nginx

nginx (engine x) is an open source, one-man reverse proxy and mail proxy server, as well as a high-performance and lightweight web (HTTP) server for Linux, BSD and Windows operating systems. It is described by its developer as a plus for mission critical environments.

Features at a glance

Major highlights include accelerated reverse proxying with caching, accelerated support with caching of SCGI, FastCGI, uwsgi, and memcached servers, a modular architecture, as well as TLS SNI and SSL support.

The mail proxy server features support for SSL (Secure Sockets Layer), STLS, STARTTLS encrypted protocols, several authentication methods for IMAP, POP3 and SMTP, user redirection to a POP3 or IMAP servers, as well as user authentication and connection redirection. Among other interesting features, we can mention support for kqueue, sendfile, File AIO, DIRECTIO, accept-filters, and much, much more.

It can process numerous SSI inclusions at the same time, within a single web page, if they’re controlled by FastCGI or proxied servers. Additionally, the HTTP server part of the program supports validation of HTTP referer, MP4 and FLV streaming, embedded Perl, response rate limiting, redirection for 3xx-5xx error codes, as well as support for pipelined and keep-alive connections.

Servers both index and static files

The software can serve both index and static files, provides users with fault tolerance and simple load balancing, various filters like XSLT, gzipping, SSI, image transformation, chunked responses, and byte ranges.

Because it provides easy, logical and flexible configuration, several well known websites use the nginx software to deliver their users with high quality and unique information. Among these, we can mention Wordpress.com, Netflix, and FastMail.FM.

Supported operating systems

At the moment, nginx has been successfully tested on Linux 2.2-3 (32-bit), Linux 2.6-3 (64-bit), FreeBSD 3-10 (32-bit), FreeBSD 5-10 (64-bit), Solaris 9 (32-bit), Solaris 10 (32-bit and 64-bit), AIX 7.1 (PowerPC), HP-UX 11.31 (IA64), Mac OS X (PowerPC and 32-bit), Windows XP, and Windows Server 2003.

What is new in this release:

• nginx-1.12.0 stable version has been released, incorporating new features and bug fixes from the 1.11.x mainline branch - including variables support and other improvements in the stream module, HTTP/2 fixes, support for multiple SSL certificates of different types, improved dynamic modules support, and more.

What is new in version :

• nginx-1.12.0 stable version has been released, incorporating new features and bug fixes from the 1.11.x mainline branch - including variables support and other improvements in the stream module, HTTP/2 fixes, support for multiple SSL certificates of different types, improved dynamic modules support, and more.

What is new in version 1.8.1:

• Security: invalid pointer dereference might occur during DNS server response processing if the "resolver" directive was used, allowing an attacker who is able to forge UDP packets from the DNS server to cause segmentation fault in a worker process (CVE-2016-0742).
• Security: use-after-free condition might occur during CNAME response processing if the "resolver" directive was used, allowing an attacker who is able to trigger name resolution to cause segmentation fault in a worker process, or might have potential other impact (CVE-2016-0746).
• Security: CNAME resolution was insufficiently limited if the "resolver" directive was used, allowing an attacker who is able to trigger arbitrary name resolution to cause excessive resource consumption in worker processes (CVE-2016-0747).
• Bugfix: the "proxy_protocol" parameter of the "listen" directive did not work if not specified in the first "listen" directive for a listen socket.
• Bugfix: nginx might fail to start on some old Linux variants; the bug had appeared in 1.7.11.
• Bugfix: a segmentation fault might occur in a worker process if the "try_files" and "alias" directives were used inside a location given by a regular expression; the bug had appeared in 1.7.1.
• Bugfix: the "try_files" directive inside a nested location given by a regular expression worked incorrectly if the "alias" directive was used in the outer location.
• Bugfix: "header already sent" alerts might appear in logs when using cache; the bug had appeared in 1.7.5.
• Bugfix: a segmentation fault might occur in a worker process if different ssl_session_cache settings were used in different virtual servers.
• Bugfix: the "expires" directive might not work when using variables.
• Bugfix: if nginx was built with the ngx_http_spdy_module it was possible to use the SPDY protocol even if the "spdy" parameter of the "listen" directive was not specified.

What is new in version 1.8.0:

• Includes many new features from the 1.7.x mainline branch - including hash load balancing method, backend SSL certificate verification, experimental thread pools support, proxy_request_buffering and more.

What is new in version 1.7.8:

• Change: now the "If-Modified-Since", "If-Range", etc. client request header lines are passed to a backend while caching if nginx knows in advance that the response will not be cached (e.g., when using proxy_cache_min_uses).
• Change: now after proxy_cache_lock_timeout nginx sends a request to a backend with caching disabled; the new directives "proxy_cache_lock_age", "fastcgi_cache_lock_age", "scgi_cache_lock_age", and "uwsgi_cache_lock_age" specify a time after which the lock will be released and another attempt to cache a response will be made.
• Change: the "log_format" directive can now be used only at http level.
• Feature: the "proxy_ssl_certificate", "proxy_ssl_certificate_key", "proxy_ssl_password_file", "uwsgi_ssl_certificate", "uwsgi_ssl_certificate_key", and "uwsgi_ssl_password_file" directives. Thanks to Piotr Sikora.
• Feature: it is now possible to switch to a named location using "X-Accel-Redirect". Thanks to Toshikuni Fukaya.
• Feature: now the "tcp_nodelay" directive works with SPDY connections.
• Feature: new directives in vim syntax highliting scripts. Thanks to Peter Wu.
• Bugfix: nginx ignored the "s-maxage" value in the "Cache-Control" backend response header line. Thanks to Piotr Sikora.
• Bugfix: in the ngx_http_spdy_module. Thanks to Piotr Sikora.
• Bugfix: in the "ssl_password_file" directive when using OpenSSL 0.9.8zc, 1.0.0o, 1.0.1j.
• Bugfix: alerts "header already sent" appeared in logs if the "post_action" directive was used; the bug had appeared in 1.5.4.
• Bugfix: alerts "the http output chain is empty" might appear in logs if the "postpone_output 0" directive was used with SSI includes.
• Bugfix: in the "proxy_cache_lock" directive with SSI subrequests. Thanks to Yichun Zhang.

What is new in version 1.6.2:

• Security: it was possible to reuse SSL sessions in unrelated contexts if a shared SSL session cache or the same TLS session ticket key was used for multiple "server" blocks (CVE-2014-3616). Thanks to Antoine Delignat-Lavaud.
• Bugfix: requests might hang if resolver was used and a DNS server returned a malformed response; the bug had appeared in 1.5.8.
• Bugfix: requests might hang if resolver was used and a timeout occurred during a DNS request.

What is new in version 1.6.1:

• Security: pipelined commands were not discarded after STARTTLS command in SMTP proxy (CVE-2014-3556); the bug had appeared in 1.5.6. Thanks to Chris Boulton.
• Bugfix: the $uri variable might contain garbage when returning errors with code 400. Thanks to Sergey Bobrov.
• Bugfix: in the "none" parameter in the "smtp_auth" directive; the bug had appeared in 1.5.6. Thanks to Svyatoslav Nikolsky.

What is new in version 1.6.0:

• This stable version incorporates many new features from the 1.5.x mainline branch - including various SSL improvements, SPDY 3.1 support, cache revalidation with conditional requests, auth request module and more.

What is new in version 1.4.7:

• Security: a heap memory buffer overflow might occur in a worker process while handling a specially crafted request by ngx_http_spdy_module, potentially resulting in arbitrary code execution (CVE-2014-0133). Thanks to Lucas Molas, researcher at Programa STIC, Fundacion Dr. Manuel Sadosky, Buenos Aires, Argentina.
• Bugfix: in the "fastcgi_next_upstream" directive. Thanks to Lucas Molas.

What is new in version 1.4.6:

• Bugfix: the "client_max_body_size" directive might not work when reading a request body using chunked transfer encoding; the bug had appeared in 1.3.9. Thanks to Lucas Molas.
• Bugfix: a segmentation fault might occur in a worker process when proxying WebSocket connections.

What is new in version 1.4.5:

• Bugfix: the $ssl_session_id variable contained full session serialized instead of just a session id. Thanks to Ivan Ristic.
• Bugfix: client connections might be immediately closed if deferred accept was used; the bug had appeared in 1.3.15.
• Bugfix: alerts "zero size buf in output" might appear in logs while proxying; the bug had appeared in 1.3.9.
• Bugfix: a segmentation fault might occur in a worker process if the ngx_http_spdy_module was used.
• Bugfix: proxied WebSocket connections might hang right after handshake if the select, poll, or /dev/poll methods were used.
• Bugfix: a timeout might occur while reading client request body in an SSL connection using chunked transfer encoding.
• Bugfix: memory leak in nginx/Windows.

What is new in version 1.4.4:

• This release introduces a fix for the request line parsing vulnerability in nginx 0.8.41 - 1.5.6 discovered by Ivan Fratric of the Google Security Team (CVE-2013-4547).

What is new in version 1.5.0:

• Security: a stack-based buffer overflow might occur in a worker process while handling a specially crafted request, potentially resulting in arbitrary code execution (CVE-2013-2028); the bug had appeared in 1.3.9. Thanks to Greg MacManus, iSIGHT Partners Labs.