# HG changeset patch # User Ruslan Ermilov # Date 1313065153 0 # Node ID 61e04fc01027bf3e30364fefb1e85b494f0e96fd Initial import of the nginx.org website. diff -r 000000000000 -r 61e04fc01027 BSDmakefile --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/BSDmakefile Thu Aug 11 12:19:13 2011 +0000 @@ -0,0 +1,8 @@ + +build: + gmake + +.PHONY: gzip + +.DEFAULT:: + gmake $@ diff -r 000000000000 -r 61e04fc01027 GNUmakefile --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/GNUmakefile Thu Aug 11 12:19:13 2011 +0000 @@ -0,0 +1,265 @@ + +OUT = libxslt +TEXT = text +ZIP = gzip +NGINX_ORG = /data/jails/www/usr/local/www/nginx.org +NGINX_NET = /data/jails/www/usr/local/www/nginx.net +SYSOEV_RU = /data/jails/www/usr/local/www/sysoev.ru + +CP = $(HOME)/java + + + +define XSLScript + java -cp $(CP)/xsls/saxon.jar:$(CP)/xsls/xsls.jar \ + com.pault.StyleSheet \ + -x com.pault.XX -y com.pault.XX \ + $(1) xsls/dump.xsls \ + | perl -e 'undef $$/; $$_ = <>; s/(\n\n)+/\n/gs; print' > $(2) + + if [ ! -s $(2) ]; then rm $(2); fi; test -s $(2) +endef + + +define XSLT + xsltproc -o $3 \ + $(shell echo $4 \ + | sed -e "s/\([^= ]*\)=\([^= ]*\)/--param \1 \"'\2'\"/g") \ + $1 $2 +endef + +define GZIP + rm -f $1.gz + 7za a -tgzip -mx9 -mpass=15 -si -ba -bd $1.gz < $1 + touch -r $1 $1.gz +endef + + +all: news arx 404 en ja he ru tr + +news: $(OUT)/index.html $(OUT)/index.rss +arx: $(OUT)/2010.html $(OUT)/2009.html +404: $(OUT)/404.html + + +ARTICLE_XSLT = xml/menu.xml \ + xml/versions.xml \ + xslt/article.xslt \ + dtd/article.dtd \ + dtd/content.dtd \ + +include xml/en/GNUmakefile +include xml/ja/GNUmakefile +include xml/he/GNUmakefile +include xml/ru/GNUmakefile +include xml/tr/GNUmakefile + + +$(OUT)/index.html: xml/index.xml \ + xml/menu.xml \ + xslt/news.xslt \ + dtd/news.dtd \ + dtd/content.dtd + $(call XSLT, xslt/news.xslt, $<, $@) + +$(OUT)/index.rss: xml/index.xml \ + xslt/rss.xslt \ + dtd/article.dtd \ + dtd/content.dtd + $(call XSLT, xslt/rss.xslt, $<, $@) + + +$(OUT)/2010.html: xml/index.xml \ + xml/menu.xml \ + xslt/news.xslt \ + dtd/news.dtd \ + dtd/content.dtd + $(call XSLT, xslt/news.xslt, $<, $@, YEAR=2010) + + +$(OUT)/2009.html: xml/index.xml \ + xml/menu.xml \ + xslt/news.xslt \ + dtd/news.dtd \ + dtd/content.dtd + $(call XSLT, xslt/news.xslt, $<, $@, YEAR=2009) + +$(OUT)/404.html: xml/404.xml \ + xml/menu.xml \ + xslt/error.xslt \ + dtd/article.dtd \ + dtd/content.dtd + $(call XSLT, xslt/error.xslt, $<, $@) + + +$(OUT)/%.html: xml/%.xml \ + $(ARTICLE_XSLT) + $(call XSLT, xslt/article.xslt, $<, $@) + + +xslt/news.xslt: xsls/news.xsls \ + xslt/dirname.xslt \ + xslt/link.xslt \ + xslt/style.xslt \ + xslt/body.xslt \ + xslt/menu.xslt \ + xslt/content.xslt + $(call XSLScript, $<, $@) + +xslt/article.xslt: xsls/article.xsls \ + xslt/dirname.xslt \ + xslt/link.xslt \ + xslt/style.xslt \ + xslt/body.xslt \ + xslt/menu.xslt \ + xslt/donate.xslt \ + xslt/content.xslt \ + xslt/versions.xslt + $(call XSLScript, $<, $@) + +xslt/download.xslt: xsls/download.xsls \ + xslt/dirname.xslt \ + xslt/link.xslt \ + xslt/style.xslt \ + xslt/body.xslt \ + xslt/menu.xslt \ + xslt/content.xslt + $(call XSLScript, $<, $@) + +xslt/security.xslt: xsls/security.xsls \ + xslt/dirname.xslt \ + xslt/link.xslt \ + xslt/style.xslt \ + xslt/body.xslt \ + xslt/menu.xslt \ + xslt/content.xslt + $(call XSLScript, $<, $@) + +xslt/books.xslt: xsls/books.xsls \ + xslt/dirname.xslt \ + xslt/link.xslt \ + xslt/style.xslt \ + xslt/body.xslt \ + xslt/menu.xslt \ + xslt/content.xslt + $(call XSLScript, $<, $@) + +xslt/error.xslt: xsls/error.xsls + $(call XSLScript, $<, $@) + +xslt/%.xslt: xsls/%.xsls + $(call XSLScript, $<, $@) + +images: \ + binary/books/nginx_http_server_jp.jpg \ + binary/books/nginx_1_web_server.jpg \ + binary/books/nginx_http_server.jpg \ + binary/books/nginx_in_practice.jpg + +binary/books/nginx_http_server_jp.jpg: sources/1106030720.jpg + jpegtopnm sources/1106030720.jpg \ + | pamscale -width=150 \ + | pnmtojpeg -quality=95 -optimize -dct=float \ + > binary/books/nginx_http_server_jp.jpg + +binary/books/nginx_1_web_server.jpg: \ + sources/Nginx\ 1\ Web\ Server\ Implementation\ Cookbook.jpg + jpegtopnm sources/Nginx\ 1\ Web\ Server\ Implementation\ Cookbook.jpg \ + | pamscale -width=150 \ + | pnmtojpeg -quality=95 -optimize -dct=float \ + > binary/books/nginx_1_web_server.jpg + +binary/books/nginx_http_server.jpg: sources/0868OS_MockupCover.jpg + jpegtopnm sources/0868OS_MockupCover.jpg \ + | pamscale -width=150 \ + | pnmtojpeg -quality=95 -optimize -dct=float \ + > binary/books/nginx_http_server.jpg + +binary/books/nginx_in_practice.jpg: sources/20807089-1_o.jpg + jpegtopnm sources/20807089-1_o.jpg \ + | pamscale -width=150 \ + | pnmtojpeg -quality=95 -optimize -dct=float \ + > binary/books/nginx_in_practice.jpg + + +.PHONY: gzip +gzip: rsync_gzip + $(MAKE) do_gzip + +rsync_gzip: + rsync -rt -c --modify-window=746496000 $(OUT)/ $(ZIP)/ + rsync -rt -c --modify-window=746496000 $(TEXT)/ $(ZIP)/ + +do_gzip: $(addsuffix .gz, $(wildcard $(ZIP)/*.html)) \ + $(addsuffix .gz, $(wildcard $(ZIP)/en/*.html)) \ + $(addsuffix .gz, $(wildcard $(ZIP)/en/docs/*.html)) \ + $(addsuffix .gz, $(wildcard $(ZIP)/en/docs/http/*.html))\ + $(addsuffix .gz, $(wildcard $(ZIP)/ja/*.html)) \ + $(addsuffix .gz, $(wildcard $(ZIP)/ja/docs/*.html)) \ + $(addsuffix .gz, $(wildcard $(ZIP)/ja/docs/http/*.html))\ + $(addsuffix .gz, $(wildcard $(ZIP)/he/*.html)) \ + $(addsuffix .gz, $(wildcard $(ZIP)/he/docs/*.html)) \ + $(addsuffix .gz, $(wildcard $(ZIP)/he/docs/http/*.html))\ + $(addsuffix .gz, $(wildcard $(ZIP)/ru/*.html)) \ + $(addsuffix .gz, $(wildcard $(ZIP)/ru/docs/*.html)) \ + $(addsuffix .gz, $(wildcard $(ZIP)/tr/*.html)) \ + $(addsuffix .gz, $(wildcard $(ZIP)/tr/docs/*.html)) \ + $(addsuffix .gz, $(wildcard $(ZIP)/tr/docs/http/*.html))\ + $(ZIP)/index.rss.gz \ + $(ZIP)/LICENSE.gz \ + $(ZIP)/en/CHANGES.gz \ + $(addsuffix .gz, $(wildcard $(ZIP)/en/CHANGES-?.?)) \ + $(ZIP)/ru/CHANGES.ru.gz \ + $(addsuffix .gz, $(wildcard $(ZIP)/ru/CHANGES.ru-?.?)) \ + + find gzip/ -type f -not -name '*.gz' -exec test \! -e {}.gz \; -print + + +$(ZIP)/%.gz: $(ZIP)/% + $(call GZIP, $<) + +dirs: + test -d $(OUT)/en/docs/http || mkdir -p $(OUT)/en/docs/http + +draft: all + rsync -rt -c --modify-window=746496000 libxslt/ $(NGINX_ORG)/libxslt/ + +copy: + rsync -rt -c --modify-window=746496000 $(ZIP)/ $(NGINX_ORG)/ + rsync -rt -c --modify-window=746496000 binary/ $(NGINX_ORG)/ + +dev: xslt/development.xslt sign +dev: NGINX=$(shell xsltproc xslt/development.xslt xml/versions.xml) + +stable: xslt/stable.xslt sign +stable: NGINX=$(shell xsltproc xslt/stable.xslt xml/versions.xml) + +legacy: xslt/legacy_stable.xslt sign +legacy: NGINX=$(shell xsltproc xslt/legacy_stable.xslt xml/versions.xml) + +any: sign +any: NGINX=0.7.69 + + +sign: + @echo sign nginx-$(NGINX) + + gpg -sab binary/download/nginx-$(NGINX).tar.gz + gpg -sab binary/download/nginx-$(NGINX).zip + + +TEMP = temp +SITE = nginx.org + +tarball: + rm -rf $(TEMP) + mkdir -p $(TEMP)/$(SITE) + cp -rp BSDmakefile GNUmakefile TODO \ + xml xsls xslt dtd binary \ + $(TEMP)/$(SITE) + + rm -f $(SITE).tar.bz2 + tar -c -y -f $(SITE).tar.bz2 \ + --directory $(TEMP) \ + --exclude .svn \ + $(SITE) diff -r 000000000000 -r 61e04fc01027 TODO --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/TODO Thu Aug 11 12:19:13 2011 +0000 @@ -0,0 +1,35 @@ + + build: + configure + pitfalls + --with-md5/sha1= + + IP-based + *:80 and IP-baseed + getsockopt() + optmizations + bind + Typical pitfalls + + location + + server_names: + server_name "" + + HTTPS: + key password + + + + memory disk / memcached + CGI + piped logs + tail -f access_log | program + htaccess + if + + + nginx.org: make dump + mc374: make msvc8 TAG zip copy + nginx.org: make stable all gzip copy + sysoev.ru: make news nginx copy diff -r 000000000000 -r 61e04fc01027 binary/favicon.ico Binary file binary/favicon.ico has changed diff -r 000000000000 -r 61e04fc01027 binary/nginx.clean.gif Binary file binary/nginx.clean.gif has changed diff -r 000000000000 -r 61e04fc01027 binary/nginx.gif Binary file binary/nginx.gif has changed diff -r 000000000000 -r 61e04fc01027 dtd/article.dtd --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/dtd/article.dtd Thu Aug 11 12:19:13 2011 +0000 @@ -0,0 +1,7 @@ + + + + + + + %content; diff -r 000000000000 -r 61e04fc01027 dtd/content.dtd --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/dtd/content.dtd Thu Aug 11 12:19:13 2011 +0000 @@ -0,0 +1,8 @@ + + + + + + + + diff -r 000000000000 -r 61e04fc01027 dtd/i18n.dtd diff -r 000000000000 -r 61e04fc01027 dtd/menu.dtd diff -r 000000000000 -r 61e04fc01027 dtd/news.dtd --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/dtd/news.dtd Thu Aug 11 12:19:13 2011 +0000 @@ -0,0 +1,7 @@ + + + + + + + %content; diff -r 000000000000 -r 61e04fc01027 sources/0868OS_MockupCover.jpg Binary file sources/0868OS_MockupCover.jpg has changed diff -r 000000000000 -r 61e04fc01027 sources/1106030720.jpg Binary file sources/1106030720.jpg has changed diff -r 000000000000 -r 61e04fc01027 sources/20807089-1_o.jpg Binary file sources/20807089-1_o.jpg has changed diff -r 000000000000 -r 61e04fc01027 sources/Nginx 1 Web Server Implementation Cookbook.jpg Binary file sources/Nginx 1 Web Server Implementation Cookbook.jpg has changed diff -r 000000000000 -r 61e04fc01027 text/LICENSE --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/text/LICENSE Thu Aug 11 12:19:13 2011 +0000 @@ -0,0 +1,24 @@ +/* + * Copyright (C) 2002-2011 Igor Sysoev + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ diff -r 000000000000 -r 61e04fc01027 text/en/CHANGES --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/text/en/CHANGES Thu Aug 11 12:19:13 2011 +0000 @@ -0,0 +1,5373 @@ + +Changes with nginx 1.1.0 01 Aug 2011 + + *) Feature: cache loader run time decrease. + + *) Feature: "loader_files", "loader_sleep", and "loader_threshold" + options of the "proxy/fastcgi/scgi/uwsgi_cache_path" directives. + + *) Feature: loading time decrease of configuration with large number of + HTTPS sites. + + *) Feature: now nginx supports ECDHE key exchange ciphers. + Thanks to Adrian Kotelba. + + *) Feature: the "lingering_close" directive. + Thanks to Maxim Dounin. + + *) Bugfix: in closing connection for pipelined requests. + Thanks to Maxim Dounin. + + *) Bugfix: nginx did not disable gzipping if client sent "gzip;q=0" in + "Accept-Encoding" request header line. + + *) Bugfix: in timeout in unbuffered proxied mode. + Thanks to Maxim Dounin. + + *) Bugfix: memory leaks when a "proxy_pass" directive contains + variables and proxies to an HTTPS backend. + Thanks to Maxim Dounin. + + *) Bugfix: in parameter validaiton of a "proxy_pass" directive with + variables. + Thanks to Lanshun Zhou. + + *) Bugfix: SSL did not work on QNX. + Thanks to Maxim Dounin. + + *) Bugfix: SSL modules could not be built by gcc 4.6 without + --with-debug option. + + +Changes with nginx 1.0.5 19 Jul 2011 + + *) Change: now default SSL ciphers are "HIGH:!aNULL:!MD5". + Thanks to Rob Stradling. + + *) Feature: the "referer_hash_max_size" and "referer_hash_bucket_size" + directives. + Thanks to Witold Filipczyk. + + *) Feature: $uid_reset variable. + + *) Bugfix: a segmentation fault might occur in a worker process, if a + caching was used. + Thanks to Lanshun Zhou. + + *) Bugfix: worker processes may got caught in an endless loop during + reconfiguration, if a caching was used; the bug had appeared in + 0.8.48. + Thanks to Maxim Dounin. + + *) Bugfix: "stalled cache updating" alert. + Thanks to Maxim Dounin. + + +Changes with nginx 1.0.4 01 Jun 2011 + + *) Change: now regular expressions case sensitivity in the "map" + directive is given by prefixes "~" or "~*". + + *) Feature: now shared zones and caches use POSIX semaphores on Linux. + Thanks to Denis F. Latypoff. + + *) Bugfix: "stalled cache updating" alert. + + *) Bugfix: nginx could not be built --without-http_auth_basic_module; + the bug had appeared in 1.0.3. + + +Changes with nginx 1.0.3 25 May 2011 + + *) Feature: the "auth_basic_user_file" directive supports "$apr1", + "{PLAIN}", and "{SSHA}" password encryption methods. + Thanks to Maxim Dounin. + + *) Feature: the "geoip_org" directive and $geoip_org variable. + Thanks to Alexander Uskov, Arnaud Granal, and Denis F. Latypoff. + + *) Feature: ngx_http_geo_module and ngx_http_geoip_module support IPv4 + addresses mapped to IPv6 addresses. + + *) Bugfix: a segmentation fault occurred in a worker process during + testing IPv4 address mapped to IPv6 address, if access or deny rules + were defined only for IPv6; the bug had appeared in 0.8.22. + + *) Bugfix: a cached response may be broken if "proxy/fastcgi/scgi/ + uwsgi_cache_bypass" and "proxy/fastcgi/scgi/uwsgi_no_cache" + directive values were different; the bug had appeared in 0.8.46. + + +Changes with nginx 1.0.2 10 May 2011 + + *) Feature: now shared zones and caches use POSIX semaphores. + + *) Bugfix: in the "rotate" parameter of the "image_filter" directive. + Thanks to Adam Bocim. + + *) Bugfix: nginx could not be built on Solaris; the bug had appeared in + 1.0.1. + + +Changes with nginx 1.0.1 03 May 2011 + + *) Change: now the "split_clients" directive uses MurmurHash2 algorithm + because of better distribution. + Thanks to Oleg Mamontov. + + *) Change: now long strings starting with zero are not considered as + false values. + Thanks to Maxim Dounin. + + *) Change: now nginx uses a default listen backlog value 511 on Linux. + + *) Feature: the $upstream_... variables may be used in the SSI and perl + modules. + + *) Bugfix: now nginx limits better disk cache size. + Thanks to Oleg Mamontov. + + *) Bugfix: a segmentation fault might occur while parsing incorrect + IPv4 address; the bug had appeared in 0.9.3. + Thanks to Maxim Dounin. + + *) Bugfix: nginx could not be built by gcc 4.6 without --with-debug + option. + + *) Bugfix: nginx could not be built on Solaris 9 and earlier; the bug + had appeared in 0.9.3. + Thanks to Dagobert Michelsen. + + *) Bugfix: $request_time variable had invalid values if subrequests + were used; the bug had appeared in 0.8.47. + Thanks to Igor A. Valcov. + + +Changes with nginx 1.0.0 12 Apr 2011 + + *) Bugfix: a cache manager might hog CPU after reload. + Thanks to Maxim Dounin. + + *) Bugfix: an "image_filter crop" directive worked incorrectly coupled + with an "image_filter rotate 180" directive. + + *) Bugfix: a "satisfy any" directive disabled custom 401 error page. + + +Changes with nginx 0.9.7 04 Apr 2011 + + *) Feature: now keepalive connections may be closed premature, if there + are no free worker connections. + Thanks to Maxim Dounin. + + *) Feature: the "rotate" parameter of the "image_filter" directive. + Thanks to Adam Bocim. + + *) Bugfix: a case when a backend in "fastcgi_pass", "scgi_pass", or + "uwsgi_pass" directives is given by expression and refers to a + defined upstream. + + +Changes with nginx 0.9.6 21 Mar 2011 + + *) Feature: the "map" directive supports regular expressions as value + of the first parameter. + + *) Feature: $time_iso8601 access_log variable. + Thanks to Michael Lustfield. + + +Changes with nginx 0.9.5 21 Feb 2011 + + *) Change: now nginx uses a default listen backlog value -1 on Linux. + Thanks to Andrei Nigmatulin. + + *) Feature: the "utf8" parameter of "geoip_country" and "geoip_city" + directives. + Thanks to Denis F. Latypoff. + + *) Bugfix: in a default "proxy_redirect" directive if "proxy_pass" + directive has no URI part. + Thanks to Maxim Dounin. + + *) Bugfix: an "error_page" directive did not work with nonstandard + error codes; the bug had appeared in 0.8.53. + Thanks to Maxim Dounin. + + +Changes with nginx 0.9.4 21 Jan 2011 + + *) Feature: the "server_name" directive supports the $hostname variable. + + *) Feature: 494 code for "Request Header Too Large" error. + + +Changes with nginx 0.9.3 13 Dec 2010 + + *) Bugfix: if there was a single server for given IPv6 address:port + pair, then captures in regular expressions in a "server_name" + directive did not work. + + *) Bugfix: nginx could not be built on Solaris; the bug had appeared in + 0.9.0. + + +Changes with nginx 0.9.2 06 Dec 2010 + + *) Feature: the "If-Unmodified-Since" client request header line + support. + + *) Workaround: fallback to accept() syscall if accept4() was not + implemented; the issue had appeared in 0.9.0. + + *) Bugfix: nginx could not be built on Cygwin; the bug had appeared in + 0.9.0. + + *) Bugfix: for OpenSSL vulnerability CVE-2010-4180. + Thanks to Maxim Dounin. + + +Changes with nginx 0.9.1 30 Nov 2010 + + *) Bugfix: "return CODE message" directives did not work; the bug had + appeared in 0.9.0. + + +Changes with nginx 0.9.0 29 Nov 2010 + + *) Feature: the "keepalive_disable" directive. + + *) Feature: the "map" directive supports variables as value of a + defined variable. + + *) Feature: the "map" directive supports empty strings as value of the + first parameter. + + *) Feature: the "map" directive supports expressions as the first + parameter. + + *) Feature: nginx(8) manual page. + Thanks to Sergey Osokin. + + *) Feature: Linux accept4() support. + Thanks to Simon Liu. + + *) Workaround: elimination of Linux linker warning about "sys_errlist" + and "sys_nerr"; the warning had appeared in 0.8.35. + + *) Bugfix: a segmentation fault might occur in a worker process, if the + "auth_basic" directive was used. + Thanks to Michail Laletin. + + *) Bugfix: compatibility with ngx_http_eval_module; the bug had + appeared in 0.8.42. + + +Changes with nginx 0.8.53 18 Oct 2010 + + *) Feature: now the "error_page" directive allows to change a status + code in a redirect. + + *) Feature: the "gzip_disable" directive supports special "degradation" + mask. + + *) Bugfix: a socket leak might occurred if file AIO was used. + Thanks to Maxim Dounin. + + *) Bugfix: if the first server had no "listen" directive and there was + no explicit default server, then a next server with a "listen" + directive became the default server; the bug had appeared in 0.8.21. + + +Changes with nginx 0.8.52 28 Sep 2010 + + *) Bugfix: nginx used SSL mode for a listen socket if any listen option + was set; the bug had appeared in 0.8.51. + + +Changes with nginx 0.8.51 27 Sep 2010 + + *) Change: the "secure_link_expires" directive has been canceled. + + *) Change: a logging level of resolver errors has been lowered from + "alert" to "error". + + *) Feature: now a listen socket "ssl" parameter may be set several + times. + + +Changes with nginx 0.8.50 02 Sep 2010 + + *) Feature: the "secure_link", "secure_link_md5", and + "secure_link_expires" directives of the ngx_http_secure_link_module. + + *) Feature: the -q switch. + Thanks to Gena Makhomed. + + *) Bugfix: worker processes may got caught in an endless loop during + reconfiguration, if a caching was used; the bug had appeared in + 0.8.48. + + *) Bugfix: in the "gzip_disable" directive. + Thanks to Derrick Petzold. + + *) Bugfix: nginx/Windows could not send stop, quit, reopen, and reload + signals to a process run in other session. + + +Changes with nginx 0.8.49 09 Aug 2010 + + *) Feature: the "image_filter_jpeg_quality" directive supports + variables. + + *) Bugfix: a segmentation fault might occur in a worker process, if the + $geoip_region_name variables was used; the bug had appeared in + 0.8.48. + + *) Bugfix: errors intercepted by error_page were cached only for next + request; the bug had appeared in 0.8.48. + + +Changes with nginx 0.8.48 03 Aug 2010 + + *) Change: now the "server_name" directive default value is an empty + name "". + Thanks to Gena Makhomed. + + *) Change: now the "server_name_in_redirect" directive default value is + "off". + + *) Feature: the $geoip_dma_code, $geoip_area_code, and + $geoip_region_name variables. + Thanks to Christine McGonagle. + + *) Bugfix: the "proxy_pass", "fastcgi_pass", "uwsgi_pass", and + "scgi_pass" directives were not inherited inside "limit_except" + blocks. + + *) Bugfix: the "proxy_cache_min_uses", "fastcgi_cache_min_uses" + "uwsgi_cache_min_uses", and "scgi_cache_min_uses" directives did not + work; the bug had appeared in 0.8.46. + + *) Bugfix: the "fastcgi_split_path_info" directive used incorrectly + captures, if only parts of an URI were captured. + Thanks to Yuriy Taraday and Frank Enderle. + + *) Bugfix: the "rewrite" directive did not escape a ";" character + during copying from URI to query string. + Thanks to Daisuke Murase. + + *) Bugfix: the ngx_http_image_filter_module closed a connection, if an + image was larger than "image_filter_buffer" size. + + +Changes with nginx 0.8.47 28 Jul 2010 + + *) Bugfix: $request_time variable had invalid values for subrequests. + + *) Bugfix: errors intercepted by error_page could not be cached. + + *) Bugfix: a cache manager process may got caught in an endless loop, + if max_size parameter was used; the bug had appeared in 0.8.46. + + +Changes with nginx 0.8.46 19 Jul 2010 + + *) Change: now the "proxy_no_cache", "fastcgi_no_cache", + "uwsgi_no_cache", and "scgi_no_cache" directives affect on a cached + response saving only. + + *) Feature: the "proxy_cache_bypass", "fastcgi_cache_bypass", + "uwsgi_cache_bypass", and "scgi_cache_bypass" directives. + + *) Bugfix: nginx did not free memory in cache keys zones if there was + an error during working with backend: the memory was freed only + after inactivity time or on memory low condition. + + +Changes with nginx 0.8.45 13 Jul 2010 + + *) Feature: ngx_http_xslt_filter improvements. + Thanks to Laurence Rowe. + + *) Bugfix: SSI response might be truncated after include with + wait="yes"; the bug had appeared in 0.7.25. + Thanks to Maxim Dounin. + + *) Bugfix: the "listen" directive did not support the "setfib=0" + parameter. + + +Changes with nginx 0.8.44 05 Jul 2010 + + *) Change: now nginx does not cache by default backend responses, if + they have a "Set-Cookie" header line. + + *) Feature: the "listen" directive supports the "setfib" parameter. + Thanks to Andrew Filonov. + + *) Bugfix: the "sub_filter" directive might change character case on + partial match. + + *) Bugfix: compatibility with HP/UX. + + *) Bugfix: compatibility with AIX xlC_r compiler. + + *) Bugfix: nginx treated large SSLv2 packets as plain requests. + Thanks to Miroslaw Jaworski. + + +Changes with nginx 0.8.43 30 Jun 2010 + + *) Feature: large geo ranges base loading speed-up. + + *) Bugfix: an error_page redirection to "location /zero {return 204;}" + without changing status code kept the error body; the bug had + appeared in 0.8.42. + + *) Bugfix: nginx might close IPv6 listen socket during + reconfiguration. + Thanks to Maxim Dounin. + + *) Bugfix: the $uid_set variable may be used at any request processing + stage. + + +Changes with nginx 0.8.42 21 Jun 2010 + + *) Change: now nginx tests locations given by regular expressions, if + request was matched exactly by a location given by a prefix string. + The previous behavior has been introduced in 0.7.1. + + *) Feature: the ngx_http_scgi_module. + Thanks to Manlio Perillo. + + *) Feature: a text answer may be added to a "return" directive. + + +Changes with nginx 0.8.41 15 Jun 2010 + + *) Security: nginx/Windows worker might be terminated abnormally if a + requested file name has invalid UTF-8 encoding. + + *) Change: now nginx allows to use spaces in a request line. + + *) Bugfix: the "proxy_redirect" directive changed incorrectly a backend + "Refresh" response header line. + Thanks to Andrey Andreew and Max Sogin. + + *) Bugfix: nginx did not support path without host name in + "Destination" request header line. + + +Changes with nginx 0.8.40 07 Jun 2010 + + *) Security: now nginx/Windows ignores default file stream name. + Thanks to Jose Antonio Vazquez Gonzalez. + + *) Feature: the ngx_http_uwsgi_module. + Thanks to Roberto De Ioris. + + *) Feature: a "fastcgi_param" directive with value starting with + "HTTP_" overrides a client request header line. + + *) Bugfix: the "If-Modified-Since", "If-Range", etc. client request + header lines were passed to FastCGI-server while caching. + + *) Bugfix: listen unix domain socket could not be changed during + reconfiguration. + Thanks to Maxim Dounin. + + +Changes with nginx 0.8.39 31 May 2010 + + *) Bugfix: an inherited "alias" directive worked incorrectly in + inclusive location. + + *) Bugfix: in "alias" with variables and "try_files" directives + combination. + + *) Bugfix: listen unix domain and IPv6 sockets did not inherit while + online upgrade. + Thanks to Maxim Dounin. + + +Changes with nginx 0.8.38 24 May 2010 + + *) Feature: the "proxy_no_cache" and "fastcgi_no_cache" directives. + + *) Feature: now the "rewrite" directive does a redirect automatically + if the $scheme variable is used. + Thanks to Piotr Sikora. + + *) Bugfix: now "limit_req" delay directive conforms to the described + algorithm. + Thanks to Maxim Dounin. + + *) Bugfix: the $uid_got variable might not be used in the SSI and perl + modules. + + +Changes with nginx 0.8.37 17 May 2010 + + *) Feature: the ngx_http_split_clients_module. + + *) Feature: the "map" directive supports keys more than 255 characters. + + *) Bugfix: nginx ignored the "private" and "no-store" values in the + "Cache-Control" backend response header line. + + *) Bugfix: a "stub" parameter of an "include" SSI directive was not + used, if empty response has 200 status code. + + *) Bugfix: if a proxied or FastCGI request was internally redirected to + another proxied or FastCGI location, then a segmentation fault might + occur in a worker process; the bug had appeared in 0.8.33. + Thanks to Yichun Zhang. + + *) Bugfix: IMAP connections may hang until they timed out while talking + to Zimbra server. + Thanks to Alan Batie. + + +Changes with nginx 0.8.36 22 Apr 2010 + + *) Bugfix: the ngx_http_dav_module handled incorrectly the DELETE, + COPY, and MOVE methods for symlinks. + + *) Bugfix: values of the $query_string, $arg_..., etc. variables cached + in main request were used by the SSI module in subrequests. + + *) Bugfix: a variable value was repeatedly encoded after each an "echo" + SSI-command output; the bug had appeared in 0.6.14. + + *) Bugfix: a worker process hung if a FIFO file was requested. + Thanks to Vicente Aguilar and Maxim Dounin. + + *) Bugfix: OpenSSL-1.0.0 compatibility on 64-bit Linux. + Thanks to Maxim Dounin. + + *) Bugfix: nginx could not be built --without-http-cache; the bug had + appeared in 0.8.35. + + +Changes with nginx 0.8.35 01 Apr 2010 + + *) Change: now the charset filter runs before the SSI filter. + + *) Feature: the "chunked_transfer_encoding" directive. + + *) Bugfix: an "&" character was not escaped when it was copied in + arguments part in a rewrite rule. + + *) Bugfix: nginx might be terminated abnormally while a signal + processing or if the directive "timer_resolution" was used on + platforms which do not support kqueue or eventport notification + methods. + Thanks to George Xie and Maxim Dounin. + + *) Bugfix: if temporary files and permanent storage area resided at + different file systems, then permanent file modification times were + incorrect. + Thanks to Maxim Dounin. + + *) Bugfix: ngx_http_memcached_module might issue the error message + "memcached sent invalid trailer". + Thanks to Maxim Dounin. + + *) Bugfix: nginx could not built zlib-1.2.4 library using the library + sources. + Thanks to Maxim Dounin. + + *) Bugfix: a segmentation fault occurred in a worker process, if there + was large stderr output before FastCGI response; the bug had + appeared in 0.8.34. + Thanks to Maxim Dounin. + + +Changes with nginx 0.8.34 03 Mar 2010 + + *) Bugfix: nginx did not support all ciphers and digests used in client + certificates. + Thanks to Innocenty Enikeew. + + *) Bugfix: nginx cached incorrectly FastCGI responses if there was + large stderr output before response. + + *) Bugfix: nginx did not support HTTPS referrers. + + *) Bugfix: nginx/Windows might not find file if path in configuration + was given in other character case; the bug had appeared in 0.8.33. + + *) Bugfix: the $date_local variable has an incorrect value, if the "%s" + format was used. + Thanks to Maxim Dounin. + + *) Bugfix: if ssl_session_cache was not set or was set to "none", then + during client certificate verify the error "session id context + uninitialized" might occur; the bug had appeared in 0.7.1. + + *) Bugfix: a geo range returned default value if the range included two + or more /16 networks and did not begin at /16 network boundary. + + *) Bugfix: a block used in a "stub" parameter of an "include" SSI + directive was output with "text/plain" MIME type. + + *) Bugfix: $r->sleep() did not work; the bug had appeared in 0.8.11. + + +Changes with nginx 0.8.33 01 Feb 2010 + + *) Security: now nginx/Windows ignores trailing spaces in URI. + Thanks to Dan Crowley, Core Security Technologies. + + *) Security: now nginx/Windows ignores short files names. + Thanks to Dan Crowley, Core Security Technologies. + + *) Change: now keepalive connections after POST requests are not + disabled for MSIE 7.0+. + Thanks to Adam Lounds. + + *) Workaround: now keepalive connections are disabled for Safari. + Thanks to Joshua Sierles. + + *) Bugfix: if a proxied or FastCGI request was internally redirected to + another proxied or FastCGI location, then $upstream_response_time + variable may have abnormally large value; the bug had appeared in + 0.8.7. + + *) Bugfix: a segmentation fault might occur in a worker process, while + discarding a request body; the bug had appeared in 0.8.11. + + +Changes with nginx 0.8.32 11 Jan 2010 + + *) Bugfix: UTF-8 encoding usage in the ngx_http_autoindex_module. + Thanks to Maxim Dounin. + + *) Bugfix: regular expression named captures worked for two names only. + Thanks to Maxim Dounin. + + *) Bugfix: now the "localhost" name is used in the "Host" request + header line, if an unix domain socket is defined in the "auth_http" + directive. + Thanks to Maxim Dounin. + + *) Bugfix: nginx did not support chunked transfer encoding for 201 + responses. + Thanks to Julian Reich. + + *) Bugfix: if the "expires modified" set date in the past, then a + negative number was set in the "Cache-Control" response header line. + Thanks to Alex Kapranoff. + + +Changes with nginx 0.8.31 23 Dec 2009 + + *) Feature: now the "error_page" directive may redirect the 301 and 302 + responses. + + *) Feature: the $geoip_city_continent_code, $geoip_latitude, and + $geoip_longitude variables. + Thanks to Arvind Sundararajan. + + *) Feature: now the ngx_http_image_filter_module deletes always EXIF + and other application specific data if the data consume more than 5% + of a JPEG file. + + *) Bugfix: nginx closed a connection if a cached response had an empty + body. + Thanks to Piotr Sikora. + + *) Bugfix: nginx might not be built by gcc 4.x if the -O2 or higher + optimization option was used. + Thanks to Maxim Dounin and Denis F. Latypoff. + + *) Bugfix: regular expressions in location were always tested in + case-sensitive mode; the bug had appeared in 0.8.25. + + *) Bugfix: nginx cached a 304 response if there was the "If-None-Match" + header line in a proxied request. + Thanks to Tim Dettrick and David Kostal. + + *) Bugfix: nginx/Windows tried to delete a temporary file twice if the + file should replace an already existent file. + + +Changes with nginx 0.8.30 15 Dec 2009 + + *) Change: now the default buffer size of the + "large_client_header_buffers" directive is 8K. + Thanks to Andrew Cholakian. + + *) Feature: the conf/fastcgi.conf for simple FastCGI configurations. + + *) Bugfix: nginx/Windows tried to rename a temporary file twice if the + file should replace an already existent file. + + *) Bugfix: of "double free or corruption" error issued if host could + not be resolved; the bug had appeared in 0.8.22. + Thanks to Konstantin Svist. + + *) Bugfix: in libatomic usage on some platforms. + Thanks to W-Mark Kubacki. + + +Changes with nginx 0.8.29 30 Nov 2009 + + *) Change: now the "009" status code is written to an access log for + proxied HTTP/0.9 responses. + + *) Feature: the "addition_types", "charset_types", "gzip_types", + "ssi_types", "sub_filter_types", and "xslt_types" directives support + an "*" parameter. + + *) Feature: GCC 4.1+ built-in atomic operations usage. + Thanks to W-Mark Kubacki. + + *) Feature: the --with-libatomic[=DIR] option in the configure. + Thanks to W-Mark Kubacki. + + *) Bugfix: listen unix domain socket had limited access rights. + + *) Bugfix: cached HTTP/0.9 responses were handled incorrectly. + + *) Bugfix: regular expression named captures given by "?P<...>" did not + work in a "server_name" directive. + Thanks to Maxim Dounin. + + +Changes with nginx 0.8.28 23 Nov 2009 + + *) Bugfix: nginx could not be built with the --without-pcre parameter; + the bug had appeared in 0.8.25. + + +Changes with nginx 0.8.27 17 Nov 2009 + + *) Bugfix: regular expressions did not work in nginx/Windows; the bug + had appeared in 0.8.25. + + +Changes with nginx 0.8.26 16 Nov 2009 + + *) Bugfix: in captures usage in "rewrite" directive; the bug had + appeared in 0.8.25. + + *) Bugfix: nginx could not be built without the --with-debug option; + the bug had appeared in 0.8.25. + + +Changes with nginx 0.8.25 16 Nov 2009 + + *) Change: now no message is written in an error log if a variable is + not found by $r->variable() method. + + *) Feature: the ngx_http_degradation_module. + + *) Feature: regular expression named captures. + + *) Feature: now URI part is not required a "proxy_pass" directive if + variables are used. + + *) Feature: now the "msie_padding" directive works for Chrome too. + + *) Bugfix: a segmentation fault occurred in a worker process on low + memory condition; the bug had appeared in 0.8.18. + + *) Bugfix: nginx sent gzipped responses to clients those do not support + gzip, if "gzip_static on" and "gzip_vary off"; the bug had appeared + in 0.8.16. + + +Changes with nginx 0.8.24 11 Nov 2009 + + *) Bugfix: nginx always added "Content-Encoding: gzip" response header + line in 304 responses sent by ngx_http_gzip_static_module. + + *) Bugfix: nginx could not be built without the --with-debug option; + the bug had appeared in 0.8.23. + + *) Bugfix: the "unix:" parameter of the "set_real_ip_from" directive + inherited incorrectly from previous level. + + *) Bugfix: in resolving empty name. + + +Changes with nginx 0.8.23 11 Nov 2009 + + *) Security: now SSL/TLS renegotiation is disabled. + Thanks to Maxim Dounin. + + *) Bugfix: listen unix domain socket did not inherit while online + upgrade. + + *) Bugfix: the "unix:" parameter of the "set_real_ip_from" directive + did not without yet another directive with any IP address. + + *) Bugfix: segmentation fault and infinite looping in resolver. + + *) Bugfix: in resolver. + Thanks to Artem Bokhan. + + +Changes with nginx 0.8.22 03 Nov 2009 + + *) Feature: the "proxy_bind", "fastcgi_bind", and "memcached_bind" + directives. + + *) Feature: the "access" and the "deny" directives support IPv6. + + *) Feature: the "set_real_ip_from" directive supports IPv6 addresses in + request headers. + + *) Feature: the "unix:" parameter of the "set_real_ip_from" directive. + + *) Bugfix: nginx did not delete unix domain socket after configuration + testing. + + *) Bugfix: nginx deleted unix domain socket while online upgrade. + + *) Bugfix: the "!-x" operator did not work. + Thanks to Maxim Dounin. + + *) Bugfix: a segmentation fault might occur in a worker process, if + limit_rate was used in HTTPS server. + Thanks to Maxim Dounin. + + *) Bugfix: a segmentation fault might occur in a worker process while + $limit_rate logging. + Thanks to Maxim Dounin. + + *) Bugfix: a segmentation fault might occur in a worker process, if + there was no "listen" directive in "server" block; the bug had + appeared in 0.8.21. + + +Changes with nginx 0.8.21 26 Oct 2009 + + *) Feature: now the "-V" switch shows TLS SNI support. + + *) Feature: the "listen" directive of the HTTP module supports unix + domain sockets. + Thanks to Hongli Lai. + + *) Feature: the "default_server" parameter of the "listen" directive. + + *) Feature: now a "default" parameter is not required to set listen + socket options. + + *) Bugfix: nginx did not support dates in 2038 year on 32-bit platforms; + + *) Bugfix: socket leak; the bug had appeared in 0.8.11. + + +Changes with nginx 0.8.20 14 Oct 2009 + + *) Change: now default SSL ciphers are "HIGH:!ADH:!MD5". + + *) Bugfix: the ngx_http_autoindex_module did not show the trailing + slash in links to a directory; the bug had appeared in 0.7.15. + + *) Bugfix: nginx did not close a log file set by the --error-log-path + configuration option; the bug had appeared in 0.7.53. + + *) Bugfix: nginx did not treat a comma as separator in the + "Cache-Control" backend response header line. + + *) Bugfix: nginx/Windows might not create temporary file, a cache file, + or "proxy/fastcgi_store"d file if a worker had no enough access + rights for top level directories. + + *) Bugfix: the "Set-Cookie" and "P3P" FastCGI response header lines + were not hidden while caching if no "fastcgi_hide_header" directives + were used with any parameters. + + *) Bugfix: nginx counted incorrectly disk cache size. + + +Changes with nginx 0.8.19 06 Oct 2009 + + *) Change: now SSLv2 protocol is disabled by default. + + *) Change: now default SSL ciphers are "ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM". + + *) Bugfix: a "limit_req" directive did not work; the bug had appeared + in 0.8.18. + + +Changes with nginx 0.8.18 06 Oct 2009 + + *) Feature: the "read_ahead" directive. + + *) Feature: now several "perl_modules" directives may be used. + + *) Feature: the "limit_req_log_level" and "limit_conn_log_level" + directives. + + *) Bugfix: now "limit_req" directive conforms to the leaky bucket + algorithm. + Thanks to Maxim Dounin. + + *) Bugfix: nginx did not work on Linux/sparc. + Thanks to Marcus Ramberg. + + *) Bugfix: nginx sent '\0' in a "Location" response header line on + MKCOL request. + Thanks to Xie Zhenye. + + *) Bugfix: zero status code was logged instead of 499 status code; the + bug had appeared in 0.8.11. + + *) Bugfix: socket leak; the bug had appeared in 0.8.11. + + +Changes with nginx 0.8.17 28 Sep 2009 + + *) Security: now "/../" are disabled in "Destination" request header + line. + + *) Change: now $host variable value is always low case. + + *) Feature: the $ssl_session_id variable. + + *) Bugfix: socket leak; the bug had appeared in 0.8.11. + + +Changes with nginx 0.8.16 22 Sep 2009 + + *) Feature: the "image_filter_transparency" directive. + + *) Bugfix: "addition_types" directive was incorrectly named + "addtion_types". + + *) Bugfix: resolver cache poisoning. + Thanks to Matthew Dempsky. + + *) Bugfix: memory leak in resolver. + Thanks to Matthew Dempsky. + + *) Bugfix: invalid request line in $request variable was written in + access_log only if error_log was set to "info" or "debug" level. + + *) Bugfix: in PNG alpha-channel support in the + ngx_http_image_filter_module. + + *) Bugfix: nginx always added "Vary: Accept-Encoding" response header + line, if both "gzip_static" and "gzip_vary" were on. + + *) Bugfix: in UTF-8 encoding support by "try_files" directive in + nginx/Windows. + + *) Bugfix: in "post_action" directive usage; the bug had appeared in + 0.8.11. + Thanks to Igor Artemiev. + + +Changes with nginx 0.8.15 14 Sep 2009 + + *) Security: a segmentation fault might occur in worker process while + specially crafted request handling. + Thanks to Chris Ries. + + *) Bugfix: if names .domain.tld, .sub.domain.tld, and .domain-some.tld + were defined, then the name .sub.domain.tld was matched by + .domain.tld. + + *) Bugfix: in transparency support in the ngx_http_image_filter_module. + + *) Bugfix: in file AIO. + + *) Bugfix: in X-Accel-Redirect usage; the bug had appeared in 0.8.11. + + *) Bugfix: in embedded perl module; the bug had appeared in 0.8.11. + + +Changes with nginx 0.8.14 07 Sep 2009 + + *) Bugfix: an expired cached response might stick in the "UPDATING" + state. + + *) Bugfix: a segmentation fault might occur in worker process, if + error_log was set to info or debug level. + Thanks to Sergey Bochenkov. + + *) Bugfix: in embedded perl module; the bug had appeared in 0.8.11. + + *) Bugfix: an "error_page" directive did not redirect a 413 error; the + bug had appeared in 0.6.10. + + +Changes with nginx 0.8.13 31 Aug 2009 + + *) Bugfix: in the "aio sendfile" directive; the bug had appeared in + 0.8.12. + + *) Bugfix: nginx could not be built without the --with-file-aio option + on FreeBSD; the bug had appeared in 0.8.12. + + +Changes with nginx 0.8.12 31 Aug 2009 + + *) Feature: the "sendfile" parameter in the "aio" directive on FreeBSD. + + *) Bugfix: in try_files; the bug had appeared in 0.8.11. + + *) Bugfix: in memcached; the bug had appeared in 0.8.11. + + +Changes with nginx 0.8.11 28 Aug 2009 + + *) Change: now directive "gzip_disable msie6" does not disable gzipping + for MSIE 6.0 SV1. + + *) Feature: file AIO support on FreeBSD and Linux. + + *) Feature: the "directio_alignment" directive. + + +Changes with nginx 0.8.10 24 Aug 2009 + + *) Bugfix: memory leaks if GeoIP City database was used. + + *) Bugfix: in copying temporary files to permanent storage area; the + bug had appeared in 0.8.9. + + +Changes with nginx 0.8.9 17 Aug 2009 + + *) Feature: now the start cache loader runs in a separate process; this + should improve large caches handling. + + *) Feature: now temporary files and permanent storage area may reside + at different file systems. + + +Changes with nginx 0.8.8 10 Aug 2009 + + *) Bugfix: in handling FastCGI headers split in records. + + *) Bugfix: a segmentation fault occurred in worker process, if a + request was handled in two proxied or FastCGIed locations and a + caching was enabled in the first location; the bug had appeared in + 0.8.7. + + +Changes with nginx 0.8.7 27 Jul 2009 + + *) Change: minimum supported OpenSSL version is 0.9.7. + + *) Change: the "ask" parameter of the "ssl_verify_client" directive was + changed to the "optional" parameter and now it checks a client + certificate if it was offered. + Thanks to Brice Figureau. + + *) Feature: the $ssl_client_verify variable. + Thanks to Brice Figureau. + + *) Feature: the "ssl_crl" directive. + Thanks to Brice Figureau. + + *) Feature: the "proxy" parameter of the "geo" directive. + + *) Feature: the "image_filter" directive supports variables for setting + size. + + *) Bugfix: the $ssl_client_cert variable usage corrupted memory; the + bug had appeared in 0.7.7. + Thanks to Sergey Zhuravlev. + + *) Bugfix: "proxy_pass_header" and "fastcgi_pass_header" directives did + not pass to a client the "X-Accel-Redirect", "X-Accel-Limit-Rate", + "X-Accel-Buffering", and "X-Accel-Charset" lines from backend + response header. + Thanks to Maxim Dounin. + + *) Bugfix: in handling "Last-Modified" and "Accept-Ranges" backend + response header lines; the bug had appeared in 0.7.44. + Thanks to Maxim Dounin. + + *) Bugfix: the "[alert] zero size buf" error if subrequest returns an + empty response; the bug had appeared in 0.8.5. + + +Changes with nginx 0.8.6 20 Jul 2009 + + *) Feature: the ngx_http_geoip_module. + + *) Bugfix: XSLT filter may fail with message "not well formed XML + document" for valid XML document. + Thanks to Kuramoto Eiji. + + *) Bugfix: now in MacOSX, Cygwin, and nginx/Windows locations given by + a regular expression are always tested in case insensitive mode. + + *) Bugfix: now nginx/Windows ignores trailing dots in URI. + Thanks to Hugo Leisink. + + *) Bugfix: name of file specified in --conf-path was not honored during + installation; the bug had appeared in 0.6.6. + Thanks to Maxim Dounin. + + +Changes with nginx 0.8.5 13 Jul 2009 + + *) Bugfix: now nginx allows underscores in a request method. + + *) Bugfix: a 500 error code was returned for invalid login/password + while HTTP Basic authentication on Windows. + + *) Bugfix: ngx_http_perl_module responses did not work in subrequests. + + *) Bugfix: in ngx_http_limit_req_module. + Thanks to Maxim Dounin. + + +Changes with nginx 0.8.4 22 Jun 2009 + + *) Bugfix: nginx could not be built --without-http-cache; the bug had + appeared in 0.8.3. + + +Changes with nginx 0.8.3 19 Jun 2009 + + *) Feature: the $upstream_cache_status variable. + + *) Bugfix: nginx could not be built on MacOSX 10.6. + + *) Bugfix: nginx could not be built --without-http-cache; the bug had + appeared in 0.8.2. + + *) Bugfix: a segmentation fault occurred in worker process, if a + backend 401 error was intercepted and the backend did not set the + "WWW-Authenticate" response header line. + Thanks to Eugene Mychlo. + + +Changes with nginx 0.8.2 15 Jun 2009 + + *) Bugfix: in open_file_cache and proxy/fastcgi cache interaction on + start up. + + *) Bugfix: open_file_cache might cache open file descriptors too long; + the bug had appeared in 0.7.4. + + +Changes with nginx 0.8.1 08 Jun 2009 + + *) Feature: the "updating" parameter in "proxy_cache_use_stale" and + "fastcgi_cache_use_stale" directives. + + *) Bugfix: the "If-Modified-Since", "If-Range", etc. client request + header lines were passed to backend while caching if no + "proxy_set_header" directive was used with any parameters. + + *) Bugfix: the "Set-Cookie" and "P3P" response header lines were not + hidden while caching if no "proxy_hide_header/fastcgi_hide_header" + directives were used with any parameters. + + *) Bugfix: the ngx_http_image_filter_module did not support GIF87a + format. + Thanks to Denis Ilyinyh. + + *) Bugfix: nginx could not be built modules on Solaris 10 and early; + the bug had appeared in 0.7.56. + + +Changes with nginx 0.8.0 02 Jun 2009 + + *) Feature: the "keepalive_requests" directive. + + *) Feature: the "limit_rate_after" directive. + Thanks to Ivan Debnar. + + *) Bugfix: XLST filter did not work in subrequests. + + *) Bugfix: in relative paths handling in nginx/Windows. + + *) Bugfix: in proxy_store, fastcgi_store, proxy_cache, and + fastcgi_cache in nginx/Windows. + + *) Bugfix: in memory allocation error handling. + Thanks to Maxim Dounin and Kirill A. Korinskiy. + + +Changes with nginx 0.7.59 25 May 2009 + + *) Feature: the "proxy_cache_methods" and "fastcgi_cache_methods" + directives. + + *) Bugfix: socket leak; the bug had appeared in 0.7.25. + Thanks to Maxim Dounin. + + *) Bugfix: a segmentation fault occurred in worker process, + if a request had no body and the $request_body variable was used; + the bug had appeared in 0.7.58. + + *) Bugfix: the SSL modules might not built on Solaris and Linux; + the bug had appeared in 0.7.56. + + *) Bugfix: ngx_http_xslt_filter_module responses were not handled by + SSI, charset, and gzip filters. + + *) Bugfix: a "charset" directive did not set a charset to + ngx_http_gzip_static_module responses. + + +Changes with nginx 0.7.58 18 May 2009 + + *) Feature: a "listen" directive of the mail proxy module supports IPv6. + + *) Feature: the "image_filter_jpeg_quality" directive. + + *) Feature: the "client_body_in_single_buffer" directive. + + *) Feature: the $request_body variable. + + *) Bugfix: in ngx_http_autoindex_module in file name links having a ":" + symbol in the name. + + *) Bugfix: "make upgrade" procedure did not work; the bug had appeared + in 0.7.53. + Thanks to Denis F. Latypoff. + + +Changes with nginx 0.7.57 12 May 2009 + + *) Bugfix: a floating-point fault occurred in worker process, if the + ngx_http_image_filter_module errors were redirected to named + location; the bug had appeared in 0.7.56. + + +Changes with nginx 0.7.56 11 May 2009 + + *) Feature: nginx/Windows supports IPv6 in a "listen" directive of the + HTTP module. + + *) Bugfix: in ngx_http_image_filter_module. + + +Changes with nginx 0.7.55 06 May 2009 + + *) Bugfix: the http_XXX parameters in "proxy_cache_use_stale" and + "fastcgi_cache_use_stale" directives did not work. + + *) Bugfix: fastcgi cache did not cache header only responses. + + *) Bugfix: of "select() failed (9: Bad file descriptor)" error in + nginx/Unix and "select() failed (10038: ...)" error in nginx/Windows. + + *) Bugfix: a segmentation fault might occur in worker process, if an + "debug_connection" directive was used; the bug had appeared in + 0.7.54. + + *) Bugfix: fix ngx_http_image_filter_module building errors. + + *) Bugfix: the files bigger than 2G could not be transferred using + $r->sendfile. + Thanks to Maxim Dounin. + + +Changes with nginx 0.7.54 01 May 2009 + + *) Feature: the ngx_http_image_filter_module. + + *) Feature: the "proxy_ignore_headers" and "fastcgi_ignore_headers" + directives. + + *) Bugfix: a segmentation fault might occur in worker process, if an + "open_file_cache_errors off" directive was used; the bug had + appeared in 0.7.53. + + *) Bugfix: the "port_in_redirect off" directive did not work; the bug + had appeared in 0.7.39. + + *) Bugfix: improve handling of "select" method errors. + + *) Bugfix: of "select() failed (10022: ...)" error in nginx/Windows. + + *) Bugfix: in error text descriptions in nginx/Windows; the bug had + appeared in 0.7.53. + + +Changes with nginx 0.7.53 27 Apr 2009 + + *) Change: now a log set by --error-log-path is created from the very + start-up. + + *) Feature: now the start up errors and warnings are outputted to an + error_log and stderr. + + *) Feature: the empty --prefix= configure parameter forces nginx to use + a directory where it was run as prefix. + + *) Feature: the -p switch. + + *) Feature: the -s switch on Unix platforms. + + *) Feature: the -? and -h switches. + Thanks to Jerome Loyet. + + *) Feature: now switches may be set in condensed form. + + *) Bugfix: nginx/Windows did not work if configuration file was given + by the -c switch. + + *) Bugfix: temporary files might be not removed if the "proxy_store", + "fastcgi_store", "proxy_cache", or "fastcgi_cache" were used. + Thanks to Maxim Dounin. + + *) Bugfix: an incorrect value was passed to mail proxy authentication + server in "Auth-Method" header line; the bug had appeared + in 0.7.34. + Thanks to Simon Lecaille. + + *) Bugfix: system error text descriptions were not logged on Linux; + the bug had appeared in 0.7.45. + + *) Bugfix: the "fastcgi_cache_min_uses" directive did not work. + Thanks to Andrew Vorobyoff. + + +Changes with nginx 0.7.52 20 Apr 2009 + + *) Feature: the first native Windows binary release. + + *) Bugfix: in processing HEAD method while caching. + + *) Bugfix: in processing the "If-Modified-Since", "If-Range", etc. + client request header lines while caching. + + *) Bugfix: now the "Set-Cookie" and "P3P" header lines are hidden in + cacheable responses. + + *) Bugfix: if nginx was built with the ngx_http_perl_module and with a + perl which supports threads, then during a master process exit the + message "panic: MUTEX_LOCK" might be issued. + + *) Bugfix: nginx could not be built --without-http-cache; the bug had + appeared in 0.7.48. + + *) Bugfix: nginx could not be built on platforms different from i386, + amd64, sparc, and ppc; the bug had appeared in 0.7.42. + + +Changes with nginx 0.7.51 12 Apr 2009 + + *) Feature: the "try_files" directive supports a response code in the + fallback parameter. + + *) Feature: now any response code can be used in the "return" directive. + + *) Bugfix: the "error_page" directive made an external redirect without + query string; the bug had appeared in 0.7.44. + + *) Bugfix: if servers listened on several defined explicitly addresses, + then virtual servers might not work; the bug had appeared in 0.7.39. + + +Changes with nginx 0.7.50 06 Apr 2009 + + *) Bugfix: the $arg_... variables did not work; the bug had appeared in + 0.7.49. + + +Changes with nginx 0.7.49 06 Apr 2009 + + *) Bugfix: a segmentation fault might occur in worker process, if the + $arg_... variables were used; the bug had appeared in 0.7.48. + + +Changes with nginx 0.7.48 06 Apr 2009 + + *) Feature: the "proxy_cache_key" directive. + + *) Bugfix: now nginx takes into account the "X-Accel-Expires", + "Expires", and "Cache-Control" header lines in a backend response. + + *) Bugfix: now nginx caches responses for the GET requests only. + + *) Bugfix: the "fastcgi_cache_key" directive was not inherited. + + *) Bugfix: the $arg_... variables did not work with SSI subrequests. + Thanks to Maxim Dounin. + + *) Bugfix: nginx could not be built with uclibc library. + Thanks to Timothy Redaelli. + + *) Bugfix: nginx could not be built on OpenBSD; the bug had + appeared in 0.7.46. + + +Changes with nginx 0.7.47 01 Apr 2009 + + *) Bugfix: nginx could not be built on FreeBSD 6 and early versions; + the bug had appeared in 0.7.46. + + *) Bugfix: nginx could not be built on MacOSX; the bug had + appeared in 0.7.46. + + *) Bugfix: if the "max_size" parameter was set, then the cache manager + might purge a whole cache; the bug had appeared in 0.7.46. + + *) Change: a segmentation fault might occur in worker process, if the + "proxy_cache"/"fastcgi_cache" and the "proxy_cache_valid"/ + "fastcgi_cache_valid" were set on different levels; the bug had + appeared in 0.7.46. + + *) Bugfix: a segmentation fault might occur in worker process, if a + request was redirected to a proxied or FastCGI server via error_page + or try_files; the bug had appeared in 0.7.44. + + +Changes with nginx 0.7.46 30 Mar 2009 + + *) Bugfix: the previous release tarball was incorrect. + + +Changes with nginx 0.7.45 30 Mar 2009 + + *) Change: now the "proxy_cache" and the "proxy_cache_valid" directives + can be set on different levels. + + *) Change: the "clean_time" parameter of the "proxy_cache_path" + directive is canceled. + + *) Feature: the "max_size" parameter of the "proxy_cache_path" + directive. + + *) Feature: the ngx_http_fastcgi_module preliminary cache support. + + *) Feature: now on shared memory allocation errors directive and zone + names are logged. + + *) Bugfix: the directive "add_header last-modified ''" did not delete a + "Last-Modified" response header line; the bug had appeared in 0.7.44. + + *) Bugfix: a relative path in the "auth_basic_user_file" directive + given without variables did not work; the bug had appeared in + 0.7.44. + Thanks to Jerome Loyet. + + *) Bugfix: in an "alias" directive given using variables without + references to captures of regular expressions; the bug had appeared + in 0.7.42. + + +Changes with nginx 0.7.44 23 Mar 2009 + + *) Feature: the ngx_http_proxy_module preliminary cache support. + + *) Feature: the --with-pcre option in the configure. + + *) Feature: the "try_files" directive is now allowed on the server + block level. + + *) Bugfix: the "try_files" directive handled incorrectly a query string + in a fallback parameter. + + *) Bugfix: the "try_files" directive might test incorrectly directories. + + *) Bugfix: if there was a single server for given address:port pair, + then captures in regular expressions in a "server_name" directive + did not work. + + +Changes with nginx 0.7.43 18 Mar 2009 + + *) Bugfix: a request was handled incorrectly, if a "root" directive + used variables; the bug had appeared in 0.7.42. + + *) Bugfix: if a server listened on wildcard address, then the + $server_addr variable value was "0.0.0.0"; the bug had appeared in + 0.7.36. + + +Changes with nginx 0.7.42 16 Mar 2009 + + *) Change: now the "Invalid argument" error returned by + setsockopt(TCP_NODELAY) on Solaris, is ignored. + + *) Change: now if a file specified in a "auth_basic_user_file" + directive is absent, then the 403 error is returned instead of the + 500 one. + + *) Feature: the "auth_basic_user_file" directive supports variables. + Thanks to Kirill A. Korinskiy. + + *) Feature: the "listen" directive supports the "ipv6only" parameter. + Thanks to Zhang Hua. + + *) Bugfix: in an "alias" directive with references to captures of + regular expressions; the bug had appeared in 0.7.40. + + *) Bugfix: compatibility with Tru64 UNIX. + Thanks to Dustin Marquess. + + *) Bugfix: nginx could not be built without PCRE library; the bug had + appeared in 0.7.41. + + +Changes with nginx 0.7.41 11 Mar 2009 + + *) Bugfix: a segmentation fault might occur in worker process, if a + "server_name" or a "location" directives had captures in regular + expressions; the issue had appeared in 0.7.40. + Thanks to Vladimir Sopot. + + +Changes with nginx 0.7.40 09 Mar 2009 + + *) Feature: the "location" directive supports captures in regular + expressions. + + *) Feature: an "alias" directive with capture references may be used + inside a location given by a regular expression with captures. + + *) Feature: the "server_name" directive supports captures in regular + expressions. + + *) Workaround: the ngx_http_autoindex_module did not show the trailing + slash in directories on XFS filesystem; the issue had appeared in + 0.7.15. + Thanks to Dmitry Kuzmenko. + + +Changes with nginx 0.7.39 02 Mar 2009 + + *) Bugfix: large response with SSI might hang, if gzipping was enabled; + the bug had appeared in 0.7.28. + Thanks to Artem Bokhan. + + *) Bugfix: a segmentation fault might occur in worker process, if short + static variants are used in a "try_files" directive. + + +Changes with nginx 0.7.38 23 Feb 2009 + + *) Feature: authentication failures logging. + + *) Bugfix: name/password in auth_basic_user_file were ignored after odd + number of empty lines. + Thanks to Alexander Zagrebin. + + *) Bugfix: a segmentation fault occurred in a master process, if long + path was used in unix domain socket; the bug had appeared in 0.7.36. + + +Changes with nginx 0.7.37 21 Feb 2009 + + *) Bugfix: directives using upstreams did not work; the bug had + appeared in 0.7.36. + + +Changes with nginx 0.7.36 21 Feb 2009 + + *) Feature: a preliminary IPv6 support; the "listen" directive of the + HTTP module supports IPv6. + + *) Bugfix: the $ancient_browser variable did not work for browsers + preset by a "modern_browser" directives. + + +Changes with nginx 0.7.35 16 Feb 2009 + + *) Bugfix: a "ssl_engine" directive did not use a SSL-accelerator for + asymmetric ciphers. + Thanks to Marcin Gozdalik. + + *) Bugfix: a "try_files" directive set MIME type depending on an + original request extension. + + *) Bugfix: "*domain.tld" names were handled incorrectly in + "server_name", "valid_referers", and "map" directives, if + ".domain.tld" and ".subdomain.domain.tld" wildcards were used; + the bug had appeared in 0.7.9. + + +Changes with nginx 0.7.34 10 Feb 2009 + + *) Feature: the "off" parameter of the "if_modified_since" directive. + + *) Feature: now nginx sends an HELO/EHLO command after a XCLIENT + command. + Thanks to Maxim Dounin. + + *) Feature: Microsoft specific "AUTH LOGIN with User Name" mode support + in mail proxy server. + Thanks to Maxim Dounin. + + *) Bugfix: in a redirect rewrite directive original arguments were + concatenated with new arguments by a "?" rather than an "&"; + the bug had appeared in 0.1.18. + Thanks to Maxim Dounin. + + *) Bugfix: nginx could not be built on AIX. + + +Changes with nginx 0.7.33 02 Feb 2009 + + *) Bugfix: a double response might be returned if the epoll or rtsig + methods are used and a redirect was returned to a request with + body. + Thanks to Eden Li. + + *) Bugfix: the $sent_http_location variable was empty for some + redirects types. + + *) Bugfix: a segmentation fault might occur in worker process if + "resolver" directive was used in SMTP proxy. + + +Changes with nginx 0.7.32 26 Jan 2009 + + *) Feature: now a directory existence testing can be set explicitly in + the "try_files" directive. + + *) Bugfix: fastcgi_store stored files not always. + + *) Bugfix: in geo ranges. + + *) Bugfix: in shared memory allocations if nginx was built without + debugging. + Thanks to Andrey Kvasov. + + +Changes with nginx 0.7.31 19 Jan 2009 + + *) Change: now the "try_files" directive tests files only and ignores + directories. + + *) Feature: the "fastcgi_split_path_info" directive. + + *) Bugfixes in an "Expect" request header line support. + + *) Bugfixes in geo ranges. + + *) Bugfix: in a miss case ngx_http_memcached_module returned the "END" + line as response body instead of default 404 page body; the bug had + appeared in 0.7.18. + Thanks to Maxim Dounin. + + *) Bugfix: while SMTP proxying nginx issued message "250 2.0.0 OK" + instead of "235 2.0.0 OK"; the bug had appeared in 0.7.22. + Thanks to Maxim Dounin. + + +Changes with nginx 0.7.30 24 Dec 2008 + + *) Bugfix: a segmentation fault occurred in worker process, if + variables were used in the "fastcgi_pass" or "proxy_pass" directives + and host name must be resolved; the bug had appeared in 0.7.29. + + +Changes with nginx 0.7.29 24 Dec 2008 + + *) Bugfix: the "fastcgi_pass" and "proxy_pass" directives did not + support variables if unix domain sockets were used. + + *) Bugfixes in subrequest processing; the bugs had appeared in 0.7.25. + + *) Bugfix: a "100 Continue" response was issued for HTTP/1.0 + requests; + Thanks to Maxim Dounin. + + *) Bugfix: in memory allocation in the ngx_http_gzip_filter_module on + Cygwin. + + +Changes with nginx 0.7.28 22 Dec 2008 + + *) Change: in memory allocation in the ngx_http_gzip_filter_module. + + *) Change: the default "gzip_buffers" directive values have been + changed to 32 4k or 16 8k from 4 4k/8k. + + +Changes with nginx 0.7.27 15 Dec 2008 + + *) Feature: the "try_files" directive. + + *) Feature: variables support in the "fastcgi_pass" directive. + + *) Feature: now the $geo variable may get an address from a + variable. + Thanks to Andrei Nigmatulin. + + *) Feature: now a location's modifier may be used without space before + name. + + *) Feature: the $upstream_response_length variable. + + *) Bugfix: now a "add_header" directive does not add an empty value. + + *) Bugfix: if zero length static file was requested, then nginx just + closed connection; the bug had appeared in 0.7.25. + + *) Bugfix: a MOVE method could not move file in non-existent directory. + + *) Bugfix: a segmentation fault occurred in worker process, if no one + named location was defined in server, but some one was used in an + error_page directive. + Thanks to Sergey Bochenkov. + + +Changes with nginx 0.7.26 08 Dec 2008 + + *) Bugfix: in subrequest processing; the bug had appeared in 0.7.25. + + +Changes with nginx 0.7.25 08 Dec 2008 + + *) Change: in subrequest processing. + + *) Change: now POSTs without "Content-Length" header line are allowed. + + *) Bugfix: now the "limit_req" and "limit_conn" directives log a + prohibition reason. + + *) Bugfix: in the "delete" parameter of the "geo" directive. + + +Changes with nginx 0.7.24 01 Dec 2008 + + *) Feature: the "if_modified_since" directive. + + *) Bugfix: nginx did not process a FastCGI server response, if the + server send too many messages to stderr before response. + + *) Bugfix: the "$cookie_..." variables did not work in the SSI and the + perl module. + + +Changes with nginx 0.7.23 27 Nov 2008 + + *) Feature: the "delete" and "ranges" parameters in the "geo" directive. + + *) Feature: speeding up loading of geo base with large number of values. + + *) Feature: decrease of memory required for geo base load. + + +Changes with nginx 0.7.22 20 Nov 2008 + + *) Feature: the "none" parameter in the "smtp_auth" directive. + Thanks to Maxim Dounin. + + *) Feature: the "$cookie_..." variables. + + *) Bugfix: the "directio" directive did not work in XFS filesystem. + + *) Bugfix: the resolver did not understand big DNS responses. + Thanks to Zyb. + + +Changes with nginx 0.7.21 11 Nov 2008 + + *) Changes in the ngx_http_limit_req_module. + + *) Feature: the EXSLT support in the ngx_http_xslt_module. + Thanks to Denis F. Latypoff. + + *) Workaround: compatibility with glibc 2.3. + Thanks to Eric Benson and Maxim Dounin. + + *) Bugfix: nginx could not run on MacOSX 10.4 and earlier; the bug had + appeared in 0.7.6. + + +Changes with nginx 0.7.20 10 Nov 2008 + + *) Changes in the ngx_http_gzip_filter_module. + + *) Feature: the ngx_http_limit_req_module. + + *) Bugfix: worker processes might exit on a SIGBUS signal on sparc and + ppc platforms; the bug had appeared in 0.7.3. + Thanks to Maxim Dounin. + + *) Bugfix: the "proxy_pass http://host/some:uri" directives did not + work; the bug had appeared in 0.7.12. + + *) Bugfix: in HTTPS mode requests might fail with the "bad write retry" + error. + + *) Bugfix: the ngx_http_secure_link_module did not work inside + locations, whose names are less than 3 characters. + + *) Bugfix: $server_addr variable might have no value. + + +Changes with nginx 0.7.19 13 Oct 2008 + + *) Bugfix: version number update. + + +Changes with nginx 0.7.18 13 Oct 2008 + + *) Change: the "underscores_in_headers" directive; now nginx does not + allows underscores in a client request header line names. + + *) Feature: the ngx_http_secure_link_module. + + *) Feature: the "real_ip_header" directive supports any header. + + *) Feature: the "log_subrequest" directive. + + *) Feature: the $realpath_root variable. + + *) Feature: the "http_502" and "http_504" parameters of the + "proxy_next_upstream" directive. + + *) Bugfix: the "http_503" parameter of the "proxy_next_upstream" or + "fastcgi_next_upstream" directives did not work. + + *) Bugfix: nginx might send a "Transfer-Encoding: chunked" header line + for HEAD requests. + + *) Bugfix: now accept threshold depends on worker_connections. + + +Changes with nginx 0.7.17 15 Sep 2008 + + *) Feature: now the "directio" directive works on Linux. + + *) Feature: the $pid variable. + + *) Bugfix: the "directio" optimization that had appeared in 0.7.15 did + not work with open_file_cache. + + *) Bugfix: the "access_log" with variables did not work on Linux; the + bug had appeared in 0.7.7. + + *) Bugfix: the ngx_http_charset_module did not understand quoted + charset name received from backend. + + +Changes with nginx 0.7.16 08 Sep 2008 + + *) Bugfix: nginx could not be built on 64-bit platforms; the bug had + appeared in 0.7.15. + + +Changes with nginx 0.7.15 08 Sep 2008 + + *) Feature: the ngx_http_random_index_module. + + *) Feature: the "directio" directive has been optimized for file + requests starting from arbitrary position. + + *) Feature: the "directio" directive turns off sendfile if it is + necessary. + + *) Feature: now nginx allows underscores in a client request header + line names. + + +Changes with nginx 0.7.14 01 Sep 2008 + + *) Change: now the ssl_certificate and ssl_certificate_key directives + have not default values. + + *) Feature: the "listen" directive supports the "ssl" parameter. + + *) Feature: now nginx takes into account a time zone change while + reconfiguration on FreeBSD and Linux. + + *) Bugfix: the "listen" directive parameters such as "backlog", + "rcvbuf", etc. were not set, if a default server was not the first + one. + + *) Bugfix: if URI part captured by a "rewrite" directive was used as a + query string, then the query string was not escaped. + + *) Bugfix: configuration file validity test improvements. + + +Changes with nginx 0.7.13 26 Aug 2008 + + *) Bugfix: nginx could not be built on Linux and Solaris; the bug had + appeared in 0.7.12. + + +Changes with nginx 0.7.12 26 Aug 2008 + + *) Feature: the "server_name" directive supports empty name "". + + *) Feature: the "gzip_disable" directive supports special "msie6" mask. + + *) Bugfix: if the "max_fails=0" parameter was used in upstream with + several servers, then a worker process exited on a SIGFPE signal. + Thanks to Maxim Dounin. + + *) Bugfix: a request body was dropped while redirection via an + "error_page" directive. + + *) Bugfix: a full response was returned for request method HEAD while + redirection via an "error_page" directive. + + *) Bugfix: the $r->header_in() method did not return value of the + "Host", "User-Agent", and "Connection" request header lines; the bug + had appeared in 0.7.0. + + +Changes with nginx 0.7.11 18 Aug 2008 + + *) Change: now ngx_http_charset_module does not work by default with + text/css MIME type. + + *) Feature: now nginx returns the 405 status code for POST method + requesting a static file only if the file exists. + + *) Feature: the "proxy_ssl_session_reuse" directive. + + *) Bugfix: a "proxy_pass" directive without URI part might use original + request after the "X-Accel-Redirect" redirection was used; + + *) Bugfix: if a directory has search only rights and the first index + file was absent, then nginx returned the 500 status code. + + *) Bugfix: in inclusive locations; the bugs had appeared in 0.7.1. + + +Changes with nginx 0.7.10 13 Aug 2008 + + *) Bugfix: in the "addition_types", "charset_types", "gzip_types", + "ssi_types", "sub_filter_types", and "xslt_types" directives; the + bugs had appeared in 0.7.9. + + *) Bugfix: of recursive error_page for 500 status code. + + *) Bugfix: now the ngx_http_realip_module sets address not for whole + keepalive connection, but for each request passed via the connection. + + +Changes with nginx 0.7.9 12 Aug 2008 + + *) Change: now ngx_http_charset_module works by default with following + MIME types: text/html, text/css, text/xml, text/plain, + text/vnd.wap.wml, application/x-javascript, and application/rss+xml. + + *) Feature: the "charset_types" and "addition_types" directives. + + *) Feature: now the "gzip_types", "ssi_types", and "sub_filter_types" + directives use hash. + + *) Feature: the ngx_cpp_test_module. + + *) Feature: the "expires" directive supports daily time. + + *) Feature: the ngx_http_xslt_module improvements and bug fixing. + Thanks to Denis F. Latypoff and Maxim Dounin. + + *) Bugfix: the "log_not_found" directive did not work for index files + tests. + + *) Bugfix: HTTPS connections might hang, if kqueue, epoll, rtsig, or + eventport methods were used; the bug had appeared in 0.7.7. + + *) Bugfix: if the "server_name", "valid_referers", and "map" directives + used an "*.domain.tld" wildcard and exact name "domain.tld" was not + set, then the exact name was matched by the wildcard; the bug had + appeared in 0.3.18. + + +Changes with nginx 0.7.8 04 Aug 2008 + + *) Feature: the ngx_http_xslt_module. + + *) Feature: the "$arg_..." variables. + + *) Feature: Solaris directio support. + Thanks to Ivan Debnar. + + *) Bugfix: now if FastCGI server sends a "Location" header line without + status line, then nginx uses 302 status code. + Thanks to Maxim Dounin. + + +Changes with nginx 0.7.7 30 Jul 2008 + + *) Change: now the EAGAIN error returned by connect() is not considered + as temporary error. + + *) Change: now the $ssl_client_cert variable value is a certificate + with TAB character intended before each line except first one; an + unchanged certificate is available in the $ssl_client_raw_cert + variable. + + *) Feature: the "ask" parameter in the "ssl_verify_client" directive. + + *) Feature: byte-range processing improvements. + Thanks to Maxim Dounin. + + *) Feature: the "directio" directive. + Thanks to Jiang Hong. + + *) Feature: MacOSX 10.5 sendfile() support. + + *) Bugfix: now in MacOSX and Cygwin locations are tested in case + insensitive mode; however, the compare is provided by single-byte + locales only. + + *) Bugfix: mail proxy SSL connections hanged, if select, poll, or + /dev/poll methods were used. + + *) Bugfix: UTF-8 encoding usage in the ngx_http_autoindex_module. + + +Changes with nginx 0.7.6 07 Jul 2008 + + *) Bugfix: now if variables are used in the "access_log" directive a + request root existence is always tested. + + *) Bugfix: the ngx_http_flv_module did not support several values in a + query string. + + +Changes with nginx 0.7.5 01 Jul 2008 + + *) Bugfixes in variables support in the "access_log" directive; the + bugs had appeared in 0.7.4. + + *) Bugfix: nginx could not be built --without-http_gzip_module; the bug + had appeared in 0.7.3. + Thanks to Kirill A. Korinskiy. + + *) Bugfix: if sub_filter and SSI were used together, then responses + might were transferred incorrectly. + + +Changes with nginx 0.7.4 30 Jun 2008 + + *) Feature: variables support in the "access_log" directive. + + *) Feature: the "open_log_file_cache" directive. + + *) Feature: the -g switch. + + *) Feature: the "Expect" request header line support. + + *) Bugfix: large SSI inclusions might be truncated. + + +Changes with nginx 0.7.3 23 Jun 2008 + + *) Change: the "rss" extension MIME type has been changed to + "application/rss+xml". + + *) Change: now the "gzip_vary" directive turned on issues a + "Vary: Accept-Encoding" header line for uncompressed responses too. + + *) Feature: now the "rewrite" directive does a redirect automatically + if the "https://" protocol is used. + + *) Bugfix: the "proxy_pass" directive did not work with the HTTPS + protocol; the bug had appeared in 0.6.9. + + +Changes with nginx 0.7.2 16 Jun 2008 + + *) Feature: now nginx supports EDH key exchange ciphers. + + *) Feature: the "ssl_dhparam" directive. + + *) Feature: the $ssl_client_cert variable. + Thanks to Manlio Perillo. + + *) Bugfix: after changing URI via a "rewrite" directive nginx did not + search a new location; the bug had appeared in 0.7.1. + Thanks to Maxim Dounin. + + *) Bugfix: nginx could not be built without PCRE library; the bug had + appeared in 0.7.1. + + *) Bugfix: when a request to a directory was redirected with the slash + added, nginx dropped a query string from the original request. + + +Changes with nginx 0.7.1 26 May 2008 + + *) Change: now locations are searched in a tree. + + *) Change: the "optimize_server_names" directive was canceled due to + the "server_name_in_redirect" directive introduction. + + *) Change: some long deprecated directives are not supported anymore. + + *) Change: the "none" parameter in the "ssl_session_cache" directive; + now this is default parameter. + Thanks to Rob Mueller. + + *) Bugfix: worker processes might not catch reconfiguration and log + rotation signals. + + *) Bugfix: nginx could not be built on latest Fedora 9 Linux. + Thanks to Roxis. + + +Changes with nginx 0.7.0 19 May 2008 + + *) Change: now the 0x00-0x1F, '"' and '\' characters are escaped as + \xXX in an access_log. + Thanks to Maxim Dounin. + + *) Change: now nginx allows several "Host" request header line. + + *) Feature: the "modified" flag in the "expires" directive. + + *) Feature: the $uid_got and $uid_set variables may be used at any + request processing stage. + + *) Feature: the $hostname variable. + Thanks to Andrei Nigmatulin. + + *) Feature: DESTDIR support. + Thanks to Todd A. Fisher and Andras Voroskoi. + + *) Bugfix: a segmentation fault might occur in worker process on Linux, + if keepalive was enabled. + + +Changes with nginx 0.6.31 12 May 2008 + + *) Bugfix: nginx did not process FastCGI response if header was at the + end of FastCGI record; the bug had appeared in 0.6.2. + Thanks to Sergey Serov. + + *) Bugfix: a segmentation fault might occur in worker process if a file + was deleted and the "open_file_cache_errors" directive was off. + + +Changes with nginx 0.6.30 29 Apr 2008 + + *) Change: now if an "include" directive pattern does not match any + file, then nginx does not issue an error. + + *) Feature: now the time in directives may be specified without spaces, + for example, "1h50m". + + *) Bugfix: memory leaks if the "ssl_verify_client" directive was on. + Thanks to Chavelle Vincent. + + *) Bugfix: the "sub_filter" directive might set text to change into + output. + + *) Bugfix: the "error_page" directive did not take into account + arguments in redirected URI. + + *) Bugfix: now nginx always opens files in binary mode under Cygwin. + + *) Bugfix: nginx could not be built on OpenBSD; the bug had appeared in + 0.6.15. + + +Changes with nginx 0.6.29 18 Mar 2008 + + *) Feature: the ngx_google_perftools_module. + + *) Bugfix: the ngx_http_perl_module could not be built on 64-bit + platforms; the bug had appeared in 0.6.27. + + +Changes with nginx 0.6.28 13 Mar 2008 + + *) Bugfix: the rtsig method could not be built; the bug had appeared in + 0.6.27. + + +Changes with nginx 0.6.27 12 Mar 2008 + + *) Change: now by default the rtsig method is not built on + Linux 2.6.18+. + + *) Change: now a request method is not changed while redirection to a + named location via an "error_page" directive. + + *) Feature: the "resolver" and "resolver_timeout" directives in SMTP + proxy. + + *) Feature: the "post_action" directive supports named locations. + + *) Bugfix: a segmentation fault occurred in worker process, if a + request was redirected from proxy, FastCGI, or memcached location to + static named locations. + + *) Bugfix: browsers did not repeat SSL handshake if there is no valid + client certificate in first handshake. + Thanks to Alexander V. Inyukhin. + + *) Bugfix: if response code 495-497 was redirected via an "error_page" + directive without code change, then nginx tried to allocate too many + memory. + + *) Bugfix: memory leak in long-lived non buffered connections. + + *) Bugfix: memory leak in resolver. + + *) Bugfix: a segmentation fault occurred in worker process, if a + request was redirected from proxy, FastCGI, or memcached location to + static named locations. + + *) Bugfix: in the $proxy_host and $proxy_port variables caching. + Thanks to Sergey Bochenkov. + + *) Bugfix: a "proxy_pass" directive with variables used incorrectly the + same port as in another "proxy_pass" directive with the same host + name and without variables. + Thanks to Sergey Bochenkov. + + *) Bugfix: an alert "sendmsg() failed (9: Bad file descriptor)" on some + 64-bit platforms while reconfiguration. + + *) Bugfix: a segmentation fault occurred in worker process, if empty + stub block was used second time in SSI. + + *) Bugfix: in copying URI part contained escaped symbols into arguments. + + +Changes with nginx 0.6.26 11 Feb 2008 + + *) Bugfix: the "proxy_store" and "fastcgi_store" directives did not + check a response length. + + *) Bugfix: a segmentation fault occurred in worker process, if big + value was used in a "expires" directive. + Thanks to Joaquin Cuenca Abela. + + *) Bugfix: nginx incorrectly detected cache line size on Pentium 4. + Thanks to Gena Makhomed. + + *) Bugfix: in proxied or FastCGI subrequests a client original method + was used instead of the GET method. + + *) Bugfix: socket leak in HTTPS mode if deferred accept was used. + Thanks to Ben Maurer. + + *) Bugfix: nginx issued the bogus error message "SSL_shutdown() failed + (SSL: )"; the bug had appeared in 0.6.23. + + *) Bugfix: in HTTPS mode requests might fail with the "bad write retry" + error; the bug had appeared in 0.6.23. + + +Changes with nginx 0.6.25 08 Jan 2008 + + *) Change: now the "server_name_in_redirect" directive is used instead + of the "server_name" directive's special "*" parameter. + + *) Change: now wildcard and regex names can be used as main name in a + "server_name" directive. + + *) Change: the "satisfy_any" directive was replaced by the "satisfy" + directive. + + *) Workaround: old worker processes might hog CPU after reconfiguration + if they was run under Linux OpenVZ. + + *) Feature: the "min_delete_depth" directive. + + *) Bugfix: the COPY and MOVE methods did not work with single files. + + *) Bugfix: the ngx_http_gzip_static_module did not allow the + ngx_http_dav_module to work; the bug had appeared in 0.6.23. + + *) Bugfix: socket leak in HTTPS mode if deferred accept was used. + Thanks to Ben Maurer. + + *) Bugfix: nginx could not be built without PCRE library; the bug had + appeared in 0.6.23. + + +Changes with nginx 0.6.24 27 Dec 2007 + + *) Bugfix: a segmentation fault might occur in worker process if HTTPS + was used; the bug had appeared in 0.6.23. + + +Changes with nginx 0.6.23 27 Dec 2007 + + *) Change: the "off" parameter in the "ssl_session_cache" directive; + now this is default parameter. + + *) Change: the "open_file_cache_retest" directive was renamed to the + "open_file_cache_valid". + + *) Feature: the "open_file_cache_min_uses" directive. + + *) Feature: the ngx_http_gzip_static_module. + + *) Feature: the "gzip_disable" directive. + + *) Feature: the "memcached_pass" directive may be used inside the "if" + block. + + *) Bugfix: a segmentation fault occurred in worker process, if the + "memcached_pass" and "if" directives were used in the same location. + + *) Bugfix: if a "satisfy_any on" directive was used and not all access + and auth modules directives were set, then other given access and + auth directives were not tested; + + *) Bugfix: regex parameters in a "valid_referers" directive were not + inherited from previous level. + + *) Bugfix: a "post_action" directive did run if a request was completed + with 499 status code. + + *) Bugfix: optimization of 16K buffer usage in a SSL connection. + Thanks to Ben Maurer. + + *) Bugfix: the STARTTLS in SMTP mode did not work. + Thanks to Oleg Motienko. + + *) Bugfix: in HTTPS mode requests might fail with the "bad write retry" + error; the bug had appeared in 0.5.13. + + +Changes with nginx 0.6.22 19 Dec 2007 + + *) Change: now all ngx_http_perl_module methods return values copied to + perl's allocated memory. + + *) Bugfix: if nginx was built with ngx_http_perl_module, the perl + before 5.8.6 was used, and perl supported threads, then during + reconfiguration the master process aborted; the bug had appeared in + 0.5.9. + Thanks to Boris Zhmurov. + + *) Bugfix: the ngx_http_perl_module methods may get invalid values of + the regex captures. + + *) Bugfix: a segmentation fault occurred in worker process, if the + $r->has_request_body() method was called for a request whose small + request body was already received. + + *) Bugfix: large_client_header_buffers did not freed before going to + keep-alive state. + Thanks to Olexander Shtepa. + + *) Bugfix: the last address was missed in the $upstream_addr variable; + the bug had appeared in 0.6.18. + + *) Bugfix: the "fastcgi_catch_stderr" directive did return error code; + now it returns 502 code, that can be rerouted to a next server using + the "fastcgi_next_upstream invalid_header" directive. + + *) Bugfix: a segmentation fault occurred in master process if the + "fastcgi_catch_stderr" directive was used; the bug had appeared in + 0.6.10. + Thanks to Manlio Perillo. + + +Changes with nginx 0.6.21 03 Dec 2007 + + *) Change: if variable values used in a "proxy_pass" directive contain + IP-addresses only, then a "resolver" directive is not mandatory. + + *) Bugfix: a segmentation fault might occur in worker process if a + "proxy_pass" directive with URI-part was used; the bug had appeared + in 0.6.19. + + *) Bugfix: if resolver was used on platform that does not support + kqueue, then nginx issued an alert "name is out of response". + Thanks to Andrei Nigmatulin. + + *) Bugfix: if the $server_protocol was used in FastCGI parameters and a + request line length was near to the "client_header_buffer_size" + directive value, then nginx issued an alert "fastcgi: the request + record is too big". + + *) Bugfix: if a plain text HTTP/0.9 version request was made to HTTPS + server, then nginx returned usual response. + + +Changes with nginx 0.6.20 28 Nov 2007 + + *) Bugfix: a segmentation fault might occur in worker process if a + "proxy_pass" directive with URI-part was used; the bug had appeared + in 0.6.19. + + +Changes with nginx 0.6.19 27 Nov 2007 + + *) Bugfix: the 0.6.18 version could not be built. + + +Changes with nginx 0.6.18 27 Nov 2007 + + *) Change: now the ngx_http_userid_module adds start time microseconds + to the cookie field contains a pid value. + + *) Change: now the full request line instead of URI only is written to + error_log. + + *) Feature: variables support in the "proxy_pass" directive. + + *) Feature: the "resolver" and "resolver_timeout" directives. + + *) Feature: now the directive "add_header last-modified ''" deletes a + "Last-Modified" response header line. + + *) Bugfix: the "limit_rate" directive did not allow to use full + throughput, even if limit value was very high. + + +Changes with nginx 0.6.17 15 Nov 2007 + + *) Feature: the "If-Range" request header line support. + Thanks to Alexander V. Inyukhin. + + *) Bugfix: URL double escaping in a redirect of the "msie_refresh" + directive; the bug had appeared in 0.6.4. + + *) Bugfix: the "autoindex" directive did not work with the "alias /" + directive. + + *) Bugfix: a segmentation fault might occur in worker process if + subrequests were used. + + *) Bugfix: the big responses may be transferred truncated if SSL and + gzip were used. + + *) Bugfix: the $status variable was equal to 0 if a proxied server + returned response in HTTP/0.9 version. + + +Changes with nginx 0.6.16 29 Oct 2007 + + *) Change: now the uname(2) is used on Linux instead of procfs. + Thanks to Ilya Novikov. + + *) Bugfix: if the "?" character was in a "error_page" directive, then + it was escaped in a proxied request; the bug had appeared in 0.6.11. + + *) Bugfix: compatibility with mget. + + +Changes with nginx 0.6.15 22 Oct 2007 + + *) Feature: Cygwin compatibility. + Thanks to Vladimir Kutakov. + + *) Feature: the "merge_slashes" directive. + + *) Feature: the "gzip_vary" directive. + + *) Feature: the "server_tokens" directive. + + *) Bugfix: nginx did not unescape URI in the "include" SSI command. + + *) Bugfix: the segmentation fault was occurred on start or while + reconfiguration if variable was used in the "charset" or + "source_charset" directives. + + *) Bugfix: nginx returned the 400 response on requests like + "GET http://www.domain.com HTTP/1.0". + Thanks to James Oakley. + + *) Bugfix: if request with request body was redirected using the + "error_page" directive, then nginx tried to read the request body + again; the bug had appeared in 0.6.7. + + *) Bugfix: a segmentation fault occurred in worker process if no + server_name was explicitly defined for server processing request; + the bug had appeared in 0.6.7. + + +Changes with nginx 0.6.14 15 Oct 2007 + + *) Change: now by default the "echo" SSI command uses entity encoding. + + *) Feature: the "encoding" parameter in the "echo" SSI command. + + *) Feature: the "access_log" directive may be used inside the + "limit_except" block. + + *) Bugfix: if all upstream servers were failed, then all servers had + got weight the was equal one until servers became alive; the bug had + appeared in 0.6.6. + + *) Bugfix: a segmentation fault occurred in worker process if + $date_local and $date_gmt were used outside the + ngx_http_ssi_filter_module. + + *) Bugfix: a segmentation fault might occur in worker process if debug + log was enabled. + Thanks to Andrei Nigmatulin. + + *) Bugfix: ngx_http_memcached_module did not set + $upstream_response_time. + Thanks to Maxim Dounin. + + *) Bugfix: a worker process may got caught in an endless loop, if the + memcached was used. + + *) Bugfix: nginx supported low case only "close" and "keep-alive" + values in the "Connection" request header line; the bug had appeared + in 0.6.11. + + *) Bugfix: sub_filter did not work with empty substitution. + + *) Bugfix: in sub_filter parsing. + + +Changes with nginx 0.6.13 24 Sep 2007 + + *) Bugfix: nginx did not close directory file on HEAD request if + autoindex was used. + Thanks to Arkadiusz Patyk. + + +Changes with nginx 0.6.12 21 Sep 2007 + + *) Change: mail proxy was split on three modules: pop3, imap and smtp. + + *) Feature: the --without-mail_pop3_module, --without-mail_imap_module, + and --without-mail_smtp_module configuration parameters. + + *) Feature: the "smtp_greeting_delay" and "smtp_client_buffer" + directives of the ngx_mail_smtp_module. + + *) Bugfix: the trailing wildcards did not work; the bug had appeared in + 0.6.9. + + *) Bugfix: nginx could not start on Solaris if the shared PCRE library + located in non-standard place was used. + + *) Bugfix: the "proxy_hide_header" and "fastcgi_hide_header" directives + did not hide response header lines whose name was longer than 32 + characters. + Thanks to Manlio Perillo. + + +Changes with nginx 0.6.11 11 Sep 2007 + + *) Bugfix: active connection counter always increased if mail proxy was + used. + + *) Bugfix: if backend returned response header only using non-buffered + proxy, then nginx closed backend connection on timeout. + + *) Bugfix: nginx did not support several "Connection" request header + lines. + + *) Bugfix: if the "max_fails" was set for upstream server, then after + first failure server weight was always one; the bug had appeared in + 0.6.6. + + +Changes with nginx 0.6.10 03 Sep 2007 + + *) Feature: the "open_file_cache", "open_file_cache_retest", and + "open_file_cache_errors" directives. + + *) Bugfix: socket leak; the bug had appeared in 0.6.7. + + *) Bugfix: a charset set by the "charset" directive was not appended to + the "Content-Type" header set by $r->send_http_header(). + + *) Bugfix: a segmentation fault might occur in worker process if + /dev/poll method was used. + + +Changes with nginx 0.6.9 28 Aug 2007 + + *) Bugfix: a worker process may got caught in an endless loop, if the + HTTPS protocol was used; the bug had appeared in 0.6.7. + + *) Bugfix: if server listened on two addresses or ports and trailing + wildcard was used, then nginx did not run. + + *) Bugfix: the "ip_hash" directive might incorrectly mark servers as + down. + + *) Bugfix: nginx could not be built on amd64; the bug had appeared in + 0.6.8. + + +Changes with nginx 0.6.8 20 Aug 2007 + + *) Change: now nginx tries to set the "worker_priority", + "worker_rlimit_nofile", "worker_rlimit_core", and + "worker_rlimit_sigpending" without super-user privileges. + + *) Change: now nginx escapes space and "%" in request to a mail proxy + authentication server. + + *) Change: now nginx escapes "%" in $memcached_key variable. + + *) Bugfix: nginx used path relative to configuration prefix for + non-absolute configuration file path specified in the "-c" key; the + bug had appeared in 0.6.6. + + *) Bugfix: nginx did not work on FreeBSD/sparc64. + + +Changes with nginx 0.6.7 15 Aug 2007 + + *) Change: now the paths specified in the "include", + "auth_basic_user_file", "perl_modules", "ssl_certificate", + "ssl_certificate_key", and "ssl_client_certificate" directives are + relative to directory of nginx configuration file nginx.conf, but + not to nginx prefix directory. + + *) Change: the --sysconfdir=PATH option in configure was canceled. + + *) Change: the special make target "upgrade1" was defined for online + upgrade of 0.1.x versions. + + *) Feature: the "server_name" and "valid_referers" directives support + regular expressions. + + *) Feature: the "server" directive in the "upstream" context supports + the "backup" parameter. + + *) Feature: the ngx_http_perl_module supports the + $r->discard_request_body. + + *) Feature: the "add_header Last-Modified ..." directive changes the + "Last-Modified" response header line. + + *) Bugfix: if a response different than 200 was returned to a request + with body and connection went to the keep-alive state after the + request, then nginx returned 400 for the next request. + + *) Bugfix: a segmentation fault occurred in worker process if invalid + address was set in the "auth_http" directive. + + *) Bugfix: now nginx uses default listen backlog value 511 on all + platforms except FreeBSD. + Thanks to Jiang Hong. + + *) Bugfix: a worker process may got caught in an endless loop, if a + "server" inside "upstream" block was marked as "down"; the bug had + appeared in 0.6.6. + + *) Bugfix: now Solaris sendfilev() is not used to transfer the client + request body to FastCGI-server via the unix domain socket. + + +Changes with nginx 0.6.6 30 Jul 2007 + + *) Feature: the --sysconfdir=PATH option in configure. + + *) Feature: named locations. + + *) Feature: the $args variable can be set with the "set" directive. + + *) Feature: the $is_args variable. + + *) Bugfix: fair big weight upstream balancer. + + *) Bugfix: if a client has closed connection to mail proxy then nginx + might not close connection to backend. + + *) Bugfix: if the same host without specified port was used as backend + for HTTP and HTTPS, then nginx used only one port - 80 or 443. + + *) Bugfix: fix building on Solaris/amd64 by Sun Studio 11 and early + versions; the bug had appeared in 0.6.4. + + +Changes with nginx 0.6.5 23 Jul 2007 + + *) Feature: $nginx_version variable. + Thanks to Nick S. Grechukh. + + *) Feature: the mail proxy supports AUTHENTICATE in IMAP mode. + Thanks to Maxim Dounin. + + *) Feature: the mail proxy supports STARTTLS in SMTP mode. + Thanks to Maxim Dounin. + + *) Bugfix: now nginx escapes space in $memcached_key variable. + + *) Bugfix: nginx was incorrectly built by Sun Studio on + Solaris/amd64. + Thanks to Jiang Hong. + + *) Bugfix: of minor potential bugs. + Thanks to Coverity's Scan. + + +Changes with nginx 0.6.4 17 Jul 2007 + + *) Security: the "msie_refresh" directive allowed XSS. + Thanks to Maxim Boguk. + + *) Change: the "proxy_store" and "fastcgi_store" directives were + changed. + + *) Feature: the "proxy_store_access" and "fastcgi_store_access" + directives. + + *) Bugfix: nginx did not work on Solaris/sparc64 if it was built by Sun + Studio. + Thanks to Andrei Nigmatulin. + + *) Workaround: for Sun Studio 12. + Thanks to Jiang Hong. + + +Changes with nginx 0.6.3 12 Jul 2007 + + *) Feature: the "proxy_store" and "fastcgi_store" directives. + + *) Bugfix: a segmentation fault might occur in worker process if the + "auth_http_header" directive was used. + Thanks to Maxim Dounin. + + *) Bugfix: a segmentation fault occurred in worker process if the + CRAM-MD5 authentication method was used, but it was not enabled. + + *) Bugfix: a segmentation fault might occur in worker process when the + HTTPS protocol was used in the "proxy_pass" directive. + + *) Bugfix: a segmentation fault might occur in worker process if the + eventport method was used. + + *) Bugfix: the "proxy_ignore_client_abort" and + "fastcgi_ignore_client_abort" directives did not work; the bug had + appeared in 0.5.13. + + +Changes with nginx 0.6.2 09 Jul 2007 + + *) Bugfix: if the FastCGI header was split in records, then nginx + passed garbage in the header to a client. + + +Changes with nginx 0.6.1 17 Jun 2007 + + *) Bugfix: in SSI parsing. + + *) Bugfix: if remote SSI subrequest was used, then posterior local file + subrequest might transferred to client in wrong order. + + *) Bugfix: large SSI inclusions buffered in temporary files were + truncated. + + *) Bugfix: the perl $$ variable value in ngx_http_perl_module was equal + to the master process identification number. + + +Changes with nginx 0.6.0 14 Jun 2007 + + *) Feature: the "server_name", "map", and "valid_referers" directives + support the "www.example.*" wildcards. + + +Changes with nginx 0.5.25 11 Jun 2007 + + *) Bugfix: nginx could not be built with the + --without-http_rewrite_module parameter; the bug had appeared in + 0.5.24. + + +Changes with nginx 0.5.24 06 Jun 2007 + + *) Security: the "ssl_verify_client" directive did not work if request + was made using HTTP/0.9. + + *) Bugfix: a part of response body might be passed uncompressed if gzip + was used; the bug had appeared in 0.5.23. + + +Changes with nginx 0.5.23 04 Jun 2007 + + *) Feature: the ngx_http_ssl_module supports Server Name Indication TLS + extension. + + *) Feature: the "fastcgi_catch_stderr" directive. + Thanks to Nick S. Grechukh, OWOX project. + + *) Bugfix: a segmentation fault occurred in master process if two + virtual servers should bind() to the overlapping ports. + + *) Bugfix: if nginx was built with ngx_http_perl_module and perl + supported threads, then during second reconfiguration the error + messages "panic: MUTEX_LOCK" and "perl_parse() failed" were issued. + + *) Bugfix: in the HTTPS protocol in the "proxy_pass" directive. + + +Changes with nginx 0.5.22 29 May 2007 + + *) Bugfix: a big request body might not be passed to backend; the bug + had appeared in 0.5.21. + + +Changes with nginx 0.5.21 28 May 2007 + + *) Bugfix: if server has more than about ten locations, then regex + locations might be choosen not in that order as they were specified. + + *) Bugfix: a worker process may got caught in an endless loop on 64-bit + platform, if the 33-rd or next in succession backend has failed. + Thanks to Anton Povarov. + + *) Bugfix: a bus error might occur on Solaris/sparc64 if the PCRE + library was used. + Thanks to Andrei Nigmatulin. + + *) Bugfix: in the HTTPS protocol in the "proxy_pass" directive. + + +Changes with nginx 0.5.20 07 May 2007 + + *) Feature: the "sendfile_max_chunk" directive. + + *) Feature: the "$http_...", "$sent_http_...", and "$upstream_http_..." + variables may be changed using the "set" directive. + + *) Bugfix: a segmentation fault might occur in worker process if the + SSI command 'if expr="$var = /"' was used. + + *) Bugfix: trailing boundary of multipart range response was + transferred incorrectly. + Thanks to Evan Miller. + + *) Bugfix: nginx did not work on Solaris/sparc64 if it was built by Sun + Studio. + Thanks to Andrei Nigmatulin. + + *) Bugfix: the ngx_http_perl_module could not be built by Solaris + make. + Thanks to Andrei Nigmatulin. + + +Changes with nginx 0.5.19 24 Apr 2007 + + *) Change: now the $request_time variable has millisecond precision. + + *) Change: the method $r->rflush of ngx_http_perl_module was renamed to + the $r->flush. + + *) Feature: the $upstream_addr variable. + + *) Feature: the "proxy_headers_hash_max_size" and + "proxy_headers_hash_bucket_size" directives. + Thanks to Volodymyr Kostyrko. + + *) Bugfix: the files more than 2G could not be transferred using + sendfile and limit_rate on 64-bit platforms. + + *) Bugfix: the files more than 2G could not be transferred using + sendfile on 64-bit Linux. + + +Changes with nginx 0.5.18 19 Apr 2007 + + *) Feature: the ngx_http_sub_filter_module. + + *) Feature: the "$upstream_http_..." variables. + + *) Feature: now the $upstream_status and $upstream_response_time + variables keep data about all upstreams before X-Accel-Redirect. + + *) Bugfix: a segmentation fault occurred in master process after first + reconfiguration and receiving any signal if nginx was built with + ngx_http_perl_module and perl did not support multiplicity; the bug + had appeared in 0.5.9. + + *) Bugfix: if perl did not support multiplicity, then after + reconfiguration perl code did not work; the bug had appeared in + 0.3.38. + + +Changes with nginx 0.5.17 02 Apr 2007 + + *) Change: now nginx always returns the 405 status for the TRACE method. + + *) Feature: now nginx supports the "include" directive inside the + "types" block. + + *) Bugfix: the $document_root variable usage in the "root" and "alias" + directives is disabled: this caused recursive stack overflow. + + *) Bugfix: in the HTTPS protocol in the "proxy_pass" directive. + + *) Bugfix: in some cases non-cachable variables (such as $uri variable) + returned old cached value. + + +Changes with nginx 0.5.16 26 Mar 2007 + + *) Bugfix: the C-class network was not used as hash key in the + "ip_hash" directive. + Thanks to Pavel Yarkovoy. + + *) Bugfix: a segmentation fault might occur in worker process if a + charset was set in the "Content-Type" header line and the line has + trailing ";"; the bug had appeared in 0.3.50. + + *) Bugfix: the "[alert] zero size buf" error when FastCGI server was + used and a request body written in a temporary file was multiple of + 32K. + + *) Bugfix: nginx could not be built on Solaris without the --with-debug + option; the bug had appeared in 0.5.15. + + +Changes with nginx 0.5.15 19 Mar 2007 + + *) Feature: the mail proxy supports authenticated SMTP proxying and the + "smtp_auth", "smtp_capablities", and "xclient" directives. + Thanks to Anton Yuzhaninov and Maxim Dounin. + + *) Feature: now the keep-alive connections are closed just after + receiving the reconfiguration signal. + + *) Change: the "imap" and "auth" directives were renamed to the "mail" + and "pop3_auth" directives. + + *) Bugfix: a segmentation fault occurred in worker process if the + CRAM-MD5 authentication method was used and the APOP method was + disabled. + + *) Bugfix: if the "starttls only" directive was used in POP3 protocol, + then nginx allowed authentication without switching to the SSL mode. + + *) Bugfix: worker processes did not exit after reconfiguration and did + not rotate logs if the eventport method was used. + + *) Bugfix: a worker process may got caught in an endless loop, if the + "ip_hash" directive was used. + + *) Bugfix: now nginx does not log some alerts if eventport or /dev/poll + methods are used. + + +Changes with nginx 0.5.14 23 Feb 2007 + + *) Bugfix: nginx ignored superfluous closing "}" in the end of + configuration file. + + +Changes with nginx 0.5.13 19 Feb 2007 + + *) Feature: the COPY and MOVE methods. + + *) Bugfix: the ngx_http_realip_module set garbage for requests passed + via keep-alive connection. + + *) Bugfix: nginx did not work on big-endian 64-bit Linux. + Thanks to Andrei Nigmatulin. + + *) Bugfix: now when IMAP/POP3 proxy receives too long command it closes + the connection right away, but not after timeout. + + *) Bugfix: if the "epoll" method was used and a client closed a + connection prematurely, then nginx closed the connection after a + send timeout only. + + *) Bugfix: nginx could not be built on platforms different from i386, + amd64, sparc, and ppc; the bug had appeared in 0.5.8. + + +Changes with nginx 0.5.12 12 Feb 2007 + + *) Bugfix: nginx could not be built on platforms different from i386, + amd64, sparc, and ppc; the bug had appeared in 0.5.8. + + *) Bugfix: a segmentation fault might occur in worker process if the + temporary files were used while working with FastCGI server; the bug + had appeared in 0.5.8. + + *) Bugfix: a segmentation fault might occur in worker process if the + $fastcgi_script_name variable was logged. + + *) Bugfix: ngx_http_perl_module could not be built on Solaris. + + +Changes with nginx 0.5.11 05 Feb 2007 + + *) Feature: now configure detects system PCRE library in MacPorts. + Thanks to Chris McGrath. + + *) Bugfix: the response was incorrect if several ranges were requested; + the bug had appeared in 0.5.6. + + *) Bugfix: the "create_full_put_path" directive could not create the + intermediate directories if no "dav_access" directive was set. + Thanks to Evan Miller. + + *) Bugfix: the "0" response code might be logged in the access_log + instead of the "400" and "408" error codes. + + *) Bugfix: a segmentation fault might occur in worker process if nginx + was built with -O2 optimization. + + +Changes with nginx 0.5.10 26 Jan 2007 + + *) Bugfix: while online executable file upgrade the new master process + did not inherit the listening sockets; the bug had appeared in 0.5.9. + + *) Bugfix: a segmentation fault might occur in worker process if nginx + was built with -O2 optimization; the bug had appeared in 0.5.1. + + +Changes with nginx 0.5.9 25 Jan 2007 + + *) Change: now the ngx_http_memcached_module uses the $memcached_key + variable value as a key. + + *) Feature: the $memcached_key variable. + + *) Feature: the "clean" parameter in the "client_body_in_file_only" + directive. + + *) Feature: the "env" directive. + + *) Feature: the "sendfile" directive is available inside the "if" block. + + *) Feature: now on failure of the writing to access nginx logs a + message to error_log, but not more often than once a minute. + + *) Bugfix: the "access_log off" directive did not always turn off the + logging. + + +Changes with nginx 0.5.8 19 Jan 2007 + + *) Bugfix: a segmentation fault might occur if + "client_body_in_file_only on" was used and a request body was small. + + *) Bugfix: a segmentation fault occurred if + "client_body_in_file_only on" and "proxy_pass_request_body off" or + "fastcgi_pass_request_body off" directives were used, and nginx + switched to a next upstream. + + *) Bugfix: if the "proxy_buffering off" directive was used and a client + connection was non-active, then the connection was closed after send + timeout; the bug had appeared in 0.4.7. + + *) Bugfix: if the "epoll" method was used and a client closed a + connection prematurely, then nginx closed the connection after a + send timeout only. + + *) Bugfix: the "[alert] zero size buf" error when FastCGI server was + used. + + *) Bugfixes in the "limit_zone" directive. + + +Changes with nginx 0.5.7 15 Jan 2007 + + *) Feature: the ssl_session_cache storage optimization. + + *) Bugfixes in the "ssl_session_cache" and "limit_zone" directives. + + *) Bugfix: the segmentation fault was occurred on start or while + reconfiguration if the "ssl_session_cache" or "limit_zone" + directives were used on 64-bit platforms. + + *) Bugfix: a segmentation fault occurred if the "add_before_body" or + "add_after_body" directives were used and there was no + "Content-Type" header line in response. + + *) Bugfix: the OpenSSL library was always built with the threads + support. + Thanks to Den Ivanov. + + *) Bugfix: the PCRE-6.5+ library and the icc compiler compatibility. + + +Changes with nginx 0.5.6 09 Jan 2007 + + *) Change: now the ngx_http_index_module ignores all methods except the + GET, HEAD, and POST methods. + + *) Feature: the ngx_http_limit_zone_module. + + *) Feature: the $binary_remote_addr variable. + + *) Feature: the "ssl_session_cache" directives of the + ngx_http_ssl_module and ngx_imap_ssl_module. + + *) Feature: the DELETE method supports recursive removal. + + *) Bugfix: the byte-ranges were transferred incorrectly if the + $r->sendfile() was used. + + +Changes with nginx 0.5.5 24 Dec 2006 + + *) Change: the -v switch does not show compiler information any more. + + *) Feature: the -V switch. + + *) Feature: the "worker_rlimit_core" directive supports size in K, M, + and G. + + *) Bugfix: the nginx.pm module now could be installed by an + unprivileged user. + + *) Bugfix: a segmentation fault might occur if the $r->request_body or + $r->request_body_file methods were used. + + *) Bugfix: the ppc platform specific bugs. + + +Changes with nginx 0.5.4 15 Dec 2006 + + *) Feature: the "perl" directive may be used inside the "limit_except" + block. + + *) Bugfix: the ngx_http_dav_module required the "Date" request header + line for the DELETE method. + + *) Bugfix: if one only parameter was used in the "dav_access" + directive, then nginx might report about configuration error. + + *) Bugfix: a segmentation fault might occur if the $host variable was + used; the bug had appeared in 0.4.14. + + +Changes with nginx 0.5.3 13 Dec 2006 + + *) Feature: the ngx_http_perl_module supports the $r->status, + $r->log_error, and $r->sleep methods. + + *) Feature: the $r->variable method supports variables that do not + exist in nginx configuration. + + *) Bugfix: the $r->has_request_body method did not work. + + +Changes with nginx 0.5.2 11 Dec 2006 + + *) Bugfix: if the "proxy_pass" directive used the name of the + "upstream" block, then nginx tried to resolve the name; the bug had + appeared in 0.5.1. + + +Changes with nginx 0.5.1 11 Dec 2006 + + *) Bugfix: the "post_action" directive might not run after a + unsuccessful completion of a request. + + *) Workaround: for Eudora for Mac; the bug had appeared in 0.4.11. + Thanks to Bron Gondwana. + + *) Bugfix: if the "upstream" name was used in the "fastcgi_pass", then + the message "no port in upstream" was issued; the bug had appeared + in 0.5.0. + + *) Bugfix: if the "proxy_pass" and "fastcgi_pass" directives used the + same servers but different ports, then these directives uses the + first described port; the bug had appeared in 0.5.0. + + *) Bugfix: if the "proxy_pass" and "fastcgi_pass" directives used the + unix domain sockets, then these directives used first described + socket; the bug had appeared in 0.5.0. + + *) Bugfix: ngx_http_auth_basic_module ignored the user if it was in the + last line in the password file and there was no the carriage return, + the line feed, or the ":" symbol after the password. + + *) Bugfix: the $upstream_response_time variable might be equal to + "0.000", although response time was more than 1 millisecond. + + +Changes with nginx 0.5.0 04 Dec 2006 + + *) Change: the parameters in the "%name" form in the "log_format" + directive are not supported anymore. + + *) Change: the "proxy_upstream_max_fails", + "proxy_upstream_fail_timeout", "fastcgi_upstream_max_fails", + "fastcgi_upstream_fail_timeout", "memcached_upstream_max_fails", and + "memcached_upstream_fail_timeout" directives are not supported + anymore. + + *) Feature: the "server" directive in the "upstream" context supports + the "max_fails", "fail_timeout", and "down" parameters. + + *) Feature: the "ip_hash" directive inside the "upstream" block. + + *) Feature: the WAIT status in the "Auth-Status" header line of the + IMAP/POP3 proxy authentication server response. + + *) Bugfix: nginx could not be built on 64-bit platforms; the bug had + appeared in 0.4.14. + + +Changes with nginx 0.4.14 27 Nov 2006 + + *) Feature: the "proxy_pass_error_message" directive in IMAP/POP3 proxy. + + *) Feature: now configure detects system PCRE library on FreeBSD, + Linux, and NetBSD. + + *) Bugfix: ngx_http_perl_module did not work with perl built with the + threads support; the bug had appeared in 0.3.38. + + *) Bugfix: ngx_http_perl_module did not work if perl was called + recursively. + + *) Bugfix: nginx ignored a host name in a request line. + + *) Bugfix: a worker process may got caught in an endless loop, if a + FastCGI server sent too many data to the stderr. + + *) Bugfix: the $upstream_response_time variable may be negative if the + system time was changed backward. + + *) Bugfix: the "Auth-Login-Attempt" parameter was not sent to IMAP/POP3 + proxy authentication server when POP3 was used. + + *) Bugfix: a segmentation fault might occur if connect to IMAP/POP3 + proxy authentication server failed. + + +Changes with nginx 0.4.13 15 Nov 2006 + + *) Feature: the "proxy_pass" directive may be used inside the + "limit_except" block. + + *) Feature: the "limit_except" directive supports all WebDAV methods. + + *) Bugfix: if the "add_before_body" directive was used without the + "add_after_body" directive, then a response did not transferred + complete. + + *) Bugfix: a large request body did not receive if the epoll method and + the deferred accept() were used. + + *) Bugfix: a charset could not be set for ngx_http_autoindex_module + responses; the bug had appeared in 0.3.50. + + *) Bugfix: the "[alert] zero size buf" error when FastCGI server was + used; + + *) Bugfix: the --group= configuration parameter was ignored. + Thanks to Thomas Moschny. + + *) Bugfix: the 50th subrequest in SSI response did not work; the bug + had appeared in 0.3.50. + + +Changes with nginx 0.4.12 31 Oct 2006 + + *) Feature: the ngx_http_perl_module supports the $r->variable method. + + *) Bugfix: if a big static file was included using SSI in a response, + then the response may be transferred incomplete. + + *) Bugfix: nginx did not omit the "#fragment" part in URI. + + +Changes with nginx 0.4.11 25 Oct 2006 + + *) Feature: the POP3 proxy supports the AUTH LOGIN PLAIN and CRAM-MD5. + + *) Feature: the ngx_http_perl_module supports the $r->allow_ranges + method. + + *) Bugfix: if the APOP was enabled in the POP3 proxy, then the + USER/PASS commands might not work; the bug had appeared in 0.4.10. + + +Changes with nginx 0.4.10 23 Oct 2006 + + *) Feature: the POP3 proxy supports the APOP command. + + *) Bugfix: if the select, poll or /dev/poll methods were used, then + while waiting authentication server response the IMAP/POP3 proxy + hogged CPU. + + *) Bugfix: a segmentation fault might occur if the $server_addr + variable was used in the "map" directive. + + *) Bugfix: the ngx_http_flv_module did not support the byte ranges for + full responses; the bug had appeared in 0.4.7. + + *) Bugfix: nginx could not be built on Debian amd64; the bug had + appeared in 0.4.9. + + +Changes with nginx 0.4.9 13 Oct 2006 + + *) Feature: the "set" parameter in the "include" SSI command. + + *) Feature: the ngx_http_perl_module now tests the nginx.pm module + version. + + +Changes with nginx 0.4.8 11 Oct 2006 + + *) Bugfix: if an "include" SSI command were before another "include" + SSI command with a "wait" parameter, then the "wait" parameter might + not work. + + *) Bugfix: the ngx_http_flv_module added the FLV header to the full + responses. + Thanks to Alexey Kovyrin. + + +Changes with nginx 0.4.7 10 Oct 2006 + + *) Feature: the ngx_http_flv_module. + + *) Feature: the $request_body_file variable. + + *) Feature: the "charset" and "source_charset" directives support the + variables. + + *) Bugfix: if an "include" SSI command were before another "include" + SSI command with a "wait" parameter, then the "wait" parameter might + not work. + + *) Bugfix: if the "proxy_buffering off" directive was used or while + working with memcached the connections might not be closed on + timeout. + + *) Bugfix: nginx did not run on 64-bit platforms except amd64, sparc64, + and ppc64. + + +Changes with nginx 0.4.6 06 Oct 2006 + + *) Bugfix: nginx did not run on 64-bit platforms except amd64, sparc64, + and ppc64. + + *) Bugfix: nginx sent the chunked response for HTTP/1.1 request, + if its length was set by text string in the + $r->headers_out("Content-Length", ...) method. + + *) Bugfix: after redirecting error by an "error_page" directive any + ngx_http_rewrite_module directive returned this error code; the bug + had appeared in 0.4.4. + + +Changes with nginx 0.4.5 02 Oct 2006 + + *) Bugfix: nginx could not be built on Linux and Solaris; the bug had + appeared in 0.4.4. + + +Changes with nginx 0.4.4 02 Oct 2006 + + *) Feature: the $scheme variable. + + *) Feature: the "expires" directive supports the "max" parameter. + + *) Feature: the "include" directive supports the "*" mask. + Thanks to Jonathan Dance. + + *) Bugfix: the "return" directive always overrode the "error_page" + response code redirected by the "error_page" directive. + + *) Bugfix: a segmentation fault occurred if zero-length body was in PUT + method. + + *) Bugfix: the redirect was changed incorrectly if the variables were + used in the "proxy_redirect" directive. + + +Changes with nginx 0.4.3 26 Sep 2006 + + *) Change: now the 499 error could not be redirected using an + "error_page" directive. + + *) Feature: the Solaris 10 event ports support. + + *) Feature: the ngx_http_browser_module. + + *) Bugfix: a segmentation fault may occur while redirecting the 400 + error to the proxied server using a "proxy_pass" directive. + + *) Bugfix: a segmentation fault occurred if an unix domain socket was + used in a "proxy_pass" directive; the bug had appeared in 0.3.47. + + *) Bugfix: SSI did work with memcached and nonbuffered responses. + + *) Workaround: of the Sun Studio PAUSE hardware capability bug. + + +Changes with nginx 0.4.2 14 Sep 2006 + + *) Bugfix: the O_NOATIME flag support on Linux was canceled; the bug + had appeared in 0.4.1. + + +Changes with nginx 0.4.1 14 Sep 2006 + + *) Bugfix: the DragonFlyBSD compatibility. + Thanks to Pavel Nazarov. + + *) Workaround: of bug in 64-bit Linux sendfile(), when file is more + than 2G. + + *) Feature: now on Linux nginx uses O_NOATIME flag for static + requests. + Thanks to Yusuf Goolamabbas. + + +Changes with nginx 0.4.0 30 Aug 2006 + + *) Change in internal API: the HTTP modules initialization was moved + from the init module phase to the HTTP postconfiguration phase. + + *) Change: now the request body is not read beforehand for the + ngx_http_perl_module: it's required to start the reading using the + $r->has_request_body method. + + *) Feature: the ngx_http_perl_module supports the DECLINED return code. + + *) Feature: the ngx_http_dav_module supports the incoming "Date" header + line for the PUT method. + + *) Feature: the "ssi" directive is available inside the "if" block. + + *) Bugfix: a segmentation fault occurred if there was an "index" + directive with variables and the first index name was without + variables; the bug had appeared in 0.1.29. + + +Changes with nginx 0.3.61 28 Aug 2006 + + *) Change: now the "tcp_nodelay" directive is turned on by default. + + *) Feature: the "msie_refresh" directive. + + *) Feature: the "recursive_error_pages" directive. + + *) Bugfix: the "rewrite" directive returned incorrect redirect, if the + redirect had the captured escaped symbols from original URI. + + +Changes with nginx 0.3.60 18 Aug 2006 + + *) Bugfix: a worker process may got caught in an endless loop while an + error redirection; the bug had appeared in 0.3.59. + + +Changes with nginx 0.3.59 16 Aug 2006 + + *) Feature: now is possible to do several redirection using the + "error_page" directive. + + *) Bugfix: the "dav_access" directive did not support three parameters. + + *) Bugfix: the "error_page" directive did not changes the + "Content-Type" header line after the "X-Accel-Redirect" was used; + the bug had appeared in 0.3.58. + + +Changes with nginx 0.3.58 14 Aug 2006 + + *) Feature: the "error_page" directive supports the variables. + + *) Change: now the procfs interface instead of sysctl is used on Linux. + + *) Change: now the "Content-Type" header line is inherited from first + response when the "X-Accel-Redirect" was used. + + *) Bugfix: the "error_page" directive did not redirect the 413 error. + + *) Bugfix: the trailing "?" did not remove old arguments if no new + arguments were added to a rewritten URI. + + *) Bugfix: nginx could not run on 64-bit FreeBSD 7.0-CURRENT. + + +Changes with nginx 0.3.57 09 Aug 2006 + + *) Feature: the $ssl_client_serial variable. + + *) Bugfix: in the "!-e" operator of the "if" directive. + Thanks to Andrian Budanstov. + + *) Bugfix: while a client certificate verification nginx did not send + to a client the required certificates information. + + *) Bugfix: the $document_root variable did not support the variables in + the "root" directive. + + +Changes with nginx 0.3.56 04 Aug 2006 + + *) Feature: the "dav_access" directive. + + *) Feature: the "if" directive supports the "-d", "!-d", "-e", "!-e", + "-x", and "!-x" operators. + + *) Bugfix: a segmentation fault occurred if a request returned a + redirect and some sent to client header lines were logged in the + access log. + + +Changes with nginx 0.3.55 28 Jul 2006 + + *) Feature: the "stub" parameter in the "include" SSI command. + + *) Feature: the "block" SSI command. + + *) Feature: the unicode2nginx script was added to contrib. + + *) Bugfix: if a "root" was specified by variable only, then the root + was relative to a server prefix. + + *) Bugfix: if the request contained "//" or "/./" and escaped symbols + after them, then the proxied request was sent unescaped. + + *) Bugfix: the $r->header_in("Cookie") of the ngx_http_perl_module now + returns all "Cookie" header lines. + + *) Bugfix: a segmentation fault occurred if + "client_body_in_file_only on" was used and nginx switched to a next + upstream. + + *) Bugfix: on some condition while reconfiguration character codes + inside the "charset_map" may be treated invalid; the bug had + appeared in 0.3.50. + + +Changes with nginx 0.3.54 11 Jul 2006 + + *) Feature: nginx now logs the subrequest information to the error log. + + *) Feature: the "proxy_next_upstream", "fastcgi_next_upstream", and + "memcached_next_upstream" directives support the "off" parameter. + + *) Feature: the "debug_connection" directive supports the CIDR address + form. + + *) Bugfix: if a response of proxied server or FastCGI server was + converted from UTF-8 or back, then it may be transferred incomplete. + + *) Bugfix: the $upstream_response_time variable had the time of the + first request to a backend only. + + *) Bugfix: nginx could not be built on amd64 platform; the bug had + appeared in 0.3.53. + + +Changes with nginx 0.3.53 07 Jul 2006 + + *) Change: the "add_header" directive adds the string to 204, 301, and + 302 responses. + + *) Feature: the "server" directive in the "upstream" context supports + the "weight" parameter. + + *) Feature: the "server_name" directive supports the "*" wildcard. + + *) Feature: nginx supports the request body size more than 2G. + + *) Bugfix: if a client was successfully authorized using "satisfy_any + on", then anyway the message "access forbidden by rule" was written + in the log. + + *) Bugfix: the "PUT" method may erroneously not create a file and + return the 409 code. + + *) Bugfix: if the IMAP/POP3 backend returned an error, then nginx + continued proxying anyway. + + +Changes with nginx 0.3.52 03 Jul 2006 + + *) Change: the ngx_http_index_module behavior for the "POST /" requests + is reverted to the 0.3.40 version state: the module now does not + return the 405 error. + + *) Bugfix: the worker process may got caught in an endless loop if the + limit rate was used; the bug had appeared in 0.3.37. + + *) Bugfix: ngx_http_charset_module logged "unknown charset" alert, even + if the recoding was not needed; the bug had appeared in 0.3.50. + + *) Bugfix: if a code response of the PUT request was 409, then a + temporary file was not removed. + + +Changes with nginx 0.3.51 30 Jun 2006 + + *) Bugfix: the "<" symbols might disappeared some conditions in the + SSI; the bug had appeared in 0.3.50. + + +Changes with nginx 0.3.50 28 Jun 2006 + + *) Change: the "proxy_redirect_errors" and "fastcgi_redirect_errors" + directives was renamed to the "proxy_intercept_errors" and + "fastcgi_intercept_errors" directives. + + *) Feature: the ngx_http_charset_module supports the recoding from the + single byte encodings to the UTF-8 encoding and back. + + *) Feature: the "X-Accel-Charset" response header line is supported in + proxy and FastCGI mode. + + *) Bugfix: the "\" escape symbol in the "\"" and "\'" pairs in the SSI + command was removed only if the command also has the "$" symbol. + + *) Bugfix: the " + + + + +
+ + + +net.inet.ip.portrange.randomized=0 +net.inet.ip.portrange.first=1024 +net.inet.ip.portrange.last=65535 + + +
+ + +
+ + +net.inet.tcp.fast_finwait2_recycle=1 + + +
+ + +
+ + +[ KVA, KVM, nsfbufs ] + + +
+ + +
+ + + + +sysctl kern.random.sys.harvest.ethernet=0 + + + + +
+ + diff -r 000000000000 -r 61e04fc01027 xml/en/docs/howto.xml --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/xml/en/docs/howto.xml Thu Aug 11 12:19:13 2011 +0000 @@ -0,0 +1,26 @@ + + +
+ + +
+ + + + + + + + + + + + + + + +
+ +
diff -r 000000000000 -r 61e04fc01027 xml/en/docs/http/configuring_https_servers.xml --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/xml/en/docs/http/configuring_https_servers.xml Thu Aug 11 12:19:13 2011 +0000 @@ -0,0 +1,474 @@ + + +
+ +
+ + +To configure an HTTPS server you must enable the SSL protocol +in the server block, and specify the locations of the server certificate +and private key files: + + +server { + listen 443; + server_name www.nginx.com; + ssl on; + ssl_certificate www.nginx.com.crt; + ssl_certificate_key www.nginx.com.key; + ssl_protocols SSLv3 TLSv1; + ssl_ciphers HIGH:!ADH:!MD5; + ... +} + + +The server certificate is a public entity. +It is sent to every client that connects to the server. +The private key is a secure entity and should be stored in a file with +restricted access, however, it must be readable by nginx’s master process. +The private key may alternately be stored in the same file as the certificate: + + + ssl_certificate www.nginx.com.cert; + ssl_certificate_key www.nginx.com.cert; + + +in which case the file access rights should also be restricted. +Although the certificate and the key are stored in one file, +only the certificate is sent to a client. + + + +The directives ssl_protocols and +ssl_ciphers may be used to limit connections +to strong SSL protocol versions and ciphers. +Since version 0.8.20, nginx uses ssl_protocols SSLv3 TLSv1 +and ssl_ciphers HIGH:!ADH:!MD5 by default, +so they should only be set for earlier nginx versions. + + +
+ + +
+ + +SSL operations consume extra CPU resources. +On multi-processor systems you should run several worker processes: +no less than the number of available CPU cores. +The most CPU-intensive operation is the SSL handshake. +There are two ways to minimize the number of these operations per client: +the first is by enabling keepalive connections to send several +requests via one connection and the second is to reuse SSL session +parameters to avoid SSL handshakes for parallel and subsequent connections. +The sessions are stored in an SSL session cache shared between workers +and configured by an ssl_session_cache directive. +One megabyte of the cache contains about 4000 sessions. +The default cache timeout is 5 minutes. It can be increased by using +the ssl_session_timeout directive. +Here is a sample configuration optimized for a quad core system +with 10M shared session cache: + + +worker_processes 4; + +http { + ssl_session_cache shared:SSL:10m; + ssl_session_timeout 10m; + + server { + listen 443; + server_name www.nginx.com; + keepalive_timeout 70; + + ssl on; + ssl_certificate www.nginx.com.crt; + ssl_certificate_key www.nginx.com.key; + ssl_protocols SSLv3 TLSv1; + ssl_ciphers HIGH:!ADH:!MD5; + ... + + + +
+ + +
+ + +Some browsers may complain about a certificate signed by a well-known +certificate authority, while other browsers may accept the certificate +without issues. +This occurs because the issuing authority has signed the server certificate +using an intermediate certificate that is not present in the certificate +base of well-known trusted certificate authorities which is distributed +with a particular browser. +In this case the authority provides a bundle of chained certificates +which should be concatenated to the signed server certificate. +The server certificate must appear before the chained certificates +in the combined file: + + +$ cat www.nginx.com.crt bundle.crt > www.nginx.com.chained.crt + + +The resulting file should be used in the ssl_certificate +directive: + + +server { + listen 443; + server_name www.nginx.com; + ssl on; + ssl_certificate www.nginx.com.chained.crt; + ssl_certificate_key www.nginx.com.key; + ... +} + + +If the server certificate and the bundle have been concatenated in the wrong +order, nginx will fail to start and will display the error message: + + +SSL_CTX_use_PrivateKey_file(" ... /www.nginx.com.key") failed + (SSL: error:0B080074:x509 certificate routines: + X509_check_private_key:key values mismatch) + + +because nginx has tried to use the private key with the bundle’s +first certificate instead of the server certificate. + + + +Browsers usually store intermediate certificates which they receive +and which are signed by trusted authorities, so actively used browsers +may already have the required intermediate certificates and +may not complain about a certificate sent without a chained bundle. +To ensure the server sends the complete certificate chain, +you may use the openssl command line utility, for example: + + +$ openssl s_client -connect www.godaddy.com:443 +... +Certificate chain + 0 s:/C=US/ST=Arizona/L=Scottsdale/1.3.6.1.4.1.311.60.2.1.3=US + /1.3.6.1.4.1.311.60.2.1.2=AZ/O=GoDaddy.com, Inc + /OU=MIS Department/CN=www.GoDaddy.com + /serialNumber=0796928-7/2.5.4.15=V1.0, Clause 5.(b) + i:/C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc. + /OU=http://certificates.godaddy.com/repository + /CN=Go Daddy Secure Certification Authority + /serialNumber=07969287 + 1 s:/C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc. + /OU=http://certificates.godaddy.com/repository + /CN=Go Daddy Secure Certification Authority + /serialNumber=07969287 + i:/C=US/O=The Go Daddy Group, Inc. + /OU=Go Daddy Class 2 Certification Authority + 2 s:/C=US/O=The Go Daddy Group, Inc. + /OU=Go Daddy Class 2 Certification Authority + i:/L=ValiCert Validation Network/O=ValiCert, Inc. + /OU=ValiCert Class 2 Policy Validation Authority + /CN=http://www.valicert.com//emailAddress=info@valicert.com +... + + +In this example the subject (“s”) of the +www.GoDaddy.com server certificate #0 is signed by an issuer +(“i”) which itself is the subject of the certificate #1, +which is signed by an issuer which itself is the subject of the certificate #2, +which signed by the well-known issuer ValiCert, Inc. +whose certificate is stored in the browsers’ built-in +certificate base (that lay in the house that Jack built). + + + +If you have not added the certificates bundle, you will see only your server +certificate #0. + + +
+ + +
+ + +It is good practice to configure separate servers for HTTP and HTTPS +protocols from the very start. Although their functionalities currently +seem equal, this may change significantly in the future +and using a consolidated server may become problematic. +However, if HTTP and HTTPS servers are equal, +and you prefer not to think about the future, +you may configure a single server that handles both HTTP and HTTPS requests +by deleting the directive ssl on +and adding the ssl parameter for *:443 port: + + +server { + listen 80; + listen 443 ssl; + server_name www.nginx.com; + ssl_certificate www.nginx.com.crt; + ssl_certificate_key www.nginx.com.key; + ... +} + + + +Prior to 0.8.21, nginx only allows the ssl parameter +to be set on listen sockets with the default parameter: + +listen 443 default ssl; + + + + +
+ + +
+ + +A common issue arises when configuring two or more HTTPS servers +listening on a single IP address: + + +server { + listen 443; + server_name www.nginx.com; + ssl on; + ssl_certificate www.nginx.com.crt; + ... +} + +server { + listen 443; + server_name www.nginx.org; + ssl on; + ssl_certificate www.nginx.org.crt; + ... +} + + +With this configuration a browser receives the certificate of the default +server, i.e., www.nginx.com regardless of the requested server name. +This is caused by SSL protocol behaviour. The SSL connection is established +before the browser sends an HTTP request and nginx does not know +the name of the requested server. Therefore, it may only offer the certificate +of the default server. + + + +The oldest and most robust method to resolve the issue +is to assign a separate IP address for every HTTPS server: + + +server { + listen 192.168.1.1:443; + server_name www.nginx.com; + ssl on; + ssl_certificate www.nginx.com.crt; + ... +} + +server { + listen 192.168.1.2:443; + server_name www.nginx.org; + ssl on; + ssl_certificate www.nginx.org.crt; + ... +} + + + +
+ + +
+ + +There are other ways to share a single IP address between several +HTTPS servers, however, all of them have drawbacks. +One way is to use a certificate with several names in +the SubjectAltName certificate field, for example, www.nginx.com +and www.nginx.org. +However, the SubjectAltName field length is limited. + + + +Another way is to use a certificate with a wildcard name, for example, +*.nginx.org. This certificate matches +www.nginx.org, but does not match nginx.org +and www.sub.nginx.org. These two methods can also be combined. +A certificate may contain exact and wildcard names in the SubjectAltName field, +for example, nginx.org and *.nginx.org. + + + +It is better to place a certificate file with several names and +its private key file at the http level of configuration +to inherit their single memory copy in all servers: + + +ssl_certificate common.crt; +ssl_certificate_key common.key; + +server { + listen 443; + server_name www.nginx.com; + ssl on; + ... +} + +server { + listen 443; + server_name www.nginx.org; + ssl on; + ... +} + + + +
+ + +
+ + +A more generic solution for running several HTTPS servers on a single +IP address is +TLSv1.1 +Server Name Indication extension (SNI, RFC3546), +which allows a browser to pass a requested server name during the SSL handshake +and, therefore, the server will know which certificate it should use +for the connection. +However, SNI has limited browser support. +Currently it is supported starting with the following browsers versions: + + + + + +Opera 8.0; + + + +MSIE 7.0 (but only on Windows Vista or higher); + + + +Firefox 2.0 and other browsers using Mozilla Platform rv:1.8.1; + + + +Safari 3.2.1 (Windows version supports SNI on Vista or higher); + + + +and Chrome (Windows version supports SNI on Vista or higher, too). + + + + + +In order to use SNI in nginx, it must be supported in both the +OpenSSL library with which the nginx binary has been built as well as +the library to which it is being dynamically linked at run time. +OpenSSL supports SNI since 0.9.8f version if it was built with config option +“--enable-tlsext”. +Since OpenSSL 0.9.8j this option is enabled by default. +If nginx was built with SNI support, then nginx will show this +when run with the “-V” switch: + + +$ nginx -V +... +TLS SNI support enabled +... + + +However, if the SNI-enabled nginx is linked dynamically to +an OpenSSL library without SNI support, nginx displays the warning: + + +nginx was built with SNI support, however, now it is linked +dynamically to an OpenSSL library which has no tlsext support, +therefore SNI is not available + + + +
+ + +
+ + + + + +The SNI support status has been shown by the “-V” switch +since 0.8.21 and 0.7.62. + + + +The ssl parameter of the listen +directive has been supported since 0.7.14. + + + +SNI has been supported since 0.5.32. + + + +The shared SSL session cache has been supported since 0.5.6. + + + + + + + + + +Version 0.7.65, 0.8.19 and later: the default SSL protocols are SSLv3 and TLSv1. + + + +Version 0.7.64, 0.8.18 and earlier: the default SSL protocols are SSLv2, +SSLv3, and TLSv1. + + + + + + + + + +Version 0.7.65, 0.8.20 and later: the default SSL ciphers are +HIGH:!ADH:!MD5. + + + +Version 0.8.19: the default SSL ciphers are +ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM. + + + +Version 0.7.64, 0.8.18 and earlier: the default SSL ciphers are
+ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP. + + + + + + +
+ + +
diff -r 000000000000 -r 61e04fc01027 xml/en/docs/http/converting_rewrite_rules.xml --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/xml/en/docs/http/converting_rewrite_rules.xml Thu Aug 11 12:19:13 2011 +0000 @@ -0,0 +1,133 @@ + + +
+ + +
+ + +People who during their shared hosting life used to configure +everything using only Apache’s .htaccess files, +translate usually the following rules: + + +RewriteCond %{HTTP_HOST} nginx.org +RewriteRule (.*) http://www.nginx.org$1 + + +in something like this: + + +server { + listen 80; + server_name www.nginx.org nginx.org; + if ($http_host = nginx.org) { + rewrite (.*) http://www.nginx.org$1; + } + ... +} + + + + +This is a wrong, cumbersome, and ineffective way. +The right way is to define a separate server for nginx.org: + + +server { + listen 80; + server_name nginx.org; + rewrite ^ http://www.nginx.org$request_uri?; +} + +server { + listen 80; + server_name www.nginx.org; + ... +} + + + +
+ + +
+ + +Another example, instead of backward logic: all that is not +nginx.com and is not www.nginx.com: + + +RewriteCond %{HTTP_HOST} !nginx.com +RewriteCond %{HTTP_HOST} !www.nginx.com +RewriteRule (.*) http://www.nginx.com$1 + + +you should define just nginx.com, www.nginx.com, +and anything else: + + +server { + listen 80; + server_name nginx.com www.nginx.com; + ... +} + +server { + listen 80 default_server; + server_name _; + rewrite ^ http://nginx.com$request_uri?; +} + + + +
+ + +
+ + +Typical Mongrel rules: + + +DocumentRoot /var/www/myapp.com/current/public + +RewriteCond %{DOCUMENT_ROOT}/system/maintenance.html -f +RewriteCond %{SCRIPT_FILENAME} !maintenance.html +RewriteRule ^.*$ %{DOCUMENT_ROOT}/system/maintenance.html [L] + +RewriteCond %{REQUEST_FILENAME} -f +RewriteRule ^(.*)$ $1 [QSA,L] + +RewriteCond %{REQUEST_FILENAME}/index.html -f +RewriteRule ^(.*)$ $1/index.html [QSA,L] + +RewriteCond %{REQUEST_FILENAME}.html -f +RewriteRule ^(.*)$ $1/index.html [QSA,L] + +RewriteRule ^/(.*)$ balancer://mongrel_cluster%{REQUEST_URI} [P,QSA,L] + + +should be converted to + + +location / { + root /var/www/myapp.com/current/public; + + try_files /system/maintenance.html + $uri $uri/index.html $uri.html + @mongrel; +} + +location @mongrel { + proxy_pass http://mongrel; +} + + + +
+ +
diff -r 000000000000 -r 61e04fc01027 xml/en/docs/http/request_processing.xml --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/xml/en/docs/http/request_processing.xml Thu Aug 11 12:19:13 2011 +0000 @@ -0,0 +1,292 @@ + + +
+ + +
+ + +nginx first decides which server should process the request. +Let’s start with a simple configuration +where all three virtual servers listen on port *:80: + + +server { + listen 80; + server_name nginx.org www.nginx.org; + ... +} + +server { + listen 80; + server_name nginx.net www.nginx.net; + ... +} + +server { + listen 80; + server_name nginx.com www.nginx.com; + ... +} + + + + +In this configuration nginx tests only the request’s header line +“Host” to determine which server the request should be routed to. +If the “Host” header line does not match any server name, +or the request does not contain this line at all, +then nginx will route the request to the default server. +In the configuration above, the default server is the first +one—which is nginx’s standard default behaviour. +If you do not want the first server listed to be the default server, +you may set it explicitly with the default_server parameter +in the listen directive: + + +server { + listen 80 default_server; + server_name nginx.net www.nginx.net; + ... +} + + + +The default_server parameter has been available since +version 0.8.21. +In earlier versions the default parameter should be used +instead. + + +Note that the default server is a property of the listen port +and not of the server name. More about this later. + + +
+ + +
+ + +If you do not want to process requests with undefined “Host” +header lines, you may define a default server that just drops the requests: + + +server { + listen 80 default_server; + server_name _; + return 444; +} + + +We have chosen the non-existent domain name “_” +as the server name and returned nginx’s special non-standard +code 444 that closes the connection. +Note that you should set a name for this server, +otherwise nginx will use the hostname. + + +
+ + +
+ + +Let’s look at a more complex configuration +where some virtual servers listen on different addresses: + + +server { + listen 192.168.1.1:80; + server_name nginx.org www.nginx.org; + ... +} + +server { + listen 192.168.1.1:80; + server_name nginx.net www.nginx.net; + ... +} + +server { + listen 192.168.1.2:80; + server_name nginx.com www.nginx.com; + ... +} + + +In this configuration, nginx first tests the IP address and port +of the request against the listen directives +of the server blocks. It then tests the “Host” +header line of the request against the server_name +entries of the server blocks that matched +the IP address and port. + +If the server name is not found, the request will be processed by +the default server. +For example, a request for www.nginx.com received on +the 192.168.1.1:80 port will be handled by the default server +of the 192.168.1.1:80 port, i.e., by the first server, +since there is no www.nginx.com defined for this port. + + + +As already stated, a default server is a property of the listen port +and different default servers may be defined for different listen ports: + + +server { + listen 192.168.1.1:80; + server_name nginx.org www.nginx.org; + ... +} + +server { + listen 192.168.1.1:80 default_server; + server_name nginx.net www.nginx.net; + ... +} + +server { + listen 192.168.1.2:80 default_server; + server_name nginx.com www.nginx.com; + ... +} + + + +
+ + +
+ + +Now let’s look at how nginx chooses a location to process a request +for a typical, simple PHP site: + + +server { + listen 80; + server_name nginx.org www.nginx.org; + root /data/www; + + location / { + index index.html index.php; + } + + location ~* \.(gif|jpg|png)$ { + expires 30d; + } + + location ~ \.php$ { + fastcgi_pass localhost:9000; + fastcgi_param SCRIPT_FILENAME + $document_root$fastcgi_script_name; + include fastcgi_params; + } +} + + + + +nginx first searches for the most specific location given by literal strings +regardless of the listed order. In the configuration above +the only literal location is / and since it matches +any request it will be used as a last resort. +Then nginx checks locations given by +regular expression in the order listed in the configuration file. +The first matching expression stops the search and nginx will use this +location. If no regular expression matches a request, then nginx uses +the most specific literal location found earlier. + + + +Note that locations of all types test only a request URI part without a query +string. This is done because arguments in the query string may be given in +several ways, for example: + + +/index.php?user=john&page=1 +/index.php?page=1&user=john + + +Besides, anyone may request anything in the query string: + + +/index.php?page=1&something+else&user=john + + + + +Now let’s look at how requests would be processed +in the configuration above: + + + + + +A request /logo.gif is matched by the literal location +/ first and then by the regular expression +\.(gif|jpg|png)$, +therefore, it is handled by the latter location. +Using the directive root /data/www the request +is mapped to a file /data/www/logo.gif, and the file +is sent to the client. + + + + + +A request /index.php is also matched by the literal location +/ first and then by the regular expression +\.(php)$. Therefore, it is handled by the latter location +and the request is passed to a FastCGI server listening on localhost:9000. +The fastcgi_param directive sets the FastCGI parameter +SCRIPT_FILENAME to /data/www/index.php, +and the FastCGI server executes the file. +The variable $document_root is equal to +the value of the root directive and +the variable $fastcgi_script_name is equal to the request URI, +i.e. /index.php. + + + + + +A request /about.html is matched by the literal location +/ only, therefore, it is handled in this location. +Using the directive root /data/www the request is mapped +to the file /data/www/about.html, and the file is sent +to the client. + + + + + +Handling a request / is more complex. +It is matched by the literal location / only, +therefore, it is handled by this location. +Then the index directive tests for the existence +of an index file according to its parameters and +the root /data/www directive. +If a file /data/www/index.php exists, +then the directive does an internal redirect to /index.php, and +nginx searches the locations again as if the request had been sent by a client. +As we saw before, the redirected request will eventually be handled +by the FastCGI server. + + + + + + +
+ +
diff -r 000000000000 -r 61e04fc01027 xml/en/docs/http/server_names.xml --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/xml/en/docs/http/server_names.xml Thu Aug 11 12:19:13 2011 +0000 @@ -0,0 +1,433 @@ + + +
+ + +
+ + +Server names are defined using the server_name directive +and determine which server block is used for a given request. +See also “”. +They may be defined using exact names, wildcard names, or regular expressions: + + +server { + listen 80; + server_name nginx.org www.nginx.org; + ... +} + +server { + listen 80; + server_name *.nginx.org; + ... +} + +server { + listen 80; + server_name mail.*; + ... +} + +server { + listen 80; + server_name ~^(?<user>.+)\.nginx\.net$; + ... +} + + +The names are tested in the following order: + + + + +exact names; + + + +wildcard names starting with an asterisk: *.nginx.org; + + + +wildcard names ending with an asterisk: mail.*; + + + +and regular expressions in the order listed in the configuration file. + + + +The first match stops the search. + + +
+ + +
+ + +A wildcard name may contain an asterisk only on the name's start or end, +and only on a dot border. The names www.*.nginx.org +and w*.nginx.org are invalid. +However, these names can be specified using regular expressions, +for example, ~^www\..+\.nginx\.org$ and +~^w.*\.nginx\.org$. +An asterisk can match several name parts. +The name *.nginx.org matches not only +www.nginx.org but www.sub.nginx.org as well. + + + +A special wildcard in the form .nginx.org can be used +to match both the exact name nginx.org +and the wildcard name *.nginx.org. + + +
+ + +
+ + +The regular expressions used by nginx are compatible with those used +by the Perl programming language (PCRE). +To use a regular expression, the server name must start with the tilde +character: + + +server_name ~^www\d+\.nginx\.net$; + + +otherwise it will be treated as an exact name, or if the expression contains +an asterisk, as a wildcard name (and most likely as an invalid one). +Do not forget to set “^” and “$” anchors. +They are not required syntactically, but logically. +Also note that domain name dots should be escaped with a backslash. +A regular expression containing the characters “{” +and “}” should be quoted: + + +server_name "~^(?<name>\w\d{1,3}+)\.nginx\.net$"; + + +otherwise nginx will fail to start and display the error message: + + +directive "server_name" is not terminated by ";" in ... + + +A named regular expression capture can be used later as a variable: + + +server { + server_name ~^(www\.)?(?<domain>.+)$; + + location / { + root /sites/$domain; + } +} + + +The PCRE library supports named captures using the following syntax: + + + + + + + + + + + + + + + + + + +
?<name>Perl 5.10 compatible syntax, supported since PCRE-7.0
?'name'Perl 5.10 compatible syntax, supported since PCRE-7.0
?P<name>Python compatible syntax, supported since PCRE-4.0
+ +If nginx fails to start and displays the error message: + + +pcre_compile() failed: unrecognized character after (?< in ... + + +this means that the PCRE library is old +and you should try the syntax ?P<name>. +The captures can also be used in digital form: + + +server { + server_name ~^(www\.)?(.+)$; + + location / { + root /sites/$2; + } +} + + +However, such usage should be limited to simple cases (like the above), +since the digital references can easily be overwritten. + + + +
+ + +
+ + +If you want to process requests without a “Host” header line +in a server block which is not the default, you should specify an empty name: + + +server { + listen 80; + server_name nginx.org www.nginx.org ""; + ... +} + + + + +If no server_name is defined in a server block, +then nginx uses the empty name as the server name. + +nginx versions up to 0.8.48 used the hostname as the server name +in this case. + + + + +If someone makes a request using an IP address instead of a server name, +the request’s “Host” header line will contain the IP address +and you can handle the request using the IP address as the server name: + + +server { + listen 80; + server_name nginx.org + www.nginx.org + "" + 192.168.1.1 + ; + ... +} + + + + +In catch-all server examples you may see the strange name “_”: + + +server { + listen 80 default_server; + server_name _; + return 444; +} + + +There is nothing special about this name, it is just one of a myriad +of invalid domain names which never intersect with any real name. +You may also use something like “--”, “!@#”, and so on. + + + +nginx versions up to 0.6.25 supported the special name “*” +which was erroneously interpreted to be a catch-all name. +It never functioned as a catch-all or wildcard server name. +Instead, it supplied the functionality that is now provided +by the server_name_in_redirect directive. +The special name “*” is now deprecated +and the server_name_in_redirect directive should be used. +Note that there is no way to specify the catch-all name or +the default server using the server_name directive. +This is a property of the listen directive +and not of the server_name directive. +See also “”. +You can define servers listening on ports *:80 and *:8080, +and direct that one will be the default server for port *:8080, +while the other will be the default for port *:80: + + +server { + listen 80; + listen 8080 default_server; + server_name nginx.net; + ... +} + +server { + listen 80 default_server; + listen 8080; + server_name nginx.org; + ... +} + + + + +
+ + +
+ + +Exact names and wildcard names are stored in hashes. +The hashes are bound to the listen ports and every listen port +may have up to three hashes: an exact names hash, a wildcard names hash +starting with an asterisk, and a wildcard names hash ending with an asterisk. +The sizes of the hashes are optimized at the configuration phase so that +a name can be found with the fewest CPU cache misses. +The exact names hash is searched first. +If a name is not found using the exact name hash, then the wildcard names hash +starting with an asterisk is searched. +If the name is not found there, the wildcard names hash +ending with an asterisk is searched. +Searching wildcard names hashes is slower than searching exact name hash +because names are searched by domain parts. +Note that the special wildcard form .nginx.org +is stored in a wildcard names hash and not in an exact names hash. +Regular expressions are tested sequentially +and therefore are the slowest method and are non-scalable. + + + +For these reasons, it is better to use exact names where possible. +For example, if the most frequently requested names of a server +are nginx.org and www.nginx.org, +it is more efficient to define them explicitly: + + +server { + listen 80; + server_name nginx.org www.nginx.org *.nginx.org; + ... +} + + +than to use the simplified form: + + +server { + listen 80; + server_name .nginx.org; + ... +} + + + + +If you have defined a large number of server names, +or defined unusually long server names, you may need to tune +the server_names_hash_max_size +and server_names_hash_bucket_size directives +at the http level. +The default value of the server_names_hash_bucket_size +may be equal to 32, or 64, or another value, +depending on your CPU cache line size. +If the default value is 32 and you define +“too.long.server.name.nginx.org” as a server name, +then nginx will fail to start and display the error message: + + +could not build the server_names_hash, +you should increase server_names_hash_bucket_size: 32 + + +In this case, you should set the directive value to the next power of 2: + + +http { + server_names_hash_bucket_size 64; + ... + + +If you have defined a large number of server names, +you will get another error message: + + +could not build the server_names_hash, +you should increase either server_names_hash_max_size: 512 +or server_names_hash_bucket_size: 32 + + +You should first try to set server_names_hash_max_size +to a number close to the number of server names. +Only if this does not help, +or if nginx’s start time is unacceptably long, +should you try to increase server_names_hash_bucket_size. + + + +If a server is the only server for a listen port, then nginx will not test +server names at all (and will not build the hashes for the listen port). +However, there is one exception. +If a server_name is a regular expression with captures, +then nginx has to execute the expression to get the captures. + + +
+ + +
+ + + + + +A default server name value is an empty name “” since 0.8.48. + + + +Named regular expression server name captures have been supported since 0.8.25. + + + +Regular expression server name captures have been supported since 0.7.40. + + + +An empty server name “” has been supported since 0.7.12. + + + +A wildcard server name or regular expression has been supported for use +as the first server name since 0.6.25. + + + +Regular expression server names have been supported since 0.6.7. + + + +Wildcard form nginx.* has been supported since 0.6.0. + + + +The special form .nginx.org has been supported since 0.3.18. + + + +Wildcard form *.nginx.org has been supported since 0.1.13. + + + + + +
+ +
diff -r 000000000000 -r 61e04fc01027 xml/en/docs/index.xml --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/xml/en/docs/index.xml Thu Aug 11 12:19:13 2011 +0000 @@ -0,0 +1,40 @@ + + +
+ + +
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ +
diff -r 000000000000 -r 61e04fc01027 xml/en/docs/introduction.xml --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/xml/en/docs/introduction.xml Thu Aug 11 12:19:13 2011 +0000 @@ -0,0 +1,30 @@ + + +
+ + +
+ + + + + + + + + + + + + + + + + + + +
+ +
diff -r 000000000000 -r 61e04fc01027 xml/en/docs/sys_errlist.xml --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/xml/en/docs/sys_errlist.xml Thu Aug 11 12:19:13 2011 +0000 @@ -0,0 +1,31 @@ + + +
+ + +
+ + +While building nginx version 0.7.66, 0.8.35 or higher on Linux +the following warning messages are issued: + + +warning: `sys_errlist' is deprecated; + use `strerror' or `strerror_r' instead +warning: `sys_nerr' is deprecated; + use `strerror' or `strerror_r' instead + + +This is normal: nginx has to use the deprecated sys_errlist[] and sys_nerr +in signal handlers because strerror() and strerror_r() functions +are not Async-Signal-Safe. + + +
+ +
diff -r 000000000000 -r 61e04fc01027 xml/en/docs/windows.xml --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/xml/en/docs/windows.xml Thu Aug 11 12:19:13 2011 +0000 @@ -0,0 +1,150 @@ + + +
+ + +
+ + +nginx/Windows uses the native Win32 API (not the Cygwin emulation layer). +Currently only the select method is used as a notification method, +therefore you should not expect high performance and scalability. +Because of this and some known issues nginx/Windows is considered +as a beta version. +There is almost full-functionality in nginx/Windows as compared +with the Unix version, +except XSLT filter, image filter, GeoIP module, and embedded Perl language. + + + +To install nginx/Windows, you should download +the latest development version zipped file, +since the development branch contains all known fixes, +especially Windows related. +Then you should unzip the file, +go to the nginx- directory, and run nginx. +Here is an example for the drive C: root directory: + + +cd c:\ +unzip nginx-.zip +cd nginx- +start nginx + + +You may run the tasklist command line utility +to see nginx processes: + + +C:\nginx->tasklist /fi "imagename eq nginx.exe" + +Image Name PID Session Name Session# Mem Usage +=============== ======== ============== ========== ============ +nginx.exe 652 Console 0 2 780 K +nginx.exe 1332 Console 0 3 112 K + + +One of the processes is the master process and another is the worker process. +If nginx will not start, you should look in +the logs\error.log file for the reason. +If the log file has not been created, the reason should be reported +in the Windows Event Log. +If you see an error page instead of the expected page, you should also look in +the logs\error.log file for the error reason. + + + +nginx/Windows uses the directory where it has been run as the prefix +directory for relative paths in the configuration. +In the example above, the prefix directory is +C:\nginx-\. +Paths in the configuration must be set in Unix style using forward slashes: + + +access_log logs/site.log; +root C:/web/html; + + + + +nginx/Windows runs as a standard console application, not a service, +and it can be managed using the following commands: + + + + + + + + + + + + + + + + + + + + + + + +
nginx -s stopquick exit
nginx -s quitgraceful quit
nginx -s reload +changing configuration, +starting a new worker, +quitting an old worker gracefully +
nginx -s reopenreopening log files
+ + +
+ +
+ + + + +Although several workers can be run, only one of them actually does any work. + + + +A worker can handle no more than 1024 simultaneous connections. + + + +The cache and other modules which require shared memory support do not work +in Windows Vista and later due to +address space layout randomization being enabled in these Windows versions. + + + + +
+ +
+ + + + +Running as a service. + + + +Using the I/O completion ports as notification method. + + + +Using multiple worker threads inside single worker process. + + + + +
+ +
diff -r 000000000000 -r 61e04fc01027 xml/en/donation.xml --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/xml/en/donation.xml Thu Aug 11 12:19:13 2011 +0000 @@ -0,0 +1,25 @@ + + +
+ +
+ + +If you like to donate to nginx, you can make a donation via + + +PayPal: paypal@nginx.net

+ + + + + + +Thank you! + + +
+ +
diff -r 000000000000 -r 61e04fc01027 xml/en/download.xml --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/xml/en/download.xml Thu Aug 11 12:19:13 2011 +0000 @@ -0,0 +1,128 @@ + + +
+ + +
+ + + + + + + +
+ + +
+ + + + + + + + + + + + + + + + + + + + +
+ + +
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ +
diff -r 000000000000 -r 61e04fc01027 xml/en/index.xml --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/xml/en/index.xml Thu Aug 11 12:19:13 2011 +0000 @@ -0,0 +1,271 @@ + + +
+ + +
+ + +nginx [engine x] is a HTTP and reverse proxy server, +as well as a mail proxy server +written by Igor Sysoev. +It has been running for more than five years +on many heavily loaded Russian sites including +Rambler +(RamblerMedia.com). +According to Netcraft nginx served or proxied +4.70% +busiest sites in April 2010. +Here are some of success stories: +FastMail.FM, +Wordpress.com. + + + +The sources are licensed under +2-clause BSD-like license. + + +
+ + +
+ + + + + +Serving static and index files, and autoindexing; +open file descriptor cache; + + + +Accelerated reverse proxying with caching; +simple load balancing and fault tolerance; + + + +Accelerated support with caching of remote FastCGI servers; +simple load balancing and fault tolerance; + + + +Modular architecture. +Filters include gzipping, byte ranges, chunked responses, XSLT, SSI, +and image resizing filter. +Multiple SSI inclusions within a single page can be processed in +parallel if they are handled by FastCGI or proxied servers. + + + +SSL and TLS SNI support. + + + + + +
+ + +
+ + + + + +Name-based and IP-based virtual servers; + + + +Keep-alive and pipelined connections support; + + + +Flexible configuration; + + + +Reconfiguration and online upgrade without interruption +of the client processing; + + + +Access log formats, bufferred log writing, and quick log rotation; + + + +3xx-5xx error codes redirection; + + + +The rewrite module; + + + +Access control based on client IP address and HTTP Basic authentication; + + + +The PUT, DELETE, MKCOL, COPY and MOVE methods; + + + +FLV streaming; + + + +Speed limitation; + + + +Limitation of simultaneous connections or requests from one address. + + + +Embedded perl. + + + + + +
+ + +
+ + + + + +User redirection to IMAP/POP3 backend using an external HTTP +authentication server; + + + +User authentication using an external HTTP authentication server +and connection redirection to internal SMTP backend; + + + +Authentication methods: + + + + +POP3: USER/PASS, APOP, AUTH LOGIN/PLAIN/CRAM-MD5; + + + +IMAP: LOGIN, AUTH LOGIN/PLAIN/CRAM-MD5; + + + +SMTP: AUTH LOGIN/PLAIN/CRAM-MD5; + + + + + + +SSL support; + + + +STARTTLS and STLS support. + + + + + +
+ + +
+ + + + + +One master process and several workers processes. +The workers run as unprivileged user; + + + +The notification methods: kqueue (FreeBSD 4.1+), +epoll (Linux 2.6+), rt signals (Linux 2.2.19+), +/dev/poll (Solaris 7 11/99+), event ports (Solaris 10), +select, and poll; + + + +The support of the various kqueue features including EV_CLEAR, EV_DISABLE +(to disable event temporalily), NOTE_LOWAT, EV_EOF, number of available data, +error codes; + + + +sendfile (FreeBSD 3.1+, Linux 2.2+, Mac OS X 10.5), sendfile64 (Linux 2.4.21+), +and sendfilev (Solaris 8 7/01+) support; + + + +File AIO (FreeBSD 4.3+, Linux 2.6.22+); + + + +Accept-filters (FreeBSD 4.1+) and TCP_DEFER_ACCEPT (Linux 2.4+) support; + + + +10,000 inactive HTTP keep-alive connections take about 2.5M memory; + + + +Data copy operations are kept to a minimum. + + + + + +
+ + +
+ + + + + +FreeBSD 3 — 8 / i386; FreeBSD 5 — 8 / amd64; + + + +Linux 2.2 — 2.6 / i386; Linux 2.6 / amd64; + + + +Solaris 9 / i386, sun4u; Solaris 10 / i386, amd64, sun4v; + + + +MacOS X / ppc, i386; + + + +Windows XP, Windows Server 2003. + + + + + +
+ + +
diff -r 000000000000 -r 61e04fc01027 xml/en/links.xml --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/xml/en/links.xml Thu Aug 11 12:19:13 2011 +0000 @@ -0,0 +1,46 @@ + + +
+ +
+ + + + + +Emiller’s +Guide To Nginx Module Development + + + +Emiller’s +Advanced Topics In Nginx Module Development + + + + + +
+ + +
+ + + + + +Planet nginx + + + +php-fpm: PHP FastCGI Process Manager + + + + + +
+ +
diff -r 000000000000 -r 61e04fc01027 xml/en/security_advisories.xml --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/xml/en/security_advisories.xml Thu Aug 11 12:19:13 2011 +0000 @@ -0,0 +1,73 @@ + + +
+ +
+ + +Igor Sysoev’s PGP public key. + + + + + + + + + + + + + + + + + + + + + + +
+ +
diff -r 000000000000 -r 61e04fc01027 xml/en/support.xml --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/xml/en/support.xml Thu Aug 11 12:19:13 2011 +0000 @@ -0,0 +1,71 @@ + + +
+ + +
+ + + + + +wiki.nginx.org + + + + + +
+ + +
+ + + + + +nginx.org/mailman, +archive. +To write in the mailing lists, you must first +subscribe +your email address which you plan to use for posting. + + + +nginx@nginx.org MARC archive + + + +nginx@nginx.org +Gmane archive + + + + + +
+ + +
+ + + + + +forum.nginx.org +(with mailing lists integration) + + + +Ruby Forum +(with nginx@nginx.org mailing list integration) + + + + + +
+ +
diff -r 000000000000 -r 61e04fc01027 xml/he/GNUmakefile --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/xml/he/GNUmakefile Thu Aug 11 12:19:13 2011 +0000 @@ -0,0 +1,39 @@ + +DOCS_HE = he/docs/windows \ + he/docs/introduction \ + he/docs/howto \ + +DOCS_HE_XML = $(foreach name, $(DOCS_HE), xml/$(name).xml) +DOCS_HE_HTML = $(foreach name, $(DOCS_HE), $(OUT)/$(name).html) + +INTRO_HE = he/docs/http/server_names \ + +INTRO_HE_XML = $(foreach name, $(INTRO_HE), xml/$(name).xml) +INTRO_HE_HTML = $(foreach name, $(INTRO_HE), $(OUT)/$(name).html) + +HOWTO_HE = he/docs/http/converting_rewrite_rules \ + +HOWTO_HE_XML = $(foreach name, $(HOWTO_HE), xml/$(name).xml) +HOWTO_HE_HTML = $(foreach name, $(HOWTO_HE), $(OUT)/$(name).html) + +he: \ + $(OUT)/he/index.html \ + $(OUT)/he/docs/index.html \ + $(DOCS_HE_HTML) \ + $(INTRO_HE_HTML) \ + $(HOWTO_HE_HTML) \ + +$(OUT)/he/docs/index.html: xml/he/docs/index.xml \ + $(ARTICLE_XSLT) \ + $(DOCS_HE_XML) + $(call XSLT, xslt/article.xslt, $<, $@) + +$(OUT)/he/docs/introduction.html: xml/he/docs/introduction.xml \ + $(ARTICLE_XSLT) \ + $(INTRO_HE_XML) + $(call XSLT, xslt/article.xslt, $<, $@) + +$(OUT)/he/docs/howto.html: xml/he/docs/howto.xml \ + $(ARTICLE_XSLT) \ + $(HOWTO_HE_XML) + $(call XSLT, xslt/article.xslt, $<, $@) diff -r 000000000000 -r 61e04fc01027 xml/he/docs/howto.xml --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/xml/he/docs/howto.xml Thu Aug 11 12:19:13 2011 +0000 @@ -0,0 +1,30 @@ + + +
+ + +
+ + + + + + + + + + + + + +
+ +
diff -r 000000000000 -r 61e04fc01027 xml/he/docs/http/converting_rewrite_rules.xml --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/xml/he/docs/http/converting_rewrite_rules.xml Thu Aug 11 12:19:13 2011 +0000 @@ -0,0 +1,134 @@ + + +
+ +
+ + +משתמשים שבמהלך חיי האירוח המשותף נהגו להגדיר הכל באמצעות +שימוש רק בקובצי htaccess. של Apache, יתרגמו בדרך כלל את +הכללים הבאים: + + +RewriteCond %{HTTP_HOST} nginx.org +RewriteRule (.*) http://www.nginx.org$1 + + +למשהו כזה: + + +server { + listen 80; + server_name www.nginx.org nginx.org; + if ($http_host = nginx.org) { + rewrite (.*) http://www.nginx.org$1; + } + ... +} + + + + +צורה זו היא שגוייה, מסובכת, ולא יעילה. +הדרך הנכונה היא להגדיר שרת נפרד עבור nginx.org: + + +server { + listen 80; + server_name nginx.org; + rewrite ^ http://www.nginx.org$request_uri?; +} + +server { + listen 80; + server_name www.nginx.org; + ... +} + + + +
+ + +
+ + +דוגמה נוספת, במקום הגיון הפוך: כל מה שהוא לא +nginx.com וגם לא www.nginx.com: + + +RewriteCond %{HTTP_HOST} !nginx.com +RewriteCond %{HTTP_HOST} !www.nginx.com +RewriteRule (.*) http://www.nginx.com$1 + + +עלייך רק להגדיר את nginx.com, www.nginx.com, +וכל דבר אחר: + + +server { + listen 80; + server_name nginx.org www.nginx.org; + ... +} + +server { + listen 80 default_server; + server_name _; + rewrite ^ http://nginx.org$request_uri?; +} + + + +
+ + +
+ + +כללי Mongrel טיפוסיים: + + +DocumentRoot /var/www/myapp.com/current/public + +RewriteCond %{DOCUMENT_ROOT}/system/maintenance.html -f +RewriteCond %{SCRIPT_FILENAME} !maintenance.html +RewriteRule ^.*$ %{DOCUMENT_ROOT}/system/maintenance.html [L] + +RewriteCond %{REQUEST_FILENAME} -f +RewriteRule ^(.*)$ $1 [QSA,L] + +RewriteCond %{REQUEST_FILENAME}/index.html -f +RewriteRule ^(.*)$ $1/index.html [QSA,L] + +RewriteCond %{REQUEST_FILENAME}.html -f +RewriteRule ^(.*)$ $1/index.html [QSA,L] + +RewriteRule ^/(.*)$ balancer://mongrel_cluster%{REQUEST_URI} [P,QSA,L] + + +יש להמיר כך + + +location / { + root /var/www/myapp.com/current/public; + + try_files /system/maintenance.html + $uri $uri/index.html $uri.html + @mongrel; +} + +location @mongrel { + proxy_pass http://mongrel; +} + + + +
+ +
diff -r 000000000000 -r 61e04fc01027 xml/he/docs/http/server_names.xml --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/xml/he/docs/http/server_names.xml Thu Aug 11 12:19:13 2011 +0000 @@ -0,0 +1,419 @@ + + +
+ +
+ + +שמות שרת מוגדרים על ידי המאפיין server_name +והם קובעים איזה בלוק תצורת שרת מקובץ התצורה יהיה בשימוש לכל בקשה ובקשה לשרת. +ראו גם “”. +ניתן להגדירם באמצעות שמות מדוייקים, שמות Wildcard, או באמצעות ביטויים רגולריים: + + +server { + listen 80; + server_name nginx.org www.nginx.org; + ... +} + +server { + listen 80; + server_name *.nginx.org; + ... +} + +server { + listen 80; + server_name mail.*; + ... +} + +server { + listen 80; + server_name ~^(?<user>.+)\.nginx\.net$; + ... +} + + +השמות נבדקים בסדר הבא: + + + + +שמות מדוייקים; + + + +שמות Wildcard המתחילים בכוכבית: *.nginx.org; + + + +שמות Wildcard המסתיימים בכוכבית: mail.*; + + + +ביטויים רגולריים לפי הסדר שבו הם מופיעים בקובץ התצורה. + + + +ההתאמה הראשונה עוצרת את החיפוש. + + +
+ + +
+ + +שם wildcard יכול להכיל כוכבית רק בתחילת או בסוף השם, וחייב להיות בגבול של נקודה. +השמות www.*.nginx.orgw*.nginx.org הם שגויים. +למרות זאת, ניתן לציין שמות כאלה באמצעות ביטויים רגולריים, +לדוגמא, ~^www\..+\.nginx\.org$ ו +~^w.*\.nginx\.org$. +סימן הכוכבית יכול להחליף מספר חלקי שם. +השם *.nginx.org מתאים לא רק ל +www.nginx.org אלא גם ל www.sub.nginx.org. + + + +ניתן להשתמש ב wildcard מיוחד בצורה של .nginx.org +כדי להתאים גם לשם המדוייק nginx.org +וגם לשם ה wildcard הבא: *.nginx.org. + + +
+ + +
+ + +הביטויים הרגולריים ש nginx משתמש בהם, תואמים לאלה אשר נמצאים בשימוש +בשפת פרל (PCRE). +כדי להשתמש בביטוי רגולרי, על שם השרת להתחיל עם סימן הטילדה (~), כך: + + +server_name ~^www\d+\.nginx\.net$; + + +אחרת nginx יתייחס אליו כשם מדוייק, או אם הביטוי מכיל כוכבית, כשם wildcard (וסביר +להניח שיהיה שגוי). +אל תשכחו להגדיר עוגני + “^” ו “$”. +הם לא דרושים תחבירית, אם כי לוגית. +כמו כן שימו לב שהנקודות של שם המתלם צריכות להיות מוברחות (escaped) על ידי לוכסן הפוך (\). +ביטוי רגולרי המכיל את התווים “{” +ו “}” צריך להיות במרכאות: + + +server_name "~^(?<name>\w\d{1,3}+)\.nginx\.net$"; + + +אחרת nginx יכשל בעלייה, ויציג את הודעת השגיאה הבאה: + + +directive "server_name" is not terminated by ";" in ... + + +ביטוי רגולרי שניתן לו שם ונלכד, ניתן לשימוש מאוחר יותר כמשתנה: + + +server { + server_name ~^(www\.)?(?<domain>.+)$; + + location / { + root /sites/$domain; + } +} + + +ספריית PCRE תומכת בלכידות מבוססות שם לפי התחביר הבא: + + + + + + + + + + + + + + + + + + +
?<name>תחביר תואם פרל 5.10, נתמך החל מ PCRE-7.0
?'name'תחביר תואם פרל 5.10, נתמך החל מ PCRE-7.0
?P<name>תחביר תואם פייתון, נתמך החל מ PCRE-4.0
+ +אם nginx נכשל בעלייה ומציג את הודעת השגיאה הבאה: + + +pcre_compile() failed: unrecognized character after (?< in ... + + +פירוש הדבר שספריית ה PCRE היא ישנה, ועליכם לנסות את התחביר +?P<name>. + +את הלכידה ניתן לבצע גם בצורה ספרתית: + + +server { + server_name ~^(www\.)?(.+)$; + + location / { + root /sites/$2; + } +} + + +אך יש להשתמש בצורה זו במקרים פשוטים (כמו לעיל), כיוון שהייחוסים הספרתיים +יכולים להידרס בקלות + + + +
+ + +
+ + +אם אף server_name לא מוגדר בבלוג שרת, +אזי nginx משתמש ב hostname בתור שם השרת. + + + +אם ברצונכם לעבד בקשות בלי שורת כותר “Host” +בבלוק שרת שאינו ברירת המחדל, עליכם לציין שם ריק: + + +server { + listen 80; + server_name nginx.org www.nginx.org ""; + ... +} + + + + +אם מישהו מבצע בקשה באמצעות כתובת IP במקום שם שרת, שורת הכותר +“Host” תכיל כתובת IP, ואפשר יהיה לטפל בבקשה על ידי +שימוש בכתובת IP בשם השרת: + + +server { + listen 80; + server_name nginx.org + www.nginx.org + "" + 192.168.1.1 + ; + ... +} + + + + +בדוגמאות catch-all ייתכן ותראו את השם המוזר “_”: + + +server { + listen 80 default_server; + server_name _; + return 444; +} + + +אין שום דבר מוזר בשם הזה, הוא רק אחד משלל שמות מתחם שגויים שלעולם לא +תפגשו בהם בשם אמיתי. +ניתן להשתמש גם ב “--”, “!@#”, וכך הלאה. + + + +nginx בגירסאות עד 0.6.25 תמך בשם המיוחד “*” +אשר יש שפירשו אותו בטעות כשם catch-all. +השם הזה מעולם לא תפקד כ catch-all ואף לא כשם wildcard. +בפועל, הוא סיפק את הפונקציונליות שהיום מסופקת על ידי +המאפיין server_name_in_redirect. +השם המיוחד “*” הוא כעת לא מומלץ לשימוש, ויש +להשתמש במאפיין server_name_in_redirect במקומו. +שימו לב שאין דרך לציין את שם ה catch-all או את שרת ברירת המחדל +על ידי שימוש במאפיין server_name. +זוהי תכונה של המאפיין listen ולא של המאפיין server_name. +ראו גם “”. + +באפשרותכם להגדיר שרתים המאזינים על פורטים *:80 ו *:8080, +ולהגדיר שרת אחת שהוא ברירת המחדל עבור פורט + *:8080, בעוד שהשני יהיה ברירת מחדל עבור פורט *:80: + + +server { + listen 80; + listen 8080 default_server; + server_name nginx.net; + ... +} + +server { + listen 80 default_server; + listen 8080; + server_name nginx.org; + ... +} + + + + +
+ + +
+ + + +שמות מדוייקים ושמות wildcard מאוחסנים בגיבוב (hash). +הגיבובים מקושרים להאזנות לפורטים, ולכן פורט האזנה יכולים להיות +עד שלושה גיבויים: גיבוב שם מדוייק, גיבוי שמות wildcard שמתחילים +בכוכבית, וגיבוב שמות wildcard שמסתיימים בכוכבית. +הגודל של הגיבובים מיועל בשלב התצורה כך שניתן יהיה למצוא שם +עם הכי מעט פספוסי מטמון מעבד. +גיבוב השמות המדוייקים עובר חיפוש ראשון. +אם שם לא נמצא בגיבוב השמות המדוייק, מתחיל חיפוש בגיבוב השמות המתחילים +בכוכבית. +אם הוא לא נמצא גם שם, מתחיל חיפוש בגיבוב השמות המסתיימים בכוכבית. +חיפוש בגיבובי שמות wildcard הוא איטי יותר מחיפוש שם בגיבוב השמות המדוייקים +כיוון ששמות עוברים חיפוש על פי חלקי שם המתחם. +שימו לב שצורת ה wildcard המיוחדת .nginx.org +שמורה גם היא בגיבוב שמות ה wildcard ולא בגיבוב השמות המדוייקים. +ביטויים רגולריים נבדקים באופן סדרתי, ועל כן הם השיטה האיטית ביותר +ואינם סקאלאביליים. + + + +בהתחשב בנסיבות אלה, הכי טוב להשתמש בשמות מדוייקים בכל מקום שהדבר אפשרי. +לדוגמה, אם השמות הנפוצים ביותר לשרת הם nginx.org ו www.nginx.org, +יותר יעיל להגדיר אותם באופן מפורש: + + +server { + listen 80; + server_name nginx.org www.nginx.org *.nginx.org; + ... +} + + +מאשר להשתמש בשיטה המופשטת: + + +server { + listen 80; + server_name .nginx.org; + ... +} + + + + +אם הגדרתם מספר גדול של שמות שרת, או שהגדרתם שמות שרת ארוכים מהרגיל, +ייתכן ויהיה עליכם לכוונן את המאפיינים server_names_hash_max_sizeserver_names_hash_bucket_size ברמת ה http. +ערך ברירת המחדל של server_names_hash_bucket_size +יכול להיות שווה ל 32, ל 64, או לערך אחר, בהתאם לגודל קו המטמון של המעבד שלכם. +אם ברירת המחדל היא 32 ותגדירו +“too.long.server.name.nginx.org” בתור שם שרת, +אזי nginx ייכשל בעלייה ויציג את הודעת השגיאה הבאה: + + +could not build the server_names_hash, +you should increase server_names_hash_bucket_size: 32 + + +במקרה זה, עליכם להגדיר את ערך המאפיין לחזקה הבאה של 2: + + +http { + server_names_hash_bucket_size 64; + ... + + +אם הגדרתם כמות גדולה של שמות שרת, אתם עלולים לקבל את הודעת השגיאה הבאה: + + +could not build the server_names_hash, +you should increase either server_names_hash_max_size: 512 +or server_names_hash_bucket_size: 32 + + +עליכם לנסות קודם להגדיל את server_names_hash_max_size +למספר קרוב למספר השרתים. +רק אם זה לא עזר, או שזמן העלייה של nginx הוא ארוך בצורה מוגזמת, +נסו להגדיל את server_names_hash_bucket_size. + + + +אם שרת הוא השרת היחיד עבור פורט האזנה, אזי nginx לא יבדוק שמות שרת בכלל +(ולא יבנה גיבובים עבור פורט ההאזנה). +אך, יש יוצא דופן אחד. +אם server_name הוא ביטוי רגולרי עם לכידות, +nginx חייב לבצע את הביטוי כדי לקבל את מה שנלכד בהן. + + +
+ + +
+ + + + + +לכידת שמות בביטויים רגולריים נתמכה החל מגירסה 0.8.25. + + + +לכידת ביטויים רגולריים נתמכה החל מגירסה 0.7.40. + + + + +שם שרת ריק “” נתמך החל מגירסה 0.7.12. + + + +שם שרת מסוג wildcard או ביטוי רגולרי נתמכו לשימוש כשם שרת ראשון החל מגירסה 0.6.25. + + + +שמות שרת כביטוי רגולרי נתמכו החל מגירסה 0.6.7. + + + +צורות Wildcard מסוג nginx.* נתמכו החל מגירסה 0.6.0. + + + +הצורה המיוחדת .nginx.org נתמכה החל מגירסה 0.3.18. + + + +הצורה *.nginx.org נתמכה החל מגירסה 0.1.13. + + + + + +
+ +
diff -r 000000000000 -r 61e04fc01027 xml/he/docs/index.xml --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/xml/he/docs/index.xml Thu Aug 11 12:19:13 2011 +0000 @@ -0,0 +1,44 @@ + + +
+ + +
+ + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ +
diff -r 000000000000 -r 61e04fc01027 xml/he/docs/introduction.xml --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/xml/he/docs/introduction.xml Thu Aug 11 12:19:13 2011 +0000 @@ -0,0 +1,38 @@ + + +
+ + +
+ + + + + + + + + + + + + + + +
+ +
diff -r 000000000000 -r 61e04fc01027 xml/he/docs/windows.xml --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/xml/he/docs/windows.xml Thu Aug 11 12:19:13 2011 +0000 @@ -0,0 +1,142 @@ + + +
+ +
+ + +nginx/Windows משתמש ב API הטבעי של חלונות, Win32 API (ולא בשכבת אמולציה של Cygwin). +נכון למועד כתיבת שורות אלה, שיטת היידוע select היא זו שנמצאת בשימוש, +ולכן אין לצפות לרמת ביצועים גבוהה וליכולת גידול. +עקב כך וגם בעקבות בעיות ידועות אחרות, nginx/Windows נחשבת כגירסת בטא. +ישנה פונקציונליות כמעט מלאה ב nginx/Windows ביחס לגירסת Unix, חוץ מפילטר XSLT, +פילטר תמונות, מודול GeoIP ושפת Perl משובצת. + + +כדי להתקין את nginx/Windows, יש להוריד +את קובץ הזיפ של גירסת הפיתוח האחרונה , +כיוון שענף הפיתוח מכיל את כל התיקונים הידועים, בייחוד אלו הקשורים לחלונות. +אחרי ההורדה, יש לפרוס את קובץ הזיפ, +להיכנס לתיקיה nginx-, ולהריץ את nginx. +הנה דוגמא עבור תיקיית השורש של כונן C: + + +cd c:\ +unzip nginx-.zip +cd nginx- +start nginx + + +תוכלו להריץ את כלי שורת הפקודה tasklist כדי לראות תהליכים +של nginx: + + +C:\nginx->tasklist /fi "imagename eq nginx.exe" + +Image Name PID Session Name Session# Mem Usage +=============== ======== ============== ========== ============ +nginx.exe 652 Console 0 2 780 K +nginx.exe 1332 Console 0 3 112 K + + +אחד מהתהליכים הוא התהליך הראשי (מנהל), והאחר הוא תהליך עובד. +אם nginx לא מתחיל לפעול, יש לעיין בקובץ logs\error.log כדי לבדוק את הסיבה. +אם קובץ הלוג לא נוצר, הסיבה צריכה להיות מדווחת ב Event Log של חלונות. +אם הנכם מקבלים דף שגיאה במקום העמוד הרצוי, עליכם לעיין בקובץ logs\error.log גם כן, +כדי לראות מה הסיבה. + + + +nginx/Windows משתמש בתיקייה שממנה הוא הופעל בתור תיקיית הקידומת לכל +הנתיבים היחסיים שבקובץ התצורה. +בדוגמה שלעיל, תיקיית הקידומת תהיה +C:\nginx-\. +על נתיבים בקובץ התצורה להיות בסגנון Unix בלבד, באמצעות לוכסנים קדמיים: + + +access_log logs/site.log; +root C:/web/html; + + + + +nginx/Windows רץ כיישום קונסול סטנדרטי, ולא כשירות (service) במערכת, +וניתן לנהלו באמצעות הפקודות הבאות: + + + + + + + + + + + + + + + + + + + + + + +
nginx -s stopיציאה מהירה
nginx -s quitיציאה מסודרת
nginx -s reload +שינוי תצורה, +הפעלת תהליך עובד חדש, +סגירת תהליך עובד ישן באופן מסודר +
nginx -s reopenפתיחה מחדש של קובצי הלוג
+ + +
+ +
+ + + + +למרות שניתן להפעיל מספר תהליכים עובדים, רק אחד מהם עושה בפועל את העבודה. + + + +תהליך עובד לא יכול לטפל ביותר מ 1024 חיבורים פעילים בו זמנית. + + + +מודול המטמון ומודולים אחרים אשר דורשים תמיכה בזיכרון משותף, לא עובדים בחלונות +ויסטה או גירסאות מאוחרות יותר, עקב הפעלת טכניקת address space layout randomization +המופעלת בגירסאות אלה של חלונות. + + + + +
+ +
+ + + + +הרצה כשירות במערכת (Service). + + + +שימוש ב I/O completion ports כשיטת יידוע. + + + +שימוש במספר נימי עובדים בתוך תהליך עובד אחד. + + + + +
+ +
diff -r 000000000000 -r 61e04fc01027 xml/he/index.xml --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/xml/he/index.xml Thu Aug 11 12:19:13 2011 +0000 @@ -0,0 +1,266 @@ + + +
+ + +
+ + +nginx [נהגה: engine x] הוא שרת HTTP ופרוקסי הפוך, כמו גם שרת פרוקסי לדואר, +שנכתב על ידי Igor Sysoev. + הוא נמצא בשימוש כבר יותר מחמש שנים באתרים רוסיים עמוסים במיוחד, כגון +Rambler +(ו RamblerMedia.com). +לפי חברת Netcraft, השרת nginx הגיש או נתן שירות ל +4.70% +מהאתרים העמוסים ביותר באפריל 2010. +הנה כמה סיפורי הצלחה: +FastMail.FM, +Wordpress.com. + + + +קוד המקור הוא בעל רשיון +2-פיסקאות דמוי רשיון BSD. + + +
+ + +
+ + + + + +הגשת קבצים סטטיים וקובצי אינדקס, ואינדוקס אוטומטי; +מטמון file descriptor-ים פתוחים; + + + +פרוקסי הפוך מואץ כולל מטמון; +ביזור עומסים פשוט ושרידות מפני תקלות; + + + +תמיכה בהאצה עם מטמון של שרתי FastCGI מרוחקים; +ביזור עומסים פשוט ושרידות מפני תקלות; + + + +ארכיטקטורה מודולרית. פילטרים המבצעים gzip, טווחי בתים (byte ranges), +תשובות מסוג chunked, תמיכה ב XSLT, SSI ופילטר שינוי גודל תמונות. +ריבוי הכללות SSI בדף בודד יכול להיות מבוצע באופן מקבילי אם הן מטופלות +על ידי FastCGI או שרתים ש nginx הוא פרוקסי עבורם. + + + +תמיכה ב SSL ו TLS SNI. + + + + + +
+ + +
+ + + + + +שרתים וירטואליים מבוססי IP ושם (הוסט); + + + +תמיכה ב keep-alive וב pipelining לחיבורים; + + + +תצורה גמישה; + + + +קביעת תצורה מחדש ואף שדרוג מקוון ללא כל הפרעה לעיבוד +בקשות הלקוחות; + + + +פורמטים ללוג הגישה, כתיבה ללוג באמצעות חוצץ, והחלפת לוגים מהירה; + + + +הפנייה באמצעות קודי שגיאה 3xx-5xx; + + + +מודול rewrite; + + + +בקרת גישה המבוססת על כתובת IP של הלקוח וגם אימות מסוג HTTP Basic; + + + +המתודות PUT, DELETE, MKCOL, COPY ו MOVE; + + + +סטרימינג של FLV; + + + +הגבלת מהירות; + + + +הגבלה של מספר החיבורים בו זמנית או מספר הבקשות מכתובת אחת. + + + +perl משובץ. + + + + + +
+ + +
+ + + + + +הפניית משתמשים לשרתי IMAP/POP3 אחוריים בהתבסס על שרת אימות HTTP חיצוני; + + + +אימות משתמש באמצעות שרת אימות HTTP חיצוני והפניית חיבור לשרת SMTP פנימי; + + + +מתודות אימות: + + + + +POP3: USER/PASS, APOP, AUTH LOGIN/PLAIN/CRAM-MD5; + + + +IMAP: LOGIN, AUTH LOGIN/PLAIN/CRAM-MD5; + + + +SMTP: AUTH LOGIN/PLAIN/CRAM-MD5; + + + + + + +תמיכה בהצפנת SSL; + + + +תמיכה ב STARTTLS ו STLS. + + + + + +
+ + +
+ + + + + +תהליך ראשי אחד ומספר תהליכי עובדים. +תהליכי העובדים רצים בתור משתמש ללא הרשאות; + + + +שיטות יידוע: kqueue (במערכות FreeBSD 4.1 ומעלה), +epoll (במערכות לינוקס 2.6 ומעלה), סיגנלי rt (במערכות לינוקס 2.2.19 ומעלה), +/dev/poll (במערכות סולאריס 7 11/99 ומעלה), event ports (במערכות סולאריס 10), +select, ואף poll; + + + +תמיכה עבור תכונות kqueue שונות כולל EV_CLEAR ו EV_DISABLE +(כדי לבטל אירועים זמנית), NOTE_LOWAT, EV_EOF, מספר קודי מידע ושגיאה; + + + +תמיכה ב sendfile (במערכות FreeBSD 3.1 ומעלה, לינוקס 2.2 ומעלה ו Mac OS X 10.5), תמיכה ב sendfile64 (לינוקס 2.4.21 ומעלה), +ו sendfilev (סולאריס 8 7/01 ומעלה); + + + +File AIO (במערכות FreeBSD 4.3 ומעלה ולינוקס 2.6.22 ומעלה); + + + +תמיכה ב Accept-filters (במערכות FreeBSD 4.1 ומעלה) ו TCP_DEFER_ACCEPT (במערכות לינוקס 2.4 ומעלה) + + + +10,000 חיבורי HTTP לא פעילים במצב keep-alive תופסים נפח זיכרון העומד על בערך +12.5M; + + + +פעולות העתקת מידע מבוצעות באופן נדיר ככל האפשר. + + + + + +
+ + +
+ + + + + +FreeBSD 3 — 8 / i386; FreeBSD 5 — 8 / amd64; + + + +לינוקס 2.2 — 2.6 / i386; לינוקס 2.6 / amd64; + + + +סולאריס 9 / i386, sun4u; סולאריס 10 / i386, amd64, sun4v; + + + +MacOS X / ppc, i386; + + + +חלונות XP, חלונות סרבר 2003. + + + + + +
+ + +
diff -r 000000000000 -r 61e04fc01027 xml/i18n.xml --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/xml/i18n.xml Thu Aug 11 12:19:13 2011 +0000 @@ -0,0 +1,26 @@ + + + + + +written by +edited by +translated by + + + +作成: +翻訳: + + + +נכתב על ידי +תורגם על ידי + + + +yazan: +çeviren: + + + diff -r 000000000000 -r 61e04fc01027 xml/index.xml --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/xml/index.xml Thu Aug 11 12:19:13 2011 +0000 @@ -0,0 +1,524 @@ + + + + + + +We are happy to announce trac.nginx.org. + + + +You will find the code browser and the bug tracker on this page. +Please note that we would greatly appreciate if you could switch +to this new and hopefully convenient way of submitting bug reports to us, +along with patches to the code. +Here is a short instruction. + + + +Thanks! + + + + + +nginx-1.1.0 +development version has been released. + + + + + +Japanese translation of the site by +DigitalCube Co. Ltd. +and wokamoto. + + + + + +Japanese translation of +Clément Nedelcu’s book “Nginx HTTP Server”. + + + + + +nginx-1.0.5 +stable version, +nginx-0.8.55 and +nginx-0.7.69 +legacy stable versions have been released. + + + + + +I have got news for you about nginx. + + + +Recently it became very clear for me that because of increasing +popularity of nginx and the volume of work required to develop +the code and doing support, I really need to put it at another level. + + + +So, I have decided to focus even more on nginx and established +nginx as a company to fully dedicate myself to the project. I am not alone, +there are a few nice people working for me on this. I am focusing +on the development part, and to some extent on the company operations as well. + + + +Our primary goals are improving support and communication for our users, +streamlining the development process, revamping the documentation, +integrating and speeding up pending bugfixes and patches, introducing +long-requested functionality and more. + + + +It should be noted that nginx will remain free, open-source software +under 2-clause BSD license. There will be no shortage of new and +long-awaited features too. + + + +Thank you very much for your ongoing support through all these years. +Without your awareness, feedback and support nginx would not become +that successful. +I am really looking forward to see more people who found nginx useful. +I am also very glad we now have a proper way of doing a lot more for you. + + + +Thanks!
+Igor Sysoev + + + + + +nginx-1.0.4 +stable version has been released. + + + + + +nginx-1.0.3 +stable version has been released. + + + + + +Packt has published yet another book about nginx: +“Nginx +1 Web Server Implementation Cookbook” by Dipankar Sarkar. + + + + + +nginx-1.0.2 +stable version has been released. + + + + + +nginx-1.0.1 +stable version has been released. + + + + + +Here we go!
+nginx-1.0.0 +stable version has been released.
+The repository is available at svn://svn.nginx.org. + + + +nginx development was started about 9 years ago. +The first public version 0.1.0 has been released on October 4, 2004. +Now W3Techs reports that +6.8% +of the top 1 million sites on the web (according to Alexa) use nginx. +And +46.9% +of top Russian sites use nginx. + + + +Netcraft reports similar +6.52% +nginx share of the million busiest sites in April 2011. + + + + + + +nginx-0.9.7 +development version has been released. + + + + + +nginx-0.9.6 +development version has been released. + + + + + +nginx-0.9.5 +development version has been released. + + + + + +nginx-0.9.4 +development version has been released. + + + + + +nginx-0.8.54 +stable version and +nginx-0.7.68 +legacy stable version have been released. + + + + + +nginx-0.9.3 +development version has been released. + + + + + +nginx-0.9.2 +development version has been released. + + + + + +nginx-0.9.1 +development version has been released. + + + + + +nginx-0.9.0 +development version has been released. + + + + + +nginx-0.8.53 +stable version has been released. + + + + + +nginx-0.8.52 +stable version has been released. + + + + + +nginx-0.8.51 +stable version has been released. + + + +Now the 0.8.x branch becomes a stable branch. +The new features have appeared during 0.8 development: + + + +named regular expression captures, + + + +file AIO in FreeBSD and Linux, + + + +SSL CRL, + + + +SCGI and uwsgi modules. + + + + + + + + +nginx-0.8.50 +development version has been released. + + + + + +nginx-0.8.49 +development version has been released. + + + + + +nginx-0.8.48 +development version has been released. + + + + + +nginx-0.8.47 +development version has been released. + + + +W3Techs reports that +5.1% +of the top 1 million sites on the web (according to Alexa) +use nginx. Hence nginx is on the 3rd place after Apache (70.2%) and IIS (20.5%). + + + +By the way, Netcraft reports similar +5.21% +nginx share of the million busiest sites in July 2010. + + + +Another survey by BuiltWith.com. +It’s interesting that nginx is used rather on more loaded sites: +4.95% +of the top 10,000 sites versus 3.14% of the top million (on July 27, 2010), +while Apache is used more on less loaded sites: +63.60% +of the top million sites versus 55.79% of the top 10,000 sites. +IIS/6.0 is more preferred on middle range sites: +24.49% +of the top 100,000 sites versus 20.05% of the top 10,000 +and 21.15% of the top million. + + + +Also two books +about nginx have recently been published: +“实战Nginx:取代Apache的高性能Web服务器” +by 张宴 (Zhang Yan) in Chinese and +“Nginx +HTTP Server” by +Clément Nedelcu in English. + + + + + +nginx-0.8.46 +development version has been released. + + + + + +Igor Sysoev will give a lecture about nginx on +11th +International Free Software Forum (FISL11) in Porto Alegre, Brasil. + + + + + +nginx-0.8.45 +development version has been released. + + + + + +nginx-0.8.44 +development version has been released. + + + + + +nginx-0.8.43 +development version has been released. + + + + + +nginx-0.8.42 +development version has been released. + + + + + +nginx-0.8.41 +development version and +nginx-0.7.67 +stable version have been released. + + + + + +nginx-0.8.40 +development version and +nginx-0.7.66 +stable version have been released. + + + + + +The folks at mivzakim.net +started Hebrew translation of the site. + + + + + +13.7% of the +1000 most-visited sites on the web (according to Google) +report nginx in +the “Server” +response header line. +46.5% report Apache, +14.9%—IIS, +1.3%—lighttpd. +12.3% do not report the “Server” header line at all. + + + + + +nginx-0.8.39 +development version has been released. + + + + + +nginx-0.8.38 +development version has been released. + + + + + +nginx-0.8.37 +development version has been released. + + + + + +Turkish translation of the site +by Altan Tanrıverdi. + + + + + +nginx-0.8.36 +development version has been released. + + + + + +nginx-0.8.35 +development version has been released. + + + + + +nginx-0.8.34 +development version has been released. + + + + + +A +Royal Pingdom article about nginx. + + + + + +nginx-0.8.33 +development version and +nginx-0.7.65 +stable version have been released. + + + + + +Three new articles written by Igor Sysoev: +“”, +“”, and +“”. + + + + + +nginx-0.8.32 +development version has been released. + + + + + +nginx-0.8.31 +development version has been released. + + + + + +nginx-0.8.30 +development version has been released. + + + + + +The new nginx.org site was launched. +Your attention is invited to +three introductory articles +written by Igor Sysoev and edited by Brian Mercer. + + + + diff -r 000000000000 -r 61e04fc01027 xml/ja/GNUmakefile --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/xml/ja/GNUmakefile Thu Aug 11 12:19:13 2011 +0000 @@ -0,0 +1,48 @@ + +DOCS_JA = ja/docs/introduction \ + ja/docs/howto \ + ja/docs/faq \ + +DOCS_JA_XML = $(foreach name, $(DOCS_JA), xml/$(name).xml) +DOCS_JA_HTML = $(foreach name, $(DOCS_JA), $(OUT)/$(name).html) + +INTRO_JA = ja/docs/http/request_processing \ + ja/docs/http/configuring_https_servers \ + ja/docs/http/server_names \ + +INTRO_JA_XML = $(foreach name, $(INTRO_JA), xml/$(name).xml) +INTRO_JA_HTML = $(foreach name, $(INTRO_JA), $(OUT)/$(name).html) + +HOWTO_JA = ja/docs/debugging_log \ + ja/docs/http/converting_rewrite_rules \ + +HOWTO_JA_XML = $(foreach name, $(HOWTO_JA), xml/$(name).xml) +HOWTO_JA_HTML = $(foreach name, $(HOWTO_JA), $(OUT)/$(name).html) + +FAQ_JA = ja/docs/sys_errlist \ + +FAQ_JA_XML = $(foreach name, $(FAQ_JA), xml/$(name).xml) +FAQ_JA_HTML = $(foreach name, $(FAQ_JA), $(OUT)/$(name).html) + +ja: \ + $(OUT)/ja/index.html \ + $(OUT)/ja/docs/index.html \ + $(DOCS_JA_HTML) \ + $(INTRO_JA_HTML) \ + $(HOWTO_JA_HTML) \ + $(FAQ_JA_HTML) \ + +$(OUT)/ja/docs/introduction.html: xml/ja/docs/introduction.xml \ + $(ARTICLE_XSLT) \ + $(INTRO_JA_XML) + $(call XSLT, xslt/article.xslt, $<, $@) + +$(OUT)/ja/docs/howto.html: xml/ja/docs/howto.xml \ + $(ARTICLE_XSLT) \ + $(HOWTO_JA_XML) + $(call XSLT, xslt/article.xslt, $<, $@) + +$(OUT)/ja/docs/faq.html: xml/ja/docs/faq.xml \ + $(ARTICLE_XSLT) \ + $(FAQ_JA_XML) + $(call XSLT, xslt/article.xslt, $<, $@) diff -r 000000000000 -r 61e04fc01027 xml/ja/docs/debugging_log.xml --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/xml/ja/docs/debugging_log.xml Thu Aug 11 12:19:13 2011 +0000 @@ -0,0 +1,61 @@ + + +
+ +
+ + +デバッギングログを有効にするには、nginx をデバッグオプションを付けて設定する必要があります: + + +./configure --with-debug ... + + +次に error_logdebug レベルをセットします: + + +error_log /path/to/log debug; + + +nginx の Windows バイナリバージョンでは常にデバッグログモードがサポートされてビルドされているので、debug レベルをセットするだけです。 + + + +別のレベル、例えば server レベルでログを定義するとそのサーバでのデバッギングログが無効になりますので注意してください: + +error_log /path/to/log debug; + +http { + server { + error_log /path/to/log; + ... + +このサーバログをコメントアウトするか debug フラグを追加してください: + +error_log /path/to/log debug; + +http { + server { + error_log /path/to/log debug; + ... + + + + +また、特定のアドレスだけデバッギングログを有効にすることもできます: + + +error_log /path/to/log; + +events { + debug_connection 192.168.1.1; + debug_connection 192.168.10.0/24; +} + + + +
+ +
diff -r 000000000000 -r 61e04fc01027 xml/ja/docs/faq.xml --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/xml/ja/docs/faq.xml Thu Aug 11 12:19:13 2011 +0000 @@ -0,0 +1,21 @@ + + +
+ +
+ + + + + + + + + + + +
+ +
diff -r 000000000000 -r 61e04fc01027 xml/ja/docs/howto.xml --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/xml/ja/docs/howto.xml Thu Aug 11 12:19:13 2011 +0000 @@ -0,0 +1,25 @@ + + +
+ +
+ + + + + + + + + + + + + + + +
+ +
diff -r 000000000000 -r 61e04fc01027 xml/ja/docs/http/configuring_https_servers.xml --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/xml/ja/docs/http/configuring_https_servers.xml Thu Aug 11 12:19:13 2011 +0000 @@ -0,0 +1,373 @@ + + +
+ +
+ + +HTTPS サーバを設定するには server ブロックで SSL プロトコルを有効にして、サーバ証明書ファイルと秘密鍵ファイルの場所を指定する必要があります: + + +server { + listen 443; + server_name www.nginx.com; + ssl on; + ssl_certificate www.nginx.com.crt; + ssl_certificate_key www.nginx.com.key; + ssl_protocols SSLv3 TLSv1; + ssl_ciphers HIGH:!ADH:!MD5; + ... +} + + +サーバ証明書とはドメインの所有者情報や、送信情報の暗号化に必要な公開鍵を含む電子証明書です。そのサーバに接続するすべてのクライアントに送られます。秘密鍵はサーバ証明書に含まれる公開鍵で暗号化された情報を復号するために必要な鍵で、秘匿する必要が有ります。アクセスを制限したファイルに保存するようにしてください。ただし、nginx のマスタープロセスからは読めるようにする必要があります。もうひとつの方法として、秘密鍵は証明書と同じファイルに保存することもできます: + + + ssl_certificate www.nginx.com.cert; + ssl_certificate_key www.nginx.com.cert; + + +この場合もファイルのアクセス権は制限するようにします。証明書と秘密鍵がひとつのファイルに保存されていても、証明書だけがクライアントに送られます。 + + + +SSL プロトコルの強力なバージョンと暗号に接続を制限するには、ディレクティブ ssl_protocolsssl_ciphers を使用します。バージョン 0.8.20 以降、nginx は ssl_protocols SSLv3 TLSv1ssl_ciphers HIGH:!ADH:!MD5 をデフォルトとして使用しているので、これより古い nginx のバージョンでのみ設定してください。 + + +
+ + +
+ + +SSL の工程は CPU リソースを余計に消費します。マルチプロセッサシステムでは(利用できる CPU コアの数よりも大きい数の)複数のワーカープロセスを走らせるといいでしょう。最も CPU に負荷がかかる工程は SSL ハンドシェイクです。クライアント毎のこの工程数を最小化するには2つの方法があります。最初の方法はキープアライブ接続を有効にして、ひとつの接続経由で複数のリクエストを送るようにする方法です。二つ目の方法は SSL セッションパラメータを再利用して、並行かつ順次接続のための SSL ハンドシェイクを避ける方法です。セッションはワーカー間で共有される SSL セッションキャッシュに保持され、ssl_session_cache ディレクティブで設定されています。1メガバイトのキャッシュには約4000のセッションが含まれます。キャッシュのデフォルトタイムアウトは5分です。この値は ssl_session_timeout ディレクティブを使用して増やすことができます。次の例は10Mの共有セッションキャッシュをもったクアッドコアシステムに最適化された設定例です: + + + +worker_processes 4; + +http { + ssl_session_cache shared:SSL:10m; + ssl_session_timeout 10m; + + server { + listen 443; + server_name www.nginx.com; + keepalive_timeout 70; + + ssl on; + ssl_certificate www.nginx.com.crt; + ssl_certificate_key www.nginx.com.key; + ssl_protocols SSLv3 TLSv1; + ssl_ciphers HIGH:!ADH:!MD5; + ... + + + +
+ + +
+ + +ブラウザによっては有名な認証局によって署名された証明書にエラーをだすことがあります。その一方でその証明書を他のブラウザでは問題なく受け入れることもあります。これは発行している認証局が、有名で信用されている認証局の認証基盤には含まれない特定のブラウザで配布されている中間証明書を使ったサーバ証明書に署名しているからです。このケースでは、認証局は署名されたサーバ証明書に連結されているはずの連鎖証明書のバンドルを提供しています。サーバ証明書は、かならず結合されたファイル内の連鎖証明書に存在している必要があります: + + +$ cat www.nginx.com.crt bundle.crt > www.nginx.com.chained.crt + + +この結合されたファイルを ssl_certificate ディレクティブで使われるようにします: + + +server { + listen 443; + server_name www.nginx.com; + ssl on; + ssl_certificate www.nginx.com.chained.crt; + ssl_certificate_key www.nginx.com.key; + ... +} + + +サーバ証明書とバンドルされたものが間違った順序で連結されていた場合、nginx は起動に失敗して次のエラーメッセージを表示します: + + +SSL_CTX_use_PrivateKey_file(" ... /www.nginx.com.key") failed + (SSL: error:0B080074:x509 certificate routines: + X509_check_private_key:key values mismatch) + + +これは、nginx がサーバ証明書ではなくバンドルされた最初の証明書で秘密鍵を使おうとするからです。 + + + +ブラウザは通常、信頼されている認証局によって署名されている受信した中間証明書を保存します。したがって、よく使われているブラウザは要求された中間証明書をすでに保持しているかもしれませんし、連鎖バンドルなしで送られた証明書にエラーを出すかもしれません。サーバに完全な連鎖証明書を送信させるには openssl コマンドラインユーティリティを使うといいでしょう。例えば: + + +$ openssl s_client -connect www.godaddy.com:443 +... +Certificate chain + 0 s:/C=US/ST=Arizona/L=Scottsdale/1.3.6.1.4.1.311.60.2.1.3=US + /1.3.6.1.4.1.311.60.2.1.2=AZ/O=GoDaddy.com, Inc + /OU=MIS Department/CN=www.GoDaddy.com + /serialNumber=0796928-7/2.5.4.15=V1.0, Clause 5.(b) + i:/C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc. + /OU=http://certificates.godaddy.com/repository + /CN=Go Daddy Secure Certification Authority + /serialNumber=07969287 + 1 s:/C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc. + /OU=http://certificates.godaddy.com/repository + /CN=Go Daddy Secure Certification Authority + /serialNumber=07969287 + i:/C=US/O=The Go Daddy Group, Inc. + /OU=Go Daddy Class 2 Certification Authority + 2 s:/C=US/O=The Go Daddy Group, Inc. + /OU=Go Daddy Class 2 Certification Authority + i:/L=ValiCert Validation Network/O=ValiCert, Inc. + /OU=ValiCert Class 2 Policy Validation Authority + /CN=http://www.valicert.com//emailAddress=info@valicert.com +... + + +この例では、www.GoDaddy.com サーバ証明書 #0 の対象 (“s”) はそれ自身が証明書 #1 の対象である発行者 (“i”) によって署名されています。そして、証明書 #1はそれ自身が証明書 #2 の対象である発行者によって署名され、証明書 #2 は有名な発行者である ValiCert, Inc. によって署名されていて、ValiCert, Inc. の証明書はブラウザに組み込まれている証明書ベースに保持されています(こうして連鎖します)。 + + + +もし証明書バンドルを追加していなければ、サーバ証明書 #0 しか見れません。 + + +
+ + +
+ + +最初の段階から HTTP と HTTPS プロトコル用にサーバを分けて設定するのは優れた実践です。現時点では両者の機能性としては等しいかもしれませんが、将来的に大きな変更があるかもしれず、統合されたサーバの使用が問題になるかもしれません。とはいえ、HTTP と HTTPS のサーバが等しく、将来のことを考えたくないのなら、ディレクティブ ssl on を削除して *:443 ポートに ssl パラメータを追加することによって HTTP と HTTPS リクエストの両者を扱う単一のサーバを設定することができます: + + +server { + listen 80; + listen 443 ssl; + server_name www.nginx.com; + ssl_certificate www.nginx.com.crt; + ssl_certificate_key www.nginx.com.key; + ... +} + + + +0.8.21 以前では、nginx は default パラメータで待ち受けているソケットに ssl パラメータをセットすることしかできませんでした: + +listen 443 default ssl; + + + + +
+ + +
+ + +単一の IP アドレスを2つ以上の HTTPS サーバで待ち受けるように設定するとよく発生する問題があります: + + +server { + listen 443; + server_name www.nginx.com; + ssl on; + ssl_certificate www.nginx.com.crt; + ... +} + +server { + listen 443; + server_name www.nginx.org; + ssl on; + ssl_certificate www.nginx.org.crt; + ... +} + + +この設定では、ブラウザはリクエストされたサーバ名に関わらずデフォルトサーバ、すなわちここでは www.nginx.com の証明書を受信します。これは SSL プロトコルの作用によるものです。この SSL 接続はブラウザが HTTP リクエストを送る前に確立されるので、nginx にはリクエストされたサーバ名は分かりません。したがって、デフォルトサーバの証明書を送ることしかできません。 + + + +この問題を解決するもっとも古くてもっとも堅実な方法は、各 HTTPS サーバに別個の IP アドレスを割り当てることです: + + +server { + listen 192.168.1.1:443; + server_name www.nginx.com; + ssl on; + ssl_certificate www.nginx.com.crt; + ... +} + +server { + listen 192.168.1.2:443; + server_name www.nginx.org; + ssl on; + ssl_certificate www.nginx.org.crt; + ... +} + + + +
+ + +
+ + +単一の IP アドレスを複数の HTTPS サーバ間で共有する方法は他にもありますが、どれも欠点があります。ひとつは、SubjectAltName フィールドに複数サーバ名(例えば、www.nginx.comwww.nginx.org)をもつ単一の証明書を使用する方法です。しかし、SubjectAltName の長さには制限があります。 + + + +もうひとつの方法は、例えば *.nginx.org のようにワイルドカード名を持った証明書を使用する方法です。この証明書は www.nginx.org にマッチしますが nginx.orgwww.sub.nginx.org にはマッチしません。以上の二つの方法は組み合わせることもできます。証明書には、例えば nginx.org*.nginx.org のように SubjectAltName フィールドに完全一致名とワイルドカード名を含ませることができます。 + + + +すべてのサーバでひとつのメモリーコピーを継承するためには、複数サーバ名を持つ証明書ファイルとその秘密鍵ファイルを設定の http レベルに置くとよいでしょう: + + +ssl_certificate common.crt; +ssl_certificate_key common.key; + +server { + listen 443; + server_name www.nginx.com; + ssl on; + ... +} + +server { + listen 443; + server_name www.nginx.org; + ssl on; + ... +} + + + +
+ + +
+ + +単一の IP アドレス上で複数の HTTPS サーバを動かすときのさらに包括的な解決方法として TLSv1.1 Server Name Indication extension(サーバ名指示拡張) (SNI, RFC3546) があります。これは、ブラウザが SSL ハンドシェイクの間にリクエストされたサーバ名を渡せるようにするもので、それによりサーバはその接続でどの証明書を使用するべきかが分かります。しかし、SNI は限られたブラウザしかサポートしていません。現時点では次のブラウザのバージョン以降のものがサポートされています: + + + + + +Opera 8.0 + + + +MSIE 7.0 (Windows Vista 以降のみ) + + + +Firefox 2.0 および Mozilla Platform rv:1.8.1 を使用している他のブラウザ + + + +Safari 3.2.1 (Windows バージョンでは Vista 以降) + + + +Chrome (Windows バージョンでは Vista 以降) + + + + + +nginx で SNI を使用するためには、nginx バイナリがビルドされたときの OpenSSL ライブラリとランタイムで動的にリンクされるライブラリの両方でサポートされていることが必要です。OpenSSL は設定オプション “--enable-tlsext”. でビルドされていれば、バージョン 0.9.8f 以降で SNI をサポートしています。OpenSSL 0.9.8j 以降ではこのオプションはデフォルトで有効になっています。nginx が SNI サポート付きでビルドされていれば、“-V” スイッチとともに起動すると nginx が次のように表示します: + + +$ nginx -V +... +TLS SNI support enabled +... + + +しかし、SNI が有効になっている nginx が SNI サポート無しの OpenSSL ライブラリに動的にリンクされている場合、nginx は次の警告を表示します: + + +nginx was built with SNI support, however, now it is linked +dynamically to an OpenSSL library which has no tlsext support, +therefore SNI is not available + + + +
+ + +
+ + + + + +“-V” スイッチでの SNI サポートステータス表示は 0.8.21 以降と 0.7.62 でサポートされています。 + + + +listen ディレクティブの ssl パラメータは 0.7.14 以降からサポートされています。 + + + +SNI は 0.5.32 以降からサポートされています。 + + + +共有 SSL セッションキャッシュは 0.5.6 以降からサポートされています。 + + + + + + + + + +バージョン 0.7.65 と 0.8.19 以降のデフォルトの SSL プロトコルは SSLv3 と TLSv1 です。 + + + +バージョン 0.7.64 と 0.8.18 以前のデフォルトの SSL プロトコルは SSLv2、SSLv3、TLSv1 です。 + + + + + + + + + +バージョン 0.7.65 と 0.8.20 以降のデフォルトの SSL 暗号は HIGH:!ADH:!MD5 です。 + + + +バージョン 0.8.19 のデフォルトの SSL 暗号は ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM です。 + + + +バージョン 0.7.64 と 0.8.18 以前のデフォルトの SSL 暗号は ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP です。 + + + + + + +
+ + +
diff -r 000000000000 -r 61e04fc01027 xml/ja/docs/http/converting_rewrite_rules.xml --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/xml/ja/docs/http/converting_rewrite_rules.xml Thu Aug 11 12:19:13 2011 +0000 @@ -0,0 +1,128 @@ + + +
+ +
+ + +共有のホスティングで Apache の .htaccess ファイルのみすべてを設定してきたのなら、次のようにルールをコンバートします: + + +RewriteCond %{HTTP_HOST} nginx.org +RewriteRule (.*) http://www.nginx.org$1 + + +上記は下記のようになります: + + +server { + listen 80; + server_name www.nginx.org nginx.org; + if ($http_host = nginx.org) { + rewrite (.*) http://www.nginx.org$1; + } + ... +} + + + + +これは間違っていて面倒で非効率的な方法です。正しい方法は nginx.org 用に別のサーバを定義します: + + +server { + listen 80; + server_name nginx.org; + rewrite ^ http://www.nginx.org$request_uri?; +} + +server { + listen 80; + server_name www.nginx.org; + ... +} + + + +
+ + +
+ + +別の例として、nginx.com 以外と www.nginx.com 以外のすべて、という後方ロジックの代わりの例です: + + +RewriteCond %{HTTP_HOST} !nginx.com +RewriteCond %{HTTP_HOST} !www.nginx.com +RewriteRule (.*) http://www.nginx.com$1 + + +この場合、単に nginx.comwww.nginx.com、そしてそれ以外を定義します: + + + +server { + listen 80; + server_name nginx.org www.nginx.org; + ... +} + +server { + listen 80 default_server; + server_name _; + rewrite ^ http://nginx.org$request_uri?; +} + + + +
+ + +
+ + +典型的な Mongrel のルール: + + +DocumentRoot /var/www/myapp.com/current/public + +RewriteCond %{DOCUMENT_ROOT}/system/maintenance.html -f +RewriteCond %{SCRIPT_FILENAME} !maintenance.html +RewriteRule ^.*$ %{DOCUMENT_ROOT}/system/maintenance.html [L] + +RewriteCond %{REQUEST_FILENAME} -f +RewriteRule ^(.*)$ $1 [QSA,L] + +RewriteCond %{REQUEST_FILENAME}/index.html -f +RewriteRule ^(.*)$ $1/index.html [QSA,L] + +RewriteCond %{REQUEST_FILENAME}.html -f +RewriteRule ^(.*)$ $1/index.html [QSA,L] + +RewriteRule ^/(.*)$ balancer://mongrel_cluster%{REQUEST_URI} [P,QSA,L] + + +上記は次のようにコンバートされます + + +location / { + root /var/www/myapp.com/current/public; + + try_files /system/maintenance.html + $uri $uri/index.html $uri.html + @mongrel; +} + +location @mongrel { + proxy_pass http://mongrel; +} + + + +
+ +
diff -r 000000000000 -r 61e04fc01027 xml/ja/docs/http/request_processing.xml --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/xml/ja/docs/http/request_processing.xml Thu Aug 11 12:19:13 2011 +0000 @@ -0,0 +1,217 @@ + + +
+ +
+ + +nginx はまず最初にどのサーバがそのリクエストを処理すべきなのかを決定します。手はじめに、3つすべての仮想サーバが port *:80 で待ち受けている単純な設定から見てみましょう: + + +server { + listen 80; + server_name nginx.org www.nginx.org; + ... +} + +server { + listen 80; + server_name nginx.net www.nginx.net; + ... +} + +server { + listen 80; + server_name nginx.com www.nginx.com; + ... +} + + + + +この設定では nginx は、(ブラウザからの)HTTP リクエストの “Host” ヘッダだけを考査して、そのリクエストをどのサーバに振り向けるべきかを決定します。もし “Host” ヘッダがどのサーバ名ともマッチしない場合、またはリクエストにこのフィールドがまったく含まれていない場合は、nginxはこのリクエストをデフォルトサーバに振り向けます。上記の設定ではデフォルトサーバは最初のもので、これは nginx の標準的なデフォルトの挙動です。設定内の最初のサーバをデフォルトサーバにしたくない場合は、listen ディレクティブに default_server パラメータを使って明示的に設定することができます: + + +server { + listen 80 default_server; + server_name nginx.net www.nginx.net; + ... +} + + + +この default_server パラメータはバージョン 0.8.21 以上で利用できます。それ以前のバージョンでは代わりに default パラメータを使用してください。 + + +このデフォルトサーバは listen ディレクティブのプロパティで、server_name ディレクティブのプロパティではないことに注意してください。詳細は後述します。 + + +
+ + +
+ + +“Host” ヘッダが未定義のリクエストを処理させたくない場合は、リクエストを単にドロップさせるデフォルトサーバを設定できます: + + +server { + listen 80 default_server; + server_name _; + return 444; +} + + +ここでは存在しないドメイン名 “_” をサーバ名として選択し、接続を閉じる nginx の特別な標準外コード 444 を返します。このサーバ用にサーバ名を設定しなければならないことに注意してください。さもなければ nginx はホスト名を使用します。 + + +
+ + +
+ + +異なるアドレスで待ち受けている仮想サーバのより複雑な設定をみてみましょう: + + +server { + listen 192.168.1.1:80; + server_name nginx.org www.nginx.org; + ... +} + +server { + listen 192.168.1.1:80; + server_name nginx.net www.nginx.net; + ... +} + +server { + listen 192.168.1.2:80; + server_name nginx.com www.nginx.com; + ... +} + + +この設定では、nginx はまず最初に server ブロックの listen ディレクティブに対してリクエストの IP アドレスとポートを考査します。次に、その IP アドレスとポートにマッチする server ブロックの server_name ディレクティブに対して、その HTTP リクエストの “Host” ヘッダを考査します。 + +もしサーバ名が見つからなければ、そのリクエストはデフォルトサーバによって処理されます。例えば、192.168.1.1:80 ポートで受信された www.nginx.com へのリクエストは 192.168.1.1:80 ポートのデフォルトサーバ、つまり最初のサーバで処理されます。これはこのポートでは www.nginx.com は定義されていないからです。 + + + +すでに述べたように、デフォルトサーバは listen ディレクティブのプロパティで、別の listen ディレクティブには別のデフォルトサーバが定義されています: + + +server { + listen 192.168.1.1:80; + server_name nginx.org www.nginx.org; + ... +} + +server { + listen 192.168.1.1:80 default_server; + server_name nginx.net www.nginx.net; + ... +} + +server { + listen 192.168.1.2:80 default_server; + server_name nginx.com www.nginx.com; + ... +} + + + +
+ + +
+ + +では、典型的で単純な PHP サイトで nginx がどのようにロケーション(location)を選択してリクエストを処理するのかを見てみましょう: + + +server { + listen 80; + server_name nginx.org www.nginx.org; + root /data/www; + + location / { + index index.html index.php; + } + + location ~* \.(gif|jpg|png)$ { + expires 30d; + } + + location ~ \.php$ { + fastcgi_pass localhost:9000; + fastcgi_param SCRIPT_FILENAME + $document_root$fastcgi_script_name; + include fastcgi_params; + } +} + + + + +nginx はまず最初に、リストの順序には関係なくリテラルな文字列によって指定されているもっとも限定されたロケーションを検索します。上記の設定では唯一のリテラルなロケーションは / であり、したがってどのリクエストでもマッチして最終的にこのロケーションが使われます。次に nginx は、設定ファイルにリストされている順番で正規表現によって指定されているロケーションをチェックします。最初にマッチした正規表現で検索はストップし、 nginx そのロケーションを使用します。もしどの正規表現もリクエストにマッチしない場合は、nginx はその前に見つかったもっとも限定されたリテラルなロケーションを使用します。 + + + +すべてのタイプのロケーションはクエリー部分を除いたリクエスト URI 部分のみを考査することに注意してください。これはクエリー文字列の引数がいろいろな方法で渡されることがあるためです。例えば: + + +/index.php?user=john&page=1 +/index.php?page=1&user=john + + +さらに、クエリー文字列ではどのようなリクエストでも可能だからです: + + +/index.php?page=1&something+else&user=john + + + + +では、上記の設定ではどのようにリクエストが処理されるのかを見てみましょう: + + + + + +リクエスト /logo.gif はリテラルなロケーション / に最初にマッチし、次に正規表現 \.(gif|jpg|png)$ にマッチするので、後者のロケーションによって処理されます。 このリクエストは root /data/www ディレクティブを使用してファイル /data/www/logo.gif にマップされ、このファイルがクライアントに送られます。 + + + + + +リクエスト /index.php もまたリテラルなロケーション / に最初にマッチし、次に正規表現 \.(php)$ にマッチします。したがって、このリクエストは後者のロケーションによって処理され、localhost:9000 で待ち受けている FastCGI サーバに渡されます。fastcgi_param ディレクティブは FastCGI のパラメータ SCRIPT_FILENAME を /data/www/index.php にセットし、この FastCGI サーバがこのファイルを実行します。変数 $document_root は root ディレクティブの値と同等で、変数 $fastcgi_script_name はリクエスト URI、例えば /index.php と同等です。 + + + + + +リクエスト /about.html はリテラルなロケーション / のみにマッチします。したがってこのロケーションで処理されます。このリクエストは root ディレクティブのパラメータ /data/www を使い、ファイル /data/www/about.html にマップされ、クライアントに送られます。 + + + + + +リクエスト / の処理はより複雑です。これはリテラルなロケーション / のみにマッチし、このロケーションで処理されます。ついで index ディレクティブがパラメータと root ディレクティブのパラメータ /data/www にしたがって index ファイルが存在するかどうかを考査します。もし /data/www/index.php ファイル存在すればこのディレクティブは /index.php への内部リダイレクトを実行し、nginx はまるでこのリクエストがクライアントに送られたかのようにこのロケーションを再び検索します。先に見たように、リダイレクトされたリクエストは最終的に FastCGI サーバで処理されます。 + + + + + + +
+ +
diff -r 000000000000 -r 61e04fc01027 xml/ja/docs/http/server_names.xml --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/xml/ja/docs/http/server_names.xml Thu Aug 11 12:19:13 2011 +0000 @@ -0,0 +1,350 @@ + + +
+ +
+ + +サーバ名は server_name ディレクティブを使用して定義され、リクエストに対してどのサーバブロックが使われるかを決定します。「」もお読みください。これらは完全一致名、ワイルドカード名、正規表現で定義されます: + + +server { + listen 80; + server_name nginx.org www.nginx.org; + ... +} + +server { + listen 80; + server_name *.nginx.org; + ... +} + +server { + listen 80; + server_name mail.*; + ... +} + +server { + listen 80; + server_name ~^(?<user>.+)\.nginx\.net$; + ... +} + + +サーバ名は次の順序で考査されます: + + + + +完全一致名 + + + +アスタリスクで始まるワイルドカード名: *.nginx.org + + + +アスタリスクで終わるワイルドカード名: mail.* + + + +設定ファイル内の順序での正規表現 + + + +最初にマッチしたところで検索は終了します。. + + +
+ + +
+ + +ワイルドカード名にはそのサーバ名の最初か最後のみ、そしてドットに隣接したところのみにアスタリスクが含まれます。サーバ名 www.*.nginx.orgw*.nginx.org は無効です。しかし、これらのサーバ名は正規表現を使用して、例えば ~^www\..+\.nginx\.org$~^w.*\.nginx\.org$ として指定することができます。アスタリスクは複数部分にマッチさせることができます。*.nginx.orgwww.nginx.org だけでなく www.sub.nginx.org にもマッチします。 + + + +特別なワイルドカードの形式 .nginx.org は、完全一致名 nginx.org とワイルドカード名 *.nginx.org の両方にマッチさせるように利用できます。 + + +
+ + +
+ + +nginx で使用される正規表現は Perl プログラミング言語(PCRE)で使用されているものと互換性があります。正規表現を使用するには、サーバ名を必ずチルダで始めます: + + +server_name ~^www\d+\.nginx\.net$; + + +チルダで始まっていないと完全一致名として、またはその正規表現にアスタリスクが含まれている場合はワイルドカード名として(そしてたいていの場合は無効なものとして)扱われてしまいます。“^” と “$” アンカーをセットし忘れないようにしてください。これらは構文的には必須ではありませんが論理的に必須です。また、ドメイン名のドットはバックスラッシュで必ずエスケープしてください。“{” と “}” 文字を含む正規表現は必ずダブルクォーテーションで囲ってください: + + +server_name "~^(?<name>\w\d{1,3}+)\.nginx\.net$"; + + +さもないと、nginx は起動に失敗し次のエラーメッセージを表示します: + + +directive "server_name" is not terminated by ";" in ... + + +正規表現の名前付きキャプチャは変数としてその後で使用されます: + + +server { + server_name ~^(www\.)?(?<domain>.+)$; + + location / { + root /sites/$domain; + } +} + + +PCRE ライブラリは次の構文を使用した名前付きキャプチャをサポートしています: + + + + + + + + + + + + + + + + + + +
?<name>Perl 5.10 互換構文、PCRE-7.0 よりサポート
?'name'Perl 5.10 互換構文、PCRE-7.0 よりサポート
?P<name>Python 互換構文、PCRE-4.0よりサポート
+ +nginx が起動に失敗すると次のエラーメッセージを表示します: + + +pcre_compile() failed: unrecognized character after (?< in ... + + +これは PCRE ライブラリが古いので ?P<name> 構文を試すように、という意味です。このキャプチャは数字形式でも使用できます: + + +server { + server_name ~^(www\.)?(.+)$; + + location / { + root /sites/$2; + } +} + + +とはいえ、数字形式は簡単に上書きすることができるため、このような使用法は(上記のような)単純なケースに限るべきです。 + + + +
+ + +
+ + +デフォルトではないサーバブロックで “Host” ヘッダ無しのリクエストを処理させたい場合は、空のサーバ名を指定します: + + +server { + listen 80; + server_name nginx.org www.nginx.org ""; + ... +} + + + + +server_name がサーバブロックで定義されていない場合は、nginx はサーバ名として空の名前を使用します。 + + + + +nginx のバージョン 0.8.48 までは、このような場合はサーバ名としてホスト名を使用していました。 + + + +サーバ名ではなく IP アドレスを使用したリクエストが送られてきた場合、そのリクエストの “Host” ヘッダには IP アドレスが含まれているので、その IP アドレスをサーバ名として利用してそのリクエストを処理できます: + + +server { + listen 80; + server_name nginx.org + www.nginx.org + "" + 192.168.1.1 + ; + ... +} + + + + +すべてのサーバに適合させる例では奇妙なサーバ名 “_” が使われます: + + +server { + listen 80 default_server; + server_name _; + return 444; +} + + +このサーバ名に特別なところはありません。単にどのサーバ名とも決してマッチしない無数の無効なドメイン名のひとつです。したがって、 “--”、“!@#” なども同様な結果を得られます。 + + + +nginx バージョン 0.6.25 までは特別なサーバ名 “*” をサポートしていて、これは誤ってすべてのサーバ名と一致するもの(キャッチオール名)として解釈されていました。この特別なサーバ名 “*”はキャッチオールまたはワイルドカードとして機能したことはありませんでした。代わりに、今は server_name_in_redirect ディレクティブによって提供されている機能の役を果たしていました。特別なサーバ名 “*” は今後廃止予定ですので、server_name_in_redirect ディレクティブを使うようにしてください。キャッチオール名を指定したり server_name ディレクティブを使用したデフォルトサーバを指定したりする方法はないことに注意してください。これは listen ディレクティブのプロパティであり、server_name ディレクティブのプロパティではありません。“” も参照してください。 +ポート *:80 と *:8080 で待ち受けているサーバを定義し、ひとつをポート *:8080 のデフォルトサーバへ、もうひとつをポート *:80 のデフォルトサーバへ振り向けることができます。 + + +server { + listen 80; + listen 8080 default_server; + server_name nginx.net; + ... +} + +server { + listen 80 default_server; + listen 8080; + server_name nginx.org; + ... +} + + + + +
+ + +
+ + +完全一致名とワイルドカード名はハッシュで保存されます。このハッシュは待ち受けポートに結び付けられ、各待ち受けポートは、完全一致名のハッシュ、アスタリスクで始まるワイルドカード名のハッシュ、アスタリスクで終わるワイルドカード名のハッシュの3つまでのハッシュを持つことができます。ハッシュのサイズは構成フェーズで最適化されるので、CPU キャッシュのミスは最低でもサーバ名を見つけることができます。最初に完全一致名のハッシュが検索されます。完全一致名のハッシュを使って見つからなければ、次にアスタリスクで始まるワイルドカード名のハッシュが検索されます。さらにまだ見つからなければ、アスタリスクで終わるワイルドカード名のハッシュが検索されます。ワイルドカード名のハッシュの検索は完全一致名のハッシュの検索よりも遅くなります。これはサーバ名の検索がドメイン部分によって検索されるからです。特別なワイルドカード形式の .nginx.org は完全一致名のハッシュではなくワイルドカード名のハッシュで保存されます。正規表現は順番に考査されるので、これがもっとも遅い方式ですし、非スケーラブルでもあります。 + + + +これらの理由から、可能な場合は完全一致名を利用するのがよいでしょう。例えば、もっとも頻繁にリクエストされるサーバ名が nginx.orgwww.nginx.org だとすると、これらを明示的に定義するとより効率的です: + + +server { + listen 80; + server_name nginx.org www.nginx.org *.nginx.org; + ... +} + + +上記は次の単純化された形式を使用するよりも効率的です: + + +server { + listen 80; + server_name .nginx.org; + ... +} + + + + +たくさんの数のサーバ名を定義したり非常に長いサーバ名を定義したりする場合は、http レベルの server_names_hash_max_sizeserver_names_hash_bucket_size ディレクティブを調整する必要があるかもしれません。server_names_hash_bucket_size のデフォルト値は 32、もしくは 64、あるいはお使いの CPU キャッシュラインのサイズによってはその他の値になっているかもしれません。もしデフォルト値が 32 でサーバ名として “too.long.server.name.nginx.org” のような非常に長いサーバ名を定義している場合、nginx は起動に失敗し、次のエラーメッセージを表示させます: + + +could not build the server_names_hash, +you should increase server_names_hash_bucket_size: 32 + + +この場合、このディレクティブの値を次の 2 の累乗にセットします: + + +http { + server_names_hash_bucket_size 64; + ... + + +非常にたくさんの数のサーバ名を定義した場合は次のエラーメッセージが表示されます: + + +could not build the server_names_hash, +you should increase either server_names_hash_max_size: 512 +or server_names_hash_bucket_size: 32 + + +まず最初に server_names_hash_max_size の値を、定義するサーバ名の数に近い数に設定して試します。この設定がうまくいかない時だけ、もしくは nginx の起動時間が許容できないほど長い場合だけ server_names_hash_bucket_size の値を増やしてみます。 + + + +待ち受けているポートがひとつだけでサーバもひとつだけの場合、nginx はサーバ名を考査しません(また、待ち受けポート用のハッシュも生成しません)。しかし一つ例外があります。server_name がキャプチャを伴った正規表現の場合、nginx はキャプチャを取得するためにこの正規表現を実行します。 + + +
+ + +
+ + + + + +0.8.48 以降、デフォルトのサーバ名の値は空の名前 “” です。 + + + +正規表現サーバ名の名前付きキャプチャのサポートは 0.8.25 からです。 + + + +正規表現サーバ名のキャプチャのサポートは 0.7.40 からです。 + + + +空のサーバ名 “” のサポートは 0.7.12 からです。 + + + +ワイルドカードサーバ名と正規表現の最初のサーバ名としての使用は0.6.25 からサポートされています。 + + + +正規表現サーバ名のサポートは 0.6.7 からです。 + + + +ワイルドカードの形式 nginx.* のサポートは 0.6.0 からです。 + + + +特別な形式 .nginx.org のサポートは 0.3.18 からです。 + + + +ワイルドカードの形式 *.nginx.org のサポートは 0.1.13 からです。 + + + + + +
+ +
diff -r 000000000000 -r 61e04fc01027 xml/ja/docs/index.xml --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/xml/ja/docs/index.xml Thu Aug 11 12:19:13 2011 +0000 @@ -0,0 +1,43 @@ + + +
+ +
+ + + + + + + + + + + + + + + + + + + + + +
+ +
diff -r 000000000000 -r 61e04fc01027 xml/ja/docs/introduction.xml --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/xml/ja/docs/introduction.xml Thu Aug 11 12:19:13 2011 +0000 @@ -0,0 +1,29 @@ + + +
+ +
+ + + + + + + + + + + + + + + + + + + +
+ +
diff -r 000000000000 -r 61e04fc01027 xml/ja/docs/sys_errlist.xml --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/xml/ja/docs/sys_errlist.xml Thu Aug 11 12:19:13 2011 +0000 @@ -0,0 +1,27 @@ + + +
+ +
+ + +nginx のバージョン 0.7.66、0.8.35、もしくはそれ以上を Linux でビルド中、次の警告メッセージが出ます: + + +warning: `sys_errlist' is deprecated; + use `strerror' or `strerror_r' instead +warning: `sys_nerr' is deprecated; + use `strerror' or `strerror_r' instead + + +これは正常です。strerror() と strerror_r() 関数が非同期シグナルセーフではないので、nginx はシングルハンドラの中で非推奨の sys_errlist[] と sys_nerr を使う必要があります。 + + +
+ +
diff -r 000000000000 -r 61e04fc01027 xml/ja/index.xml --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/xml/ja/index.xml Thu Aug 11 12:19:13 2011 +0000 @@ -0,0 +1,243 @@ + + +
+ + +
+ + +nginx [えんじんえっくす] は Igor Sysoev によって作られた HTTP とリバースプロキシのサーバで、メールプロキシサーバでもあります。Rambler +(RamblerMedia.com) を含むロシアの多くの高負荷サイトで5年以上も動いています。Netcraft によると、nginx は 2010 年 4 月時点で 4.70% の人気サイトでサーバーとして、もしくはプロキシとして利用されています。成功例としては FastMail.FM や +Wordpress.com があります。 + + + +ソースコードは BSD 風の 2 箇条ライセンスでライセンスされています。 + + +
+ + +
+ + + + + +スタティックなインデックスファイルの提供、自動インデクシング、オープンなファイルディスクリプタキャッシュ + + + +キャッシングで高速化されたリバースプロキシ、シンプルなロードバランシングとフォールトトレランス + + + +リモートの FastCGI サーバのキャッシングによる高速化サポート、シンプルなロードバランシングとフォールトトレランス + + + +モジュールアーキテクチャ。フィルタには gzip、バイトレンジ、チャンク化されたレスポンス、XSLT、SSI、画像リサイズフィルタが含まれます。FastCGI もしくはプロキシ化されたサーバなら、単一ページ内への複数 SSI 封入が並列で処理可能。 + + + +SSL と TLS SNI サポート。 + + + + + +
+ + +
+ + + + + +名前ベースと IP ベースの仮想サーバ + + + +キープアライブとパイプライン接続のサポート + + + +柔軟な設定 + + + +クライアント処理を中断させること無く再構成、オンラインアップグレード + + + +アクセスログフォーマット、バッファされたログ書き込み、素早いログローテーション + + + +3xx-5xx エラーコードのリダイレクト + + + +rewrite モジュール + + + +クライアントの IP アドレスをベースにしたアクセスコントロールと HTTP ベーシック認証 + + + +PUT、DELETE、MKCOL、COPY、MOVE メソッド + + + +FLV ストリーミング + + + +速度制限 + + + +同一アドレスからの同時接続もしくは同時リクエストの制限 + + + +埋め込み perl + + + + + +
+ + +
+ + + + + +外部の HTTP 認証サーバを利用した IMAP/POP3 バックエンドへのユーザリダイレクト + + + +外部の HTTP 認証サーバと内部 SMTP バックエンドへの接続リダイレクトを利用したユーザ認証 + + + +認証メソッド: + + + + +POP3: USER/PASS, APOP, AUTH LOGIN/PLAIN/CRAM-MD5; + + + +IMAP: LOGIN, AUTH LOGIN/PLAIN/CRAM-MD5; + + + +SMTP: AUTH LOGIN/PLAIN/CRAM-MD5; + + + + + + +SSL サポート + + + +STARTTLS と STLS のサポート + + + + + +
+ + +
+ + + + + +一つのマスタープロセスと複数のワーカープロセス。ワーカーは非特権ユーザとして動く + + + +通知メソッド: kqueue (FreeBSD 4.1+)、epoll (Linux 2.6+)、rt シグナルs (Linux 2.2.19+)、/dev/poll (Solaris 7 11/99+)、イベントポート (Solaris 10)、select、poll + + + +EV_CLEAR, EV_DISABLE (イベントを一時的に無効にする)、 NOTE_LOWAT, EV_EOF、利用可能なデータの数、エラーコードを含む様々な kqueue 機能のサポート + + + +sendfile (FreeBSD 3.1+, Linux 2.2+, Mac OS X 10.5)、sendfile64 (Linux 2.4.21+)、sendfilev (Solaris 8 7/01+) のサポート + + + +ファイル AIO (FreeBSD 4.3+, Linux 2.6.22+) + + + +Accept-filters (FreeBSD 4.1+) と TCP_DEFER_ACCEPT (Linux 2.4+) のサポート + + + +1 万の非アクティブな HTTP キープアライブ接続は約 2.5M のメモリーを使用 + + + +データコピーの実施は最小に保たれる + + + + + +
+ + +
+ + + + + +FreeBSD 3 — 8 / i386; FreeBSD 5 — 8 / amd64; + + + +Linux 2.2 — 2.6 / i386; Linux 2.6 / amd64; + + + +Solaris 9 / i386, sun4u; Solaris 10 / i386, amd64, sun4v; + + + +MacOS X / ppc, i386; + + + +Windows XP, Windows Server 2003. + + + + + +
+ + +
diff -r 000000000000 -r 61e04fc01027 xml/menu.xml --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/xml/menu.xml Thu Aug 11 12:19:13 2011 +0000 @@ -0,0 +1,148 @@ + + + + + + + english + עברית + 日本語 + русский + türkçe + + + news + + + + + about + download + + security advisories + documentation + introduction + + howto + faq + wiki + links + books + support + + + + + + + + english + עברית + 日本語 + русский + türkçe + + + חדשות + + + אודות + הורדה + דיווחי אבטחה + תיעוד + הקדמה + איך עושים... + שאלות נפוצות + ויקי + קישורים + תמיכה + + + + + + + english + עברית + 日本語 + русский + türkçe + + + ニュース + + + nginx について + ダウンロード + セキュリティ情報 + ドキュメント + 入門 + ハウツー + faq + リンク + + サポート + + + + + + + english + עברית + 日本語 + русский + türkçe + + + новости + + + об nginx + скачать + безопасность + документация + введение + howto + faq + ссылки + книги + поддержка + + + + + + + english + עברית + 日本語 + русский + türkçe + + + haberler + + + hakkında + indir + + güvenlik tavsiyeleri + dökümantasyon + giriş + kılavuz + sss + wiki + bağlantılar + kitaplar + destek + + + + diff -r 000000000000 -r 61e04fc01027 xml/ru/GNUmakefile --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/xml/ru/GNUmakefile Thu Aug 11 12:19:13 2011 +0000 @@ -0,0 +1,30 @@ + +DOCS_RU = ru/docs/faq \ + +DOCS_RU_XML = $(foreach name, $(DOCS_RU), xml/$(name).xml) +DOCS_RU_HTML = $(foreach name, $(DOCS_RU), $(OUT)/$(name).html) + +FAQ_RU = ru/docs/sys_errlist \ + +FAQ_RU_XML = $(foreach name, $(FAQ_RU), xml/$(name).xml) +FAQ_RU_HTML = $(foreach name, $(FAQ_RU), $(OUT)/$(name).html) + +ru: \ + $(OUT)/ru/index.html \ + $(OUT)/ru/download.html \ + $(OUT)/ru/support.html \ + $(OUT)/ru/docs/index.html \ + $(DOCS_RU_HTML) \ + $(FAQ_RU_HTML) \ + +$(OUT)/ru/download.html: xml/ru/download.xml \ + xml/menu.xml \ + xslt/download.xslt \ + dtd/article.dtd \ + dtd/content.dtd + $(call XSLT, xslt/download.xslt, $<, $@) + +$(OUT)/ru/docs/faq.html: xml/ru/docs/faq.xml \ + $(ARTICLE_XSLT) \ + $(FAQ_RU_XML) + $(call XSLT, xslt/article.xslt, $<, $@) diff -r 000000000000 -r 61e04fc01027 xml/ru/docs/faq.xml --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/xml/ru/docs/faq.xml Thu Aug 11 12:19:13 2011 +0000 @@ -0,0 +1,22 @@ + + +
+ + +
+ + + + + + + + + + + +
+ +
diff -r 000000000000 -r 61e04fc01027 xml/ru/docs/index.xml --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/xml/ru/docs/index.xml Thu Aug 11 12:19:13 2011 +0000 @@ -0,0 +1,48 @@ + + +
+ + +
+ + + + + + + + + + + + + + + +
+ +
diff -r 000000000000 -r 61e04fc01027 xml/ru/docs/sys_errlist.xml --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/xml/ru/docs/sys_errlist.xml Thu Aug 11 12:19:13 2011 +0000 @@ -0,0 +1,32 @@ + + +
+ + +
+ + +При сборке nginx версий 0.7.66, 0.8.35 и выше на Linux +выводится предупреждение: + + +warning: `sys_errlist' is deprecated; + use `strerror' or `strerror_r' instead +warning: `sys_nerr' is deprecated; + use `strerror' or `strerror_r' instead + + +Это нормально: nginx вынужден использовать устаревшие +sys_errlist[] и sys_nerr в обработчиках сигналов, потому +что функции strerror() и strerror_r() не являются Async-Signal-Safe, +и их нельзя использовать в обработчиках сигналов. + + +
+ +
diff -r 000000000000 -r 61e04fc01027 xml/ru/download.xml --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/xml/ru/download.xml Thu Aug 11 12:19:13 2011 +0000 @@ -0,0 +1,127 @@ + + +
+ +
+ + + + + + + +
+ + +
+ + + + + + + + + + + + + + + + + + + + +
+ + +
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ +
diff -r 000000000000 -r 61e04fc01027 xml/ru/index.xml --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/xml/ru/index.xml Thu Aug 11 12:19:13 2011 +0000 @@ -0,0 +1,321 @@ + + +
+ + +
+ + +nginx [engine x]—это HTTP-сервер и обратный прокси-сервер, +а также почтовый прокси-сервер, +написанный Игорем Сысоевым. + +Согласно статистике Netcraft nginx обслуживал или проксировал +4.70% +самых нагруженных сайтов в апереле 2010 года. + + + + +Исходные тексты лицензированы под +2-clause BSD-like license. + + +
+ + +
+ + + + + +Обслуживание статических запросов, +индексных +файлов, +автоматическое +создание списка файлов, +кэш +дескрипторов открытых файлов; + + + +Акселерированное +проксирование с кэшированием, +простое +распределение нагрузки и отказоустойчивость; + + + +Акселерированная +поддержка удалённых FastCGI серверов с кэшированием, +простое +распределение нагрузки и отказоустойчивость; + + + +модульность, фильтры, в том числе +сжатие (gzip), +byte-ranges (докачка), +chunked ответы, +XSLT-фильтр, +SSI-фильтр, +преобразование +изображений; +несколько подзапросов на одной странице, обрабатываемые в SSI-фильтре +через прокси или FastCGI, выполняются параллельно. + + + +поддержка SSL и +расширения TLS SNI; + + + + + +
+ + +
+ + + + + +Виртуальные сервера, +определяемые по ip-адресу и имени; + + + +Поддержка keep-alive +и pipelined соединений; + + + +Гибкость конфигурации + + + +Изменение настроекобновление +исполняемого файла без перерыва в обслуживании клиентов; + + + +Настройка форматов +логов, +быстрая ротация логов; + + + +Специальные +страницы для ошибок 3xx-5xx; + + + +rewrite-модуль: +изменение URI +с помощью регулярных выражений; + + + +Выполнение +разных функций в зависимости от +адреса клиента; + + + +Ограничение доступа в зависимости от +адреса клиентапо паролю +(Basic аутентификация); + + + +Методы PUT, DELETE, +MKCOL, COPY и MOVE; + + + +FLV streaming; + + + +Ограничение +скорости отдачи ответов; + + + +Ограничение +числа одновременных соединений и +запросов; + + + +Встроенный perl; + + + + + +
+ + +
+ + + + + +Перенаправление пользователя на IMAP или POP3-бэкенд с использованием +внешнего HTTP-сервера аутентификации; + + + +Проверка пользователя с помощью внешнего HTTP-сервера аутентификации +и перенаправление соединения на внутренний SMTP-сервер; + + + +Методы аутентификации: + + + + +POP3: USER/PASS, APOP, AUTH LOGIN/PLAIN/CRAM-MD5; + + + +IMAP: LOGIN, AUTH LOGIN/PLAIN/CRAM-MD5; + + + +SMTP: AUTH LOGIN/PLAIN/CRAM-MD5; + + + + + + +поддержка SSL; + + + +поддержка STARTTLS и STLS. + + + + + +
+ + +
+ + + + + +Один главный процесс и несколько рабочих, рабочие процессы работают под +непривилегированным пользователем; + + + +Поддержка +kqueue (FreeBSD 4.1+), +epoll (Linux 2.6+), rt signals (Linux 2.2.19+), +/dev/poll (Solaris 7 11/99+), +event ports (Solaris 10), +select и poll; + + + +Использование возможностей, предоставляемых kqueue, таких как + EV_CLEAR, EV_DISABLE (для временного выключения события), +NOTE_LOWAT, EV_EOF, число доступных данных, коды ошибок; + + + +Поддержка sendfile (FreeBSD 3.1+, Linux 2.2+, Mac OS X 10.5+), +sendfile64 (Linux 2.4.21+) и sendfilev (Solaris 8 7/01+); + + + +Поддержка +файлового +AIO (FreeBSD 4.3+, Linux 2.6.22+); + + + +Поддержка DIRECTIO +(FreeBSD 4.4+, Linux 2.4+, Solaris 2.6+, Mac OS X); + + + +Поддержка +accept-фильтров (FreeBSD 4.1+) и TCP_DEFER_ACCEPT (Linux 2.4+); + + + +На 10 000 неактивных HTTP keep-alive соединений расходуется +около 2.5M памяти; + + + +Минимум операций копирования данных; + + + + + +
+ + +
+ + + + + +FreeBSD 3 — 8 / i386; FreeBSD 5 — 8 / amd64; + + + +Linux 2.2 — 2.6 / i386; Linux 2.6 / amd64; + + + +Solaris 9 / i386, sun4u; Solaris 10 / i386, amd64, sun4v; + + + +MacOS X / ppc, i386; + + + +Windows XP, Windows Server 2003. + + + + + +
+ +
diff -r 000000000000 -r 61e04fc01027 xml/ru/support.xml --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/xml/ru/support.xml Thu Aug 11 12:19:13 2011 +0000 @@ -0,0 +1,58 @@ + + +
+ + +
+ + + + + +nginx.org/mailman, +архив. +Для того, чтобы писать в список, нужно сначала +подписаться. + + + + + + + +
+ + +
+ + + + + +forum.nginx.org, +интегрированный со списками рассылок. +Это не обычный форум, поэтому, когда вы там +“создаёте топик”, этот “топик” +в виде письма уходит в список рассылки, а также +архивируется. +Удалить “топик” или закрыть нельзя. + + + + + +
+ +
diff -r 000000000000 -r 61e04fc01027 xml/tr/GNUmakefile --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/xml/tr/GNUmakefile Thu Aug 11 12:19:13 2011 +0000 @@ -0,0 +1,49 @@ + +DOCS_TR = tr/docs/windows \ + tr/docs/introduction \ + tr/docs/howto \ + tr/docs/faq \ + +DOCS_TR_XML = $(foreach name, $(DOCS_TR), xml/$(name).xml) +DOCS_TR_HTML = $(foreach name, $(DOCS_TR), $(OUT)/$(name).html) + +INTRO_TR = tr/docs/http/request_processing \ + tr/docs/http/configuring_https_servers \ + tr/docs/http/server_names \ + +INTRO_TR_XML = $(foreach name, $(INTRO_TR), xml/$(name).xml) +INTRO_TR_HTML = $(foreach name, $(INTRO_TR), $(OUT)/$(name).html) + +HOWTO_TR = tr/docs/debugging_log \ + tr/docs/http/converting_rewrite_rules \ + +HOWTO_TR_XML = $(foreach name, $(HOWTO_TR), xml/$(name).xml) +HOWTO_TR_HTML = $(foreach name, $(HOWTO_TR), $(OUT)/$(name).html) + +FAQ_TR = tr/docs/sys_errlist \ + +FAQ_TR_XML = $(foreach name, $(FAQ_TR), xml/$(name).xml) +FAQ_TR_HTML = $(foreach name, $(FAQ_TR), $(OUT)/$(name).html) + +tr: \ + $(OUT)/tr/index.html \ + $(OUT)/tr/docs/index.html \ + $(DOCS_TR_HTML) \ + $(INTRO_TR_HTML) \ + $(HOWTO_TR_HTML) \ + $(FAQ_TR_HTML) \ + +$(OUT)/tr/docs/introduction.html: xml/tr/docs/introduction.xml \ + $(ARTICLE_XSLT) \ + $(INTRO_TR_XML) + $(call XSLT, xslt/article.xslt, $<, $@) + +$(OUT)/tr/docs/howto.html: xml/tr/docs/howto.xml \ + $(ARTICLE_XSLT) \ + $(HOWTO_TR_XML) + $(call XSLT, xslt/article.xslt, $<, $@) + +$(OUT)/tr/docs/faq.html: xml/tr/docs/faq.xml \ + $(ARTICLE_XSLT) \ + $(FAQ_TR_XML) + $(call XSLT, xslt/article.xslt, $<, $@) diff -r 000000000000 -r 61e04fc01027 xml/tr/docs/debugging_log.xml --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/xml/tr/docs/debugging_log.xml Thu Aug 11 12:19:13 2011 +0000 @@ -0,0 +1,61 @@ + + +
+ +
+ + +Hata ayıklama kayıt işlemini olanaklı kılmak için, nginxi debug komutu ile yapılandırmalısınız: + + +./configure --with-debug ... + + +ve daha sonra error_log ile debug dizin yolunu belirtin: + + +error_log /path/to/log debug; + + +nginx/Windows binary versiyonu, varsayılan olarak hata ayıklama kayıt desteği ile gelir. Bu yüzden yalnızca debug dizin yolunu belirtmek yeterlidir. + + + +Not: başka düzeyde bulunan tanımlı bir kayıt (örneğin server üzerinde), diğer hata ayıklama kaydını etkisizleştirir: + +error_log /path/to/log debug; + +http { + server { + error_log /path/to/log; + ... + +Ya bu sunucudaki kaydı yorum ifadesi ile kapatmalı ya da debug etiketini (flag) buraya da eklemelisiniz: + +error_log /path/to/log debug; + +http { + server { + error_log /path/to/log debug; + ... + + + + +Hata ayıklama kayıt işlemini belirli adresler için de belirleyebilirsiniz: + + +error_log /path/to/log; + +events { + debug_connection 192.168.1.1; + debug_connection 192.168.10.0/24; +} + + + +
+ +
diff -r 000000000000 -r 61e04fc01027 xml/tr/docs/faq.xml --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/xml/tr/docs/faq.xml Thu Aug 11 12:19:13 2011 +0000 @@ -0,0 +1,21 @@ + + +
+ +
+ + + + + + + + + + + +
+ +
diff -r 000000000000 -r 61e04fc01027 xml/tr/docs/howto.xml --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/xml/tr/docs/howto.xml Thu Aug 11 12:19:13 2011 +0000 @@ -0,0 +1,26 @@ + + +
+ + +
+ + + + + + + + + + + + + + + +
+ +
diff -r 000000000000 -r 61e04fc01027 xml/tr/docs/http/configuring_https_servers.xml --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/xml/tr/docs/http/configuring_https_servers.xml Thu Aug 11 12:19:13 2011 +0000 @@ -0,0 +1,377 @@ + + +
+ +
+ + +Bir HTTPS sunucusunu yapılandırmak için, server bloğu içerisinde SSL’i etkin hale getirmeli ve sunucu sertifikası ve özel anahtar dosyaları belirtmelisiniz: + + +server { + listen 443; + server_name www.nginx.com; + ssl on; + ssl_certificate www.nginx.com.crt; + ssl_certificate_key www.nginx.com.key; + ssl_protocols SSLv3 TLSv1; + ssl_ciphers HIGH:!ADH:!MD5; + ... +} + + +Sunucu sertifikası herkese açık bir birimdir. Sunucuya bağlanan her istemciye gönderilir. Özel anahtar ise gizli bir birimdir ve erişimi engellenmiş bir alanda saklanır. Ancak nginx’in ana işlemi tarafından okunabilir olmalıdır. Özel anahtar, alternatif olarak sertifika ile aynı dosya içerisinde saklanabilir: + + + ssl_certificate www.nginx.com.cert; + ssl_certificate_key www.nginx.com.cert; + + +Bu durumda dosya erişimi kısıtlanmalıdır. Aynı dosyada yer alsalar da istemciye sadece sertifika gönderilir. + + + +ssl_protocols ve ssl_ciphers yönergeleri, güçlü SSL protokol ve şifrelere (cipher) yapılan bağlantılara limit koymak için kullanılır. Versiyon 0.8.20 ile birlikte nginx, ssl_protocols SSLv3 TLSv1 ve ssl_ciphers HIGH:!ADH:!MD5 yönergelerini varsayılan olarak kullanır, bu nedenle sadece daha önceki versiyonlarda yapılandırmaya eklenmelidir. + + +
+ + +
+ + +SSL işlemleri ekstra işlemci (CPU) kaynakları tüketir. Çok-işlemcili sistemlerde birçok işçi işlemler yürütmelisiniz: Mevcut işlemci çekirdek sayısından az olmamalı. En yoğun işlemci-yoğun işlem SSL el sıkışmalarıdır (ÇN: SSL Handshake, kısaca sunucuda bulunan sertifikanın istemci bilgisayar tarafından onaylanması ve tekrar sunucuya bildirilmesi sürecidir). Her bir istemci için mevcut bu işlemlerin sayısını azaltmanın iki yolu vardır: İlki, keep-alive bağlantıları olanaklı kılarak bir çok talebi sadece bir bağlantı ile göndermek ve ikincisi ise SSL oturum parametrelerini tekrar kullanarak paralel ve izleyen (subsequent) bağlantılar için SSL el sıkışmalarından kaçınmaktır. + +Oturumlar, bir ssl_session_cache yönergesi tarafından yapılandırılan ve işçiler arasında paylaştırılmış bir SSL oturum önbelleğinde yer alır. Bir megabyte önbellek yaklaşık 4000 oturum içerir. Varsayılan önbellek zaman aşımı 5 dakikadır. ssl_session_timeout yönergesi ile bu süre arttırılabilir. 10M paylaşımlı oturum önbelleğine sahip bir quad core sistem için örnek yapılandırma: + + +worker_processes 4; + +http { + ssl_session_cache shared:SSL:10m; + ssl_session_timeout 10m; + + server { + listen 443; + server_name www.nginx.com; + keepalive_timeout 70; + + ssl on; + ssl_certificate www.nginx.com.crt; + ssl_certificate_key www.nginx.com.key; + ssl_protocols SSLv3 TLSv1; + ssl_ciphers HIGH:!ADH:!MD5; + ... + + + +
+ + +
+ + +Bazı tarayıcılar popüler bir sertifika otoritesi tarafından imzalanmış sertifikaları sorunsuz kabul ederken, diğerleri sorun çıkarabilir. Bunun nedeni sertifika otoritesinin, sunucu sertifikasını, güvenilir sertifika veri tabanında yer almayan aracı bir sertifikayı kullanarak imzalamış olmasıdır. Bu durumda otorite, imzalanmış sertifikaya art arda bağlanması gereken bir dizi sertifika zinciri sunar. Bir araya geldikleri dosyada ilk önce sunucu sertifikası daha sonra zincirlenmiş sertifikalar yer almalıdır: + + +$ cat www.nginx.com.crt bundle.crt > www.nginx.com.chained.crt + + +Oluşan dosya ssl_certificate yönergesi içinde kullanılmalıdır: + + +server { + listen 443; + server_name www.nginx.com; + ssl on; + ssl_certificate www.nginx.com.chained.crt; + ssl_certificate_key www.nginx.com.key; + ... +} + + +Eğer bu art arda diziliş yanlış yapılmış olursa, nginx başlamayacak ve aşağıdakine benzer bir hata mesajını verecektir: + + +SSL_CTX_use_PrivateKey_file(" ... /www.nginx.com.key") failed + (SSL: error:0B080074:x509 certificate routines: + X509_check_private_key:key values mismatch) + + +Bu durum, nginx’in sunucu sertifikası yerine zincirlenmiş sertifikaların ilkinin özel anahtarını kullanmaya çalışması sonucu oluşur. + + + +Tarayıcılar, güvenilir otoriteler tarafından imzalanmış aracı sertifikaları genellikle depolarlar. Bu nedenle tarayıcı aracı sertifikaları daha önceden depolamış olabileceğinden zincirlenmiş sertifikalara ihtiyaç duymadan sertifika hakkında uyarı vermezler. Diğer taraftan sunucunun sertifika zincir dizisini tam olarak gönderdiğinden emin olmak için openssl komutunu kullanabilirsiniz: + + +$ openssl s_client -connect www.godaddy.com:443 +... +Certificate chain + 0 s:/C=US/ST=Arizona/L=Scottsdale/1.3.6.1.4.1.311.60.2.1.3=US + /1.3.6.1.4.1.311.60.2.1.2=AZ/O=GoDaddy.com, Inc + /OU=MIS Department/CN=www.GoDaddy.com + /serialNumber=0796928-7/2.5.4.15=V1.0, Clause 5.(b) + i:/C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc. + /OU=http://certificates.godaddy.com/repository + /CN=Go Daddy Secure Certification Authority + /serialNumber=07969287 + 1 s:/C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc. + /OU=http://certificates.godaddy.com/repository + /CN=Go Daddy Secure Certification Authority + /serialNumber=07969287 + i:/C=US/O=The Go Daddy Group, Inc. + /OU=Go Daddy Class 2 Certification Authority + 2 s:/C=US/O=The Go Daddy Group, Inc. + /OU=Go Daddy Class 2 Certification Authority + i:/L=ValiCert Validation Network/O=ValiCert, Inc. + /OU=ValiCert Class 2 Policy Validation Authority + /CN=http://www.valicert.com//emailAddress=info@valicert.com +... + + +Bu örnekte www.GoDaddy.com sunucu sertifikasının (server certificate #0) “s” ile belirtilen konusu (subject), “i” ile gösterilen ve aynı zamanda kendisi de sonraki sertifikanın (certificate #1) konusu (subject) olan, sertifikayı veren/yayınlayan (issuer) tarafından imzalanır. Sonraki sertifika (certificate #1) ise bir sonraki sertifika (certificate #2) tarafından imzalanmıştır ve bu son sertifika ValiCert, Inc. tarafından imzalanmıştır. Bu firmanın sertifikası, tarayıcının kurulumuyla gelen sertifika veritabanında bulunur. + + + +Eğer sertifika dizisi eklemediyseniz, yalnızca bir sunucu sertifikası görürsünüz (server certificate #0). + + +
+ + +
+ + +En baştan HTTP ve HTTPS protokollerini ayrı yapılandırmak en iyisidir. Mevcut durumda fonksiyonellikleri aynı gözükmekle birlikte, bu gelecekte önemli bir şekilde değişebilir ve birleştirilmiş bir sunucu problemli olabilir. Ancak, eğer HTTP ve HTTPS sunucuları eşit ise ve geleceği düşünmek istemiyorsanız, ssl on yönergesini silerek ve *:443 portu için ssl parametresi ekleyerek, HTTP ve HTTPS taleplerini tutan yalnızca bir sunucu yapılandırabilirsiniz: + + +server { + listen 80; + listen 443 ssl; + server_name www.nginx.com; + ssl_certificate www.nginx.com.crt; + ssl_certificate_key www.nginx.com.key; + ... +} + + + +Versiyon 0.8.21 öncesi, nginx yalnızca default parametresine sahip listen soketlerinde ssl parametresinin eklenmesine izin veriyordu: + +listen 443 default ssl; + + + + +
+ + +
+ + +Bir IP adresini dinleyen iki veya daha fazla HTTPS sunucusunu yapılandırdığınız zaman genel bir problem ortaya çıkar: + + +server { + listen 443; + server_name www.nginx.com; + ssl on; + ssl_certificate www.nginx.com.crt; + ... +} + +server { + listen 443; + server_name www.nginx.org; + ssl on; + ssl_certificate www.nginx.org.crt; + ... +} + + +Bu yapılandırmada, bir tarayıcı talep edilen sunucuya bakmadan, varsayılan sunucunun sertifikasını alır, örneğin: www.nginx.com. Bu SSL protokolüne özgü bir durumdan kaynaklanır. SSL bağlantısı, tarayıcının HTTP talebi göndermesinden önce kurulur ve nginx talep edilen sunucunun adını bilmez. Bu nedenle yalnızca varsayılan sunucunun sertifikasını önerir. + + + +Bu problemi çözmenin en eski ve sağlam methodu HTTPS sunucularının her birine ayrı IP adresleri atamaktır: + + +server { + listen 192.168.1.1:443; + server_name www.nginx.com; + ssl on; + ssl_certificate www.nginx.com.crt; + ... +} + +server { + listen 192.168.1.2:443; + server_name www.nginx.org; + ssl on; + ssl_certificate www.nginx.org.crt; + ... +} + + + +
+ + +
+ + +Bir tekil IP’yi birçok HTTPS sunucu arasında paylaştırmanın başka yolları da vardır, ancak bunların hepsi dezavantajlara sahiptir. Bunlardan biri, birçok ad içeren bir sertifikanın, SubjectAltName sertifika alanında kullanılmasıdır. Örneğin: www.nginx.com ve www.nginx.org. Ancak SubjectAltName alan uzunluğu sınırlandırılmıştır. + + + +Diğer bir yol ise bir sertifikayı bir wildcard adı ile birlikte kullanmaktır. Örneğin: *.nginx.org. Bu sertifika www.nginx.org ile eşleşir ancak nginx.org ve www.sub.nginx.org ile eşleşmez. Bu iki method birlikte de kullanılabilir. Bir sertifika SubjectAltName alanı içerisinde gerçek ve wildcard adlarını içerebilir. Örneğin: nginx.org ve *.nginx.org. + + + +Tüm sunuculardaki tekil hafıza kopyalarını devralması için, birçok ad içeren bir sertifika dosyası ve onun özel anahtar dosyasını, yapılandırmanın http düzeyinde bulundurmak en iyisidir: + + +ssl_certificate common.crt; +ssl_certificate_key common.key; + +server { + listen 443; + server_name www.nginx.com; + ssl on; + ... +} + +server { + listen 443; + server_name www.nginx.org; + ssl on; + ... +} + + + +
+ + +
+ + +Bir IP adresi üzerinde birçok HTTPS sunucusu yürütebilmenin en genel yollarından biri, bir SSL el sıkışması (handshake) sırasında, tarayıcının talep edilmiş bir sunucu adını iletmesine izin veren ve böylece sunucunun varsayılan bağlantı için hangi sertifikayı kullanacağını bilmesini sağlayan TLSv1.1 Server Name Indication eklentisidir (SNI, RFC3546). Ancak SNI, kısıtlı bir tarayıcı desteğine sahiptir. Mevcut destekleyen tarayıcılar ve versiyonları: + + + + + +Opera 8.0; + + + +MSIE 7.0 (sadece Windows Vista ve üstü); + + + +Firefox 2.0 ve Mozilla Platform rv:1.8.1 platformunu kullanan diğer tarayıcılar; + + + +Safari 3.2.1 (Windows Vista ve üstü); + + + +Chrome (Windows Vista ve üstü). + + + + + +nginx içerisinde SNI kullanabilmek için, hem nginx ile birlikte yüklenen OpenSSL kütüphanesi hem de yürütüm süresi (run time) üzerinde dinamik olarak bağlatılanmış diğer kütüphaneler tarafından desteklenmiş olmalıdır. Versiyon 0.9.8f itibari ile “--enable-tlsext” yapılandırma opsiyonu ile birlikte OpenSSL, SNI desteği sunmaktadır. OpenSSL 0.9.8j itibari ile varsayılan olarak etkindir. Eğer nginx, SNI desteği ile yüklenirse “-V” anahtarını girdiğinizde aşağıdaki çıktı ile karşılaşırsınız: + + +$ nginx -V +... +TLS SNI support enabled +... + + +Ama eğer SNI-etkin nginx, SNI desteği olmadan dinamik olarak OpenSSL’e bağlantılanırsa, aşağıdaki hata ile karşılaşırsınız: + + +nginx was built with SNI support, however, now it is linked +dynamically to an OpenSSL library which has no tlsext support, +therefore SNI is not available + + + +
+ + +
+ + + + + +Versiyon 0.8.21 ve 0.7.62 ile birlikte SNI destek statüsü “-V” anahtarı ile birlikte görüntülenmeye başlandı. + + + +Versiyon 0.7.14 ile birlikte listen yönergesinin ssl parametresi desteklenmeye başlandı. + + + +Versiyon 0.5.32 ile birlikte SNI desteği gelmiştir. + + + +Versiyon 0.5.6 ile birlikte paylaşımlı SSL otorum önbelleği desteği gelmiştir. + + + + + + + + + +Versiyon 0.7.65, 0.8.19 ve sonrası varsayılan SSL protokolleri: SSLv3 ve TLSv1. + + + +Versiyon 0.7.64, 0.8.18 ve öncesi varsayılan SSL protokolleri: SSLv2, SSLv3 ve TLSv1. + + + + + + + + + +Versiyon 0.7.65, 0.8.20 ve sonrası varsayılan SSL şifreleri (cipher): +HIGH:!ADH:!MD5. + + + +Versiyon 0.8.19: varsayılan SSL şifreleri: +ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM. + + + +Versiyon 0.7.64, 0.8.18 ve öncesi varsayılan SSL şifreleri:
+ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP. + + + + + + +
+ + +
diff -r 000000000000 -r 61e04fc01027 xml/tr/docs/http/converting_rewrite_rules.xml --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/xml/tr/docs/http/converting_rewrite_rules.xml Thu Aug 11 12:19:13 2011 +0000 @@ -0,0 +1,127 @@ + + +
+ +
+ + +Paylaşımlı hosting kullananlar genelde her şeyi, sadece Apache’nin .htaccess dosyalarını yapılandırarak kullanırlar. Bu dosyada bulunan kuralların çevirisine örnek olarak: + + +RewriteCond %{HTTP_HOST} nginx.org +RewriteRule (.*) http://www.nginx.org$1 + + +kuralı, nginx içerisinde şu şekilde yapılıyor: + + +server { + listen 80; + server_name www.nginx.org nginx.org; + if ($http_host = nginx.org) { + rewrite (.*) http://www.nginx.org$1; + } + ... +} + + + + +Bu yanlış, kullanışsız ve etkisiz bir yoldur. Doğru olan ayrı bir sunucu tanımlaması yapmaktır: + + +server { + listen 80; + server_name nginx.org; + rewrite ^ http://www.nginx.org$request_uri?; +} + +server { + listen 80; + server_name www.nginx.org; + ... +} + + + +
+ + +
+ + +Diğer bir örnek ile aşağıdaki geri kalmış mantık yerine (nginx.com olmayan her şey ve www.nginx.com olmayan her şey): + + +RewriteCond %{HTTP_HOST} !nginx.com +RewriteCond %{HTTP_HOST} !www.nginx.com +RewriteRule (.*) http://www.nginx.com$1 + + +sadece nginx.com, www.nginx.com ve diğer her şeyi ayrı ayrı tanımlamalısınız: + + +server { + listen 80; + server_name nginx.com www.nginx.com; + ... +} + +server { + listen 80 default_server; + server_name _; + rewrite ^ http://nginx.com$request_uri?; +} + + + +
+ + +
+ + +Tipik Mongrel kuralları: + + +DocumentRoot /var/www/myapp.com/current/public + +RewriteCond %{DOCUMENT_ROOT}/system/maintenance.html -f +RewriteCond %{SCRIPT_FILENAME} !maintenance.html +RewriteRule ^.*$ %{DOCUMENT_ROOT}/system/maintenance.html [L] + +RewriteCond %{REQUEST_FILENAME} -f +RewriteRule ^(.*)$ $1 [QSA,L] + +RewriteCond %{REQUEST_FILENAME}/index.html -f +RewriteRule ^(.*)$ $1/index.html [QSA,L] + +RewriteCond %{REQUEST_FILENAME}.html -f +RewriteRule ^(.*)$ $1/index.html [QSA,L] + +RewriteRule ^/(.*)$ balancer://mongrel_cluster%{REQUEST_URI} [P,QSA,L] + + +şu şekilde dönüştürülmelidir: + + +location / { + root /var/www/myapp.com/current/public; + + try_files /system/maintenance.html + $uri $uri/index.html $uri.html + @mongrel; +} + +location @mongrel { + proxy_pass http://mongrel; +} + + + +
+ +
diff -r 000000000000 -r 61e04fc01027 xml/tr/docs/http/request_processing.xml --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/xml/tr/docs/http/request_processing.xml Thu Aug 11 12:19:13 2011 +0000 @@ -0,0 +1,222 @@ + + +
+ +
+ + +nginx, ilk olarak hangi sunucunun talebi işleyeceğine karar verir. +80 portunu dinleyen 3 sunucunun olduğu bir yapılandırma ile örnek verelim: + + +server { + listen 80; + server_name nginx.org www.nginx.org; + ... +} + +server { + listen 80; + server_name nginx.net www.nginx.net; + ... +} + +server { + listen 80; + server_name nginx.com www.nginx.com; + ... +} + + + + +Bu yapılandırmada, nginx yalnızca talebin header bilgisinde bulunan “Host” datasını kullanarak hangi sunucunun cevap vereceğini belirliyor. +Eğer “Host” datası boş ise veya herhangi bir sunucu adı ile eşleşmez ise nginx talebi varsayılan sunucuya yönlendirir. +Yukarıdaki örnekte varsayılan sunucu ilk server ifadesi kabul edilir. +Eğer ilk server ifadesinin varsayılan olmasını istemiyorsanız, listen yönergesinde default_server parametresini kullanabilirsiniz: + + +server { + listen 80 default_server; + server_name nginx.net www.nginx.net; + ... +} + + + +default_server parametresi, versiyon 0.8.21 ile birlikte kullanılmaya başlanmıştır. +Önceki versiyonlarda default parametresi kullanılmalıdır. + + +Not: Varsayılan sunucu, sunucu adının değil listen portunun bir özelliğidir. Daha sonra bu konuya değinilecek. + + +
+ + +
+ + +Eğer tanımlanmamış “Host” bilgisine sahip talepleri işlemek istemiyorsanız, bu talepleri düşüren bir varsayılan sunucu tanımlayabilirsiniz: + + +server { + listen 80 default_server; + server_name _; + return 444; +} + + +Böylece var olmayan alan adı için “_” ifadesini kullanarak nginx’in standart olmayan 444 koduna yönlendirerek bağlantıyı kapatıyoruz. +Not: Bu sunucu için bir ad belirlemelisiniz. Aksi takdirde nginx hostname ifadesini kullanacaktır. + + +
+ + +
+ + +Farklı adreslerde bulunan sanal sunucuların yer aldığı biraz daha karışık bir yapılandırmayı inceleyelim: + +server { + listen 192.168.1.1:80; + server_name nginx.org www.nginx.org; + ... +} + +server { + listen 192.168.1.1:80; + server_name nginx.net www.nginx.net; + ... +} + +server { + listen 192.168.1.2:80; + server_name nginx.com www.nginx.com; + ... +} + + +Bu yapılandırmada, nginx server bloklarında yer alan listen yönergelerini ilk olarak IP adresi ve port üzerinde test eder. Daha sonra, gelen taleplerin header bilgisinde yer alan “Host” datasını, IP ve port ile eşleşen server bloklarında yer alan server_name girdileri ile kontrol eder. + +Eğer sunucu bulunamazsa varsayılan sunucu tarafından işlenir. Örneğin, www.nginx.com için 192.168.1.1:80 adres ve portuna gelen bir talep, eğer bu adres ve port için www.nginx.com tanımlanmamışsa, 192.168.1.1:80’e ait varsayılan sunucu tarafından işlenir. + + + +Daha önce belirtildiği gibi, varsayılan bir sunucu, bir listen portunun ve değişik listen portları için tanımlanan çeşitli varsayılan sunucuların özelliğidir: + + +server { + listen 192.168.1.1:80; + server_name nginx.org www.nginx.org; + ... +} + +server { + listen 192.168.1.1:80 default_server; + server_name nginx.net www.nginx.net; + ... +} + +server { + listen 192.168.1.2:80 default_server; + server_name nginx.com www.nginx.com; + ... +} + + + +
+ + +
+ + +nginx’in basit bir PHP sitesi için gelen talebi işlemek için nasıl bir lokasyon seçtiğini inceleyelim: + + +server { + listen 80; + server_name nginx.org www.nginx.org; + root /data/www; + + location / { + index index.html index.php; + } + + location ~* \.(gif|jpg|png)$ { + expires 30d; + } + + location ~ \.php$ { + fastcgi_pass localhost:9000; + fastcgi_param SCRIPT_FILENAME + $document_root$fastcgi_script_name; + include fastcgi_params; + } +} + + + + +nginx ilk olarak literal dizgiler (string) tarafından verilmiş en spesifik lokasyonları arar. Yukarıdaki yapılandırmada tek literal lokasyon / ifadesidir ve herhangi bir talep ile eşleştiğinde kullanılacak son uğraktır (resort). nginx, daha sonra yapılandırma dosyasında bulunan listelenmiş sıralardaki düzenli ifadeler tarafından verilmiş lokasyonları arar. İlk düzenli ifade eşleşmesi aramayı durdurur ve nginx bu lokasyonu kullanır. Eğer talep ile eşleşen bir düzenli ifade bulunamaz ise nginx daha önce bulduğu en spesifik lokasyonu kullanır. + + + +Not: Tüm tiplerde bulunan bu lokasyonlar sadece bir talebin, sorgu dizgisi olmayan URI datasını test eder. Bunun yapılmasının nedeni sorgu dizgisinde bulunan argümanların çeşitli yollarla verilebilmesidir, örneğin: + + +/index.php?user=john&page=1 +/index.php?page=1&user=john + + +Ayrıca herhangi biri, herhangi bir şeyi sorgu dizgileri ile talep edebilir: + + +/index.php?page=1&baska+bir+sey&user=john + + + + +Yukarıdaki yapılandırmada taleplerin nasıl işlendiğini inceleyelim: + + + + + +Bir /logo.gif talebi, ilk olarak / literal lokasyonu, daha sonra, \.(gif|jpg|png)$ düzenli ifadesi tarafından eşleştirilir. Bu sonraki (latter) lokasyon tarafından tutulur. root /data/www yönergesi kullanılarak, talep /data/www/logo.gif dosyasına eşlemlenir (mapped to) ve dosya istemciye gönderilir. + + + + + +Bir /index.php talebi de ilk olarak / literal lokasyonu, sonra, \.(php)$ düzenli ifadesi tarafından eşleştirilir. Bu nedenle sonraki lokasyon tarafından tutulur ve localhost:9000’in dinlendiği bir FastCGI sunucusuna iletilir. fastcgi_param yönergesi, SCRIPT_FILENAME FastCGI parametresini /data/www/index.php adresine yerleştirir ve FastCGI sunucusu dosyayı yürütür. $document_root değişkeni root yönergesinin değerine, $fastcgi_script_name değişkeni ise talebin URI değerine eşittir. Örneğin /index.php. + + + + + +Bir /about.html talebi yalnızca / literal lokasyonu tarafından eşleştirilir ve bu yüzden, bu lokasyon tarafından tutulur. root /data/www yönergesi kullanılarak talep, /data/www/about.html dosyasına eşlemlenir ve istemciye gönderilir. + + + + + +Bir / talebini tutmak daha karmaşıktır. Sadece / literal lokasyonu tarafından eşleştirilir ve bu yüzden bu lokasyon tarafından tutulur. Sonra index yönergesi parametrelerine ve root /data/www yönergesine göre bir index dosyası olup olmadığını kontrol eder. Eğer bir /data/www/index.php dosyası mevcut ise yönerge, /index.php adresine dahili bir yönlendirme yapar ve eğer talep bir istemci tarafından gönderilmiş ise nginx, lokasyonları tekrar arar. Daha önce gördüğümüz gibi, yönlendirilmiş talep en son olarak FastCGI sunucusu tarafından tutulur. + + + + + + +
+ +
diff -r 000000000000 -r 61e04fc01027 xml/tr/docs/http/server_names.xml --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/xml/tr/docs/http/server_names.xml Thu Aug 11 12:19:13 2011 +0000 @@ -0,0 +1,354 @@ + + +
+ +
+ + +Sunucu adları server_name yönergesi kullanılarak tanımlanırlar ve gelen bir talep için hangi server bloğunun kullanılacağını belirlerler. Ayrıca bakınız “”. Gerçek, wildcard veya düzenli ifadeler şeklinde tanımlanabilirler. + + +server { + listen 80; + server_name nginx.org www.nginx.org; + ... +} + +server { + listen 80; + server_name *.nginx.org; + ... +} + +server { + listen 80; + server_name mail.*; + ... +} + +server { + listen 80; + server_name ~^(?<user>.+)\.nginx\.net$; + ... +} + + +Bu adlar şu sıra ile test edilirler: + + + + +gerçek adlar; + + + +* ile başlayan wildcard adlar: *.nginx.org; + + + +* ile biten wildcard adlar: mail.*; + + + +ve düzenli ifadeler (regular expressions). + + + +İlk eşleşme arama işlemini bitirir. + + +
+ + +
+ + +Bir wildcard ad ancak başlangıçta veya bitişte * ifadesini içerir ve nokta ile sınırlandırılır. www.*.nginx.org ve w*.nginx.org adları geçersizdir. Ancak bu adlar düzenli ifadeler ile geçerli hale getirilebilir, örneğin, ~^www\..+\.nginx\.org$ ve ~^w.*\.nginx\.org$. Buradaki * bir çok eşleşmeyi tanımlayabilir. *.nginx.org ifadesi www.nginx.org ve www.sub.nginx.org adlarına karşılık gelebilir. + + + +.nginx.org şeklindeki bir wildcard nginx.org gerçek adı ile *.nginx.org wildcard adına karşılık gelir. + + +
+ + +
+ + +nginx tarafından kullanılan düzenli ifadeler, Perl programlama dili (PCRE) tarafından kullanılanlar ile tam uyumludur. +Bir düzenli ifade kullanmak için sunucu adı tilda (~) ile başlamalıdır: + + +server_name ~^www\d+\.nginx\.net$; + + +diğer türlü ifade gerçek ad veya düzenli ifade * içeriyorsa wildcard ad gibi algılanacaktır (ve yüksek ihtimal geçersiz bir ad olarak). +“^” ve “$” çapalarını kullanmayı unutmayın. +Sentaks açısından gerekli olmasalar da mantık açısından gereklidir. +Ayrıca alan adında bulunan noktalarda da \ önceli ile kullanılmalıdır. +“{” ve “}” kullanan bir düzenli ifade tırnak arasına alınmalıdır: + + +server_name "~^(?<name>\w\d{1,3}+)\.nginx\.net$"; + + +diğer türlü, nginx şu şekilde bir hata verecektir: + + +directive "server_name" is not terminated by ";" in ... + + +Bir düzenli ifade adı değişken olarak sonraki aşamalarda kullanılabilir: + + +server { + server_name ~^(www\.)?(?<domain>.+)$; + + location / { + root /sites/$domain; + } +} + + +PCRE kütüphanesi ile ad yakalama işlemi de şu şekildedir: + + + + + + + + + + + + + + + + + + +
?<name>Perl 5.10 uyumlu sentaks, PCRE-7.0 ile gelmiştir.
?'name'Perl 5.10 uyumlu sentaks, PCRE-7.0 ile gelmiştir.
?P<name>Python uyumlu sentaks, PCRE-4.0 ile gelmiştir.
+ +Eğer nginx aşağıdaki hatayı verirse: + + +pcre_compile() failed: unrecognized character after (?< in ... + + +bu PCRE kütüphanesini eski olduğu ve ?P<name> şeklinde kullanmanız gerektiği anlamına gelir. +Yakalama ayrıca dijital formda da olabilir: + + +server { + server_name ~^(www\.)?(.+)$; + + location / { + root /sites/$2; + } +} + + +Ancak, dijital referanslar kolaylıkla üstüne yazılabilir olduğundan, bu şekilde kullanım basit durumlar için sınırlandırılmalıdır (yukarıdaki gibi). + + + +
+ + +
+ + +Eğer server bloğu içerisinde bir server_name tanımlanmamışsa nginx, sunucu adı olarak hostname ifadesini kullanır. + + + +Eğer varsayılan dışındaki bir server bloğuna gelen ve header bilgisinde “Host” datası yer almayan bir talebi işlemek isterseniz boş bir ad kullanmak zorundasınız: + + +server { + listen 80; + server_name nginx.org www.nginx.org ""; + ... +} + + + + +Eğer bir istemci ad yerine IP adresini kullanarak bir talepte bulunursa, header içerisinde bulunan “Host” datası IP bilgisini içerecektir ve bu IP adresini, sunucu adı olarak kullanarak talebi işleyebilirsiniz: + + +server { + listen 80; + server_name nginx.org + www.nginx.org + "" + 192.168.1.1 + ; + ... +} + + + + +Bir catch-all (tümünü-yakala) sunucuda “_” şeklinde garip bir ifade ile karşılaşabilirsiniz: + + +server { + listen 80 default_server; + server_name _; + return 444; +} + + +Bu ad ile ilgili özel bir durum söz konusu değil, sadece gerçek bir ad ile kesişmeyen sayısız geçersiz alan adlarından biridir. +Ayrıca “--”, “!@#” ve benzeri ifadeler de kullanabilirsiniz. + + + +nginx, 0.6.25 versiyonuna kadar, bir catch-all adı olmak için hatalı bir şekilde yorumlanan “*” özel adını destekliyordu. +Fakat bu bir catch-all veya wildcard sunucu adı olarak fonksiyonel değil. Bunun yerine, server_name_in_redirect yönergesini kullanarak fonksiyonelliği sağlamaya başladık. +“*” özel karakteri artık desteklenmiyor, bu yüzden server_name_in_redirect yönergesi kullanılmalıdır. +Not: server_name yönergesini kullanan varsayılan sunucuyu veya catch-all adını belirtmenin bir yolu bulunmuyor. +Bu, server_name yönergesinin değil, listen yönergesinin bir özelliğidir. +Ayrıca bakınız “”. +*:80 ve *:8080 portlarını dinleyen sunucular tanımlayabilir ve birini *:8080 portu için varsayılan olarak belirlerken, diğerini de *:80 için varsayılan olarak belirleyebilirsiniz: + + +server { + listen 80; + listen 8080 default_server; + server_name nginx.net; + ... +} + +server { + listen 80 default_server; + listen 8080; + server_name nginx.org; + ... +} + + + + +
+ + +
+ + +Gerçek ve wildcard adlar çırpılarda (hash) depolanır. Çırpılar listen portlarına bağlıdırlar ve her bir listen port 3 farklı çırpıya sahip olabilir: gerçek ad çırpısı, * ile başlayan bir wildcard adı çırpısı ve * ile biten bir wildcard adı çırpısı. Çırpıların boyutu yapılandırma aşamasında optimize edilir ve böylece bir ad en az önbellek kayıpları ile bulundurulur. İlk olarak gerçek ad çırpısı aranır. Gerçek ad çırpısı kullanan bir ad bulunmaz ise, * ile başlayan wildcard ad çırpısı aranır. Bu da bulunmaz ise, * ile biten wildcard ad çırpısı aranır. Adların alanadı parçaları ile aranması nedeniyle wildcard ad çırpıları araması, gerçek ad çırpı aramasına oranla daha yavaştır. Not: Özel .nginx.org wildcard formu, gerçek ad çırpısında değil, wildcard ad çırpısında saklanır. Düzenli İfadeler sırayla test edildiğinden bu en yavaş ve ölçeklenebilir olmayan yöntemdir. + + + +Bu nedenlerden dolayı, imkanlar el veriyorsa gerçek adları kullanmak en iyisidir. Örneğin, bir sunucunun en sık talep edilen adları nginx.org ve www.nginx.org ise bunları açıkca belirtmek daha etkili olacaktır: + + +server { + listen 80; + server_name nginx.org www.nginx.org *.nginx.org; + ... +} + + +bu kullanım aşağıdaki basit kullanımdan daha etkili olacaktır: + + +server { + listen 80; + server_name .nginx.org; + ... +} + + + + +Eğer çok miktarda veya olağandışı şekilde uzun sunucu adları tanımladıysanız, http düzeyinde server_names_hash_max_size +ve server_names_hash_bucket_size yönergelerini tekrar ayarlamalısınız. server_names_hash_bucket_size yönergesinin varsayılan değeri CPU önbellek satır boyutuna göre 32, 64 veya başka bir rakam olabilir. Eğer bu değer 32 ise ve “cok.uzun.sunucu.adi.nginx.org” ifadesini sunucu adı olarak belirlerseniz nginx, başlamayacak ve aşağıdaki hatayı verecektir: + + +could not build the server_names_hash, +you should increase server_names_hash_bucket_size: 32 + + +Bu durumda yönerge değerini aşağıdaki gibi belirlemelisiniz: + + +http { + server_names_hash_bucket_size 64; + ... + + +Eğer çok fazla sunu adı belirlemiş iseniz şu şekilde bir hata alacaksınız: + + +could not build the server_names_hash, +you should increase either server_names_hash_max_size: 512 +or server_names_hash_bucket_size: 32 + + +Bu durumda ilk olarak server_names_hash_max_size değerini sunucu ad sayısına yakın bir değeri yükseltin. Eğer bu da yardımcı sorunu çözmez ise veya nginx başlama süresi çok uzar ise server_names_hash_bucket_size değerini arttırın. + + + +Eğer bir sunucu sadece bir listen port için ise, nginx sunucu adlarını test etmeyecek ve listen port için çırpılar yaratmayacaktır. Fakat bu durumun bir istisnası var; eğer server_name tutuklar (capture) içeren bir düzenli ifade ise nginx, bu tutukları almak için ifadeyi yürütmek zorundadır. + + +
+ + +
+ + + + + +Named düzenli ifade sunucu adı tutukları, 0.8.25 versiyonundan beri destekleniyor. + + + +Düzenli ifade sunucu adı tutukları, 0.7.40 versiyonundan beri destekleniyor. + + + +“” boş sunucu adı 0.7.12 versiyonundan beri destekleniyor. + + + +Bir wildcard sunucu adının veya düzenli ifadenin ilk sunucu adı olarak kullanılması 0.6.25 versiyonundan beri destekleniyor. + + + +Düzenli ifade sunucu adları 0.6.7 versiyonundan beri destekleniyor. + + + +nginx.* wildcard formu 0.6.0 versiyonundan beri destekleniyor. + + + +.nginx.org özel formu 0.3.18 versiyonundan beri destekleniyor. + + + +*.nginx.org wildcard formu 0.1.13 versiyonundan beri destekleniyor. + + + + + +
+ +
diff -r 000000000000 -r 61e04fc01027 xml/tr/docs/index.xml --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/xml/tr/docs/index.xml Thu Aug 11 12:19:13 2011 +0000 @@ -0,0 +1,39 @@ + + +
+ +
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ +
diff -r 000000000000 -r 61e04fc01027 xml/tr/docs/introduction.xml --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/xml/tr/docs/introduction.xml Thu Aug 11 12:19:13 2011 +0000 @@ -0,0 +1,29 @@ + + +
+ +
+ + + + + + + + + + + + + + + + + + + +
+ +
diff -r 000000000000 -r 61e04fc01027 xml/tr/docs/sys_errlist.xml --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/xml/tr/docs/sys_errlist.xml Thu Aug 11 12:19:13 2011 +0000 @@ -0,0 +1,27 @@ + + +
+ +
+ + +nginx versiyon 0.7.66, 0.8.35 ve üstü için Linux kurulumu yaparken, şu uyarıları alabilirsiniz: + + +warning: `sys_errlist' is deprecated; + use `strerror' or `strerror_r' instead +warning: `sys_nerr' is deprecated; + use `strerror' or `strerror_r' instead + + +Bu normal bir durum: strerror() ve strerror_r() fonksiyonları "Async-Signal-Safe" olmadığından, nginx sinyal işleyici olarak onaylı olmayan sys_errlist[] ve sys_nerr kullanmak zorundadır. + + +
+ +
diff -r 000000000000 -r 61e04fc01027 xml/tr/docs/windows.xml --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/xml/tr/docs/windows.xml Thu Aug 11 12:19:13 2011 +0000 @@ -0,0 +1,134 @@ + + +
+ +
+ + +nginx/Windows doğrudan Win32 API’yi kullanır (Cygwin emülasyon tabakasını değil). +Şu an için sadece select methodunu kullandığından yüksek performans ve ölçeklenebilirlik beklememelisiniz. +Bu ve bilinen diğer nedenlerle nginx/Windows’u beta versiyon olarak kabul etmek gerekir. +Unix versiyonu ile karşılaştırıldığında, XSLT filtresi, imaj filtresi, GeoIP modülü ve gömülü Perl dili hariç tam fonklsiyoneldir. + + + +nginx/Windows versiyonunu yüklemek için indir bağlantısından zip formatındaki geliştirme versiyonunu indirebilirsiniz. Geliştirme versiyonu, özellikle Windows ile ilgili en son yamaları içerir. Dosyayı indirdikten sonra açarak, nginx- klasörü içerisinden nginx’i çalıştırabilirsiniz. +C sürücüsü için örnek. root dizini: + + +cd c:\ +unzip nginx-.zip +cd nginx- +start nginx + + +Ayrıca tasklist komutu ile nginx işlemlerini takip edebilirsiniz: + + +C:\nginx->tasklist /fi "imagename eq nginx.exe" + +Image Name PID Session Name Session# Mem Usage +=============== ======== ============== ========== ============ +nginx.exe 652 Console 0 2 780 K +nginx.exe 1332 Console 0 3 112 K + + +Bu işlemlerden biri ana, diğerleri işçi işlemleridir. +Eğer nginx başlamazsa logs\error.log dosyasından nedenini öğrenebilirsiniz. +Eğer kayıt (log) dosyası yaratılmamış ise bunun nedeni de Windows Event Log içerisinde belirtilmiştir. +Eğer beklenen sayfa yerine hata sayfası ile karşılaşırsanız, yine logs\error.log dosyasını kontrol etmelisiniz. + + + +nginx/Windows, yapılandırmada yer alan nisbi dizin yolları için yürütüldüğü klasörü, önek klasör olarak kullanır. +Buna örnek olarak, önek klasör şu şekildedir: +C:\nginx-\. +Ayarlarda yer alan dizin yolları Unix-stili kesme işaretleri ile belirtilir: + + +access_log logs/site.log; +root C:/web/html; + + + + +nginx/Windows bir servis olarak değil, standart konsol uygulaması olarak yürütülür ve aşağıdaki komutlar ile yönetilir: + + + + + + + + + + + + + + + + + + + + + + + +
nginx -s stophızlı çıkış
nginx -s quityavaş çıkış
nginx -s reload +ayarları değiştirmek, +yeni işçi çalıştırmak, +eski işçi işlemden yavaşça çıkmak +
nginx -s reopenKayıt dosyalarını tekrar açmak
+ + +
+ +
+ + + + +Bir çok işçi yürütülebildiği halde sadece biri iş yapabilmektedir. + + + +Bir işçi, 1024 eşzamanlı bağlantıdan fazlasını karşılayamamaktadır. + + + +Paylaşımlı hafıza desteğine ihtiyaç duyan önbellek ve diğer modüller, +“address space layout randomization” etkin olduğundan, +Windows Vista ve sonraki versiyonlarda çalışmamaktadır. + + + + +
+ +
+ + + + +Servis olarak yürütme. + + + +I/O completion portlarını, uyarı methodu olarak kulanmak. + + + +Bir işçi işleminde (worker process) çoklu thread (yürütme birimi) kullanmak. + + + + +
+ +
diff -r 000000000000 -r 61e04fc01027 xml/tr/index.xml --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/xml/tr/index.xml Thu Aug 11 12:19:13 2011 +0000 @@ -0,0 +1,259 @@ + + +
+ + +
+ + +nginx [engine x], Igor Sysoev tarafından yazılan bir HTTP, reverse proxy ve mail proxy sunucusudur. 5 yıldır, özellikle Rus sitelerinde yoğun bir şekilde kullanılmaktadır. Örneğin; +Rambler +(RamblerMedia.com). +Netcraft'a göre, nginx, Nisan 2010 itibari ile %4.70 oranında kullanılmaktadır. +Bazı başarı hikayeleri (İngilizce): +FastMail.FM, +Wordpress.com. + + + +Kaynak kodu, 2-clause BSD-like license lisansı altındadır. + + +
+ + +
+ + + + + +Statik ve index dosyalarının sunumu, otomatik indeksleme; +açık dosya açıklayıcı önbellek; + + + +Önbellek ile hızlandırılmış reverse proxying; +basit yük dengeleme ve hata toleransı; + + + +Uzak FastCgi sunucularının önbelleklenmesi ile hızlandırılmış destek; +basit yük dengeleme ve hata toleransı; + + + +Modüler yapı. +Gzip, byte aralıkları, yığın cevaplar (chunked responses), XSLT, SSI, imaj boyutlandırma gibi filtreler. +FastCGI veya proksilenmiş sunucular ile tek bir sayfada çoklu SSI içermelerinin paralel işlenmesi. + + + +SSL ve TLS SNI desteği. + + + + + +
+ + +
+ + + + + +Ad ve IP tabanlı sanal sunucular; + + + +Keep-alive ve pipelined bağlantı desteği; + + + +Esnek yapılandırma; + + + +İstemci işlemlerinde kopma olmadan yeniden yapılandırma ve online güncelleme; + + + +Erişim kayıt (log) formatları, tamponlanmış kayıt yazımı ve hızlı kayıt devri; + + + +3xx-5xx hata kod yönlendirmeleri; + + + +rewrite modülü; + + + +İstemcinin IP adresine dayalı erişim kontrolü ve HTTP temel kimlik denetleme; + + + +PUT, DELETE, MKCOL, COPY ve MOVE methodları; + + + +FLV streaming; + + + +Hız sınırlandırma; + + + +Bir adresten gelen eşzamanlı bağlantı ve talepleri sınırlandırma. + + + +Gömülü perl. + + + + + +
+ + +
+ + + + + +Harici bir HTTP kimlik denetleme sunucusunu kullanarak, kullanıcıyı IMAP/POP3 backend'ine yönlendirme; + + + +Harici bir HTTP kimlik denetleme sunucusunu kullanarak, kullanıcıyı SMTP backend'ine yönlendirme ve kullanıcı kimlik denetlemesi; + + + +Kimlik denetleme methodları: + + + + +POP3: USER/PASS, APOP, AUTH LOGIN/PLAIN/CRAM-MD5; + + + +IMAP: LOGIN, AUTH LOGIN/PLAIN/CRAM-MD5; + + + +SMTP: AUTH LOGIN/PLAIN/CRAM-MD5; + + + + + + +SSL desteği; + + + +STARTTLS ve STLS desteği. + + + + + +
+ + +
+ + + + + +Bir ana işlem (main process) ve çok sayıda işçi işlemleri (workers). +İşçiler, imtiyazsız kullanıcı olarak yürütülürler; + + + +Uyarı methodları: kqueue (FreeBSD 4.1+), +epoll (Linux 2.6+), rt signals (Linux 2.2.19+), +/dev/poll (Solaris 7 11/99+), event ports (Solaris 10), +select ve poll; + + + +Çeşitli kqueue özellikleri desteği: EV_CLEAR, EV_DISABLE +(event'i geçici olarak etkisizleştirir), NOTE_LOWAT, EV_EOF, olanaklı data sayısı, +hata kodları; + + + +sendfile (FreeBSD 3.1+, Linux 2.2+, Mac OS X 10.5), sendfile64 (Linux 2.4.21+), +ve sendfilev (Solaris 8 7/01+) desteği; + + + +File AIO (FreeBSD 4.3+, Linux 2.6.22+); + + + +Accept-filters (FreeBSD 4.1+) ve TCP_DEFER_ACCEPT (Linux 2.4+) desteği; + + + +10,000 inaktif HTTP keep-alive bağlantısı yaklaşık 2.5M hafıza kullanır; + + + +Data kopyalama operasyonları minimum düzeydedir. + + + + + +
+ + +
+ + + + + +FreeBSD 3 — 8 / i386; FreeBSD 5 — 8 / amd64; + + + +Linux 2.2 — 2.6 / i386; Linux 2.6 / amd64; + + + +Solaris 9 / i386, sun4u; Solaris 10 / i386, amd64, sun4v; + + + +MacOS X / ppc, i386; + + + +Windows XP, Windows Server 2003. + + + + + +
+ + +
diff -r 000000000000 -r 61e04fc01027 xml/versions.xml --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/xml/versions.xml Thu Aug 11 12:19:13 2011 +0000 @@ -0,0 +1,5 @@ + + 1.1.0 + 1.0.5 + 0.8.55 + diff -r 000000000000 -r 61e04fc01027 xsls/article.xsls --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/xsls/article.xsls Thu Aug 11 12:19:13 2011 +0000 @@ -0,0 +1,57 @@ +X:stylesheet { + +X:output method="html" indent="no" encoding="utf-8"; + +X:strip-space elements = "*"; + + +X:param XML = "'../xml'"; +X:param YEAR; + +X:var SITE = "'http://nginx.org'"; +X:var LINK = "/article/@link"; + +X:include href = "dirname.xslt"; +X:include href = "link.xslt"; +X:include href = "style.xslt"; +X:include href = "body.xslt"; +X:include href = "menu.xslt"; +X:include href = "donate.xslt"; +X:include href = "content.xslt"; +X:include href = "versions.xslt"; + + +X:template = "/article" { + + + !{@title} + + !style (lang="/article/@lang") + + + + !body (lang="/article/@lang") + + +} + + +X:template = "/article[@lang='he']" { + + + !{@title} + + !style (lang="/article/@lang") + + + + !body (lang="/article/@lang") + + +} + + +} diff -r 000000000000 -r 61e04fc01027 xsls/body.xsls --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/xsls/body.xsls Thu Aug 11 12:19:13 2011 +0000 @@ -0,0 +1,68 @@ +X:stylesheet { + +X:template body (lang) { + + X:variable ALIGN = { + X:if "$lang = 'he'" { X:text {left} } else { X:text {right} } + } + + + + + + + + + + + + + +

+ !{@title} X:if "$YEAR" { X:text{: } !{$YEAR} } +

+ nginx
+ +
+
+ + !! "document(concat($XML, '/menu.xml')) + /menus/menu[@lang = $lang]/item"; +
+ +
+ X:for-each "section[@name]" { + !{@title}
+ } +
+ + !!; + + X:if "@author" { +
+ + !{document(concat($XML, '/i18n.xml')) + /i18n/text[@lang = $lang]/item[@id='author']} + X:text { } !{@author}
+ + X:if "@editor" { + !{document(concat($XML, '/i18n.xml')) + /i18n/text[@lang = $lang]/item[@id='editor']} + X:text { } !{@editor}
+ } + + X:if "@translator" { + !{document(concat($XML, '/i18n.xml')) + /i18n/text[@lang = $lang]/item[@id='translator']} + X:text { } !{@translator}
+ } + +
+ } + +
+ + +} + +} diff -r 000000000000 -r 61e04fc01027 xsls/books.xsls --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/xsls/books.xsls Thu Aug 11 12:19:13 2011 +0000 @@ -0,0 +1,61 @@ +X:stylesheet { + +X:output method="html" indent="no" encoding="utf-8"; + +X:strip-space elements = "*"; + + +X:param XML = "'../xml'"; +X:param YEAR; + +X:var LINK = "/article/@link"; + +X:include href = "dirname.xslt"; +X:include href = "link.xslt"; +X:include href = "style.xslt"; +X:include href = "body.xslt"; +X:include href = "menu.xslt"; +X:include href = "content.xslt"; + + +X:template = "/article" { + + + !{@title} + + !style () + + + + !body (lang="/article/@lang") + + +} + + +X:template = "book" { + + + + + + + +
+ + + + + X:text {title: } !{@title}
+ X:text {author: } + X:if "@site" { !{@author} } else { !{@author} }
+ X:if "@translator" { X:text {translator: } !{@translator}
} + X:if "@publisher" { X:text {publisher: } !{@publisher}
} + X:text {language: } !{@lang} +
+} + +} diff -r 000000000000 -r 61e04fc01027 xsls/content.xsls --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/xsls/content.xsls Thu Aug 11 12:19:13 2011 +0000 @@ -0,0 +1,89 @@ +X:stylesheet { + +X:template = "section[@name and @title]" { +

!{@title}

+ !!; +} + +X:template = "section[not(@name) and @title]" { +

!{@title}

+ !!; +} + +X:template = "section[not(@name) and not(@title)]" { !!; } + +X:template = "para" {

!!;

} + +X:template = "item/para" {

!!;

} + +X:template = "para[@align]" {

!!;

} + + +X:template = "programlisting" { 
 !!;
} + +X:template = "para/programlisting" { + X:text disable-output-escaping="yes" {</p> } + 
 !!;
+ X:text disable-output-escaping="yes" {<p class="noindent"> } +} + + +X:template = "note" {
!!;
} + +X:template = "para/note" { + X:text disable-output-escaping="yes" {</p> } +
!!;
+ X:text disable-output-escaping="yes" {<p class="noindent"> } +} + + +X:template = "list" { } +X:template = "item" {
  • !!;
    • } + + +X:template = "orderedlist" {
      !!;
    } +X:template = "item" {
  • !!;
    • } + +X:template = "table[@note and @width]" { +
    !!;
    +} +X:template = "table[@note and not(@width)]" { +
    !!;
    +} +X:template = "table[not(@note) and @width]" { + !!;
    +} +X:template = "table" { !!;
    } +X:template = "tr" { !!; } +X:template = "td[@width]" { !!; } +X:template = "td" { !!; } + +X:template = "header" { + X:text {“} !!; X:text {”} +} + +X:template = "dirname[/*[@lang='he']]" { + + X:text {“} !!; X:text {”} + +} + +X:template = "dirname" { X:text {“} !!; X:text {”} } + +X:template = "url[/*[@lang='he']]" { + !!; +} + +X:template = "url" { !!; } + +X:template = "path" { X:text {“} !!; X:text {”} } +X:template = "code" { !!; } +X:template = "i" { !!; } +X:template = "b" { !!; } +X:template = "nobr" { !!; } +X:template = "mdash" { X:text { — } } +X:template = "space" { X:text { } } +X:template = "br" {
    } + + +} diff -r 000000000000 -r 61e04fc01027 xsls/development.xsls --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/xsls/development.xsls Thu Aug 11 12:19:13 2011 +0000 @@ -0,0 +1,7 @@ +X:stylesheet { + +X:output method="text"; + +X:template = "/versions" { !{ normalize-space(development) } } + +} diff -r 000000000000 -r 61e04fc01027 xsls/dirname.xsls --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/xsls/dirname.xsls Thu Aug 11 12:19:13 2011 +0000 @@ -0,0 +1,31 @@ +X:stylesheet { + + + + +X:var DIRNAME = { !dirname (path = "$LINK") } + +X:template dirname (path) { + X:if "contains($path, '/')" { + !{ substring-before($path, '/') } + X:text {/} + !dirname (path = "substring-after($path, '/')") + } +} + + + + +X:var ROOT = { !root (path = { !{ substring($DIRNAME, 2) } }) } + +X:template root (path) { + X:if "contains($path, '/')" { + X:text {..} + X:if "substring-after($path, '/')" { + X:text {/} + !root (path = "substring-after($path, '/')") + } + } +} + +} diff -r 000000000000 -r 61e04fc01027 xsls/donate.xsls --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/xsls/donate.xsls Thu Aug 11 12:19:13 2011 +0000 @@ -0,0 +1,25 @@ +X:stylesheet { + +X:template = "paypal" { + +
    + + + + + + + + + + +
    + +} + +} diff -r 000000000000 -r 61e04fc01027 xsls/download.xsls --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/xsls/download.xsls Thu Aug 11 12:19:13 2011 +0000 @@ -0,0 +1,99 @@ +X:stylesheet { + +X:output method="html" indent="no" encoding="utf-8"; + +X:strip-space elements = "*"; + + +X:param XML = "'../xml'"; +X:param YEAR; + +X:var LINK = "/article/@link"; + +X:include href = "dirname.xslt"; +X:include href = "link.xslt"; +X:include href = "style.xslt"; +X:include href = "body.xslt"; +X:include href = "menu.xslt"; +X:include href = "content.xslt"; + + +X:template = "/article" { + + + !{@title} + + !style () + + + + !body (lang="/article/@lang") + + +} + + +X:template = "download" { !! "item";
    } + + +X:template = "download/item[position() <= ../@last]" { + + + X:if "position() = 1" { +     + X:attribute "href" { X:text{/} !{/article/@lang} X:text{/} !{../@changes} } + !{../@changes} + + } + + + + + X:attribute "href" { + X:text {/download/nginx-} !{@ver} X:text {.tar.gz} + } + X:text {nginx-} !{@ver} + + + X:if "@pgp = 'yes'" { + X:text {  } + + X:attribute "href" { + X:text {/download/nginx-} !{@ver} X:text {.tar.gz.asc} + } + X:text {pgp} + + } + + + + X:if "@win= 'yes'" { + + X:attribute "href" { + X:text {/download/nginx-} !{@ver} X:text {.zip} + } + X:text {nginx/Windows-} !{@ver} + + + X:if "@pgp = 'yes'" { + X:text {  } + + X:attribute "href" { + X:text {/download/nginx-} !{@ver} X:text {.zip.asc} + } + X:text {pgp} + + } + } + + + +} + + +X:template = "download/item[position() > ../@last]" { } + +} diff -r 000000000000 -r 61e04fc01027 xsls/dump.xsls --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/xsls/dump.xsls Thu Aug 11 12:19:13 2011 +0000 @@ -0,0 +1,29 @@ +X:stylesheet { + +X:output method="xml" +X:param indent-increment="' '"; + +X:template noname(indent="' '") = "*" { + !{$indent} + + X:if "name()='xsl:template'" { + !{$indent} + } + + X:copy { + X:copy-of "@*" + !!( indent = "concat($indent, $indent-increment)" ); + X:if "./* " { !{$indent} } + } +} + + +X:template = "comment()|processing-instruction()" { + X:copy; +} + + + +} diff -r 000000000000 -r 61e04fc01027 xsls/error.xsls --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/xsls/error.xsls Thu Aug 11 12:19:13 2011 +0000 @@ -0,0 +1,51 @@ +X:stylesheet { + +X:output method="html" indent="no" encoding="utf-8"; + +X:strip-space elements = "*"; + + +X:param XML = "'../xml'"; + + +X:template = "/error" { + !{@title} + + + + + + + + + +

    !{@title}

    		+ nginx
    + +
    +
    + + !! "document(concat($XML, '/menu.xml')) + /menus/menu[@lang = current()/@lang]/item"; +
    + + +} + + +X:template = "menu/item" { + !{ normalize-space(text()) }
    +} + + +X:template = "menu/item[not(@href)]" { + !{ normalize-space(text()) }
    +} + +} diff -r 000000000000 -r 61e04fc01027 xsls/legacy_stable.xsls --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/xsls/legacy_stable.xsls Thu Aug 11 12:19:13 2011 +0000 @@ -0,0 +1,7 @@ +X:stylesheet { + +X:output method="text"; + +X:template = "/versions" { !{ normalize-space(legacy_stable) } } + +} diff -r 000000000000 -r 61e04fc01027 xsls/link.xsls --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/xsls/link.xsls Thu Aug 11 12:19:13 2011 +0000 @@ -0,0 +1,60 @@ +X:stylesheet { + + + + +X:template = "a[starts-with(@href, '/') + and string() = '' + and contains(@href, '.xml')]" +{ + + X:attribute "href" { + + + + X:if "starts-with(@href, $DIRNAME)" { + + + + !{ substring-after(document(concat($XML, @href))/article/@link, + $DIRNAME) } + } else { + + + + !{ concat($ROOT, document(concat($XML, @href))/article/@link) } + } + } + !{ document(concat($XML, @href))/article/@title } + +} + + + + +X:template = "a[starts-with(@href, '/') + and string() + and contains(@href, '.xml')]" +{ + + X:attribute "href" { + X:if "starts-with(@href, $DIRNAME)" { + !{ substring-after(document(concat($XML, @href))/article/@link, + $DIRNAME) } + } else { + !{ concat($ROOT, document(concat($XML, @href))/article/@link) } + } + } + !!; + +} + +X:template = "a" { !!; } + +X:template = "img" { !!; } + +} diff -r 000000000000 -r 61e04fc01027 xsls/menu.xsls --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/xsls/menu.xsls Thu Aug 11 12:19:13 2011 +0000 @@ -0,0 +1,67 @@ +X:stylesheet { + +X:template = "menu/item" { + + + + X:if "@href = $LINK" { + X:if "$YEAR and @href='/'" { + news
    + } else { + !{ normalize-space(text()) }
    + } + + } else { + + X:attribute "href" { + + X:if "starts-with(@href, $DIRNAME)" { + X:if "substring-after(@href, $DIRNAME) = ''" { + ./ + + } else { + !{ substring-after(@href, $DIRNAME) } + } + + } else { + !{ concat($ROOT, @href) } + } + } + !{ normalize-space(text()) } + + + X:if "@lang" { X:text { [} !{@lang} X:text {]}} + +
    + } +} + + +X:template = "menu/item[@year]" { + X:if "$YEAR or $LINK='/'" { + X:if "$YEAR=@year" { + !{@year}
    + } else { + !{@year} +
    + } + } +} + + +X:template = "menu/item[starts-with(@href, 'http://')]" { + !{ normalize-space(text()) } + X:if "@lang" { X:text { [} !{@lang} X:text {]}} +
    +} + + +X:template = "menu/item[not(@href)]" { + !{ normalize-space(text()) }
    +} + +} diff -r 000000000000 -r 61e04fc01027 xsls/news.xsls --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/xsls/news.xsls Thu Aug 11 12:19:13 2011 +0000 @@ -0,0 +1,70 @@ +X:stylesheet { + +X:output method="html" indent="no" encoding="utf-8"; + +X:strip-space elements = "*"; + + +X:param XML = "'../xml'"; +X:param YEAR; + +X:var SITE = "'http://nginx.org'"; +X:var LINK = "/news/@link"; + +X:include href = "dirname.xslt"; +X:include href = "link.xslt"; +X:include href = "style.xslt"; +X:include href = "body.xslt"; +X:include href = "menu.xslt"; +X:include href = "content.xslt"; + + +X:template = "/news" { + + + + + !{@title} X:if "$YEAR" { X:text{: } !{$YEAR} } + + !style () + + + + !body (lang="/news/@lang") + + +} + + +X:template = "event" { + + X:var year = { !{substring(../event[position()=1]/@date, 1, 4)} } + X:var y = { !{substring(@date, 1, 4)} } + + X:if "(not($YEAR) and ($year = $y or position() < 11)) or $YEAR=$y" { + + + + + + + + + +
    + !{@date} X:text {  } + !! "para";
    + X:text disable-output-escaping="yes" {&nbsp;} +
    + } +} + + +X:template = "event/para" {

    !!;

    } + + +} diff -r 000000000000 -r 61e04fc01027 xsls/rss.xsls --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/xsls/rss.xsls Thu Aug 11 12:19:13 2011 +0000 @@ -0,0 +1,72 @@ +X:stylesheet + xmlns:date="http://exslt.org/dates-and-times" +{ + +X:output indent="no" encoding="utf-8"; + +X:strip-space elements = "*"; + + +X:param XML = "'../xml'"; +X:param YEAR; + +X:var SITE = "'http://nginx.org'"; +X:var LINK = "/news/@link"; + +X:include href = "dirname.xslt"; +X:include href = "link.xslt"; +X:include href = "menu.xslt"; +X:include href = "content.xslt"; + + +X:template = "/news" { + + + !{@title} + !{$SITE} + + !! "event"; + + +} + + +X:template = "event[position() <= 10]" { + + X:var year = { !{substring(../event[position()=1]/@date, 1, 4)} } + X:var y = { !{substring(@date, 1, 4)} } + + X:var page = { + X:if "$year != $y" { + !{concat($y, '.html')} + } + } + + + !{@date} + !{$SITE} X:text {/} !{$page} X:text {#} !{@date} + !{$SITE} X:text {/} !{$page} X:text {#} !{@date} + + !{ concat(date:day-abbreviation(@date), ', ', + format-number(date:day-in-month(@date), '00'), ' ', + date:month-abbreviation(@date), ' ', + date:year(@date), + ' 00:00:00 +0300') } + + + + X:text disable-output-escaping="yes" {<![CDATA[} + !! "para"; + X:text disable-output-escaping="yes" {]]>} + + +} + + +X:template = "event" { } + + +} diff -r 000000000000 -r 61e04fc01027 xsls/security.xsls --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/xsls/security.xsls Thu Aug 11 12:19:13 2011 +0000 @@ -0,0 +1,113 @@ +X:stylesheet { + +X:output method="html" indent="no" encoding="utf-8"; + +X:strip-space elements = "*"; + + +X:param XML = "'../xml'"; +X:param YEAR; + +X:var LINK = "/article/@link"; + +X:include href = "dirname.xslt"; +X:include href = "link.xslt"; +X:include href = "style.xslt"; +X:include href = "body.xslt"; +X:include href = "menu.xslt"; +X:include href = "content.xslt"; + + +X:template = "/article" { + + + !{@title} + + !style () + + + + !body (lang="/article/@lang") + + +} + + +X:template = "security" { } + + +X:template = "security/item" { + +
  • +

    + + !{@title}
    + + X:if "@severity = 'major'" { + X:text{Severity: } !{@severity}
    + } else { + X:text{Severity: } !{@severity}
    + } + + X:if "@cert" { + + X:attribute "href" { + X:text {http://www.kb.cert.org/vuls/id/} !{@cert} + } + X:text {VU#} !{@cert} + + } + + X:if "@cve" { + X:if "@cert" { + X:text {  } + } + + X:attribute "href" { + X:text {http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-} !{@cve} + } + X:text {CVE-} !{@cve} + + } + + X:if "@core" { + X:if "@cert or @cve" { + X:text {  } + } + !{@core} + } + + X:if "@cert or @cve or @core" { +
    + } + + X:text {Not vulnerable: } !{@good}
    + X:text {Vulnerable: } !{@vulnerable}
    + + X:if "@patch" { + + X:attribute "href" { + X:text {/download/} !{@patch} + } + X:text {The patch} + + + X:text {  } + + + X:attribute "href" { + X:text {/download/} !{@patch} X:text {.asc} + } + X:text {pgp} + + } + +

    +
    • +} + + +} diff -r 000000000000 -r 61e04fc01027 xsls/stable.xsls --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/xsls/stable.xsls Thu Aug 11 12:19:13 2011 +0000 @@ -0,0 +1,7 @@ +X:stylesheet { + +X:output method="text"; + +X:template = "/versions" { !{ normalize-space(stable) } } + +} diff -r 000000000000 -r 61e04fc01027 xsls/style.xsls --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/xsls/style.xsls Thu Aug 11 12:19:13 2011 +0000 @@ -0,0 +1,29 @@ +X:stylesheet { + +X:template style (lang) { + + +} + +} diff -r 000000000000 -r 61e04fc01027 xsls/versions.xsls --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/xsls/versions.xsls Thu Aug 11 12:19:13 2011 +0000 @@ -0,0 +1,13 @@ +X:stylesheet { + +X:template = "development_version" { + !{ normalize-space(document(concat($XML, '/versions.xml')) + /versions/development) } +} + +X:template = "stable_version" { + !{ normalize-space(document(concat($XML, '/versions.xml')) + /versions/stable) } +} + +}