Mercurial > hg > nginx-site
comparison xml/en/docs/stream/ngx_stream_core_module.xml @ 2903:44f3b52c0679
Documented the $proxy_protocol_tlv_ variable.
author | Yaroslav Zhuravlev <yar@nginx.com> |
---|---|
date | Wed, 19 Oct 2022 12:33:55 +0100 |
parents | e06cf66a9f63 |
children | 7ebe15d6c68d |
comparison
equal
deleted
inserted
replaced
2902:843bf979dcaa | 2903:44f3b52c0679 |
---|---|
7 <!DOCTYPE module SYSTEM "../../../../dtd/module.dtd"> | 7 <!DOCTYPE module SYSTEM "../../../../dtd/module.dtd"> |
8 | 8 |
9 <module name="Module ngx_stream_core_module" | 9 <module name="Module ngx_stream_core_module" |
10 link="/en/docs/stream/ngx_stream_core_module.html" | 10 link="/en/docs/stream/ngx_stream_core_module.html" |
11 lang="en" | 11 lang="en" |
12 rev="35"> | 12 rev="36"> |
13 | 13 |
14 <section id="summary"> | 14 <section id="summary"> |
15 | 15 |
16 <para> | 16 <para> |
17 The <literal>ngx_stream_core_module</literal> module | 17 The <literal>ngx_stream_core_module</literal> module |
585 <literal>proxy_protocol</literal> parameter | 585 <literal>proxy_protocol</literal> parameter |
586 in the <link id="listen"/> directive. | 586 in the <link id="listen"/> directive. |
587 </para> | 587 </para> |
588 </tag-desc> | 588 </tag-desc> |
589 | 589 |
590 <tag-name id="var_proxy_protocol_tlv_"><var>$proxy_protocol_tlv_</var><value>name</value></tag-name> | |
591 <tag-desc> | |
592 TLV from the PROXY Protocol header (1.23.2). | |
593 The <literal>name</literal> can be a TLV type name or its numeric value. | |
594 In the latter case, the value is hexadecimal | |
595 and should be prefixed with <literal>0x</literal>: | |
596 | |
597 <example> | |
598 $proxy_protocol_tlv_alpn | |
599 $proxy_protocol_tlv_0x01 | |
600 </example> | |
601 SSL TLVs can also be accessed by TLV type name or its numeric value, | |
602 both prefixed by <literal>ssl_</literal>: | |
603 <example> | |
604 $proxy_protocol_tlv_ssl_version | |
605 $proxy_protocol_tlv_ssl_0x21 | |
606 </example> | |
607 | |
608 <para> | |
609 The following TLV type names are supported: | |
610 <list type="bullet"> | |
611 | |
612 <listitem> | |
613 <literal>alpn</literal> (<literal>0x01</literal>)— | |
614 upper layer protocol used over the connection | |
615 </listitem> | |
616 | |
617 <listitem> | |
618 <literal>authority</literal> (<literal>0x02</literal>)— | |
619 host name value passed by the client | |
620 </listitem> | |
621 | |
622 <listitem> | |
623 <literal>unique_id</literal> (<literal>0x05</literal>)— | |
624 unique connection id | |
625 </listitem> | |
626 | |
627 <listitem> | |
628 <literal>netns</literal> (<literal>0x30</literal>)— | |
629 name of the namespace | |
630 </listitem> | |
631 | |
632 <listitem> | |
633 <literal>ssl</literal> (<literal>0x20</literal>)— | |
634 binary SSL TLV structure | |
635 </listitem> | |
636 | |
637 </list> | |
638 </para> | |
639 | |
640 <para> | |
641 The following SSL TLV type names are supported: | |
642 <list type="bullet"> | |
643 | |
644 <listitem> | |
645 <literal>ssl_version</literal> (<literal>0x21</literal>)— | |
646 SSL version used in client connection | |
647 </listitem> | |
648 | |
649 <listitem> | |
650 <literal>ssl_cn</literal> (<literal>0x22</literal>)— | |
651 SSL certificate Common Name | |
652 </listitem> | |
653 | |
654 <listitem> | |
655 <literal>ssl_cipher</literal> (<literal>0x23</literal>)— | |
656 name of the used cipher | |
657 </listitem> | |
658 | |
659 <listitem> | |
660 <literal>ssl_sig_alg</literal> (<literal>0x24</literal>)— | |
661 algorithm used to sign the certificate | |
662 </listitem> | |
663 | |
664 <listitem> | |
665 <literal>ssl_key_alg</literal> (<literal>0x25</literal>)— | |
666 public-key algorithm | |
667 </listitem> | |
668 | |
669 </list> | |
670 </para> | |
671 | |
672 <para> | |
673 Also, the following special SSL TLV type name is supported: | |
674 <list type="bullet"> | |
675 | |
676 <listitem> | |
677 <literal>ssl_verify</literal>— | |
678 client SSL certificate verification result, | |
679 zero if the client presented a certificate | |
680 and it was successfully verified, and non-zero otherwise | |
681 </listitem> | |
682 | |
683 </list> | |
684 </para> | |
685 | |
686 <para> | |
687 The PROXY protocol must be previously enabled by setting the | |
688 <literal>proxy_protocol</literal> parameter | |
689 in the <link id="listen"/> directive. | |
690 </para> | |
691 </tag-desc> | |
692 | |
590 <tag-name id="var_remote_addr"><var>$remote_addr</var></tag-name> | 693 <tag-name id="var_remote_addr"><var>$remote_addr</var></tag-name> |
591 <tag-desc> | 694 <tag-desc> |
592 client address | 695 client address |
593 </tag-desc> | 696 </tag-desc> |
594 | 697 |