Mercurial > hg > nginx-site

comparison xml/en/docs/stream/ngx_stream_proxy_module.xml @ 1462:e69e4dbcc760

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Documented OSS stream modules.
author Vladimir Homutov <vl@nginx.com>
date Tue, 21 Apr 2015 13:47:00 +0300
parents f5b5eefc43cb
children 3687cc9a3592
comparison
equal deleted inserted replaced
1461:4e5cab61e548 1462:e69e4dbcc760
7 <!DOCTYPE module SYSTEM "../../../../dtd/module.dtd"> 7 <!DOCTYPE module SYSTEM "../../../../dtd/module.dtd">
8 8
9 <module name="Module ngx_stream_proxy_module" 9 <module name="Module ngx_stream_proxy_module"
10 link="/en/docs/stream/ngx_stream_proxy_module.html" 10 link="/en/docs/stream/ngx_stream_proxy_module.html"
11 lang="en" 11 lang="en"
12 rev="3"> 12 rev="4">
13 13
14 <section id="summary"> 14 <section id="summary">
15 15
16 <para> 16 <para>
17 The <literal>ngx_stream_proxy_module</literal> module (1.7.7) allows passing 17 The <literal>ngx_stream_proxy_module</literal> module (1.9.0) allows passing
18 connections to another server over TCP and UNIX-domain sockets. 18 connections to another server over TCP and UNIX-domain sockets.
19 </para>
20
21 <para>
22 <note>
23 This module is available as part of our
24 <commercial_version>commercial subscription</commercial_version>.
25 </note>
26 </para> 19 </para>
27 20
28 </section> 21 </section>
29 22
30 23
86 <directive name="proxy_next_upstream"> 79 <directive name="proxy_next_upstream">
87 <syntax><literal>on</literal> | <literal>off</literal></syntax> 80 <syntax><literal>on</literal> | <literal>off</literal></syntax>
88 <default>on</default> 81 <default>on</default>
89 <context>stream</context> 82 <context>stream</context>
90 <context>server</context> 83 <context>server</context>
91 <appeared-in>1.7.10</appeared-in>
92 84
93 <para> 85 <para>
94 When a connection to the proxied server cannot be established, determines 86 When a connection to the proxied server cannot be established, determines
95 whether a client connection will be passed to the next server. 87 whether a client connection will be passed to the next server.
96 </para> 88 </para>
107 <directive name="proxy_next_upstream_timeout"> 99 <directive name="proxy_next_upstream_timeout">
108 <syntax><value>time</value></syntax> 100 <syntax><value>time</value></syntax>
109 <default>0</default> 101 <default>0</default>
110 <context>stream</context> 102 <context>stream</context>
111 <context>server</context> 103 <context>server</context>
112 <appeared-in>1.7.10</appeared-in>
113 104
114 <para> 105 <para>
115 Limits the time allowed to pass a connection to the 106 Limits the time allowed to pass a connection to the
116 <link id="proxy_next_upstream">next server</link>. 107 <link id="proxy_next_upstream">next server</link>.
117 The <literal>0</literal> value turns off this limitation. 108 The <literal>0</literal> value turns off this limitation.
123 <directive name="proxy_next_upstream_tries"> 114 <directive name="proxy_next_upstream_tries">
124 <syntax><value>number</value></syntax> 115 <syntax><value>number</value></syntax>
125 <default>0</default> 116 <default>0</default>
126 <context>stream</context> 117 <context>stream</context>
127 <context>server</context> 118 <context>server</context>
128 <appeared-in>1.7.10</appeared-in>
129 119
130 <para> 120 <para>
131 Limits the number of possible tries for passing a connection to the 121 Limits the number of possible tries for passing a connection to the
132 <link id="proxy_next_upstream">next server</link>. 122 <link id="proxy_next_upstream">next server</link>.
133 The <literal>0</literal> value turns off this limitation. 123 The <literal>0</literal> value turns off this limitation.
167 <directive name="proxy_ssl"> 157 <directive name="proxy_ssl">
168 <syntax><literal>on</literal> | <literal>off</literal></syntax> 158 <syntax><literal>on</literal> | <literal>off</literal></syntax>
169 <default>off</default> 159 <default>off</default>
170 <context>stream</context> 160 <context>stream</context>
171 <context>server</context> 161 <context>server</context>
172 <appeared-in>1.7.10</appeared-in>
173 162
174 <para> 163 <para>
175 Enables the SSL/TLS protocol for connections to a proxied server. 164 Enables the SSL/TLS protocol for connections to a proxied server.
176 </para> 165 </para>
177 166
181 <directive name="proxy_ssl_certificate"> 170 <directive name="proxy_ssl_certificate">
182 <syntax><value>file</value></syntax> 171 <syntax><value>file</value></syntax>
183 <default/> 172 <default/>
184 <context>stream</context> 173 <context>stream</context>
185 <context>server</context> 174 <context>server</context>
186 <appeared-in>1.7.10</appeared-in>
187 175
188 <para> 176 <para>
189 Specifies a <value>file</value> with the certificate in the PEM format 177 Specifies a <value>file</value> with the certificate in the PEM format
190 used for authentication to a proxied server. 178 used for authentication to a proxied server.
191 </para> 179 </para>
196 <directive name="proxy_ssl_certificate_key"> 184 <directive name="proxy_ssl_certificate_key">
197 <syntax><value>file</value></syntax> 185 <syntax><value>file</value></syntax>
198 <default/> 186 <default/>
199 <context>stream</context> 187 <context>stream</context>
200 <context>server</context> 188 <context>server</context>
201 <appeared-in>1.7.10</appeared-in>
202 189
203 <para> 190 <para>
204 Specifies a <value>file</value> with the secret key in the PEM format 191 Specifies a <value>file</value> with the secret key in the PEM format
205 used for authentication to a proxied server. 192 used for authentication to a proxied server.
206 </para> 193 </para>
211 <directive name="proxy_ssl_ciphers"> 198 <directive name="proxy_ssl_ciphers">
212 <syntax><value>ciphers</value></syntax> 199 <syntax><value>ciphers</value></syntax>
213 <default>DEFAULT</default> 200 <default>DEFAULT</default>
214 <context>stream</context> 201 <context>stream</context>
215 <context>server</context> 202 <context>server</context>
216 <appeared-in>1.7.10</appeared-in>
217 203
218 <para> 204 <para>
219 Specifies the enabled ciphers for connections to a proxied server. 205 Specifies the enabled ciphers for connections to a proxied server.
220 The ciphers are specified in the format understood by the OpenSSL library. 206 The ciphers are specified in the format understood by the OpenSSL library.
221 </para> 207 </para>
231 <directive name="proxy_ssl_crl"> 217 <directive name="proxy_ssl_crl">
232 <syntax><value>file</value></syntax> 218 <syntax><value>file</value></syntax>
233 <default/> 219 <default/>
234 <context>stream</context> 220 <context>stream</context>
235 <context>server</context> 221 <context>server</context>
236 <appeared-in>1.7.10</appeared-in>
237 222
238 <para> 223 <para>
239 Specifies a <value>file</value> with revoked certificates (CRL) 224 Specifies a <value>file</value> with revoked certificates (CRL)
240 in the PEM format used to <link id="proxy_ssl_verify">verify</link> 225 in the PEM format used to <link id="proxy_ssl_verify">verify</link>
241 the certificate of the proxied server. 226 the certificate of the proxied server.
247 <directive name="proxy_ssl_name"> 232 <directive name="proxy_ssl_name">
248 <syntax><value>name</value></syntax> 233 <syntax><value>name</value></syntax>
249 <default>host from proxy_pass</default> 234 <default>host from proxy_pass</default>
250 <context>stream</context> 235 <context>stream</context>
251 <context>server</context> 236 <context>server</context>
252 <appeared-in>1.7.10</appeared-in>
253 237
254 <para> 238 <para>
255 Allows to override the server name used to 239 Allows to override the server name used to
256 <link id="proxy_ssl_verify">verify</link> 240 <link id="proxy_ssl_verify">verify</link>
257 the certificate of the proxied server and to be 241 the certificate of the proxied server and to be
269 <directive name="proxy_ssl_password_file"> 253 <directive name="proxy_ssl_password_file">
270 <syntax><value>file</value></syntax> 254 <syntax><value>file</value></syntax>
271 <default/> 255 <default/>
272 <context>stream</context> 256 <context>stream</context>
273 <context>server</context> 257 <context>server</context>
274 <appeared-in>1.7.10</appeared-in>
275 258
276 <para> 259 <para>
277 Specifies a <value>file</value> with passphrases for 260 Specifies a <value>file</value> with passphrases for
278 <link id="proxy_ssl_certificate_key">secret keys</link> 261 <link id="proxy_ssl_certificate_key">secret keys</link>
279 where each passphrase is specified on a separate line. 262 where each passphrase is specified on a separate line.
286 <directive name="proxy_ssl_server_name"> 269 <directive name="proxy_ssl_server_name">
287 <syntax><literal>on</literal> | <literal>off</literal></syntax> 270 <syntax><literal>on</literal> | <literal>off</literal></syntax>
288 <default>off</default> 271 <default>off</default>
289 <context>stream</context> 272 <context>stream</context>
290 <context>server</context> 273 <context>server</context>
291 <appeared-in>1.7.10</appeared-in>
292 274
293 <para> 275 <para>
294 Enables or disables passing of the server name through 276 Enables or disables passing of the server name through
295 <link url="http://en.wikipedia.org/wiki/Server_Name_Indication">TLS 277 <link url="http://en.wikipedia.org/wiki/Server_Name_Indication">TLS
296 Server Name Indication extension</link> (SNI, RFC 6066) 278 Server Name Indication extension</link> (SNI, RFC 6066)
303 <directive name="proxy_ssl_session_reuse"> 285 <directive name="proxy_ssl_session_reuse">
304 <syntax><literal>on</literal> | <literal>off</literal></syntax> 286 <syntax><literal>on</literal> | <literal>off</literal></syntax>
305 <default>on</default> 287 <default>on</default>
306 <context>stream</context> 288 <context>stream</context>
307 <context>server</context> 289 <context>server</context>
308 <appeared-in>1.7.10</appeared-in>
309 290
310 <para> 291 <para>
311 Determines whether SSL sessions can be reused when working with 292 Determines whether SSL sessions can be reused when working with
312 the proxied server. 293 the proxied server.
313 If the errors 294 If the errors
326 [<literal>TLSv1.1</literal>] 307 [<literal>TLSv1.1</literal>]
327 [<literal>TLSv1.2</literal>]</syntax> 308 [<literal>TLSv1.2</literal>]</syntax>
328 <default>SSLv3 TLSv1 TLSv1.1 TLSv1.2</default> 309 <default>SSLv3 TLSv1 TLSv1.1 TLSv1.2</default>
329 <context>stream</context> 310 <context>stream</context>
330 <context>server</context> 311 <context>server</context>
331 <appeared-in>1.7.10</appeared-in>
332 312
333 <para> 313 <para>
334 Enables the specified protocols for connections to a proxied server. 314 Enables the specified protocols for connections to a proxied server.
335 </para> 315 </para>
336 316
340 <directive name="proxy_ssl_trusted_certificate"> 320 <directive name="proxy_ssl_trusted_certificate">
341 <syntax><value>file</value></syntax> 321 <syntax><value>file</value></syntax>
342 <default/> 322 <default/>
343 <context>stream</context> 323 <context>stream</context>
344 <context>server</context> 324 <context>server</context>
345 <appeared-in>1.7.10</appeared-in>
346 325
347 <para> 326 <para>
348 Specifies a <value>file</value> with trusted CA certificates in the PEM format 327 Specifies a <value>file</value> with trusted CA certificates in the PEM format
349 used to <link id="proxy_ssl_verify">verify</link> 328 used to <link id="proxy_ssl_verify">verify</link>
350 the certificate of the proxied server. 329 the certificate of the proxied server.
356 <directive name="proxy_ssl_verify"> 335 <directive name="proxy_ssl_verify">
357 <syntax><literal>on</literal> | <literal>off</literal></syntax> 336 <syntax><literal>on</literal> | <literal>off</literal></syntax>
358 <default>off</default> 337 <default>off</default>
359 <context>stream</context> 338 <context>stream</context>
360 <context>server</context> 339 <context>server</context>
361 <appeared-in>1.7.10</appeared-in>
362 340
363 <para> 341 <para>
364 Enables or disables verification of the proxied server certificate. 342 Enables or disables verification of the proxied server certificate.
365 </para> 343 </para>
366 344
370 <directive name="proxy_ssl_verify_depth"> 348 <directive name="proxy_ssl_verify_depth">
371 <syntax><value>number</value></syntax> 349 <syntax><value>number</value></syntax>
372 <default>1</default> 350 <default>1</default>
373 <context>stream</context> 351 <context>stream</context>
374 <context>server</context> 352 <context>server</context>
375 <appeared-in>1.7.10</appeared-in>
376 353
377 <para> 354 <para>
378 Sets the verification depth in the proxied server certificates chain. 355 Sets the verification depth in the proxied server certificates chain.
379 </para> 356 </para>
380 357