24 comments

[ 3.0 ms ] story [ 62.7 ms ] thread
Does it come with the new TCP load balancer?
The upcoming 1.9 mainline release will include the TCP load balancer.
Is RFC7469 planned in 1.9?
Isn't that just a header? Or do you mean for backend validation or ?
Difficult for me to get over the idea of waiting for x.1 releases.

Tired of being a beta tester.

But nice feature list.

This is what iteration looks like. Would you like to not have the opportunity to see smaller releases? You can look away.
We've been running 1.7.12 in production for about a week, so far it's as solid as 1.6 has been. So far I see no reason not to use the mainline.
I don't understand. This is 1.8 which is a stable release but non-breaking release.

If it were versioned 1.8.1 it'd be a mainline release which is more experimental.

I'm always confused by nginx's version scheme. What does "mainline" mean? Is mainline better or worse than stable?
Mainline is where new features arrive. Think of it kind of like what used to be Firefox Aurora. Stable is snapshots of mainline taken less frequently that are considered suitable for long term use.

Mainline has newer features, but isn't quite a nightly build. Stable has fewer features but is more stable. I use mainline for my needs, including in production.

The really interesting point is that nginx considers mainline to be more reliable than stable because stable does not receive all bug fixes, only the critical ones.
(comment deleted)
(comment deleted)
(comment deleted)
Been waiting for this: "backend SSL certificate verification". Thank you nginx team.
Could someone kindly explain that for the uninitiated?
Pretty sure it's verifying SSL certificates of the proxied (backend) servers in a reverse proxy configuration-- so that you know you're talking to the backend server that you think you're talking to (in case your internal network gets MITM'd, I guess, or if you're talking to backend servers across a public network).

At least, that's what I gather from the new config options they linked to (the relevant options are the proxy_ssl_* directives).