Categories
Nginx

Nginx 1.14.2 for Jessie

Nginx 1.14.2 has then been released on December 4th, 2018 to squash a few bugs.

As a consequence, packages of Nginx 1.14.2 are now available for Debian 8 “Jessie” (with or without full HTTP2 support – see the instructions), on both amd64 and i386 architectures.

For more details about which modules are included in the different Nginx flavors (light, full and extras), just take a look at the configuration options in the Makefile.

Categories
Nginx

Nginx 1.14.1 for Jessie

Nginx 1.14 has been released on April 17th 2018, incorporating new features and bug fixes from the 1.13.x mainline branch – including the mirror module, HTTP/2 push, the gRPC proxy module, and more..

Nginx 1.14.1 has then been released on November 6th, 2018, with fixes for vulnerabilities in HTTP/2 (CVE-2018-16843, CVE-2018-16844) and the MP4 module (CVE-2018-16845)..

As a consequence, packages of Nginx 1.14.1 are now available for Debian 8 “Jessie” (with or without full HTTP2 support – see the instructions), on both amd64 and i386 architectures. Associated modules have been updated too. Please note that PageSpeed is now only supported on amd64, not i386.

For more details about which modules are included in the different Nginx flavors (light, full and extras), just take a look at the configuration options in the Makefile.

Categories
Nginx

Nginx 1.12.2 for Jessie

Nginx 1.12.2 has then been released on October 17th, 2017 to squash a few bugs.

As a consequence, packages of Nginx 1.12.2 are now available for Debian 8 “Jessie” (with or without full HTTP2 support – see the instructions), on both amd64 and i386 architectures.

For more details about which modules are included in the different Nginx flavors (light, full and extras), just take a look at the configuration options in the Makefile.

Categories
Nginx

Nginx 1.12.1 for Jessie

Nginx 1.12 has been released on April 12th 2017, bringing a number of new features and capabilities to the 1.11 mainline branch: dynamic modules, IP Transparency, improved TCP/UDP load balancing, better caching performance, and more. You will find more details on this blog post.

Nginx 1.12.1 has then been released on July 12th, 2017 to fix an integer overflow in the range filter (CVE-2017-7529).

As a consequence, packages of Nginx 1.12.1 are now available for Debian 8 “Jessie” (with or without full HTTP2 support – see the instructions), on both amd64 and i386 architectures.

For more details about which modules are included in the different Nginx flavors (light, full and extras), just take a look at the configuration options in the Makefile.

Categories
Nginx

Nginx 1.10.3 for Jessie and Wheezy

Nginx 1.10.3 has been released on January 31st 2017, to fix a bunch of bugs.

As a consequence, packages of Nginx 1.10.3 are now available :

  • for Debian 8 “Jessie” (with or without full HTTP2 support – see the instructions) and for Debian 7 “Wheezy”
  • On both amd64 and i386 architectures.

Please note that :

  • I had to remove the Pinba module from the nginx-full and nginx-extras flavors to prevent an unexpected/odd behavior with the realip directives,
  • I will include the dual SPDY/HTTP2 patch from Cloudflare in a future update

For more details about which modules are included in the different Nginx flavors (light, full and extras), just take a look at the configuration options of their respective sections in the Jessie and Wheezy Makefiles.

Categories
Nginx

Update : Nginx 1.10.2

Packages of Nginx 1.10.2 for Jessie and Wheezy – amd64 and i386 – have been updated to fix CVE 2016-1247.

Secure log file handling (owner & permissions) against privilege escalation attacks. /var/log/nginx is now owned by root:adm. Thanks Dawid Golunski for the report. Changing /var/log/nginx permissions effectively reopens #701112, since log files can be world-readable. This is a trade-off until a better log opening solution is implemented upstream (trac:376).

This update can also bring full HTTP2 support to Jessie with a new additional repository. As a reminder, Chrome as a browser was not supported on stock Jessie, because it requires a more recent OpenSSL 1.0.2 for its ALPN protocol. Now that jessie-backports includes such an OpenSSL version, Dotdeb provides Nginx packages with full HTTP2 support for Chrome. Here is how to install them :

  1. Activate the jessie-backports repository because you will now rely on its OpenSSL 1.0.2+ backport
  2. Add the following additional repo to your sources.list :
    deb http://packages.dotdeb.org jessie-nginx-http2 all
  3. Upgrade your Nginx packages as usual

Please note that this change will not be available on Wheezy.

Categories
Nginx

Nginx 1.10.2 For Jessie and Wheezy

Nginx 1.10.2 has been released on October 18th 2016, to fix issues with HTTP/2 and bugs with the sub_filter, aio threads and sendfile directives.

As a consequence, packages of Nginx 1.10.2 are now available :

  • for Debian 8 “Jessie” and Debian 7 “Wheezy”
  • On both amd64 and i386 architectures.

For more details about which modules are included in the different Nginx flavors (light, full and extras), just take a look at the configuration options of their respective sections in the Jessie and Wheezy Makefiles.

Categories
Nginx

Nginx 1.10.1 for Jessie and Wheezy

Nginx 1.10 – the new stable major version – has been released on May 24th 2016, followed by Nginx 1.10.1 on May 31st to fix the CVE-2016-4450 vulnerability.

The 1.10 branch brings a lot of new features and improvements, including :

  • HTTP/2 support: The SPDY module was replaced by the HTTP/2 module. Please make sure to update your listen directives.
  • The new stream module that lets you proxy and load-balance UDP and TCP traffic.
  • Support for dynamic modules.
  • SO_REUSEPORT support, TCP support for DNS resolution…

More details in this blog post.

As a consequence, I’m glad to announce that packages of Nginx 1.10.1 are now available :

  • for Debian 8 “Jessie” and Debian 7 “Wheezy”
  • On both amd64 and i386 architectures.

Important note when upgrading : please make sure that you have the following line at the beginning of your /etc/nginx/nginx.conf file :

include /etc/nginx/modules-enabled/*.conf;

Please also note that :

  • HTTP/2 with Chrome as a browser is not supported on stock Jessie and Wheezy, because it requires a more recent OpenSSL 1.0.2 for its ALPN protocol. Backporting such an important library is definitely not an option for me, so it’s totally your responsibility to upgrade OpenSSL from another vendor if you absolutely need HTTP/2.
  • even if the http-auth-pam, http-geoip, http-image-filter, http-lua, http-ndk, http-perl, http-xslt-filter, stream and mail modules now have their dedicated libnginx-mod-* packages, the current packaging scheme and numbering does not take profit from the dynamic loading for other extensions yet.
  • ngx_pagespeed has been updated to version 1.11.33.2 on Jessie.
  • ngx_pagespeed is stuck to version 1.9.32.11 on Wheezy because its 1.10 branch now requires GCC 4.8+. Usage of ngx_pagespeed on Wheezy has been kept for compatibility purpose but is highly discouraged. Upgrade to Jessie instead.
  • naxsi has been moved from its dedicated package to nginx-extras naxsi had to be temporarily disabled because of build failures, it should be back in nginx-extras (no more dedicated nginx-naxsi package) soon.
  • there won’t be any update for Squeeze, since its LTS support has been terminated.

For more details about which modules are included in the different Nginx flavors (light, full and extras), just take a look at the configuration options of their respective sections in the Jessie and Wheezy Makefiles.

Categories
Nginx

Nginx 1.8.1

Nginx 1.8.1 has been released on January 26th 2016, to fix three security issues in its resolver.

As a consequence, packages of Nginx 1.8.1 are now available :

  • for Debian 8 “Jessie”, Debian 7 “Wheezy” and Debian 6 “Squeeze”
  • On both amd64 and i386 architectures.

Please also note that ngx_pagespeed has been updated to :

  • version 1.10.33.2 on Jessie
  • only version 1.9.32.11 on Wheezy and Squeeze, because the 1.10 branch now requires GCC 4.8+. Usage of ngx_pagespeed on Wheezy and Squeeze has been kept for compatibility purpose but is highly discouraged. Upgrade to Jessie instead.

For more details about which modules are included in the different Nginx flavors, just have to look at this document.

Categories
Nginx

Nginx 1.8.0

Nginx 1.8.0 has been released on April 21th 2015.

This is the first version of the new 1.8.x stable branch, incorporating many new features from the 1.7.x mainline branch – including hash load balancing method, backend SSL certificate verification, experimental thread pools support, proxy_request_buffering and more.

Packages of Nginx 1.8.0 are now available

  • for Debian 8 “Jessie”, Debian 7 “Wheezy” and Debian 6 “Squeeze”
  • on both amd64 and i386 architectures.

with the following changes :

  • because Passenger 3.x isn’t compatible with Nginx 1.8, nginx-passenger isn’t available for Squeeze anymore
  • Logging to Syslog is now supported upstream
  • ngxensite and ngxdissite scripts have been replaced by ngx-conf (take a look at its -e and -d options)
  • Default config files has been synced with both upstream and Debian versions. Please review them systematically when upgrading
  • Thread pools support has been enabled in every Nginx flavor
  • All the modules have been updated to their latest version

For more details about which modules are included in the different Nginx flavors, just have to look at this document.