syn keyword ngxDirectiveThirdParty contained nchan_benchmark
+syn keyword ngxDirectiveThirdParty contained nchan_benchmark_channels
+syn keyword ngxDirectiveThirdParty contained nchan_benchmark_message_padding_bytes
+syn keyword ngxDirectiveThirdParty contained nchan_benchmark_messages_per_channel_per_minute
+syn keyword ngxDirectiveThirdParty contained nchan_benchmark_publisher_distribution
+syn keyword ngxDirectiveThirdParty contained nchan_benchmark_subscriber_distribution
+syn keyword ngxDirectiveThirdParty contained nchan_benchmark_subscribers_per_channel
+syn keyword ngxDirectiveThirdParty contained nchan_benchmark_time
syn keyword ngxDirectiveThirdParty contained nchan_channel_event_string
syn keyword ngxDirectiveThirdParty contained nchan_channel_events_channel_id
syn keyword ngxDirectiveThirdParty contained nchan_channel_group
@@ -974,15 +1023,19 @@ syn keyword ngxDirectiveThirdParty contained nchan_publisher_upstream_request
syn keyword ngxDirectiveThirdParty contained nchan_pubsub
syn keyword ngxDirectiveThirdParty contained nchan_pubsub_channel_id
syn keyword ngxDirectiveThirdParty contained nchan_pubsub_location
+syn keyword ngxDirectiveThirdParty contained nchan_redis_connect_timeout
syn keyword ngxDirectiveThirdParty contained nchan_redis_fakesub_timer_interval
syn keyword ngxDirectiveThirdParty contained nchan_redis_idle_channel_cache_timeout
syn keyword ngxDirectiveThirdParty contained nchan_redis_namespace
+syn keyword ngxDirectiveThirdParty contained nchan_redis_nostore_fastpublish
+syn keyword ngxDirectiveThirdParty contained nchan_redis_optimize_target
syn keyword ngxDirectiveThirdParty contained nchan_redis_pass
syn keyword ngxDirectiveThirdParty contained nchan_redis_pass_inheritable
syn keyword ngxDirectiveThirdParty contained nchan_redis_ping_interval
syn keyword ngxDirectiveThirdParty contained nchan_redis_publish_msgpacked_max_size
syn keyword ngxDirectiveThirdParty contained nchan_redis_server
syn keyword ngxDirectiveThirdParty contained nchan_redis_storage_mode
+syn keyword ngxDirectiveThirdParty contained nchan_redis_subscribe_weights
syn keyword ngxDirectiveThirdParty contained nchan_redis_url
syn keyword ngxDirectiveThirdParty contained nchan_redis_wait_after_connecting
syn keyword ngxDirectiveThirdParty contained nchan_shared_memory_size
@@ -1280,6 +1333,7 @@ syn keyword ngxDirectiveThirdParty contained lua_package_cpath
syn keyword ngxDirectiveThirdParty contained lua_package_path
syn keyword ngxDirectiveThirdParty contained lua_regex_cache_max_entries
syn keyword ngxDirectiveThirdParty contained lua_regex_match_limit
+syn keyword ngxDirectiveThirdParty contained lua_sa_restart
syn keyword ngxDirectiveThirdParty contained lua_shared_dict
syn keyword ngxDirectiveThirdParty contained lua_socket_buffer_size
syn keyword ngxDirectiveThirdParty contained lua_socket_connect_timeout
@@ -1355,9 +1409,15 @@ syn keyword ngxDirectiveThirdParty contained rules_enabled
" https://www.phusionpassenger.com/library/config/nginx/reference/
syn keyword ngxDirectiveThirdParty contained passenger_abort_on_startup_error
syn keyword ngxDirectiveThirdParty contained passenger_abort_websockets_on_process_shutdown
+syn keyword ngxDirectiveThirdParty contained passenger_admin_panel_auth_type
+syn keyword ngxDirectiveThirdParty contained passenger_admin_panel_password
+syn keyword ngxDirectiveThirdParty contained passenger_admin_panel_url
+syn keyword ngxDirectiveThirdParty contained passenger_admin_panel_username
+syn keyword ngxDirectiveThirdParty contained passenger_anonymous_telemetry_proxy
syn keyword ngxDirectiveThirdParty contained passenger_app_env
syn keyword ngxDirectiveThirdParty contained passenger_app_file_descriptor_ulimit
syn keyword ngxDirectiveThirdParty contained passenger_app_group_name
+syn keyword ngxDirectiveThirdParty contained passenger_app_log_file
syn keyword ngxDirectiveThirdParty contained passenger_app_rights
syn keyword ngxDirectiveThirdParty contained passenger_app_root
syn keyword ngxDirectiveThirdParty contained passenger_app_type
@@ -1373,8 +1433,10 @@ syn keyword ngxDirectiveThirdParty contained passenger_data_buffer_dir
syn keyword ngxDirectiveThirdParty contained passenger_debugger
syn keyword ngxDirectiveThirdParty contained passenger_default_group
syn keyword ngxDirectiveThirdParty contained passenger_default_user
+syn keyword ngxDirectiveThirdParty contained passenger_disable_anonymous_telemetry
syn keyword ngxDirectiveThirdParty contained passenger_disable_security_update_check
syn keyword ngxDirectiveThirdParty contained passenger_document_root
+syn keyword ngxDirectiveThirdParty contained passenger_dump_config_manifest
syn keyword ngxDirectiveThirdParty contained passenger_enabled
syn keyword ngxDirectiveThirdParty contained passenger_env_var
syn keyword ngxDirectiveThirdParty contained passenger_file_descriptor_log_file
@@ -1402,6 +1464,7 @@ syn keyword ngxDirectiveThirdParty contained passenger_max_requests
syn keyword ngxDirectiveThirdParty contained passenger_memory_limit
syn keyword ngxDirectiveThirdParty contained passenger_meteor_app_settings
syn keyword ngxDirectiveThirdParty contained passenger_min_instances
+syn keyword ngxDirectiveThirdParty contained passenger_monitor_log_file
syn keyword ngxDirectiveThirdParty contained passenger_nodejs
syn keyword ngxDirectiveThirdParty contained passenger_pass_header
syn keyword ngxDirectiveThirdParty contained passenger_pool_idle_time
@@ -1778,6 +1841,8 @@ syn keyword ngxDirectiveThirdParty contained vhost_traffic_status_filter
syn keyword ngxDirectiveThirdParty contained vhost_traffic_status_filter_by_host
syn keyword ngxDirectiveThirdParty contained vhost_traffic_status_filter_by_set_key
syn keyword ngxDirectiveThirdParty contained vhost_traffic_status_filter_check_duplicate
+syn keyword ngxDirectiveThirdParty contained vhost_traffic_status_filter_max_node
+syn keyword ngxDirectiveThirdParty contained vhost_traffic_status_histogram_buckets
syn keyword ngxDirectiveThirdParty contained vhost_traffic_status_limit
syn keyword ngxDirectiveThirdParty contained vhost_traffic_status_limit_check_duplicate
syn keyword ngxDirectiveThirdParty contained vhost_traffic_status_limit_traffic
@@ -1899,11 +1964,11 @@ syn keyword ngxDirectiveThirdParty contained form_auth_remote_user
" ngx_http_accounting_module
" https://github.com/Lax/ngx_http_accounting_module
-syn keyword ngxDirectiveThirdParty contained http_accounting
-syn keyword ngxDirectiveThirdParty contained http_accounting_id
-syn keyword ngxDirectiveThirdParty contained http_accounting_interval
-syn keyword ngxDirectiveThirdParty contained http_accounting_log
-syn keyword ngxDirectiveThirdParty contained http_accounting_perturb
+syn keyword ngxDirectiveThirdParty contained accounting
+syn keyword ngxDirectiveThirdParty contained accounting_id
+syn keyword ngxDirectiveThirdParty contained accounting_interval
+syn keyword ngxDirectiveThirdParty contained accounting_log
+syn keyword ngxDirectiveThirdParty contained accounting_perturb
" concatenating files in a given context: CSS and JS files usually
" https://github.com/alibaba/nginx-http-concat
diff --git a/docs/CHANGES b/docs/CHANGES
index 9d88346..8e7382b 100644
--- a/docs/CHANGES
+++ b/docs/CHANGES
@@ -1,7 +1,263 @@
-Changes with nginx 1.14.0 17 Apr 2018
+Changes with nginx 1.16.1 13 Aug 2019
- *) 1.14.x stable branch.
+ *) Security: when using HTTP/2 a client might cause excessive memory
+ consumption and CPU usage (CVE-2019-9511, CVE-2019-9513,
+ CVE-2019-9516).
+
+
+Changes with nginx 1.16.0 23 Apr 2019
+
+ *) 1.16.x stable branch.
+
+
+Changes with nginx 1.15.12 16 Apr 2019
+
+ *) Bugfix: a segmentation fault might occur in a worker process if
+ variables were used in the "ssl_certificate" or "ssl_certificate_key"
+ directives and OCSP stapling was enabled.
+
+
+Changes with nginx 1.15.11 09 Apr 2019
+
+ *) Bugfix: in the "ssl_stapling_file" directive on Windows.
+
+
+Changes with nginx 1.15.10 26 Mar 2019
+
+ *) Change: when using a hostname in the "listen" directive nginx now
+ creates listening sockets for all addresses the hostname resolves to
+ (previously, only the first address was used).
+
+ *) Feature: port ranges in the "listen" directive.
+
+ *) Feature: loading of SSL certificates and secret keys from variables.
+
+ *) Workaround: the $ssl_server_name variable might be empty when using
+ OpenSSL 1.1.1.
+
+ *) Bugfix: nginx/Windows could not be built with Visual Studio 2015 or
+ newer; the bug had appeared in 1.15.9.
+
+
+Changes with nginx 1.15.9 26 Feb 2019
+
+ *) Feature: variables support in the "ssl_certificate" and
+ "ssl_certificate_key" directives.
+
+ *) Feature: the "poll" method is now available on Windows when using
+ Windows Vista or newer.
+
+ *) Bugfix: if the "select" method was used on Windows and an error
+ occurred while establishing a backend connection, nginx waited for
+ the connection establishment timeout to expire.
+
+ *) Bugfix: the "proxy_upload_rate" and "proxy_download_rate" directives
+ in the stream module worked incorrectly when proxying UDP datagrams.
+
+
+Changes with nginx 1.15.8 25 Dec 2018
+
+ *) Feature: the $upstream_bytes_sent variable.
+ Thanks to Piotr Sikora.
+
+ *) Feature: new directives in vim syntax highlighting scripts.
+ Thanks to Gena Makhomed.
+
+ *) Bugfix: in the "proxy_cache_background_update" directive.
+
+ *) Bugfix: in the "geo" directive when using unix domain listen sockets.
+
+ *) Workaround: the "ignoring stale global SSL error ... bad length"
+ alerts might appear in logs when using the "ssl_early_data" directive
+ with OpenSSL.
+
+ *) Bugfix: in nginx/Windows.
+
+ *) Bugfix: in the ngx_http_autoindex_module on 32-bit platforms.
+
+
+Changes with nginx 1.15.7 27 Nov 2018
+
+ *) Feature: the "proxy_requests" directive in the stream module.
+
+ *) Feature: the "delay" parameter of the "limit_req" directive.
+ Thanks to Vladislav Shabanov and Peter Shchuchkin.
+
+ *) Bugfix: memory leak on errors during reconfiguration.
+
+ *) Bugfix: in the $upstream_response_time, $upstream_connect_time, and
+ $upstream_header_time variables.
+
+ *) Bugfix: a segmentation fault might occur in a worker process if the
+ ngx_http_mp4_module was used on 32-bit platforms.
+
+
+Changes with nginx 1.15.6 06 Nov 2018
+
+ *) Security: when using HTTP/2 a client might cause excessive memory
+ consumption (CVE-2018-16843) and CPU usage (CVE-2018-16844).
+
+ *) Security: processing of a specially crafted mp4 file with the
+ ngx_http_mp4_module might result in worker process memory disclosure
+ (CVE-2018-16845).
+
+ *) Feature: the "proxy_socket_keepalive", "fastcgi_socket_keepalive",
+ "grpc_socket_keepalive", "memcached_socket_keepalive",
+ "scgi_socket_keepalive", and "uwsgi_socket_keepalive" directives.
+
+ *) Bugfix: if nginx was built with OpenSSL 1.1.0 and used with OpenSSL
+ 1.1.1, the TLS 1.3 protocol was always enabled.
+
+ *) Bugfix: working with gRPC backends might result in excessive memory
+ consumption.
+
+
+Changes with nginx 1.15.5 02 Oct 2018
+
+ *) Bugfix: a segmentation fault might occur in a worker process when
+ using OpenSSL 1.1.0h or newer; the bug had appeared in 1.15.4.
+
+ *) Bugfix: of minor potential bugs.
+
+
+Changes with nginx 1.15.4 25 Sep 2018
+
+ *) Feature: now the "ssl_early_data" directive can be used with OpenSSL.
+
+ *) Bugfix: in the ngx_http_uwsgi_module.
+ Thanks to Chris Caputo.
+
+ *) Bugfix: connections with some gRPC backends might not be cached when
+ using the "keepalive" directive.
+
+ *) Bugfix: a socket leak might occur when using the "error_page"
+ directive to redirect early request processing errors, notably errors
+ with code 400.
+
+ *) Bugfix: the "return" directive did not change the response code when
+ returning errors if the request was redirected by the "error_page"
+ directive.
+
+ *) Bugfix: standard error pages and responses of the
+ ngx_http_autoindex_module module used the "bgcolor" attribute, and
+ might be displayed incorrectly when using custom color settings in
+ browsers.
+ Thanks to Nova DasSarma.
+
+ *) Change: the logging level of the "no suitable key share" and "no
+ suitable signature algorithm" SSL errors has been lowered from "crit"
+ to "info".
+
+
+Changes with nginx 1.15.3 28 Aug 2018
+
+ *) Feature: now TLSv1.3 can be used with BoringSSL.
+
+ *) Feature: the "ssl_early_data" directive, currently available with
+ BoringSSL.
+
+ *) Feature: the "keepalive_timeout" and "keepalive_requests" directives
+ in the "upstream" block.
+
+ *) Bugfix: the ngx_http_dav_module did not truncate destination file
+ when copying a file over an existing one with the COPY method.
+
+ *) Bugfix: the ngx_http_dav_module used zero access rights on the
+ destination file and did not preserve file modification time when
+ moving a file between different file systems with the MOVE method.
+
+ *) Bugfix: the ngx_http_dav_module used default access rights when
+ copying a file with the COPY method.
+
+ *) Workaround: some clients might not work when using HTTP/2; the bug
+ had appeared in 1.13.5.
+
+ *) Bugfix: nginx could not be built with LibreSSL 2.8.0.
+
+
+Changes with nginx 1.15.2 24 Jul 2018
+
+ *) Feature: the $ssl_preread_protocol variable in the
+ ngx_stream_ssl_preread_module.
+
+ *) Feature: now when using the "reset_timedout_connection" directive
+ nginx will reset connections being closed with the 444 code.
+
+ *) Change: a logging level of the "http request", "https proxy request",
+ "unsupported protocol", and "version too low" SSL errors has been
+ lowered from "crit" to "info".
+
+ *) Bugfix: DNS requests were not resent if initial sending of a request
+ failed.
+
+ *) Bugfix: the "reuseport" parameter of the "listen" directive was
+ ignored if the number of worker processes was specified after the
+ "listen" directive.
+
+ *) Bugfix: when using OpenSSL 1.1.0 or newer it was not possible to
+ switch off "ssl_prefer_server_ciphers" in a virtual server if it was
+ switched on in the default server.
+
+ *) Bugfix: SSL session reuse with upstream servers did not work with the
+ TLS 1.3 protocol.
+
+
+Changes with nginx 1.15.1 03 Jul 2018
+
+ *) Feature: the "random" directive inside the "upstream" block.
+
+ *) Feature: improved performance when using the "hash" and "ip_hash"
+ directives with the "zone" directive.
+
+ *) Feature: the "reuseport" parameter of the "listen" directive now uses
+ SO_REUSEPORT_LB on FreeBSD 12.
+
+ *) Bugfix: HTTP/2 server push did not work if SSL was terminated by a
+ proxy server in front of nginx.
+
+ *) Bugfix: the "tcp_nopush" directive was always used on backend
+ connections.
+
+ *) Bugfix: sending a disk-buffered request body to a gRPC backend might
+ fail.
+
+
+Changes with nginx 1.15.0 05 Jun 2018
+
+ *) Change: the "ssl" directive is deprecated; the "ssl" parameter of the
+ "listen" directive should be used instead.
+
+ *) Change: now nginx detects missing SSL certificates during
+ configuration testing when using the "ssl" parameter of the "listen"
+ directive.
+
+ *) Feature: now the stream module can handle multiple incoming UDP
+ datagrams from a client within a single session.
+
+ *) Bugfix: it was possible to specify an incorrect response code in the
+ "proxy_cache_valid" directive.
+
+ *) Bugfix: nginx could not be built by gcc 8.1.
+
+ *) Bugfix: logging to syslog stopped on local IP address changes.
+
+ *) Bugfix: nginx could not be built by clang with CUDA SDK installed;
+ the bug had appeared in 1.13.8.
+
+ *) Bugfix: "getsockopt(TCP_FASTOPEN) ... failed" messages might appear
+ in logs during binary upgrade when using unix domain listen sockets
+ on FreeBSD.
+
+ *) Bugfix: nginx could not be built on Fedora 28 Linux.
+
+ *) Bugfix: request processing rate might exceed configured rate when
+ using the "limit_req" directive.
+
+ *) Bugfix: in handling of client addresses when using unix domain listen
+ sockets to work with datagrams on Linux.
+
+ *) Bugfix: in memory allocation error handling.
Changes with nginx 1.13.12 10 Apr 2018
diff --git a/docs/CHANGES.ru b/docs/CHANGES.ru
index 3accd44..5d60f41 100644
--- a/docs/CHANGES.ru
+++ b/docs/CHANGES.ru
@@ -1,7 +1,271 @@
-Изменения в nginx 1.14.0 17.04.2018
+Изменения в nginx 1.16.1 13.08.2019
- *) Стабильная ветка 1.14.x.
+ *) Безопасность: при использовании HTTP/2 клиент мог вызвать чрезмерное
+ потребление памяти и ресурсов процессора (CVE-2019-9511,
+ CVE-2019-9513, CVE-2019-9516).
+
+
+Изменения в nginx 1.16.0 23.04.2019
+
+ *) Стабильная ветка 1.16.x.
+
+
+Изменения в nginx 1.15.12 16.04.2019
+
+ *) Исправление: в рабочем процессе мог произойти segmentation fault,
+ если в директивах ssl_certificate или ssl_certificate_key
+ использовались переменные и был включён OCSP stapling.
+
+
+Изменения в nginx 1.15.11 09.04.2019
+
+ *) Исправление: в директиве ssl_stapling_file на Windows.
+
+
+Изменения в nginx 1.15.10 26.03.2019
+
+ *) Изменение: теперь при использовании имени хоста в директиве listen
+ nginx создаёт listen-сокеты для всех адресов, соответствующих этому
+ имени (ранее использовался только первый адрес).
+
+ *) Добавление: диапазоны портов в директиве listen.
+
+ *) Добавление: возможность загрузки SSL-сертификатов и секретных ключей
+ из переменных.
+
+ *) Изменение: переменная $ssl_server_name могла быть пустой при
+ использовании OpenSSL 1.1.1.
+
+ *) Исправление: nginx/Windows не собирался с Visual Studio 2015 и новее;
+ ошибка появилась в 1.15.9.
+
+
+Изменения в nginx 1.15.9 26.02.2019
+
+ *) Добавление: директивы ssl_certificate и ssl_certificate_key
+ поддерживают переменные.
+
+ *) Добавление: метод poll теперь доступен на Windows при использовании
+ Windows Vista и новее.
+
+ *) Исправление: если при использовании метода select на Windows
+ происходила ошибка при установлении соединения с бэкендом, nginx
+ ожидал истечения таймаута на установление соединения.
+
+ *) Исправление: директивы proxy_upload_rate и proxy_download_rate в
+ модуле stream работали некорректно при проксировании UDP-пакетов.
+
+
+Изменения в nginx 1.15.8 25.12.2018
+
+ *) Добавление: переменная $upstream_bytes_sent.
+ Спасибо Piotr Sikora.
+
+ *) Добавление: новые директивы в скриптах подсветки синтаксиса для vim.
+ Спасибо Геннадию Махомеду.
+
+ *) Исправление: в директиве proxy_cache_background_update.
+
+ *) Исправление: в директиве geo при использовании unix domain
+ listen-сокетов.
+
+ *) Изменение: при использовании директивы ssl_early_data с OpenSSL в
+ логах могли появляться сообщения "ignoring stale global SSL error ...
+ bad length".
+
+ *) Исправление: в nginx/Windows.
+
+ *) Исправление: в модуле ngx_http_autoindex_module на 32-битных
+ платформах.
+
+
+Изменения в nginx 1.15.7 27.11.2018
+
+ *) Добавление: директива proxy_requests в модуле stream.
+
+ *) Добавление: параметр "delay" директивы "limit_req".
+ Спасибо Владиславу Шабанову и Петру Щучкину.
+
+ *) Исправление: утечки памяти в случае ошибок при переконфигурации.
+
+ *) Исправление: в переменных $upstream_response_time,
+ $upstream_connect_time и $upstream_header_time.
+
+ *) Исправление: в рабочем процессе мог произойти segmentation fault,
+ если использовался модуль ngx_http_mp4_module на 32-битных
+ платформах.
+
+
+Изменения в nginx 1.15.6 06.11.2018
+
+ *) Безопасность: при использовании HTTP/2 клиент мог вызвать чрезмерное
+ потреблению памяти (CVE-2018-16843) и ресурсов процессора
+ (CVE-2018-16844).
+
+ *) Безопасность: при обработке специально созданного mp4-файла модулем
+ ngx_http_mp4_module содержимое памяти рабочего процесса могло быть
+ отправлено клиенту (CVE-2018-16845).
+
+ *) Добавление: директивы proxy_socket_keepalive,
+ fastcgi_socket_keepalive, grpc_socket_keepalive,
+ memcached_socket_keepalive, scgi_socket_keepalive и
+ uwsgi_socket_keepalive.
+
+ *) Исправление: если nginx был собран с OpenSSL 1.1.0, а использовался с
+ OpenSSL 1.1.1, протокол TLS 1.3 всегда был разрешён.
+
+ *) Исправление: при работе с gRPC-бэкендами могло расходоваться большое
+ количество памяти.
+
+
+Изменения в nginx 1.15.5 02.10.2018
+
+ *) Исправление: при использовании OpenSSL 1.1.0h и новее в рабочем
+ процессе мог произойти segmentation fault; ошибка появилась в 1.15.4.
+
+ *) Исправление: незначительных потенциальных ошибок.
+
+
+Изменения в nginx 1.15.4 25.09.2018
+
+ *) Добавление: теперь директиву ssl_early_data можно использовать с
+ OpenSSL.
+
+ *) Исправление: в модуле ngx_http_uwsgi_module.
+ Спасибо Chris Caputo.
+
+ *) Исправление: соединения к некоторым gRPC-бэкендам могли не
+ кэшироваться при использовании директивы keepalive.
+
+ *) Исправление: при использовании директивы error_page для
+ перенаправления ошибок, возникающих на ранних этапах обработки
+ запроса, в частности ошибок с кодом 400, могла происходить утечка
+ сокетов.
+
+ *) Исправление: директива return при возврате ошибок не изменяла код
+ ответа, если запрос был перенаправлен с помощью директивы error_page.
+
+ *) Исправление: стандартные сообщения об ошибках и ответы модуля
+ ngx_http_autoindex_module содержали атрибут bgcolor, что могло
+ приводить к их некорректному отображению при использовании
+ пользовательских настроек цветов в браузерах.
+ Спасибо Nova DasSarma.
+
+ *) Изменение: уровень логгирования ошибок SSL "no suitable key share" и
+ "no suitable signature algorithm" понижен с уровня crit до info.
+
+
+Изменения в nginx 1.15.3 28.08.2018
+
+ *) Добавление: теперь TLSv1.3 можно использовать с BoringSSL.
+
+ *) Добавление: директива ssl_early_data, сейчас доступна при
+ использовании BoringSSL.
+
+ *) Добавление: директивы keepalive_timeout и keepalive_requests в блоке
+ upstream.
+
+ *) Исправление: модуль ngx_http_dav_module при копировании файла поверх
+ существующего файла с помощью метода COPY не обнулял целевой файл.
+
+ *) Исправление: модуль ngx_http_dav_module при перемещении файла между
+ файловыми системами с помощью метода MOVE устанавливал нулевые права
+ доступа на результирующий файл и не сохранял время изменения файла.
+
+ *) Исправление: модуль ngx_http_dav_module при копировании файла с
+ помощью метода COPY для результирующего файла использовал права
+ доступа по умолчанию.
+
+ *) Изменение: некоторые клиенты могли не работать при использовании
+ HTTP/2; ошибка появилась в 1.13.5.
+
+ *) Исправление: nginx не собирался с LibreSSL 2.8.0.
+
+
+Изменения в nginx 1.15.2 24.07.2018
+
+ *) Добавление: переменная $ssl_preread_protocol в модуле
+ ngx_stream_ssl_preread_module.
+
+ *) Добавление: теперь при использовании директивы
+ reset_timedout_connection nginx сбрасывает соединения, закрываемые с
+ кодом 444.
+
+ *) Изменение: уровень логгирования ошибок SSL "http request", "https
+ proxy request", "unsupported protocol" и "version too low" понижен с
+ уровня crit до info.
+
+ *) Исправление: запросы к DNS-серверу не отправлялись повторно, если при
+ первой попытке отправки происходила ошибка.
+
+ *) Исправление: параметр reuseport директивы listen игнорировался, если
+ количество рабочих процессов было задано после директивы listen.
+
+ *) Исправление: при использовании OpenSSL 1.1.0 и новее директиву
+ ssl_prefer_server_ciphers нельзя было выключить в виртуальном
+ сервере, если она была включена в сервере по умолчанию.
+
+ *) Исправление: повторное использование SSL-сессий к бэкендам не
+ работало с протоколом TLS 1.3.
+
+
+Изменения в nginx 1.15.1 03.07.2018
+
+ *) Добавление: директива random в блоке upstream.
+
+ *) Добавление: улучшена производительность при использовании директив
+ hash и ip_hash совместно с директивой zone.
+
+ *) Добавление: параметр reuseport директивы listen теперь использует
+ SO_REUSEPORT_LB на FreeBSD 12.
+
+ *) Исправление: HTTP/2 server push не работал, если SSL терминировался
+ прокси-сервером перед nginx'ом.
+
+ *) Исправление: директива tcp_nopush всегда использовалась для
+ соединений к бэкендам.
+
+ *) Исправление: при отправке сохранённого на диск тела запроса на
+ gRPC-бэкенд могли возникать ошибки.
+
+
+Изменения в nginx 1.15.0 05.06.2018
+
+ *) Изменение: директива "ssl" теперь считается устаревшей; вместо неё
+ следует использовать параметр ssl директивы listen.
+
+ *) Изменение: теперь при использовании директивы listen с параметром ssl
+ nginx определяет отсутствие SSL-сертификатов при тестировании
+ конфигурации.
+
+ *) Добавление: теперь модуль stream умеет обрабатывать несколько
+ входящих UDP-пакетов от клиента в рамках одной сессии.
+
+ *) Исправление: в директиве proxy_cache_valid можно было указать
+ некорректный код ответа.
+
+ *) Исправление: nginx не собирался gcc 8.1.
+
+ *) Исправление: логгирование в syslog останавливалось при изменении
+ локального IP-адреса.
+
+ *) Исправление: nginx не собирался компилятором clang, если был
+ установлен CUDA SDK; ошибка появилась в 1.13.8.
+
+ *) Исправление: при использовании unix domain listen-сокетов на FreeBSD
+ в процессе обновления исполняемого файла в логе могли появляться
+ сообщения "getsockopt(TCP_FASTOPEN) ... failed".
+
+ *) Исправление: nginx не собирался на Fedora 28 Linux.
+
+ *) Исправление: при использовании директивы limit_req заданная скорость
+ обработки запросов могла не соблюдаться.
+
+ *) Исправление: в обработке адресов клиентов при использовании unix
+ domain listen-сокетов для работы с датаграммами на Linux.
+
+ *) Исправление: в обработке ошибок выделения памяти.
Изменения в nginx 1.13.12 10.04.2018
diff --git a/docs/LICENSE b/docs/LICENSE
index 9401174..c63e0ba 100644
--- a/docs/LICENSE
+++ b/docs/LICENSE
@@ -1,6 +1,6 @@
/*
- * Copyright (C) 2002-2018 Igor Sysoev
- * Copyright (C) 2011-2018 Nginx, Inc.
+ * Copyright (C) 2002-2019 Igor Sysoev
+ * Copyright (C) 2011-2019 Nginx, Inc.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
diff --git a/docs/OpenSSL.LICENSE b/docs/OpenSSL.LICENSE
index b1fa6f9..9601ab4 100644
--- a/docs/OpenSSL.LICENSE
+++ b/docs/OpenSSL.LICENSE
@@ -4,22 +4,20 @@
The OpenSSL toolkit stays under a double license, i.e. both the conditions of
the OpenSSL License and the original SSLeay license apply to the toolkit.
- See below for the actual license texts. Actually both licenses are BSD-style
- Open Source licenses. In case of any license issues related to OpenSSL
- please contact openssl-core@openssl.org.
+ See below for the actual license texts.
OpenSSL License
---------------
/* ====================================================================
- * Copyright (c) 1998-2018 The OpenSSL Project. All rights reserved.
+ * Copyright (c) 1998-2019 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
+ * notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
@@ -74,21 +72,21 @@
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
- *
+ *
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
+ *
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
- *
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
@@ -103,10 +101,10 @@
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
+ * 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
+ *
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -118,7 +116,7 @@
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
- *
+ *
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
diff --git a/docs/PCRE.LICENCE b/docs/PCRE.LICENCE
index f6ef7fd..760a666 100644
--- a/docs/PCRE.LICENCE
+++ b/docs/PCRE.LICENCE
@@ -25,7 +25,7 @@ Email domain: cam.ac.uk
University of Cambridge Computing Service,
Cambridge, England.
-Copyright (c) 1997-2018 University of Cambridge
+Copyright (c) 1997-2019 University of Cambridge
All rights reserved.
@@ -34,9 +34,9 @@ PCRE JUST-IN-TIME COMPILATION SUPPORT
Written by: Zoltan Herczeg
Email local part: hzmester
-Emain domain: freemail.hu
+Email domain: freemail.hu
-Copyright(c) 2010-2018 Zoltan Herczeg
+Copyright(c) 2010-2019 Zoltan Herczeg
All rights reserved.
@@ -45,9 +45,9 @@ STACK-LESS JUST-IN-TIME COMPILER
Written by: Zoltan Herczeg
Email local part: hzmester
-Emain domain: freemail.hu
+Email domain: freemail.hu
-Copyright(c) 2009-2018 Zoltan Herczeg
+Copyright(c) 2009-2019 Zoltan Herczeg
All rights reserved.
diff --git a/html/50x.html b/html/50x.html
index f60f5e7..9071e0a 100644
--- a/html/50x.html
+++ b/html/50x.html
@@ -15,7 +15,7 @@
Sorry, the page you are looking for is currently unavailable.
Please try again later.
If you are the system administrator of this resource then you should check -the error log for details.
+the error log for details.Faithfully yours, nginx.