Mercurial > hg > nginx-site
changeset 1239:35cf5dca5fa4
SSL: added the ssl_password_file directive.
author | Yaroslav Zhuravlev <yar@nginx.com> |
---|---|
date | Fri, 27 Jun 2014 18:25:28 +0400 |
parents | 763db729e6a4 |
children | 019f8273ee24 |
files | xml/en/docs/http/ngx_http_ssl_module.xml xml/ru/docs/http/ngx_http_ssl_module.xml |
diffstat | 2 files changed, 82 insertions(+), 2 deletions(-) [+] |
line wrap: on
line diff
--- a/xml/en/docs/http/ngx_http_ssl_module.xml Tue Jun 24 16:44:56 2014 +0400 +++ b/xml/en/docs/http/ngx_http_ssl_module.xml Fri Jun 27 18:25:28 2014 +0400 @@ -10,7 +10,7 @@ <module name="Module ngx_http_ssl_module" link="/en/docs/http/ngx_http_ssl_module.html" lang="en" - rev="15"> + rev="16"> <section id="summary"> @@ -283,6 +283,46 @@ </directive> +<directive name="ssl_password_file"> +<syntax><value>file</value></syntax> +<default/> +<context>http</context> +<context>server</context> +<appeared-in>1.7.3</appeared-in> + +<para> +Specifies a <value>file</value> with passphrases for +<link id="ssl_certificate_key">secret keys</link> +where each passphrase is specified on a separate line. +Passphrases are tried in turn when loading the key. +</para> + +<para> +Example: +<example> +http { + ssl_password_file /etc/keys/global.pass; + ... + + server { + server_name www1.example.com; + ssl_certificate_key /etc/keys/first.key; + } + + server { + server_name www2.example.com; + + # named pipe can also be used instead of a file + ssl_password_file /etc/keys/fifo; + ssl_certificate_key /etc/keys/second.key; + } +} +</example> +</para> + +</directive> + + <directive name="ssl_prefer_server_ciphers"> <syntax><literal>on</literal> | <literal>off</literal></syntax> <default>off</default>
--- a/xml/ru/docs/http/ngx_http_ssl_module.xml Tue Jun 24 16:44:56 2014 +0400 +++ b/xml/ru/docs/http/ngx_http_ssl_module.xml Fri Jun 27 18:25:28 2014 +0400 @@ -10,7 +10,7 @@ <module name="Модуль ngx_http_ssl_module" link="/ru/docs/http/ngx_http_ssl_module.html" lang="ru" - rev="15"> + rev="16"> <section id="summary"> @@ -282,6 +282,46 @@ </directive> +<directive name="ssl_password_file"> +<syntax><value>файл</value></syntax> +<default/> +<context>http</context> +<context>server</context> +<appeared-in>1.7.3</appeared-in> + +<para> +Задаёт <value>файл</value> с паролями от +<link id="ssl_certificate_key">секретных ключей</link>, +где каждый пароль указан на отдельной строке. +Пароли применяются по очереди в момент загрузки ключа. +</para> + +<para> +Пример: +<example> +http { + ssl_password_file /etc/keys/global.pass; + ... + + server { + server_name www1.example.com; + ssl_certificate_key /etc/keys/first.key; + } + + server { + server_name www2.example.com; + + # вместо файла можно указать именованный канал + ssl_password_file /etc/keys/fifo; + ssl_certificate_key /etc/keys/second.key; + } +} +</example> +</para> + +</directive> + + <directive name="ssl_prefer_server_ciphers"> <syntax><literal>on</literal> | <literal>off</literal></syntax> <default>off</default>