Hacker Newsnew | past | comments | ask | show | jobs | submitlogin
Nginx 1.8.0 stable has been released (nginx.org)
165 points by christop on April 21, 2015 | hide | past | favorite | 21 comments


Been waiting for this: "backend SSL certificate verification". Thank you nginx team.


Could someone kindly explain that for the uninitiated?


Pretty sure it's verifying SSL certificates of the proxied (backend) servers in a reverse proxy configuration-- so that you know you're talking to the backend server that you think you're talking to (in case your internal network gets MITM'd, I guess, or if you're talking to backend servers across a public network).

At least, that's what I gather from the new config options they linked to (the relevant options are the proxy_ssl_* directives).


I'm always confused by nginx's version scheme. What does "mainline" mean? Is mainline better or worse than stable?


Mainline is where new features arrive. Think of it kind of like what used to be Firefox Aurora. Stable is snapshots of mainline taken less frequently that are considered suitable for long term use.

Mainline has newer features, but isn't quite a nightly build. Stable has fewer features but is more stable. I use mainline for my needs, including in production.


The really interesting point is that nginx considers mainline to be more reliable than stable because stable does not receive all bug fixes, only the critical ones.


See [1] and [2].

[1] explains which version should you use. (I probably go with mainline).

All the newest features are added to mainline releases. By the time most of the bugs are fixed, their version is renumbered and branch is forked to make a stable release.

[2] is where you see the information about upcoming nginx releases.

[1] http://nginx.com/blog/nginx-1-6-1-7-released/ [2] http://trac.nginx.org/nginx/roadmap


http://nginx.com/blog/nginx-1-6-1-7-released/ explains it


Thanks. So the 1.7 mainline version on the downloads page should be "1.9 mainline" soon?


Yeah! Exactly. 1.9.0 is set to release on April 28, 2015.


exactly.


Does it come with the new TCP load balancer?


The upcoming 1.9 mainline release will include the TCP load balancer.


Is RFC7469 planned in 1.9?


Isn't that just a header? Or do you mean for backend validation or ?


It does not.

Here's the diff between 1.8.0 and 1.7.12

http://trac.nginx.org/nginx/changeset/01d52c2b460da263fd1557...


Does not look like it[1].

[1] http://nginx.org/en/CHANGES-1.8


Difficult for me to get over the idea of waiting for x.1 releases.

Tired of being a beta tester.

But nice feature list.


This is what iteration looks like. Would you like to not have the opportunity to see smaller releases? You can look away.


We've been running 1.7.12 in production for about a week, so far it's as solid as 1.6 has been. So far I see no reason not to use the mainline.


I don't understand. This is 1.8 which is a stable release but non-breaking release.

If it were versioned 1.8.1 it'd be a mainline release which is more experimental.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: