Mercurial > hg > nginx-site
comparison xml/en/docs/http/configuring_https_servers.xml @ 1733:ecf2dd95ceb6
Added links in "Configuring HTTPS servers".
author | Yaroslav Zhuravlev <yar@nginx.com> |
---|---|
date | Wed, 15 Jun 2016 14:45:06 +0300 |
parents | 47f70f50d554 |
children | 40e461a34187 |
comparison
equal
deleted
inserted
replaced
1732:5eb54b170c74 | 1733:ecf2dd95ceb6 |
---|---|
6 <!DOCTYPE article SYSTEM "../../../../dtd/article.dtd"> | 6 <!DOCTYPE article SYSTEM "../../../../dtd/article.dtd"> |
7 | 7 |
8 <article name="Configuring HTTPS servers" | 8 <article name="Configuring HTTPS servers" |
9 link="/en/docs/http/configuring_https_servers.html" | 9 link="/en/docs/http/configuring_https_servers.html" |
10 lang="en" | 10 lang="en" |
11 rev="9" | 11 rev="10" |
12 author="Igor Sysoev" | 12 author="Igor Sysoev" |
13 editor="Brian Mercer"> | 13 editor="Brian Mercer"> |
14 | 14 |
15 <section> | 15 <section> |
16 | 16 |
17 <para> | 17 <para> |
18 To configure an HTTPS server, the <literal>ssl</literal> parameter | 18 To configure an HTTPS server, the <literal>ssl</literal> parameter |
19 must be enabled on | 19 must be enabled on |
20 <link doc="ngx_http_core_module.xml" id="listen">listening sockets</link> | 20 <link doc="ngx_http_core_module.xml" id="listen">listening sockets</link> |
21 in the <link doc="ngx_http_core_module.xml" id="server"/> block, | 21 in the <link doc="ngx_http_core_module.xml" id="server"/> block, |
22 and the locations of the server certificate | 22 and the locations of the |
23 and private key files should be specified: | 23 <link doc="ngx_http_ssl_module.xml" id="ssl_certificate">server certificate</link> |
24 and | |
25 <link doc="ngx_http_ssl_module.xml" id="ssl_certificate_key">private key</link> | |
26 files should be specified: | |
24 | 27 |
25 <programlisting> | 28 <programlisting> |
26 server { | 29 server { |
27 listen 443 <b>ssl</b>; | 30 listen 443 <b>ssl</b>; |
28 server_name www.example.com; | 31 server_name www.example.com; |
68 | 71 |
69 <section id="optimization" name="HTTPS server optimization"> | 72 <section id="optimization" name="HTTPS server optimization"> |
70 | 73 |
71 <para> | 74 <para> |
72 SSL operations consume extra CPU resources. | 75 SSL operations consume extra CPU resources. |
73 On multi-processor systems several worker processes should be run, | 76 On multi-processor systems several |
77 <link doc="../ngx_core_module.xml" id="worker_processes">worker processes</link> | |
78 should be run, | |
74 no less than the number of available CPU cores. | 79 no less than the number of available CPU cores. |
75 The most CPU-intensive operation is the SSL handshake. | 80 The most CPU-intensive operation is the SSL handshake. |
76 There are two ways to minimize the number of these operations per client: | 81 There are two ways to minimize the number of these operations per client: |
77 the first is by enabling keepalive connections to send several | 82 the first is by enabling |
83 <link doc="ngx_http_core_module.xml" id="keepalive_timeout">keepalive</link> | |
84 connections to send several | |
78 requests via one connection and the second is to reuse SSL session | 85 requests via one connection and the second is to reuse SSL session |
79 parameters to avoid SSL handshakes for parallel and subsequent connections. | 86 parameters to avoid SSL handshakes for parallel and subsequent connections. |
80 The sessions are stored in an SSL session cache shared between workers | 87 The sessions are stored in an SSL session cache shared between workers |
81 and configured by the | 88 and configured by the |
82 <link doc="ngx_http_ssl_module.xml" id="ssl_session_cache"/> | 89 <link doc="ngx_http_ssl_module.xml" id="ssl_session_cache"/> |