Mercurial > hg > nginx-site
annotate xml/ru/docs/http/ngx_http_ssl_module.xml @ 311:21b28b0590c6
Refer to UTC instead of GMT.
author | Ruslan Ermilov <ru@nginx.com> |
---|---|
date | Fri, 13 Jan 2012 14:26:45 +0000 |
parents | 2305be197a84 |
children | 95d5dc7c9884 |
rev | line source |
---|---|
222
bfe3eff81d04
Removed redundant encoding specification.
Ruslan Ermilov <ru@nginx.com>
parents:
110
diff
changeset
|
1 <?xml version="1.0"?> |
76
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
2 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
3 <!DOCTYPE module SYSTEM "../../../../dtd/module.dtd"> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
4 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
5 <module name="Директивы модуля ngx_http_ssl_module" |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
6 link="/ru/docs/http/ngx_http_ssl_module.html" |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
7 lang="ru"> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
8 |
110
40eec261c2a6
Added proper support for anonymous sections, notably for the summary.
Ruslan Ermilov <ru@nginx.com>
parents:
106
diff
changeset
|
9 <section id="summary"> |
76
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
10 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
11 <para> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
12 Модуль ngx_http_ssl_module обеспечивает работу по протоколу HTTPS. |
98 | 13 Поддерживается проверка сертификатов клиентов с ограничением — |
76
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
14 если в файле, заданном директивой <link id="ssl_certificate"/>, |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
15 указана цепочка сертификатов, то при проверке клиентских сертификатов |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
16 nginx также будет использовать и сертификаты этих промежуточных CA. |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
17 </para> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
18 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
19 <para> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
20 По умолчанию модуль не собирается, нужно разрешить его сборку |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
21 при конфигурировании параметром |
271 | 22 <literal>--with-http_ssl_module</literal>. |
76
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
23 Для сборки и работы этого модуля нужна библиотека |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
24 <link url="http://www.openssl.org">OpenSSL</link>. |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
25 </para> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
26 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
27 </section> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
28 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
29 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
30 <section name="Пример конфигурации" id="example"> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
31 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
32 <para> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
33 Для уменьшения загрузки процессора рекомендуется |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
34 <list type="bullet"> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
35 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
36 <listitem> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
37 установить число рабочих процессов равным числу процессоров, |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
38 </listitem> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
39 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
40 <listitem> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
41 разрешить keep-alive соединения, |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
42 </listitem> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
43 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
44 <listitem> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
45 включить разделяемый кэш сессий, |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
46 </listitem> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
47 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
48 <listitem> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
49 выключить встроенный кэш сессий |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
50 </listitem> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
51 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
52 <listitem> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
53 и, возможно, увеличить время жизни сессии (по умолчанию 5 минут): |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
54 </listitem> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
55 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
56 </list> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
57 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
58 <example> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
59 <emphasis>worker_processes 2;</emphasis> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
60 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
61 http { |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
62 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
63 ... |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
64 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
65 server { |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
66 listen 443; |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
67 <emphasis>keepalive_timeout 70;</emphasis> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
68 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
69 ssl on; |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
70 ssl_protocols SSLv3 TLSv1; |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
71 ssl_ciphers AES128-SHA:AES256-SHA:RC4-SHA:DES-CBC3-SHA:RC4-MD5; |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
72 ssl_certificate /usr/local/nginx/conf/cert.pem; |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
73 ssl_certificate_key /usr/local/nginx/conf/cert.key; |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
74 <emphasis>ssl_session_cache shared:SSL:10m;</emphasis> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
75 <emphasis>ssl_session_timeout 10m;</emphasis> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
76 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
77 ... |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
78 } |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
79 </example> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
80 </para> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
81 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
82 </section> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
83 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
84 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
85 <section name="Директивы" id="directives"> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
86 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
87 <directive name="ssl"> |
271 | 88 <syntax><literal>on</literal> | <literal>off</literal></syntax> |
102
c76a257f3fd4
The directive name is now automatically printed in <default> and <syntax>.
Ruslan Ermilov <ru@nginx.com>
parents:
99
diff
changeset
|
89 <default>off</default> |
76
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
90 <context>http, server</context> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
91 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
92 <para> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
93 Директива разрешает протокол HTTPS для данного виртуального сервера. |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
94 </para> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
95 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
96 </directive> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
97 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
98 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
99 <directive name="ssl_certificate"> |
102
c76a257f3fd4
The directive name is now automatically printed in <default> and <syntax>.
Ruslan Ermilov <ru@nginx.com>
parents:
99
diff
changeset
|
100 <syntax><value>файл</value></syntax> |
99
1d315ef37215
The case <default/> is now language-agnostic.
Ruslan Ermilov <ru@nginx.com>
parents:
98
diff
changeset
|
101 <default/> |
76
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
102 <context>http, server</context> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
103 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
104 <para> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
105 Директива указывает файл с сертификатом в формате PEM |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
106 для данного виртуального сервера. |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
107 Если вместе с основным сертификатом нужно указать промежуточные, |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
108 то они должны находиться в этом же файле в следующем порядке — сначала |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
109 основной сертификат, а затем промежуточные. |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
110 В этом же файле может находиться секретный ключ в формате PEM. |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
111 </para> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
112 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
113 <para> |
280 | 114 Нужно иметь в виду, что из-за ограничения протокола HTTPS |
76
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
115 виртуальные сервера должны слушать на разных IP-адресах: |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
116 <example> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
117 server { |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
118 listen 192.168.1.1:443; |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
119 server_name one.example.com; |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
120 ssl_certificate /usr/local/nginx/conf/one.example.com.cert; |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
121 ... |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
122 } |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
123 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
124 server { |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
125 listen 192.168.1.2:443; |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
126 server_name two.example.com; |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
127 ssl_certificate /usr/local/nginx/conf/two.example.com.cert; |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
128 ... |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
129 } |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
130 </example> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
131 иначе для второго сайта будет выдаваться |
79
0a45870d0160
Fixed cross-document links to use doc and id.
Maxim Dounin <mdounin@mdounin.ru>
parents:
76
diff
changeset
|
132 <link doc="../faq.xml" id="name_based_vhost_ssl">сертификат |
76
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
133 первого сервера</link>. |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
134 </para> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
135 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
136 </directive> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
137 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
138 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
139 <directive name="ssl_certificate_key"> |
102
c76a257f3fd4
The directive name is now automatically printed in <default> and <syntax>.
Ruslan Ermilov <ru@nginx.com>
parents:
99
diff
changeset
|
140 <syntax><value>файл</value></syntax> |
99
1d315ef37215
The case <default/> is now language-agnostic.
Ruslan Ermilov <ru@nginx.com>
parents:
98
diff
changeset
|
141 <default/> |
76
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
142 <context>http, server</context> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
143 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
144 <para> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
145 Директива указывает файл с секретным ключом в формате PEM |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
146 для данного виртуального сервера. |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
147 </para> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
148 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
149 </directive> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
150 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
151 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
152 <directive name="ssl_client_certificate"> |
102
c76a257f3fd4
The directive name is now automatically printed in <default> and <syntax>.
Ruslan Ermilov <ru@nginx.com>
parents:
99
diff
changeset
|
153 <syntax><value>файл</value></syntax> |
99
1d315ef37215
The case <default/> is now language-agnostic.
Ruslan Ermilov <ru@nginx.com>
parents:
98
diff
changeset
|
154 <default/> |
76
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
155 <context>http, server</context> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
156 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
157 <para> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
158 Директива указывает файл с сертификатами CA в формате PEM, используемыми для |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
159 для проверки клиентских сертификатов. |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
160 </para> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
161 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
162 </directive> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
163 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
164 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
165 <directive name="ssl_ciphers"> |
102
c76a257f3fd4
The directive name is now automatically printed in <default> and <syntax>.
Ruslan Ermilov <ru@nginx.com>
parents:
99
diff
changeset
|
166 <syntax><value>шифры</value></syntax> |
c76a257f3fd4
The directive name is now automatically printed in <default> and <syntax>.
Ruslan Ermilov <ru@nginx.com>
parents:
99
diff
changeset
|
167 <default>HIGH:!ADH:!MD5</default> |
76
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
168 <context>http, server</context> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
169 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
170 <para> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
171 Директива описывает разрешённые шифры. |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
172 Шифры задаются в формате, поддерживаемом библиотекой |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
173 OpenSSL, например: |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
174 <example> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
175 ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP; |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
176 </example> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
177 </para> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
178 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
179 <para> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
180 Полный список можно посмотреть с помощью команды |
271 | 181 “<command>openssl ciphers</command>”. |
76
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
182 </para> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
183 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
184 </directive> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
185 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
186 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
187 <directive name="ssl_crl"> |
102
c76a257f3fd4
The directive name is now automatically printed in <default> and <syntax>.
Ruslan Ermilov <ru@nginx.com>
parents:
99
diff
changeset
|
188 <syntax><value>файл</value></syntax> |
99
1d315ef37215
The case <default/> is now language-agnostic.
Ruslan Ermilov <ru@nginx.com>
parents:
98
diff
changeset
|
189 <default/> |
76
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
190 <context>http, server</context> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
191 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
192 <para> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
193 Директива (0.8.7) указывает файл с отозванными сертификатами (CRL) |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
194 в формате PEM, используемыми для для проверки клиентских сертификатов. |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
195 </para> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
196 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
197 </directive> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
198 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
199 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
200 <directive name="ssl_dhparam"> |
102
c76a257f3fd4
The directive name is now automatically printed in <default> and <syntax>.
Ruslan Ermilov <ru@nginx.com>
parents:
99
diff
changeset
|
201 <syntax><value>файл</value></syntax> |
99
1d315ef37215
The case <default/> is now language-agnostic.
Ruslan Ermilov <ru@nginx.com>
parents:
98
diff
changeset
|
202 <default/> |
76
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
203 <context>http, server</context> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
204 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
205 <para> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
206 Директива (0.7.2) указывает файл с параметрами для шифров с обменом EDH-ключами. |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
207 </para> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
208 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
209 </directive> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
210 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
211 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
212 <directive name="ssl_prefer_server_ciphers"> |
271 | 213 <syntax><literal>on</literal> | <literal>off</literal></syntax> |
102
c76a257f3fd4
The directive name is now automatically printed in <default> and <syntax>.
Ruslan Ermilov <ru@nginx.com>
parents:
99
diff
changeset
|
214 <default>off</default> |
76
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
215 <context>http, server</context> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
216 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
217 <para> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
218 Директива указывает, чтобы при использовании протоколов SSLv3 и TLSv1 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
219 серверные шифры были более приоритетны, чем клиентские. |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
220 </para> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
221 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
222 </directive> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
223 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
224 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
225 <directive name="ssl_protocols"> |
271 | 226 <syntax>[<literal>SSLv2</literal>] [<literal>SSLv3</literal>] [<literal>TLSv1</literal>]</syntax> |
102
c76a257f3fd4
The directive name is now automatically printed in <default> and <syntax>.
Ruslan Ermilov <ru@nginx.com>
parents:
99
diff
changeset
|
227 <default>SSLv3 TLSv1</default> |
76
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
228 <context>http, server</context> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
229 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
230 <para> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
231 Директива разрешает указанные протоколы. |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
232 </para> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
233 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
234 </directive> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
235 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
236 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
237 <directive name="ssl_verify_client"> |
271 | 238 <syntax><literal>on</literal> | <literal>off</literal> | <literal>optional</literal></syntax> |
102
c76a257f3fd4
The directive name is now automatically printed in <default> and <syntax>.
Ruslan Ermilov <ru@nginx.com>
parents:
99
diff
changeset
|
239 <default>off</default> |
76
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
240 <context>http, server</context> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
241 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
242 <para> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
243 Директива разрешает проверку клиентских сертификатов. |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
244 Параметр optional (0.8.7+) запрашивает сертификат клиента |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
245 и проверяет его, если он предоставлен. |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
246 Результат проверки можно узнать в переменной $ssl_client_verify. |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
247 </para> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
248 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
249 </directive> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
250 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
251 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
252 <directive name="ssl_verify_depth"> |
102
c76a257f3fd4
The directive name is now automatically printed in <default> and <syntax>.
Ruslan Ermilov <ru@nginx.com>
parents:
99
diff
changeset
|
253 <syntax><value>число</value></syntax> |
c76a257f3fd4
The directive name is now automatically printed in <default> and <syntax>.
Ruslan Ermilov <ru@nginx.com>
parents:
99
diff
changeset
|
254 <default>1</default> |
76
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
255 <context>http, server</context> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
256 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
257 <para> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
258 Директива устанавливает глубину проверку в цепочке клиентских сертификатов. |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
259 </para> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
260 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
261 </directive> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
262 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
263 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
264 <directive name="ssl_session_cache"> |
271 | 265 <syntax> |
266 <literal>off</literal> | | |
267 <literal>none</literal> | | |
268 [<literal>builtin</literal>[:<value>размер</value>]] | |
269 [<literal>shared</literal>:<value>название</value>:<value>размер</value>]</syntax> | |
102
c76a257f3fd4
The directive name is now automatically printed in <default> and <syntax>.
Ruslan Ermilov <ru@nginx.com>
parents:
99
diff
changeset
|
270 <default>none</default> |
76
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
271 <context>http, server</context> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
272 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
273 <para> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
274 Директива задаёт тип и размеры кэшей для хранения параметров сессий. |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
275 Тип кэша может быть следующим: |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
276 <list type="bullet"> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
277 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
278 <listitem> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
279 off — жёсткое запрещение использования кэша сессий: |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
280 nginx явно говорит клиенту, что сессии не могут использоваться повторно. |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
281 </listitem> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
282 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
283 <listitem> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
284 none — мягкое запрещение использования кэша сессий: |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
285 nginx говорит клиенту, что сессии могут использоваться повторно, но |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
286 на самом деле не используются. |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
287 </listitem> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
288 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
289 <listitem> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
290 builtin — встроенный в OpenSSL кэш, используется в рамках только |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
291 одного рабочего процесса. Размер кэша задаётся в сессиях. |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
292 Если размер не задан, то он равен 20480 сессиям. |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
293 Использование встроенного кэша может вести к фрагментации памяти. |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
294 </listitem> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
295 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
296 <listitem> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
297 shared — разделяемый между всеми рабочими процессами. |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
298 Размер кэша задаётся в байтах, в 1 мегабайт может поместиться |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
299 около 4000 сессий. |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
300 У каждого разделяемого кэша должно быть произвольное название. |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
301 Кэш с одинаковым названием может использоваться в нескольких |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
302 виртуальных серверах. |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
303 </listitem> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
304 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
305 </list> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
306 </para> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
307 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
308 <para> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
309 Можно использовать одновременно оба типа кэша, например: |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
310 <example> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
311 ssl_session_cache builtin:1000 shared:SSL:10m; |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
312 </example> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
313 однако использование только разделяемого кэша без встроенного должно |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
314 быть более эффективным. |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
315 </para> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
316 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
317 </directive> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
318 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
319 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
320 <directive name="ssl_session_timeout"> |
102
c76a257f3fd4
The directive name is now automatically printed in <default> and <syntax>.
Ruslan Ermilov <ru@nginx.com>
parents:
99
diff
changeset
|
321 <syntax><value>время</value></syntax> |
c76a257f3fd4
The directive name is now automatically printed in <default> and <syntax>.
Ruslan Ermilov <ru@nginx.com>
parents:
99
diff
changeset
|
322 <default>5m</default> |
76
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
323 <context>http, server</context> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
324 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
325 <para> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
326 Директива задаёт время, в течение которого клиент может повторно |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
327 использовать параметры сессии, хранящейся в кэше. |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
328 </para> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
329 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
330 </directive> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
331 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
332 </section> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
333 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
334 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
335 <section name="Обработка ошибок" id="errors"> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
336 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
337 <para> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
338 Модуль ngx_http_ssl_module поддерживает несколько нестандартных кодов ошибок, |
79
0a45870d0160
Fixed cross-document links to use doc and id.
Maxim Dounin <mdounin@mdounin.ru>
parents:
76
diff
changeset
|
339 которые можно использовать для перенаправления с помощью директивы |
106
56457a474903
If text of the link is not provided, the @id is used.
Ruslan Ermilov <ru@nginx.com>
parents:
102
diff
changeset
|
340 <link doc="ngx_http_core_module.xml" id="error_page"/>: |
76
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
341 <list type="bullet"> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
342 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
343 <listitem> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
344 495 — при проверке клиентского сертификата произошла ошибка; |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
345 </listitem> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
346 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
347 <listitem> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
348 496 — клиент не предоставил требуемый сертификат; |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
349 </listitem> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
350 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
351 <listitem> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
352 497 — обычный запрос был послан на порт HTTPS. |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
353 </listitem> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
354 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
355 </list> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
356 </para> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
357 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
358 <para> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
359 Перенаправление делается после того, как запрос полностью разобран |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
360 и доступны такие переменные, как $request_uri, $uri, $arg и прочие. |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
361 </para> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
362 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
363 </section> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
364 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
365 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
366 <section name="Встроенные переменные" id="variables"> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
367 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
368 <para> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
369 Модуль ngx_http_ssl_module поддерживает несколько встроенных переменных: |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
370 <list type="bullet"> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
371 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
372 <listitem> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
373 $ssl_cipher возвращает строку используемых шифров для установленного |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
374 SSL-соединения; |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
375 </listitem> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
376 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
377 <listitem> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
378 $ssl_client_cert возвращает клиентский сертификат |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
379 для установленного SSL-соединения в формате PEM |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
380 перед каждой строкой которого, кроме первой, вставляется символ табуляции; |
285 | 381 предназначен для использования в директиве |
106
56457a474903
If text of the link is not provided, the @id is used.
Ruslan Ermilov <ru@nginx.com>
parents:
102
diff
changeset
|
382 <link doc="ngx_http_proxy_module.xml" id="proxy_set_header"/>. |
76
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
383 </listitem> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
384 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
385 <listitem> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
386 $ssl_client_raw_cert возвращает клиентский сертификат |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
387 для установленного SSL-соединения в формате PEM; |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
388 </listitem> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
389 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
390 <listitem> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
391 $ssl_client_serial возвращает серийный номер клиентского сертификата |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
392 для установленного SSL-соединения; |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
393 </listitem> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
394 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
395 <listitem> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
396 $ssl_client_s_dn возвращает строку subject DN клиентского сертификата |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
397 для установленного SSL-соединения; |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
398 </listitem> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
399 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
400 <listitem> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
401 $ssl_client_i_dn возвращает строку issuer DN клиентского сертификата |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
402 для установленного SSL-соединения. |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
403 </listitem> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
404 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
405 <listitem> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
406 $ssl_client_verify возвращает результат проверки клиентского сертификата: |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
407 "SUCCESS", "FAILED" и, если серфтикат не был предоставлен - "NONE". |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
408 </listitem> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
409 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
410 <listitem> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
411 $ssl_protocol возвращает протокол установленного SSL-соединения; |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
412 </listitem> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
413 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
414 <listitem> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
415 $ssl_session_id возвращает идентификатор сессии установленного SSL-соединения; |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
416 </listitem> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
417 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
418 </list> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
419 </para> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
420 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
421 </section> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
422 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
423 </module> |