Mercurial > hg > nginx-site
comparison xml/en/docs/http/ngx_http_proxy_module.xml @ 1166:1d299c6f7c49
The new directives "proxy_ssl_verify" and "proxy_ssl_server_name".
The following supporting directives are also documented: "proxy_ssl_name",
"proxy_ssl_trusted_certificate", "proxy_ssl_crl", and "proxy_ssl_verify_depth".
| author | Ruslan Ermilov <ru@nginx.com> |
|---|---|
| date | Thu, 24 Apr 2014 09:10:31 +0400 |
| parents | 07402a11fd8d |
| children | f25d00109de0 |
comparison
equal
deleted
inserted
replaced
| 1165:0a441212ef0f | 1166:1d299c6f7c49 |
|---|---|
| 8 <!DOCTYPE module SYSTEM "../../../../dtd/module.dtd"> | 8 <!DOCTYPE module SYSTEM "../../../../dtd/module.dtd"> |
| 9 | 9 |
| 10 <module name="Module ngx_http_proxy_module" | 10 <module name="Module ngx_http_proxy_module" |
| 11 link="/en/docs/http/ngx_http_proxy_module.html" | 11 link="/en/docs/http/ngx_http_proxy_module.html" |
| 12 lang="en" | 12 lang="en" |
| 13 rev="18"> | 13 rev="19"> |
| 14 | 14 |
| 15 <section id="summary"> | 15 <section id="summary"> |
| 16 | 16 |
| 17 <para> | 17 <para> |
| 18 The <literal>ngx_http_proxy_module</literal> module allows passing | 18 The <literal>ngx_http_proxy_module</literal> module allows passing |
| 1450 </para> | 1450 </para> |
| 1451 | 1451 |
| 1452 </directive> | 1452 </directive> |
| 1453 | 1453 |
| 1454 | 1454 |
| 1455 <directive name="proxy_ssl_crl"> | |
| 1456 <syntax><value>file</value></syntax> | |
| 1457 <default/> | |
| 1458 <context>http</context> | |
| 1459 <context>server</context> | |
| 1460 <context>location</context> | |
| 1461 <appeared-in>1.7.0</appeared-in> | |
| 1462 | |
| 1463 <para> | |
| 1464 Specifies a <value>file</value> with revoked certificates (CRL) | |
| 1465 in the PEM format used to <link id="proxy_ssl_verify">verify</link> | |
| 1466 the certificate of the proxied HTTPS server. | |
| 1467 </para> | |
| 1468 | |
| 1469 </directive> | |
| 1470 | |
| 1471 | |
| 1472 <directive name="proxy_ssl_name"> | |
| 1473 <syntax><value>name</value></syntax> | |
| 1474 <default>$proxy_host</default> | |
| 1475 <context>http</context> | |
| 1476 <context>server</context> | |
| 1477 <context>location</context> | |
| 1478 <appeared-in>1.7.0</appeared-in> | |
| 1479 | |
| 1480 <para> | |
| 1481 Allows to override the server name used to | |
| 1482 <link id="proxy_ssl_verify">verify</link> | |
| 1483 the certificate of the proxied HTTPS server and to be | |
| 1484 <link id="proxy_ssl_server_name">passed through SNI</link> | |
| 1485 when establishing a connection with the proxied HTTPS server. | |
| 1486 </para> | |
| 1487 | |
| 1488 <para> | |
| 1489 By default, the host part of the <link id="proxy_pass"/> URL is used. | |
| 1490 </para> | |
| 1491 | |
| 1492 </directive> | |
| 1493 | |
| 1494 | |
| 1495 <directive name="proxy_ssl_server_name"> | |
| 1496 <syntax><literal>on</literal> | <literal>off</literal></syntax> | |
| 1497 <default>off</default> | |
| 1498 <context>http</context> | |
| 1499 <context>server</context> | |
| 1500 <context>location</context> | |
| 1501 <appeared-in>1.7.0</appeared-in> | |
| 1502 | |
| 1503 <para> | |
| 1504 Enables or disables passing of the server name through | |
| 1505 <link url="http://en.wikipedia.org/wiki/Server_Name_Indication">TLS | |
| 1506 Server Name Indication extension</link> (SNI, RFC 6066) | |
| 1507 when establishing a connection with the proxied HTTPS server. | |
| 1508 </para> | |
| 1509 | |
| 1510 </directive> | |
| 1511 | |
| 1512 | |
| 1455 <directive name="proxy_ssl_session_reuse"> | 1513 <directive name="proxy_ssl_session_reuse"> |
| 1456 <syntax><literal>on</literal> | <literal>off</literal></syntax> | 1514 <syntax><literal>on</literal> | <literal>off</literal></syntax> |
| 1457 <default>on</default> | 1515 <default>on</default> |
| 1458 <context>http</context> | 1516 <context>http</context> |
| 1459 <context>server</context> | 1517 <context>server</context> |
| 1483 <context>location</context> | 1541 <context>location</context> |
| 1484 <appeared-in>1.5.6</appeared-in> | 1542 <appeared-in>1.5.6</appeared-in> |
| 1485 | 1543 |
| 1486 <para> | 1544 <para> |
| 1487 Enables the specified protocols for requests to a proxied HTTPS server. | 1545 Enables the specified protocols for requests to a proxied HTTPS server. |
| 1546 </para> | |
| 1547 | |
| 1548 </directive> | |
| 1549 | |
| 1550 | |
| 1551 <directive name="proxy_ssl_trusted_certificate"> | |
| 1552 <syntax><value>file</value></syntax> | |
| 1553 <default/> | |
| 1554 <context>http</context> | |
| 1555 <context>server</context> | |
| 1556 <context>location</context> | |
| 1557 <appeared-in>1.7.0</appeared-in> | |
| 1558 | |
| 1559 <para> | |
| 1560 Specifies a <value>file</value> with trusted CA certificates in the PEM format | |
| 1561 used to <link id="proxy_ssl_verify">verify</link> | |
| 1562 the certificate of the proxied HTTPS server. | |
| 1563 </para> | |
| 1564 | |
| 1565 </directive> | |
| 1566 | |
| 1567 | |
| 1568 <directive name="proxy_ssl_verify"> | |
| 1569 <syntax><literal>on</literal> | <literal>off</literal></syntax> | |
| 1570 <default>off</default> | |
| 1571 <context>http</context> | |
| 1572 <context>server</context> | |
| 1573 <context>location</context> | |
| 1574 <appeared-in>1.7.0</appeared-in> | |
| 1575 | |
| 1576 <para> | |
| 1577 Enables or disables verification of the proxied HTTPS server certificate. | |
| 1578 </para> | |
| 1579 | |
| 1580 </directive> | |
| 1581 | |
| 1582 | |
| 1583 <directive name="proxy_ssl_verify_depth"> | |
| 1584 <syntax><value>number</value></syntax> | |
| 1585 <default>1</default> | |
| 1586 <context>http</context> | |
| 1587 <context>server</context> | |
| 1588 <context>location</context> | |
| 1589 <appeared-in>1.7.0</appeared-in> | |
| 1590 | |
| 1591 <para> | |
| 1592 Sets the verification depth in the proxied HTTPS server certificates chain. | |
| 1488 </para> | 1593 </para> |
| 1489 | 1594 |
| 1490 </directive> | 1595 </directive> |
| 1491 | 1596 |
| 1492 | 1597 |