[ANN] OpenResty released

Yichun Zhang (agentzh) agentzh at gmail.com
Thu Aug 25 22:04:40 UTC 2016

Hi folks,

I am excited to announce the new formal release,, of the
OpenResty web platform based on NGINX and LuaJIT:


Both the (portable) source code distribution and the Win32 binary
distribution are provided on this Download page.

Also, we now provide official pre-built packages and repositories for
CentOS, RHEL, and Fedora. Support for other Linux distributions will
come in the near future (contributors welcome!):



The highlights of this release are:

1. New NGINX 1.11.2 core.

2. The official Lua 5.1 reference manual and LuaJIT 2 documentation
have been added to the restydoc documentation index.

3. New ssl_session_fetch_by_lua* and ssl_session_store_by_lua*
directives for doing (distributed) nonblocking caching of SSL session
data by SSL session IDs for downstream SSL handshakes performed for
https requests:


4. New Lua API for manipulating user-defined shm-based queues or lists
in lua_shared_dict:


5. New Lua API in ngx.balancer for setting per-session timeout
threshold values for upstream communications in the context of


6. Better HTTP/2 support in ngx_lua and other OpenResty components.

The complete change log since the last (formal) release,

 *   upgraded the Nginx core to 1.11.2.

     *   see the changes here: http://nginx.org/en/CHANGES

 *   feature: bundled the sess_set_get_cb_yield patch for OpenSSL to
     support the ssl_session_fetch_by_lua* directives of ngx_lua.

 *   win32: we now use pcre 8.39 and openssl 1.0.2h in our official

 *   feature: applied the "ssl_pending_session.patch" to the nginx
     core to support the ssl_session_fetch_by_lua* and
     ssl_session_store_by_lua* in ngx_lua.

 *   feature: added "<openresty-prefix>/site/lualib/" to the default
     Lua module search paths used by OpenResty. This location is for
     3rd-party Lua modules so that the users will not pollute the
     "<openresty-prefix>/lualib/" directory with non-standard Lua
     module files.

 *   feature: now we create the "<openresty-prefix>/bin/openresty"
     symlink which points to "<openresty-prefix>/nginx/sbin/nginx" to
     avoid polluting the "PATH" environment with the name "nginx".

 *   feature: added the "upstream_timeout_fields" patch to the nginx
     core to allow efficient per-request connect/send/read timeout
     settings for individual upstream requests and retries.

 *   feature: added the official LuaJIT documentation from LuaJIT 2.1
     to our "restydoc" indexes.

 *   feature: added the Lua 5.1 reference manual from lua 5.1.5 to
     our restydoc indexes.

 *   bugfix: special characters like spaces in nginx configure option
     values (like "--with-pcre-opt" and "--with-openssl-opt") were
     not passed correctly. thanks Andreas Lubbe for the report.

 *   change: now we use our own version of default "index.html" and
     "50x.html" pages.

 *   upgraded ngx_lua to 0.10.6.

     *   feature: added new shdict methods: lpush, lpop, rpush, rpop,
         llen for manipulating list-typed values. these methods can
         be used in the same way as the redis commands of the same
         names. Essentially we now have shared memory based queues
         now. each queue is indexed by a key. thanks Dejiang Zhu for
         the patch.

     *   feature: implemented ssl_session_fetch_by_lua* and
         ssl_session_store_by_lua* configuration directives for doing
         (distributed) caching of SSL sessions (via SSL session IDs)
         for downstream connections. thanks Zi Lin for the patches.

     *   feature: added pure C API for setting upstream request
         connect/send/read timeouts in balancer_by_lua* on a per
         session basis. thanks Jianhao Dai for the original patch.

     *   feature: ssl: add FFI functions to parse certs and private
         keys to cdata. With the current FFI functions the
         certificate chain and the private key are parsed from DER
         every time they are set into the SSL state. Now we can cache
         the parsed certs and private keys as cdata objects directly.
         These new functions make it possible to avoid the DER ->
         OpenSSL parsing. Thanks Alessandro Ghedini for the patch.

     *   feature: shdict:incr(): added the optional "init" argument
         to allow intializing nonexistent keys with an initial value.

     *   feature: allow tcpsock:setkeepalive() to receive nil args.
         thanks Thibault Charbonnier for the patch.

     *   bugfix: *_by_lua_file: did not support absolute file paths
         on non-UNIX systems like Win32. thanks Someguynamedpie for
         the report and the original patch.

     *   bugfix: fake connections did not carry a proper connection
         number. thanks Piotr Sikora for the patch.

     *   bugfix: "lua_check_client_abort on" broke HTTP/2 requests.

     *   bugfix: "ngx_http_lua_ffi_ssl_create_ocsp_request": we did
         not clear the openssl stack errors in the right place.

     *   bugfix: ngx.sha1_bin() was always disabled with nginx
         1.11.2+ due to incompatible changes in nginx 1.11.2+. thanks
         manwe for the report.

     *   bugfix: segfaults might happen when calling ngx.log() in
         ssl_certificate_by_lua* and error_log was configured with
         syslog. thanks Jonathan Serafini and Greg Karékinian for the

     *   bugfix: fixed a typo in the error handling of the
         "SSL_get_ex_new_index()" call for our ssl ctx index. thanks
         Jie Chen for the report.

     *   bugfix: when the nginx core does not properly initialize
         "r->headers_in.headers" (due to 400 bad requests and etc),
         ngx.req.set_header() and ngx.req.clear_header() might lead
         to crashes. thanks Marcin Teodorczyk for the report.

     *   bugfix: fixed crashes in ngx.req.raw_header() for HTTP/2
         requests. now we always throw out a Lua exception in
         ngx.req.raw_header() when being called in HTTP/2 requests.

     *   bugfix: specifying the C macro "NGX_LUA_NO_FFI_API" broke
         the build. thanks jsopenrb for the report.

     *   doc: ngx.worker.count() is available in the
         init_worker_by_lua* context.

     *   doc: documented that ngx.req.raw_header() does not work in
         HTTP/2 requests.

     *   doc: typo fixes from Otto Kekäläinen and Nick Galbreath.

 *   upgraded lua-resty-core to 0.1.8.

     *   updated the "resty.core.shdict" Lua module to reflect the
         recent addition of list-typed shdict values in ngx_lua.

     *   feature: shdict:incr(): added the optional "init" argument
         to allow intializing nonexistent keys with an initial value.

     *   feature: added the ngx.ssl.session module for the contexts
         ssl_session_fetch_by_lua* and ssl_session_store_by_lua*.
         thanks Zi Lin for the patches.

     *   feature: ngx.balancer: added new API functions
         set_timeouts() for setting per-session connect/send/read
         timeouts for the current upstream request and subsequent
         retries. thanks Jianhao Dai for the patch.

     *   feature: ngx.ssl: add new API functions parse_pem_cert(),
         parse_pem_priv_key(), set_cert(), and set_priv_key(). thanks
         Alessandro Ghedini for the patch.

 *   upgraded lua-resty-dns to 0.17.

     *   feature: now we support parsing answer records in all the
         answer sections ("AN", "NS", and "AR"). thanks Zekai Zheng
         for the patch.

     *   optimize: commented out 3 lines of useless Lua code in

 *   upgraded lua-resty-redis to 0.25.

     *   feature: now this module automatically generate Lua methods
         for *any* Redis commands the caller attempts to use. The
         lazily generated Lua methods are cached in the Lua module
         table for faster subsequent uses. In theory, any Redis
         commands in existing Redis or even future Redis servers can
         work out of the box. thanks spacewander for the patch.

 *   upgraded ngx_lua_upstream to 0.06.

     *   feature: added upstream.current_upstream_name() to return
         the proxy target used in the current request. thanks Justin
         Li for the patch.

     *   minor Lua table initialization optimizations from Scott

 *   upgraded resty-cli to 0.13.

     *   bugfix: restydoc: pod2man from older perl versions (like
         5.8) does not support "-u" option. we should be smarter

     *   bugfix: when resty/restydoc/restydoc-index were invoked
         through symlinks, they might fail to locate the nginx
         executable of openresty.

     *   bugfix: POD errors might get displayed in pod2man with older
         versions of perl (like perl 5.20.2). thanks Dominic for the

     *   bugfix: pod2man might abort with a "Can't open file" error
         with perl 5.24+.

     *   bugfix: restydoc-index: improved the seciton name
         normalization for the documentation indexes.

 *   upgraded ngx_echo to 0.60.

     *   bugfix: fixed compilation failures when specifying the C
         compiler option "-DDDEBUG=2". thanks amdei for the report.

     *   bugfix: fixed crashes in $echo_client_request_headers for
         HTTP/2 requests. thanks dilyanpalauzov for the report. Now
         $echo_client_request_headers always evaluates to an empty
         value (not found) in HTTP/2 requests.

     *   doc: make it clearer when to use the "--" form.

 *   upgraded ngx_headers_more to 0.31.

     *   bugfix: when the nginx core does not properly initialize
         "r->headers_in.headers" (due to 400 bad requests and etc),
         more_set_input_headers might lead to crashes. thanks Marcin
         Teodorczyk for the report.

     *   bugfix: fixed a typo in an error message. thanks Albert
         Strasheim for the patch.

 *   upgraded ngx_set_misc to 0.31.

     *   bugfix: the set_sha1 directive is always disabled when
         working with nginx 1.11.2+ due to recent changes in the new
         nginx cores.

 *   upgraded ngx_encrypted_session to 0.06.

     *   doc: we do require ngx_http_ssl_module to work properly.

The HTML version of the change log with lots of helpful hyper-links
can be browsed here:


OpenResty is a full-fledged web platform
by bundling the standard Nginx core, Lua/LuaJIT, lots of
3rd-party Nginx modules and Lua libraries, as well as most of their external
dependencies. See OpenResty's homepage for details:


We have run extensive testing on our Amazon EC2 test cluster and
ensured that all the components (including the Nginx core) play well
together. The latest test report can always be found here:


Have fun!

More information about the nginx mailing list