Mercurial > hg > nginx-site
annotate xml/ru/docs/http/ngx_http_ssl_module.xml @ 1145:e6b28653c406
Fixed default in the "proxy_bind" directive description.
author | Sergey Kandaurov <pluknet@nginx.com> |
---|---|
date | Mon, 07 Apr 2014 19:55:24 +0400 |
parents | 502f4be2d62e |
children | 07402a11fd8d |
rev | line source |
---|---|
222
bfe3eff81d04
Removed redundant encoding specification.
Ruslan Ermilov <ru@nginx.com>
parents:
110
diff
changeset
|
1 <?xml version="1.0"?> |
76
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
2 |
580
be54c443235a
Added copyright markers to documentation sources.
Ruslan Ermilov <ru@nginx.com>
parents:
538
diff
changeset
|
3 <!-- |
be54c443235a
Added copyright markers to documentation sources.
Ruslan Ermilov <ru@nginx.com>
parents:
538
diff
changeset
|
4 Copyright (C) Igor Sysoev |
be54c443235a
Added copyright markers to documentation sources.
Ruslan Ermilov <ru@nginx.com>
parents:
538
diff
changeset
|
5 Copyright (C) Nginx, Inc. |
be54c443235a
Added copyright markers to documentation sources.
Ruslan Ermilov <ru@nginx.com>
parents:
538
diff
changeset
|
6 --> |
be54c443235a
Added copyright markers to documentation sources.
Ruslan Ermilov <ru@nginx.com>
parents:
538
diff
changeset
|
7 |
76
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
8 <!DOCTYPE module SYSTEM "../../../../dtd/module.dtd"> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
9 |
379 | 10 <module name="Модуль ngx_http_ssl_module" |
76
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
11 link="/ru/docs/http/ngx_http_ssl_module.html" |
589 | 12 lang="ru" |
1072
502f4be2d62e
Documented the "ssl_session_reused" variable.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1055
diff
changeset
|
13 rev="12"> |
76
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
14 |
110
40eec261c2a6
Added proper support for anonymous sections, notably for the summary.
Ruslan Ermilov <ru@nginx.com>
parents:
106
diff
changeset
|
15 <section id="summary"> |
76
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
16 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
17 <para> |
379 | 18 Модуль <literal>ngx_http_ssl_module</literal> обеспечивает работу |
19 по протоколу HTTPS. | |
76
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
20 </para> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
21 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
22 <para> |
379 | 23 По умолчанию этот модуль не собирается, его сборку необходимо |
24 разрешить с помощью конфигурационного параметра | |
271 | 25 <literal>--with-http_ssl_module</literal>. |
379 | 26 <note> |
76
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
27 Для сборки и работы этого модуля нужна библиотека |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
28 <link url="http://www.openssl.org">OpenSSL</link>. |
379 | 29 </note> |
76
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
30 </para> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
31 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
32 </section> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
33 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
34 |
379 | 35 <section id="example" name="Пример конфигурации"> |
76
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
36 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
37 <para> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
38 Для уменьшения загрузки процессора рекомендуется |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
39 <list type="bullet"> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
40 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
41 <listitem> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
42 установить число рабочих процессов равным числу процессоров, |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
43 </listitem> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
44 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
45 <listitem> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
46 разрешить keep-alive соединения, |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
47 </listitem> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
48 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
49 <listitem> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
50 включить разделяемый кэш сессий, |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
51 </listitem> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
52 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
53 <listitem> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
54 выключить встроенный кэш сессий |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
55 </listitem> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
56 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
57 <listitem> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
58 и, возможно, увеличить время жизни сессии (по умолчанию 5 минут): |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
59 </listitem> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
60 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
61 </list> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
62 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
63 <example> |
817
4fecf0715bbf
Introducing "worker_processes auto" in SSL configuration examples.
Andrei Belov <defan@nginx.com>
parents:
801
diff
changeset
|
64 <emphasis>worker_processes auto;</emphasis> |
76
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
65 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
66 http { |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
67 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
68 ... |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
69 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
70 server { |
801
b95a6d779c89
Documented that "listen ... ssl" is preferred over "ssl on".
Ruslan Ermilov <ru@nginx.com>
parents:
763
diff
changeset
|
71 listen 443 ssl; |
379 | 72 <emphasis>keepalive_timeout 70;</emphasis> |
76
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
73 |
379 | 74 ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2; |
75 ssl_ciphers AES128-SHA:AES256-SHA:RC4-SHA:DES-CBC3-SHA:RC4-MD5; | |
76 ssl_certificate /usr/local/nginx/conf/cert.pem; | |
77 ssl_certificate_key /usr/local/nginx/conf/cert.key; | |
78 <emphasis>ssl_session_cache shared:SSL:10m;</emphasis> | |
79 <emphasis>ssl_session_timeout 10m;</emphasis> | |
76
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
80 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
81 ... |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
82 } |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
83 </example> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
84 </para> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
85 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
86 </section> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
87 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
88 |
379 | 89 <section id="directives" name="Директивы"> |
76
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
90 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
91 <directive name="ssl"> |
271 | 92 <syntax><literal>on</literal> | <literal>off</literal></syntax> |
102
c76a257f3fd4
The directive name is now automatically printed in <default> and <syntax>.
Ruslan Ermilov <ru@nginx.com>
parents:
99
diff
changeset
|
93 <default>off</default> |
379 | 94 <context>http</context> |
95 <context>server</context> | |
76
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
96 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
97 <para> |
801
b95a6d779c89
Documented that "listen ... ssl" is preferred over "ssl on".
Ruslan Ermilov <ru@nginx.com>
parents:
763
diff
changeset
|
98 Включает протокол HTTPS для данного виртуального сервера. |
b95a6d779c89
Documented that "listen ... ssl" is preferred over "ssl on".
Ruslan Ermilov <ru@nginx.com>
parents:
763
diff
changeset
|
99 <note> |
b95a6d779c89
Documented that "listen ... ssl" is preferred over "ssl on".
Ruslan Ermilov <ru@nginx.com>
parents:
763
diff
changeset
|
100 Вместо этой директивы рекомендуется использовать параметр |
b95a6d779c89
Documented that "listen ... ssl" is preferred over "ssl on".
Ruslan Ermilov <ru@nginx.com>
parents:
763
diff
changeset
|
101 <literal>ssl</literal> директивы |
b95a6d779c89
Documented that "listen ... ssl" is preferred over "ssl on".
Ruslan Ermilov <ru@nginx.com>
parents:
763
diff
changeset
|
102 <link doc="ngx_http_core_module.xml" id="listen"/>. |
b95a6d779c89
Documented that "listen ... ssl" is preferred over "ssl on".
Ruslan Ermilov <ru@nginx.com>
parents:
763
diff
changeset
|
103 </note> |
76
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
104 </para> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
105 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
106 </directive> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
107 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
108 |
1039
f7ca80263893
Documented the "ssl_buffer_size" directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1020
diff
changeset
|
109 <directive name="ssl_buffer_size"> |
f7ca80263893
Documented the "ssl_buffer_size" directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1020
diff
changeset
|
110 <syntax><value>size</value></syntax> |
f7ca80263893
Documented the "ssl_buffer_size" directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1020
diff
changeset
|
111 <default>16k</default> |
f7ca80263893
Documented the "ssl_buffer_size" directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1020
diff
changeset
|
112 <context>http</context> |
f7ca80263893
Documented the "ssl_buffer_size" directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1020
diff
changeset
|
113 <context>server</context> |
f7ca80263893
Documented the "ssl_buffer_size" directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1020
diff
changeset
|
114 <appeared-in>1.5.9</appeared-in> |
f7ca80263893
Documented the "ssl_buffer_size" directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1020
diff
changeset
|
115 |
f7ca80263893
Documented the "ssl_buffer_size" directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1020
diff
changeset
|
116 <para> |
f7ca80263893
Documented the "ssl_buffer_size" directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1020
diff
changeset
|
117 Задаёт размер буфера, используемого при отправке данных. |
f7ca80263893
Documented the "ssl_buffer_size" directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1020
diff
changeset
|
118 </para> |
f7ca80263893
Documented the "ssl_buffer_size" directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1020
diff
changeset
|
119 |
f7ca80263893
Documented the "ssl_buffer_size" directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1020
diff
changeset
|
120 <para> |
f7ca80263893
Documented the "ssl_buffer_size" directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1020
diff
changeset
|
121 По умолчанию размер буфера равен 16k, что соответствует минимальным |
f7ca80263893
Documented the "ssl_buffer_size" directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1020
diff
changeset
|
122 накладным расходам при передаче больших ответов. |
f7ca80263893
Documented the "ssl_buffer_size" directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1020
diff
changeset
|
123 С целью минимизации времени получения начала ответа (Time To First Byte) |
f7ca80263893
Documented the "ssl_buffer_size" directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1020
diff
changeset
|
124 может быть полезно использовать меньшие значения, |
f7ca80263893
Documented the "ssl_buffer_size" directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1020
diff
changeset
|
125 например: |
f7ca80263893
Documented the "ssl_buffer_size" directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1020
diff
changeset
|
126 <example> |
f7ca80263893
Documented the "ssl_buffer_size" directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1020
diff
changeset
|
127 ssl_buffer_size 4k; |
f7ca80263893
Documented the "ssl_buffer_size" directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1020
diff
changeset
|
128 </example> |
f7ca80263893
Documented the "ssl_buffer_size" directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1020
diff
changeset
|
129 </para> |
f7ca80263893
Documented the "ssl_buffer_size" directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1020
diff
changeset
|
130 |
f7ca80263893
Documented the "ssl_buffer_size" directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1020
diff
changeset
|
131 </directive> |
f7ca80263893
Documented the "ssl_buffer_size" directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1020
diff
changeset
|
132 |
f7ca80263893
Documented the "ssl_buffer_size" directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1020
diff
changeset
|
133 |
76
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
134 <directive name="ssl_certificate"> |
102
c76a257f3fd4
The directive name is now automatically printed in <default> and <syntax>.
Ruslan Ermilov <ru@nginx.com>
parents:
99
diff
changeset
|
135 <syntax><value>файл</value></syntax> |
99
1d315ef37215
The case <default/> is now language-agnostic.
Ruslan Ermilov <ru@nginx.com>
parents:
98
diff
changeset
|
136 <default/> |
379 | 137 <context>http</context> |
138 <context>server</context> | |
76
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
139 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
140 <para> |
715
3f25469cbc49
Highlighted 'file' parameters in the http_ssl_module directives.
Vladimir Homutov <vl@nginx.com>
parents:
713
diff
changeset
|
141 Указывает <value>файл</value> с сертификатом в формате PEM |
76
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
142 для данного виртуального сервера. |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
143 Если вместе с основным сертификатом нужно указать промежуточные, |
713
1de09d81acd1
Translated OCSP docs into Russian.
Vladimir Homutov <vl@nginx.com>
parents:
589
diff
changeset
|
144 то они должны находиться в этом же файле в следующем порядке: сначала |
76
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
145 основной сертификат, а затем промежуточные. |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
146 В этом же файле может находиться секретный ключ в формате PEM. |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
147 </para> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
148 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
149 <para> |
280 | 150 Нужно иметь в виду, что из-за ограничения протокола HTTPS |
379 | 151 виртуальные серверы должны слушать на разных IP-адресах: |
76
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
152 <example> |
379 | 153 server { |
154 listen 192.168.1.1:443; | |
155 server_name one.example.com; | |
156 ssl_certificate /usr/local/nginx/conf/one.example.com.cert; | |
157 ... | |
158 } | |
76
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
159 |
379 | 160 server { |
161 listen 192.168.1.2:443; | |
162 server_name two.example.com; | |
163 ssl_certificate /usr/local/nginx/conf/two.example.com.cert; | |
164 ... | |
165 } | |
76
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
166 </example> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
167 иначе для второго сайта будет выдаваться |
379 | 168 <link doc="configuring_https_servers.xml" |
169 id="name_based_https_servers">сертификат первого сервера</link>. | |
76
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
170 </para> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
171 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
172 </directive> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
173 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
174 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
175 <directive name="ssl_certificate_key"> |
102
c76a257f3fd4
The directive name is now automatically printed in <default> and <syntax>.
Ruslan Ermilov <ru@nginx.com>
parents:
99
diff
changeset
|
176 <syntax><value>файл</value></syntax> |
99
1d315ef37215
The case <default/> is now language-agnostic.
Ruslan Ermilov <ru@nginx.com>
parents:
98
diff
changeset
|
177 <default/> |
379 | 178 <context>http</context> |
179 <context>server</context> | |
76
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
180 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
181 <para> |
715
3f25469cbc49
Highlighted 'file' parameters in the http_ssl_module directives.
Vladimir Homutov <vl@nginx.com>
parents:
713
diff
changeset
|
182 Указывает <value>файл</value> с секретным ключом в формате PEM |
76
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
183 для данного виртуального сервера. |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
184 </para> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
185 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
186 </directive> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
187 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
188 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
189 <directive name="ssl_ciphers"> |
102
c76a257f3fd4
The directive name is now automatically printed in <default> and <syntax>.
Ruslan Ermilov <ru@nginx.com>
parents:
99
diff
changeset
|
190 <syntax><value>шифры</value></syntax> |
538
58dd64aef626
Documented ciphers used by default in modern nginx versions (closes #177).
Ruslan Ermilov <ru@nginx.com>
parents:
393
diff
changeset
|
191 <default>HIGH:!aNULL:!MD5</default> |
379 | 192 <context>http</context> |
193 <context>server</context> | |
76
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
194 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
195 <para> |
379 | 196 Описывает разрешённые шифры. |
76
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
197 Шифры задаются в формате, поддерживаемом библиотекой |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
198 OpenSSL, например: |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
199 <example> |
538
58dd64aef626
Documented ciphers used by default in modern nginx versions (closes #177).
Ruslan Ermilov <ru@nginx.com>
parents:
393
diff
changeset
|
200 ssl_ciphers ALL:!aNULL:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP; |
76
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
201 </example> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
202 </para> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
203 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
204 <para> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
205 Полный список можно посмотреть с помощью команды |
271 | 206 “<command>openssl ciphers</command>”. |
76
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
207 </para> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
208 |
538
58dd64aef626
Documented ciphers used by default in modern nginx versions (closes #177).
Ruslan Ermilov <ru@nginx.com>
parents:
393
diff
changeset
|
209 <para> |
58dd64aef626
Documented ciphers used by default in modern nginx versions (closes #177).
Ruslan Ermilov <ru@nginx.com>
parents:
393
diff
changeset
|
210 <note> |
58dd64aef626
Documented ciphers used by default in modern nginx versions (closes #177).
Ruslan Ermilov <ru@nginx.com>
parents:
393
diff
changeset
|
211 В предыдущих версиях nginx по умолчанию использовались |
58dd64aef626
Documented ciphers used by default in modern nginx versions (closes #177).
Ruslan Ermilov <ru@nginx.com>
parents:
393
diff
changeset
|
212 <link doc="configuring_https_servers.xml" id="compatibility">другие</link> |
58dd64aef626
Documented ciphers used by default in modern nginx versions (closes #177).
Ruslan Ermilov <ru@nginx.com>
parents:
393
diff
changeset
|
213 шифры. |
58dd64aef626
Documented ciphers used by default in modern nginx versions (closes #177).
Ruslan Ermilov <ru@nginx.com>
parents:
393
diff
changeset
|
214 </note> |
58dd64aef626
Documented ciphers used by default in modern nginx versions (closes #177).
Ruslan Ermilov <ru@nginx.com>
parents:
393
diff
changeset
|
215 </para> |
58dd64aef626
Documented ciphers used by default in modern nginx versions (closes #177).
Ruslan Ermilov <ru@nginx.com>
parents:
393
diff
changeset
|
216 |
76
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
217 </directive> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
218 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
219 |
379 | 220 <directive name="ssl_client_certificate"> |
221 <syntax><value>файл</value></syntax> | |
222 <default/> | |
223 <context>http</context> | |
224 <context>server</context> | |
225 | |
226 <para> | |
715
3f25469cbc49
Highlighted 'file' parameters in the http_ssl_module directives.
Vladimir Homutov <vl@nginx.com>
parents:
713
diff
changeset
|
227 Указывает <value>файл</value> с доверенными сертификатами CA в формате |
713
1de09d81acd1
Translated OCSP docs into Russian.
Vladimir Homutov <vl@nginx.com>
parents:
589
diff
changeset
|
228 PEM, которые используются для проверки клиентских сертификатов и |
1de09d81acd1
Translated OCSP docs into Russian.
Vladimir Homutov <vl@nginx.com>
parents:
589
diff
changeset
|
229 ответов OCSP, если включён <link id="ssl_stapling"/>. |
1de09d81acd1
Translated OCSP docs into Russian.
Vladimir Homutov <vl@nginx.com>
parents:
589
diff
changeset
|
230 </para> |
1de09d81acd1
Translated OCSP docs into Russian.
Vladimir Homutov <vl@nginx.com>
parents:
589
diff
changeset
|
231 |
1de09d81acd1
Translated OCSP docs into Russian.
Vladimir Homutov <vl@nginx.com>
parents:
589
diff
changeset
|
232 <para> |
1de09d81acd1
Translated OCSP docs into Russian.
Vladimir Homutov <vl@nginx.com>
parents:
589
diff
changeset
|
233 Список сертификатов будет отправляться клиентам. |
1de09d81acd1
Translated OCSP docs into Russian.
Vladimir Homutov <vl@nginx.com>
parents:
589
diff
changeset
|
234 Если это нежелательно, можно воспользоваться директивой |
1de09d81acd1
Translated OCSP docs into Russian.
Vladimir Homutov <vl@nginx.com>
parents:
589
diff
changeset
|
235 <link id="ssl_trusted_certificate"/>. |
379 | 236 </para> |
237 | |
238 </directive> | |
239 | |
240 | |
76
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
241 <directive name="ssl_crl"> |
102
c76a257f3fd4
The directive name is now automatically printed in <default> and <syntax>.
Ruslan Ermilov <ru@nginx.com>
parents:
99
diff
changeset
|
242 <syntax><value>файл</value></syntax> |
99
1d315ef37215
The case <default/> is now language-agnostic.
Ruslan Ermilov <ru@nginx.com>
parents:
98
diff
changeset
|
243 <default/> |
379 | 244 <context>http</context> |
245 <context>server</context> | |
246 <appeared-in>0.8.7</appeared-in> | |
76
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
247 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
248 <para> |
715
3f25469cbc49
Highlighted 'file' parameters in the http_ssl_module directives.
Vladimir Homutov <vl@nginx.com>
parents:
713
diff
changeset
|
249 Указывает <value>файл</value> с отозванными сертификатами (CRL) |
379 | 250 в формате PEM, используемыми для проверки клиентских сертификатов. |
76
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
251 </para> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
252 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
253 </directive> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
254 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
255 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
256 <directive name="ssl_dhparam"> |
102
c76a257f3fd4
The directive name is now automatically printed in <default> and <syntax>.
Ruslan Ermilov <ru@nginx.com>
parents:
99
diff
changeset
|
257 <syntax><value>файл</value></syntax> |
99
1d315ef37215
The case <default/> is now language-agnostic.
Ruslan Ermilov <ru@nginx.com>
parents:
98
diff
changeset
|
258 <default/> |
379 | 259 <context>http</context> |
260 <context>server</context> | |
261 <appeared-in>0.7.2</appeared-in> | |
76
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
262 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
263 <para> |
715
3f25469cbc49
Highlighted 'file' parameters in the http_ssl_module directives.
Vladimir Homutov <vl@nginx.com>
parents:
713
diff
changeset
|
264 Указывает <value>файл</value> с параметрами для шифров с обменом EDH-ключами. |
76
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
265 </para> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
266 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
267 </directive> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
268 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
269 |
1054
c5793e5c30d4
Documented the "ssl_ecdh_curve" directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1039
diff
changeset
|
270 <directive name="ssl_ecdh_curve"> |
c5793e5c30d4
Documented the "ssl_ecdh_curve" directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1039
diff
changeset
|
271 <syntax><value>кривая</value></syntax> |
c5793e5c30d4
Documented the "ssl_ecdh_curve" directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1039
diff
changeset
|
272 <default>prime256v1</default> |
c5793e5c30d4
Documented the "ssl_ecdh_curve" directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1039
diff
changeset
|
273 <context>http</context> |
c5793e5c30d4
Documented the "ssl_ecdh_curve" directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1039
diff
changeset
|
274 <context>server</context> |
c5793e5c30d4
Documented the "ssl_ecdh_curve" directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1039
diff
changeset
|
275 <appeared-in>1.1.0</appeared-in> |
c5793e5c30d4
Documented the "ssl_ecdh_curve" directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1039
diff
changeset
|
276 <appeared-in>1.0.6</appeared-in> |
c5793e5c30d4
Documented the "ssl_ecdh_curve" directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1039
diff
changeset
|
277 |
c5793e5c30d4
Documented the "ssl_ecdh_curve" directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1039
diff
changeset
|
278 <para> |
c5793e5c30d4
Documented the "ssl_ecdh_curve" directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1039
diff
changeset
|
279 Задаёт кривую для ECDHE-шифров. |
c5793e5c30d4
Documented the "ssl_ecdh_curve" directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1039
diff
changeset
|
280 </para> |
c5793e5c30d4
Documented the "ssl_ecdh_curve" directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1039
diff
changeset
|
281 |
c5793e5c30d4
Documented the "ssl_ecdh_curve" directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1039
diff
changeset
|
282 </directive> |
c5793e5c30d4
Documented the "ssl_ecdh_curve" directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1039
diff
changeset
|
283 |
c5793e5c30d4
Documented the "ssl_ecdh_curve" directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1039
diff
changeset
|
284 |
76
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
285 <directive name="ssl_prefer_server_ciphers"> |
271 | 286 <syntax><literal>on</literal> | <literal>off</literal></syntax> |
102
c76a257f3fd4
The directive name is now automatically printed in <default> and <syntax>.
Ruslan Ermilov <ru@nginx.com>
parents:
99
diff
changeset
|
287 <default>off</default> |
379 | 288 <context>http</context> |
289 <context>server</context> | |
76
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
290 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
291 <para> |
379 | 292 Указывает, чтобы при использовании протоколов SSLv3 и TLS |
76
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
293 серверные шифры были более приоритетны, чем клиентские. |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
294 </para> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
295 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
296 </directive> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
297 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
298 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
299 <directive name="ssl_protocols"> |
314
95d5dc7c9884
Documented the new "TLSv1.1" and "TLSv1.2" parameters of the
Ruslan Ermilov <ru@nginx.com>
parents:
285
diff
changeset
|
300 <syntax> |
95d5dc7c9884
Documented the new "TLSv1.1" and "TLSv1.2" parameters of the
Ruslan Ermilov <ru@nginx.com>
parents:
285
diff
changeset
|
301 [<literal>SSLv2</literal>] |
95d5dc7c9884
Documented the new "TLSv1.1" and "TLSv1.2" parameters of the
Ruslan Ermilov <ru@nginx.com>
parents:
285
diff
changeset
|
302 [<literal>SSLv3</literal>] |
95d5dc7c9884
Documented the new "TLSv1.1" and "TLSv1.2" parameters of the
Ruslan Ermilov <ru@nginx.com>
parents:
285
diff
changeset
|
303 [<literal>TLSv1</literal>] |
95d5dc7c9884
Documented the new "TLSv1.1" and "TLSv1.2" parameters of the
Ruslan Ermilov <ru@nginx.com>
parents:
285
diff
changeset
|
304 [<literal>TLSv1.1</literal>] |
95d5dc7c9884
Documented the new "TLSv1.1" and "TLSv1.2" parameters of the
Ruslan Ermilov <ru@nginx.com>
parents:
285
diff
changeset
|
305 [<literal>TLSv1.2</literal>]</syntax> |
95d5dc7c9884
Documented the new "TLSv1.1" and "TLSv1.2" parameters of the
Ruslan Ermilov <ru@nginx.com>
parents:
285
diff
changeset
|
306 <default>SSLv3 TLSv1 TLSv1.1 TLSv1.2</default> |
379 | 307 <context>http</context> |
308 <context>server</context> | |
76
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
309 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
310 <para> |
379 | 311 Разрешает указанные протоколы. |
314
95d5dc7c9884
Documented the new "TLSv1.1" and "TLSv1.2" parameters of the
Ruslan Ermilov <ru@nginx.com>
parents:
285
diff
changeset
|
312 Параметры <literal>TLSv1.1</literal> и <literal>TLSv1.2</literal> работают |
95d5dc7c9884
Documented the new "TLSv1.1" and "TLSv1.2" parameters of the
Ruslan Ermilov <ru@nginx.com>
parents:
285
diff
changeset
|
313 только при использовании библиотеки OpenSSL версии 1.0.1 и выше. |
95d5dc7c9884
Documented the new "TLSv1.1" and "TLSv1.2" parameters of the
Ruslan Ermilov <ru@nginx.com>
parents:
285
diff
changeset
|
314 <note> |
95d5dc7c9884
Documented the new "TLSv1.1" and "TLSv1.2" parameters of the
Ruslan Ermilov <ru@nginx.com>
parents:
285
diff
changeset
|
315 Параметры <literal>TLSv1.1</literal> и <literal>TLSv1.2</literal> поддерживаются |
393
b83d332fbdaa
Documented SSL changes in the upcoming 1.0.12 release.
Ruslan Ermilov <ru@nginx.com>
parents:
383
diff
changeset
|
316 только начиная с версий 1.1.13 и 1.0.12, |
b83d332fbdaa
Documented SSL changes in the upcoming 1.0.12 release.
Ruslan Ermilov <ru@nginx.com>
parents:
383
diff
changeset
|
317 поэтому при использовании OpenSSL версии 1.0.1 |
314
95d5dc7c9884
Documented the new "TLSv1.1" and "TLSv1.2" parameters of the
Ruslan Ermilov <ru@nginx.com>
parents:
285
diff
changeset
|
318 и выше на старых версиях nginx эти протоколы работать будут, однако их нельзя |
95d5dc7c9884
Documented the new "TLSv1.1" and "TLSv1.2" parameters of the
Ruslan Ermilov <ru@nginx.com>
parents:
285
diff
changeset
|
319 будет отключить. |
95d5dc7c9884
Documented the new "TLSv1.1" and "TLSv1.2" parameters of the
Ruslan Ermilov <ru@nginx.com>
parents:
285
diff
changeset
|
320 </note> |
76
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
321 </para> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
322 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
323 </directive> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
324 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
325 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
326 <directive name="ssl_session_cache"> |
271 | 327 <syntax> |
379 | 328 <literal>off</literal> | |
329 <literal>none</literal> | | |
330 [<literal>builtin</literal>[:<value>размер</value>]] | |
331 [<literal>shared</literal>:<value>название</value>:<value>размер</value>]</syntax> | |
102
c76a257f3fd4
The directive name is now automatically printed in <default> and <syntax>.
Ruslan Ermilov <ru@nginx.com>
parents:
99
diff
changeset
|
332 <default>none</default> |
379 | 333 <context>http</context> |
334 <context>server</context> | |
76
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
335 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
336 <para> |
379 | 337 Задаёт тип и размеры кэшей для хранения параметров сессий. |
76
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
338 Тип кэша может быть следующим: |
379 | 339 <list type="tag"> |
76
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
340 |
379 | 341 <tag-name><literal>off</literal></tag-name> |
342 <tag-desc> | |
343 жёсткое запрещение использования кэша сессий: | |
76
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
344 nginx явно говорит клиенту, что сессии не могут использоваться повторно. |
379 | 345 </tag-desc> |
76
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
346 |
379 | 347 <tag-name><literal>none</literal></tag-name> |
348 <tag-desc> | |
349 мягкое запрещение использования кэша сессий: | |
76
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
350 nginx говорит клиенту, что сессии могут использоваться повторно, но |
966 | 351 на самом деле не хранит параметры сессии в кэше. |
379 | 352 </tag-desc> |
76
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
353 |
379 | 354 <tag-name><literal>builtin</literal></tag-name> |
355 <tag-desc> | |
356 встроенный в OpenSSL кэш, используется в рамках только одного рабочего процесса. | |
357 Размер кэша задаётся в сессиях. | |
76
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
358 Если размер не задан, то он равен 20480 сессиям. |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
359 Использование встроенного кэша может вести к фрагментации памяти. |
379 | 360 </tag-desc> |
76
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
361 |
379 | 362 <tag-name><literal>shared</literal></tag-name> |
363 <tag-desc> | |
966 | 364 кэш, разделяемый между всеми рабочими процессами. |
76
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
365 Размер кэша задаётся в байтах, в 1 мегабайт может поместиться |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
366 около 4000 сессий. |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
367 У каждого разделяемого кэша должно быть произвольное название. |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
368 Кэш с одинаковым названием может использоваться в нескольких |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
369 виртуальных серверах. |
379 | 370 </tag-desc> |
76
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
371 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
372 </list> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
373 </para> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
374 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
375 <para> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
376 Можно использовать одновременно оба типа кэша, например: |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
377 <example> |
379 | 378 ssl_session_cache builtin:1000 shared:SSL:10m; |
76
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
379 </example> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
380 однако использование только разделяемого кэша без встроенного должно |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
381 быть более эффективным. |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
382 </para> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
383 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
384 </directive> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
385 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
386 |
1019
2b6a858c60dc
Documented the "ssl_session_ticket_key" directive in http and mail.
Vladimir Homutov <vl@nginx.com>
parents:
966
diff
changeset
|
387 <directive name="ssl_session_ticket_key"> |
2b6a858c60dc
Documented the "ssl_session_ticket_key" directive in http and mail.
Vladimir Homutov <vl@nginx.com>
parents:
966
diff
changeset
|
388 <syntax><value>файл</value></syntax> |
2b6a858c60dc
Documented the "ssl_session_ticket_key" directive in http and mail.
Vladimir Homutov <vl@nginx.com>
parents:
966
diff
changeset
|
389 <default/> |
2b6a858c60dc
Documented the "ssl_session_ticket_key" directive in http and mail.
Vladimir Homutov <vl@nginx.com>
parents:
966
diff
changeset
|
390 <context>http</context> |
2b6a858c60dc
Documented the "ssl_session_ticket_key" directive in http and mail.
Vladimir Homutov <vl@nginx.com>
parents:
966
diff
changeset
|
391 <context>server</context> |
2b6a858c60dc
Documented the "ssl_session_ticket_key" directive in http and mail.
Vladimir Homutov <vl@nginx.com>
parents:
966
diff
changeset
|
392 <appeared-in>1.5.7</appeared-in> |
2b6a858c60dc
Documented the "ssl_session_ticket_key" directive in http and mail.
Vladimir Homutov <vl@nginx.com>
parents:
966
diff
changeset
|
393 |
2b6a858c60dc
Documented the "ssl_session_ticket_key" directive in http and mail.
Vladimir Homutov <vl@nginx.com>
parents:
966
diff
changeset
|
394 <para> |
2b6a858c60dc
Documented the "ssl_session_ticket_key" directive in http and mail.
Vladimir Homutov <vl@nginx.com>
parents:
966
diff
changeset
|
395 Задаёт <value>файл</value> с секретным ключом, применяемым при шифровании и |
2b6a858c60dc
Documented the "ssl_session_ticket_key" directive in http and mail.
Vladimir Homutov <vl@nginx.com>
parents:
966
diff
changeset
|
396 расшифровании TLS session tickets. |
2b6a858c60dc
Documented the "ssl_session_ticket_key" directive in http and mail.
Vladimir Homutov <vl@nginx.com>
parents:
966
diff
changeset
|
397 Директива необходима, если один и тот же ключ нужно использовать |
2b6a858c60dc
Documented the "ssl_session_ticket_key" directive in http and mail.
Vladimir Homutov <vl@nginx.com>
parents:
966
diff
changeset
|
398 на нескольких серверах. |
2b6a858c60dc
Documented the "ssl_session_ticket_key" directive in http and mail.
Vladimir Homutov <vl@nginx.com>
parents:
966
diff
changeset
|
399 По умолчанию используется случайно сгенерированный ключ. |
2b6a858c60dc
Documented the "ssl_session_ticket_key" directive in http and mail.
Vladimir Homutov <vl@nginx.com>
parents:
966
diff
changeset
|
400 </para> |
2b6a858c60dc
Documented the "ssl_session_ticket_key" directive in http and mail.
Vladimir Homutov <vl@nginx.com>
parents:
966
diff
changeset
|
401 |
2b6a858c60dc
Documented the "ssl_session_ticket_key" directive in http and mail.
Vladimir Homutov <vl@nginx.com>
parents:
966
diff
changeset
|
402 <para> |
2b6a858c60dc
Documented the "ssl_session_ticket_key" directive in http and mail.
Vladimir Homutov <vl@nginx.com>
parents:
966
diff
changeset
|
403 Если указано несколько ключей, то только первый ключ |
1020 | 404 используется для шифрования TLS session tickets. |
1019
2b6a858c60dc
Documented the "ssl_session_ticket_key" directive in http and mail.
Vladimir Homutov <vl@nginx.com>
parents:
966
diff
changeset
|
405 Это позволяет настроить ротацию ключей, например: |
2b6a858c60dc
Documented the "ssl_session_ticket_key" directive in http and mail.
Vladimir Homutov <vl@nginx.com>
parents:
966
diff
changeset
|
406 <example> |
2b6a858c60dc
Documented the "ssl_session_ticket_key" directive in http and mail.
Vladimir Homutov <vl@nginx.com>
parents:
966
diff
changeset
|
407 ssl_session_ticket_key current.key; |
2b6a858c60dc
Documented the "ssl_session_ticket_key" directive in http and mail.
Vladimir Homutov <vl@nginx.com>
parents:
966
diff
changeset
|
408 ssl_session_ticket_key previous.key; |
2b6a858c60dc
Documented the "ssl_session_ticket_key" directive in http and mail.
Vladimir Homutov <vl@nginx.com>
parents:
966
diff
changeset
|
409 </example> |
2b6a858c60dc
Documented the "ssl_session_ticket_key" directive in http and mail.
Vladimir Homutov <vl@nginx.com>
parents:
966
diff
changeset
|
410 </para> |
2b6a858c60dc
Documented the "ssl_session_ticket_key" directive in http and mail.
Vladimir Homutov <vl@nginx.com>
parents:
966
diff
changeset
|
411 |
2b6a858c60dc
Documented the "ssl_session_ticket_key" directive in http and mail.
Vladimir Homutov <vl@nginx.com>
parents:
966
diff
changeset
|
412 <para> |
2b6a858c60dc
Documented the "ssl_session_ticket_key" directive in http and mail.
Vladimir Homutov <vl@nginx.com>
parents:
966
diff
changeset
|
413 <value>Файл</value> должен содержать 48 байт случайных данных и может быть |
2b6a858c60dc
Documented the "ssl_session_ticket_key" directive in http and mail.
Vladimir Homutov <vl@nginx.com>
parents:
966
diff
changeset
|
414 создан следующей командой: |
2b6a858c60dc
Documented the "ssl_session_ticket_key" directive in http and mail.
Vladimir Homutov <vl@nginx.com>
parents:
966
diff
changeset
|
415 <example> |
2b6a858c60dc
Documented the "ssl_session_ticket_key" directive in http and mail.
Vladimir Homutov <vl@nginx.com>
parents:
966
diff
changeset
|
416 openssl rand 48 > ticket.key |
2b6a858c60dc
Documented the "ssl_session_ticket_key" directive in http and mail.
Vladimir Homutov <vl@nginx.com>
parents:
966
diff
changeset
|
417 </example> |
2b6a858c60dc
Documented the "ssl_session_ticket_key" directive in http and mail.
Vladimir Homutov <vl@nginx.com>
parents:
966
diff
changeset
|
418 </para> |
2b6a858c60dc
Documented the "ssl_session_ticket_key" directive in http and mail.
Vladimir Homutov <vl@nginx.com>
parents:
966
diff
changeset
|
419 |
2b6a858c60dc
Documented the "ssl_session_ticket_key" directive in http and mail.
Vladimir Homutov <vl@nginx.com>
parents:
966
diff
changeset
|
420 </directive> |
2b6a858c60dc
Documented the "ssl_session_ticket_key" directive in http and mail.
Vladimir Homutov <vl@nginx.com>
parents:
966
diff
changeset
|
421 |
2b6a858c60dc
Documented the "ssl_session_ticket_key" directive in http and mail.
Vladimir Homutov <vl@nginx.com>
parents:
966
diff
changeset
|
422 |
1055
e26a9f598e40
Documented the "ssl_session_tickets" directive.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1054
diff
changeset
|
423 <directive name="ssl_session_tickets"> |
e26a9f598e40
Documented the "ssl_session_tickets" directive.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1054
diff
changeset
|
424 <syntax><literal>on</literal> | <literal>off</literal></syntax> |
e26a9f598e40
Documented the "ssl_session_tickets" directive.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1054
diff
changeset
|
425 <default>on</default> |
e26a9f598e40
Documented the "ssl_session_tickets" directive.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1054
diff
changeset
|
426 <context>http</context> |
e26a9f598e40
Documented the "ssl_session_tickets" directive.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1054
diff
changeset
|
427 <context>server</context> |
e26a9f598e40
Documented the "ssl_session_tickets" directive.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1054
diff
changeset
|
428 <appeared-in>1.5.9</appeared-in> |
e26a9f598e40
Documented the "ssl_session_tickets" directive.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1054
diff
changeset
|
429 |
e26a9f598e40
Documented the "ssl_session_tickets" directive.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1054
diff
changeset
|
430 <para> |
e26a9f598e40
Documented the "ssl_session_tickets" directive.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1054
diff
changeset
|
431 Разрешает или запрещает возобновление сессий при помощи |
e26a9f598e40
Documented the "ssl_session_tickets" directive.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1054
diff
changeset
|
432 <link url="http://tools.ietf.org/html/rfc5077">TLS session tickets</link>. |
e26a9f598e40
Documented the "ssl_session_tickets" directive.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1054
diff
changeset
|
433 </para> |
e26a9f598e40
Documented the "ssl_session_tickets" directive.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1054
diff
changeset
|
434 |
e26a9f598e40
Documented the "ssl_session_tickets" directive.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1054
diff
changeset
|
435 </directive> |
e26a9f598e40
Documented the "ssl_session_tickets" directive.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1054
diff
changeset
|
436 |
e26a9f598e40
Documented the "ssl_session_tickets" directive.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1054
diff
changeset
|
437 |
76
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
438 <directive name="ssl_session_timeout"> |
102
c76a257f3fd4
The directive name is now automatically printed in <default> and <syntax>.
Ruslan Ermilov <ru@nginx.com>
parents:
99
diff
changeset
|
439 <syntax><value>время</value></syntax> |
c76a257f3fd4
The directive name is now automatically printed in <default> and <syntax>.
Ruslan Ermilov <ru@nginx.com>
parents:
99
diff
changeset
|
440 <default>5m</default> |
379 | 441 <context>http</context> |
442 <context>server</context> | |
76
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
443 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
444 <para> |
379 | 445 Задаёт время, в течение которого клиент может повторно |
76
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
446 использовать параметры сессии, хранящейся в кэше. |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
447 </para> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
448 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
449 </directive> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
450 |
379 | 451 |
713
1de09d81acd1
Translated OCSP docs into Russian.
Vladimir Homutov <vl@nginx.com>
parents:
589
diff
changeset
|
452 <directive name="ssl_stapling"> |
1de09d81acd1
Translated OCSP docs into Russian.
Vladimir Homutov <vl@nginx.com>
parents:
589
diff
changeset
|
453 <syntax><literal>on</literal> | <literal>off</literal></syntax> |
1de09d81acd1
Translated OCSP docs into Russian.
Vladimir Homutov <vl@nginx.com>
parents:
589
diff
changeset
|
454 <default>off</default> |
1de09d81acd1
Translated OCSP docs into Russian.
Vladimir Homutov <vl@nginx.com>
parents:
589
diff
changeset
|
455 <context>http</context> |
1de09d81acd1
Translated OCSP docs into Russian.
Vladimir Homutov <vl@nginx.com>
parents:
589
diff
changeset
|
456 <context>server</context> |
1de09d81acd1
Translated OCSP docs into Russian.
Vladimir Homutov <vl@nginx.com>
parents:
589
diff
changeset
|
457 <appeared-in>1.3.7</appeared-in> |
1de09d81acd1
Translated OCSP docs into Russian.
Vladimir Homutov <vl@nginx.com>
parents:
589
diff
changeset
|
458 |
1de09d81acd1
Translated OCSP docs into Russian.
Vladimir Homutov <vl@nginx.com>
parents:
589
diff
changeset
|
459 <para> |
1de09d81acd1
Translated OCSP docs into Russian.
Vladimir Homutov <vl@nginx.com>
parents:
589
diff
changeset
|
460 Разрешает или запрещает |
1de09d81acd1
Translated OCSP docs into Russian.
Vladimir Homutov <vl@nginx.com>
parents:
589
diff
changeset
|
461 <link url="http://tools.ietf.org/html/rfc4366#section-3.6">прикрепление |
1de09d81acd1
Translated OCSP docs into Russian.
Vladimir Homutov <vl@nginx.com>
parents:
589
diff
changeset
|
462 OCSP-ответов</link> сервером. |
1de09d81acd1
Translated OCSP docs into Russian.
Vladimir Homutov <vl@nginx.com>
parents:
589
diff
changeset
|
463 Пример: |
1de09d81acd1
Translated OCSP docs into Russian.
Vladimir Homutov <vl@nginx.com>
parents:
589
diff
changeset
|
464 <example> |
1de09d81acd1
Translated OCSP docs into Russian.
Vladimir Homutov <vl@nginx.com>
parents:
589
diff
changeset
|
465 ssl_stapling on; |
1de09d81acd1
Translated OCSP docs into Russian.
Vladimir Homutov <vl@nginx.com>
parents:
589
diff
changeset
|
466 resolver 192.0.2.1; |
1de09d81acd1
Translated OCSP docs into Russian.
Vladimir Homutov <vl@nginx.com>
parents:
589
diff
changeset
|
467 </example> |
1de09d81acd1
Translated OCSP docs into Russian.
Vladimir Homutov <vl@nginx.com>
parents:
589
diff
changeset
|
468 </para> |
1de09d81acd1
Translated OCSP docs into Russian.
Vladimir Homutov <vl@nginx.com>
parents:
589
diff
changeset
|
469 |
1de09d81acd1
Translated OCSP docs into Russian.
Vladimir Homutov <vl@nginx.com>
parents:
589
diff
changeset
|
470 <para> |
1de09d81acd1
Translated OCSP docs into Russian.
Vladimir Homutov <vl@nginx.com>
parents:
589
diff
changeset
|
471 Для работы OCSP stapling’а должен быть известен сертификат издателя |
1de09d81acd1
Translated OCSP docs into Russian.
Vladimir Homutov <vl@nginx.com>
parents:
589
diff
changeset
|
472 сертификата сервера. |
1de09d81acd1
Translated OCSP docs into Russian.
Vladimir Homutov <vl@nginx.com>
parents:
589
diff
changeset
|
473 Если в заданном директивой <link id="ssl_certificate"/> |
1de09d81acd1
Translated OCSP docs into Russian.
Vladimir Homutov <vl@nginx.com>
parents:
589
diff
changeset
|
474 файле не содержится промежуточных сертификатов, |
1de09d81acd1
Translated OCSP docs into Russian.
Vladimir Homutov <vl@nginx.com>
parents:
589
diff
changeset
|
475 то сертификат издателя сертификата сервера следует поместить в файл, |
1de09d81acd1
Translated OCSP docs into Russian.
Vladimir Homutov <vl@nginx.com>
parents:
589
diff
changeset
|
476 заданный директивой <link id="ssl_trusted_certificate"/>. |
1de09d81acd1
Translated OCSP docs into Russian.
Vladimir Homutov <vl@nginx.com>
parents:
589
diff
changeset
|
477 </para> |
1de09d81acd1
Translated OCSP docs into Russian.
Vladimir Homutov <vl@nginx.com>
parents:
589
diff
changeset
|
478 |
1de09d81acd1
Translated OCSP docs into Russian.
Vladimir Homutov <vl@nginx.com>
parents:
589
diff
changeset
|
479 <para> |
1de09d81acd1
Translated OCSP docs into Russian.
Vladimir Homutov <vl@nginx.com>
parents:
589
diff
changeset
|
480 Для преобразования имени хоста OCSP responder’а в адрес необходимо |
1de09d81acd1
Translated OCSP docs into Russian.
Vladimir Homutov <vl@nginx.com>
parents:
589
diff
changeset
|
481 дополнительно задать директиву |
1de09d81acd1
Translated OCSP docs into Russian.
Vladimir Homutov <vl@nginx.com>
parents:
589
diff
changeset
|
482 <link doc="ngx_http_core_module.xml" id="resolver"/>. |
1de09d81acd1
Translated OCSP docs into Russian.
Vladimir Homutov <vl@nginx.com>
parents:
589
diff
changeset
|
483 </para> |
1de09d81acd1
Translated OCSP docs into Russian.
Vladimir Homutov <vl@nginx.com>
parents:
589
diff
changeset
|
484 |
1de09d81acd1
Translated OCSP docs into Russian.
Vladimir Homutov <vl@nginx.com>
parents:
589
diff
changeset
|
485 </directive> |
1de09d81acd1
Translated OCSP docs into Russian.
Vladimir Homutov <vl@nginx.com>
parents:
589
diff
changeset
|
486 |
1de09d81acd1
Translated OCSP docs into Russian.
Vladimir Homutov <vl@nginx.com>
parents:
589
diff
changeset
|
487 |
1de09d81acd1
Translated OCSP docs into Russian.
Vladimir Homutov <vl@nginx.com>
parents:
589
diff
changeset
|
488 <directive name="ssl_stapling_file"> |
1de09d81acd1
Translated OCSP docs into Russian.
Vladimir Homutov <vl@nginx.com>
parents:
589
diff
changeset
|
489 <syntax><value>файл</value></syntax> |
1de09d81acd1
Translated OCSP docs into Russian.
Vladimir Homutov <vl@nginx.com>
parents:
589
diff
changeset
|
490 <default/> |
1de09d81acd1
Translated OCSP docs into Russian.
Vladimir Homutov <vl@nginx.com>
parents:
589
diff
changeset
|
491 <context>http</context> |
1de09d81acd1
Translated OCSP docs into Russian.
Vladimir Homutov <vl@nginx.com>
parents:
589
diff
changeset
|
492 <context>server</context> |
1de09d81acd1
Translated OCSP docs into Russian.
Vladimir Homutov <vl@nginx.com>
parents:
589
diff
changeset
|
493 <appeared-in>1.3.7</appeared-in> |
1de09d81acd1
Translated OCSP docs into Russian.
Vladimir Homutov <vl@nginx.com>
parents:
589
diff
changeset
|
494 |
1de09d81acd1
Translated OCSP docs into Russian.
Vladimir Homutov <vl@nginx.com>
parents:
589
diff
changeset
|
495 <para> |
1de09d81acd1
Translated OCSP docs into Russian.
Vladimir Homutov <vl@nginx.com>
parents:
589
diff
changeset
|
496 Если задано, то вместо опроса OCSP responder’а, |
1de09d81acd1
Translated OCSP docs into Russian.
Vladimir Homutov <vl@nginx.com>
parents:
589
diff
changeset
|
497 указанного в сертификате сервера, |
715
3f25469cbc49
Highlighted 'file' parameters in the http_ssl_module directives.
Vladimir Homutov <vl@nginx.com>
parents:
713
diff
changeset
|
498 ответ берётся из указанного <value>файла</value>. |
713
1de09d81acd1
Translated OCSP docs into Russian.
Vladimir Homutov <vl@nginx.com>
parents:
589
diff
changeset
|
499 </para> |
1de09d81acd1
Translated OCSP docs into Russian.
Vladimir Homutov <vl@nginx.com>
parents:
589
diff
changeset
|
500 |
1de09d81acd1
Translated OCSP docs into Russian.
Vladimir Homutov <vl@nginx.com>
parents:
589
diff
changeset
|
501 <para> |
1de09d81acd1
Translated OCSP docs into Russian.
Vladimir Homutov <vl@nginx.com>
parents:
589
diff
changeset
|
502 Ответ должен быть в формате DER и может быть сгенерирован командой |
1de09d81acd1
Translated OCSP docs into Russian.
Vladimir Homutov <vl@nginx.com>
parents:
589
diff
changeset
|
503 “<literal>openssl ocsp</literal>”. |
1de09d81acd1
Translated OCSP docs into Russian.
Vladimir Homutov <vl@nginx.com>
parents:
589
diff
changeset
|
504 </para> |
1de09d81acd1
Translated OCSP docs into Russian.
Vladimir Homutov <vl@nginx.com>
parents:
589
diff
changeset
|
505 |
1de09d81acd1
Translated OCSP docs into Russian.
Vladimir Homutov <vl@nginx.com>
parents:
589
diff
changeset
|
506 </directive> |
1de09d81acd1
Translated OCSP docs into Russian.
Vladimir Homutov <vl@nginx.com>
parents:
589
diff
changeset
|
507 |
1de09d81acd1
Translated OCSP docs into Russian.
Vladimir Homutov <vl@nginx.com>
parents:
589
diff
changeset
|
508 |
1de09d81acd1
Translated OCSP docs into Russian.
Vladimir Homutov <vl@nginx.com>
parents:
589
diff
changeset
|
509 <directive name="ssl_stapling_responder"> |
1de09d81acd1
Translated OCSP docs into Russian.
Vladimir Homutov <vl@nginx.com>
parents:
589
diff
changeset
|
510 <syntax><value>url</value></syntax> |
1de09d81acd1
Translated OCSP docs into Russian.
Vladimir Homutov <vl@nginx.com>
parents:
589
diff
changeset
|
511 <default/> |
1de09d81acd1
Translated OCSP docs into Russian.
Vladimir Homutov <vl@nginx.com>
parents:
589
diff
changeset
|
512 <context>http</context> |
1de09d81acd1
Translated OCSP docs into Russian.
Vladimir Homutov <vl@nginx.com>
parents:
589
diff
changeset
|
513 <context>server</context> |
1de09d81acd1
Translated OCSP docs into Russian.
Vladimir Homutov <vl@nginx.com>
parents:
589
diff
changeset
|
514 <appeared-in>1.3.7</appeared-in> |
1de09d81acd1
Translated OCSP docs into Russian.
Vladimir Homutov <vl@nginx.com>
parents:
589
diff
changeset
|
515 |
1de09d81acd1
Translated OCSP docs into Russian.
Vladimir Homutov <vl@nginx.com>
parents:
589
diff
changeset
|
516 <para> |
1de09d81acd1
Translated OCSP docs into Russian.
Vladimir Homutov <vl@nginx.com>
parents:
589
diff
changeset
|
517 Переопределяет URL OCSP responder’а, указанный в расширении сертификата |
1de09d81acd1
Translated OCSP docs into Russian.
Vladimir Homutov <vl@nginx.com>
parents:
589
diff
changeset
|
518 “<link url="http://tools.ietf.org/html/rfc5280#section-4.2.2.1">Authority |
1de09d81acd1
Translated OCSP docs into Russian.
Vladimir Homutov <vl@nginx.com>
parents:
589
diff
changeset
|
519 Information Access</link>”. |
1de09d81acd1
Translated OCSP docs into Russian.
Vladimir Homutov <vl@nginx.com>
parents:
589
diff
changeset
|
520 </para> |
1de09d81acd1
Translated OCSP docs into Russian.
Vladimir Homutov <vl@nginx.com>
parents:
589
diff
changeset
|
521 |
1de09d81acd1
Translated OCSP docs into Russian.
Vladimir Homutov <vl@nginx.com>
parents:
589
diff
changeset
|
522 <para> |
1de09d81acd1
Translated OCSP docs into Russian.
Vladimir Homutov <vl@nginx.com>
parents:
589
diff
changeset
|
523 Поддерживаются только “<literal>http://</literal>” OCSP responder’ы: |
1de09d81acd1
Translated OCSP docs into Russian.
Vladimir Homutov <vl@nginx.com>
parents:
589
diff
changeset
|
524 <example> |
1de09d81acd1
Translated OCSP docs into Russian.
Vladimir Homutov <vl@nginx.com>
parents:
589
diff
changeset
|
525 ssl_stapling_responder http://ocsp.example.com/; |
1de09d81acd1
Translated OCSP docs into Russian.
Vladimir Homutov <vl@nginx.com>
parents:
589
diff
changeset
|
526 </example> |
1de09d81acd1
Translated OCSP docs into Russian.
Vladimir Homutov <vl@nginx.com>
parents:
589
diff
changeset
|
527 </para> |
1de09d81acd1
Translated OCSP docs into Russian.
Vladimir Homutov <vl@nginx.com>
parents:
589
diff
changeset
|
528 |
1de09d81acd1
Translated OCSP docs into Russian.
Vladimir Homutov <vl@nginx.com>
parents:
589
diff
changeset
|
529 </directive> |
1de09d81acd1
Translated OCSP docs into Russian.
Vladimir Homutov <vl@nginx.com>
parents:
589
diff
changeset
|
530 |
1de09d81acd1
Translated OCSP docs into Russian.
Vladimir Homutov <vl@nginx.com>
parents:
589
diff
changeset
|
531 |
1de09d81acd1
Translated OCSP docs into Russian.
Vladimir Homutov <vl@nginx.com>
parents:
589
diff
changeset
|
532 <directive name="ssl_stapling_verify"> |
1de09d81acd1
Translated OCSP docs into Russian.
Vladimir Homutov <vl@nginx.com>
parents:
589
diff
changeset
|
533 <syntax><literal>on</literal> | <literal>off</literal></syntax> |
1de09d81acd1
Translated OCSP docs into Russian.
Vladimir Homutov <vl@nginx.com>
parents:
589
diff
changeset
|
534 <default>off</default> |
1de09d81acd1
Translated OCSP docs into Russian.
Vladimir Homutov <vl@nginx.com>
parents:
589
diff
changeset
|
535 <context>http</context> |
1de09d81acd1
Translated OCSP docs into Russian.
Vladimir Homutov <vl@nginx.com>
parents:
589
diff
changeset
|
536 <context>server</context> |
1de09d81acd1
Translated OCSP docs into Russian.
Vladimir Homutov <vl@nginx.com>
parents:
589
diff
changeset
|
537 <appeared-in>1.3.7</appeared-in> |
1de09d81acd1
Translated OCSP docs into Russian.
Vladimir Homutov <vl@nginx.com>
parents:
589
diff
changeset
|
538 |
1de09d81acd1
Translated OCSP docs into Russian.
Vladimir Homutov <vl@nginx.com>
parents:
589
diff
changeset
|
539 <para> |
1de09d81acd1
Translated OCSP docs into Russian.
Vladimir Homutov <vl@nginx.com>
parents:
589
diff
changeset
|
540 Разрешает или запрещает проверку сервером ответов OCSP. |
1de09d81acd1
Translated OCSP docs into Russian.
Vladimir Homutov <vl@nginx.com>
parents:
589
diff
changeset
|
541 </para> |
1de09d81acd1
Translated OCSP docs into Russian.
Vladimir Homutov <vl@nginx.com>
parents:
589
diff
changeset
|
542 |
1de09d81acd1
Translated OCSP docs into Russian.
Vladimir Homutov <vl@nginx.com>
parents:
589
diff
changeset
|
543 <para> |
1de09d81acd1
Translated OCSP docs into Russian.
Vladimir Homutov <vl@nginx.com>
parents:
589
diff
changeset
|
544 Для работоспособности проверки сертификат издателя сертификата сервера, |
1de09d81acd1
Translated OCSP docs into Russian.
Vladimir Homutov <vl@nginx.com>
parents:
589
diff
changeset
|
545 корневой сертификат и все промежуточные сертификаты должны быть указаны |
1de09d81acd1
Translated OCSP docs into Russian.
Vladimir Homutov <vl@nginx.com>
parents:
589
diff
changeset
|
546 как доверенные с помощью директивы |
1de09d81acd1
Translated OCSP docs into Russian.
Vladimir Homutov <vl@nginx.com>
parents:
589
diff
changeset
|
547 <link id="ssl_trusted_certificate"/>. |
1de09d81acd1
Translated OCSP docs into Russian.
Vladimir Homutov <vl@nginx.com>
parents:
589
diff
changeset
|
548 </para> |
1de09d81acd1
Translated OCSP docs into Russian.
Vladimir Homutov <vl@nginx.com>
parents:
589
diff
changeset
|
549 |
1de09d81acd1
Translated OCSP docs into Russian.
Vladimir Homutov <vl@nginx.com>
parents:
589
diff
changeset
|
550 </directive> |
1de09d81acd1
Translated OCSP docs into Russian.
Vladimir Homutov <vl@nginx.com>
parents:
589
diff
changeset
|
551 |
1de09d81acd1
Translated OCSP docs into Russian.
Vladimir Homutov <vl@nginx.com>
parents:
589
diff
changeset
|
552 |
1de09d81acd1
Translated OCSP docs into Russian.
Vladimir Homutov <vl@nginx.com>
parents:
589
diff
changeset
|
553 <directive name="ssl_trusted_certificate"> |
1de09d81acd1
Translated OCSP docs into Russian.
Vladimir Homutov <vl@nginx.com>
parents:
589
diff
changeset
|
554 <syntax><value>файл</value></syntax> |
1de09d81acd1
Translated OCSP docs into Russian.
Vladimir Homutov <vl@nginx.com>
parents:
589
diff
changeset
|
555 <default/> |
1de09d81acd1
Translated OCSP docs into Russian.
Vladimir Homutov <vl@nginx.com>
parents:
589
diff
changeset
|
556 <context>http</context> |
1de09d81acd1
Translated OCSP docs into Russian.
Vladimir Homutov <vl@nginx.com>
parents:
589
diff
changeset
|
557 <context>server</context> |
1de09d81acd1
Translated OCSP docs into Russian.
Vladimir Homutov <vl@nginx.com>
parents:
589
diff
changeset
|
558 <appeared-in>1.3.7</appeared-in> |
1de09d81acd1
Translated OCSP docs into Russian.
Vladimir Homutov <vl@nginx.com>
parents:
589
diff
changeset
|
559 |
1de09d81acd1
Translated OCSP docs into Russian.
Vladimir Homutov <vl@nginx.com>
parents:
589
diff
changeset
|
560 <para> |
715
3f25469cbc49
Highlighted 'file' parameters in the http_ssl_module directives.
Vladimir Homutov <vl@nginx.com>
parents:
713
diff
changeset
|
561 Задаёт <value>файл</value> с доверенными сертификатами CA в формате PEM, |
713
1de09d81acd1
Translated OCSP docs into Russian.
Vladimir Homutov <vl@nginx.com>
parents:
589
diff
changeset
|
562 которые используются для проверки клиентских сертификатов и ответов OCSP, |
1de09d81acd1
Translated OCSP docs into Russian.
Vladimir Homutov <vl@nginx.com>
parents:
589
diff
changeset
|
563 если включён <link id="ssl_stapling"/>. |
1de09d81acd1
Translated OCSP docs into Russian.
Vladimir Homutov <vl@nginx.com>
parents:
589
diff
changeset
|
564 </para> |
1de09d81acd1
Translated OCSP docs into Russian.
Vladimir Homutov <vl@nginx.com>
parents:
589
diff
changeset
|
565 |
1de09d81acd1
Translated OCSP docs into Russian.
Vladimir Homutov <vl@nginx.com>
parents:
589
diff
changeset
|
566 <para> |
1de09d81acd1
Translated OCSP docs into Russian.
Vladimir Homutov <vl@nginx.com>
parents:
589
diff
changeset
|
567 В отличие от <link id="ssl_client_certificate"/>, список этих сертификатов |
1de09d81acd1
Translated OCSP docs into Russian.
Vladimir Homutov <vl@nginx.com>
parents:
589
diff
changeset
|
568 не будет отправляться клиентам. |
1de09d81acd1
Translated OCSP docs into Russian.
Vladimir Homutov <vl@nginx.com>
parents:
589
diff
changeset
|
569 </para> |
1de09d81acd1
Translated OCSP docs into Russian.
Vladimir Homutov <vl@nginx.com>
parents:
589
diff
changeset
|
570 |
1de09d81acd1
Translated OCSP docs into Russian.
Vladimir Homutov <vl@nginx.com>
parents:
589
diff
changeset
|
571 </directive> |
1de09d81acd1
Translated OCSP docs into Russian.
Vladimir Homutov <vl@nginx.com>
parents:
589
diff
changeset
|
572 |
1de09d81acd1
Translated OCSP docs into Russian.
Vladimir Homutov <vl@nginx.com>
parents:
589
diff
changeset
|
573 |
379 | 574 <directive name="ssl_verify_client"> |
575 <syntax> | |
576 <literal>on</literal> | <literal>off</literal> | | |
717
c5facf2eff6f
Documented the recently added "optional_no_ca" parameter of the
Ruslan Ermilov <ru@nginx.com>
parents:
715
diff
changeset
|
577 <literal>optional</literal> | <literal>optional_no_ca</literal></syntax> |
379 | 578 <default>off</default> |
579 <context>http</context> | |
580 <context>server</context> | |
581 | |
582 <para> | |
583 Разрешает проверку клиентских сертификатов. | |
717
c5facf2eff6f
Documented the recently added "optional_no_ca" parameter of the
Ruslan Ermilov <ru@nginx.com>
parents:
715
diff
changeset
|
584 Результат проверки доступен через переменную |
c5facf2eff6f
Documented the recently added "optional_no_ca" parameter of the
Ruslan Ermilov <ru@nginx.com>
parents:
715
diff
changeset
|
585 <var>$ssl_client_verify</var>. |
c5facf2eff6f
Documented the recently added "optional_no_ca" parameter of the
Ruslan Ermilov <ru@nginx.com>
parents:
715
diff
changeset
|
586 </para> |
c5facf2eff6f
Documented the recently added "optional_no_ca" parameter of the
Ruslan Ermilov <ru@nginx.com>
parents:
715
diff
changeset
|
587 |
c5facf2eff6f
Documented the recently added "optional_no_ca" parameter of the
Ruslan Ermilov <ru@nginx.com>
parents:
715
diff
changeset
|
588 <para> |
c5facf2eff6f
Documented the recently added "optional_no_ca" parameter of the
Ruslan Ermilov <ru@nginx.com>
parents:
715
diff
changeset
|
589 Параметр <literal>optional</literal> (0.8.7+) запрашивает клиентский |
c5facf2eff6f
Documented the recently added "optional_no_ca" parameter of the
Ruslan Ermilov <ru@nginx.com>
parents:
715
diff
changeset
|
590 сертификат, и если сертификат был предоставлен, проверяет его. |
c5facf2eff6f
Documented the recently added "optional_no_ca" parameter of the
Ruslan Ermilov <ru@nginx.com>
parents:
715
diff
changeset
|
591 </para> |
c5facf2eff6f
Documented the recently added "optional_no_ca" parameter of the
Ruslan Ermilov <ru@nginx.com>
parents:
715
diff
changeset
|
592 |
c5facf2eff6f
Documented the recently added "optional_no_ca" parameter of the
Ruslan Ermilov <ru@nginx.com>
parents:
715
diff
changeset
|
593 <para> |
763
cd581dbdaf76
The "optional_no_ca" parameter of the "ssl_verify_client" directive
Ruslan Ermilov <ru@nginx.com>
parents:
717
diff
changeset
|
594 Параметр <literal>optional_no_ca</literal> (1.3.8, 1.2.5) |
cd581dbdaf76
The "optional_no_ca" parameter of the "ssl_verify_client" directive
Ruslan Ermilov <ru@nginx.com>
parents:
717
diff
changeset
|
595 запрашивает сертификат |
717
c5facf2eff6f
Documented the recently added "optional_no_ca" parameter of the
Ruslan Ermilov <ru@nginx.com>
parents:
715
diff
changeset
|
596 клиента, но не требует, чтобы он был подписан доверенным сертификатом CA. |
c5facf2eff6f
Documented the recently added "optional_no_ca" parameter of the
Ruslan Ermilov <ru@nginx.com>
parents:
715
diff
changeset
|
597 Это предназначено для случаев, когда фактическая проверка сертификата |
c5facf2eff6f
Documented the recently added "optional_no_ca" parameter of the
Ruslan Ermilov <ru@nginx.com>
parents:
715
diff
changeset
|
598 осуществляется внешним по отношению к nginx’у сервисом. |
c5facf2eff6f
Documented the recently added "optional_no_ca" parameter of the
Ruslan Ermilov <ru@nginx.com>
parents:
715
diff
changeset
|
599 Содержимое сертификата доступно через переменную |
c5facf2eff6f
Documented the recently added "optional_no_ca" parameter of the
Ruslan Ermilov <ru@nginx.com>
parents:
715
diff
changeset
|
600 <var>$ssl_client_cert</var>. |
379 | 601 </para> |
602 | |
603 </directive> | |
604 | |
605 | |
606 <directive name="ssl_verify_depth"> | |
607 <syntax><value>число</value></syntax> | |
608 <default>1</default> | |
609 <context>http</context> | |
610 <context>server</context> | |
611 | |
612 <para> | |
613 Устанавливает глубину проверки в цепочке клиентских сертификатов. | |
614 </para> | |
615 | |
616 </directive> | |
617 | |
76
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
618 </section> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
619 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
620 |
379 | 621 <section id="errors" name="Обработка ошибок"> |
76
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
622 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
623 <para> |
379 | 624 Модуль <literal>ngx_http_ssl_module</literal> поддерживает несколько |
625 нестандартных кодов ошибок, которые можно использовать для | |
626 перенаправления с помощью директивы | |
106
56457a474903
If text of the link is not provided, the @id is used.
Ruslan Ermilov <ru@nginx.com>
parents:
102
diff
changeset
|
627 <link doc="ngx_http_core_module.xml" id="error_page"/>: |
379 | 628 <list type="tag"> |
76
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
629 |
379 | 630 <tag-name>495</tag-name> |
631 <tag-desc> | |
632 при проверке клиентского сертификата произошла ошибка; | |
633 </tag-desc> | |
76
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
634 |
379 | 635 <tag-name>496</tag-name> |
636 <tag-desc> | |
637 клиент не предоставил требуемый сертификат; | |
638 </tag-desc> | |
76
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
639 |
379 | 640 <tag-name>497</tag-name> |
641 <tag-desc> | |
642 обычный запрос был послан на порт HTTPS. | |
643 </tag-desc> | |
76
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
644 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
645 </list> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
646 </para> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
647 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
648 <para> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
649 Перенаправление делается после того, как запрос полностью разобран |
379 | 650 и доступны такие переменные, как <var>$request_uri</var>, |
966 | 651 <var>$uri</var>, <var>$args</var> и другие переменные. |
76
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
652 </para> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
653 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
654 </section> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
655 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
656 |
379 | 657 <section id="variables" name="Встроенные переменные"> |
76
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
658 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
659 <para> |
379 | 660 Модуль <literal>ngx_http_ssl_module</literal> поддерживает |
661 несколько встроенных переменных: | |
662 <list type="tag"> | |
76
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
663 |
379 | 664 <tag-name><var>$ssl_cipher</var></tag-name> |
665 <tag-desc> | |
666 возвращает строку используемых шифров для установленного SSL-соединения; | |
667 </tag-desc> | |
76
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
668 |
379 | 669 <tag-name><var>$ssl_client_cert</var></tag-name> |
670 <tag-desc> | |
671 возвращает клиентский сертификат | |
76
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
672 для установленного SSL-соединения в формате PEM |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
673 перед каждой строкой которого, кроме первой, вставляется символ табуляции; |
383
a73fa21add8a
Removed a misleading sentence.
Ruslan Ermilov <ru@nginx.com>
parents:
379
diff
changeset
|
674 предназначена для использования в директиве |
379 | 675 <link doc="ngx_http_proxy_module.xml" id="proxy_set_header"/>; |
676 </tag-desc> | |
76
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
677 |
379 | 678 <tag-name><var>$ssl_client_raw_cert</var></tag-name> |
679 <tag-desc> | |
680 возвращает клиентский сертификат | |
76
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
681 для установленного SSL-соединения в формате PEM; |
379 | 682 </tag-desc> |
76
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
683 |
379 | 684 <tag-name><var>$ssl_client_serial</var></tag-name> |
685 <tag-desc> | |
686 возвращает серийный номер клиентского сертификата | |
76
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
687 для установленного SSL-соединения; |
379 | 688 </tag-desc> |
76
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
689 |
379 | 690 <tag-name><var>$ssl_client_s_dn</var></tag-name> |
691 <tag-desc> | |
692 возвращает строку “subject DN” клиентского сертификата | |
76
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
693 для установленного SSL-соединения; |
379 | 694 </tag-desc> |
76
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
695 |
379 | 696 <tag-name><var>$ssl_client_i_dn</var></tag-name> |
697 <tag-desc> | |
698 возвращает строку “issuer DN” клиентского сертификата | |
699 для установленного SSL-соединения; | |
700 </tag-desc> | |
76
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
701 |
379 | 702 <tag-name><var>$ssl_client_verify</var></tag-name> |
703 <tag-desc> | |
704 возвращает результат проверки клиентского сертификата: | |
705 “<literal>SUCCESS</literal>”, “<literal>FAILED</literal>” и, | |
706 если сертификат не был предоставлен — “<literal>NONE</literal>”; | |
707 </tag-desc> | |
76
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
708 |
379 | 709 <tag-name><var>$ssl_protocol</var></tag-name> |
710 <tag-desc> | |
711 возвращает протокол установленного SSL-соединения; | |
712 </tag-desc> | |
76
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
713 |
379 | 714 <tag-name><var>$ssl_session_id</var></tag-name> |
715 <tag-desc> | |
1072
502f4be2d62e
Documented the "ssl_session_reused" variable.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1055
diff
changeset
|
716 возвращает идентификатор сессии установленного SSL-соединения; |
502f4be2d62e
Documented the "ssl_session_reused" variable.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1055
diff
changeset
|
717 </tag-desc> |
502f4be2d62e
Documented the "ssl_session_reused" variable.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1055
diff
changeset
|
718 |
502f4be2d62e
Documented the "ssl_session_reused" variable.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1055
diff
changeset
|
719 <tag-name><var>$ssl_session_reused</var></tag-name> |
502f4be2d62e
Documented the "ssl_session_reused" variable.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1055
diff
changeset
|
720 <tag-desc> |
502f4be2d62e
Documented the "ssl_session_reused" variable.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1055
diff
changeset
|
721 возвращает “<literal>r</literal>”, если сессия была использована повторно, |
502f4be2d62e
Documented the "ssl_session_reused" variable.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1055
diff
changeset
|
722 иначе “<literal>.</literal>” (1.5.11). |
379 | 723 </tag-desc> |
76
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
724 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
725 </list> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
726 </para> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
727 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
728 </section> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
729 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
730 </module> |