Mercurial > hg > nginx-site

diff xml/en/docs/stream/ngx_stream_proxy_module.xml @ 1450:f5b5eefc43cb

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Updated commercial docs for the upcoming release.
author Ruslan Ermilov <ru@nginx.com>
date Thu, 09 Apr 2015 19:18:54 +0300
parents 50c72ad994b3
children e69e4dbcc760
line wrap: on
line diff
--- a/xml/en/docs/stream/ngx_stream_proxy_module.xml	Wed Apr 08 13:56:52 2015 +0300
+++ b/xml/en/docs/stream/ngx_stream_proxy_module.xml	Thu Apr 09 19:18:54 2015 +0300
@@ -9,7 +9,7 @@
 <module name="Module ngx_stream_proxy_module"
         link="/en/docs/stream/ngx_stream_proxy_module.html"
         lang="en"
-        rev="2">
+        rev="3">
 
 <section id="summary">
 
@@ -83,6 +83,59 @@
 </directive>
 
 
+<directive name="proxy_next_upstream">
+<syntax><literal>on</literal> | <literal>off</literal></syntax>
+<default>on</default>
+<context>stream</context>
+<context>server</context>
+<appeared-in>1.7.10</appeared-in>
+
+<para>
+When a connection to the proxied server cannot be established, determines
+whether a client connection will be passed to the next server.
+</para>
+
+<para>
+Passing a connection to the next server can be limited by
+<link id="proxy_next_upstream_tries">the number of tries</link>
+and by <link id="proxy_next_upstream_timeout">time</link>.
+</para>
+
+</directive>
+
+
+<directive name="proxy_next_upstream_timeout">
+<syntax><value>time</value></syntax>
+<default>0</default>
+<context>stream</context>
+<context>server</context>
+<appeared-in>1.7.10</appeared-in>
+
+<para>
+Limits the time allowed to pass a connection to the
+<link id="proxy_next_upstream">next server</link>.
+The <literal>0</literal> value turns off this limitation.
+</para>
+
+</directive>
+
+
+<directive name="proxy_next_upstream_tries">
+<syntax><value>number</value></syntax>
+<default>0</default>
+<context>stream</context>
+<context>server</context>
+<appeared-in>1.7.10</appeared-in>
+
+<para>
+Limits the number of possible tries for passing a connection to the
+<link id="proxy_next_upstream">next server</link>.
+The <literal>0</literal> value turns off this limitation.
+</para>
+
+</directive>
+
+
 <directive name="proxy_pass">
 <syntax><value>address</value></syntax>
 <default/>
@@ -111,6 +164,223 @@
 </directive>
 
 
+<directive name="proxy_ssl">
+<syntax><literal>on</literal> | <literal>off</literal></syntax>
+<default>off</default>
+<context>stream</context>
+<context>server</context>
+<appeared-in>1.7.10</appeared-in>
+
+<para>
+Enables the SSL/TLS protocol for connections to a proxied server.
+</para>
+
+</directive>
+
+
+<directive name="proxy_ssl_certificate">
+<syntax><value>file</value></syntax>
+<default/>
+<context>stream</context>
+<context>server</context>
+<appeared-in>1.7.10</appeared-in>
+
+<para>
+Specifies a <value>file</value> with the certificate in the PEM format
+used for authentication to a proxied server.
+</para>
+
+</directive>
+
+
+<directive name="proxy_ssl_certificate_key">
+<syntax><value>file</value></syntax>
+<default/>
+<context>stream</context>
+<context>server</context>
+<appeared-in>1.7.10</appeared-in>
+
+<para>
+Specifies a <value>file</value> with the secret key in the PEM format
+used for authentication to a proxied server.
+</para>
+
+</directive>
+
+
+<directive name="proxy_ssl_ciphers">
+<syntax><value>ciphers</value></syntax>
+<default>DEFAULT</default>
+<context>stream</context>
+<context>server</context>
+<appeared-in>1.7.10</appeared-in>
+
+<para>
+Specifies the enabled ciphers for connections to a proxied server.
+The ciphers are specified in the format understood by the OpenSSL library.
+</para>
+
+<para>
+The full list can be viewed using the
+“<command>openssl ciphers</command>” command.
+</para>
+
+</directive>
+
+
+<directive name="proxy_ssl_crl">
+<syntax><value>file</value></syntax>
+<default/>
+<context>stream</context>
+<context>server</context>
+<appeared-in>1.7.10</appeared-in>
+
+<para>
+Specifies a <value>file</value> with revoked certificates (CRL)
+in the PEM format used to <link id="proxy_ssl_verify">verify</link>
+the certificate of the proxied server.
+</para>
+
+</directive>
+
+
+<directive name="proxy_ssl_name">
+<syntax><value>name</value></syntax>
+<default>host from proxy_pass</default>
+<context>stream</context>
+<context>server</context>
+<appeared-in>1.7.10</appeared-in>
+
+<para>
+Allows to override the server name used to
+<link id="proxy_ssl_verify">verify</link>
+the certificate of the proxied server and to be
+<link id="proxy_ssl_server_name">passed through SNI</link>
+when establishing a connection with the proxied server.
+</para>
+
+<para>
+By default, the host part of the <link id="proxy_pass"/> address is used.
+</para>
+
+</directive>
+
+
+<directive name="proxy_ssl_password_file">
+<syntax><value>file</value></syntax>
+<default/>
+<context>stream</context>
+<context>server</context>
+<appeared-in>1.7.10</appeared-in>
+
+<para>
+Specifies a <value>file</value> with passphrases for
+<link id="proxy_ssl_certificate_key">secret keys</link>
+where each passphrase is specified on a separate line.
+Passphrases are tried in turn when loading the key.
+</para>
+
+</directive>
+
+
+<directive name="proxy_ssl_server_name">
+<syntax><literal>on</literal> | <literal>off</literal></syntax>
+<default>off</default>
+<context>stream</context>
+<context>server</context>
+<appeared-in>1.7.10</appeared-in>
+
+<para>
+Enables or disables passing of the server name through
+<link url="http://en.wikipedia.org/wiki/Server_Name_Indication">TLS
+Server Name Indication extension</link> (SNI, RFC 6066)
+when establishing a connection with the proxied server.
+</para>
+
+</directive>
+
+
+<directive name="proxy_ssl_session_reuse">
+<syntax><literal>on</literal> | <literal>off</literal></syntax>
+<default>on</default>
+<context>stream</context>
+<context>server</context>
+<appeared-in>1.7.10</appeared-in>
+
+<para>
+Determines whether SSL sessions can be reused when working with
+the proxied server.
+If the errors
+“<literal>SSL3_GET_FINISHED:digest check failed</literal>”
+appear in the logs, try disabling session reuse.
+</para>
+
+</directive>
+
+
+<directive name="proxy_ssl_protocols">
+<syntax>
+    [<literal>SSLv2</literal>]
+    [<literal>SSLv3</literal>]
+    [<literal>TLSv1</literal>]
+    [<literal>TLSv1.1</literal>]
+    [<literal>TLSv1.2</literal>]</syntax>
+<default>SSLv3 TLSv1 TLSv1.1 TLSv1.2</default>
+<context>stream</context>
+<context>server</context>
+<appeared-in>1.7.10</appeared-in>
+
+<para>
+Enables the specified protocols for connections to a proxied server.
+</para>
+
+</directive>
+
+
+<directive name="proxy_ssl_trusted_certificate">
+<syntax><value>file</value></syntax>
+<default/>
+<context>stream</context>
+<context>server</context>
+<appeared-in>1.7.10</appeared-in>
+
+<para>
+Specifies a <value>file</value> with trusted CA certificates in the PEM format
+used to <link id="proxy_ssl_verify">verify</link>
+the certificate of the proxied server.
+</para>
+
+</directive>
+
+
+<directive name="proxy_ssl_verify">
+<syntax><literal>on</literal> | <literal>off</literal></syntax>
+<default>off</default>
+<context>stream</context>
+<context>server</context>
+<appeared-in>1.7.10</appeared-in>
+
+<para>
+Enables or disables verification of the proxied server certificate.
+</para>
+
+</directive>
+
+
+<directive name="proxy_ssl_verify_depth">
+<syntax><value>number</value></syntax>
+<default>1</default>
+<context>stream</context>
+<context>server</context>
+<appeared-in>1.7.10</appeared-in>
+
+<para>
+Sets the verification depth in the proxied server certificates chain.
+</para>
+
+</directive>
+
+
 <directive name="proxy_timeout">
 <syntax><value>timeout</value></syntax>
 <default>10m</default>