perf: update nginx to 1.16.1 and optimize configuration files

2025-05-29 01:49:17 +08:00 · 2020-04-16 21:13:34 +08:00 · 2020-04-16 21:13:34 +08:00 · ef8d815d52
commit ef8d815d52
parent 055cdfd8cf
12 changed files with 950 additions and 320 deletions
--- a/conf/nginx.conf
+++ b/conf/nginx.conf
@ -35,292 +35,5 @@ http {
    #gzip  on;
-    upstream www-pixiv-net { 
+    include pixiv.conf;
        server 210.140.131.223:443;
        server 210.140.131.225:443;
        server 210.140.131.220:443;
    }
    upstream sketch-pixiv-net { 
        server 210.140.174.37:443;
        server 210.140.170.179:443;
        server 210.140.175.130:443;
    }
    upstream sketch-hls-server {
        server 210.140.214.211:443;
        server 210.140.214.212:443;
        server 210.140.214.213:443;
    }
    upstream imgaz-pixiv-net { 
        server 210.140.131.145:443;
        server 210.140.131.144:443;
        server 210.140.131.147:443;
        server 210.140.131.153:443;
    }
    upstream i-pximg-net { 
        server 210.140.92.140:443;
        server 210.140.92.137:443;
        server 210.140.92.139:443;
        server 210.140.92.142:443;
        server 210.140.92.134:443;
        server 210.140.92.141:443;
        server 210.140.92.143:443;
        server 210.140.92.136:443; 
        server 210.140.92.138:443;
 	    server 210.140.92.144:443;
 	    server 210.140.92.145:443;
    }
    server {
        listen 80 default_server;  
        rewrite ^(.*) https://$host$1 permanent;
    }
    server {
        listen 443 ssl;
        server_name pixiv.net;
        server_name www.pixiv.net;
        server_name ssl.pixiv.net;
        server_name accounts.pixiv.net;
        server_name touch.pixiv.net;
        server_name oauth.secure.pixiv.net;
        ssl on;
        ssl_certificate ca/pixiv.net.crt;
        ssl_certificate_key ca/pixiv.net.key;
        client_max_body_size 50M;
    	location / {
            proxy_pass https://www-pixiv-net;
            proxy_set_header Host $http_host;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Real_IP $remote_addr;
            proxy_set_header User-Agent $http_user_agent;
            proxy_set_header Accept-Encoding ''; 
            proxy_buffering off;
        }
 	}
    server {
        listen 443 ssl;
        server_name i.pximg.net;
        ssl on;
        ssl_certificate ca/pixiv.net.crt;
        ssl_certificate_key ca/pixiv.net.key;
    	location / {
            proxy_pass https://i-pximg-net;
            proxy_set_header Host $http_host;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Real_IP $remote_addr;
            proxy_set_header User-Agent $http_user_agent;
            proxy_set_header Accept-Encoding ''; 
            proxy_buffering off;
        }
 	}
    server {
        listen 443 ssl;
        server_name sketch.pixiv.net;
        ssl on;
        ssl_certificate ca/pixiv.net.crt;
        ssl_certificate_key ca/pixiv.net.key;
    	location / {
            proxy_pass https://sketch-pixiv-net;
            proxy_set_header Host $http_host;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Real_IP $remote_addr;
            proxy_set_header User-Agent $http_user_agent;
            proxy_set_header Accept-Encoding ''; 
            proxy_buffering off;
        }
        # Proxying WebSockets
        location /ws/ {
            proxy_pass https://sketch-pixiv-net;
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "upgrade";
            proxy_set_header Host $host;
        }
 	}
    server {
        listen 443 ssl;
        server_name *.pixivsketch.net;
        ssl on;
        ssl_certificate ca/pixiv.net.crt;
        ssl_certificate_key ca/pixiv.net.key;
    	location / {
            proxy_pass https://sketch-hls-server;
            proxy_set_header Host $http_host;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Real_IP $remote_addr;
            proxy_set_header User-Agent $http_user_agent;
            proxy_set_header Accept-Encoding ''; 
            proxy_buffering off;
        }
 	}
    server {
        listen 443 ssl;
        server_name factory.pixiv.net;
        ssl on;
        ssl_certificate ca/pixiv.net.crt;
        ssl_certificate_key ca/pixiv.net.key;
    	location / {
            proxy_pass https://210.140.131.180/;
            proxy_set_header Host $http_host;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Real_IP $remote_addr;
            proxy_set_header User-Agent $http_user_agent;
            proxy_set_header Accept-Encoding ''; 
            proxy_buffering off;
        }
 	}
    server {
        listen 443 ssl;
        server_name dic.pixiv.net;
        server_name en-dic.pixiv.net;
        server_name sensei.pixiv.net;
        server_name fanbox.pixiv.net;
        server_name payment.pixiv.net.pixiv.net;
        ssl on;
        ssl_certificate ca/pixiv.net.crt;
        ssl_certificate_key ca/pixiv.net.key;
    	location / {
            proxy_pass https://210.140.131.222/;
            proxy_set_header Host $http_host;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Real_IP $remote_addr;
            proxy_set_header User-Agent $http_user_agent;
            proxy_set_header Accept-Encoding ''; 
            proxy_buffering off;
        }
 	}
    server {
        listen 443 ssl;
        server_name imgaz.pixiv.net;
        server_name comic.pixiv.net;
        server_name novel.pixiv.net;
        server_name source.pixiv.net;
        server_name i1.pixiv.net;
        server_name i2.pixiv.net;
        server_name i3.pixiv.net;
        server_name i4.pixiv.net;
        ssl on;
        ssl_certificate ca/pixiv.net.crt;
        ssl_certificate_key ca/pixiv.net.key;
    	location / {
            proxy_pass https://imgaz-pixiv-net;
            proxy_set_header Host $http_host;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Real_IP $remote_addr;
            proxy_set_header User-Agent $http_user_agent;
            proxy_set_header Accept-Encoding ''; 
            proxy_buffering off;
        }
 	}
    upstream wikipedia-server { 
        server 198.35.26.96:443;
        server 103.102.166.224:443;
    }
    server {
        listen 443 ssl;
        server_name *.wikipedia.org;
        server_name *.m.wikipedia.org;
        ssl on;
        ssl_certificate ca/pixiv.net.crt;
        ssl_certificate_key ca/pixiv.net.key;
    	location / {
            proxy_pass https://wikipedia-server/;
            proxy_set_header Host $http_host;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Real_IP $remote_addr;
            proxy_set_header User-Agent $http_user_agent;
            proxy_set_header Accept-Encoding ''; 
            proxy_buffering off;
        }
 	}
    server {
        listen 443 ssl;
        server_name *.steamcommunity.com;
        server_name steamcommunity.com;
        ssl on;
        ssl_certificate ca/pixiv.net.crt;
        ssl_certificate_key ca/pixiv.net.key;
    	location / {
            proxy_pass https://23.61.176.149/;
            proxy_set_header Host $http_host;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Real_IP $remote_addr;
            proxy_set_header User-Agent $http_user_agent;
            proxy_set_header Accept-Encoding ''; 
            proxy_buffering off;
        }
 	}
    server {
        listen 443 ssl;
        server_name *.steampowered.com;
        server_name steampowered.com;
        ssl on;
        ssl_certificate ca/pixiv.net.crt;
        ssl_certificate_key ca/pixiv.net.key;
    	location / {
            proxy_pass https://104.112.84.145/;
            proxy_set_header Host $http_host;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Real_IP $remote_addr;
            proxy_set_header User-Agent $http_user_agent;
            proxy_set_header Accept-Encoding ''; 
            proxy_buffering off;
        }
 	}
 	    server {
        listen 443 ssl;
        server_name *.archiveofourown.org;
        server_name archiveofourown.org;
        ssl on;
        ssl_certificate ca/pixiv.net.crt;
        ssl_certificate_key ca/pixiv.net.key;
    	location / {
            proxy_pass https://104.153.64.122/;
            proxy_set_header Host $http_host;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Real_IP $remote_addr;
            proxy_set_header User-Agent $http_user_agent;
            proxy_set_header Accept-Encoding ''; 
            proxy_buffering off;
        }
 	}
 }
--- a/conf/pixiv.conf
+++ b/conf/pixiv.conf
@ -0,0 +1,335 @@
 upstream www-pixiv-net { 
    #server 104.18.12.135:443;
    #server 104.18.13.135:443;
    server 210.140.131.223:443;
    server 210.140.131.225:443;
    server 210.140.131.220:443;
 }
 upstream account-pixiv-net { 
    server 210.140.131.226:443;
    server 210.140.131.218:443;
    server 210.140.131.222:443;
 }
 upstream sketch-pixiv-net { 
    server 210.140.174.37:443;
    server 210.140.170.179:443;
    server 210.140.175.130:443;
 }
 upstream sketch-hls-server {
    server 210.140.214.211:443;
    server 210.140.214.212:443;
    server 210.140.214.213:443;
 }
 upstream imgaz-pixiv-net { 
    server 210.140.131.145:443;
    server 210.140.131.144:443;
    server 210.140.131.147:443;
    server 210.140.131.153:443;
 }
 upstream i-pximg-net { 
    server 210.140.92.140:443;
    server 210.140.92.137:443;
    server 210.140.92.139:443;
    server 210.140.92.142:443;
    server 210.140.92.134:443;
    server 210.140.92.141:443;
    server 210.140.92.143:443;
    server 210.140.92.136:443; 
    server 210.140.92.138:443;
    server 210.140.92.144:443;
    server 210.140.92.145:443;
 }
 server {
    listen 80 default_server;  
    rewrite ^(.*) https://$host$1 permanent;
 }
 server {
    listen 443 ssl;
    server_name www.pixiv.net;
    ssl_certificate ca/pixiv.net.crt;
    ssl_certificate_key ca/pixiv.net.key;
    client_max_body_size 50M;
    location / {
        #proxy_ssl_server_name on;
        proxy_pass https://www-pixiv-net;
        proxy_set_header Host $http_host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Real_IP $remote_addr;
        proxy_set_header User-Agent $http_user_agent;
        proxy_set_header Accept-Encoding ''; 
        proxy_buffering off;
    }
 }
 server {
    listen 443 ssl;
    server_name pixiv.net;
    server_name ssl.pixiv.net;
    server_name accounts.pixiv.net;
    server_name touch.pixiv.net;
    server_name oauth.secure.pixiv.net;
    ssl_certificate ca/pixiv.net.crt;
    ssl_certificate_key ca/pixiv.net.key;
    client_max_body_size 50M;
    location / {
        proxy_pass https://account-pixiv-net;
        proxy_set_header Host $http_host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Real_IP $remote_addr;
        proxy_set_header User-Agent $http_user_agent;
        proxy_set_header Accept-Encoding ''; 
        proxy_buffering off;
    }
 }
 server {
    listen 443 ssl;
    server_name i.pximg.net;
    ssl_certificate ca/pixiv.net.crt;
    ssl_certificate_key ca/pixiv.net.key;
    location / {
        proxy_pass https://i-pximg-net;
        proxy_set_header Host $http_host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Real_IP $remote_addr;
        proxy_set_header User-Agent $http_user_agent;
        proxy_set_header Accept-Encoding ''; 
        proxy_buffering off;
    }
 }
 server {
    listen 443 ssl;
    server_name sketch.pixiv.net;
    ssl_certificate ca/pixiv.net.crt;
    ssl_certificate_key ca/pixiv.net.key;
    location / {
        proxy_pass https://sketch-pixiv-net;
        proxy_set_header Host $http_host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Real_IP $remote_addr;
        proxy_set_header User-Agent $http_user_agent;
        proxy_set_header Accept-Encoding ''; 
        proxy_buffering off;
    }
    # Proxying WebSockets
    location /ws/ {
        proxy_pass https://sketch-pixiv-net;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header Host $host;
    }
 }
 server {
    listen 443 ssl;
    server_name *.pixivsketch.net;
    ssl_certificate ca/pixiv.net.crt;
    ssl_certificate_key ca/pixiv.net.key;
    location / {
        proxy_pass https://sketch-hls-server;
        proxy_set_header Host $http_host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Real_IP $remote_addr;
        proxy_set_header User-Agent $http_user_agent;
        proxy_set_header Accept-Encoding ''; 
        proxy_buffering off;
    }
 }
 server {
    listen 443 ssl;
    server_name factory.pixiv.net;
    ssl_certificate ca/pixiv.net.crt;
    ssl_certificate_key ca/pixiv.net.key;
    location / {
        proxy_pass https://210.140.131.180/;
        proxy_set_header Host $http_host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Real_IP $remote_addr;
        proxy_set_header User-Agent $http_user_agent;
        proxy_set_header Accept-Encoding ''; 
        proxy_buffering off;
    }
 }
 server {
    listen 443 ssl;
    server_name dic.pixiv.net;
    server_name en-dic.pixiv.net;
    server_name sensei.pixiv.net;
    server_name fanbox.pixiv.net;
    server_name payment.pixiv.net.pixiv.net;
    ssl_certificate ca/pixiv.net.crt;
    ssl_certificate_key ca/pixiv.net.key;
    location / {
        proxy_pass https://210.140.131.222/;
        proxy_set_header Host $http_host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Real_IP $remote_addr;
        proxy_set_header User-Agent $http_user_agent;
        proxy_set_header Accept-Encoding ''; 
        proxy_buffering off;
    }
 }
 server {
    listen 443 ssl;
    server_name imgaz.pixiv.net;
    server_name comic.pixiv.net;
    server_name novel.pixiv.net;
    server_name source.pixiv.net;
    server_name i1.pixiv.net;
    server_name i2.pixiv.net;
    server_name i3.pixiv.net;
    server_name i4.pixiv.net;
    ssl_certificate ca/pixiv.net.crt;
    ssl_certificate_key ca/pixiv.net.key;
    location / {
        proxy_pass https://imgaz-pixiv-net;
        proxy_set_header Host $http_host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Real_IP $remote_addr;
        proxy_set_header User-Agent $http_user_agent;
        proxy_set_header Accept-Encoding ''; 
        proxy_buffering off;
    }
 }
 server {
    listen 443 ssl;
    server_name www.google.com;
    ssl_certificate ca/pixiv.net.crt;
    ssl_certificate_key ca/pixiv.net.key;
    location ^~ /recaptcha/ {
      rewrite ^(.*)$ https://www.recaptcha.net$1 break;
    }
    location / {
        default_type text/html;
        charset utf-8;
        return 200 'Pixiv-Nginx提醒：本工具默认代理了www.google.com，用于加载P站登陆时的验证码插件，如果你有方法正常访问www.google.com，并且不希望看到这个页面，那么将 <code>C:\Windows\System32\drivers\etc\hosts</code> 中 <code>127.0.0.1 www.google.com</code> 的那行记录删除即可。如果删除后刷新网页还是看到这个页面，请先清除一下浏览器缓存。';
    }
 }
 upstream wikipedia-server { 
    server 198.35.26.96:443;
    server 103.102.166.224:443;
 }
 server {
    listen 443 ssl;
    server_name *.wikipedia.org;
    server_name *.m.wikipedia.org;
    ssl_certificate ca/pixiv.net.crt;
    ssl_certificate_key ca/pixiv.net.key;
    location / {
        proxy_pass https://wikipedia-server/;
        proxy_set_header Host $http_host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Real_IP $remote_addr;
        proxy_set_header User-Agent $http_user_agent;
        proxy_set_header Accept-Encoding ''; 
        proxy_buffering off;
    }
 }
 server {
    listen 443 ssl;
    server_name *.steamcommunity.com;
    server_name steamcommunity.com;
    ssl_certificate ca/pixiv.net.crt;
    ssl_certificate_key ca/pixiv.net.key;
    location / {
        proxy_pass https://23.61.176.149/;
        proxy_set_header Host $http_host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Real_IP $remote_addr;
        proxy_set_header User-Agent $http_user_agent;
        proxy_set_header Accept-Encoding ''; 
        proxy_buffering off;
    }
 }
 server {
    listen 443 ssl;
    server_name *.steampowered.com;
    server_name steampowered.com;
    ssl_certificate ca/pixiv.net.crt;
    ssl_certificate_key ca/pixiv.net.key;
    location / {
        proxy_pass https://104.112.84.145/;
        proxy_set_header Host $http_host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Real_IP $remote_addr;
        proxy_set_header User-Agent $http_user_agent;
        proxy_set_header Accept-Encoding ''; 
        proxy_buffering off;
    }
 }
  server {
    listen 443 ssl;
    server_name *.archiveofourown.org;
    server_name archiveofourown.org;
    ssl_certificate ca/pixiv.net.crt;
    ssl_certificate_key ca/pixiv.net.key;
    location / {
        proxy_pass https://104.153.64.122/;
        proxy_set_header Host $http_host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Real_IP $remote_addr;
        proxy_set_header User-Agent $http_user_agent;
        proxy_set_header Accept-Encoding ''; 
        proxy_buffering off;
    }
 }
--- a/contrib/vim/syntax/nginx.vim
+++ b/contrib/vim/syntax/nginx.vim
@ -108,6 +108,7 @@ syn keyword ngxDirectiveControl contained set
 syn keyword ngxDirectiveError contained error_page
 syn keyword ngxDirectiveError contained post_action
 syn keyword ngxDirectiveDeprecated contained limit_zone
 syn keyword ngxDirectiveDeprecated contained proxy_downstream_buffer
 syn keyword ngxDirectiveDeprecated contained proxy_upstream_buffer
 syn keyword ngxDirectiveDeprecated contained spdy_chunk_size
@ -118,6 +119,7 @@ syn keyword ngxDirectiveDeprecated contained spdy_pool_size
 syn keyword ngxDirectiveDeprecated contained spdy_recv_buffer_size
 syn keyword ngxDirectiveDeprecated contained spdy_recv_timeout
 syn keyword ngxDirectiveDeprecated contained spdy_streams_index_size
 syn keyword ngxDirectiveDeprecated contained ssl
 syn keyword ngxDirectiveDeprecated contained upstream_conf
 syn keyword ngxDirective contained absolute_redirect
@ -136,6 +138,7 @@ syn keyword ngxDirective contained alias
 syn keyword ngxDirective contained allow
 syn keyword ngxDirective contained ancient_browser
 syn keyword ngxDirective contained ancient_browser_value
 syn keyword ngxDirective contained api
 syn keyword ngxDirective contained auth_basic
 syn keyword ngxDirective contained auth_basic_user_file
 syn keyword ngxDirective contained auth_http
@ -143,7 +146,11 @@ syn keyword ngxDirective contained auth_http_header
 syn keyword ngxDirective contained auth_http_pass_client_cert
 syn keyword ngxDirective contained auth_http_timeout
 syn keyword ngxDirective contained auth_jwt
 syn keyword ngxDirective contained auth_jwt_claim_set
 syn keyword ngxDirective contained auth_jwt_header_set
 syn keyword ngxDirective contained auth_jwt_key_file
 syn keyword ngxDirective contained auth_jwt_key_request
 syn keyword ngxDirective contained auth_jwt_leeway
 syn keyword ngxDirective contained auth_request
 syn keyword ngxDirective contained auth_request_set
 syn keyword ngxDirective contained autoindex
@ -229,6 +236,7 @@ syn keyword ngxDirective contained fastcgi_read_timeout
 syn keyword ngxDirective contained fastcgi_request_buffering
 syn keyword ngxDirective contained fastcgi_send_lowat
 syn keyword ngxDirective contained fastcgi_send_timeout
 syn keyword ngxDirective contained fastcgi_socket_keepalive
 syn keyword ngxDirective contained fastcgi_split_path_info
 syn keyword ngxDirective contained fastcgi_store
 syn keyword ngxDirective contained fastcgi_store_access
@ -255,6 +263,7 @@ syn keyword ngxDirective contained grpc_pass_header
 syn keyword ngxDirective contained grpc_read_timeout
 syn keyword ngxDirective contained grpc_send_timeout
 syn keyword ngxDirective contained grpc_set_header
 syn keyword ngxDirective contained grpc_socket_keepalive
 syn keyword ngxDirective contained grpc_ssl_certificate
 syn keyword ngxDirective contained grpc_ssl_certificate_key
 syn keyword ngxDirective contained grpc_ssl_ciphers
@ -330,6 +339,8 @@ syn keyword ngxDirective contained keepalive
 syn keyword ngxDirective contained keepalive_disable
 syn keyword ngxDirective contained keepalive_requests
 syn keyword ngxDirective contained keepalive_timeout
 syn keyword ngxDirective contained keyval
 syn keyword ngxDirective contained keyval_zone
 syn keyword ngxDirective contained kqueue_changes
 syn keyword ngxDirective contained kqueue_events
 syn keyword ngxDirective contained large_client_header_buffers
@ -367,6 +378,7 @@ syn keyword ngxDirective contained memcached_next_upstream_timeout
 syn keyword ngxDirective contained memcached_next_upstream_tries
 syn keyword ngxDirective contained memcached_read_timeout
 syn keyword ngxDirective contained memcached_send_timeout
 syn keyword ngxDirective contained memcached_socket_keepalive
 syn keyword ngxDirective contained merge_slashes
 syn keyword ngxDirective contained min_delete_depth
 syn keyword ngxDirective contained mirror
@ -375,9 +387,9 @@ syn keyword ngxDirective contained modern_browser
 syn keyword ngxDirective contained modern_browser_value
 syn keyword ngxDirective contained mp4
 syn keyword ngxDirective contained mp4_buffer_size
 syn keyword ngxDirective contained mp4_max_buffer_size
 syn keyword ngxDirective contained mp4_limit_rate
 syn keyword ngxDirective contained mp4_limit_rate_after
 syn keyword ngxDirective contained mp4_max_buffer_size
 syn keyword ngxDirective contained msie_padding
 syn keyword ngxDirective contained msie_refresh
 syn keyword ngxDirective contained multi_accept
@ -456,11 +468,13 @@ syn keyword ngxDirective contained proxy_protocol_timeout
 syn keyword ngxDirective contained proxy_read_timeout
 syn keyword ngxDirective contained proxy_redirect
 syn keyword ngxDirective contained proxy_request_buffering
 syn keyword ngxDirective contained proxy_requests
 syn keyword ngxDirective contained proxy_responses
 syn keyword ngxDirective contained proxy_send_lowat
 syn keyword ngxDirective contained proxy_send_timeout
 syn keyword ngxDirective contained proxy_set_body
 syn keyword ngxDirective contained proxy_set_header
 syn keyword ngxDirective contained proxy_socket_keepalive
 syn keyword ngxDirective contained proxy_ssl
 syn keyword ngxDirective contained proxy_ssl_certificate
 syn keyword ngxDirective contained proxy_ssl_certificate_key
@ -481,6 +495,7 @@ syn keyword ngxDirective contained proxy_temp_path
 syn keyword ngxDirective contained proxy_timeout
 syn keyword ngxDirective contained proxy_upload_rate
 syn keyword ngxDirective contained queue
 syn keyword ngxDirective contained random
 syn keyword ngxDirective contained random_index
 syn keyword ngxDirective contained read_ahead
 syn keyword ngxDirective contained real_ip_header
@ -533,6 +548,7 @@ syn keyword ngxDirective contained scgi_pass_request_headers
 syn keyword ngxDirective contained scgi_read_timeout
 syn keyword ngxDirective contained scgi_request_buffering
 syn keyword ngxDirective contained scgi_send_timeout
 syn keyword ngxDirective contained scgi_socket_keepalive
 syn keyword ngxDirective contained scgi_store
 syn keyword ngxDirective contained scgi_store_access
 syn keyword ngxDirective contained scgi_temp_file_write_size
@ -565,7 +581,6 @@ syn keyword ngxDirective contained ssi_min_file_chunk
 syn keyword ngxDirective contained ssi_silent_errors
 syn keyword ngxDirective contained ssi_types
 syn keyword ngxDirective contained ssi_value_length
 syn keyword ngxDirective contained ssl
 syn keyword ngxDirective contained ssl_buffer_size
 syn keyword ngxDirective contained ssl_certificate
 syn keyword ngxDirective contained ssl_certificate_key
@ -573,6 +588,7 @@ syn keyword ngxDirective contained ssl_ciphers
 syn keyword ngxDirective contained ssl_client_certificate
 syn keyword ngxDirective contained ssl_crl
 syn keyword ngxDirective contained ssl_dhparam
 syn keyword ngxDirective contained ssl_early_data
 syn keyword ngxDirective contained ssl_ecdh_curve
 syn keyword ngxDirective contained ssl_engine
 syn keyword ngxDirective contained ssl_handshake_timeout
@ -664,6 +680,7 @@ syn keyword ngxDirective contained uwsgi_pass_request_headers
 syn keyword ngxDirective contained uwsgi_read_timeout
 syn keyword ngxDirective contained uwsgi_request_buffering
 syn keyword ngxDirective contained uwsgi_send_timeout
 syn keyword ngxDirective contained uwsgi_socket_keepalive
 syn keyword ngxDirective contained uwsgi_ssl_certificate
 syn keyword ngxDirective contained uwsgi_ssl_certificate_key
 syn keyword ngxDirective contained uwsgi_ssl_ciphers
@ -701,6 +718,26 @@ syn keyword ngxDirective contained xslt_string_param
 syn keyword ngxDirective contained xslt_stylesheet
 syn keyword ngxDirective contained xslt_types
 syn keyword ngxDirective contained zone
 syn keyword ngxDirective contained zone_sync
 syn keyword ngxDirective contained zone_sync_buffers
 syn keyword ngxDirective contained zone_sync_connect_retry_interval
 syn keyword ngxDirective contained zone_sync_connect_timeout
 syn keyword ngxDirective contained zone_sync_interval
 syn keyword ngxDirective contained zone_sync_recv_buffer_size
 syn keyword ngxDirective contained zone_sync_server
 syn keyword ngxDirective contained zone_sync_ssl
 syn keyword ngxDirective contained zone_sync_ssl_certificate
 syn keyword ngxDirective contained zone_sync_ssl_certificate_key
 syn keyword ngxDirective contained zone_sync_ssl_ciphers
 syn keyword ngxDirective contained zone_sync_ssl_crl
 syn keyword ngxDirective contained zone_sync_ssl_name
 syn keyword ngxDirective contained zone_sync_ssl_password_file
 syn keyword ngxDirective contained zone_sync_ssl_protocols
 syn keyword ngxDirective contained zone_sync_ssl_server_name
 syn keyword ngxDirective contained zone_sync_ssl_trusted_certificate
 syn keyword ngxDirective contained zone_sync_ssl_verify
 syn keyword ngxDirective contained zone_sync_ssl_verify_depth
 syn keyword ngxDirective contained zone_sync_timeout
 " 3rd party modules list taken from
 " https://github.com/freebsd/freebsd-ports/blob/master/www/nginx-devel/Makefile
@ -876,6 +913,8 @@ syn keyword ngxDirectiveThirdParty contained more_set_input_headers
 " NGINX WebDAV missing commands support (PROPFIND & OPTIONS)
 " https://github.com/arut/nginx-dav-ext-module
 syn keyword ngxDirectiveThirdParty contained dav_ext_lock
 syn keyword ngxDirectiveThirdParty contained dav_ext_lock_zone
 syn keyword ngxDirectiveThirdParty contained dav_ext_methods
 " ngx_eval
@ -895,6 +934,7 @@ syn keyword ngxDirectiveThirdParty contained fancyindex_directories_first
 syn keyword ngxDirectiveThirdParty contained fancyindex_exact_size
 syn keyword ngxDirectiveThirdParty contained fancyindex_footer
 syn keyword ngxDirectiveThirdParty contained fancyindex_header
 syn keyword ngxDirectiveThirdParty contained fancyindex_hide_parent_dir
 syn keyword ngxDirectiveThirdParty contained fancyindex_hide_symlinks
 syn keyword ngxDirectiveThirdParty contained fancyindex_ignore
 syn keyword ngxDirectiveThirdParty contained fancyindex_localtime
@ -937,8 +977,17 @@ syn keyword ngxDirectiveThirdParty contained notice_type
 " nchan
 " https://github.com/slact/nchan
 syn keyword ngxDirectiveThirdParty contained nchan_access_control_allow_credentials
 syn keyword ngxDirectiveThirdParty contained nchan_access_control_allow_origin
 syn keyword ngxDirectiveThirdParty contained nchan_authorize_request
 syn keyword ngxDirectiveThirdParty contained nchan_benchmark
 syn keyword ngxDirectiveThirdParty contained nchan_benchmark_channels
 syn keyword ngxDirectiveThirdParty contained nchan_benchmark_message_padding_bytes
 syn keyword ngxDirectiveThirdParty contained nchan_benchmark_messages_per_channel_per_minute
 syn keyword ngxDirectiveThirdParty contained nchan_benchmark_publisher_distribution
 syn keyword ngxDirectiveThirdParty contained nchan_benchmark_subscriber_distribution
 syn keyword ngxDirectiveThirdParty contained nchan_benchmark_subscribers_per_channel
 syn keyword ngxDirectiveThirdParty contained nchan_benchmark_time
 syn keyword ngxDirectiveThirdParty contained nchan_channel_event_string
 syn keyword ngxDirectiveThirdParty contained nchan_channel_events_channel_id
 syn keyword ngxDirectiveThirdParty contained nchan_channel_group
@ -974,15 +1023,19 @@ syn keyword ngxDirectiveThirdParty contained nchan_publisher_upstream_request
 syn keyword ngxDirectiveThirdParty contained nchan_pubsub
 syn keyword ngxDirectiveThirdParty contained nchan_pubsub_channel_id
 syn keyword ngxDirectiveThirdParty contained nchan_pubsub_location
 syn keyword ngxDirectiveThirdParty contained nchan_redis_connect_timeout
 syn keyword ngxDirectiveThirdParty contained nchan_redis_fakesub_timer_interval
 syn keyword ngxDirectiveThirdParty contained nchan_redis_idle_channel_cache_timeout
 syn keyword ngxDirectiveThirdParty contained nchan_redis_namespace
 syn keyword ngxDirectiveThirdParty contained nchan_redis_nostore_fastpublish
 syn keyword ngxDirectiveThirdParty contained nchan_redis_optimize_target
 syn keyword ngxDirectiveThirdParty contained nchan_redis_pass
 syn keyword ngxDirectiveThirdParty contained nchan_redis_pass_inheritable
 syn keyword ngxDirectiveThirdParty contained nchan_redis_ping_interval
 syn keyword ngxDirectiveThirdParty contained nchan_redis_publish_msgpacked_max_size
 syn keyword ngxDirectiveThirdParty contained nchan_redis_server
 syn keyword ngxDirectiveThirdParty contained nchan_redis_storage_mode
 syn keyword ngxDirectiveThirdParty contained nchan_redis_subscribe_weights
 syn keyword ngxDirectiveThirdParty contained nchan_redis_url
 syn keyword ngxDirectiveThirdParty contained nchan_redis_wait_after_connecting
 syn keyword ngxDirectiveThirdParty contained nchan_shared_memory_size
@ -1280,6 +1333,7 @@ syn keyword ngxDirectiveThirdParty contained lua_package_cpath
 syn keyword ngxDirectiveThirdParty contained lua_package_path
 syn keyword ngxDirectiveThirdParty contained lua_regex_cache_max_entries
 syn keyword ngxDirectiveThirdParty contained lua_regex_match_limit
 syn keyword ngxDirectiveThirdParty contained lua_sa_restart
 syn keyword ngxDirectiveThirdParty contained lua_shared_dict
 syn keyword ngxDirectiveThirdParty contained lua_socket_buffer_size
 syn keyword ngxDirectiveThirdParty contained lua_socket_connect_timeout
@ -1355,9 +1409,15 @@ syn keyword ngxDirectiveThirdParty contained rules_enabled
 " https://www.phusionpassenger.com/library/config/nginx/reference/
 syn keyword ngxDirectiveThirdParty contained passenger_abort_on_startup_error
 syn keyword ngxDirectiveThirdParty contained passenger_abort_websockets_on_process_shutdown
 syn keyword ngxDirectiveThirdParty contained passenger_admin_panel_auth_type
 syn keyword ngxDirectiveThirdParty contained passenger_admin_panel_password
 syn keyword ngxDirectiveThirdParty contained passenger_admin_panel_url
 syn keyword ngxDirectiveThirdParty contained passenger_admin_panel_username
 syn keyword ngxDirectiveThirdParty contained passenger_anonymous_telemetry_proxy
 syn keyword ngxDirectiveThirdParty contained passenger_app_env
 syn keyword ngxDirectiveThirdParty contained passenger_app_file_descriptor_ulimit
 syn keyword ngxDirectiveThirdParty contained passenger_app_group_name
 syn keyword ngxDirectiveThirdParty contained passenger_app_log_file
 syn keyword ngxDirectiveThirdParty contained passenger_app_rights
 syn keyword ngxDirectiveThirdParty contained passenger_app_root
 syn keyword ngxDirectiveThirdParty contained passenger_app_type
@ -1373,8 +1433,10 @@ syn keyword ngxDirectiveThirdParty contained passenger_data_buffer_dir
 syn keyword ngxDirectiveThirdParty contained passenger_debugger
 syn keyword ngxDirectiveThirdParty contained passenger_default_group
 syn keyword ngxDirectiveThirdParty contained passenger_default_user
 syn keyword ngxDirectiveThirdParty contained passenger_disable_anonymous_telemetry
 syn keyword ngxDirectiveThirdParty contained passenger_disable_security_update_check
 syn keyword ngxDirectiveThirdParty contained passenger_document_root
 syn keyword ngxDirectiveThirdParty contained passenger_dump_config_manifest
 syn keyword ngxDirectiveThirdParty contained passenger_enabled
 syn keyword ngxDirectiveThirdParty contained passenger_env_var
 syn keyword ngxDirectiveThirdParty contained passenger_file_descriptor_log_file
@ -1402,6 +1464,7 @@ syn keyword ngxDirectiveThirdParty contained passenger_max_requests
 syn keyword ngxDirectiveThirdParty contained passenger_memory_limit
 syn keyword ngxDirectiveThirdParty contained passenger_meteor_app_settings
 syn keyword ngxDirectiveThirdParty contained passenger_min_instances
 syn keyword ngxDirectiveThirdParty contained passenger_monitor_log_file
 syn keyword ngxDirectiveThirdParty contained passenger_nodejs
 syn keyword ngxDirectiveThirdParty contained passenger_pass_header
 syn keyword ngxDirectiveThirdParty contained passenger_pool_idle_time
@ -1778,6 +1841,8 @@ syn keyword ngxDirectiveThirdParty contained vhost_traffic_status_filter
 syn keyword ngxDirectiveThirdParty contained vhost_traffic_status_filter_by_host
 syn keyword ngxDirectiveThirdParty contained vhost_traffic_status_filter_by_set_key
 syn keyword ngxDirectiveThirdParty contained vhost_traffic_status_filter_check_duplicate
 syn keyword ngxDirectiveThirdParty contained vhost_traffic_status_filter_max_node
 syn keyword ngxDirectiveThirdParty contained vhost_traffic_status_histogram_buckets
 syn keyword ngxDirectiveThirdParty contained vhost_traffic_status_limit
 syn keyword ngxDirectiveThirdParty contained vhost_traffic_status_limit_check_duplicate
 syn keyword ngxDirectiveThirdParty contained vhost_traffic_status_limit_traffic
@ -1899,11 +1964,11 @@ syn keyword ngxDirectiveThirdParty contained form_auth_remote_user
 " ngx_http_accounting_module
 " https://github.com/Lax/ngx_http_accounting_module
-syn keyword ngxDirectiveThirdParty contained http_accounting
+syn keyword ngxDirectiveThirdParty contained accounting
-syn keyword ngxDirectiveThirdParty contained http_accounting_id
+syn keyword ngxDirectiveThirdParty contained accounting_id
-syn keyword ngxDirectiveThirdParty contained http_accounting_interval
+syn keyword ngxDirectiveThirdParty contained accounting_interval
-syn keyword ngxDirectiveThirdParty contained http_accounting_log
+syn keyword ngxDirectiveThirdParty contained accounting_log
-syn keyword ngxDirectiveThirdParty contained http_accounting_perturb
+syn keyword ngxDirectiveThirdParty contained accounting_perturb
 " concatenating files in a given context: CSS and JS files usually
 " https://github.com/alibaba/nginx-http-concat
--- a/docs/CHANGES
+++ b/docs/CHANGES
@ -1,7 +1,263 @@
-Changes with nginx 1.14.0                                        17 Apr 2018
+Changes with nginx 1.16.1                                        13 Aug 2019
-    *) 1.14.x stable branch.
+    *) Security: when using HTTP/2 a client might cause excessive memory
       consumption and CPU usage (CVE-2019-9511, CVE-2019-9513,
       CVE-2019-9516).
 Changes with nginx 1.16.0                                        23 Apr 2019
    *) 1.16.x stable branch.
 Changes with nginx 1.15.12                                       16 Apr 2019
    *) Bugfix: a segmentation fault might occur in a worker process if
       variables were used in the "ssl_certificate" or "ssl_certificate_key"
       directives and OCSP stapling was enabled.
 Changes with nginx 1.15.11                                       09 Apr 2019
    *) Bugfix: in the "ssl_stapling_file" directive on Windows.
 Changes with nginx 1.15.10                                       26 Mar 2019
    *) Change: when using a hostname in the "listen" directive nginx now
       creates listening sockets for all addresses the hostname resolves to
       (previously, only the first address was used).
    *) Feature: port ranges in the "listen" directive.
    *) Feature: loading of SSL certificates and secret keys from variables.
    *) Workaround: the $ssl_server_name variable might be empty when using
       OpenSSL 1.1.1.
    *) Bugfix: nginx/Windows could not be built with Visual Studio 2015 or
       newer; the bug had appeared in 1.15.9.
 Changes with nginx 1.15.9                                        26 Feb 2019
    *) Feature: variables support in the "ssl_certificate" and
       "ssl_certificate_key" directives.
    *) Feature: the "poll" method is now available on Windows when using
       Windows Vista or newer.
    *) Bugfix: if the "select" method was used on Windows and an error
       occurred while establishing a backend connection, nginx waited for
       the connection establishment timeout to expire.
    *) Bugfix: the "proxy_upload_rate" and "proxy_download_rate" directives
       in the stream module worked incorrectly when proxying UDP datagrams.
 Changes with nginx 1.15.8                                        25 Dec 2018
    *) Feature: the $upstream_bytes_sent variable.
       Thanks to Piotr Sikora.
    *) Feature: new directives in vim syntax highlighting scripts.
       Thanks to Gena Makhomed.
    *) Bugfix: in the "proxy_cache_background_update" directive.
    *) Bugfix: in the "geo" directive when using unix domain listen sockets.
    *) Workaround: the "ignoring stale global SSL error ... bad length"
       alerts might appear in logs when using the "ssl_early_data" directive
       with OpenSSL.
    *) Bugfix: in nginx/Windows.
    *) Bugfix: in the ngx_http_autoindex_module on 32-bit platforms.
 Changes with nginx 1.15.7                                        27 Nov 2018
    *) Feature: the "proxy_requests" directive in the stream module.
    *) Feature: the "delay" parameter of the "limit_req" directive.
       Thanks to Vladislav Shabanov and Peter Shchuchkin.
    *) Bugfix: memory leak on errors during reconfiguration.
    *) Bugfix: in the $upstream_response_time, $upstream_connect_time, and
       $upstream_header_time variables.
    *) Bugfix: a segmentation fault might occur in a worker process if the
       ngx_http_mp4_module was used on 32-bit platforms.
 Changes with nginx 1.15.6                                        06 Nov 2018
    *) Security: when using HTTP/2 a client might cause excessive memory
       consumption (CVE-2018-16843) and CPU usage (CVE-2018-16844).
    *) Security: processing of a specially crafted mp4 file with the
       ngx_http_mp4_module might result in worker process memory disclosure
       (CVE-2018-16845).
    *) Feature: the "proxy_socket_keepalive", "fastcgi_socket_keepalive",
       "grpc_socket_keepalive", "memcached_socket_keepalive",
       "scgi_socket_keepalive", and "uwsgi_socket_keepalive" directives.
    *) Bugfix: if nginx was built with OpenSSL 1.1.0 and used with OpenSSL
       1.1.1, the TLS 1.3 protocol was always enabled.
    *) Bugfix: working with gRPC backends might result in excessive memory
       consumption.
 Changes with nginx 1.15.5                                        02 Oct 2018
    *) Bugfix: a segmentation fault might occur in a worker process when
       using OpenSSL 1.1.0h or newer; the bug had appeared in 1.15.4.
    *) Bugfix: of minor potential bugs.
 Changes with nginx 1.15.4                                        25 Sep 2018
    *) Feature: now the "ssl_early_data" directive can be used with OpenSSL.
    *) Bugfix: in the ngx_http_uwsgi_module.
       Thanks to Chris Caputo.
    *) Bugfix: connections with some gRPC backends might not be cached when
       using the "keepalive" directive.
    *) Bugfix: a socket leak might occur when using the "error_page"
       directive to redirect early request processing errors, notably errors
       with code 400.
    *) Bugfix: the "return" directive did not change the response code when
       returning errors if the request was redirected by the "error_page"
       directive.
    *) Bugfix: standard error pages and responses of the
       ngx_http_autoindex_module module used the "bgcolor" attribute, and
       might be displayed incorrectly when using custom color settings in
       browsers.
       Thanks to Nova DasSarma.
    *) Change: the logging level of the "no suitable key share" and "no
       suitable signature algorithm" SSL errors has been lowered from "crit"
       to "info".
 Changes with nginx 1.15.3                                        28 Aug 2018
    *) Feature: now TLSv1.3 can be used with BoringSSL.
    *) Feature: the "ssl_early_data" directive, currently available with
       BoringSSL.
    *) Feature: the "keepalive_timeout" and "keepalive_requests" directives
       in the "upstream" block.
    *) Bugfix: the ngx_http_dav_module did not truncate destination file
       when copying a file over an existing one with the COPY method.
    *) Bugfix: the ngx_http_dav_module used zero access rights on the
       destination file and did not preserve file modification time when
       moving a file between different file systems with the MOVE method.
    *) Bugfix: the ngx_http_dav_module used default access rights when
       copying a file with the COPY method.
    *) Workaround: some clients might not work when using HTTP/2; the bug
       had appeared in 1.13.5.
    *) Bugfix: nginx could not be built with LibreSSL 2.8.0.
 Changes with nginx 1.15.2                                        24 Jul 2018
    *) Feature: the $ssl_preread_protocol variable in the
       ngx_stream_ssl_preread_module.
    *) Feature: now when using the "reset_timedout_connection" directive
       nginx will reset connections being closed with the 444 code.
    *) Change: a logging level of the "http request", "https proxy request",
       "unsupported protocol", and "version too low" SSL errors has been
       lowered from "crit" to "info".
    *) Bugfix: DNS requests were not resent if initial sending of a request
       failed.
    *) Bugfix: the "reuseport" parameter of the "listen" directive was
       ignored if the number of worker processes was specified after the
       "listen" directive.
    *) Bugfix: when using OpenSSL 1.1.0 or newer it was not possible to
       switch off "ssl_prefer_server_ciphers" in a virtual server if it was
       switched on in the default server.
    *) Bugfix: SSL session reuse with upstream servers did not work with the
       TLS 1.3 protocol.
 Changes with nginx 1.15.1                                        03 Jul 2018
    *) Feature: the "random" directive inside the "upstream" block.
    *) Feature: improved performance when using the "hash" and "ip_hash"
       directives with the "zone" directive.
    *) Feature: the "reuseport" parameter of the "listen" directive now uses
       SO_REUSEPORT_LB on FreeBSD 12.
    *) Bugfix: HTTP/2 server push did not work if SSL was terminated by a
       proxy server in front of nginx.
    *) Bugfix: the "tcp_nopush" directive was always used on backend
       connections.
    *) Bugfix: sending a disk-buffered request body to a gRPC backend might
       fail.
 Changes with nginx 1.15.0                                        05 Jun 2018
    *) Change: the "ssl" directive is deprecated; the "ssl" parameter of the
       "listen" directive should be used instead.
    *) Change: now nginx detects missing SSL certificates during
       configuration testing when using the "ssl" parameter of the "listen"
       directive.
    *) Feature: now the stream module can handle multiple incoming UDP
       datagrams from a client within a single session.
    *) Bugfix: it was possible to specify an incorrect response code in the
       "proxy_cache_valid" directive.
    *) Bugfix: nginx could not be built by gcc 8.1.
    *) Bugfix: logging to syslog stopped on local IP address changes.
    *) Bugfix: nginx could not be built by clang with CUDA SDK installed;
       the bug had appeared in 1.13.8.
    *) Bugfix: "getsockopt(TCP_FASTOPEN) ... failed" messages might appear
       in logs during binary upgrade when using unix domain listen sockets
       on FreeBSD.
    *) Bugfix: nginx could not be built on Fedora 28 Linux.
    *) Bugfix: request processing rate might exceed configured rate when
       using the "limit_req" directive.
    *) Bugfix: in handling of client addresses when using unix domain listen
       sockets to work with datagrams on Linux.
    *) Bugfix: in memory allocation error handling.
 Changes with nginx 1.13.12                                       10 Apr 2018
--- a/docs/CHANGES.ru
+++ b/docs/CHANGES.ru
@ -1,7 +1,271 @@
-Изменения в nginx 1.14.0                                          17.04.2018
+Изменения в nginx 1.16.1                                          13.08.2019
-    *) Стабильная ветка 1.14.x.
+    *) Безопасность: при использовании HTTP/2 клиент мог вызвать чрезмерное
       потребление памяти и ресурсов процессора (CVE-2019-9511,
       CVE-2019-9513, CVE-2019-9516).
 Изменения в nginx 1.16.0                                          23.04.2019
    *) Стабильная ветка 1.16.x.
 Изменения в nginx 1.15.12                                         16.04.2019
    *) Исправление: в рабочем процессе мог произойти segmentation fault,
       если в директивах ssl_certificate или ssl_certificate_key
       использовались переменные и был включён OCSP stapling.
 Изменения в nginx 1.15.11                                         09.04.2019
    *) Исправление: в директиве ssl_stapling_file на Windows.
 Изменения в nginx 1.15.10                                         26.03.2019
    *) Изменение: теперь при использовании имени хоста в директиве listen
       nginx создаёт listen-сокеты для всех адресов, соответствующих этому
       имени (ранее использовался только первый адрес).
    *) Добавление: диапазоны портов в директиве listen.
    *) Добавление: возможность загрузки SSL-сертификатов и секретных ключей
       из переменных.
    *) Изменение: переменная $ssl_server_name могла быть пустой при
       использовании OpenSSL 1.1.1.
    *) Исправление: nginx/Windows не собирался с Visual Studio 2015 и новее;
       ошибка появилась в 1.15.9.
 Изменения в nginx 1.15.9                                          26.02.2019
    *) Добавление: директивы ssl_certificate и ssl_certificate_key
       поддерживают переменные.
    *) Добавление: метод poll теперь доступен на Windows при использовании
       Windows Vista и новее.
    *) Исправление: если при использовании метода select на Windows
       происходила ошибка при установлении соединения с бэкендом, nginx
       ожидал истечения таймаута на установление соединения.
    *) Исправление: директивы proxy_upload_rate и proxy_download_rate в
       модуле stream работали некорректно при проксировании UDP-пакетов.
 Изменения в nginx 1.15.8                                          25.12.2018
    *) Добавление: переменная $upstream_bytes_sent.
       Спасибо Piotr Sikora.
    *) Добавление: новые директивы в скриптах подсветки синтаксиса для vim.
       Спасибо Геннадию Махомеду.
    *) Исправление: в директиве proxy_cache_background_update.
    *) Исправление: в директиве geo при использовании unix domain
       listen-сокетов.
    *) Изменение: при использовании директивы ssl_early_data с OpenSSL в
       логах могли появляться сообщения "ignoring stale global SSL error ...
       bad length".
    *) Исправление: в nginx/Windows.
    *) Исправление: в модуле ngx_http_autoindex_module на 32-битных
       платформах.
 Изменения в nginx 1.15.7                                          27.11.2018
    *) Добавление: директива proxy_requests в модуле stream.
    *) Добавление: параметр "delay" директивы "limit_req".
       Спасибо Владиславу Шабанову и Петру Щучкину.
    *) Исправление: утечки памяти в случае ошибок при переконфигурации.
    *) Исправление: в переменных $upstream_response_time,
       $upstream_connect_time и $upstream_header_time.
    *) Исправление: в рабочем процессе мог произойти segmentation fault,
       если использовался модуль ngx_http_mp4_module на 32-битных
       платформах.
 Изменения в nginx 1.15.6                                          06.11.2018
    *) Безопасность: при использовании HTTP/2 клиент мог вызвать чрезмерное
       потреблению памяти (CVE-2018-16843) и ресурсов процессора
       (CVE-2018-16844).
    *) Безопасность: при обработке специально созданного mp4-файла модулем
       ngx_http_mp4_module содержимое памяти рабочего процесса могло быть
       отправлено клиенту (CVE-2018-16845).
    *) Добавление: директивы proxy_socket_keepalive,
       fastcgi_socket_keepalive, grpc_socket_keepalive,
       memcached_socket_keepalive, scgi_socket_keepalive и
       uwsgi_socket_keepalive.
    *) Исправление: если nginx был собран с OpenSSL 1.1.0, а использовался с
       OpenSSL 1.1.1, протокол TLS 1.3 всегда был разрешён.
    *) Исправление: при работе с gRPC-бэкендами могло расходоваться большое
       количество памяти.
 Изменения в nginx 1.15.5                                          02.10.2018
    *) Исправление: при использовании OpenSSL 1.1.0h и новее в рабочем
       процессе мог произойти segmentation fault; ошибка появилась в 1.15.4.
    *) Исправление: незначительных потенциальных ошибок.
 Изменения в nginx 1.15.4                                          25.09.2018
    *) Добавление: теперь директиву ssl_early_data можно использовать с
       OpenSSL.
    *) Исправление: в модуле ngx_http_uwsgi_module.
       Спасибо Chris Caputo.
    *) Исправление: соединения к некоторым gRPC-бэкендам могли не
       кэшироваться при использовании директивы keepalive.
    *) Исправление: при использовании директивы error_page для
       перенаправления ошибок, возникающих на ранних этапах обработки
       запроса, в частности ошибок с кодом 400, могла происходить утечка
       сокетов.
    *) Исправление: директива return при возврате ошибок не изменяла код
       ответа, если запрос был перенаправлен с помощью директивы error_page.
    *) Исправление: стандартные сообщения об ошибках и ответы модуля
       ngx_http_autoindex_module содержали атрибут bgcolor, что могло
       приводить к их некорректному отображению при использовании
       пользовательских настроек цветов в браузерах.
       Спасибо Nova DasSarma.
    *) Изменение: уровень логгирования ошибок SSL "no suitable key share" и
       "no suitable signature algorithm" понижен с уровня crit до info.
 Изменения в nginx 1.15.3                                          28.08.2018
    *) Добавление: теперь TLSv1.3 можно использовать с BoringSSL.
    *) Добавление: директива ssl_early_data, сейчас доступна при
       использовании BoringSSL.
    *) Добавление: директивы keepalive_timeout и keepalive_requests в блоке
       upstream.
    *) Исправление: модуль ngx_http_dav_module при копировании файла поверх
       существующего файла с помощью метода COPY не обнулял целевой файл.
    *) Исправление: модуль ngx_http_dav_module при перемещении файла между
       файловыми системами с помощью метода MOVE устанавливал нулевые права
       доступа на результирующий файл и не сохранял время изменения файла.
    *) Исправление: модуль ngx_http_dav_module при копировании файла с
       помощью метода COPY для результирующего файла использовал права
       доступа по умолчанию.
    *) Изменение: некоторые клиенты могли не работать при использовании
       HTTP/2; ошибка появилась в 1.13.5.
    *) Исправление: nginx не собирался с LibreSSL 2.8.0.
 Изменения в nginx 1.15.2                                          24.07.2018
    *) Добавление: переменная $ssl_preread_protocol в модуле
       ngx_stream_ssl_preread_module.
    *) Добавление: теперь при использовании директивы
       reset_timedout_connection nginx сбрасывает соединения, закрываемые с
       кодом 444.
    *) Изменение: уровень логгирования ошибок SSL "http request", "https
       proxy request", "unsupported protocol" и "version too low" понижен с
       уровня crit до info.
    *) Исправление: запросы к DNS-серверу не отправлялись повторно, если при
       первой попытке отправки происходила ошибка.
    *) Исправление: параметр reuseport директивы listen игнорировался, если
       количество рабочих процессов было задано после директивы listen.
    *) Исправление: при использовании OpenSSL 1.1.0 и новее директиву
       ssl_prefer_server_ciphers нельзя было выключить в виртуальном
       сервере, если она была включена в сервере по умолчанию.
    *) Исправление: повторное использование SSL-сессий к бэкендам не
       работало с протоколом TLS 1.3.
 Изменения в nginx 1.15.1                                          03.07.2018
    *) Добавление: директива random в блоке upstream.
    *) Добавление: улучшена производительность при использовании директив
       hash и ip_hash совместно с директивой zone.
    *) Добавление: параметр reuseport директивы listen теперь использует
       SO_REUSEPORT_LB на FreeBSD 12.
    *) Исправление: HTTP/2 server push не работал, если SSL терминировался
       прокси-сервером перед nginx'ом.
    *) Исправление: директива tcp_nopush всегда использовалась для
       соединений к бэкендам.
    *) Исправление: при отправке сохранённого на диск тела запроса на
       gRPC-бэкенд могли возникать ошибки.
 Изменения в nginx 1.15.0                                          05.06.2018
    *) Изменение: директива "ssl" теперь считается устаревшей; вместо неё
       следует использовать параметр ssl директивы listen.
    *) Изменение: теперь при использовании директивы listen с параметром ssl
       nginx определяет отсутствие SSL-сертификатов при тестировании
       конфигурации.
    *) Добавление: теперь модуль stream умеет обрабатывать несколько
       входящих UDP-пакетов от клиента в рамках одной сессии.
    *) Исправление: в директиве proxy_cache_valid можно было указать
       некорректный код ответа.
    *) Исправление: nginx не собирался gcc 8.1.
    *) Исправление: логгирование в syslog останавливалось при изменении
       локального IP-адреса.
    *) Исправление: nginx не собирался компилятором clang, если был
       установлен CUDA SDK; ошибка появилась в 1.13.8.
    *) Исправление: при использовании unix domain listen-сокетов на FreeBSD
       в процессе обновления исполняемого файла в логе могли появляться
       сообщения "getsockopt(TCP_FASTOPEN) ... failed".
    *) Исправление: nginx не собирался на Fedora 28 Linux.
    *) Исправление: при использовании директивы limit_req заданная скорость
       обработки запросов могла не соблюдаться.
    *) Исправление: в обработке адресов клиентов при использовании unix
       domain listen-сокетов для работы с датаграммами на Linux.
    *) Исправление: в обработке ошибок выделения памяти.
 Изменения в nginx 1.13.12                                         10.04.2018
--- a/docs/LICENSE
+++ b/docs/LICENSE
@ -1,6 +1,6 @@
 /* 
- * Copyright (C) 2002-2018 Igor Sysoev
+ * Copyright (C) 2002-2019 Igor Sysoev
- * Copyright (C) 2011-2018 Nginx, Inc.
+ * Copyright (C) 2011-2019 Nginx, Inc.
 * All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
--- a/docs/OpenSSL.LICENSE
+++ b/docs/OpenSSL.LICENSE
@ -4,15 +4,13 @@
  The OpenSSL toolkit stays under a double license, i.e. both the conditions of
  the OpenSSL License and the original SSLeay license apply to the toolkit.
-  See below for the actual license texts. Actually both licenses are BSD-style
+  See below for the actual license texts.
  Open Source licenses. In case of any license issues related to OpenSSL
  please contact openssl-core@openssl.org.
  OpenSSL License
  ---------------
 /* ====================================================================
- * Copyright (c) 1998-2018 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1998-2019 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
--- a/docs/PCRE.LICENCE
+++ b/docs/PCRE.LICENCE
@ -25,7 +25,7 @@ Email domain:     cam.ac.uk
 University of Cambridge Computing Service,
 Cambridge, England.
-Copyright (c) 1997-2018 University of Cambridge
+Copyright (c) 1997-2019 University of Cambridge
 All rights reserved.
@ -34,9 +34,9 @@ PCRE JUST-IN-TIME COMPILATION SUPPORT
 Written by:       Zoltan Herczeg
 Email local part: hzmester
-Emain domain:     freemail.hu
+Email domain:     freemail.hu
-Copyright(c) 2010-2018 Zoltan Herczeg
+Copyright(c) 2010-2019 Zoltan Herczeg
 All rights reserved.
@ -45,9 +45,9 @@ STACK-LESS JUST-IN-TIME COMPILER
 Written by:       Zoltan Herczeg
 Email local part: hzmester
-Emain domain:     freemail.hu
+Email domain:     freemail.hu
-Copyright(c) 2009-2018 Zoltan Herczeg
+Copyright(c) 2009-2019 Zoltan Herczeg
 All rights reserved.
--- a/html/50x.html
+++ b/html/50x.html
@ -15,7 +15,7 @@
 <p>Sorry, the page you are looking for is currently unavailable.<br/>
 Please try again later.</p>
 <p>If you are the system administrator of this resource then you should check
-the <a href="http://nginx.org/r/error_log">error log</a> for details.</p>
+the error log for details.</p>
 <p><em>Faithfully yours, nginx.</em></p>
 </body>
 </html>
--- a/html/recaptcha/api.js
+++ b/html/recaptcha/api.js
@ -1 +0,0 @@
 /* PLEASE DO NOT COPY AND PASTE THIS CODE. */(function(){var CFG='___grecaptcha_cfg';if(!window[CFG]){window[CFG]={};}var GR='grecaptcha';if(!window[GR]){window[GR]={};}window[GR].ready=window[GR].ready||function(f){(window[CFG]['fns']=window[CFG]['fns']||[]).push(f);};(window[CFG]['render']=window[CFG]['render']||[]).push('onload');window['__google_recaptcha_client']=true;var po=document.createElement('script');po.type='text/javascript';po.async=true;po.src='https://www.gstatic.com/recaptcha/api2/v1537165899310/recaptcha__zh_cn.js';var elem=document.querySelector('script[nonce]');var n=elem&&(elem['nonce']||elem.getAttribute('nonce'));if(n){po.setAttribute('nonce',n);}var s=document.getElementsByTagName('script')[0];s.parentNode.insertBefore(po, s);})();
--- a/logs/nginx.pid
+++ b/logs/nginx.pid
@ -1 +1 @@
-11124
+9816
--- a/nginx.exe
+++ b/nginx.exe
		`@ -1 +0,0 @@`
			/* PLEASE DO NOT COPY AND PASTE THIS CODE. */(function(){var CFG='___grecaptcha_cfg';if(!window[CFG]){window[CFG]={};}var GR='grecaptcha';if(!window[GR]){window[GR]={};}window[GR].ready=window[GR].ready\|\|function(f){(window[CFG]['fns']=window[CFG]['fns']\|\|[]).push(f);};(window[CFG]['render']=window[CFG]['render']\|\|[]).push('onload');window['__google_recaptcha_client']=true;var po=document.createElement('script');po.type='text/javascript';po.async=true;po.src='https://www.gstatic.com/recaptcha/api2/v1537165899310/recaptcha__zh_cn.js';var elem=document.querySelector('script[nonce]');var n=elem&&(elem['nonce']\|\|elem.getAttribute('nonce'));if(n){po.setAttribute('nonce',n);}var s=document.getElementsByTagName('script')[0];s.parentNode.insertBefore(po, s);})();