Mercurial > hg > nginx-site
changeset 2914:3a2d342533fb
Updated docs for the upcoming NGINX Plus release.
| author | Yaroslav Zhuravlev <yar@nginx.com> |
|---|---|
| date | Mon, 28 Nov 2022 17:42:29 +0000 |
| parents | a20b51e84c32 |
| children | 923977f02d39 |
| files | xml/en/GNUmakefile xml/en/docs/http/ngx_http_api_module.xml xml/en/docs/http/ngx_http_upstream_module.xml xml/en/docs/index.xml xml/en/docs/stream/ngx_stream_upstream_module.xml xml/ru/GNUmakefile xml/ru/docs/http/ngx_http_upstream_module.xml xml/ru/docs/index.xml xml/ru/docs/stream/ngx_stream_upstream_module.xml yaml/nginx_api.yaml |
| diffstat | 10 files changed, 666 insertions(+), 23 deletions(-) [+] |
line wrap: on
line diff
--- a/xml/en/GNUmakefile +++ b/xml/en/GNUmakefile @@ -72,6 +72,7 @@ REFS = \ http/ngx_http_mp4_module \ http/ngx_http_perl_module \ http/ngx_http_proxy_module \ + http/ngx_http_proxy_protocol_vendor_module \ http/ngx_http_random_index_module \ http/ngx_http_realip_module \ http/ngx_http_referer_module \ @@ -112,6 +113,7 @@ REFS = \ stream/ngx_stream_log_module \ stream/ngx_stream_map_module \ stream/ngx_stream_proxy_module \ + stream/ngx_stream_proxy_protocol_vendor_module \ stream/ngx_stream_realip_module \ stream/ngx_stream_return_module \ stream/ngx_stream_set_module \
--- a/xml/en/docs/http/ngx_http_api_module.xml +++ b/xml/en/docs/http/ngx_http_api_module.xml @@ -2151,18 +2151,89 @@ The total number of failed SSL handshake <tag-desc> The total number of session reuses during SSL handshake. </tag-desc> +<tag-name> +<literal>no_common_protocol</literal> (<literal>integer</literal>) +</tag-name> +<tag-desc> +The number of SSL handshakes failed because of no common protocol. +</tag-desc> +<tag-name> +<literal>no_common_cipher</literal> (<literal>integer</literal>) +</tag-name> +<tag-desc> +The number of SSL handshakes failed because of no shared cipher. +</tag-desc> +<tag-name> +<literal>handshake_timeout</literal> (<literal>integer</literal>) +</tag-name> +<tag-desc> +The number of SSL handshakes failed because of a timeout. +</tag-desc> +<tag-name> +<literal>peer_rejected_cert</literal> (<literal>integer</literal>) +</tag-name> +<tag-desc> +The number of failed SSL handshakes when nginx presented the certificate to the client but it was rejected with a corresponding alert message. +</tag-desc> +<tag-name> +<literal>verify_failures</literal></tag-name> +<tag-desc> +SSL certificate verification errors<list type="tag"> +<tag-name> +<literal>no_cert</literal> (<literal>integer</literal>) +</tag-name> +<tag-desc> +A client did not provide the required certificate. +</tag-desc> +<tag-name> +<literal>expired_cert</literal> (<literal>integer</literal>) +</tag-name> +<tag-desc> +An expired or not yet valid certificate was presented by a client. +</tag-desc> +<tag-name> +<literal>revoked_cert</literal> (<literal>integer</literal>) +</tag-name> +<tag-desc> +A revoked certificate was presented by a client. +</tag-desc> +<tag-name> +<literal>hostname_mismatch</literal> (<literal>integer</literal>) +</tag-name> +<tag-desc> +Server's certificate doesn't match the hostname. +</tag-desc> +<tag-name> +<literal>other</literal> (<literal>integer</literal>) +</tag-name> +<tag-desc> +Other SSL certificate verification errors. +</tag-desc> +</list> +</tag-desc> </list> <para>Example:</para> <example> { "handshakes" : 79572, "handshakes_failed" : 21025, - "session_reuses" : 15762 + "session_reuses" : 15762, + "no_common_protocol" : 4, + "no_common_cipher" : 2, + "handshake_timeout" : 0, + "peer_rejected_cert" : 0, + "verify_failures" : { + "no_cert" : 0, + "expired_cert" : 2, + "revoked_cert" : 1, + "hostname_mismatch" : 2, + "other" : 1 + } }</example> </listitem> <listitem id="def_nginx_slab_zone"> <para>Shared memory zone with slab allocator:</para> -<list type="tag"> +Shared memory zone with slab allocator<list type="tag"> <tag-name> <literal>pages</literal></tag-name> <tag-desc> @@ -2395,6 +2466,60 @@ The total number of failed SSL handshake <tag-desc> The total number of session reuses during SSL handshake. </tag-desc> +<tag-name> +<literal>no_common_protocol</literal> (<literal>integer</literal>) +</tag-name> +<tag-desc> +The number of SSL handshakes failed because of no common protocol. +</tag-desc> +<tag-name> +<literal>no_common_cipher</literal> (<literal>integer</literal>) +</tag-name> +<tag-desc> +The number of SSL handshakes failed because of no shared cipher. +</tag-desc> +<tag-name> +<literal>handshake_timeout</literal> (<literal>integer</literal>) +</tag-name> +<tag-desc> +The number of SSL handshakes failed because of a timeout. +</tag-desc> +<tag-name> +<literal>peer_rejected_cert</literal> (<literal>integer</literal>) +</tag-name> +<tag-desc> +The number of failed SSL handshakes when nginx presented the certificate to the client but it was rejected with a corresponding alert message. +</tag-desc> +<tag-name> +<literal>verify_failures</literal></tag-name> +<tag-desc> +SSL certificate verification errors<list type="tag"> +<tag-name> +<literal>no_cert</literal> (<literal>integer</literal>) +</tag-name> +<tag-desc> +A client did not provide the required certificate. +</tag-desc> +<tag-name> +<literal>expired_cert</literal> (<literal>integer</literal>) +</tag-name> +<tag-desc> +An expired or not yet valid certificate was presented by a client. +</tag-desc> +<tag-name> +<literal>revoked_cert</literal> (<literal>integer</literal>) +</tag-name> +<tag-desc> +A revoked certificate was presented by a client. +</tag-desc> +<tag-name> +<literal>other</literal> (<literal>integer</literal>) +</tag-name> +<tag-desc> +Other SSL certificate verification errors. +</tag-desc> +</list> +</tag-desc> </list> </tag-desc> </list> @@ -2423,7 +2548,17 @@ The total number of session reuses durin "ssl" : { "handshakes" : 104303, "handshakes_failed" : 1421, - "session_reuses" : 54645 + "session_reuses" : 54645, + "no_common_protocol" : 4, + "no_common_cipher" : 2, + "handshake_timeout" : 0, + "peer_rejected_cert" : 0, + "verify_failures" : { + "no_cert" : 0, + "expired_cert" : 2, + "revoked_cert" : 1, + "other" : 1 + } } }</example> </listitem> @@ -2907,6 +3042,54 @@ The total number of failed SSL handshake <tag-desc> The total number of session reuses during SSL handshake. </tag-desc> +<tag-name> +<literal>no_common_protocol</literal> (<literal>integer</literal>) +</tag-name> +<tag-desc> +The number of SSL handshakes failed because of no common protocol. +</tag-desc> +<tag-name> +<literal>handshake_timeout</literal> (<literal>integer</literal>) +</tag-name> +<tag-desc> +The number of SSL handshakes failed because of a timeout. +</tag-desc> +<tag-name> +<literal>peer_rejected_cert</literal> (<literal>integer</literal>) +</tag-name> +<tag-desc> +The number of failed SSL handshakes when nginx presented the certificate to the upstream server but it was rejected with a corresponding alert message. +</tag-desc> +<tag-name> +<literal>verify_failures</literal></tag-name> +<tag-desc> +SSL certificate verification errors<list type="tag"> +<tag-name> +<literal>expired_cert</literal> (<literal>integer</literal>) +</tag-name> +<tag-desc> +An expired or not yet valid certificate was presented by an upstream server. +</tag-desc> +<tag-name> +<literal>revoked_cert</literal> (<literal>integer</literal>) +</tag-name> +<tag-desc> +A revoked certificate was presented by an upstream server. +</tag-desc> +<tag-name> +<literal>hostname_mismatch</literal> (<literal>integer</literal>) +</tag-name> +<tag-desc> +Server's certificate doesn't match the hostname. +</tag-desc> +<tag-name> +<literal>other</literal> (<literal>integer</literal>) +</tag-name> +<tag-desc> +Other SSL certificate verification errors. +</tag-desc> +</list> +</tag-desc> </list> </tag-desc> <tag-name> @@ -3120,7 +3303,16 @@ The total number of requests rejected du "ssl" : { "handshakes" : 620311, "handshakes_failed" : 3432, - "session_reuses" : 36442 + "session_reuses" : 36442, + "no_common_protocol" : 4, + "handshake_timeout" : 0, + "peer_rejected_cert" : 0, + "verify_failures" : { + "expired_cert" : 2, + "revoked_cert" : 1, + "hostname_mismatch" : 2, + "other" : 1 + } }, "max_conns" : 20, "requests" : 667231, @@ -3408,6 +3600,60 @@ The total number of failed SSL handshake <tag-desc> The total number of session reuses during SSL handshake. </tag-desc> +<tag-name> +<literal>no_common_protocol</literal> (<literal>integer</literal>) +</tag-name> +<tag-desc> +The number of SSL handshakes failed because of no common protocol. +</tag-desc> +<tag-name> +<literal>no_common_cipher</literal> (<literal>integer</literal>) +</tag-name> +<tag-desc> +The number of SSL handshakes failed because of no shared cipher. +</tag-desc> +<tag-name> +<literal>handshake_timeout</literal> (<literal>integer</literal>) +</tag-name> +<tag-desc> +The number of SSL handshakes failed because of a timeout. +</tag-desc> +<tag-name> +<literal>peer_rejected_cert</literal> (<literal>integer</literal>) +</tag-name> +<tag-desc> +The number of failed SSL handshakes when nginx presented the certificate to the client but it was rejected with a corresponding alert message. +</tag-desc> +<tag-name> +<literal>verify_failures</literal></tag-name> +<tag-desc> +SSL certificate verification errors<list type="tag"> +<tag-name> +<literal>no_cert</literal> (<literal>integer</literal>) +</tag-name> +<tag-desc> +A client did not provide the required certificate. +</tag-desc> +<tag-name> +<literal>expired_cert</literal> (<literal>integer</literal>) +</tag-name> +<tag-desc> +An expired or not yet valid certificate was presented by a client. +</tag-desc> +<tag-name> +<literal>revoked_cert</literal> (<literal>integer</literal>) +</tag-name> +<tag-desc> +A revoked certificate was presented by a client. +</tag-desc> +<tag-name> +<literal>other</literal> (<literal>integer</literal>) +</tag-name> +<tag-desc> +Other SSL certificate verification errors. +</tag-desc> +</list> +</tag-desc> </list> </tag-desc> </list> @@ -3429,7 +3675,17 @@ The total number of session reuses durin "ssl" : { "handshakes" : 76455, "handshakes_failed" : 432, - "session_reuses" : 28770 + "session_reuses" : 28770, + "no_common_protocol" : 4, + "no_common_cipher" : 2, + "handshake_timeout" : 0, + "peer_rejected_cert" : 0, + "verify_failures" : { + "no_cert" : 0, + "expired_cert" : 2, + "revoked_cert" : 1, + "other" : 1 + } } } }</example> @@ -3541,6 +3797,54 @@ The total number of failed SSL handshake <tag-desc> The total number of session reuses during SSL handshake. </tag-desc> +<tag-name> +<literal>no_common_protocol</literal> (<literal>integer</literal>) +</tag-name> +<tag-desc> +The number of SSL handshakes failed because of no common protocol. +</tag-desc> +<tag-name> +<literal>handshake_timeout</literal> (<literal>integer</literal>) +</tag-name> +<tag-desc> +The number of SSL handshakes failed because of a timeout. +</tag-desc> +<tag-name> +<literal>peer_rejected_cert</literal> (<literal>integer</literal>) +</tag-name> +<tag-desc> +The number of failed SSL handshakes when nginx presented the certificate to the upstream server but it was rejected with a corresponding alert message. +</tag-desc> +<tag-name> +<literal>verify_failures</literal></tag-name> +<tag-desc> +SSL certificate verification errors<list type="tag"> +<tag-name> +<literal>expired_cert</literal> (<literal>integer</literal>) +</tag-name> +<tag-desc> +An expired or not yet valid certificate was presented by an upstream server. +</tag-desc> +<tag-name> +<literal>revoked_cert</literal> (<literal>integer</literal>) +</tag-name> +<tag-desc> +A revoked certificate was presented by an upstream server. +</tag-desc> +<tag-name> +<literal>hostname_mismatch</literal> (<literal>integer</literal>) +</tag-name> +<tag-desc> +Server's certificate doesn't match the hostname. +</tag-desc> +<tag-name> +<literal>other</literal> (<literal>integer</literal>) +</tag-name> +<tag-desc> +Other SSL certificate verification errors. +</tag-desc> +</list> +</tag-desc> </list> </tag-desc> <tag-name> @@ -3676,7 +3980,16 @@ The name of the shared memory <link url="https://nginx.org/en/docs/stream/ngx_stream_upstream_module.html#zone">zone</link> that keeps the group’s configuration and run-time state. "ssl" : { "handshakes" : 200, "handshakes_failed" : 4, - "session_reuses" : 189 + "session_reuses" : 189, + "no_common_protocol" : 4, + "handshake_timeout" : 0, + "peer_rejected_cert" : 0, + "verify_failures" : { + "expired_cert" : 2, + "revoked_cert" : 1, + "hostname_mismatch" : 2, + "other" : 1 + } }, "max_conns" : 50, "connections" : 667231,
--- a/xml/en/docs/http/ngx_http_upstream_module.xml +++ b/xml/en/docs/http/ngx_http_upstream_module.xml @@ -900,6 +900,7 @@ The <literal>least_time</literal> method <syntax> <value>address</value> ... [<literal>valid</literal>=<value>time</value>] + [<literal>ipv4</literal>=<literal>on</literal>|<literal>off</literal>] [<literal>ipv6</literal>=<literal>on</literal>|<literal>off</literal>] [<literal>status_zone</literal>=<value>zone</value>]</syntax> <default/> @@ -920,7 +921,8 @@ Name servers are queried in a round-robi <para id="resolver_ipv6"> By default, nginx will look up both IPv4 and IPv6 addresses while resolving. -If looking up of IPv6 addresses is not desired, +If looking up of IPv4 or IPv6 addresses is not desired, +the <literal>ipv4=off</literal> (1.23.1) or the <literal>ipv6=off</literal> parameter can be specified. </para> @@ -983,7 +985,7 @@ This directive is available as part of o [<literal>expires=</literal><value>time</value>] [<literal>domain=</literal><value>domain</value>] [<literal>httponly</literal>] - [<literal>samesite=</literal><literal>strict</literal>|<literal>lax</literal>|<literal>none</literal>] + [<literal>samesite=</literal><literal>strict</literal>|<literal>lax</literal>|<literal>none</literal>|<value>$variable</value>] [<literal>secure</literal>] [<literal>path=</literal><value>path</value>]</syntax> <syntax> @@ -1081,13 +1083,22 @@ Adds the <literal>HttpOnly</literal> att </tag-desc> <tag-name id="sticky_samesite"><literal>samesite=</literal><literal>strict</literal> | -<literal>lax</literal> | <literal>none</literal></tag-name> +<literal>lax</literal> | <literal>none</literal> | <value>$variable</value></tag-name> <tag-desc> -Adds the <literal>SameSite</literal> attribute to the cookie -with one of the following values (1.19.4): +Adds the <literal>SameSite</literal> (1.19.4) attribute to the cookie +with one of the following values: +<literal>Strict</literal>, +<literal>Lax</literal>, +<literal>None</literal>, or +using variables (1.23.3). +In the latter case, if the variable value is empty, +the <literal>SameSite</literal> attribute will not be added to the cookie, +if the value is resolved to <literal>Strict</literal>, <literal>Lax</literal>, or -<literal>None</literal>. +<literal>None</literal>, +the the corresponding value will be assigned, +otherwise the <literal>Strict</literal> value will be assigned. </tag-desc> <tag-name><literal>secure</literal></tag-name>
--- a/xml/en/docs/index.xml +++ b/xml/en/docs/index.xml @@ -380,6 +380,11 @@ ngx_http_proxy_module</link> </listitem> <listitem> +<link doc="http/ngx_http_proxy_protocol_vendor_module.xml"> +ngx_http_proxy_protocol_vendor_module</link> +</listitem> + +<listitem> <link doc="http/ngx_http_random_index_module.xml"> ngx_http_random_index_module</link> </listitem> @@ -592,6 +597,11 @@ ngx_stream_proxy_module</link> </listitem> <listitem> +<link doc="stream/ngx_stream_proxy_protocol_vendor_module.xml"> +ngx_stream_proxy_protocol_vendor_module</link> +</listitem> + +<listitem> <link doc="stream/ngx_stream_realip_module.xml"> ngx_stream_realip_module</link> </listitem>
--- a/xml/en/docs/stream/ngx_stream_upstream_module.xml +++ b/xml/en/docs/stream/ngx_stream_upstream_module.xml @@ -543,6 +543,7 @@ The <literal>least_time</literal> method <syntax> <value>address</value> ... [<literal>valid</literal>=<value>time</value>] + [<literal>ipv4</literal>=<literal>on</literal>|<literal>off</literal>] [<literal>ipv6</literal>=<literal>on</literal>|<literal>off</literal>] [<literal>status_zone</literal>=<value>zone</value>]</syntax> <default/> @@ -563,7 +564,8 @@ Name servers are queried in a round-robi <para id="resolver_ipv6"> By default, nginx will look up both IPv4 and IPv6 addresses while resolving. -If looking up of IPv6 addresses is not desired, +If looking up of IPv4 or IPv6 addresses is not desired, +the <literal>ipv4=off</literal> (1.23.1) or the <literal>ipv6=off</literal> parameter can be specified. </para>
--- a/xml/ru/GNUmakefile +++ b/xml/ru/GNUmakefile @@ -60,6 +60,7 @@ REFS = \ http/ngx_http_mp4_module \ http/ngx_http_perl_module \ http/ngx_http_proxy_module \ + http/ngx_http_proxy_protocol_vendor_module \ http/ngx_http_random_index_module \ http/ngx_http_realip_module \ http/ngx_http_referer_module \ @@ -98,6 +99,7 @@ REFS = \ stream/ngx_stream_log_module \ stream/ngx_stream_map_module \ stream/ngx_stream_proxy_module \ + stream/ngx_stream_proxy_protocol_vendor_module \ stream/ngx_stream_realip_module \ stream/ngx_stream_return_module \ stream/ngx_stream_set_module \
--- a/xml/ru/docs/http/ngx_http_upstream_module.xml +++ b/xml/ru/docs/http/ngx_http_upstream_module.xml @@ -908,6 +908,7 @@ server { <syntax> <value>адрес</value> ... [<literal>valid</literal>=<value>время</value>] + [<literal>ipv4</literal>=<literal>on</literal>|<literal>off</literal>] [<literal>ipv6</literal>=<literal>on</literal>|<literal>off</literal>] [<literal>status_zone</literal>=<value>зона</value>]</syntax> <default/> @@ -929,8 +930,9 @@ resolver 127.0.0.1 [::1]:5353; <para id="resolver_ipv6"> По умолчанию nginx будет искать как IPv4-, так и IPv6-адреса при преобразовании имён в адреса. -Если поиск IPv6-адресов нежелателен, -можно указать параметр <literal>ipv6=off</literal>. +Если поиск IPv4- или IPv6-адресов нежелателен, +можно указать параметр <literal>ipv4=off</literal> (1.23.1) или +<literal>ipv6=off</literal>. </para> <para id="resolver_valid"> @@ -993,11 +995,11 @@ resolver_timeout 5s; [<literal>expires=</literal><value>время</value>] [<literal>domain=</literal><value>домен</value>] [<literal>httponly</literal>] - [<literal>samesite=</literal><literal>strict</literal>|<literal>lax</literal>|<literal>none</literal>] + [<literal>samesite=</literal><literal>strict</literal>|<literal>lax</literal>|<literal>none</literal>|<value>$переменная</value>] [<literal>secure</literal>] [<literal>path=</literal><value>путь</value>]</syntax> <syntax> - <literal>route</literal> <value>переменная</value> ...</syntax> + <literal>route</literal> <value>$переменная</value> ...</syntax> <syntax> <literal>learn</literal> <literal>create=</literal><value>$переменная</value> @@ -1089,13 +1091,22 @@ 31 декабря 2037 года 23:55:55 GMT. </tag-desc> <tag-name id="sticky_samesite"><literal>samesite=</literal><literal>strict</literal> | -<literal>lax</literal> | <literal>none</literal></tag-name> +<literal>lax</literal> | <literal>none</literal> | <literal>$переменная</literal></tag-name> <tag-desc> -Добавляет атрибут <literal>SameSite</literal> к куке -с одним из следующих значений (1.19.4): +Добавляет атрибут <literal>SameSite</literal> (1.19.4) к куке +с одним из следующих значений: +<literal>Strict</literal>, +<literal>Lax</literal>, +<literal>None</literal> или +при помощи переменных (1.23.3). +В последнем случае если переменная имеет пустое значение, +то атрибут <literal>SameSite</literal> не будет добавлен к куке, +если значение переменной равно <literal>Strict</literal>, <literal>Lax</literal> или -<literal>None</literal>. +<literal>None</literal>, +то атрибуту будет назначено соответствующее значение, +иначе атрибуту будет назначено значение <literal>Strict</literal>. </tag-desc> <tag-name><literal>secure</literal></tag-name>
--- a/xml/ru/docs/index.xml +++ b/xml/ru/docs/index.xml @@ -385,6 +385,11 @@ ngx_http_proxy_module</link> </listitem> <listitem> +<link doc="http/ngx_http_proxy_protocol_vendor_module.xml"> +ngx_http_proxy_protocol_vendor_module</link> +</listitem> + +<listitem> <link doc="http/ngx_http_random_index_module.xml"> ngx_http_random_index_module</link> </listitem> @@ -597,6 +602,11 @@ ngx_stream_proxy_module</link> </listitem> <listitem> +<link doc="stream/ngx_stream_proxy_protocol_vendor_module.xml"> +ngx_stream_proxy_protocol_vendor_module</link> +</listitem> + +<listitem> <link doc="stream/ngx_stream_realip_module.xml"> ngx_stream_realip_module</link> </listitem>
--- a/xml/ru/docs/stream/ngx_stream_upstream_module.xml +++ b/xml/ru/docs/stream/ngx_stream_upstream_module.xml @@ -544,6 +544,7 @@ hash $remote_addr; <syntax> <value>адрес</value> ... [<literal>valid</literal>=<value>время</value>] + [<literal>ipv4</literal>=<literal>on</literal>|<literal>off</literal>] [<literal>ipv6</literal>=<literal>on</literal>|<literal>off</literal>] [<literal>status_zone</literal>=<value>зона</value>]</syntax> <default/> @@ -565,8 +566,9 @@ resolver 127.0.0.1 [::1]:5353; <para id="resolver_ipv6"> По умолчанию nginx будет искать как IPv4-, так и IPv6-адреса при преобразовании имён в адреса. -Если поиск IPv6-адресов нежелателен, -можно указать параметр <literal>ipv6=off</literal>. +Если поиск IPv4- или IPv6-адресов нежелателен, +можно указать параметр <literal>ipv4=off</literal> (1.23.1) или +<literal>ipv6=off</literal>. </para> <para id="resolver_valid">
--- a/yaml/nginx_api.yaml +++ b/yaml/nginx_api.yaml @@ -2204,10 +2204,57 @@ definitions: session_reuses: type: integer description: The total number of session reuses during SSL handshake. + no_common_protocol: + type: integer + description: The number of SSL handshakes failed + because of no common protocol. + no_common_cipher: + type: integer + description: The number of SSL handshakes failed + because of no shared cipher. + handshake_timeout: + type: integer + description: The number of SSL handshakes failed + because of a timeout. + peer_rejected_cert: + type: integer + description: The number of failed SSL handshakes + when nginx presented the certificate to the client + but it was rejected with a corresponding alert message. + verify_failures: + type: object + description: SSL certificate verification errors + properties: + no_cert: + type: integer + description: A client did not provide the required certificate. + expired_cert: + type: integer + description: An expired or not yet valid certificate + was presented by a client. + revoked_cert: + type: integer + description: A revoked certificate was presented by a client. + hostname_mismatch: + type: integer + description: Server's certificate doesn't match the hostname. + other: + type: integer + description: Other SSL certificate verification errors. example: handshakes: 79572 handshakes_failed: 21025 session_reuses: 15762 + no_common_protocol: 4 + no_common_cipher: 2 + handshake_timeout: 0 + peer_rejected_cert: 0 + verify_failures: + no_cert: 0 + expired_cert: 2 + revoked_cert: 1 + hostname_mismatch: 2 + other: 1 NginxSlabZoneMap: title: Slab Zones description: | @@ -2284,6 +2331,7 @@ definitions: NginxSlabZone: title: Shared memory zone with slab allocator description: | + Shared memory zone with slab allocator type: object properties: pages: @@ -2399,6 +2447,16 @@ definitions: handshakes: 65432 handshakes_failed: 421 session_reuses: 4645 + no_common_protocol: 4 + no_common_cipher: 2 + handshake_timeout: 0 + peer_rejected_cert: 0 + verify_failures: + no_cert: 0 + expired_cert: 2 + revoked_cert: 1 + hostname_mismatch: 2 + other: 1 site2: processing: 1 requests: 185307 @@ -2421,6 +2479,16 @@ definitions: handshakes: 104303 handshakes_failed: 1421 session_reuses: 54645 + no_common_protocol: 4 + no_common_cipher: 2 + handshake_timeout: 0 + peer_rejected_cert: 0 + verify_failures: + no_cert: 0 + expired_cert: 2 + revoked_cert: 1 + hostname_mismatch: 2 + other: 1 NginxHTTPServerZone: title: HTTP Server Zone type: object @@ -2500,6 +2568,40 @@ definitions: type: integer description: The total number of session reuses during SSL handshake. readOnly: true + no_common_protocol: + type: integer + description: The number of SSL handshakes failed + because of no common protocol. + no_common_cipher: + type: integer + description: The number of SSL handshakes failed + because of no shared cipher. + handshake_timeout: + type: integer + description: The number of SSL handshakes failed + because of a timeout. + peer_rejected_cert: + type: integer + description: The number of failed SSL handshakes + when nginx presented the certificate to the client + but it was rejected with a corresponding alert message. + verify_failures: + type: object + description: SSL certificate verification errors + properties: + no_cert: + type: integer + description: A client did not provide the required certificate. + expired_cert: + type: integer + description: An expired or not yet valid certificate + was presented by a client. + revoked_cert: + type: integer + description: A revoked certificate was presented by a client. + other: + type: integer + description: Other SSL certificate verification errors. example: processing: 1 requests: 706690 @@ -2522,6 +2624,15 @@ definitions: handshakes: 104303 handshakes_failed: 1421 session_reuses: 54645 + no_common_protocol: 4 + no_common_cipher: 2 + handshake_timeout: 0 + peer_rejected_cert: 0 + verify_failures: + no_cert: 0 + expired_cert: 2 + revoked_cert: 1 + other: 1 NginxHTTPLocationZonesMap: title: HTTP Location Zones description: | @@ -2935,6 +3046,14 @@ definitions: handshakes: 620311 handshakes_failed: 3432 session_reuses: 36442 + no_common_protocol: 4 + handshake_timeout: 0 + peer_rejected_cert: 0 + verify_failures: + expired_cert: 2 + revoked_cert: 1 + hostname_mismatch: 2 + other: 1 requests: 667231 header_time: 20 response_time: 36 @@ -3005,6 +3124,14 @@ definitions: handshakes: 620311 handshakes_failed: 3432 session_reuses: 36442 + no_common_protocol: 4 + handshake_timeout: 0 + peer_rejected_cert: 0 + verify_failures: + expired_cert: 2 + revoked_cert: 1 + hostname_mismatch: 2 + other: 1 requests: 667231 header_time: 20 response_time: 36 @@ -3113,6 +3240,14 @@ definitions: handshakes: 620311 handshakes_failed: 3432 session_reuses: 36442 + no_common_protocol: 4 + handshake_timeout: 0 + peer_rejected_cert: 0 + verify_failures: + expired_cert: 2 + revoked_cert: 1 + hostname_mismatch: 2 + other: 1 max_conns: 20 requests: 667231 header_time: 20 @@ -3247,6 +3382,36 @@ definitions: type: integer description: The total number of session reuses during SSL handshake. readOnly: true + no_common_protocol: + type: integer + description: The number of SSL handshakes failed + because of no common protocol. + handshake_timeout: + type: integer + description: The number of SSL handshakes failed + because of a timeout. + peer_rejected_cert: + type: integer + description: The number of failed SSL handshakes + when nginx presented the certificate to the upstream server + but it was rejected with a corresponding alert message. + verify_failures: + type: object + description: SSL certificate verification errors + properties: + expired_cert: + type: integer + description: An expired or not yet valid certificate + was presented by an upstream server. + revoked_cert: + type: integer + description: A revoked certificate was presented by an upstream server. + hostname_mismatch: + type: integer + description: Server's certificate doesn't match the hostname. + other: + type: integer + description: Other SSL certificate verification errors. max_conns: type: integer description: The @@ -3558,6 +3723,15 @@ definitions: handshakes: 76455 handshakes_failed: 432 session_reuses: 28770 + no_common_protocol: 4 + no_common_cipher: 2 + handshake_timeout: 0 + peer_rejected_cert: 0 + verify_failures: + no_cert: 0 + expired_cert: 2 + revoked_cert: 1 + other: 1 dns: processing: 1 connections: 155569 @@ -3573,6 +3747,15 @@ definitions: handshakes: 2040 handshakes_failed: 23 session_reuses: 65 + no_common_protocol: 4 + no_common_cipher: 2 + handshake_timeout: 0 + peer_rejected_cert: 0 + verify_failures: + no_cert: 0 + expired_cert: 2 + revoked_cert: 1 + other: 1 NginxStreamServerZone: title: Stream Server Zone type: object @@ -3634,6 +3817,40 @@ definitions: type: integer description: The total number of session reuses during SSL handshake. readOnly: true + no_common_protocol: + type: integer + description: The number of SSL handshakes failed + because of no common protocol. + no_common_cipher: + type: integer + description: The number of SSL handshakes failed + because of no shared cipher. + handshake_timeout: + type: integer + description: The number of SSL handshakes failed + because of a timeout. + peer_rejected_cert: + type: integer + description: The number of failed SSL handshakes + when nginx presented the certificate to the client + but it was rejected with a corresponding alert message. + verify_failures: + type: object + description: SSL certificate verification errors + properties: + no_cert: + type: integer + description: A client did not provide the required certificate. + expired_cert: + type: integer + description: An expired or not yet valid certificate + was presented by a client. + revoked_cert: + type: integer + description: A revoked certificate was presented by a client. + other: + type: integer + description: Other SSL certificate verification errors. example: dns: processing: 1 @@ -3650,6 +3867,15 @@ definitions: handshakes: 76455 handshakes_failed: 432 session_reuses: 28770 + no_common_protocol: 4 + no_common_cipher: 2 + handshake_timeout: 0 + peer_rejected_cert: 0 + verify_failures: + no_cert: 0 + expired_cert: 2 + revoked_cert: 1 + other: 1 NginxStreamLimitConnZonesMap: title: Stream limit_conns description: | @@ -3698,6 +3924,14 @@ definitions: handshakes: 1045 handshakes_failed: 89 session_reuses: 321 + no_common_protocol: 4 + handshake_timeout: 0 + peer_rejected_cert: 0 + verify_failures: + expired_cert: 2 + revoked_cert: 1 + hostname_mismatch: 2 + other: 1 max_conns: 30 connecions: 1231 sent: 251946292 @@ -3748,6 +3982,14 @@ definitions: handshakes: 5268 handshakes_failed: 121 session_reuses: 854 + no_common_protocol: 4 + handshake_timeout: 0 + peer_rejected_cert: 0 + verify_failures: + expired_cert: 2 + revoked_cert: 1 + hostname_mismatch: 2 + other: 1 max_conns: 30 connections: 667231 sent: 251946292 @@ -3814,6 +4056,14 @@ definitions: handshakes: 200 handshakes_failed: 4 session_reuses: 189 + no_common_protocol: 4 + handshake_timeout: 0 + peer_rejected_cert: 0 + verify_failures: + expired_cert: 2 + revoked_cert: 1 + hostname_mismatch: 2 + other: 1 max_conns: 50 connections: 667231 sent: 251946292 @@ -3925,6 +4175,36 @@ definitions: type: integer description: The total number of session reuses during SSL handshake. readOnly: true + no_common_protocol: + type: integer + description: The number of SSL handshakes failed + because of no common protocol. + handshake_timeout: + type: integer + description: The number of SSL handshakes failed + because of a timeout. + peer_rejected_cert: + type: integer + description: The number of failed SSL handshakes + when nginx presented the certificate to the upstream server + but it was rejected with a corresponding alert message. + verify_failures: + type: object + description: SSL certificate verification errors + properties: + expired_cert: + type: integer + description: An expired or not yet valid certificate + was presented by an upstream server. + revoked_cert: + type: integer + description: A revoked certificate was presented by an upstream server. + hostname_mismatch: + type: integer + description: Server's certificate doesn't match the hostname. + other: + type: integer + description: Other SSL certificate verification errors. max_conns: type: integer description: The