Why should I uptade Nginx? Changes between 1.19 and 1.4.6 and 1.8.0

Nginx is well known web server, used on many Linux (and Windows) servers. Package is still updated, so if you have older, but still supported Ubuntu 12.04 you can have Nginx 1.19 installed, while the latest version of nginx is 1.9. Is it worth the upgrade nginx? In my opinon yes, but in most cases only to 1.4.6.

Usually, you want to update web server because of few reasons:

  1. You need to be sure, that it has all security fixes and has no (known) vulnerabilities.
  2. You want nginx to be faster, with more cool functions.
  3. You need some specyfic options/functions, added in newer version of nginx.

If these are your requirements for the web server, it is easy to get an answer whether to update or not„:

  1. If you had installed nginx on Linux (eg. Ubuntu 12.04) from official repository, you already have security updates available for your package: http://packages.ubuntu.com/pl/precise/nginx-full You need to update package up to „security” version (in january 2016 it is 1.1.19-1ubuntu0.7) but there is no need to update to higher version. Also Nginx on Ubuntu use OpenSSL, so please be sure that it is up to date 1.0.1 or newer (because 0.9.8 doesn’t support TLSv1.2).
  2. You want more functions – ugrade your nginx.
  3. Need some specyfic, new function – upgrade your nginx.

Most important changes in nginx versions

Generally it is hard to find user-friendly information, which version of nginx  implement which functions.

Since 1.2 version, Nginx follows a common method for version numering: Even for stable, odd for feature/testing. So for production server better use only 1.4.x, 1.6.x or 1.8.x. Once time I’ve read changelog on http://nginx.org and I find that:

Updating from 1.19 to 1.4.6

  • In my opinion – it is really worh to update.
  • Nginx 1.19 is from 2012, nginx 1.4.6 is from 2014. This is time, where a lot of changes in web services and web security was made.
  • This update brings many bugfixes, security fixes and better handles of some exceptions.
  • Improvements in: reverse proxy, headers modyfications, OCSP stapling support (since 1.3.7), SPDY support, limiting connections, more functions about SSL, updated Naxsi module, better support for IPv6 and more.
  • Full changelog available here: http://nginx.org/en/CHANGES-1.4

Updating from 1.4.6 to 1.8

  • If you want to update, better update to the latest stable version (1.8.0 from April 2015) thand old stable (1.6.2 from September 2014)
  • Of course many bugfixes, security fixes.
  • Improvements in: SSL (passphrase file and more), proxy functions (SSL verification, caching, balancing), cache (in SSL, proxy), option „auto” for number of workers, nice showing „OK” when using „configtest” function in Linux.
  • Full changes available here: http://nginx.org/en/CHANGES-1.8

Ubuntu precise 12.04

Nginx in Ubuntu precise 12.04 in default repository is available in version: 1.19. So, if you want upgrade Nginx up to 1.4.6 you need to use backports or add „trusty” repository:

/etc/apt/sources.list.d/trusty.list:

#
# trusty
#
deb     http://pl.archive.ubuntu.com/ubuntu     trusty main restricted universe multiverse
deb http://security.ubuntu.com/ubuntu trusty-security main restricted universe multiverse

/etc/apt/preferences.d/pinning

Package: *
Pin: release a=trusty
Pin-Priority: 100

Then go to aptitude, update list and upgrade nginx. There will be need to update your config file /etc/nginx/nginx.conf For me, the best option is here to accept instaling new version of this file, and after that, made changes.


Edit [May 2016] Nginx 1.9 brings many cool functions and improvements, so it is really worth to upgrade Nginx up to this or later versions:

https://www.nginx.com/blog/nginx-1-10-1-11-released/

Ten wpis został opublikowany w kategorii Linux, www i oznaczony tagami , , . Dodaj zakładkę do bezpośredniego odnośnika.