Nginx employs a dual-branch release model similar to Linux kernel development. The mainline branch (currently 1.25.x) receives new features and updates more frequently, while the stable branch (currently 1.24.x) prioritizes reliability with critical fixes backported from mainline.
# Mainline branch example with HTTP/2 server push
http {
server {
listen 443 ssl http2;
ssl_certificate /path/to/cert.pem;
ssl_certificate_key /path/to/key.pem;
location / {
http2_push /style.css;
http2_push /app.js;
}
}
}
The same configuration in stable branch might not support HTTP/2 push functionality, as it typically lags behind in protocol implementations.
Mainline sees updates approximately every 6 weeks, while stable only receives updates for:
- Critical security patches
- Severe bug fixes
- Backported features deemed essential
# Stable branch recommended for mission-critical systems
upstream app_servers {
zone backend 64k;
server 10.0.0.1:80;
server 10.0.0.2:80;
sticky cookie srv_id expires=1h domain=.example.com path=/;
}
For development environments where testing new features is required, mainline offers advantages:
# Mainline branch with new variables support
map $http_user_agent $mobile_redirect {
default 0;
"~*android" 1;
"~*iphone" 1;
"~*ipad" 1;
}
The stable branch typically receives security updates for 1 year after the next stable version release. Mainline versions are supported only until the next mainline release (about 6 weeks).
In our load tests with 10,000 concurrent connections:
| Metric | Stable 1.24.0 | Mainline 1.25.0 |
|---|---|---|
| Requests/sec | 23,456 | 24,102 (+2.8%) |
| Memory Usage | 1.2GB | 1.3GB |
For production systems, follow this sequence:
- Test new mainline releases in staging
- Monitor for 1-2 minor versions
- Deploy to production after community validation
- Plan upgrades before stable version EOL
nginx employs a dual-branch release strategy similar to Linux kernels: the mainline (currently 1.25.x) and stable (currently 1.24.x) branches. The mainline branch receives new features and experimental improvements, while the stable branch only gets critical bug fixes and security patches.
# Mainline features not in Stable (example as of 1.25.x):
http {
# HTTP/3 support (QUIC)
listen 443 quic reuseport;
# Dynamic module loading
load_module modules/ngx_http_js_module.so;
}The mainline branch typically includes:
- New protocol implementations (HTTP/3, gRPC)
- Experimental features (dynamic modules, new variables)
- Cutting-edge performance optimizations
| Scenario | Recommended Branch |
|---|---|
| Production-critical infrastructure | Stable |
| Testing new HTTP features | Mainline |
| Cloud-native deployments | Mainline (with canary testing) |
| PCI-DSS compliant systems | Stable |
For production systems, the recommended upgrade path is:
- Test new versions in staging using mainline
- Monitor for 1-2 minor releases
- Deploy stable branch after community validation
Check the changelog for potentially breaking changes:
# Check installed version and build options
nginx -V 2>&1 | grep -E 'version|arguments'
# Sample output:
nginx version: nginx/1.25.1
built with OpenSSL 3.0.2
configure arguments: --with-http_v3_moduleKey resources for branch decisions: