Mercurial > hg > nginx-site

changeset 1239:35cf5dca5fa4

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
SSL: added the ssl_password_file directive.
author Yaroslav Zhuravlev <yar@nginx.com>
date Fri, 27 Jun 2014 18:25:28 +0400
parents 763db729e6a4
children 019f8273ee24
files xml/en/docs/http/ngx_http_ssl_module.xml xml/ru/docs/http/ngx_http_ssl_module.xml
diffstat 2 files changed, 82 insertions(+), 2 deletions(-) [+]
line wrap: on
line diff
--- a/xml/en/docs/http/ngx_http_ssl_module.xml
+++ b/xml/en/docs/http/ngx_http_ssl_module.xml
@@ -10,7 +10,7 @@
 <module name="Module ngx_http_ssl_module"
         link="/en/docs/http/ngx_http_ssl_module.html"
         lang="en"
-        rev="15">
+        rev="16">
 
 <section id="summary">
 
@@ -283,6 +283,46 @@ Specifies a <value>curve</value> for ECD
 </directive>
 
 
+<directive name="ssl_password_file">
+<syntax><value>file</value></syntax>
+<default/>
+<context>http</context>
+<context>server</context>
+<appeared-in>1.7.3</appeared-in>
+
+<para>
+Specifies a <value>file</value> with passphrases for
+<link id="ssl_certificate_key">secret keys</link>
+where each passphrase is specified on a separate line.
+Passphrases are tried in turn when loading the key.
+</para>
+
+<para>
+Example:
+<example>
+http {
+    ssl_password_file /etc/keys/global.pass;
+    ...
+
+    server {
+        server_name www1.example.com;
+        ssl_certificate_key /etc/keys/first.key;
+    }
+
+    server {
+        server_name www2.example.com;
+
+        # named pipe can also be used instead of a file
+        ssl_password_file /etc/keys/fifo;
+        ssl_certificate_key /etc/keys/second.key;
+    }
+}
+</example>
+</para>
+
+</directive>
+
+
 <directive name="ssl_prefer_server_ciphers">
 <syntax><literal>on</literal> | <literal>off</literal></syntax>
 <default>off</default>
--- a/xml/ru/docs/http/ngx_http_ssl_module.xml
+++ b/xml/ru/docs/http/ngx_http_ssl_module.xml
@@ -10,7 +10,7 @@
 <module name="Модуль ngx_http_ssl_module"
         link="/ru/docs/http/ngx_http_ssl_module.html"
         lang="ru"
-        rev="15">
+        rev="16">
 
 <section id="summary">
 
@@ -282,6 +282,46 @@ PEM, которые используются для проверки клиентских сертификатов и
 </directive>
 
 
+<directive name="ssl_password_file">
+<syntax><value>файл</value></syntax>
+<default/>
+<context>http</context>
+<context>server</context>
+<appeared-in>1.7.3</appeared-in>
+
+<para>
+Задаёт <value>файл</value> с паролями от
+<link id="ssl_certificate_key">секретных ключей</link>,
+где каждый пароль указан на отдельной строке.
+Пароли применяются по очереди в момент загрузки ключа.
+</para>
+
+<para>
+Пример:
+<example>
+http {
+    ssl_password_file /etc/keys/global.pass;
+    ...
+
+    server {
+        server_name www1.example.com;
+        ssl_certificate_key /etc/keys/first.key;
+    }
+
+    server {
+        server_name www2.example.com;
+
+        # вместо файла можно указать именованный канал
+        ssl_password_file /etc/keys/fifo;
+        ssl_certificate_key /etc/keys/second.key;
+    }
+}
+</example>
+</para>
+
+</directive>
+
+
 <directive name="ssl_prefer_server_ciphers">
 <syntax><literal>on</literal> | <literal>off</literal></syntax>
 <default>off</default>