Mercurial > hg > nginx-site
changeset 1192:b5268820c3f3
Documented "suwsgi" protocol support.
author | Ruslan Ermilov <ru@nginx.com> |
---|---|
date | Sat, 17 May 2014 01:55:12 +0400 |
parents | ea85ba147fe9 |
children | 0320929f8544 |
files | xml/en/docs/http/ngx_http_uwsgi_module.xml xml/ru/docs/http/ngx_http_uwsgi_module.xml |
diffstat | 2 files changed, 149 insertions(+), 6 deletions(-) [+] |
line wrap: on
line diff
--- a/xml/en/docs/http/ngx_http_uwsgi_module.xml Sat May 17 01:55:03 2014 +0400 +++ b/xml/en/docs/http/ngx_http_uwsgi_module.xml Sat May 17 01:55:12 2014 +0400 @@ -10,7 +10,7 @@ <module name="Module ngx_http_uwsgi_module" link="/en/docs/http/ngx_http_uwsgi_module.html" lang="en" - rev="1"> + rev="2"> <section id="summary"> @@ -814,17 +814,22 @@ <directive name="uwsgi_pass"> -<syntax><value>address</value></syntax> +<syntax>[<value>protocol</value>://]<value>address</value></syntax> <default/> <context>location</context> <context>if in location</context> <para> -Sets the address of a uwsgi server. +Sets the protocol and address of a uwsgi server. +As a <value>protocol</value>, +“<literal>uwsgi</literal>” or “<literal>suwsgi</literal>” +(secured uwsgi, uwsgi over SSL) can be specified. The address can be specified as a domain name or IP address, and an optional port: <example> uwsgi_pass localhost:9000; +uwsgi_pass uwsgi://localhost:9000; +uwsgi_pass suwsgi://[2001:db8::1]:9090; </example> or as a UNIX-domain socket path: <example> @@ -839,6 +844,12 @@ <link doc="ngx_http_upstream_module.xml">server group</link>. </para> +<para> +<note> +Secured uwsgi protocol is supported since version 1.5.8. +</note> +</para> + </directive> @@ -925,6 +936,66 @@ </directive> +<directive name="uwsgi_ssl_ciphers"> +<syntax><value>ciphers</value></syntax> +<default>DEFAULT</default> +<context>http</context> +<context>server</context> +<context>location</context> +<appeared-in>1.5.8</appeared-in> + +<para> +Specifies the enabled ciphers for requests to a secured uwsgi server. +The ciphers are specified in the format understood by the OpenSSL library. +</para> + +<para> +The full list can be viewed using the +“<command>openssl ciphers</command>” command. +</para> + +</directive> + + +<directive name="uwsgi_ssl_protocols"> +<syntax> + [<literal>SSLv2</literal>] + [<literal>SSLv3</literal>] + [<literal>TLSv1</literal>] + [<literal>TLSv1.1</literal>] + [<literal>TLSv1.2</literal>]</syntax> +<default>SSLv3 TLSv1 TLSv1.1 TLSv1.2</default> +<context>http</context> +<context>server</context> +<context>location</context> +<appeared-in>1.5.8</appeared-in> + +<para> +Enables the specified protocols for requests to a secured uwsgi server. +</para> + +</directive> + + +<directive name="uwsgi_ssl_session_reuse"> +<syntax><literal>on</literal> | <literal>off</literal></syntax> +<default>on</default> +<context>http</context> +<context>server</context> +<context>location</context> +<appeared-in>1.5.8</appeared-in> + +<para> +Determines whether SSL sessions can be reused when working with +a secured uwsgi server. +If the errors +“<literal>SSL3_GET_FINISHED:digest check failed</literal>” +appear in the logs, try disabling session reuse. +</para> + +</directive> + + <directive name="uwsgi_store"> <syntax> <literal>on</literal> |
--- a/xml/ru/docs/http/ngx_http_uwsgi_module.xml Sat May 17 01:55:03 2014 +0400 +++ b/xml/ru/docs/http/ngx_http_uwsgi_module.xml Sat May 17 01:55:12 2014 +0400 @@ -10,7 +10,7 @@ <module name="Модуль ngx_http_uwsgi_module" link="/ru/docs/http/ngx_http_uwsgi_module.html" lang="ru" - rev="1"> + rev="2"> <section id="summary"> @@ -807,16 +807,21 @@ <directive name="uwsgi_pass"> -<syntax><value>адрес</value></syntax> +<syntax>[<value>протокол</value>://]<value>адрес</value></syntax> <default/> <context>location</context> <context>if в location</context> <para> -Задаёт адрес uwsgi-сервера. +Задаёт протокол и адрес uwsgi-сервера. +В качестве протокола можно указать +“<literal>uwsgi</literal>” или “<literal>suwsgi</literal>” +(secured uwsgi, uwsgi через SSL). Адрес может быть указан в виде доменного имени или адреса, и порта, например, <example> uwsgi_pass localhost:9000; +uwsgi_pass uwsgi://localhost:9000; +uwsgi_pass suwsgi://[2001:db8::1]:9090; </example> или в виде пути UNIX-сокета: <example> @@ -831,6 +836,12 @@ <link doc="ngx_http_upstream_module.xml">группой серверов</link>. </para> +<para> +<note> +Протокол secured uwsgi поддерживается начиная с версии 1.5.8. +</note> +</para> + </directive> @@ -917,6 +928,67 @@ </directive> +<directive name="uwsgi_ssl_ciphers"> +<syntax><value>ciphers</value></syntax> +<default>DEFAULT</default> +<context>http</context> +<context>server</context> +<context>location</context> +<appeared-in>1.5.8</appeared-in> + +<para> +Описывает разрешённые шифры для запросов к suwsgi-серверу. +Шифры задаются в формате, поддерживаемом библиотекой OpenSSL. +</para> + +<para> +Полный список можно посмотреть с помощью команды +“<command>openssl ciphers</command>”. +</para> + +</directive> + + +<directive name="uwsgi_ssl_protocols"> +<syntax> + [<literal>SSLv2</literal>] + [<literal>SSLv3</literal>] + [<literal>TLSv1</literal>] + [<literal>TLSv1.1</literal>] + [<literal>TLSv1.2</literal>]</syntax> +<default>SSLv3 TLSv1 TLSv1.1 TLSv1.2</default> +<context>http</context> +<context>server</context> +<context>location</context> +<appeared-in>1.5.8</appeared-in> + +<para> +Разрешает указанные протоколы для запросов к suwsgi-серверу. +</para> + +</directive> + + +<directive name="uwsgi_ssl_session_reuse"> +<syntax><literal>on</literal> | <literal>off</literal></syntax> +<default>on</default> +<context>http</context> +<context>server</context> +<context>location</context> +<appeared-in>1.5.8</appeared-in> + +<para> +Определяет, использовать ли повторно SSL-сессии при +работе с suwsgi-сервером. +Если в логах появляются ошибки +“<literal>SSL3_GET_FINISHED:digest check failed</literal>”, +то можно попробовать выключить +повторное использование сессий. +</para> + +</directive> + + <directive name="uwsgi_store"> <syntax> <literal>on</literal> |