mirror of
https://github.com/opnsense/plugins.git
synced 2026-02-03 20:40:37 -05:00
291 lines
10 KiB
Text
291 lines
10 KiB
Text
NGINX is a high performance edge web server with the lowest memory footprint
|
|
and the key features to build modern and efficient web infrastructure.
|
|
|
|
NGINX functionality includes HTTP server, HTTP and mail reverse proxy, caching,
|
|
load balancing, compression, request throttling, connection multiplexing and
|
|
reuse, SSL offload and HTTP media streaming.
|
|
|
|
Plugin Changelog
|
|
================
|
|
|
|
1.36
|
|
|
|
* Add optional HTTP/3 support with dynamic Alt-Svc (contributed by Jan Chlouba)
|
|
|
|
1.35
|
|
|
|
* Global options sendfile directive typo fix
|
|
* Add HTTP/2 option to GUI
|
|
* Add multiple client authentication trusted CA support
|
|
* Add proxy_intercept_errors directive support
|
|
* Add Variables hashes size support
|
|
* Add proxy_cache_valid directive support with response codes and multiple selection options
|
|
* Clean up model definition file
|
|
* Change ban_ttl default value to avoid unintentional system slowdown
|
|
* Fix NAXSI rules install
|
|
|
|
1.34
|
|
|
|
* Add the option to not log TLS handshakes
|
|
* Remove obsolete http2_push_preload directive
|
|
* Migrate from the deprecated 'listen … http2' directive to the 'http2' directive
|
|
* Limit CSP log file size (migration notice: if you want to keep CSP violations logged, you will need to enable logging in the security policy)
|
|
* Add basic support for forced caching (contributed by Eirik Øverby)
|
|
* Add ability to override SNI for streams (contributed by DodoLeDev)
|
|
|
|
1.33
|
|
|
|
* Add the "resolver" directive support
|
|
* Add config preview/test/copy to GUI
|
|
* Add gzip disabling support
|
|
* Move bot UA settings to GUI
|
|
* Add auto-ban logging support
|
|
* Add Upstream keepalive support
|
|
* Add Stream proxy_connect_timeout and proxy_timeout directives support
|
|
* Convert epoch time to readable format on "Banned" page
|
|
* Cosmetic: add table header borders on Traffic Statistic page for better reading
|
|
|
|
1.32.2
|
|
|
|
* Add columns select button to the log viewer (contributed by kulikov-a)
|
|
|
|
1.32.1
|
|
|
|
* add "Host header port" and "use original Host header" options
|
|
* Fix width of commands column (contributed by krbrs)
|
|
|
|
1.32
|
|
|
|
* add support for resetting timed out connections and 444 responses (reset_timedout_connection)
|
|
* add option to change autoban response code to 444 (NGX_HTTP_CLOSE)
|
|
* add ssl_reject_handshake directive support
|
|
* add error log severity level support for HTTP and Stream servers
|
|
* add logging of possible errors causes to the setup script
|
|
* migrate general error log to syslog
|
|
* $internalModelUseSafeDelete enabled in API Settings controller to check item references before delete
|
|
* minor style adjustments for IP ACL and SNI Based Routing forms
|
|
* handle possible remaining vts socket after nginx start failure
|
|
* add uuid columns to the grids and a button to copy its value to clipboard
|
|
* add Cache Path columns naming
|
|
* fix: add the PROXY protocol for the HTTPS listener too, if it is set for the server
|
|
* fix: set Stream server outbound PROXY protocol based on Upstream settings
|
|
* fix: set Trusted Proxies (set_real_ip_from) for Stream server only with PROXY protocol enabled
|
|
* fix: do not include commented out core rules in naxsi policies when importing
|
|
* fix: fixed a typo in setting the proxy_ssl_session_reuse directive value (thanks to Sigurd Våg Aaknes)
|
|
|
|
1.31
|
|
|
|
* Allow dynamic proxy_ssl_name (contributed by Mike Reiche)
|
|
|
|
1.30
|
|
|
|
* add support for autoblock TTL
|
|
|
|
1.29
|
|
|
|
* fixed a typo in the trusted tls fingerprints db creation part of setup.php
|
|
* rfc5746, rfc7507 and rfc8701 are taken into account on compiling and comparing tls fingerprints
|
|
* the reason for scoring the connection as intercepted is added to the X-TLS-Client-Intercepted header. check backend settings if using this feature
|
|
* http_post hook added to be able to map global variables
|
|
* PHP 8 compatibility: change crypt() to password_hash()
|
|
|
|
1.28
|
|
|
|
* add support for connect-src and worker-src in content security policy
|
|
* add support for proxy_responses property in streams
|
|
* bugfix: trusted proxies field is now correctly named which makes it usable
|
|
|
|
1.27
|
|
|
|
* add support for custom configuration in stream server (contributed by Fabio Castagnino)
|
|
* add headers_more support (contributed by kulikov-a)
|
|
|
|
1.26
|
|
|
|
* Enhancement of security headers (contributed by Manuel Faux)
|
|
* Add Frame-Ancestors, add "preload", removed deprecated HPKP
|
|
* Performance enhancements for log display
|
|
* Fixed display of vts and logs for non-default styles
|
|
|
|
1.25
|
|
|
|
* Reworked logging frontent to support filtering and historic view (contributed by Manuel Faux)
|
|
|
|
1.24
|
|
|
|
* Change all Listen Port directives to Listen Address and migrate the Port data to Addresses
|
|
* Add default_server option to HTTP Server
|
|
* Replace stop action by the reload option in reconfigureForceRestart (#2450)
|
|
* Add server ssl_protocols, ssl_ciphers, ssl_prefer_server_ciphers directives to GUI
|
|
|
|
1.23
|
|
|
|
* Add custom error pages on a per HTTP server basis (contributed by 8191)
|
|
* Migration for PHP Phalcon 4 (non breaking change for UI/API)
|
|
|
|
1.22
|
|
|
|
* Add X-Forwarded-Port and X-Forwarded-Host headers (contributed by Carlos Cesario)
|
|
* Fix wrong stream server CA filename (contributed by Ingo Theiss)
|
|
* Fix proxy_ssl_name and add hook (contributed by kulikov-a)
|
|
* Apply loadbalancing for UDP (contributed by Thomas Laubrock)
|
|
* Naxsi whitelist improvements (contributed by Manuel Faux)
|
|
* Grid view improvements (contributed by Manuel Faux)
|
|
* Minor fixes in setup.php (contributed by kulikov-a)
|
|
|
|
1.21
|
|
|
|
* fix performance issue with autoban feature (contributed by jkellerer)
|
|
|
|
1.20
|
|
|
|
* User interface improvements of NAXSI configuration (contributed by 8191)
|
|
* Fixed missing certificate validation of upstreams (contributed by 8191)
|
|
|
|
1.19
|
|
|
|
* Add possibility to configure SNI proxying.
|
|
* Display NAXSI rule ID in volt
|
|
|
|
1.18
|
|
|
|
* Add proxy header for CloudFlare
|
|
|
|
1.17
|
|
|
|
* allow to set worker_processes and worker_connections (contributed by ibanezbass in #1621)
|
|
* fix location access control handling (contributed by Szeraax)
|
|
|
|
1.16
|
|
|
|
* advanced buffering configuration in location (#1575)
|
|
|
|
1.15
|
|
|
|
* add OCSP stapling and verify
|
|
* fix bug sendfile directive is only applied if TLS is enabled
|
|
* allow to configure the maximum header and request line buffer size HTTP Server advanced option (Issue: 1544)
|
|
|
|
1.14
|
|
|
|
* add load balancer algorithm option (ip_hash)
|
|
* fix URL flag not stored (contributed by jkellerer)[1]
|
|
* allow to whitelist specific source IPs in the web application firewall (contributed by Julio Cesar Camargo)[2]
|
|
|
|
[1] https://github.com/opnsense/plugins/pull/1375
|
|
[2] https://github.com/opnsense/plugins/pull/1310
|
|
|
|
1.13
|
|
|
|
* add support for 0-RTT (Early Data in TLS 1.3)
|
|
* add XMLRPC sync support
|
|
|
|
1.12
|
|
|
|
* add log to SYSLOG server support
|
|
* add support for maximum temporary file size for request bodies
|
|
* fix log "format" disable
|
|
|
|
1.11
|
|
|
|
* add VTS(1) module for traffic status reports
|
|
* fix HSTS bug
|
|
* add extended log format (contributed by Josh Wiles)
|
|
* fix ACME support (contributed by Frank Wall)
|
|
|
|
(1) https://github.com/vozlt/nginx-module-vts
|
|
|
|
1.10
|
|
|
|
* fix content security settings (missing checkbox, correct templating)
|
|
|
|
1.9
|
|
|
|
* add advanced options to configure hostname hash sizes for long hostnames
|
|
|
|
1.8
|
|
|
|
* update lodash to v4.17.11
|
|
* Breaking: remove the WAF policy match type "=" as it is not supported (if you have them in use, unlink and delete them before installing this update)
|
|
* allow plugins via include hooks
|
|
* Breaking: the enabled flag in the general setting now works (en- or disables all vhosts in the plugin itself, but always serves plugins). Default was false so make sure you have it enabled before upgrade.
|
|
* Alias support for downstream proxies (trust setting)
|
|
* bugfix: deleting IP ACL
|
|
* HSTS not sent automatically anymore if HTTP over TLS is configured (still available via security header)
|
|
* add configuration directives for timeouts to location
|
|
|
|
1.7
|
|
|
|
* bugfix: create log directory if it is missing
|
|
* reorder menu
|
|
|
|
1.6
|
|
|
|
* fix bug due to permission downgrade (basic auth)
|
|
* fix bug when multiple hostnames are used, that the logs are not displayed in the log viewer
|
|
* add paging support to log viewer, so it does not crash on really big log files
|
|
* add basic TLS fingerprint check to make man in the middle attacks visible (may not fully work on LibreSSL crypto flavour as curves seem to return an empty string)
|
|
* add dropdown to select authentication backend in HTTP server for advanced authentication
|
|
* add global error log to log viewer
|
|
* use stricter checks for internal locations (contributed by Northguy)
|
|
|
|
1.5
|
|
|
|
* Add proxy options for ignore client abort and disabling buffering
|
|
* Add logviewer support for streams
|
|
* Fix charset is not defined bug (contributed by ccesario)[1]
|
|
* Add an existence check for locations
|
|
* Add PROXY protocol for HTTP and Streams frontend
|
|
* Add PROXY backend support for Streams
|
|
* Add support for better whitelist rules in the WAF
|
|
|
|
[1] https://github.com/opnsense/plugins/pull/1035
|
|
|
|
1.4 (Development only)
|
|
|
|
* move upstreams from HTTP to their own menu because they are used for TCP load balancing as well
|
|
* add TCP load balancing[1]
|
|
* add support for IP based ACLs
|
|
* add log rotation (contributed by Julius Cesar Camargo)[2]
|
|
* add support for satisfy, body size limitation
|
|
* change: allow to disable internal bot protection (contributed by fzoske)[3]
|
|
* change: do not save when no change in the list happened to prevent filling the log history
|
|
* fix: translate a german string in upstream server to english
|
|
* replace headers instead of just adding our own (duplication issue #971), suppress X-Powered-By from Upstream[4]
|
|
|
|
[1] https://github.com/opnsense/plugins/pull/930
|
|
[2] https://github.com/opnsense/plugins/pull/982
|
|
[3] https://github.com/opnsense/plugins/pull/934
|
|
[4] https://github.com/opnsense/plugins/issues/971
|
|
|
|
1.3
|
|
|
|
* bugfix: correctly set upstream header
|
|
|
|
1.2
|
|
|
|
* add limiter support
|
|
* add permanent ban feature (use alias in firewall rules)
|
|
* add caching feature (local file system)
|
|
* add path prefix support (contributed by ccesario)
|
|
* add port to upstream server table
|
|
* add support to download waf rules
|
|
* improvement: export full chain instead of only the server certificate (fixes some issues with some tools which need it)
|
|
* web interface (allow HTTP/2 server push to increase performance)
|
|
* support for (secure) web sockets in reverse proxy mode
|
|
* bugfix: fix issues with multiple hostnames due to IPv6 issues with TLS SNI (contributed by ccesario)
|
|
* bugfix: warning in certificate rendering
|
|
|
|
1.1
|
|
|
|
* add log viewer
|
|
|
|
1.0
|
|
|
|
* add Reverse Proxy (Load Balancer)
|
|
* add Location Configuration
|
|
* add local HTTP Server
|
|
* add local PHP support
|
|
* add experimental support to handle the web interface (can only be enabled via CLI)
|
|
* add WAF (NAXSI) support
|
|
* add Authentication support
|