OpenResty Edge™ Changelog
Admin, Log Server, Node
1.3.0
bugfix
Fix the problem that the pagination of expired certificates is invalid.bugfix
Fixed bad condition of auto renew cert for application.change
FE: update texts on Global change log page and rename it to Audit Log, also add Audit log table on the application’s release page.bugfix
Fix the problem that global lua module can not be updated.change
FE: global error log page: filter nodes after selecting a gateway.bugfix
Fix DNS runtime error when dns query for invalid domain.change
FE: adjust editor height for Lua module and Lua extension.bugfix
Fix an error in matching the IP address of X-Forwarded-For request header.change
Rest api search_by_name support k8s upstreams.change
FE: lmdb backup page show processing nodes and adjust some wordings.change
FE: upgrade components to update the functions hints for EdgeLang editor.bugfix
Fix the problem of failure of adding gateway cluster conditions to global rewrite rules and global custom actions.bugfix
Fix failure to find pending apps after gray release.bugfix
Fix Append-proxy-header-value action submit with validation errors.feature
Custom certificate issuers can show account information.feature
Add 'IP-address-match' operator to X-Forwarded-For.feature
Support LMDB backup for edge nodes.feature
Recompile tool: Support for parallel compilation of all HTTP/HTTPS applications.bugfix
Add concurrent locks for application publish/rollback operations to avoid unexpected changes caused by concurrent operations.bugfix
Should finally retry the local machine When enabling gateway cluster level cache sharing and all cluster nodes failed.feature
Support for cleaning dynamic metrics data.feature
Support to config k8s upstream in application and global.feature
Added release log to global configuration.bugfix
Fix the problem of missing configuration in application release log description.change
Changes to k8s upstream do not affect release.bugfix
The "Rewrite Proxy URI Prefix" action does not encode the URI and may not be recognized upstream.change
Need to delete load SSL certificate by IP addresses and load application by IP addresses configuration before deleting applications.feature
Support ECC for ACME (i.e. Let’s encrypt).change
Skip domain match checking for default application.change
Apply pan-domain semantic change, multi-level domain matching is no longer supported. For example, *.foo.com will only match a.foo.com and not a.b.foo.com.bugfix
Fixing a mismatch in the results of searching for upstream names.bugfix
Fix creating app with proxy to global upstream but not creating rule automatically.change
k8s background threads add support for dual admin and grayscale admin.feature
Add sidebar on applications’s config page like in global config page.feature
Added two builtin dymetrics: Request count and Request flow.optimize
improvement: move the is_gray flag from gateway cluster level to gateway node level.Make it easier to change one gateway node to gray/main.feature
The request rate limit supports the use of HTTP request headers as key.bugfix
Fixed failure when uploading certificate by SDK / edge-cli.bugfix
value of check_script field of the keepalived configuration should be full-path.bugfix
Remove the second useless balancer when the interface is reduced to 1 upstream.change
Added operator ip match to first-x-forwarded-addr and last-x-forwarded-addr.optimize
Reduced configuration synchronization latency.bugfix
k8s rest api data return format is not standardized.feature
Added IP-List for application level.bugfix
Added upstream recursive detection to prevent dead loops caused by it.bugfix
Fix to prevent unnecessary requests with undefined params when routing back to application list page.change
Convert toggle button with negation meaning labels to be affirmative.bugfix
Fix DNS record validation wrong on the web page.bugfix
A later defer resp-body under the same application will overwrite the previous one.bugfix
Log Server down cause incorrect sync status display.change
K8s upstream adds support for binding multiple k8s services.bugfix
When multiple k8s clusters are configured, monitoring one k8s cluster will use the other k8s cluster configuration.bugfix
The offline http application will no longer automatically renew the certificate issued by ACME.change
Change the way package_created_time is fetched.feature
Show world map for DNS A/AAAA records.change
Show offline status of application.feature
Support for ngx2edge tools.feature
Show blog articles in tab Help.bugfix
Fix search and select component error.bugfix
When updating the manually uploaded SSL certificate, the certificate also needs to be verified.feature
Support for the Brotli compression of responses.feature
Support for purge cached resources in mlcache based on prefixes (for scenarios with custom use of mlcache Lua modules).bugfix
Fix HTTP response body match error in health check.feature
Support proxy protocol in tcp and tls applications.bugfix
Handling of IPv6 errors in address matching.bugfix
Fixed the bug when matching multiple IP lists in whitelist mode.optimize
Optimized database writes for health checks and upstream metrics.feature
Remind user to refresh current page when new admin version is available.bugfix
Fixed the problem that tag of gateway cluster not shown.change
Add new filters operation, user and keyword to global changelog page.change
Added column response status to app waf logs page.feature
New hit rule statistics chart in WAF log page.feature
Support batch delete.feature
Add new action enable basic authentication, support creating global basic auth accounts and application basic auth accounts.1.1.0
bugfix
when multiple k8s clusters are configured, monitoring one k8s cluster will use the other k8s cluster configuration.change
when the internal k8s service is updated, the call to its own interface does not need to verify ssl.change
internal k8s service updates using https.change
internal k8s service update using port 443bugfix
page rule conditions caseless option does not work.bugfix
fix nginx.conf template error.change
add admin_api_port config in ini.bugfix
fix bug of whitelist mode for ip-list.bugfix
the global changelog path is not decoded.bugfix
the global change log does not use the UTC time zone.feature
support search global change log.bugfix
gateway cluster healthcheck template rendering error.change
licensing method changes, support offline licensing.feature
support user to upload their custom IP database by uploading csv file.optimize
all filled domain names are automatically converted to lowercase.optimize
k8s watch thread reset every 10 minutes.1.0.1
feature
support for creating global IP lists and matching IP addresses with IP lists by name.feature
add intercept actions to the limit request rate action.bugfix
fix the problem of wrong time unit of dns health check request timeout.change
enable ffi in global lua module.feature
add new action: user-agent-is-mobile.bugfix
fix the problem of default binding port 80 when there is no http application.bugfix
fix the problem that hcaptcha cache time cannot be modified.change
page rule: Support multiple WAF rules take effect at the same time instead the overwriting the old WAF rule.feature
support qqzeng IP database.bugfix
fixed debug level waf rules that will cause other rules to fail to hit.feature
support always_check option in the global upstreams health check.feature
the upstream health check adds PostgreSQL and MySQL check types.feature
the upstream health check supports determining whether the content of the response body contains the specified string.feature
support enable gateway node health checker.change
only used the backup upstream when all upstream is retied or marked down by health check.feature
dns banding to k8s cluster.feature
support global dynamic metrics.feature
support Lua extensions for admin.feature
support application dynamic metrics.feature
support two edge-admin server at the same time, for high availability.0.4.2
feature
gateway binding to k8s cluster, so as to support edge-node auto approve from k8s cluster.change
remove the trusted_client and trusted_uid configurations.optimize
improved the performance of edge node, the QPS increased 26% in the simple proxy case.optimize
add blacklist to global lua module and custom share zone.change
split http and stream applications.bugfix
fix the issue of global action modification triggering node binary upgrade.feature
upstream binding to service of k8s cluster.optimize
limit the frequency of repeated error messages, w hen sending queue is full, each worker print one log entry every 30 seconds at most.feature
support calling third-party module from a third-party module.feature
support SRV type records in DNS application.feature
add lua-resty-mlcache library to openresty-plus.optimize
limit the request rate to the configuration update API to avoid multiple nodes doing whole synchronise at the same time.feature
add support to specifying customise certificate issuer, with EAB support for ACME services.feature
support decoded_proxy_authorization variable in the http forward proxy access log.feature
collect more upstream metrics (such as http status codes).feature
support per Application configurations of: client-max-body-size, proxy-cache-revalidate, proxy-cache-use-stale, gateway-gzip and enable-websocket.optimize
fix the problem that the some pages cannot be loaded when log-server crashes.optimize
support filtering error logs by time range.optimize
optimise the concurrency control of health check, fixed “timer is not enough” error when there are many upstreams with health check enabled.bugfix
do not report health check results repeatedly.feature
add WAF rules in v3.3feature
add new action sorted-query-string to EdgeLang.feature
sticky Cookie support.change
move entrance of licences page from Gateway Cluster to the upper left corner besides logo in home page.change
rearrange main navigation menu.feature
support displaying source code for WAF rule sets.bugfix
fix a failure case when manual uploading application level certificates: when application is wildcard domain and the certificate is non-wildcard domain will cause the failure.feature
add the API for certbot plug-in.bugfix
support binding local ipv6 address.optimize
log up to 3 entries when no IP database token is provided.change
apply pan-domain semantic change, multi-level domain matching is no longer supported. For example, -.foo.com will only match a.foo.com and not a.b.foo.com. (It is still compatible for the current version, but will be deprecated and removed in future versions.).optimize
optimize most of the GET interfaces. It takes only 100ms now instead of original 1.2 seconds for some interfaces.optimize
optimise Application list loading time, the interface time is reduced by about 900ms.change
switch to TimescaleDB for log server database (need to install TimescaleDB extension).bugfix
after DNS health check failed, the resolution result list will not returning failed IPs.feature
keepalived integration, support high-availability on IP layer.feature
support binding local IP.feature
support binding local IP when forwarding.feature
support node level enabling QAT.bugfix
fix the 500 response code issue when uploading certificate.feature
DNS health check support enabling and configuring ports within independent record.bugfix
forward proxy support multiple ports.bugfix
fix incorrect remote address in user session on Admin.feature
EdgeLang source code viewing support of hitting WAF rules in WAF log page.feature
pick and disable WAF rule WAF ruleset under WAF log page.feature
DNS records management support in the application page.feature
support upstream health check for TCP/TLS applications.feature
return details of failed upstream health check.optimize
optimize EdgeLang compilation speed.1.3.0
变更
前端:全局变更日志页面文案并改名为审计日志,在应用发布页面新增审计日志。修复
修复 global lua module 不能更新的问题。变更
前端:全局错误日志页面改为先筛选集群再筛选节点。变更
前端:调整 Lua 模块及 Lua 插件编辑器高度。修复
修复 X-Forwarded-For 请求头 IP 地址匹配出错的问题。变更
search_by_name 的接口支持搜索 k8s 上游。变更
前端:备份功能显示正在处理的节点以及调整页面文案。变更
前端:升级组件以更新 EdgeLang 编辑器提示。修复
修复全局改写规则和全局自定义动作添加网关集群条件失败的问题。修复
修复 Append-proxy-header-value 动作无法提交的问题。新增
X-Forwarded-For 增加 IP 地址匹配的操作符。新增
重新编译脚本支持并行编译所有的 HTTP/HTTPS 应用。修复
增加应用发布/回滚操作的并发锁,避免并发操作带来的配置错误。修复
开启网关集群级别的共享缓存时,如果所有节点都失败,应该最后重试一下本机。新增
页面支持分别配置应用内 k8s 上游及全局 k8s 上游。修复
"重写代理URI前缀"动作没有对 URI 进行编码,可能导致上游不识别。变更
删除应用前需要先删除 Load SSL certificate by IP addresses 和 Load application by IP addresses 配置。新增
为 Let’s Encrypt 和 ACME 新增 ECC 证书支持。变更
应用泛域名语义变更,不再支持多级域名的匹配。比如 *.foo.com 只会匹配 a.foo.com 而不会匹配 a.b.foo.com.。修复
前端修复创建新应用时选择全局上游作为 proxy 上游时未自动创建页面规则。变更
k8s 后台线程添加双 admin 和灰度admin的支持。优化
node 灰度标识从网关集群级别,改为网关节点级别方便切换 node 节点是否灰度的标识。新增
请求速率限制支持使用 HTTP 请求头作为 key。修复
修复使用 SDK 或 edge-cli 无法上传证书的 BUG。修复
keepalived 配置文件中 check_script 字段应该为全路径。修复
当界面上删减至 1 个上游时,去除第二个没用的 balancer。新增
变量 first-x-forwarded-addr 和 last-x-forwarded-addr 支持操作符 IP 匹配以及 IP 不匹配。修复
k8s rest api 数据返回格式不规范。修复
新增了递归上游的检测选项,防止出现由此造成的死循环。变更
修改所有否定意思文案的开关选项为肯定,使之更易理解。修复
同一个应用下后面的 defer resp-body 会覆盖前面的 defer resp-body。修复
Log Server 下线导致节点同步状态无法整成显示的问题。修复
已下线的 http 应用不应再自动更新 ACME 证书。变更
修改 package_created_time 的获取方式。新增
DNS 页面显示 A/AAAA 记录的地图展示。变更
在应用编辑页面顶部显示 offline 状态。修复
手动上传 SSL 证书更新时,也需要对上传的证书进行校验。新增
支持根据前缀清理 mlcache 中的缓存资源(适用于有自定义使用 mlcache Lua 模块的场景)。修复
修复 HTTP 健康检查响应体匹配报错的问题。新增
tcp和tls应用支持proxy protocol。修复
修复了多个 IP 列表白名单匹配时的 BUG。变更
增加全局变更日志的筛选条件 操作, 用户 以及日志关键字。新增
新加动作 启用 Basic 认证, 支持创建全局 Basic 认证账号和应用级别 Basic 认证账号。1.1.0
修复
当配置了多个k8s集群的时候,监控某个k8s集群会使用其他的k8s集群配置。变更
内部k8s服务更新的时候,调用自身的接口不需要验证ssl。变更
在ini中增加admin_api_port配置。新增
支持用户通过上传 csv 文件使用自定义的 IP 数据库。1.0.1
新增
支持创建全局 IP 列表,并支持 IP 地址与指定名称 IP 列表进行匹配。新增
给limit request rate动作增加拦截动作。新增
新增user-agent-is-mobile动作。修复
修复没有http应用时默认绑定80端口的问题。变更
页面规则内多个 WAF 规则会同时生效,原来是后面的 WAF 规则会覆盖前面的 WAF 规则。新增
IP 地理信息数据库支持 qqzeng 数据库。修复
修复 debug 级别的 waf 规则会导致其他规则无法命中问题。新增
上游健康检查新增 PostgreSQL 和 MySQL 检查类型。新增
上游健康检查支持判断响应体内容是否包含指定字符串。变更
备份上游重试顺序调整:当所有的上游节点全部都失败(健康检查失败,或者当前请求尝试过了)才会重试备份上游。新增
支持同时部署并启用两个 admin server 服务,提高 admin 的可用性。0.4.2
新增
gateway绑定到k8s集群,以便自动批准k8s集群中的edge-node。变更
去掉 trusted_client 和 trusted_uid 的配置。优化
优化 edge node 性能,简单反向代理场景 QPS 可以提升 26%。优化
给global-lua-module和custom share zone增加黑名单。修复
修复全局动作修改触发节点 binary upgrade 的问题。优化
限制重复错误消息频率,当 send queue 满了的时候,每个 worker 最多每 30 秒打印一条日志。新增
openresty-plus新增lua-resty-mlcache库。优化
限制配置同步接口的请求频率,防止多台 node 节点同时全量同步导致 admin 节点无法服务。新增
支持指定自定义证书签发商,新增了对 ACME 服务的 EAB 的支持。新增
http 正向代理访问日志支持decoded_proxy_authorization。新增
支持在应用里配置 client-max-body-size,proxy-cache-revalidate,proxy-cache-use-stale,gateway-gzip 和 enable-websocket。优化
优化log-server崩溃后,前端页面不能加载的问题。优化
如果健康检查的上游太多,可能会报 timer 不够的错误;优化了并发控制。新增
EdgeLang 新增动作 sorted-query-string。变更
许可证入口位置从网管集群下移至主页面左上角logo旁。修复
应用级别证书手动上传证书校验:当应用为泛域名时,上传的非泛域名证书会校验失败的 BUG。优化
如果ip database没有token,最多记录3条日志。变更
应用泛域名语义变更,不再支持多级域名的匹配。比如 -.foo.com 只会匹配 a.foo.com 而不会匹配 a.b.foo.com. (当前版本还保持兼容,但是未来版本会移除。)。优化
优化大部分的 Get 接口,实测原来 1.2 秒的接口现在只需要 100 ms。优化
优化应用列表的加载时间,接口耗时减少 900ms 左右。变更
log server 切换时序库,需要安装时序库扩展,切换和归档方案看李庚 wiki。wiki链接。修复
DNS 健康检查失败之后,解析结果列表中依然会返回失败 IP。新增
keepalived 集成,支持 IP 层的高可用。新增
dns健康检查支持每条记录单独开启和配置端口。修复
admin上用户session远程地址不对的问题。新增
WAF 日志页面支持查看命中 WAF 规则的 edgelang 源码。新增
WAF 日志页面支持禁用 WAF 规则集内的规则。Python SDK
1.2.24
change
The put_app supports setting the status of application.1.2.23
change
The Cache part of the page rule supports more configuration options.1.2.22
1.2.20
bugfix
the interface of search_upstream_by_ip, search_upstream_by_name, search_http_app_by_keyword, the page_size parameter does not work.1.2.19
1.2.17
change
The proxy parameter of put_rule supports to use the data format returned by the get interface.1.2.16
feature
Add interface to get version information get_version.1.2.15
change
Removed get_all_global_user_ids interface.1.2.24
1.2.23
1.2.22
1.2.20
修复
search_upstream_by_ip, search_upstream_by_name, search_http_app_by_keyword的page_size参数不起作用。1.2.19
1.2.17
变更
put_rule 接口的 proxy 参数支持直接使用 get 接口返回的数据格式。1.2.16
1.2.15
变更
删除 get_all_global_user_ids 接口。