Mercurial > hg > nginx-site

comparison xml/en/docs/stream/ngx_stream_proxy_module.xml @ 1450:f5b5eefc43cb

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Updated commercial docs for the upcoming release.
author Ruslan Ermilov <ru@nginx.com>
date Thu, 09 Apr 2015 19:18:54 +0300
parents 50c72ad994b3
children e69e4dbcc760
comparison
equal deleted inserted replaced
1449:c79501e16e26 1450:f5b5eefc43cb
7 <!DOCTYPE module SYSTEM "../../../../dtd/module.dtd"> 7 <!DOCTYPE module SYSTEM "../../../../dtd/module.dtd">
8 8
9 <module name="Module ngx_stream_proxy_module" 9 <module name="Module ngx_stream_proxy_module"
10 link="/en/docs/stream/ngx_stream_proxy_module.html" 10 link="/en/docs/stream/ngx_stream_proxy_module.html"
11 lang="en" 11 lang="en"
12 rev="2"> 12 rev="3">
13 13
14 <section id="summary"> 14 <section id="summary">
15 15
16 <para> 16 <para>
17 The <literal>ngx_stream_proxy_module</literal> module (1.7.7) allows passing 17 The <literal>ngx_stream_proxy_module</literal> module (1.7.7) allows passing
76 <context>server</context> 76 <context>server</context>
77 77
78 <para> 78 <para>
79 Sets the <value>size</value> of the 79 Sets the <value>size</value> of the
80 buffer used for reading data from the client. 80 buffer used for reading data from the client.
81 </para>
82
83 </directive>
84
85
86 <directive name="proxy_next_upstream">
87 <syntax><literal>on</literal> | <literal>off</literal></syntax>
88 <default>on</default>
89 <context>stream</context>
90 <context>server</context>
91 <appeared-in>1.7.10</appeared-in>
92
93 <para>
94 When a connection to the proxied server cannot be established, determines
95 whether a client connection will be passed to the next server.
96 </para>
97
98 <para>
99 Passing a connection to the next server can be limited by
100 <link id="proxy_next_upstream_tries">the number of tries</link>
101 and by <link id="proxy_next_upstream_timeout">time</link>.
102 </para>
103
104 </directive>
105
106
107 <directive name="proxy_next_upstream_timeout">
108 <syntax><value>time</value></syntax>
109 <default>0</default>
110 <context>stream</context>
111 <context>server</context>
112 <appeared-in>1.7.10</appeared-in>
113
114 <para>
115 Limits the time allowed to pass a connection to the
116 <link id="proxy_next_upstream">next server</link>.
117 The <literal>0</literal> value turns off this limitation.
118 </para>
119
120 </directive>
121
122
123 <directive name="proxy_next_upstream_tries">
124 <syntax><value>number</value></syntax>
125 <default>0</default>
126 <context>stream</context>
127 <context>server</context>
128 <appeared-in>1.7.10</appeared-in>
129
130 <para>
131 Limits the number of possible tries for passing a connection to the
132 <link id="proxy_next_upstream">next server</link>.
133 The <literal>0</literal> value turns off this limitation.
81 </para> 134 </para>
82 135
83 </directive> 136 </directive>
84 137
85 138
109 </para> 162 </para>
110 163
111 </directive> 164 </directive>
112 165
113 166
167 <directive name="proxy_ssl">
168 <syntax><literal>on</literal> | <literal>off</literal></syntax>
169 <default>off</default>
170 <context>stream</context>
171 <context>server</context>
172 <appeared-in>1.7.10</appeared-in>
173
174 <para>
175 Enables the SSL/TLS protocol for connections to a proxied server.
176 </para>
177
178 </directive>
179
180
181 <directive name="proxy_ssl_certificate">
182 <syntax><value>file</value></syntax>
183 <default/>
184 <context>stream</context>
185 <context>server</context>
186 <appeared-in>1.7.10</appeared-in>
187
188 <para>
189 Specifies a <value>file</value> with the certificate in the PEM format
190 used for authentication to a proxied server.
191 </para>
192
193 </directive>
194
195
196 <directive name="proxy_ssl_certificate_key">
197 <syntax><value>file</value></syntax>
198 <default/>
199 <context>stream</context>
200 <context>server</context>
201 <appeared-in>1.7.10</appeared-in>
202
203 <para>
204 Specifies a <value>file</value> with the secret key in the PEM format
205 used for authentication to a proxied server.
206 </para>
207
208 </directive>
209
210
211 <directive name="proxy_ssl_ciphers">
212 <syntax><value>ciphers</value></syntax>
213 <default>DEFAULT</default>
214 <context>stream</context>
215 <context>server</context>
216 <appeared-in>1.7.10</appeared-in>
217
218 <para>
219 Specifies the enabled ciphers for connections to a proxied server.
220 The ciphers are specified in the format understood by the OpenSSL library.
221 </para>
222
223 <para>
224 The full list can be viewed using the
225 “<command>openssl ciphers</command>” command.
226 </para>
227
228 </directive>
229
230
231 <directive name="proxy_ssl_crl">
232 <syntax><value>file</value></syntax>
233 <default/>
234 <context>stream</context>
235 <context>server</context>
236 <appeared-in>1.7.10</appeared-in>
237
238 <para>
239 Specifies a <value>file</value> with revoked certificates (CRL)
240 in the PEM format used to <link id="proxy_ssl_verify">verify</link>
241 the certificate of the proxied server.
242 </para>
243
244 </directive>
245
246
247 <directive name="proxy_ssl_name">
248 <syntax><value>name</value></syntax>
249 <default>host from proxy_pass</default>
250 <context>stream</context>
251 <context>server</context>
252 <appeared-in>1.7.10</appeared-in>
253
254 <para>
255 Allows to override the server name used to
256 <link id="proxy_ssl_verify">verify</link>
257 the certificate of the proxied server and to be
258 <link id="proxy_ssl_server_name">passed through SNI</link>
259 when establishing a connection with the proxied server.
260 </para>
261
262 <para>
263 By default, the host part of the <link id="proxy_pass"/> address is used.
264 </para>
265
266 </directive>
267
268
269 <directive name="proxy_ssl_password_file">
270 <syntax><value>file</value></syntax>
271 <default/>
272 <context>stream</context>
273 <context>server</context>
274 <appeared-in>1.7.10</appeared-in>
275
276 <para>
277 Specifies a <value>file</value> with passphrases for
278 <link id="proxy_ssl_certificate_key">secret keys</link>
279 where each passphrase is specified on a separate line.
280 Passphrases are tried in turn when loading the key.
281 </para>
282
283 </directive>
284
285
286 <directive name="proxy_ssl_server_name">
287 <syntax><literal>on</literal> | <literal>off</literal></syntax>
288 <default>off</default>
289 <context>stream</context>
290 <context>server</context>
291 <appeared-in>1.7.10</appeared-in>
292
293 <para>
294 Enables or disables passing of the server name through
295 <link url="http://en.wikipedia.org/wiki/Server_Name_Indication">TLS
296 Server Name Indication extension</link> (SNI, RFC 6066)
297 when establishing a connection with the proxied server.
298 </para>
299
300 </directive>
301
302
303 <directive name="proxy_ssl_session_reuse">
304 <syntax><literal>on</literal> | <literal>off</literal></syntax>
305 <default>on</default>
306 <context>stream</context>
307 <context>server</context>
308 <appeared-in>1.7.10</appeared-in>
309
310 <para>
311 Determines whether SSL sessions can be reused when working with
312 the proxied server.
313 If the errors
314 “<literal>SSL3_GET_FINISHED:digest check failed</literal>”
315 appear in the logs, try disabling session reuse.
316 </para>
317
318 </directive>
319
320
321 <directive name="proxy_ssl_protocols">
322 <syntax>
323 [<literal>SSLv2</literal>]
324 [<literal>SSLv3</literal>]
325 [<literal>TLSv1</literal>]
326 [<literal>TLSv1.1</literal>]
327 [<literal>TLSv1.2</literal>]</syntax>
328 <default>SSLv3 TLSv1 TLSv1.1 TLSv1.2</default>
329 <context>stream</context>
330 <context>server</context>
331 <appeared-in>1.7.10</appeared-in>
332
333 <para>
334 Enables the specified protocols for connections to a proxied server.
335 </para>
336
337 </directive>
338
339
340 <directive name="proxy_ssl_trusted_certificate">
341 <syntax><value>file</value></syntax>
342 <default/>
343 <context>stream</context>
344 <context>server</context>
345 <appeared-in>1.7.10</appeared-in>
346
347 <para>
348 Specifies a <value>file</value> with trusted CA certificates in the PEM format
349 used to <link id="proxy_ssl_verify">verify</link>
350 the certificate of the proxied server.
351 </para>
352
353 </directive>
354
355
356 <directive name="proxy_ssl_verify">
357 <syntax><literal>on</literal> | <literal>off</literal></syntax>
358 <default>off</default>
359 <context>stream</context>
360 <context>server</context>
361 <appeared-in>1.7.10</appeared-in>
362
363 <para>
364 Enables or disables verification of the proxied server certificate.
365 </para>
366
367 </directive>
368
369
370 <directive name="proxy_ssl_verify_depth">
371 <syntax><value>number</value></syntax>
372 <default>1</default>
373 <context>stream</context>
374 <context>server</context>
375 <appeared-in>1.7.10</appeared-in>
376
377 <para>
378 Sets the verification depth in the proxied server certificates chain.
379 </para>
380
381 </directive>
382
383
114 <directive name="proxy_timeout"> 384 <directive name="proxy_timeout">
115 <syntax><value>timeout</value></syntax> 385 <syntax><value>timeout</value></syntax>
116 <default>10m</default> 386 <default>10m</default>
117 <context>stream</context> 387 <context>stream</context>
118 <context>server</context> 388 <context>server</context>