Mercurial > hg > nginx-site
diff xml/en/docs/stream/ngx_stream_proxy_module.xml @ 1450:f5b5eefc43cb
Updated commercial docs for the upcoming release.
author | Ruslan Ermilov <ru@nginx.com> |
---|---|
date | Thu, 09 Apr 2015 19:18:54 +0300 |
parents | 50c72ad994b3 |
children | e69e4dbcc760 |
line wrap: on
line diff
--- a/xml/en/docs/stream/ngx_stream_proxy_module.xml Wed Apr 08 13:56:52 2015 +0300 +++ b/xml/en/docs/stream/ngx_stream_proxy_module.xml Thu Apr 09 19:18:54 2015 +0300 @@ -9,7 +9,7 @@ <module name="Module ngx_stream_proxy_module" link="/en/docs/stream/ngx_stream_proxy_module.html" lang="en" - rev="2"> + rev="3"> <section id="summary"> @@ -83,6 +83,59 @@ </directive> +<directive name="proxy_next_upstream"> +<syntax><literal>on</literal> | <literal>off</literal></syntax> +<default>on</default> +<context>stream</context> +<context>server</context> +<appeared-in>1.7.10</appeared-in> + +<para> +When a connection to the proxied server cannot be established, determines +whether a client connection will be passed to the next server. +</para> + +<para> +Passing a connection to the next server can be limited by +<link id="proxy_next_upstream_tries">the number of tries</link> +and by <link id="proxy_next_upstream_timeout">time</link>. +</para> + +</directive> + + +<directive name="proxy_next_upstream_timeout"> +<syntax><value>time</value></syntax> +<default>0</default> +<context>stream</context> +<context>server</context> +<appeared-in>1.7.10</appeared-in> + +<para> +Limits the time allowed to pass a connection to the +<link id="proxy_next_upstream">next server</link>. +The <literal>0</literal> value turns off this limitation. +</para> + +</directive> + + +<directive name="proxy_next_upstream_tries"> +<syntax><value>number</value></syntax> +<default>0</default> +<context>stream</context> +<context>server</context> +<appeared-in>1.7.10</appeared-in> + +<para> +Limits the number of possible tries for passing a connection to the +<link id="proxy_next_upstream">next server</link>. +The <literal>0</literal> value turns off this limitation. +</para> + +</directive> + + <directive name="proxy_pass"> <syntax><value>address</value></syntax> <default/> @@ -111,6 +164,223 @@ </directive> +<directive name="proxy_ssl"> +<syntax><literal>on</literal> | <literal>off</literal></syntax> +<default>off</default> +<context>stream</context> +<context>server</context> +<appeared-in>1.7.10</appeared-in> + +<para> +Enables the SSL/TLS protocol for connections to a proxied server. +</para> + +</directive> + + +<directive name="proxy_ssl_certificate"> +<syntax><value>file</value></syntax> +<default/> +<context>stream</context> +<context>server</context> +<appeared-in>1.7.10</appeared-in> + +<para> +Specifies a <value>file</value> with the certificate in the PEM format +used for authentication to a proxied server. +</para> + +</directive> + + +<directive name="proxy_ssl_certificate_key"> +<syntax><value>file</value></syntax> +<default/> +<context>stream</context> +<context>server</context> +<appeared-in>1.7.10</appeared-in> + +<para> +Specifies a <value>file</value> with the secret key in the PEM format +used for authentication to a proxied server. +</para> + +</directive> + + +<directive name="proxy_ssl_ciphers"> +<syntax><value>ciphers</value></syntax> +<default>DEFAULT</default> +<context>stream</context> +<context>server</context> +<appeared-in>1.7.10</appeared-in> + +<para> +Specifies the enabled ciphers for connections to a proxied server. +The ciphers are specified in the format understood by the OpenSSL library. +</para> + +<para> +The full list can be viewed using the +“<command>openssl ciphers</command>” command. +</para> + +</directive> + + +<directive name="proxy_ssl_crl"> +<syntax><value>file</value></syntax> +<default/> +<context>stream</context> +<context>server</context> +<appeared-in>1.7.10</appeared-in> + +<para> +Specifies a <value>file</value> with revoked certificates (CRL) +in the PEM format used to <link id="proxy_ssl_verify">verify</link> +the certificate of the proxied server. +</para> + +</directive> + + +<directive name="proxy_ssl_name"> +<syntax><value>name</value></syntax> +<default>host from proxy_pass</default> +<context>stream</context> +<context>server</context> +<appeared-in>1.7.10</appeared-in> + +<para> +Allows to override the server name used to +<link id="proxy_ssl_verify">verify</link> +the certificate of the proxied server and to be +<link id="proxy_ssl_server_name">passed through SNI</link> +when establishing a connection with the proxied server. +</para> + +<para> +By default, the host part of the <link id="proxy_pass"/> address is used. +</para> + +</directive> + + +<directive name="proxy_ssl_password_file"> +<syntax><value>file</value></syntax> +<default/> +<context>stream</context> +<context>server</context> +<appeared-in>1.7.10</appeared-in> + +<para> +Specifies a <value>file</value> with passphrases for +<link id="proxy_ssl_certificate_key">secret keys</link> +where each passphrase is specified on a separate line. +Passphrases are tried in turn when loading the key. +</para> + +</directive> + + +<directive name="proxy_ssl_server_name"> +<syntax><literal>on</literal> | <literal>off</literal></syntax> +<default>off</default> +<context>stream</context> +<context>server</context> +<appeared-in>1.7.10</appeared-in> + +<para> +Enables or disables passing of the server name through +<link url="http://en.wikipedia.org/wiki/Server_Name_Indication">TLS +Server Name Indication extension</link> (SNI, RFC 6066) +when establishing a connection with the proxied server. +</para> + +</directive> + + +<directive name="proxy_ssl_session_reuse"> +<syntax><literal>on</literal> | <literal>off</literal></syntax> +<default>on</default> +<context>stream</context> +<context>server</context> +<appeared-in>1.7.10</appeared-in> + +<para> +Determines whether SSL sessions can be reused when working with +the proxied server. +If the errors +“<literal>SSL3_GET_FINISHED:digest check failed</literal>” +appear in the logs, try disabling session reuse. +</para> + +</directive> + + +<directive name="proxy_ssl_protocols"> +<syntax> + [<literal>SSLv2</literal>] + [<literal>SSLv3</literal>] + [<literal>TLSv1</literal>] + [<literal>TLSv1.1</literal>] + [<literal>TLSv1.2</literal>]</syntax> +<default>SSLv3 TLSv1 TLSv1.1 TLSv1.2</default> +<context>stream</context> +<context>server</context> +<appeared-in>1.7.10</appeared-in> + +<para> +Enables the specified protocols for connections to a proxied server. +</para> + +</directive> + + +<directive name="proxy_ssl_trusted_certificate"> +<syntax><value>file</value></syntax> +<default/> +<context>stream</context> +<context>server</context> +<appeared-in>1.7.10</appeared-in> + +<para> +Specifies a <value>file</value> with trusted CA certificates in the PEM format +used to <link id="proxy_ssl_verify">verify</link> +the certificate of the proxied server. +</para> + +</directive> + + +<directive name="proxy_ssl_verify"> +<syntax><literal>on</literal> | <literal>off</literal></syntax> +<default>off</default> +<context>stream</context> +<context>server</context> +<appeared-in>1.7.10</appeared-in> + +<para> +Enables or disables verification of the proxied server certificate. +</para> + +</directive> + + +<directive name="proxy_ssl_verify_depth"> +<syntax><value>number</value></syntax> +<default>1</default> +<context>stream</context> +<context>server</context> +<appeared-in>1.7.10</appeared-in> + +<para> +Sets the verification depth in the proxied server certificates chain. +</para> + +</directive> + + <directive name="proxy_timeout"> <syntax><value>timeout</value></syntax> <default>10m</default>