Mercurial > hg > nginx-site
comparison xml/en/docs/stream/ngx_stream_proxy_module.xml @ 1450:f5b5eefc43cb
Updated commercial docs for the upcoming release.
author | Ruslan Ermilov <ru@nginx.com> |
---|---|
date | Thu, 09 Apr 2015 19:18:54 +0300 |
parents | 50c72ad994b3 |
children | e69e4dbcc760 |
comparison
equal
deleted
inserted
replaced
1449:c79501e16e26 | 1450:f5b5eefc43cb |
---|---|
7 <!DOCTYPE module SYSTEM "../../../../dtd/module.dtd"> | 7 <!DOCTYPE module SYSTEM "../../../../dtd/module.dtd"> |
8 | 8 |
9 <module name="Module ngx_stream_proxy_module" | 9 <module name="Module ngx_stream_proxy_module" |
10 link="/en/docs/stream/ngx_stream_proxy_module.html" | 10 link="/en/docs/stream/ngx_stream_proxy_module.html" |
11 lang="en" | 11 lang="en" |
12 rev="2"> | 12 rev="3"> |
13 | 13 |
14 <section id="summary"> | 14 <section id="summary"> |
15 | 15 |
16 <para> | 16 <para> |
17 The <literal>ngx_stream_proxy_module</literal> module (1.7.7) allows passing | 17 The <literal>ngx_stream_proxy_module</literal> module (1.7.7) allows passing |
76 <context>server</context> | 76 <context>server</context> |
77 | 77 |
78 <para> | 78 <para> |
79 Sets the <value>size</value> of the | 79 Sets the <value>size</value> of the |
80 buffer used for reading data from the client. | 80 buffer used for reading data from the client. |
81 </para> | |
82 | |
83 </directive> | |
84 | |
85 | |
86 <directive name="proxy_next_upstream"> | |
87 <syntax><literal>on</literal> | <literal>off</literal></syntax> | |
88 <default>on</default> | |
89 <context>stream</context> | |
90 <context>server</context> | |
91 <appeared-in>1.7.10</appeared-in> | |
92 | |
93 <para> | |
94 When a connection to the proxied server cannot be established, determines | |
95 whether a client connection will be passed to the next server. | |
96 </para> | |
97 | |
98 <para> | |
99 Passing a connection to the next server can be limited by | |
100 <link id="proxy_next_upstream_tries">the number of tries</link> | |
101 and by <link id="proxy_next_upstream_timeout">time</link>. | |
102 </para> | |
103 | |
104 </directive> | |
105 | |
106 | |
107 <directive name="proxy_next_upstream_timeout"> | |
108 <syntax><value>time</value></syntax> | |
109 <default>0</default> | |
110 <context>stream</context> | |
111 <context>server</context> | |
112 <appeared-in>1.7.10</appeared-in> | |
113 | |
114 <para> | |
115 Limits the time allowed to pass a connection to the | |
116 <link id="proxy_next_upstream">next server</link>. | |
117 The <literal>0</literal> value turns off this limitation. | |
118 </para> | |
119 | |
120 </directive> | |
121 | |
122 | |
123 <directive name="proxy_next_upstream_tries"> | |
124 <syntax><value>number</value></syntax> | |
125 <default>0</default> | |
126 <context>stream</context> | |
127 <context>server</context> | |
128 <appeared-in>1.7.10</appeared-in> | |
129 | |
130 <para> | |
131 Limits the number of possible tries for passing a connection to the | |
132 <link id="proxy_next_upstream">next server</link>. | |
133 The <literal>0</literal> value turns off this limitation. | |
81 </para> | 134 </para> |
82 | 135 |
83 </directive> | 136 </directive> |
84 | 137 |
85 | 138 |
109 </para> | 162 </para> |
110 | 163 |
111 </directive> | 164 </directive> |
112 | 165 |
113 | 166 |
167 <directive name="proxy_ssl"> | |
168 <syntax><literal>on</literal> | <literal>off</literal></syntax> | |
169 <default>off</default> | |
170 <context>stream</context> | |
171 <context>server</context> | |
172 <appeared-in>1.7.10</appeared-in> | |
173 | |
174 <para> | |
175 Enables the SSL/TLS protocol for connections to a proxied server. | |
176 </para> | |
177 | |
178 </directive> | |
179 | |
180 | |
181 <directive name="proxy_ssl_certificate"> | |
182 <syntax><value>file</value></syntax> | |
183 <default/> | |
184 <context>stream</context> | |
185 <context>server</context> | |
186 <appeared-in>1.7.10</appeared-in> | |
187 | |
188 <para> | |
189 Specifies a <value>file</value> with the certificate in the PEM format | |
190 used for authentication to a proxied server. | |
191 </para> | |
192 | |
193 </directive> | |
194 | |
195 | |
196 <directive name="proxy_ssl_certificate_key"> | |
197 <syntax><value>file</value></syntax> | |
198 <default/> | |
199 <context>stream</context> | |
200 <context>server</context> | |
201 <appeared-in>1.7.10</appeared-in> | |
202 | |
203 <para> | |
204 Specifies a <value>file</value> with the secret key in the PEM format | |
205 used for authentication to a proxied server. | |
206 </para> | |
207 | |
208 </directive> | |
209 | |
210 | |
211 <directive name="proxy_ssl_ciphers"> | |
212 <syntax><value>ciphers</value></syntax> | |
213 <default>DEFAULT</default> | |
214 <context>stream</context> | |
215 <context>server</context> | |
216 <appeared-in>1.7.10</appeared-in> | |
217 | |
218 <para> | |
219 Specifies the enabled ciphers for connections to a proxied server. | |
220 The ciphers are specified in the format understood by the OpenSSL library. | |
221 </para> | |
222 | |
223 <para> | |
224 The full list can be viewed using the | |
225 “<command>openssl ciphers</command>” command. | |
226 </para> | |
227 | |
228 </directive> | |
229 | |
230 | |
231 <directive name="proxy_ssl_crl"> | |
232 <syntax><value>file</value></syntax> | |
233 <default/> | |
234 <context>stream</context> | |
235 <context>server</context> | |
236 <appeared-in>1.7.10</appeared-in> | |
237 | |
238 <para> | |
239 Specifies a <value>file</value> with revoked certificates (CRL) | |
240 in the PEM format used to <link id="proxy_ssl_verify">verify</link> | |
241 the certificate of the proxied server. | |
242 </para> | |
243 | |
244 </directive> | |
245 | |
246 | |
247 <directive name="proxy_ssl_name"> | |
248 <syntax><value>name</value></syntax> | |
249 <default>host from proxy_pass</default> | |
250 <context>stream</context> | |
251 <context>server</context> | |
252 <appeared-in>1.7.10</appeared-in> | |
253 | |
254 <para> | |
255 Allows to override the server name used to | |
256 <link id="proxy_ssl_verify">verify</link> | |
257 the certificate of the proxied server and to be | |
258 <link id="proxy_ssl_server_name">passed through SNI</link> | |
259 when establishing a connection with the proxied server. | |
260 </para> | |
261 | |
262 <para> | |
263 By default, the host part of the <link id="proxy_pass"/> address is used. | |
264 </para> | |
265 | |
266 </directive> | |
267 | |
268 | |
269 <directive name="proxy_ssl_password_file"> | |
270 <syntax><value>file</value></syntax> | |
271 <default/> | |
272 <context>stream</context> | |
273 <context>server</context> | |
274 <appeared-in>1.7.10</appeared-in> | |
275 | |
276 <para> | |
277 Specifies a <value>file</value> with passphrases for | |
278 <link id="proxy_ssl_certificate_key">secret keys</link> | |
279 where each passphrase is specified on a separate line. | |
280 Passphrases are tried in turn when loading the key. | |
281 </para> | |
282 | |
283 </directive> | |
284 | |
285 | |
286 <directive name="proxy_ssl_server_name"> | |
287 <syntax><literal>on</literal> | <literal>off</literal></syntax> | |
288 <default>off</default> | |
289 <context>stream</context> | |
290 <context>server</context> | |
291 <appeared-in>1.7.10</appeared-in> | |
292 | |
293 <para> | |
294 Enables or disables passing of the server name through | |
295 <link url="http://en.wikipedia.org/wiki/Server_Name_Indication">TLS | |
296 Server Name Indication extension</link> (SNI, RFC 6066) | |
297 when establishing a connection with the proxied server. | |
298 </para> | |
299 | |
300 </directive> | |
301 | |
302 | |
303 <directive name="proxy_ssl_session_reuse"> | |
304 <syntax><literal>on</literal> | <literal>off</literal></syntax> | |
305 <default>on</default> | |
306 <context>stream</context> | |
307 <context>server</context> | |
308 <appeared-in>1.7.10</appeared-in> | |
309 | |
310 <para> | |
311 Determines whether SSL sessions can be reused when working with | |
312 the proxied server. | |
313 If the errors | |
314 “<literal>SSL3_GET_FINISHED:digest check failed</literal>” | |
315 appear in the logs, try disabling session reuse. | |
316 </para> | |
317 | |
318 </directive> | |
319 | |
320 | |
321 <directive name="proxy_ssl_protocols"> | |
322 <syntax> | |
323 [<literal>SSLv2</literal>] | |
324 [<literal>SSLv3</literal>] | |
325 [<literal>TLSv1</literal>] | |
326 [<literal>TLSv1.1</literal>] | |
327 [<literal>TLSv1.2</literal>]</syntax> | |
328 <default>SSLv3 TLSv1 TLSv1.1 TLSv1.2</default> | |
329 <context>stream</context> | |
330 <context>server</context> | |
331 <appeared-in>1.7.10</appeared-in> | |
332 | |
333 <para> | |
334 Enables the specified protocols for connections to a proxied server. | |
335 </para> | |
336 | |
337 </directive> | |
338 | |
339 | |
340 <directive name="proxy_ssl_trusted_certificate"> | |
341 <syntax><value>file</value></syntax> | |
342 <default/> | |
343 <context>stream</context> | |
344 <context>server</context> | |
345 <appeared-in>1.7.10</appeared-in> | |
346 | |
347 <para> | |
348 Specifies a <value>file</value> with trusted CA certificates in the PEM format | |
349 used to <link id="proxy_ssl_verify">verify</link> | |
350 the certificate of the proxied server. | |
351 </para> | |
352 | |
353 </directive> | |
354 | |
355 | |
356 <directive name="proxy_ssl_verify"> | |
357 <syntax><literal>on</literal> | <literal>off</literal></syntax> | |
358 <default>off</default> | |
359 <context>stream</context> | |
360 <context>server</context> | |
361 <appeared-in>1.7.10</appeared-in> | |
362 | |
363 <para> | |
364 Enables or disables verification of the proxied server certificate. | |
365 </para> | |
366 | |
367 </directive> | |
368 | |
369 | |
370 <directive name="proxy_ssl_verify_depth"> | |
371 <syntax><value>number</value></syntax> | |
372 <default>1</default> | |
373 <context>stream</context> | |
374 <context>server</context> | |
375 <appeared-in>1.7.10</appeared-in> | |
376 | |
377 <para> | |
378 Sets the verification depth in the proxied server certificates chain. | |
379 </para> | |
380 | |
381 </directive> | |
382 | |
383 | |
114 <directive name="proxy_timeout"> | 384 <directive name="proxy_timeout"> |
115 <syntax><value>timeout</value></syntax> | 385 <syntax><value>timeout</value></syntax> |
116 <default>10m</default> | 386 <default>10m</default> |
117 <context>stream</context> | 387 <context>stream</context> |
118 <context>server</context> | 388 <context>server</context> |