Mercurial > hg > nginx-site
comparison xml/en/docs/http/ngx_http_core_module.xml @ 2903:44f3b52c0679
Documented the $proxy_protocol_tlv_ variable.
| author | Yaroslav Zhuravlev <yar@nginx.com> |
|---|---|
| date | Wed, 19 Oct 2022 12:33:55 +0100 |
| parents | e06cf66a9f63 |
| children | 7ebe15d6c68d |
comparison
equal
deleted
inserted
replaced
| 2902:843bf979dcaa | 2903:44f3b52c0679 |
|---|---|
| 8 <!DOCTYPE module SYSTEM "../../../../dtd/module.dtd"> | 8 <!DOCTYPE module SYSTEM "../../../../dtd/module.dtd"> |
| 9 | 9 |
| 10 <module name="Module ngx_http_core_module" | 10 <module name="Module ngx_http_core_module" |
| 11 link="/en/docs/http/ngx_http_core_module.html" | 11 link="/en/docs/http/ngx_http_core_module.html" |
| 12 lang="en" | 12 lang="en" |
| 13 rev="100"> | 13 rev="101"> |
| 14 | 14 |
| 15 <section id="directives" name="Directives"> | 15 <section id="directives" name="Directives"> |
| 16 | 16 |
| 17 <directive name="absolute_redirect"> | 17 <directive name="absolute_redirect"> |
| 18 <syntax><literal>on</literal> | <literal>off</literal></syntax> | 18 <syntax><literal>on</literal> | <literal>off</literal></syntax> |
| 3226 <literal>proxy_protocol</literal> parameter | 3226 <literal>proxy_protocol</literal> parameter |
| 3227 in the <link id="listen"/> directive. | 3227 in the <link id="listen"/> directive. |
| 3228 </para> | 3228 </para> |
| 3229 </tag-desc> | 3229 </tag-desc> |
| 3230 | 3230 |
| 3231 <tag-name id="var_proxy_protocol_tlv_"><var>$proxy_protocol_tlv_</var><value>name</value></tag-name> | |
| 3232 <tag-desc> | |
| 3233 TLV from the PROXY Protocol header (1.23.2). | |
| 3234 The <literal>name</literal> can be a TLV type name or its numeric value. | |
| 3235 In the latter case, the value is hexadecimal | |
| 3236 and should be prefixed with <literal>0x</literal>: | |
| 3237 | |
| 3238 <example> | |
| 3239 $proxy_protocol_tlv_alpn | |
| 3240 $proxy_protocol_tlv_0x01 | |
| 3241 </example> | |
| 3242 SSL TLVs can also be accessed by TLV type name | |
| 3243 or its numeric value, | |
| 3244 both prefixed by <literal>ssl_</literal>: | |
| 3245 <example> | |
| 3246 $proxy_protocol_tlv_ssl_version | |
| 3247 $proxy_protocol_tlv_ssl_0x21 | |
| 3248 </example> | |
| 3249 | |
| 3250 <para> | |
| 3251 The following TLV type names are supported: | |
| 3252 <list type="bullet"> | |
| 3253 | |
| 3254 <listitem> | |
| 3255 <literal>alpn</literal> (<literal>0x01</literal>)— | |
| 3256 upper layer protocol used over the connection | |
| 3257 </listitem> | |
| 3258 | |
| 3259 <listitem> | |
| 3260 <literal>authority</literal> (<literal>0x02</literal>)— | |
| 3261 host name value passed by the client | |
| 3262 </listitem> | |
| 3263 | |
| 3264 <listitem> | |
| 3265 <literal>unique_id</literal> (<literal>0x05</literal>)— | |
| 3266 unique connection id | |
| 3267 </listitem> | |
| 3268 | |
| 3269 <listitem> | |
| 3270 <literal>netns</literal> (<literal>0x30</literal>)— | |
| 3271 name of the namespace | |
| 3272 </listitem> | |
| 3273 | |
| 3274 <listitem> | |
| 3275 <literal>ssl</literal> (<literal>0x20</literal>)— | |
| 3276 binary SSL TLV structure | |
| 3277 </listitem> | |
| 3278 | |
| 3279 </list> | |
| 3280 </para> | |
| 3281 | |
| 3282 <para> | |
| 3283 The following SSL TLV type names are supported: | |
| 3284 <list type="bullet"> | |
| 3285 | |
| 3286 <listitem> | |
| 3287 <literal>ssl_version</literal> (<literal>0x21</literal>)— | |
| 3288 SSL version used in client connection | |
| 3289 </listitem> | |
| 3290 | |
| 3291 <listitem> | |
| 3292 <literal>ssl_cn</literal> (<literal>0x22</literal>)— | |
| 3293 SSL certificate Common Name | |
| 3294 </listitem> | |
| 3295 | |
| 3296 <listitem> | |
| 3297 <literal>ssl_cipher</literal> (<literal>0x23</literal>)— | |
| 3298 name of the used cipher | |
| 3299 </listitem> | |
| 3300 | |
| 3301 <listitem> | |
| 3302 <literal>ssl_sig_alg</literal> (<literal>0x24</literal>)— | |
| 3303 algorithm used to sign the certificate | |
| 3304 </listitem> | |
| 3305 | |
| 3306 <listitem> | |
| 3307 <literal>ssl_key_alg</literal> (<literal>0x25</literal>)— | |
| 3308 public-key algorithm | |
| 3309 </listitem> | |
| 3310 | |
| 3311 </list> | |
| 3312 </para> | |
| 3313 | |
| 3314 <para> | |
| 3315 Also, the following special SSL TLV type name is supported: | |
| 3316 <list type="bullet"> | |
| 3317 | |
| 3318 <listitem> | |
| 3319 <literal>ssl_verify</literal>— | |
| 3320 client SSL certificate verification result, | |
| 3321 <literal>0</literal> if the client presented a certificate | |
| 3322 and it was successfully verified, | |
| 3323 non-zero otherwise. | |
| 3324 </listitem> | |
| 3325 | |
| 3326 </list> | |
| 3327 </para> | |
| 3328 | |
| 3329 <para> | |
| 3330 The PROXY protocol must be previously enabled by setting the | |
| 3331 <literal>proxy_protocol</literal> parameter | |
| 3332 in the <link id="listen"/> directive. | |
| 3333 </para> | |
| 3334 </tag-desc> | |
| 3335 | |
| 3231 <tag-name id="var_query_string"><var>$query_string</var></tag-name> | 3336 <tag-name id="var_query_string"><var>$query_string</var></tag-name> |
| 3232 <tag-desc> | 3337 <tag-desc> |
| 3233 same as <var>$args</var> | 3338 same as <var>$args</var> |
| 3234 </tag-desc> | 3339 </tag-desc> |
| 3235 | 3340 |