NGINX 1.9.2 Released

Today we issued the third release in the 1.9 mainline series of NGINX. This brings with it a few new features as well as bug fixes. The main focus of this release was improving the Stream module, initially added in NGINX 1.9.0 for generic TCP proxying and load balancing. Most notably:

  • Bug fix for SO_REUSEPORT socket option with TCP – The reuseport parameter to the listen directive now works correctly for TCP connections.
  • Configurable queue length for pending TCP and mail connections – The backlog parameter to the listen directive is now available in the stream and mail modules.
  • Access control based on IP address for TCP connections – With the new Stream Access module, you can restrict access to a TCP stream to specified IP addresses or address ranges.

    The module goes through the list of IP addresses and ranges until a match is found and acts on it. For example, the following snippet allows TCP connection from any IP address in the 192.168.1.x range except 192.168.1.1, and blocks connections from any other IP address range:

    stream {
    server {
    # ...
    deny 192.168.1.1;
    allow 192.168.1.0/24;
    deny all;
    }
    }

In addition to those changes, the following new features have been added:

  • PROXY protocol support for TCP – The new proxy_protocol directive enables a header to be sent to the upstream server with details about the client connection.
  • Specify source IP address for connections to proxied servers – The new proxy_bind directive for TCP works like the existing HTTP directive: it makes connections to a proxied server originate from a specified local IP address.
  • REQUEST_SCHEME parameter – Support for the REQUEST_SCHEME parameter is added to the (HTTP) fastcgi_param directive and fastcgi.conf.
  • Configuration dumping – The new -T argument to the nginx command not only tests the configuration but gives much more verbose output including an entire dump of every configuration file parsed.
  • Bug fix for OCSP Stapling – Expired cached SSL handshake responses are no longer sent to when the ssl_stapling on directive is configured. Thanks to Andrew Ayer for contributing a fix for this.

TCP load balancing is also available in NGINX Plus R6 with even more great features.

Updating NGINX

You can check your current NGINX version using nginx -v:

# nginx -v
nginx version: nginx/1.9.1

Updates for NGINX 1.9.x are available from nginx.org (sources and prebuilt binary packages). If you’ve subscribed to NGINX through another channel (such as your operating system distributor), you can expect it to sync with the 1.9.2 update shortly.

Cover image
Free O'Reilly Ebook
Your guide to everything NGINX