NGINX 1.23.2 QUIC, собранный с Brotli, TLS 1.3, OpenSSL 1.1.1r, поддержкой http2 для Red Hat Enterprise Linux, CentOS, Rocky, Oracle, Alma Linux EL7/EL8/EL9

В репозиторий добавлен NGINX 1.23.2 mainline с поддержкой сжатия brotli от Google, http2, ngx cache purge и ngx http geoip2 module. OpenSSL собран динамически с OpenSSL+QUIC 1.1.1r.

TLS 1.3 final на сегодня работает в Google Chrome 70+ и Mozilla Firefox 63+.

RHEL 7 / CentOS 7:

yum upgrade -y codeit-repo-release
yum-config-manager --enable CodeIT-quic --save

RHEL 8 / Alma Linux 8 / Rocky Linux 8 / CentOS 8 / Other EL8 репозиторий стал модульным. Для установки надо включить соответствующий стрим:

dnf module enable -y nginx:codeit-quic

Для включения TLS 1.3 надо указать:

ssl_protocols TLSv1.2 TLSv1.3;

C версии 1.21.6 мы собираем OpenSSL+QUIC 1.1.1 отдельно, он устанавливается в /lib64 отдельно с суффиксом .so.81.1.1 и никак не затрагивает системные библиотеки.

NGINX 1.23.2 QUIC, собранный с Brotli, TLS 1.3, OpenSSL 1.1.1r, поддержкой http2 для Red Hat Enterprise Linux, CentOS, Rocky, Oracle, Alma Linux EL7/EL8/EL9: 8 комментариев

  1. I have been using this suite on AlmaLinux 8 for a month, it is still very stable, thanks, I have upgraded to the latest version, but nginx still shows nginx/1.23.1, it should be nginx/1.23.2, please pay attention to the details , continue to improve everyone’s confidence. grateful

    [root@server ~]# nginx -v
    nginx version: nginx/1.23.1
    [root@server ~]# yum upgrade -y
    Last metadata expiration check: 0:30:15 ago on Tue 01 Nov 2022 04:57:13 PM CST.
    Dependencies resolved.
    Nothing to do.
    Complete!

      1. Thanks for reporting! This is the known versioning problem of the upstream nginx: they first update the code for weeks, then perform the update release tags. When we see tags are updated, we do the QUIC release.
        Only then versions are updated, sometimes day after, sometimes weeks (as they merge upstream minor changes to https://hg.nginx.org/nginx-quic/).

        Earlier, nginx made update first for the next version instead. In this case you would receive 1.23.3 even it is not released yet.

        Of course, we can ship a minor updates after that (but there are no significant changes at all yet), but please do not expect exact versions match for the quic branch because we build it from the repository (replacing the tarball in the mainline version).

    1. These packages are manual EL9 rebuilds of EL7 version of our package.
      I see the error, but we have no CI/CD process for the brotli package now (as the upstream releases are stopped) and cannot provide additional effort to rebuild it at this moment.
      When 1.0.10 will be released, we will set up full CI/CD process for all the supported repos and the tag will be fixed.
      Do you have any side effects from the wrong package name?
      The repo is free and we need to mitigate the efforts, if they have no or minor problems for the users.
      Thanks for the understanding.

      1. Thank you for your explanation. Except for the suspicious and disturbing package name, it has no real impact. I hope you can fix it when the new version comes out. You guys have done a great job, thank you for your efforts.

Добавить комментарий для Alexander Gerasimov Отменить ответ

Ваш адрес email не будет опубликован. Обязательные поля помечены *