Today we issued the third release in the 1.9 mainline series of NGINX. This brings with it a few new features as well as bug fixes. The main focus of this release was improving the Stream module, initially added in NGINX 1.9.0 for generic TCP proxying and load balancing. Most notably:
SO_REUSEPORT
socket option with TCP – The reuseport
parameter to the listen
directive now works correctly for TCP connections.backlog
parameter to the listen
directive is now available in the stream and mail modules.Access control based on IP address for TCP connections – With the new Stream Access module, you can restrict access to a TCP stream to specified IP addresses or address ranges.
The module goes through the list of IP addresses and ranges until a match is found and acts on it. For example, the following snippet allows TCP connection from any IP address in the 192.168.1.x range except 192.168.1.1, and blocks connections from any other IP address range:
stream { server {
# ...
deny 192.168.1.1;
allow 192.168.1.0/24;
deny all;
}
}
In addition to those changes, the following new features have been added:
proxy_protocol
directive enables a header to be sent to the upstream server with details about the client connection.proxy_bind
directive for TCP works like the existing HTTP directive: it makes connections to a proxied server originate from a specified local IP address.REQUEST_SCHEME
parameter – Support for the REQUEST_SCHEME
parameter is added to the (HTTP) fastcgi_param
directive and fastcgi.conf.-T
argument to the nginx
command not only tests the configuration but gives much more verbose output including an entire dump of every configuration file parsed.ssl_stapling
on
directive is configured. Thanks to Andrew Ayer for contributing a fix for this.TCP load balancing is also available in NGINX Plus R6 with even more great features.
You can check your current NGINX version using nginx
-v:
# nginx -vnginx version: nginx/1.9.1
Updates for NGINX 1.9.x are available from nginx.org (sources and prebuilt binary packages). If you’ve subscribed to NGINX through another channel (such as your operating system distributor), you can expect it to sync with the 1.9.2 update shortly.
[Editor – The features described in this post are also available in NGINX Plus Release 7 and later.
"This blog post may reference products that are no longer available and/or no longer supported. For the most current information about available F5 NGINX products and solutions, explore our NGINX product family. NGINX is now part of F5. All previous NGINX.com links will redirect to similar NGINX content on F5.com."