Mercurial > hg > nginx-site
annotate xml/ru/docs/http/ngx_http_ssl_module.xml @ 654:841118e33f41
Refined the text about cache of connections to upstream servers.
author | Ruslan Ermilov <ru@nginx.com> |
---|---|
date | Sat, 25 Aug 2012 07:24:53 +0000 |
parents | 764fbac1b8b4 |
children | 1de09d81acd1 |
rev | line source |
---|---|
222
bfe3eff81d04
Removed redundant encoding specification.
Ruslan Ermilov <ru@nginx.com>
parents:
110
diff
changeset
|
1 <?xml version="1.0"?> |
76
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
2 |
580
be54c443235a
Added copyright markers to documentation sources.
Ruslan Ermilov <ru@nginx.com>
parents:
538
diff
changeset
|
3 <!-- |
be54c443235a
Added copyright markers to documentation sources.
Ruslan Ermilov <ru@nginx.com>
parents:
538
diff
changeset
|
4 Copyright (C) Igor Sysoev |
be54c443235a
Added copyright markers to documentation sources.
Ruslan Ermilov <ru@nginx.com>
parents:
538
diff
changeset
|
5 Copyright (C) Nginx, Inc. |
be54c443235a
Added copyright markers to documentation sources.
Ruslan Ermilov <ru@nginx.com>
parents:
538
diff
changeset
|
6 --> |
be54c443235a
Added copyright markers to documentation sources.
Ruslan Ermilov <ru@nginx.com>
parents:
538
diff
changeset
|
7 |
76
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
8 <!DOCTYPE module SYSTEM "../../../../dtd/module.dtd"> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
9 |
379 | 10 <module name="Модуль ngx_http_ssl_module" |
76
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
11 link="/ru/docs/http/ngx_http_ssl_module.html" |
589 | 12 lang="ru" |
13 rev="1"> | |
76
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
14 |
110
40eec261c2a6
Added proper support for anonymous sections, notably for the summary.
Ruslan Ermilov <ru@nginx.com>
parents:
106
diff
changeset
|
15 <section id="summary"> |
76
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
16 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
17 <para> |
379 | 18 Модуль <literal>ngx_http_ssl_module</literal> обеспечивает работу |
19 по протоколу HTTPS. | |
76
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
20 </para> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
21 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
22 <para> |
379 | 23 По умолчанию этот модуль не собирается, его сборку необходимо |
24 разрешить с помощью конфигурационного параметра | |
271 | 25 <literal>--with-http_ssl_module</literal>. |
379 | 26 <note> |
76
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
27 Для сборки и работы этого модуля нужна библиотека |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
28 <link url="http://www.openssl.org">OpenSSL</link>. |
379 | 29 </note> |
76
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
30 </para> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
31 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
32 </section> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
33 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
34 |
379 | 35 <section id="example" name="Пример конфигурации"> |
76
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
36 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
37 <para> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
38 Для уменьшения загрузки процессора рекомендуется |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
39 <list type="bullet"> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
40 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
41 <listitem> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
42 установить число рабочих процессов равным числу процессоров, |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
43 </listitem> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
44 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
45 <listitem> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
46 разрешить keep-alive соединения, |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
47 </listitem> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
48 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
49 <listitem> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
50 включить разделяемый кэш сессий, |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
51 </listitem> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
52 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
53 <listitem> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
54 выключить встроенный кэш сессий |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
55 </listitem> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
56 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
57 <listitem> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
58 и, возможно, увеличить время жизни сессии (по умолчанию 5 минут): |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
59 </listitem> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
60 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
61 </list> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
62 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
63 <example> |
379 | 64 <emphasis>worker_processes 2;</emphasis> |
76
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
65 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
66 http { |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
67 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
68 ... |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
69 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
70 server { |
379 | 71 listen 443; |
72 <emphasis>keepalive_timeout 70;</emphasis> | |
76
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
73 |
379 | 74 ssl on; |
75 ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2; | |
76 ssl_ciphers AES128-SHA:AES256-SHA:RC4-SHA:DES-CBC3-SHA:RC4-MD5; | |
77 ssl_certificate /usr/local/nginx/conf/cert.pem; | |
78 ssl_certificate_key /usr/local/nginx/conf/cert.key; | |
79 <emphasis>ssl_session_cache shared:SSL:10m;</emphasis> | |
80 <emphasis>ssl_session_timeout 10m;</emphasis> | |
76
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
81 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
82 ... |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
83 } |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
84 </example> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
85 </para> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
86 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
87 </section> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
88 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
89 |
379 | 90 <section id="directives" name="Директивы"> |
76
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
91 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
92 <directive name="ssl"> |
271 | 93 <syntax><literal>on</literal> | <literal>off</literal></syntax> |
102
c76a257f3fd4
The directive name is now automatically printed in <default> and <syntax>.
Ruslan Ermilov <ru@nginx.com>
parents:
99
diff
changeset
|
94 <default>off</default> |
379 | 95 <context>http</context> |
96 <context>server</context> | |
76
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
97 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
98 <para> |
379 | 99 Разрешает протокол HTTPS для данного виртуального сервера. |
76
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
100 </para> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
101 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
102 </directive> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
103 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
104 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
105 <directive name="ssl_certificate"> |
102
c76a257f3fd4
The directive name is now automatically printed in <default> and <syntax>.
Ruslan Ermilov <ru@nginx.com>
parents:
99
diff
changeset
|
106 <syntax><value>файл</value></syntax> |
99
1d315ef37215
The case <default/> is now language-agnostic.
Ruslan Ermilov <ru@nginx.com>
parents:
98
diff
changeset
|
107 <default/> |
379 | 108 <context>http</context> |
109 <context>server</context> | |
76
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
110 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
111 <para> |
379 | 112 Указывает файл с сертификатом в формате PEM |
76
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
113 для данного виртуального сервера. |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
114 Если вместе с основным сертификатом нужно указать промежуточные, |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
115 то они должны находиться в этом же файле в следующем порядке — сначала |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
116 основной сертификат, а затем промежуточные. |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
117 В этом же файле может находиться секретный ключ в формате PEM. |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
118 </para> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
119 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
120 <para> |
280 | 121 Нужно иметь в виду, что из-за ограничения протокола HTTPS |
379 | 122 виртуальные серверы должны слушать на разных IP-адресах: |
76
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
123 <example> |
379 | 124 server { |
125 listen 192.168.1.1:443; | |
126 server_name one.example.com; | |
127 ssl_certificate /usr/local/nginx/conf/one.example.com.cert; | |
128 ... | |
129 } | |
76
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
130 |
379 | 131 server { |
132 listen 192.168.1.2:443; | |
133 server_name two.example.com; | |
134 ssl_certificate /usr/local/nginx/conf/two.example.com.cert; | |
135 ... | |
136 } | |
76
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
137 </example> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
138 иначе для второго сайта будет выдаваться |
379 | 139 <link doc="configuring_https_servers.xml" |
140 id="name_based_https_servers">сертификат первого сервера</link>. | |
76
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
141 </para> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
142 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
143 </directive> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
144 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
145 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
146 <directive name="ssl_certificate_key"> |
102
c76a257f3fd4
The directive name is now automatically printed in <default> and <syntax>.
Ruslan Ermilov <ru@nginx.com>
parents:
99
diff
changeset
|
147 <syntax><value>файл</value></syntax> |
99
1d315ef37215
The case <default/> is now language-agnostic.
Ruslan Ermilov <ru@nginx.com>
parents:
98
diff
changeset
|
148 <default/> |
379 | 149 <context>http</context> |
150 <context>server</context> | |
76
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
151 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
152 <para> |
379 | 153 Указывает файл с секретным ключом в формате PEM |
76
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
154 для данного виртуального сервера. |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
155 </para> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
156 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
157 </directive> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
158 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
159 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
160 <directive name="ssl_ciphers"> |
102
c76a257f3fd4
The directive name is now automatically printed in <default> and <syntax>.
Ruslan Ermilov <ru@nginx.com>
parents:
99
diff
changeset
|
161 <syntax><value>шифры</value></syntax> |
538
58dd64aef626
Documented ciphers used by default in modern nginx versions (closes #177).
Ruslan Ermilov <ru@nginx.com>
parents:
393
diff
changeset
|
162 <default>HIGH:!aNULL:!MD5</default> |
379 | 163 <context>http</context> |
164 <context>server</context> | |
76
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
165 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
166 <para> |
379 | 167 Описывает разрешённые шифры. |
76
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
168 Шифры задаются в формате, поддерживаемом библиотекой |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
169 OpenSSL, например: |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
170 <example> |
538
58dd64aef626
Documented ciphers used by default in modern nginx versions (closes #177).
Ruslan Ermilov <ru@nginx.com>
parents:
393
diff
changeset
|
171 ssl_ciphers ALL:!aNULL:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP; |
76
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
172 </example> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
173 </para> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
174 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
175 <para> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
176 Полный список можно посмотреть с помощью команды |
271 | 177 “<command>openssl ciphers</command>”. |
76
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
178 </para> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
179 |
538
58dd64aef626
Documented ciphers used by default in modern nginx versions (closes #177).
Ruslan Ermilov <ru@nginx.com>
parents:
393
diff
changeset
|
180 <para> |
58dd64aef626
Documented ciphers used by default in modern nginx versions (closes #177).
Ruslan Ermilov <ru@nginx.com>
parents:
393
diff
changeset
|
181 <note> |
58dd64aef626
Documented ciphers used by default in modern nginx versions (closes #177).
Ruslan Ermilov <ru@nginx.com>
parents:
393
diff
changeset
|
182 В предыдущих версиях nginx по умолчанию использовались |
58dd64aef626
Documented ciphers used by default in modern nginx versions (closes #177).
Ruslan Ermilov <ru@nginx.com>
parents:
393
diff
changeset
|
183 <link doc="configuring_https_servers.xml" id="compatibility">другие</link> |
58dd64aef626
Documented ciphers used by default in modern nginx versions (closes #177).
Ruslan Ermilov <ru@nginx.com>
parents:
393
diff
changeset
|
184 шифры. |
58dd64aef626
Documented ciphers used by default in modern nginx versions (closes #177).
Ruslan Ermilov <ru@nginx.com>
parents:
393
diff
changeset
|
185 </note> |
58dd64aef626
Documented ciphers used by default in modern nginx versions (closes #177).
Ruslan Ermilov <ru@nginx.com>
parents:
393
diff
changeset
|
186 </para> |
58dd64aef626
Documented ciphers used by default in modern nginx versions (closes #177).
Ruslan Ermilov <ru@nginx.com>
parents:
393
diff
changeset
|
187 |
76
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
188 </directive> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
189 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
190 |
379 | 191 <directive name="ssl_client_certificate"> |
192 <syntax><value>файл</value></syntax> | |
193 <default/> | |
194 <context>http</context> | |
195 <context>server</context> | |
196 | |
197 <para> | |
198 Указывает файл с сертификатами CA в формате PEM, используемыми для | |
199 для проверки клиентских сертификатов. | |
200 </para> | |
201 | |
202 </directive> | |
203 | |
204 | |
76
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
205 <directive name="ssl_crl"> |
102
c76a257f3fd4
The directive name is now automatically printed in <default> and <syntax>.
Ruslan Ermilov <ru@nginx.com>
parents:
99
diff
changeset
|
206 <syntax><value>файл</value></syntax> |
99
1d315ef37215
The case <default/> is now language-agnostic.
Ruslan Ermilov <ru@nginx.com>
parents:
98
diff
changeset
|
207 <default/> |
379 | 208 <context>http</context> |
209 <context>server</context> | |
210 <appeared-in>0.8.7</appeared-in> | |
76
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
211 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
212 <para> |
379 | 213 Указывает файл с отозванными сертификатами (CRL) |
214 в формате PEM, используемыми для проверки клиентских сертификатов. | |
76
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
215 </para> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
216 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
217 </directive> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
218 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
219 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
220 <directive name="ssl_dhparam"> |
102
c76a257f3fd4
The directive name is now automatically printed in <default> and <syntax>.
Ruslan Ermilov <ru@nginx.com>
parents:
99
diff
changeset
|
221 <syntax><value>файл</value></syntax> |
99
1d315ef37215
The case <default/> is now language-agnostic.
Ruslan Ermilov <ru@nginx.com>
parents:
98
diff
changeset
|
222 <default/> |
379 | 223 <context>http</context> |
224 <context>server</context> | |
225 <appeared-in>0.7.2</appeared-in> | |
76
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
226 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
227 <para> |
379 | 228 Указывает файл с параметрами для шифров с обменом EDH-ключами. |
76
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
229 </para> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
230 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
231 </directive> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
232 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
233 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
234 <directive name="ssl_prefer_server_ciphers"> |
271 | 235 <syntax><literal>on</literal> | <literal>off</literal></syntax> |
102
c76a257f3fd4
The directive name is now automatically printed in <default> and <syntax>.
Ruslan Ermilov <ru@nginx.com>
parents:
99
diff
changeset
|
236 <default>off</default> |
379 | 237 <context>http</context> |
238 <context>server</context> | |
76
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
239 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
240 <para> |
379 | 241 Указывает, чтобы при использовании протоколов SSLv3 и TLS |
76
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
242 серверные шифры были более приоритетны, чем клиентские. |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
243 </para> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
244 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
245 </directive> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
246 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
247 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
248 <directive name="ssl_protocols"> |
314
95d5dc7c9884
Documented the new "TLSv1.1" and "TLSv1.2" parameters of the
Ruslan Ermilov <ru@nginx.com>
parents:
285
diff
changeset
|
249 <syntax> |
95d5dc7c9884
Documented the new "TLSv1.1" and "TLSv1.2" parameters of the
Ruslan Ermilov <ru@nginx.com>
parents:
285
diff
changeset
|
250 [<literal>SSLv2</literal>] |
95d5dc7c9884
Documented the new "TLSv1.1" and "TLSv1.2" parameters of the
Ruslan Ermilov <ru@nginx.com>
parents:
285
diff
changeset
|
251 [<literal>SSLv3</literal>] |
95d5dc7c9884
Documented the new "TLSv1.1" and "TLSv1.2" parameters of the
Ruslan Ermilov <ru@nginx.com>
parents:
285
diff
changeset
|
252 [<literal>TLSv1</literal>] |
95d5dc7c9884
Documented the new "TLSv1.1" and "TLSv1.2" parameters of the
Ruslan Ermilov <ru@nginx.com>
parents:
285
diff
changeset
|
253 [<literal>TLSv1.1</literal>] |
95d5dc7c9884
Documented the new "TLSv1.1" and "TLSv1.2" parameters of the
Ruslan Ermilov <ru@nginx.com>
parents:
285
diff
changeset
|
254 [<literal>TLSv1.2</literal>]</syntax> |
95d5dc7c9884
Documented the new "TLSv1.1" and "TLSv1.2" parameters of the
Ruslan Ermilov <ru@nginx.com>
parents:
285
diff
changeset
|
255 <default>SSLv3 TLSv1 TLSv1.1 TLSv1.2</default> |
379 | 256 <context>http</context> |
257 <context>server</context> | |
76
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
258 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
259 <para> |
379 | 260 Разрешает указанные протоколы. |
314
95d5dc7c9884
Documented the new "TLSv1.1" and "TLSv1.2" parameters of the
Ruslan Ermilov <ru@nginx.com>
parents:
285
diff
changeset
|
261 Параметры <literal>TLSv1.1</literal> и <literal>TLSv1.2</literal> работают |
95d5dc7c9884
Documented the new "TLSv1.1" and "TLSv1.2" parameters of the
Ruslan Ermilov <ru@nginx.com>
parents:
285
diff
changeset
|
262 только при использовании библиотеки OpenSSL версии 1.0.1 и выше. |
95d5dc7c9884
Documented the new "TLSv1.1" and "TLSv1.2" parameters of the
Ruslan Ermilov <ru@nginx.com>
parents:
285
diff
changeset
|
263 <note> |
95d5dc7c9884
Documented the new "TLSv1.1" and "TLSv1.2" parameters of the
Ruslan Ermilov <ru@nginx.com>
parents:
285
diff
changeset
|
264 Параметры <literal>TLSv1.1</literal> и <literal>TLSv1.2</literal> поддерживаются |
393
b83d332fbdaa
Documented SSL changes in the upcoming 1.0.12 release.
Ruslan Ermilov <ru@nginx.com>
parents:
383
diff
changeset
|
265 только начиная с версий 1.1.13 и 1.0.12, |
b83d332fbdaa
Documented SSL changes in the upcoming 1.0.12 release.
Ruslan Ermilov <ru@nginx.com>
parents:
383
diff
changeset
|
266 поэтому при использовании OpenSSL версии 1.0.1 |
314
95d5dc7c9884
Documented the new "TLSv1.1" and "TLSv1.2" parameters of the
Ruslan Ermilov <ru@nginx.com>
parents:
285
diff
changeset
|
267 и выше на старых версиях nginx эти протоколы работать будут, однако их нельзя |
95d5dc7c9884
Documented the new "TLSv1.1" and "TLSv1.2" parameters of the
Ruslan Ermilov <ru@nginx.com>
parents:
285
diff
changeset
|
268 будет отключить. |
95d5dc7c9884
Documented the new "TLSv1.1" and "TLSv1.2" parameters of the
Ruslan Ermilov <ru@nginx.com>
parents:
285
diff
changeset
|
269 </note> |
76
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
270 </para> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
271 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
272 </directive> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
273 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
274 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
275 <directive name="ssl_session_cache"> |
271 | 276 <syntax> |
379 | 277 <literal>off</literal> | |
278 <literal>none</literal> | | |
279 [<literal>builtin</literal>[:<value>размер</value>]] | |
280 [<literal>shared</literal>:<value>название</value>:<value>размер</value>]</syntax> | |
102
c76a257f3fd4
The directive name is now automatically printed in <default> and <syntax>.
Ruslan Ermilov <ru@nginx.com>
parents:
99
diff
changeset
|
281 <default>none</default> |
379 | 282 <context>http</context> |
283 <context>server</context> | |
76
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
284 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
285 <para> |
379 | 286 Задаёт тип и размеры кэшей для хранения параметров сессий. |
76
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
287 Тип кэша может быть следующим: |
379 | 288 <list type="tag"> |
76
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
289 |
379 | 290 <tag-name><literal>off</literal></tag-name> |
291 <tag-desc> | |
292 жёсткое запрещение использования кэша сессий: | |
76
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
293 nginx явно говорит клиенту, что сессии не могут использоваться повторно. |
379 | 294 </tag-desc> |
76
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
295 |
379 | 296 <tag-name><literal>none</literal></tag-name> |
297 <tag-desc> | |
298 мягкое запрещение использования кэша сессий: | |
76
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
299 nginx говорит клиенту, что сессии могут использоваться повторно, но |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
300 на самом деле не используются. |
379 | 301 </tag-desc> |
76
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
302 |
379 | 303 <tag-name><literal>builtin</literal></tag-name> |
304 <tag-desc> | |
305 встроенный в OpenSSL кэш, используется в рамках только одного рабочего процесса. | |
306 Размер кэша задаётся в сессиях. | |
76
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
307 Если размер не задан, то он равен 20480 сессиям. |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
308 Использование встроенного кэша может вести к фрагментации памяти. |
379 | 309 </tag-desc> |
76
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
310 |
379 | 311 <tag-name><literal>shared</literal></tag-name> |
312 <tag-desc> | |
313 разделяемый между всеми рабочими процессами. | |
76
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
314 Размер кэша задаётся в байтах, в 1 мегабайт может поместиться |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
315 около 4000 сессий. |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
316 У каждого разделяемого кэша должно быть произвольное название. |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
317 Кэш с одинаковым названием может использоваться в нескольких |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
318 виртуальных серверах. |
379 | 319 </tag-desc> |
76
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
320 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
321 </list> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
322 </para> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
323 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
324 <para> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
325 Можно использовать одновременно оба типа кэша, например: |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
326 <example> |
379 | 327 ssl_session_cache builtin:1000 shared:SSL:10m; |
76
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
328 </example> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
329 однако использование только разделяемого кэша без встроенного должно |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
330 быть более эффективным. |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
331 </para> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
332 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
333 </directive> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
334 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
335 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
336 <directive name="ssl_session_timeout"> |
102
c76a257f3fd4
The directive name is now automatically printed in <default> and <syntax>.
Ruslan Ermilov <ru@nginx.com>
parents:
99
diff
changeset
|
337 <syntax><value>время</value></syntax> |
c76a257f3fd4
The directive name is now automatically printed in <default> and <syntax>.
Ruslan Ermilov <ru@nginx.com>
parents:
99
diff
changeset
|
338 <default>5m</default> |
379 | 339 <context>http</context> |
340 <context>server</context> | |
76
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
341 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
342 <para> |
379 | 343 Задаёт время, в течение которого клиент может повторно |
76
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
344 использовать параметры сессии, хранящейся в кэше. |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
345 </para> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
346 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
347 </directive> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
348 |
379 | 349 |
350 <directive name="ssl_verify_client"> | |
351 <syntax> | |
352 <literal>on</literal> | <literal>off</literal> | | |
353 <literal>optional</literal></syntax> | |
354 <default>off</default> | |
355 <context>http</context> | |
356 <context>server</context> | |
357 | |
358 <para> | |
359 Разрешает проверку клиентских сертификатов. | |
360 Параметр <literal>optional</literal> (0.8.7+) запрашивает сертификат клиента | |
361 и проверяет его, если он предоставлен. | |
362 Результат проверки можно узнать в переменной <var>$ssl_client_verify</var>. | |
363 </para> | |
364 | |
365 </directive> | |
366 | |
367 | |
368 <directive name="ssl_verify_depth"> | |
369 <syntax><value>число</value></syntax> | |
370 <default>1</default> | |
371 <context>http</context> | |
372 <context>server</context> | |
373 | |
374 <para> | |
375 Устанавливает глубину проверки в цепочке клиентских сертификатов. | |
376 </para> | |
377 | |
378 </directive> | |
379 | |
76
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
380 </section> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
381 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
382 |
379 | 383 <section id="errors" name="Обработка ошибок"> |
76
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
384 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
385 <para> |
379 | 386 Модуль <literal>ngx_http_ssl_module</literal> поддерживает несколько |
387 нестандартных кодов ошибок, которые можно использовать для | |
388 перенаправления с помощью директивы | |
106
56457a474903
If text of the link is not provided, the @id is used.
Ruslan Ermilov <ru@nginx.com>
parents:
102
diff
changeset
|
389 <link doc="ngx_http_core_module.xml" id="error_page"/>: |
379 | 390 <list type="tag"> |
76
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
391 |
379 | 392 <tag-name>495</tag-name> |
393 <tag-desc> | |
394 при проверке клиентского сертификата произошла ошибка; | |
395 </tag-desc> | |
76
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
396 |
379 | 397 <tag-name>496</tag-name> |
398 <tag-desc> | |
399 клиент не предоставил требуемый сертификат; | |
400 </tag-desc> | |
76
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
401 |
379 | 402 <tag-name>497</tag-name> |
403 <tag-desc> | |
404 обычный запрос был послан на порт HTTPS. | |
405 </tag-desc> | |
76
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
406 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
407 </list> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
408 </para> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
409 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
410 <para> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
411 Перенаправление делается после того, как запрос полностью разобран |
379 | 412 и доступны такие переменные, как <var>$request_uri</var>, |
413 <var>$uri</var>, <var>$args</var> и прочие. | |
76
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
414 </para> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
415 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
416 </section> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
417 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
418 |
379 | 419 <section id="variables" name="Встроенные переменные"> |
76
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
420 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
421 <para> |
379 | 422 Модуль <literal>ngx_http_ssl_module</literal> поддерживает |
423 несколько встроенных переменных: | |
424 <list type="tag"> | |
76
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
425 |
379 | 426 <tag-name><var>$ssl_cipher</var></tag-name> |
427 <tag-desc> | |
428 возвращает строку используемых шифров для установленного SSL-соединения; | |
429 </tag-desc> | |
76
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
430 |
379 | 431 <tag-name><var>$ssl_client_cert</var></tag-name> |
432 <tag-desc> | |
433 возвращает клиентский сертификат | |
76
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
434 для установленного SSL-соединения в формате PEM |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
435 перед каждой строкой которого, кроме первой, вставляется символ табуляции; |
383
a73fa21add8a
Removed a misleading sentence.
Ruslan Ermilov <ru@nginx.com>
parents:
379
diff
changeset
|
436 предназначена для использования в директиве |
379 | 437 <link doc="ngx_http_proxy_module.xml" id="proxy_set_header"/>; |
438 </tag-desc> | |
76
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
439 |
379 | 440 <tag-name><var>$ssl_client_raw_cert</var></tag-name> |
441 <tag-desc> | |
442 возвращает клиентский сертификат | |
76
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
443 для установленного SSL-соединения в формате PEM; |
379 | 444 </tag-desc> |
76
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
445 |
379 | 446 <tag-name><var>$ssl_client_serial</var></tag-name> |
447 <tag-desc> | |
448 возвращает серийный номер клиентского сертификата | |
76
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
449 для установленного SSL-соединения; |
379 | 450 </tag-desc> |
76
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
451 |
379 | 452 <tag-name><var>$ssl_client_s_dn</var></tag-name> |
453 <tag-desc> | |
454 возвращает строку “subject DN” клиентского сертификата | |
76
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
455 для установленного SSL-соединения; |
379 | 456 </tag-desc> |
76
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
457 |
379 | 458 <tag-name><var>$ssl_client_i_dn</var></tag-name> |
459 <tag-desc> | |
460 возвращает строку “issuer DN” клиентского сертификата | |
461 для установленного SSL-соединения; | |
462 </tag-desc> | |
76
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
463 |
379 | 464 <tag-name><var>$ssl_client_verify</var></tag-name> |
465 <tag-desc> | |
466 возвращает результат проверки клиентского сертификата: | |
467 “<literal>SUCCESS</literal>”, “<literal>FAILED</literal>” и, | |
468 если сертификат не был предоставлен — “<literal>NONE</literal>”; | |
469 </tag-desc> | |
76
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
470 |
379 | 471 <tag-name><var>$ssl_protocol</var></tag-name> |
472 <tag-desc> | |
473 возвращает протокол установленного SSL-соединения; | |
474 </tag-desc> | |
76
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
475 |
379 | 476 <tag-name><var>$ssl_session_id</var></tag-name> |
477 <tag-desc> | |
478 возвращает идентификатор сессии установленного SSL-соединения. | |
479 </tag-desc> | |
76
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
480 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
481 </list> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
482 </para> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
483 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
484 </section> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
485 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
486 </module> |