Mercurial > hg > nginx-site
comparison xml/en/docs/http/ngx_http_core_module.xml @ 2903:44f3b52c0679
Documented the $proxy_protocol_tlv_ variable.
author | Yaroslav Zhuravlev <yar@nginx.com> |
---|---|
date | Wed, 19 Oct 2022 12:33:55 +0100 |
parents | e06cf66a9f63 |
children | 7ebe15d6c68d |
comparison
equal
deleted
inserted
replaced
2902:843bf979dcaa | 2903:44f3b52c0679 |
---|---|
8 <!DOCTYPE module SYSTEM "../../../../dtd/module.dtd"> | 8 <!DOCTYPE module SYSTEM "../../../../dtd/module.dtd"> |
9 | 9 |
10 <module name="Module ngx_http_core_module" | 10 <module name="Module ngx_http_core_module" |
11 link="/en/docs/http/ngx_http_core_module.html" | 11 link="/en/docs/http/ngx_http_core_module.html" |
12 lang="en" | 12 lang="en" |
13 rev="100"> | 13 rev="101"> |
14 | 14 |
15 <section id="directives" name="Directives"> | 15 <section id="directives" name="Directives"> |
16 | 16 |
17 <directive name="absolute_redirect"> | 17 <directive name="absolute_redirect"> |
18 <syntax><literal>on</literal> | <literal>off</literal></syntax> | 18 <syntax><literal>on</literal> | <literal>off</literal></syntax> |
3226 <literal>proxy_protocol</literal> parameter | 3226 <literal>proxy_protocol</literal> parameter |
3227 in the <link id="listen"/> directive. | 3227 in the <link id="listen"/> directive. |
3228 </para> | 3228 </para> |
3229 </tag-desc> | 3229 </tag-desc> |
3230 | 3230 |
3231 <tag-name id="var_proxy_protocol_tlv_"><var>$proxy_protocol_tlv_</var><value>name</value></tag-name> | |
3232 <tag-desc> | |
3233 TLV from the PROXY Protocol header (1.23.2). | |
3234 The <literal>name</literal> can be a TLV type name or its numeric value. | |
3235 In the latter case, the value is hexadecimal | |
3236 and should be prefixed with <literal>0x</literal>: | |
3237 | |
3238 <example> | |
3239 $proxy_protocol_tlv_alpn | |
3240 $proxy_protocol_tlv_0x01 | |
3241 </example> | |
3242 SSL TLVs can also be accessed by TLV type name | |
3243 or its numeric value, | |
3244 both prefixed by <literal>ssl_</literal>: | |
3245 <example> | |
3246 $proxy_protocol_tlv_ssl_version | |
3247 $proxy_protocol_tlv_ssl_0x21 | |
3248 </example> | |
3249 | |
3250 <para> | |
3251 The following TLV type names are supported: | |
3252 <list type="bullet"> | |
3253 | |
3254 <listitem> | |
3255 <literal>alpn</literal> (<literal>0x01</literal>)— | |
3256 upper layer protocol used over the connection | |
3257 </listitem> | |
3258 | |
3259 <listitem> | |
3260 <literal>authority</literal> (<literal>0x02</literal>)— | |
3261 host name value passed by the client | |
3262 </listitem> | |
3263 | |
3264 <listitem> | |
3265 <literal>unique_id</literal> (<literal>0x05</literal>)— | |
3266 unique connection id | |
3267 </listitem> | |
3268 | |
3269 <listitem> | |
3270 <literal>netns</literal> (<literal>0x30</literal>)— | |
3271 name of the namespace | |
3272 </listitem> | |
3273 | |
3274 <listitem> | |
3275 <literal>ssl</literal> (<literal>0x20</literal>)— | |
3276 binary SSL TLV structure | |
3277 </listitem> | |
3278 | |
3279 </list> | |
3280 </para> | |
3281 | |
3282 <para> | |
3283 The following SSL TLV type names are supported: | |
3284 <list type="bullet"> | |
3285 | |
3286 <listitem> | |
3287 <literal>ssl_version</literal> (<literal>0x21</literal>)— | |
3288 SSL version used in client connection | |
3289 </listitem> | |
3290 | |
3291 <listitem> | |
3292 <literal>ssl_cn</literal> (<literal>0x22</literal>)— | |
3293 SSL certificate Common Name | |
3294 </listitem> | |
3295 | |
3296 <listitem> | |
3297 <literal>ssl_cipher</literal> (<literal>0x23</literal>)— | |
3298 name of the used cipher | |
3299 </listitem> | |
3300 | |
3301 <listitem> | |
3302 <literal>ssl_sig_alg</literal> (<literal>0x24</literal>)— | |
3303 algorithm used to sign the certificate | |
3304 </listitem> | |
3305 | |
3306 <listitem> | |
3307 <literal>ssl_key_alg</literal> (<literal>0x25</literal>)— | |
3308 public-key algorithm | |
3309 </listitem> | |
3310 | |
3311 </list> | |
3312 </para> | |
3313 | |
3314 <para> | |
3315 Also, the following special SSL TLV type name is supported: | |
3316 <list type="bullet"> | |
3317 | |
3318 <listitem> | |
3319 <literal>ssl_verify</literal>— | |
3320 client SSL certificate verification result, | |
3321 <literal>0</literal> if the client presented a certificate | |
3322 and it was successfully verified, | |
3323 non-zero otherwise. | |
3324 </listitem> | |
3325 | |
3326 </list> | |
3327 </para> | |
3328 | |
3329 <para> | |
3330 The PROXY protocol must be previously enabled by setting the | |
3331 <literal>proxy_protocol</literal> parameter | |
3332 in the <link id="listen"/> directive. | |
3333 </para> | |
3334 </tag-desc> | |
3335 | |
3231 <tag-name id="var_query_string"><var>$query_string</var></tag-name> | 3336 <tag-name id="var_query_string"><var>$query_string</var></tag-name> |
3232 <tag-desc> | 3337 <tag-desc> |
3233 same as <var>$args</var> | 3338 same as <var>$args</var> |
3234 </tag-desc> | 3339 </tag-desc> |
3235 | 3340 |