Angie Version History#

2024#

Angie 1.7.0#

Release date: 19.09.2024.

Features#

  • Forced closing of all connections to a proxied server when it's removed from the group can be configured via the proxy_connection_drop, grpc_connection_drop, fastcgi_connection_drop, scgi_connection_drop, and uwsgi_connection_drop directives.

  • Counters of sent DNS query types in the resolver statistics API, which is collected with the status_zone parameter of the resolver directive.

  • The $ssl_server_cert_type variable that contains the type of selected certificate for a received TLS-connection.

  • Disabling creation of the PID file with the off parameter of the pid directive, which might be beneficial with immutable images and direct control by a service manager. Thanks to Maxim Dounin (freenginx).

  • Creation of the PID file made atomic via an intermediate temporary file, which removes a moment when the file is already in the directory but still empty, and allows external programs to handle it more easily and reliably.

  • Now, during reconfiguration, no attempt is made to recreate the PID file if the name in the pid directive has changed but points to the same file via symlinks; in particular, it allows avoiding issues on systems that migrate from /var/run/angie.pid to /run/angie.pid. Thanks to Maxim Dounin (freenginx).

  • Syslog logging errors are now reported no more than once per second; this helps avoid flooding the logs with such messages when the syslog server is down or overloaded. Thanks to Maxim Dounin (freenginx).

  • In the Mail proxy module, the maximum number of commands during authentication, configured with the max_commands directive, is limited to better protect against DoS attacks. Thanks to Maxim Dounin (freenginx).

  • The --feature-cache option of the ./configure script to cache its results for optimization when building multiple modules or cross-compiling.

  • All functionality of nginx 1.27.1.

Bugfixes#

  • PID file ... not readable (yet?) after start and Failed to parse PID from file... errors might appear when starting with systemd. Thanks to Maxim Dounin (freenginx).

Changes#

  • Updated descriptions of HTTP status codes in conformance with RFC 9110. Thanks to Maxim Dounin (freenginx) and Michiel W. Beijen.

  • A maximum of one empty line is now allowed before an HTTP request to better protect against DoS attacks. Thanks to Maxim Dounin (freenginx).

  • HTTP/1.x header field names without a colon at the end are now prohibited; such invalid header fields from a client or a proxied server will now cause an error response. Thanks to Maxim Dounin (freenginx) and Maksim Yevmenkin.

  • When reading a request body using HTTP/1.1 chunked transfer encoding, the total size of ignored chunk extensions and trailer header fields is now limited by the client_max_body_size directive to better protect against DoS attacks. Thanks to Maxim Dounin (freenginx) and Bartek Nowotarski.

  • The MIME type in the mime.types configuration file has been changed to image/bmp for the bmp extension and application/vnd.rar for the rar extension; set to application/vnd.debian.binary-package for the deb and udeb extensions. Thanks to Yuriy Izorkin.

Packages#

24.10.2024


Angie 1.6.2#

Release date: 16.08.2024.

Security#

  • Processing a specially crafted MP4 file with the ngx_http_mp4_module could cause a worker process crash (CVE-2024-7347); the fix was ported from nginx 1.27.1.


Angie 1.6.1#

Release date: 08.08.2024.

Features#

Bugfixes#

  • When using virtual servers or the pass directives in the stream module, connections could be accounted incorrectly in the statistics API.

  • Worker processes could crash on configurations with 5 ACME clients or more; the bug had appeared in 1.6.0.

  • Handling cached responses with the X-Accel-Redirect header could crash the worker process. Thanks to Maxim Dounin (freenginx) and Jiří Setnička.

Packages#


Angie 1.6.0#

Release date: 28.06.2024.

Features#

  • The sticky directive and related options in the stream module's upstream block, which allow to configure sticky sessions mode where all connections in the session are routed to the same server.

  • Extraction of Cookie values from RDP connections using the rdp_preread directive in the stream module into $rdp_cookie and $rdp_cookie_NAME variables, which allows to log and stick RDP client sessions to particular servers while load balancing.

  • Support for multiple acme directives in a server block, which allows to configure obtaining two types of certificates at once for that virtual server.

  • Command line options -m and -M to list built-in and loaded modules.

  • Support for BoringSSL in the ACME module.

  • All functionality of nginx 1.27.0, including support for virtual servers in the stream module and the pass directive, which allows to pass accepted connections for handling to another listening sockets, including HTTP and Mail modules.

Bugfixes#

  • Certificate request via the ACME protocol could result in error on some configurations with a log message like [alert] getsockname() failed (9: Bad file descriptor).

  • Certificate request with large number of domain names via the ACME protocol could result in error with a log message like [error] JSON parser error.

  • ACME clients in configurations with multiple error_log directives could log messages to irrelevant logs.

Packages#


Angie 1.5.2#

Release date: 03.06.2024.

Security#

  • When using HTTP/3, processing of a specially crafted QUIC session could cause a worker process crash, worker process memory disclosure on systems with MTU larger than 4096 bytes, or have other impact (CVE-2024-32760, CVE-2024-31079, CVE-2024-35200, CVE-2024-34161); the fix has been ported from nginx 1.26.1.

Packages#


Angie 1.5.1#

Release date: 16.05.2024.

Bugfixes#

  • The proxy_next_upstream mechanism did not work correctly when using the resolve option of the server directive in the HTTP block if the number of resolved IP addresses differed from the number of specified servers.

  • While requesting a certificate via the ACME protocol, a segmentation fault could occur in a worker process.

  • The slow_start mechanism did not work when proxying TCP connections in the stream module.

  • HTTP/3 requests could result in an error if received as TLS 1.3 early data; the bug had appeared in 1.4.0.

  • HTTP/3 connection could be prematurely closed while using 0-RTT in QUIC.

  • When reading a request body from a fast connection, reading for a long time was possible. Thanks to Maxim Dounin (freenginx).

Changes#

  • Now ACME clients do not discard previously stored certificates that were expired or issued for a different domain list, but use them while renewing.

Packages#

27.05.2024

  • Added packages for Alpine 3.20.


Angie 1.5.0#

Release date: 27.03.2024.

Features#

  • Basic support for automatically obtaining and updating certificates using the ACME protocol, configurable with the acme_client and acme directives, as well as variables of the form $acme_cert_= and $acme_cert_key_=.

  • Configuration of automatic redirection, which adds trailing slashes to request URIs, with the auto_redirect directive.

  • Output statistics metrics with dates in Epoch format instead of ISO 8601 for use in Prometheus and optionally in the JSON API with the ?date-epoch request argument.

  • New recovering state for upstream peers in the statistics API, indicating that a peer is slowly starting up after a failure, as suggested by the slow_start option.

  • Now the -V switch also shows the relevant version of nginx, which is useful for compatibility with third-party utilities, certbot in particular. Thanks to AdvTechnoKing.

  • All functionality of nginx 1.25.4.

Bugfixes#

  • If the SSL session reuse mechanism proxy_ssl_session_reuse was used and the list of proxied servers was dynamically updated, a leak could occur in the shared memory zone configured for the corresponding upstream block.

Packages#

28.03.2024

16.04.2024

25.04.2024


Angie 1.4.1#

Release date: 15.02.2024.

Security#

  • When using HTTP/3, a segmentation error may have occurred in a worker process while processing a specially crafted QUIC session (CVE-2024-24989); note that Angie as of 1.4.0 is already not vulnerable to CVE-2024-24990.

Packages#

2023#

Angie 1.4.0#

Release date: 12.12.2023.

Features#

  • Support for establishing HTTP/3 connections to upstream servers in the HTTP proxy module while allowing clients to use arbitrary HTTP versions. Configuration is done with the proxy_http_version directive and a set of proxy_quic_ and proxy_http3_ directives.

  • A mechanism for smoothly bringing the proxied server online after a failure using the slow_start option of the server directive in the upstream block.

  • mqtt_preread directive in the stream module, which allows extracting the username and client ID from the CONNECT packet of the MQTT protocol into the $mqtt_preread_username and $mqtt_preread_clientid variables.

  • Limiting the response rate of MP4 files transmission to the client proportionally to the bitrate using the mp4_limit_rate and mp4_limit_rate_after directives, which reduces the bandwidth load.

  • All functionality of nginx 1.25.3.

Bugfixes#

  • If a proxied server was the only one in a group, it could be incorrectly reported as unavailable in the metrics API even after recovery.

Packages#

18.12.2023

25.12.2023

22.01.2024


Angie 1.3.2#

Release date: 23.11.2023.

Bugfixes#

  • possible incorrect values of metrics in Prometheus output that used variables other than $p8s_value for their values; in practice the issue could occur with angie_http_upstreams_peers_state and angie_stream_upstreams_peers_state from the standard prometheus_all.conf template.

  • some connection attempts to upstream servers might not have been properly accounted for in the statistics API if they failed immediately; the bug had appeared in 1.3.0.

Packages#

04.12.2023

07.12.2023


Angie 1.3.1#

Release date: 18.10.2023.

Security#

  • Added extra limitations to HTTP/2 stream handling for better protection against the DoS attack known as "HTTP/2 Rapid Reset" (CVE-2023-44487).

Packages#

26.10.2023

13.11.2023


Angie 1.3.0#

Release date: 19.09.2023.

Features#

  • Ability to specify multiple match patterns in the location directive, which allows to combine several location blocks with similar settings and therefore simplify configuration by reducing duplication.

  • Export of varied statistics metrics in Prometheus format with flexible template configuration using the new prometheus and prometheus_template directives.

  • Detailed information and metrics for groups of stream upstream servers in the statistics interface provided by the api directive.

  • The resolve option of the server directive in the stream module's upstream block that allows to monitor changes to the list of IP addresses corresponding to a domain name, and automatically update it without the need of reloading configuration.

  • The service option of the server directive in the stream module's upstream block that allows to retrieve lists of addresses from DNS SRV records, with basic priority support.

  • Access to the contents of configuration files used by the current generation of worker processes via the interface provided by the api directive with the api_config_files directive enabled.

  • Display of the configuration generation number in process titles, which allows to monitor the success of configuration reloads and the number of previous worker process generations using the ps utility.

  • All functionality of nginx 1.25.2.

Bugfix#

  • Compilation failed when ./configure options --without-http_upstream_zone_module or --without-stream_upstream_zone_module were used; the bug had appeared in 1.2.0.

Changes#

  • Now appname angie is used when loading the OpenSSL configuration.

Packages#


Angie 1.2.0#

Release date: 30.05.2023.

Features#

  • The sticky directive and related options in the HTTP module's upstream block that allow to configure sticky sessions mode, where all requests of the session are routed to the same server.

  • The $upstream_sticky_status variable that takes either NEW, HIT or MISS values depending on success of requesting related upstream server with sticky sessions enabled.

  • Support for NTLS in the HTTP modules when using the TongSuo TLS library; the support can be enabled via the ‑‑with‑ntls build time option and configured with the corresponding ssl_ntls and proxy_ssl_ntls directives.

  • In the HTTP proxy modules, the ability to specify multiple certificates with different types (RSA and ECDSA) and corresponding keys using the proxy_ssl_certificate and proxy_ssl_certificate_key directives.

  • Display of version and build name in the master process title, which allows to get this information about a running server instance using the ps utility.

  • The gzip module's ability to compress "207 Multi-Status" responses. Thanks to DBotThePony.

  • All functionality of nginx 1.25.0, including HTTP/3 support.

Packages#

13.06.2023

12.07.2023

28.07.2023

18.08.2023


Angie 1.1.0#

Release date: 24.01.2023.

Features#

  • The resolve option of the server directive in the HTTP module's upstream block that allows to monitor changes to the list of IP addresses corresponding to a domain name, and automatically update it without the need of reloading configuration.

  • The service option of the server directive in the HTTP module's upstream block that allows to retrieve lists of addresses from DNS SRV records, with basic priority support.

  • Detailed information and metrics for the groups of HTTP upstream servers in the statistics interface provided by the api directive.

  • autoindex uses natural sorting order for directory listings.

  • All functionality of nginx 1.23.3.

Bugfix#

  • Compilation failed due to false warning when using GCC 9 or older with the -O2 or higher optimization.

Packages#

15.03.2023

07.04.2023

  • Added packages for ALT Linux.

11.05.2023

26.05.2023

  • Added packages for Astra Linux Special Edition.


2022#

Angie 1.0.0#

Release date: 27.10.2022.

Features#

  • The api directive that provides HTTP RESTful interface for accessing in JSON format basic information about a web server instance, as well as metrics of client connections, shared memory zones, DNS queries, HTTP requests, HTTP responses cache, TCP/UDP sessions of stream module, and zones of limit_conn/limit_req modules.

  • The status_zone directive in HTTP module for specifying zone to collect request metrics in server and location contexts.

  • The status_zone directive in stream module for specifying zone to collect TCP/UDP session metrics.

  • The status_zone parameter of the resolver directive for specifying zone to collect metrics on DNS queries.

  • The $angie_version variable with version of Angie.

  • All functionality of nginx 1.23.2.