Mercurial > hg > nginx-site
diff xml/en/docs/stream/ngx_stream_ssl_preread_module.xml @ 1798:59d1f512c3a0
Documented the ngx_stream_ssl_preread_module module.
author | Yaroslav Zhuravlev <yar@nginx.com> |
---|---|
date | Wed, 21 Sep 2016 20:46:16 +0300 |
parents | |
children | 9f7e12cf974f |
line wrap: on
line diff
new file mode 100644 --- /dev/null +++ b/xml/en/docs/stream/ngx_stream_ssl_preread_module.xml @@ -0,0 +1,95 @@ +<?xml version="1.0"?> + +<!-- + Copyright (C) Nginx, Inc. + --> + +<!DOCTYPE module SYSTEM "../../../../dtd/module.dtd"> + +<module name="Module ngx_stream_ssl_preread_module" + link="/en/docs/stream/ngx_stream_ssl_preread_module.html" + lang="en" + rev="1"> + +<section id="summary"> + +<para> +The <literal>ngx_stream_ssl_preread_module</literal> module (1.11.5) allows +extracting information from the +<link url="https://tools.ietf.org/html/rfc5246#section-7.4.1.2">ClientHello</link> +message without terminating SSL/TLS, +for example, the sever name requested through +<link url="https://tools.ietf.org/html/rfc6066#section-3">SNI</link>. +This module is not built by default, it should be enabled with the +<literal>--with-stream_ssl_preread_module</literal> +configuration parameter. +</para> + +</section> + + +<section id="example" name="Example Configuration"> + +<para> +<example> +map $ssl_preread_server_name $name { + backend.example.com backend; + default backend2; +} + +upstream backend { + server 192.168.0.1:12345; + server 192.168.0.2:12345; +} + +upstream backend2 { + server 192.168.0.3:12345; + server 192.168.0.4:12345; +} + +server { + listen 12346; + proxy_pass $name; + ssl_preread on; +} +</example> + +</para> + +</section> + + +<section id="directives" name="Directives"> + +<directive name="ssl_preread"> +<syntax><literal>on</literal> | <literal>off</literal></syntax> +<default>off</default> +<context>stream</context> +<context>server</context> + +<para> +Enables extracting information from the ClientHello message at +the <link doc="stream_processing.xml" id="preread_phase">preread</link> phase. +</para> + +</directive> + +</section> + + +<section id="variables" name="Embedded Variables"> + +<para> +<list type="tag"> + +<tag-name id="var_ssl_preread_server_name"><var>$ssl_preread_server_name</var></tag-name> +<tag-desc> +returns the server name requested through SNI +</tag-desc> + +</list> +</para> + +</section> + +</module>