Mercurial > hg > nginx-site

annotate xml/en/docs/stream/ngx_stream_proxy_module.xml @ 2090:a9a9a052b5bd

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Documented the "CAP_NET_RAW" capability for transparent proxying.
author Yaroslav Zhuravlev <yar@nginx.com>
date Tue, 26 Dec 2017 15:28:53 +0300
parents 8f1a568a8bbf
children ca7568f67dee
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
1367
f1e14d87d833 Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
1 <?xml version="1.0"?>
f1e14d87d833 Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
2
f1e14d87d833 Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
3 <!--
f1e14d87d833 Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
4 Copyright (C) Nginx, Inc.
f1e14d87d833 Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
5 -->
f1e14d87d833 Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
6
f1e14d87d833 Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
7 <!DOCTYPE module SYSTEM "../../../../dtd/module.dtd">
f1e14d87d833 Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
8
1405
4569719f4247 Split stream module into stream_core and stream_proxy modules.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1394
diff changeset
9 <module name="Module ngx_stream_proxy_module"
4569719f4247 Split stream module into stream_core and stream_proxy modules.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1394
diff changeset
10 link="/en/docs/stream/ngx_stream_proxy_module.html"
1367
f1e14d87d833 Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
11 lang="en"
2090
a9a9a052b5bd Documented the "CAP_NET_RAW" capability for transparent proxying.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1978
diff changeset
12 rev="19">
1367
f1e14d87d833 Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
13
f1e14d87d833 Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
14 <section id="summary">
f1e14d87d833 Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
15
f1e14d87d833 Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
16 <para>
1662
48615cf80e20 Documented the UDP proxy functionality.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1622
diff changeset
17 The <literal>ngx_stream_proxy_module</literal> module (1.9.0) allows proxying
48615cf80e20 Documented the UDP proxy functionality.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1622
diff changeset
18 data streams over TCP, UDP (1.9.13), and UNIX-domain sockets.
1367
f1e14d87d833 Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
19 </para>
f1e14d87d833 Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
20
f1e14d87d833 Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
21 </section>
f1e14d87d833 Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
22
1394
66f227952864 Somewhat revamped the stream module documentation.
Ruslan Ermilov <ru@nginx.com>
parents: 1367
diff changeset
23
1367
f1e14d87d833 Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
24 <section id="example" name="Example Configuration">
f1e14d87d833 Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
25
f1e14d87d833 Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
26 <para>
f1e14d87d833 Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
27 <example>
1405
4569719f4247 Split stream module into stream_core and stream_proxy modules.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1394
diff changeset
28 server {
4569719f4247 Split stream module into stream_core and stream_proxy modules.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1394
diff changeset
29 listen 127.0.0.1:12345;
4569719f4247 Split stream module into stream_core and stream_proxy modules.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1394
diff changeset
30 proxy_pass 127.0.0.1:8080;
4569719f4247 Split stream module into stream_core and stream_proxy modules.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1394
diff changeset
31 }
1367
f1e14d87d833 Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
32
1405
4569719f4247 Split stream module into stream_core and stream_proxy modules.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1394
diff changeset
33 server {
4569719f4247 Split stream module into stream_core and stream_proxy modules.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1394
diff changeset
34 listen 12345;
4569719f4247 Split stream module into stream_core and stream_proxy modules.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1394
diff changeset
35 proxy_connect_timeout 1s;
1526
7b15698cbdb7 Updated the proxy_timeout directive for mail and stream.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1518
diff changeset
36 proxy_timeout 1m;
1405
4569719f4247 Split stream module into stream_core and stream_proxy modules.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1394
diff changeset
37 proxy_pass example.com:12345;
4569719f4247 Split stream module into stream_core and stream_proxy modules.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1394
diff changeset
38 }
4569719f4247 Split stream module into stream_core and stream_proxy modules.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1394
diff changeset
39
4569719f4247 Split stream module into stream_core and stream_proxy modules.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1394
diff changeset
40 server {
1662
48615cf80e20 Documented the UDP proxy functionality.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1622
diff changeset
41 listen 53 udp;
48615cf80e20 Documented the UDP proxy functionality.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1622
diff changeset
42 proxy_responses 1;
48615cf80e20 Documented the UDP proxy functionality.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1622
diff changeset
43 proxy_timeout 20s;
48615cf80e20 Documented the UDP proxy functionality.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1622
diff changeset
44 proxy_pass dns.example.com:53;
48615cf80e20 Documented the UDP proxy functionality.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1622
diff changeset
45 }
48615cf80e20 Documented the UDP proxy functionality.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1622
diff changeset
46
48615cf80e20 Documented the UDP proxy functionality.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1622
diff changeset
47 server {
1405
4569719f4247 Split stream module into stream_core and stream_proxy modules.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1394
diff changeset
48 listen [::1]:12345;
4569719f4247 Split stream module into stream_core and stream_proxy modules.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1394
diff changeset
49 proxy_pass unix:/tmp/stream.socket;
1367
f1e14d87d833 Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
50 }
f1e14d87d833 Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
51 </example>
f1e14d87d833 Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
52 </para>
f1e14d87d833 Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
53
f1e14d87d833 Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
54 </section>
f1e14d87d833 Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
55
f1e14d87d833 Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
56
f1e14d87d833 Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
57 <section id="directives" name="Directives">
f1e14d87d833 Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
58
1510
f90c2ea1729e Documented the "proxy_bind" directive for stream.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1499
diff changeset
59 <directive name="proxy_bind">
1885
6839c258c473 Added <literal> tag to proxy bind transparent.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1758
diff changeset
60 <syntax>
6839c258c473 Added <literal> tag to proxy bind transparent.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1758
diff changeset
61 <value>address</value>
6839c258c473 Added <literal> tag to proxy bind transparent.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1758
diff changeset
62 [<literal>transparent</literal>] |
6839c258c473 Added <literal> tag to proxy bind transparent.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1758
diff changeset
63 <literal>off</literal></syntax>
1510
f90c2ea1729e Documented the "proxy_bind" directive for stream.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1499
diff changeset
64 <default/>
f90c2ea1729e Documented the "proxy_bind" directive for stream.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1499
diff changeset
65 <context>stream</context>
f90c2ea1729e Documented the "proxy_bind" directive for stream.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1499
diff changeset
66 <context>server</context>
f90c2ea1729e Documented the "proxy_bind" directive for stream.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1499
diff changeset
67 <appeared-in>1.9.2</appeared-in>
f90c2ea1729e Documented the "proxy_bind" directive for stream.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1499
diff changeset
68
f90c2ea1729e Documented the "proxy_bind" directive for stream.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1499
diff changeset
69 <para>
f90c2ea1729e Documented the "proxy_bind" directive for stream.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1499
diff changeset
70 Makes outgoing connections to a proxied server originate
f90c2ea1729e Documented the "proxy_bind" directive for stream.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1499
diff changeset
71 from the specified local IP <value>address</value>.
1744
ab56dcd73af2 Added variables to stream hash, limit_conn_zone, proxy_bind.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1717
diff changeset
72 Parameter value can contain variables (1.11.2).
1510
f90c2ea1729e Documented the "proxy_bind" directive for stream.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1499
diff changeset
73 The special value <literal>off</literal> cancels the effect
f90c2ea1729e Documented the "proxy_bind" directive for stream.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1499
diff changeset
74 of the <literal>proxy_bind</literal> directive
f90c2ea1729e Documented the "proxy_bind" directive for stream.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1499
diff changeset
75 inherited from the previous configuration level, which allows the
f90c2ea1729e Documented the "proxy_bind" directive for stream.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1499
diff changeset
76 system to auto-assign the local IP address.
f90c2ea1729e Documented the "proxy_bind" directive for stream.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1499
diff changeset
77 </para>
f90c2ea1729e Documented the "proxy_bind" directive for stream.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1499
diff changeset
78
1696
d855e7cc3b2f Added the "transparent" parameter of proxy_bind and friends.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1662
diff changeset
79 <para id="proxy_bind_transparent">
d855e7cc3b2f Added the "transparent" parameter of proxy_bind and friends.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1662
diff changeset
80 The <literal>transparent</literal> parameter (1.11.0) allows
d855e7cc3b2f Added the "transparent" parameter of proxy_bind and friends.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1662
diff changeset
81 outgoing connections to a proxied server originate
d855e7cc3b2f Added the "transparent" parameter of proxy_bind and friends.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1662
diff changeset
82 from a non-local IP address,
d855e7cc3b2f Added the "transparent" parameter of proxy_bind and friends.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1662
diff changeset
83 for example, from a real IP address of a client:
d855e7cc3b2f Added the "transparent" parameter of proxy_bind and friends.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1662
diff changeset
84 <example>
d855e7cc3b2f Added the "transparent" parameter of proxy_bind and friends.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1662
diff changeset
85 proxy_bind $remote_addr transparent;
d855e7cc3b2f Added the "transparent" parameter of proxy_bind and friends.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1662
diff changeset
86 </example>
d855e7cc3b2f Added the "transparent" parameter of proxy_bind and friends.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1662
diff changeset
87 In order for this parameter to work,
2090
a9a9a052b5bd Documented the "CAP_NET_RAW" capability for transparent proxying.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1978
diff changeset
88 it is usually necessary to run nginx worker processes with the
a9a9a052b5bd Documented the "CAP_NET_RAW" capability for transparent proxying.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1978
diff changeset
89 <link doc="../ngx_core_module.xml" id="user">superuser</link> privileges.
a9a9a052b5bd Documented the "CAP_NET_RAW" capability for transparent proxying.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1978
diff changeset
90 On Linux it is not required (1.13.8) as if
a9a9a052b5bd Documented the "CAP_NET_RAW" capability for transparent proxying.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1978
diff changeset
91 the <literal>transparent</literal> parameter is specified, worker processes
a9a9a052b5bd Documented the "CAP_NET_RAW" capability for transparent proxying.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1978
diff changeset
92 inherit the <literal>CAP_NET_RAW</literal> capability from the master process.
a9a9a052b5bd Documented the "CAP_NET_RAW" capability for transparent proxying.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1978
diff changeset
93 It is also necessary to configure kernel routing table
1696
d855e7cc3b2f Added the "transparent" parameter of proxy_bind and friends.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1662
diff changeset
94 to intercept network traffic from the proxied server.
d855e7cc3b2f Added the "transparent" parameter of proxy_bind and friends.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1662
diff changeset
95 </para>
d855e7cc3b2f Added the "transparent" parameter of proxy_bind and friends.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1662
diff changeset
96
1510
f90c2ea1729e Documented the "proxy_bind" directive for stream.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1499
diff changeset
97 </directive>
f90c2ea1729e Documented the "proxy_bind" directive for stream.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1499
diff changeset
98
f90c2ea1729e Documented the "proxy_bind" directive for stream.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1499
diff changeset
99
1548
08498db38e58 Replaced proxy_downstream/upstream_buffer with proxy_buffer_size.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1535
diff changeset
100 <directive name="proxy_buffer_size">
08498db38e58 Replaced proxy_downstream/upstream_buffer with proxy_buffer_size.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1535
diff changeset
101 <syntax><value>size</value></syntax>
08498db38e58 Replaced proxy_downstream/upstream_buffer with proxy_buffer_size.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1535
diff changeset
102 <default>16k</default>
08498db38e58 Replaced proxy_downstream/upstream_buffer with proxy_buffer_size.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1535
diff changeset
103 <context>stream</context>
08498db38e58 Replaced proxy_downstream/upstream_buffer with proxy_buffer_size.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1535
diff changeset
104 <context>server</context>
08498db38e58 Replaced proxy_downstream/upstream_buffer with proxy_buffer_size.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1535
diff changeset
105 <appeared-in>1.9.4</appeared-in>
08498db38e58 Replaced proxy_downstream/upstream_buffer with proxy_buffer_size.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1535
diff changeset
106
08498db38e58 Replaced proxy_downstream/upstream_buffer with proxy_buffer_size.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1535
diff changeset
107 <para>
08498db38e58 Replaced proxy_downstream/upstream_buffer with proxy_buffer_size.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1535
diff changeset
108 Sets the <value>size</value> of the buffer used for reading data
08498db38e58 Replaced proxy_downstream/upstream_buffer with proxy_buffer_size.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1535
diff changeset
109 from the proxied server.
08498db38e58 Replaced proxy_downstream/upstream_buffer with proxy_buffer_size.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1535
diff changeset
110 Also sets the <value>size</value> of the buffer used for reading data
08498db38e58 Replaced proxy_downstream/upstream_buffer with proxy_buffer_size.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1535
diff changeset
111 from the client.
08498db38e58 Replaced proxy_downstream/upstream_buffer with proxy_buffer_size.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1535
diff changeset
112 </para>
08498db38e58 Replaced proxy_downstream/upstream_buffer with proxy_buffer_size.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1535
diff changeset
113
08498db38e58 Replaced proxy_downstream/upstream_buffer with proxy_buffer_size.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1535
diff changeset
114 </directive>
08498db38e58 Replaced proxy_downstream/upstream_buffer with proxy_buffer_size.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1535
diff changeset
115
08498db38e58 Replaced proxy_downstream/upstream_buffer with proxy_buffer_size.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1535
diff changeset
116
1367
f1e14d87d833 Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
117 <directive name="proxy_connect_timeout">
f1e14d87d833 Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
118 <syntax><value>time</value></syntax>
f1e14d87d833 Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
119 <default>60s</default>
f1e14d87d833 Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
120 <context>stream</context>
f1e14d87d833 Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
121 <context>server</context>
f1e14d87d833 Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
122
f1e14d87d833 Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
123 <para>
f1e14d87d833 Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
124 Defines a timeout for establishing a connection with a proxied server.
f1e14d87d833 Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
125 </para>
f1e14d87d833 Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
126
f1e14d87d833 Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
127 </directive>
f1e14d87d833 Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
128
f1e14d87d833 Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
129
1535
61b1ab5adbc9 Renamed proxy_downstream_limit_rate and proxy_upstream_limit_rate directives.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1526
diff changeset
130 <directive name="proxy_download_rate">
61b1ab5adbc9 Renamed proxy_downstream_limit_rate and proxy_upstream_limit_rate directives.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1526
diff changeset
131 <syntax><value>rate</value></syntax>
61b1ab5adbc9 Renamed proxy_downstream_limit_rate and proxy_upstream_limit_rate directives.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1526
diff changeset
132 <default>0</default>
61b1ab5adbc9 Renamed proxy_downstream_limit_rate and proxy_upstream_limit_rate directives.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1526
diff changeset
133 <context>stream</context>
61b1ab5adbc9 Renamed proxy_downstream_limit_rate and proxy_upstream_limit_rate directives.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1526
diff changeset
134 <context>server</context>
61b1ab5adbc9 Renamed proxy_downstream_limit_rate and proxy_upstream_limit_rate directives.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1526
diff changeset
135 <appeared-in>1.9.3</appeared-in>
61b1ab5adbc9 Renamed proxy_downstream_limit_rate and proxy_upstream_limit_rate directives.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1526
diff changeset
136
61b1ab5adbc9 Renamed proxy_downstream_limit_rate and proxy_upstream_limit_rate directives.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1526
diff changeset
137 <para>
61b1ab5adbc9 Renamed proxy_downstream_limit_rate and proxy_upstream_limit_rate directives.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1526
diff changeset
138 Limits the speed of reading the data from the proxied server.
61b1ab5adbc9 Renamed proxy_downstream_limit_rate and proxy_upstream_limit_rate directives.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1526
diff changeset
139 The <value>rate</value> is specified in bytes per second.
61b1ab5adbc9 Renamed proxy_downstream_limit_rate and proxy_upstream_limit_rate directives.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1526
diff changeset
140 The zero value disables rate limiting.
61b1ab5adbc9 Renamed proxy_downstream_limit_rate and proxy_upstream_limit_rate directives.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1526
diff changeset
141 The limit is set per a connection, so if nginx simultaneously opens
61b1ab5adbc9 Renamed proxy_downstream_limit_rate and proxy_upstream_limit_rate directives.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1526
diff changeset
142 two connections to the proxied server,
61b1ab5adbc9 Renamed proxy_downstream_limit_rate and proxy_upstream_limit_rate directives.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1526
diff changeset
143 the overall rate will be twice as much as the specified limit.
61b1ab5adbc9 Renamed proxy_downstream_limit_rate and proxy_upstream_limit_rate directives.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1526
diff changeset
144 </para>
61b1ab5adbc9 Renamed proxy_downstream_limit_rate and proxy_upstream_limit_rate directives.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1526
diff changeset
145
61b1ab5adbc9 Renamed proxy_downstream_limit_rate and proxy_upstream_limit_rate directives.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1526
diff changeset
146 </directive>
61b1ab5adbc9 Renamed proxy_downstream_limit_rate and proxy_upstream_limit_rate directives.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1526
diff changeset
147
61b1ab5adbc9 Renamed proxy_downstream_limit_rate and proxy_upstream_limit_rate directives.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1526
diff changeset
148
1450
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
149 <directive name="proxy_next_upstream">
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
150 <syntax><literal>on</literal> | <literal>off</literal></syntax>
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
151 <default>on</default>
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
152 <context>stream</context>
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
153 <context>server</context>
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
154
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
155 <para>
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
156 When a connection to the proxied server cannot be established, determines
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
157 whether a client connection will be passed to the next server.
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
158 </para>
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
159
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
160 <para>
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
161 Passing a connection to the next server can be limited by
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
162 <link id="proxy_next_upstream_tries">the number of tries</link>
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
163 and by <link id="proxy_next_upstream_timeout">time</link>.
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
164 </para>
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
165
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
166 </directive>
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
167
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
168
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
169 <directive name="proxy_next_upstream_timeout">
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
170 <syntax><value>time</value></syntax>
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
171 <default>0</default>
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
172 <context>stream</context>
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
173 <context>server</context>
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
174
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
175 <para>
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
176 Limits the time allowed to pass a connection to the
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
177 <link id="proxy_next_upstream">next server</link>.
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
178 The <literal>0</literal> value turns off this limitation.
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
179 </para>
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
180
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
181 </directive>
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
182
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
183
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
184 <directive name="proxy_next_upstream_tries">
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
185 <syntax><value>number</value></syntax>
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
186 <default>0</default>
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
187 <context>stream</context>
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
188 <context>server</context>
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
189
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
190 <para>
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
191 Limits the number of possible tries for passing a connection to the
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
192 <link id="proxy_next_upstream">next server</link>.
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
193 The <literal>0</literal> value turns off this limitation.
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
194 </para>
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
195
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
196 </directive>
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
197
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
198
1367
f1e14d87d833 Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
199 <directive name="proxy_pass">
1394
66f227952864 Somewhat revamped the stream module documentation.
Ruslan Ermilov <ru@nginx.com>
parents: 1367
diff changeset
200 <syntax><value>address</value></syntax>
1367
f1e14d87d833 Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
201 <default/>
f1e14d87d833 Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
202 <context>server</context>
f1e14d87d833 Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
203
f1e14d87d833 Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
204 <para>
1394
66f227952864 Somewhat revamped the stream module documentation.
Ruslan Ermilov <ru@nginx.com>
parents: 1367
diff changeset
205 Sets the address of a proxied server.
1367
f1e14d87d833 Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
206 The address can be specified as a domain name or IP address,
1622
c4c1dddfedac Unified *_pass address descriptions.
Ruslan Ermilov <ru@nginx.com>
parents: 1548
diff changeset
207 and a port:
1394
66f227952864 Somewhat revamped the stream module documentation.
Ruslan Ermilov <ru@nginx.com>
parents: 1367
diff changeset
208 <example>
1405
4569719f4247 Split stream module into stream_core and stream_proxy modules.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1394
diff changeset
209 proxy_pass localhost:12345;
1394
66f227952864 Somewhat revamped the stream module documentation.
Ruslan Ermilov <ru@nginx.com>
parents: 1367
diff changeset
210 </example>
66f227952864 Somewhat revamped the stream module documentation.
Ruslan Ermilov <ru@nginx.com>
parents: 1367
diff changeset
211 or as a UNIX-domain socket path:
66f227952864 Somewhat revamped the stream module documentation.
Ruslan Ermilov <ru@nginx.com>
parents: 1367
diff changeset
212 <example>
66f227952864 Somewhat revamped the stream module documentation.
Ruslan Ermilov <ru@nginx.com>
parents: 1367
diff changeset
213 proxy_pass unix:/tmp/stream.socket;
66f227952864 Somewhat revamped the stream module documentation.
Ruslan Ermilov <ru@nginx.com>
parents: 1367
diff changeset
214 </example>
66f227952864 Somewhat revamped the stream module documentation.
Ruslan Ermilov <ru@nginx.com>
parents: 1367
diff changeset
215 </para>
66f227952864 Somewhat revamped the stream module documentation.
Ruslan Ermilov <ru@nginx.com>
parents: 1367
diff changeset
216
66f227952864 Somewhat revamped the stream module documentation.
Ruslan Ermilov <ru@nginx.com>
parents: 1367
diff changeset
217 <para>
1367
f1e14d87d833 Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
218 If a domain name resolves to several addresses, all of them will be
f1e14d87d833 Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
219 used in a round-robin fashion.
1394
66f227952864 Somewhat revamped the stream module documentation.
Ruslan Ermilov <ru@nginx.com>
parents: 1367
diff changeset
220 In addition, an address can be specified as a
66f227952864 Somewhat revamped the stream module documentation.
Ruslan Ermilov <ru@nginx.com>
parents: 1367
diff changeset
221 <link doc="ngx_stream_upstream_module.xml">server group</link>.
1367
f1e14d87d833 Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
222 </para>
f1e14d87d833 Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
223
1758
2e0d07952c8f Documented variables support for proxy_pass in stream.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1744
diff changeset
224 <para>
2e0d07952c8f Documented variables support for proxy_pass in stream.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1744
diff changeset
225 The address can also be specified using variables (1.11.3):
2e0d07952c8f Documented variables support for proxy_pass in stream.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1744
diff changeset
226 <example>
2e0d07952c8f Documented variables support for proxy_pass in stream.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1744
diff changeset
227 proxy_pass $upstream;
2e0d07952c8f Documented variables support for proxy_pass in stream.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1744
diff changeset
228 </example>
2e0d07952c8f Documented variables support for proxy_pass in stream.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1744
diff changeset
229 In this case, the server name is searched among the described
2e0d07952c8f Documented variables support for proxy_pass in stream.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1744
diff changeset
230 <link doc="ngx_stream_upstream_module.xml">server groups</link>,
2e0d07952c8f Documented variables support for proxy_pass in stream.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1744
diff changeset
231 and, if not found, is determined using a
2e0d07952c8f Documented variables support for proxy_pass in stream.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1744
diff changeset
232 <link doc="ngx_stream_core_module.xml" id="resolver"/>.
2e0d07952c8f Documented variables support for proxy_pass in stream.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1744
diff changeset
233 </para>
2e0d07952c8f Documented variables support for proxy_pass in stream.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1744
diff changeset
234
1367
f1e14d87d833 Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
235 </directive>
f1e14d87d833 Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
236
f1e14d87d833 Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
237
1514
eef30c3dc519 Documented the "proxy_protocol" directive for stream.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1510
diff changeset
238 <directive name="proxy_protocol">
eef30c3dc519 Documented the "proxy_protocol" directive for stream.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1510
diff changeset
239 <syntax><literal>on</literal> | <literal>off</literal></syntax>
eef30c3dc519 Documented the "proxy_protocol" directive for stream.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1510
diff changeset
240 <default>off</default>
eef30c3dc519 Documented the "proxy_protocol" directive for stream.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1510
diff changeset
241 <context>stream</context>
eef30c3dc519 Documented the "proxy_protocol" directive for stream.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1510
diff changeset
242 <context>server</context>
eef30c3dc519 Documented the "proxy_protocol" directive for stream.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1510
diff changeset
243 <appeared-in>1.9.2</appeared-in>
eef30c3dc519 Documented the "proxy_protocol" directive for stream.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1510
diff changeset
244
eef30c3dc519 Documented the "proxy_protocol" directive for stream.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1510
diff changeset
245 <para>
eef30c3dc519 Documented the "proxy_protocol" directive for stream.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1510
diff changeset
246 Enables the
eef30c3dc519 Documented the "proxy_protocol" directive for stream.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1510
diff changeset
247 <link url="http://www.haproxy.org/download/1.5/doc/proxy-protocol.txt">PROXY
eef30c3dc519 Documented the "proxy_protocol" directive for stream.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1510
diff changeset
248 protocol</link> for connections to a proxied server.
eef30c3dc519 Documented the "proxy_protocol" directive for stream.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1510
diff changeset
249 </para>
eef30c3dc519 Documented the "proxy_protocol" directive for stream.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1510
diff changeset
250
eef30c3dc519 Documented the "proxy_protocol" directive for stream.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1510
diff changeset
251 </directive>
eef30c3dc519 Documented the "proxy_protocol" directive for stream.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1510
diff changeset
252
eef30c3dc519 Documented the "proxy_protocol" directive for stream.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1510
diff changeset
253
1662
48615cf80e20 Documented the UDP proxy functionality.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1622
diff changeset
254 <directive name="proxy_responses">
48615cf80e20 Documented the UDP proxy functionality.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1622
diff changeset
255 <syntax><value>number</value></syntax>
48615cf80e20 Documented the UDP proxy functionality.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1622
diff changeset
256 <default/>
48615cf80e20 Documented the UDP proxy functionality.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1622
diff changeset
257 <context>stream</context>
48615cf80e20 Documented the UDP proxy functionality.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1622
diff changeset
258 <context>server</context>
48615cf80e20 Documented the UDP proxy functionality.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1622
diff changeset
259 <appeared-in>1.9.13</appeared-in>
48615cf80e20 Documented the UDP proxy functionality.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1622
diff changeset
260
48615cf80e20 Documented the UDP proxy functionality.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1622
diff changeset
261 <para>
48615cf80e20 Documented the UDP proxy functionality.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1622
diff changeset
262 Sets the number of datagrams expected from the proxied server
48615cf80e20 Documented the UDP proxy functionality.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1622
diff changeset
263 in response to the client request
48615cf80e20 Documented the UDP proxy functionality.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1622
diff changeset
264 if the <link doc="ngx_stream_core_module.xml" id="udp">UDP</link>
48615cf80e20 Documented the UDP proxy functionality.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1622
diff changeset
265 protocol is used.
48615cf80e20 Documented the UDP proxy functionality.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1622
diff changeset
266 By default, the number of datagrams is not limited:
48615cf80e20 Documented the UDP proxy functionality.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1622
diff changeset
267 the response datagrams will be sent
48615cf80e20 Documented the UDP proxy functionality.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1622
diff changeset
268 until the <link id="proxy_timeout"/> value expires.
48615cf80e20 Documented the UDP proxy functionality.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1622
diff changeset
269 </para>
48615cf80e20 Documented the UDP proxy functionality.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1622
diff changeset
270
48615cf80e20 Documented the UDP proxy functionality.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1622
diff changeset
271 </directive>
48615cf80e20 Documented the UDP proxy functionality.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1622
diff changeset
272
48615cf80e20 Documented the UDP proxy functionality.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1622
diff changeset
273
1450
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
274 <directive name="proxy_ssl">
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
275 <syntax><literal>on</literal> | <literal>off</literal></syntax>
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
276 <default>off</default>
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
277 <context>stream</context>
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
278 <context>server</context>
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
279
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
280 <para>
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
281 Enables the SSL/TLS protocol for connections to a proxied server.
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
282 </para>
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
283
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
284 </directive>
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
285
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
286
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
287 <directive name="proxy_ssl_certificate">
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
288 <syntax><value>file</value></syntax>
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
289 <default/>
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
290 <context>stream</context>
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
291 <context>server</context>
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
292
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
293 <para>
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
294 Specifies a <value>file</value> with the certificate in the PEM format
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
295 used for authentication to a proxied server.
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
296 </para>
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
297
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
298 </directive>
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
299
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
300
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
301 <directive name="proxy_ssl_certificate_key">
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
302 <syntax><value>file</value></syntax>
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
303 <default/>
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
304 <context>stream</context>
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
305 <context>server</context>
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
306
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
307 <para>
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
308 Specifies a <value>file</value> with the secret key in the PEM format
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
309 used for authentication to a proxied server.
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
310 </para>
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
311
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
312 </directive>
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
313
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
314
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
315 <directive name="proxy_ssl_ciphers">
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
316 <syntax><value>ciphers</value></syntax>
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
317 <default>DEFAULT</default>
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
318 <context>stream</context>
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
319 <context>server</context>
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
320
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
321 <para>
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
322 Specifies the enabled ciphers for connections to a proxied server.
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
323 The ciphers are specified in the format understood by the OpenSSL library.
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
324 </para>
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
325
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
326 <para>
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
327 The full list can be viewed using the
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
328 “<command>openssl ciphers</command>” command.
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
329 </para>
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
330
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
331 </directive>
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
332
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
333
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
334 <directive name="proxy_ssl_crl">
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
335 <syntax><value>file</value></syntax>
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
336 <default/>
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
337 <context>stream</context>
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
338 <context>server</context>
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
339
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
340 <para>
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
341 Specifies a <value>file</value> with revoked certificates (CRL)
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
342 in the PEM format used to <link id="proxy_ssl_verify">verify</link>
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
343 the certificate of the proxied server.
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
344 </para>
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
345
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
346 </directive>
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
347
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
348
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
349 <directive name="proxy_ssl_name">
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
350 <syntax><value>name</value></syntax>
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
351 <default>host from proxy_pass</default>
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
352 <context>stream</context>
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
353 <context>server</context>
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
354
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
355 <para>
1717
e07ce4ed4dcc Corrected usage of "allow".
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1696
diff changeset
356 Allows overriding the server name used to
1450
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
357 <link id="proxy_ssl_verify">verify</link>
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
358 the certificate of the proxied server and to be
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
359 <link id="proxy_ssl_server_name">passed through SNI</link>
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
360 when establishing a connection with the proxied server.
1758
2e0d07952c8f Documented variables support for proxy_pass in stream.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1744
diff changeset
361 The server name can also be specified using variables (1.11.3).
1450
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
362 </para>
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
363
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
364 <para>
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
365 By default, the host part of the <link id="proxy_pass"/> address is used.
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
366 </para>
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
367
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
368 </directive>
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
369
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
370
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
371 <directive name="proxy_ssl_password_file">
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
372 <syntax><value>file</value></syntax>
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
373 <default/>
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
374 <context>stream</context>
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
375 <context>server</context>
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
376
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
377 <para>
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
378 Specifies a <value>file</value> with passphrases for
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
379 <link id="proxy_ssl_certificate_key">secret keys</link>
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
380 where each passphrase is specified on a separate line.
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
381 Passphrases are tried in turn when loading the key.
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
382 </para>
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
383
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
384 </directive>
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
385
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
386
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
387 <directive name="proxy_ssl_server_name">
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
388 <syntax><literal>on</literal> | <literal>off</literal></syntax>
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
389 <default>off</default>
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
390 <context>stream</context>
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
391 <context>server</context>
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
392
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
393 <para>
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
394 Enables or disables passing of the server name through
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
395 <link url="http://en.wikipedia.org/wiki/Server_Name_Indication">TLS
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
396 Server Name Indication extension</link> (SNI, RFC 6066)
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
397 when establishing a connection with the proxied server.
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
398 </para>
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
399
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
400 </directive>
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
401
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
402
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
403 <directive name="proxy_ssl_session_reuse">
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
404 <syntax><literal>on</literal> | <literal>off</literal></syntax>
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
405 <default>on</default>
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
406 <context>stream</context>
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
407 <context>server</context>
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
408
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
409 <para>
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
410 Determines whether SSL sessions can be reused when working with
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
411 the proxied server.
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
412 If the errors
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
413 “<literal>SSL3_GET_FINISHED:digest check failed</literal>”
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
414 appear in the logs, try disabling session reuse.
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
415 </para>
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
416
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
417 </directive>
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
418
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
419
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
420 <directive name="proxy_ssl_protocols">
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
421 <syntax>
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
422 [<literal>SSLv2</literal>]
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
423 [<literal>SSLv3</literal>]
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
424 [<literal>TLSv1</literal>]
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
425 [<literal>TLSv1.1</literal>]
1978
8f1a568a8bbf Documented "TLSv1.3" parameter of the "ssl_protocols" directive.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1885
diff changeset
426 [<literal>TLSv1.2</literal>]
8f1a568a8bbf Documented "TLSv1.3" parameter of the "ssl_protocols" directive.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1885
diff changeset
427 [<literal>TLSv1.3</literal>]</syntax>
1499
3687cc9a3592 Removed SSLv3 from the default value of ssl_protocols and friends.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1462
diff changeset
428 <default>TLSv1 TLSv1.1 TLSv1.2</default>
1450
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
429 <context>stream</context>
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
430 <context>server</context>
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
431
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
432 <para>
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
433 Enables the specified protocols for connections to a proxied server.
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
434 </para>
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
435
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
436 </directive>
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
437
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
438
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
439 <directive name="proxy_ssl_trusted_certificate">
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
440 <syntax><value>file</value></syntax>
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
441 <default/>
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
442 <context>stream</context>
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
443 <context>server</context>
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
444
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
445 <para>
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
446 Specifies a <value>file</value> with trusted CA certificates in the PEM format
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
447 used to <link id="proxy_ssl_verify">verify</link>
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
448 the certificate of the proxied server.
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
449 </para>
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
450
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
451 </directive>
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
452
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
453
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
454 <directive name="proxy_ssl_verify">
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
455 <syntax><literal>on</literal> | <literal>off</literal></syntax>
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
456 <default>off</default>
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
457 <context>stream</context>
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
458 <context>server</context>
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
459
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
460 <para>
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
461 Enables or disables verification of the proxied server certificate.
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
462 </para>
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
463
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
464 </directive>
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
465
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
466
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
467 <directive name="proxy_ssl_verify_depth">
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
468 <syntax><value>number</value></syntax>
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
469 <default>1</default>
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
470 <context>stream</context>
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
471 <context>server</context>
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
472
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
473 <para>
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
474 Sets the verification depth in the proxied server certificates chain.
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
475 </para>
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
476
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
477 </directive>
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
478
f5b5eefc43cb Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents: 1407
diff changeset
479
1367
f1e14d87d833 Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
480 <directive name="proxy_timeout">
f1e14d87d833 Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
481 <syntax><value>timeout</value></syntax>
f1e14d87d833 Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
482 <default>10m</default>
f1e14d87d833 Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
483 <context>stream</context>
f1e14d87d833 Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
484 <context>server</context>
f1e14d87d833 Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
485
f1e14d87d833 Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
486 <para>
1526
7b15698cbdb7 Updated the proxy_timeout directive for mail and stream.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1518
diff changeset
487 Sets the <value>timeout</value> between two successive
7b15698cbdb7 Updated the proxy_timeout directive for mail and stream.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1518
diff changeset
488 read or write operations on client or proxied server connections.
7b15698cbdb7 Updated the proxy_timeout directive for mail and stream.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1518
diff changeset
489 If no data is transmitted within this time, the connection is closed.
1367
f1e14d87d833 Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
490 </para>
f1e14d87d833 Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
491
f1e14d87d833 Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
492 </directive>
f1e14d87d833 Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
493
f1e14d87d833 Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
494
1535
61b1ab5adbc9 Renamed proxy_downstream_limit_rate and proxy_upstream_limit_rate directives.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1526
diff changeset
495 <directive name="proxy_upload_rate">
61b1ab5adbc9 Renamed proxy_downstream_limit_rate and proxy_upstream_limit_rate directives.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1526
diff changeset
496 <syntax><value>rate</value></syntax>
61b1ab5adbc9 Renamed proxy_downstream_limit_rate and proxy_upstream_limit_rate directives.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1526
diff changeset
497 <default>0</default>
61b1ab5adbc9 Renamed proxy_downstream_limit_rate and proxy_upstream_limit_rate directives.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1526
diff changeset
498 <context>stream</context>
61b1ab5adbc9 Renamed proxy_downstream_limit_rate and proxy_upstream_limit_rate directives.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1526
diff changeset
499 <context>server</context>
61b1ab5adbc9 Renamed proxy_downstream_limit_rate and proxy_upstream_limit_rate directives.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1526
diff changeset
500 <appeared-in>1.9.3</appeared-in>
61b1ab5adbc9 Renamed proxy_downstream_limit_rate and proxy_upstream_limit_rate directives.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1526
diff changeset
501
61b1ab5adbc9 Renamed proxy_downstream_limit_rate and proxy_upstream_limit_rate directives.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1526
diff changeset
502 <para>
61b1ab5adbc9 Renamed proxy_downstream_limit_rate and proxy_upstream_limit_rate directives.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1526
diff changeset
503 Limits the speed of reading the data from the client.
61b1ab5adbc9 Renamed proxy_downstream_limit_rate and proxy_upstream_limit_rate directives.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1526
diff changeset
504 The <value>rate</value> is specified in bytes per second.
61b1ab5adbc9 Renamed proxy_downstream_limit_rate and proxy_upstream_limit_rate directives.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1526
diff changeset
505 The zero value disables rate limiting.
61b1ab5adbc9 Renamed proxy_downstream_limit_rate and proxy_upstream_limit_rate directives.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1526
diff changeset
506 The limit is set per a connection, so if the client simultaneously opens
61b1ab5adbc9 Renamed proxy_downstream_limit_rate and proxy_upstream_limit_rate directives.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1526
diff changeset
507 two connections,
61b1ab5adbc9 Renamed proxy_downstream_limit_rate and proxy_upstream_limit_rate directives.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1526
diff changeset
508 the overall rate will be twice as much as the specified limit.
61b1ab5adbc9 Renamed proxy_downstream_limit_rate and proxy_upstream_limit_rate directives.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1526
diff changeset
509 </para>
61b1ab5adbc9 Renamed proxy_downstream_limit_rate and proxy_upstream_limit_rate directives.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1526
diff changeset
510
61b1ab5adbc9 Renamed proxy_downstream_limit_rate and proxy_upstream_limit_rate directives.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1526
diff changeset
511 </directive>
61b1ab5adbc9 Renamed proxy_downstream_limit_rate and proxy_upstream_limit_rate directives.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1526
diff changeset
512
1367
f1e14d87d833 Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
513 </section>
f1e14d87d833 Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
514
f1e14d87d833 Updated commercial docs for the upcoming release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
515 </module>