Mercurial > hg > nginx-site

comparison xml/en/docs/http/ngx_http_uwsgi_module.xml @ 1193:0320929f8544

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Documented uwsgi_ssl_verify, uwsgi_ssl_server_name, and friends.
author Ruslan Ermilov <ru@nginx.com>
date Sat, 17 May 2014 01:55:19 +0400
parents b5268820c3f3
children 5ee8a00f2bc5
comparison
equal deleted inserted replaced
1192:b5268820c3f3 1193:0320929f8544
8 <!DOCTYPE module SYSTEM "../../../../dtd/module.dtd"> 8 <!DOCTYPE module SYSTEM "../../../../dtd/module.dtd">
9 9
10 <module name="Module ngx_http_uwsgi_module" 10 <module name="Module ngx_http_uwsgi_module"
11 link="/en/docs/http/ngx_http_uwsgi_module.html" 11 link="/en/docs/http/ngx_http_uwsgi_module.html"
12 lang="en" 12 lang="en"
13 rev="2"> 13 rev="3">
14 14
15 <section id="summary"> 15 <section id="summary">
16 16
17 <para> 17 <para>
18 The <literal>ngx_http_uwsgi_module</literal> module allows passing 18 The <literal>ngx_http_uwsgi_module</literal> module allows passing
955 </para> 955 </para>
956 956
957 </directive> 957 </directive>
958 958
959 959
960 <directive name="uwsgi_ssl_crl">
961 <syntax><value>file</value></syntax>
962 <default/>
963 <context>http</context>
964 <context>server</context>
965 <context>location</context>
966 <appeared-in>1.7.0</appeared-in>
967
968 <para>
969 Specifies a <value>file</value> with revoked certificates (CRL)
970 in the PEM format used to <link id="uwsgi_ssl_verify">verify</link>
971 the certificate of the secured uwsgi server.
972 </para>
973
974 </directive>
975
976
977 <directive name="uwsgi_ssl_name">
978 <syntax><value>name</value></syntax>
979 <default>host from uwsgi_pass</default>
980 <context>http</context>
981 <context>server</context>
982 <context>location</context>
983 <appeared-in>1.7.0</appeared-in>
984
985 <para>
986 Allows overriding the server name used to
987 <link id="uwsgi_ssl_verify">verify</link>
988 the certificate of the secured uwsgi server and to be
989 <link id="uwsgi_ssl_server_name">passed through SNI</link>
990 when establishing a connection with the secured uwsgi server.
991 </para>
992
993 <para>
994 By default, the host part from <link id="uwsgi_pass"/> is used.
995 </para>
996
997 </directive>
998
999
960 <directive name="uwsgi_ssl_protocols"> 1000 <directive name="uwsgi_ssl_protocols">
961 <syntax> 1001 <syntax>
962 [<literal>SSLv2</literal>] 1002 [<literal>SSLv2</literal>]
963 [<literal>SSLv3</literal>] 1003 [<literal>SSLv3</literal>]
964 [<literal>TLSv1</literal>] 1004 [<literal>TLSv1</literal>]
975 </para> 1015 </para>
976 1016
977 </directive> 1017 </directive>
978 1018
979 1019
1020 <directive name="uwsgi_ssl_server_name">
1021 <syntax><literal>on</literal> | <literal>off</literal></syntax>
1022 <default>off</default>
1023 <context>http</context>
1024 <context>server</context>
1025 <context>location</context>
1026 <appeared-in>1.7.0</appeared-in>
1027
1028 <para>
1029 Enables or disables passing of the server name through
1030 <link url="http://en.wikipedia.org/wiki/Server_Name_Indication">TLS
1031 Server Name Indication extension</link> (SNI, RFC 6066)
1032 when establishing a connection with the secured uwsgi server.
1033 </para>
1034
1035 </directive>
1036
1037
980 <directive name="uwsgi_ssl_session_reuse"> 1038 <directive name="uwsgi_ssl_session_reuse">
981 <syntax><literal>on</literal> | <literal>off</literal></syntax> 1039 <syntax><literal>on</literal> | <literal>off</literal></syntax>
982 <default>on</default> 1040 <default>on</default>
983 <context>http</context> 1041 <context>http</context>
984 <context>server</context> 1042 <context>server</context>
989 Determines whether SSL sessions can be reused when working with 1047 Determines whether SSL sessions can be reused when working with
990 a secured uwsgi server. 1048 a secured uwsgi server.
991 If the errors 1049 If the errors
992 “<literal>SSL3_GET_FINISHED:digest check failed</literal>” 1050 “<literal>SSL3_GET_FINISHED:digest check failed</literal>”
993 appear in the logs, try disabling session reuse. 1051 appear in the logs, try disabling session reuse.
1052 </para>
1053
1054 </directive>
1055
1056
1057 <directive name="uwsgi_ssl_trusted_certificate">
1058 <syntax><value>file</value></syntax>
1059 <default/>
1060 <context>http</context>
1061 <context>server</context>
1062 <context>location</context>
1063 <appeared-in>1.7.0</appeared-in>
1064
1065 <para>
1066 Specifies a <value>file</value> with trusted CA certificates in the PEM format
1067 used to <link id="uwsgi_ssl_verify">verify</link>
1068 the certificate of the secured uwsgi server.
1069 </para>
1070
1071 </directive>
1072
1073
1074 <directive name="uwsgi_ssl_verify">
1075 <syntax><literal>on</literal> | <literal>off</literal></syntax>
1076 <default>off</default>
1077 <context>http</context>
1078 <context>server</context>
1079 <context>location</context>
1080 <appeared-in>1.7.0</appeared-in>
1081
1082 <para>
1083 Enables or disables verification of the secured uwsgi server certificate.
1084 </para>
1085
1086 </directive>
1087
1088
1089 <directive name="uwsgi_ssl_verify_depth">
1090 <syntax><value>number</value></syntax>
1091 <default>1</default>
1092 <context>http</context>
1093 <context>server</context>
1094 <context>location</context>
1095 <appeared-in>1.7.0</appeared-in>
1096
1097 <para>
1098 Sets the verification depth in the secured uwsgi server certificates chain.
994 </para> 1099 </para>
995 1100
996 </directive> 1101 </directive>
997 1102
998 1103