Mercurial > hg > nginx-site
comparison xml/en/docs/stream/ngx_stream_ssl_module.xml @ 1521:e3d3e2ed4275
Added example configuration to mail and stream ssl modules.
author | Yaroslav Zhuravlev <yar@nginx.com> |
---|---|
date | Tue, 30 Jun 2015 17:08:34 +0300 |
parents | 3687cc9a3592 |
children | 6f5497797cde |
comparison
equal
deleted
inserted
replaced
1520:ed36e909bc79 | 1521:e3d3e2ed4275 |
---|---|
7 <!DOCTYPE module SYSTEM "../../../../dtd/module.dtd"> | 7 <!DOCTYPE module SYSTEM "../../../../dtd/module.dtd"> |
8 | 8 |
9 <module name="Module ngx_stream_ssl_module" | 9 <module name="Module ngx_stream_ssl_module" |
10 link="/en/docs/stream/ngx_stream_ssl_module.html" | 10 link="/en/docs/stream/ngx_stream_ssl_module.html" |
11 lang="en" | 11 lang="en" |
12 rev="4"> | 12 rev="5"> |
13 | 13 |
14 <section id="summary"> | 14 <section id="summary"> |
15 | 15 |
16 <para> | 16 <para> |
17 The <literal>ngx_stream_ssl_module</literal> module (1.9.0) | 17 The <literal>ngx_stream_ssl_module</literal> module (1.9.0) |
18 provides the necessary support for a stream proxy server to work with | 18 provides the necessary support for a stream proxy server to work with |
19 the SSL/TLS protocol. | 19 the SSL/TLS protocol. |
20 This module is not built by default, it should be enabled with the | 20 This module is not built by default, it should be enabled with the |
21 <literal>--with-stream_ssl_module</literal> | 21 <literal>--with-stream_ssl_module</literal> |
22 configuration parameter. | 22 configuration parameter. |
23 </para> | |
24 | |
25 </section> | |
26 | |
27 | |
28 <section id="example" name="Example Configuration"> | |
29 | |
30 <para> | |
31 To reduce the processor load, it is recommended to | |
32 <list type="bullet"> | |
33 | |
34 <listitem> | |
35 set the number of worker processes equal to the number of processors, | |
36 </listitem> | |
37 | |
38 <listitem> | |
39 enable the shared session cache, | |
40 </listitem> | |
41 | |
42 <listitem> | |
43 disable the built-in session cache, | |
44 </listitem> | |
45 | |
46 <listitem> | |
47 and possibly increase the session lifetime (by default, 5 minutes): | |
48 </listitem> | |
49 | |
50 </list> | |
51 | |
52 <example> | |
53 <emphasis>worker_processes auto;</emphasis> | |
54 | |
55 stream { | |
56 | |
57 ... | |
58 | |
59 server { | |
60 listen 12345 ssl; | |
61 | |
62 ssl_protocols TLSv1 TLSv1.1 TLSv1.2; | |
63 ssl_ciphers AES128-SHA:AES256-SHA:RC4-SHA:DES-CBC3-SHA:RC4-MD5; | |
64 ssl_certificate /usr/local/nginx/conf/cert.pem; | |
65 ssl_certificate_key /usr/local/nginx/conf/cert.key; | |
66 <emphasis>ssl_session_cache shared:SSL:10m;</emphasis> | |
67 <emphasis>ssl_session_timeout 10m;</emphasis> | |
68 | |
69 ... | |
70 } | |
71 </example> | |
23 </para> | 72 </para> |
24 | 73 |
25 </section> | 74 </section> |
26 | 75 |
27 | 76 |