207 lines
6.9 KiB
Plaintext
207 lines
6.9 KiB
Plaintext
NGINX is a high performance edge web server with the lowest memory footprint
|
|
and the key features to build modern and efficient web infrastructure.
|
|
|
|
NGINX functionality includes HTTP server, HTTP and mail reverse proxy, caching,
|
|
load balancing, compression, request throttling, connection multiplexing and
|
|
reuse, SSL offload and HTTP media streaming.
|
|
|
|
WWW: https://nginx.org/
|
|
|
|
Plugin Changelog
|
|
================
|
|
|
|
1.27
|
|
|
|
* add support for custom configuration in stream server (contributed by Fabio Castagnino)
|
|
* add headers_more support (contributed by kulikov-a)
|
|
|
|
1.26
|
|
|
|
* Enhancement of security headers (contributed by Manuel Faux)
|
|
* Add Frame-Ancestors, add "preload", removed deprecated HPKP
|
|
* Performance enhancements for log display
|
|
* Fixed display of vts and logs for non-default styles
|
|
|
|
1.25
|
|
|
|
* Reworked logging frontent to support filtering and historic view (contributed by Manuel Faux)
|
|
|
|
1.24
|
|
|
|
* Change all Listen Port directives to Listen Address and migrate the Port data to Addresses
|
|
* Add default_server option to HTTP Server
|
|
* Replace stop action by the reload option in reconfigureForceRestart (#2450)
|
|
* Add server ssl_protocols, ssl_ciphers, ssl_prefer_server_ciphers directives to GUI
|
|
|
|
1.23
|
|
|
|
* Add custom error pages on a per HTTP server basis (contributed by 8191)
|
|
* Migration for PHP Phalcon 4 (non breaking change for UI/API)
|
|
|
|
1.22
|
|
|
|
* Add X-Forwarded-Port and X-Forwarded-Host headers (contributed by Carlos Cesario)
|
|
* Fix wrong stream server CA filename (contributed by Ingo Theiss)
|
|
* Fix proxy_ssl_name and add hook (contributed by kulikov-a)
|
|
* Apply loadbalancing for UDP (contributed by Thomas Laubrock)
|
|
* Naxsi whitelist improvements (contributed by Manuel Faux)
|
|
* Grid view improvements (contributed by Manuel Faux)
|
|
* Minor fixes in setup.php (contributed by kulikov-a)
|
|
|
|
1.21
|
|
|
|
* fix performance issue with autoban feature (contributed by jkellerer)
|
|
|
|
1.20
|
|
|
|
* User interface improvements of NAXSI configuration (contributed by 8191)
|
|
* Fixed missing certificate validation of upstreams (contributed by 8191)
|
|
|
|
1.19
|
|
|
|
* Add possibility to configure SNI proxying.
|
|
* Display NAXSI rule ID in volt
|
|
|
|
1.18
|
|
|
|
* Add proxy header for CloudFlare
|
|
|
|
1.17
|
|
|
|
* allow to set worker_processes and worker_connections (contributed by ibanezbass in #1621)
|
|
* fix location access control handling (contributed by Szeraax)
|
|
|
|
1.16
|
|
|
|
* advanced buffering configuration in location (#1575)
|
|
|
|
1.15
|
|
|
|
* add OCSP stapling and verify
|
|
* fix bug sendfile directive is only applied if TLS is enabled
|
|
* allow to configure the maximum header and request line buffer size HTTP Server advanced option (Issue: 1544)
|
|
|
|
1.14
|
|
|
|
* add load balancer algorithm option (ip_hash)
|
|
* fix URL flag not stored (contributed by jkellerer) [1]
|
|
* allow to whitelist specific source IPs in the web application firewall (contributed by Julio Cesar Camargo) [2]
|
|
|
|
[1] https://github.com/opnsense/plugins/pull/1375
|
|
[2] https://github.com/opnsense/plugins/pull/1310
|
|
|
|
1.13
|
|
|
|
* add support for 0-RTT (Early Data in TLS 1.3)
|
|
* add XMLRPC sync support
|
|
|
|
1.12
|
|
|
|
* add log to SYSLOG server support
|
|
* add support for maximum temporary file size for request bodies
|
|
* fix log "format" disable
|
|
|
|
1.11
|
|
|
|
* add VTS(1) module for traffic status reports
|
|
* fix HSTS bug
|
|
* add extended log format (contributed by Josh Wiles)
|
|
* fix ACME support (contributed by Frank Wall)
|
|
|
|
(1) https://github.com/vozlt/nginx-module-vts
|
|
|
|
1.10
|
|
|
|
* fix content security settings (missing checkbox, correct templating)
|
|
|
|
1.9
|
|
|
|
* add advanced options to configure hostname hash sizes for long hostnames
|
|
|
|
1.8
|
|
|
|
* update lodash to v4.17.11
|
|
* Breaking: remove the WAF policy match type "=" as it is not supported (if you have them in use, unlink and delete them before installing this update)
|
|
* allow plugins via include hooks
|
|
* Breaking: the enabled flag in the general setting now works (en- or disables all vhosts in the plugin itself, but always serves plugins). Default was false so make sure you have it enabled before upgrade.
|
|
* Alias support for downstream proxies (trust setting)
|
|
* bugfix: deleting IP ACL
|
|
* HSTS not sent automatically anymore if HTTP over TLS is configured (still available via security header)
|
|
* add configuration directives for timeouts to location
|
|
|
|
1.7
|
|
|
|
* bugfix: create log directory if it is missing
|
|
* reorder menu
|
|
|
|
1.6
|
|
|
|
* fix bug due to permission downgrade (basic auth)
|
|
* fix bug when multiple hostnames are used, that the logs are not displayed in the log viewer
|
|
* add paging support to log viewer, so it does not crash on really big log files
|
|
* add basic TLS fingerprint check to make man in the middle attacks visible (may not fully work on LibreSSL crypto flavour as curves seem to return an empty string)
|
|
* add dropdown to select authentication backend in HTTP server for advanced authentication
|
|
* add global error log to log viewer
|
|
* use stricter checks for internal locations (contributed by Northguy)
|
|
|
|
1.5
|
|
|
|
* Add proxy options for ignore client abort and disabling buffering
|
|
* Add logviewer support for streams
|
|
* Fix charset is not defined bug (contributed by ccesario [1])
|
|
* Add an existence check for locations
|
|
* Add PROXY protocol for HTTP and Streams frontend
|
|
* Add PROXY backend support for Streams
|
|
* Add support for better whitelist rules in the WAF
|
|
|
|
[1] https://github.com/opnsense/plugins/pull/1035
|
|
|
|
1.4 (Development only)
|
|
|
|
* move upstreams from HTTP to their own menu because they are used for TCP load balancing as well
|
|
* add TCP load balancing [1]
|
|
* add support for IP based ACLs
|
|
* add log rotation (contributed by Julius Cesar Camargo [2])
|
|
* add support for satisfy, body size limitation
|
|
* change: allow to disable internal bot protection (contributed by @fzoske) [3]
|
|
* change: do not save when no change in the list happened to prevent filling the log history
|
|
* fix: translate a german string in upstream server to english
|
|
* replace headers instead of just adding our own (duplication issue #971), suppress X-Powered-By from Upstream [4]
|
|
|
|
[1] https://github.com/opnsense/plugins/pull/930
|
|
[2] https://github.com/opnsense/plugins/pull/982
|
|
[3] https://github.com/opnsense/plugins/pull/934
|
|
[4] https://github.com/opnsense/plugins/issues/971
|
|
|
|
1.3
|
|
|
|
* bugfix: correctly set upstream header
|
|
|
|
1.2
|
|
|
|
* add limiter support
|
|
* add permanent ban feature (use alias in firewall rules)
|
|
* add caching feature (local file system)
|
|
* add path prefix support (contributed by @ccesario )
|
|
* add port to upstream server table
|
|
* add support to download waf rules
|
|
* improvement: export full chain instead of only the server certificate (fixes some issues with some tools which need it)
|
|
* web interface (allow HTTP/2 server push to increase performance)
|
|
* support for (secure) web sockets in reverse proxy mode
|
|
* bugfix: fix issues with multiple hostnames (IPv6 issues with TLS SNI by @ccesario )
|
|
* bugfix: warning in certificate rendering
|
|
|
|
1.1
|
|
|
|
* add log viewer
|
|
|
|
1.0
|
|
|
|
* add Reverse Proxy (Load Balancer)
|
|
* add Location Configuration
|
|
* add local HTTP Server
|
|
* add local PHP support
|
|
* add experimental support to handle the web interface (can only be enabled via CLI)
|
|
* add WAF (NAXSI) support
|
|
* add Authentication support
|