Mercurial > hg > nginx-site
changeset 1166:1d299c6f7c49
The new directives "proxy_ssl_verify" and "proxy_ssl_server_name".
The following supporting directives are also documented: "proxy_ssl_name",
"proxy_ssl_trusted_certificate", "proxy_ssl_crl", and "proxy_ssl_verify_depth".
| author | Ruslan Ermilov <ru@nginx.com> |
|---|---|
| date | Thu, 24 Apr 2014 09:10:31 +0400 |
| parents | 0a441212ef0f |
| children | cac06b81957c |
| files | xml/en/docs/http/ngx_http_proxy_module.xml xml/ru/docs/http/ngx_http_proxy_module.xml |
| diffstat | 2 files changed, 214 insertions(+), 2 deletions(-) [+] |
line wrap: on
line diff
--- a/xml/en/docs/http/ngx_http_proxy_module.xml Thu Apr 24 09:57:09 2014 +0000 +++ b/xml/en/docs/http/ngx_http_proxy_module.xml Thu Apr 24 09:10:31 2014 +0400 @@ -10,7 +10,7 @@ <module name="Module ngx_http_proxy_module" link="/en/docs/http/ngx_http_proxy_module.html" lang="en" - rev="18"> + rev="19"> <section id="summary"> @@ -1452,6 +1452,64 @@ </directive> +<directive name="proxy_ssl_crl"> +<syntax><value>file</value></syntax> +<default/> +<context>http</context> +<context>server</context> +<context>location</context> +<appeared-in>1.7.0</appeared-in> + +<para> +Specifies a <value>file</value> with revoked certificates (CRL) +in the PEM format used to <link id="proxy_ssl_verify">verify</link> +the certificate of the proxied HTTPS server. +</para> + +</directive> + + +<directive name="proxy_ssl_name"> +<syntax><value>name</value></syntax> +<default>$proxy_host</default> +<context>http</context> +<context>server</context> +<context>location</context> +<appeared-in>1.7.0</appeared-in> + +<para> +Allows to override the server name used to +<link id="proxy_ssl_verify">verify</link> +the certificate of the proxied HTTPS server and to be +<link id="proxy_ssl_server_name">passed through SNI</link> +when establishing a connection with the proxied HTTPS server. +</para> + +<para> +By default, the host part of the <link id="proxy_pass"/> URL is used. +</para> + +</directive> + + +<directive name="proxy_ssl_server_name"> +<syntax><literal>on</literal> | <literal>off</literal></syntax> +<default>off</default> +<context>http</context> +<context>server</context> +<context>location</context> +<appeared-in>1.7.0</appeared-in> + +<para> +Enables or disables passing of the server name through +<link url="http://en.wikipedia.org/wiki/Server_Name_Indication">TLS +Server Name Indication extension</link> (SNI, RFC 6066) +when establishing a connection with the proxied HTTPS server. +</para> + +</directive> + + <directive name="proxy_ssl_session_reuse"> <syntax><literal>on</literal> | <literal>off</literal></syntax> <default>on</default> @@ -1490,6 +1548,53 @@ </directive> +<directive name="proxy_ssl_trusted_certificate"> +<syntax><value>file</value></syntax> +<default/> +<context>http</context> +<context>server</context> +<context>location</context> +<appeared-in>1.7.0</appeared-in> + +<para> +Specifies a <value>file</value> with trusted CA certificates in the PEM format +used to <link id="proxy_ssl_verify">verify</link> +the certificate of the proxied HTTPS server. +</para> + +</directive> + + +<directive name="proxy_ssl_verify"> +<syntax><literal>on</literal> | <literal>off</literal></syntax> +<default>off</default> +<context>http</context> +<context>server</context> +<context>location</context> +<appeared-in>1.7.0</appeared-in> + +<para> +Enables or disables verification of the proxied HTTPS server certificate. +</para> + +</directive> + + +<directive name="proxy_ssl_verify_depth"> +<syntax><value>number</value></syntax> +<default>1</default> +<context>http</context> +<context>server</context> +<context>location</context> +<appeared-in>1.7.0</appeared-in> + +<para> +Sets the verification depth in the proxied HTTPS server certificates chain. +</para> + +</directive> + + <directive name="proxy_store"> <syntax> <literal>on</literal> |
--- a/xml/ru/docs/http/ngx_http_proxy_module.xml Thu Apr 24 09:57:09 2014 +0000 +++ b/xml/ru/docs/http/ngx_http_proxy_module.xml Thu Apr 24 09:10:31 2014 +0400 @@ -10,7 +10,7 @@ <module name="Модуль ngx_http_proxy_module" link="/ru/docs/http/ngx_http_proxy_module.html" lang="ru" - rev="18"> + rev="19"> <section id="summary"> @@ -1446,6 +1446,65 @@ </directive> +<directive name="proxy_ssl_crl"> +<syntax><value>файл</value></syntax> +<default/> +<context>http</context> +<context>server</context> +<context>location</context> +<appeared-in>1.7.0</appeared-in> + +<para> +Указывает <value>файл</value> с отозванными сертификатами (CRL) +в формате PEM, используемыми при <link id="proxy_ssl_verify">проверке</link> +сертификата проксируемого HTTPS-сервера. +</para> + +</directive> + + +<directive name="proxy_ssl_name"> +<syntax><value>имя</value></syntax> +<default>$proxy_host</default> +<context>http</context> +<context>server</context> +<context>location</context> +<appeared-in>1.7.0</appeared-in> + +<para> +Позволяет переопределить имя сервера, используемое при +<link id="proxy_ssl_verify">проверке</link> +сертификата проксируемого HTTPS-сервера, а также для +<link id="proxy_ssl_server_name">передачи его через SNI</link> +при установлении соединения с проксируемым HTTPS-сервером. +</para> + +<para> +По умолчанию используется имя хоста из URL’а, заданного +директивой <link id="proxy_pass"/>. +</para> + +</directive> + + +<directive name="proxy_ssl_server_name"> +<syntax><literal>on</literal> | <literal>off</literal></syntax> +<default>off</default> +<context>http</context> +<context>server</context> +<context>location</context> +<appeared-in>1.7.0</appeared-in> + +<para> +Разрешает или запрещает передачу имени сервера через +<link url="http://en.wikipedia.org/wiki/Server_Name_Indication">расширение +Server Name Indication протокола TLS</link> (SNI, RFC 6066) +при установлении соединения с проксируемым HTTPS-сервером. +</para> + +</directive> + + <directive name="proxy_ssl_session_reuse"> <syntax><literal>on</literal> | <literal>off</literal></syntax> <default>on</default> @@ -1485,6 +1544,54 @@ </directive> +<directive name="proxy_ssl_trusted_certificate"> +<syntax><value>файл</value></syntax> +<default/> +<context>http</context> +<context>server</context> +<context>location</context> +<appeared-in>1.7.0</appeared-in> + +<para> +Задаёт <value>файл</value> с доверенными сертификатами CA в формате PEM, +используемыми при <link id="proxy_ssl_verify">проверке</link> +сертификата проксируемого HTTPS-сервера. +</para> + +</directive> + + +<directive name="proxy_ssl_verify"> +<syntax><literal>on</literal> | <literal>off</literal></syntax> +<default>off</default> +<context>http</context> +<context>server</context> +<context>location</context> +<appeared-in>1.7.0</appeared-in> + +<para> +Разрешает или запрещает проверку сертификата проксируемого HTTPS-сервера. +</para> + +</directive> + + +<directive name="proxy_ssl_verify_depth"> +<syntax><value>число</value></syntax> +<default>1</default> +<context>http</context> +<context>server</context> +<context>location</context> +<appeared-in>1.7.0</appeared-in> + +<para> +Устанавливает глубину проверки в цепочке сертификатов +проксируемого HTTPS-сервера. +</para> + +</directive> + + <directive name="proxy_store"> <syntax> <literal>on</literal> |