After a year of development, it was introduced a new stable branch of the popular high-performance HTTP server and a multiprotocol proxy server "Nginx 1.18.0", which incorporated the accumulated changes under the main branch 1.17.x.
For those who do not know about Nginx should know that this is a high performance lightweight reverse proxy / web server and a proxy for email protocols (IMAP / POP3). Nginx is free and open source software, licensed under the Simplified BSD License, in addition to being cross-platform, so it can be used on Unix, GNU / Linux, BSD, Solaris, Mac OS X and Windows systems.
It should be noted that there are two versions of Nginx, OSS Nginx and Nginx Plus (the commercial version). Nginx Plus offers additional functionalities that are not included in OSS Nginx.
What's new in Nginx 1.18.0?
In this new version of Nginx 1.18.0, various directives have been added which add some functionalities to the server, such is the case of the new directive limit_req_dry_run, which enables test execution mode, which does not enforce restrictions on the intensity of processing requests (without a speed limit), but continues to monitor the number of out-of-bounds requests in shared memory.
Another of the added directives is limit_conn_dry_run, what put the module ngx_http_limit_conn_module in test run mode, in which the number of connections is not limited, but is taken into account.
On the other hand we can also find auth_delay, what allows adding a delay to unauthorized requests with a response code of 401 to reduce the intensity of password selection and protect against attacks that manipulate time attack operations when accessing password-restricted systems, the result of a subquery or JWT (JSON Web Token).
Added support for variables in directives «limit_rate "and" limit_rate_after«, As well as in the directives "Proxy_upload_rate" and "proxy_download_rate" of the flow module.
Directive grpc_pass added support for using a variable in the parameter that defines the address. If the address is specified as a domain name, the name is searched among the described server groups and, if not found, is determined using the resolver;
Have been added new variables proxy_protocol_server_addr and proxy_protocol_server_port, what they contain the server address and port obtained from the PROXY protocol header.
Of the other changes that are mentioned in the announcement of this new version:
- The variable limit_conn_status has been added to the module ngx_stream_limit_conn_module, which stores the result of the number of connections limit: PASSED, REJECTED, and REJECTED_DRY_RUN.
- The variable $ limit_req_status has been added to the module ngx_http_limit_req_module , which stores the result of limiting the rate of receipt of requests: PASSED, DELAYED, REJECTED, DELAYED_DRY_RUN, and REJECTED_DRY_RUN.
- By default, the module assembly is provided ngx_http_postpone_filter_module.
- Added support for changing named location blocks using $ r-> method internal_redirect() provided by the built-in Perl interpreter. This method now involves handling URIs with escaped characters.
- When using the hash directive in the bottom-up configuration block to organize load balancing with binding from client to server, if the key is empty, the mode round-robin now it is activated.
- Added support for ioctl (FIONREAD) calls, if available, to avoid reading from a fast connection for a long time.
Finally, it is mentioned that in the future, all changes to the 1.18 stable branch will be associated with bug and vulnerability removal serious.
Besides that nginx 1.19 main branch will be formed soon, within which the development of new features will continue. For ordinary users who do not have the task of ensuring compatibility with third-party modules, it is recommended to use the main branch, on the basis of which versions of the commercial product Nginx Plus are formed every three months.
If you want to know more about it about the changes implemented in this new version, you can check the details In the following link.