Mercurial > hg > nginx-site
comparison xml/en/docs/http/configuring_https_servers.xml @ 1733:ecf2dd95ceb6
Added links in "Configuring HTTPS servers".
| author | Yaroslav Zhuravlev <yar@nginx.com> |
|---|---|
| date | Wed, 15 Jun 2016 14:45:06 +0300 |
| parents | 47f70f50d554 |
| children | 40e461a34187 |
comparison
equal
deleted
inserted
replaced
| 1732:5eb54b170c74 | 1733:ecf2dd95ceb6 |
|---|---|
| 6 <!DOCTYPE article SYSTEM "../../../../dtd/article.dtd"> | 6 <!DOCTYPE article SYSTEM "../../../../dtd/article.dtd"> |
| 7 | 7 |
| 8 <article name="Configuring HTTPS servers" | 8 <article name="Configuring HTTPS servers" |
| 9 link="/en/docs/http/configuring_https_servers.html" | 9 link="/en/docs/http/configuring_https_servers.html" |
| 10 lang="en" | 10 lang="en" |
| 11 rev="9" | 11 rev="10" |
| 12 author="Igor Sysoev" | 12 author="Igor Sysoev" |
| 13 editor="Brian Mercer"> | 13 editor="Brian Mercer"> |
| 14 | 14 |
| 15 <section> | 15 <section> |
| 16 | 16 |
| 17 <para> | 17 <para> |
| 18 To configure an HTTPS server, the <literal>ssl</literal> parameter | 18 To configure an HTTPS server, the <literal>ssl</literal> parameter |
| 19 must be enabled on | 19 must be enabled on |
| 20 <link doc="ngx_http_core_module.xml" id="listen">listening sockets</link> | 20 <link doc="ngx_http_core_module.xml" id="listen">listening sockets</link> |
| 21 in the <link doc="ngx_http_core_module.xml" id="server"/> block, | 21 in the <link doc="ngx_http_core_module.xml" id="server"/> block, |
| 22 and the locations of the server certificate | 22 and the locations of the |
| 23 and private key files should be specified: | 23 <link doc="ngx_http_ssl_module.xml" id="ssl_certificate">server certificate</link> |
| 24 and | |
| 25 <link doc="ngx_http_ssl_module.xml" id="ssl_certificate_key">private key</link> | |
| 26 files should be specified: | |
| 24 | 27 |
| 25 <programlisting> | 28 <programlisting> |
| 26 server { | 29 server { |
| 27 listen 443 <b>ssl</b>; | 30 listen 443 <b>ssl</b>; |
| 28 server_name www.example.com; | 31 server_name www.example.com; |
| 68 | 71 |
| 69 <section id="optimization" name="HTTPS server optimization"> | 72 <section id="optimization" name="HTTPS server optimization"> |
| 70 | 73 |
| 71 <para> | 74 <para> |
| 72 SSL operations consume extra CPU resources. | 75 SSL operations consume extra CPU resources. |
| 73 On multi-processor systems several worker processes should be run, | 76 On multi-processor systems several |
| 77 <link doc="../ngx_core_module.xml" id="worker_processes">worker processes</link> | |
| 78 should be run, | |
| 74 no less than the number of available CPU cores. | 79 no less than the number of available CPU cores. |
| 75 The most CPU-intensive operation is the SSL handshake. | 80 The most CPU-intensive operation is the SSL handshake. |
| 76 There are two ways to minimize the number of these operations per client: | 81 There are two ways to minimize the number of these operations per client: |
| 77 the first is by enabling keepalive connections to send several | 82 the first is by enabling |
| 83 <link doc="ngx_http_core_module.xml" id="keepalive_timeout">keepalive</link> | |
| 84 connections to send several | |
| 78 requests via one connection and the second is to reuse SSL session | 85 requests via one connection and the second is to reuse SSL session |
| 79 parameters to avoid SSL handshakes for parallel and subsequent connections. | 86 parameters to avoid SSL handshakes for parallel and subsequent connections. |
| 80 The sessions are stored in an SSL session cache shared between workers | 87 The sessions are stored in an SSL session cache shared between workers |
| 81 and configured by the | 88 and configured by the |
| 82 <link doc="ngx_http_ssl_module.xml" id="ssl_session_cache"/> | 89 <link doc="ngx_http_ssl_module.xml" id="ssl_session_cache"/> |