# HG changeset patch # User Yaroslav Zhuravlev # Date 1702990681 0 # Node ID 27008cb3fb27b0204df9336bc11afc8de1eff835 # Parent 55f8ce8a8cb0acf9b360e47fd5d0023f16451a80 Updated docs for the upcoming NGINX Plus release. diff --git a/xml/en/GNUmakefile b/xml/en/GNUmakefile --- a/xml/en/GNUmakefile +++ b/xml/en/GNUmakefile @@ -130,6 +130,7 @@ REFS = \ stream/ngx_stream_zone_sync_module \ stream/stream_processing \ ngx_google_perftools_module \ + ngx_mgmt_module \ ngx_otel_module \ dev/development_guide \ njs/index \ diff --git a/xml/en/docs/http/ngx_http_upstream_module.xml b/xml/en/docs/http/ngx_http_upstream_module.xml --- a/xml/en/docs/http/ngx_http_upstream_module.xml +++ b/xml/en/docs/http/ngx_http_upstream_module.xml @@ -1349,6 +1349,25 @@ as for the variables that start with the Only the header fields from the response of the last server are saved. +$upstream_last_server_name + +keeps the name of last selected upstream server (1.25.3); +allows passing it +through SNI: + +proxy_ssl_server_name on; +proxy_ssl_name $upstream_last_server_name; + + + + +This variable is available as part of our +commercial subscription. + + + + + $upstream_queue_time keeps time the request spent in the upstream queue diff --git a/xml/en/docs/index.xml b/xml/en/docs/index.xml --- a/xml/en/docs/index.xml +++ b/xml/en/docs/index.xml @@ -677,6 +677,11 @@ ngx_google_perftools_module + +ngx_mgmt_module + + + ngx_otel_module diff --git a/xml/en/docs/ngx_mgmt_module.xml b/xml/en/docs/ngx_mgmt_module.xml new file mode 100644 --- /dev/null +++ b/xml/en/docs/ngx_mgmt_module.xml @@ -0,0 +1,407 @@ + + + + + + + + +
+ + +The ngx_mgmt_module module enables reporting of +current nginx installation to +NGINX +Management Suite Instance Manager (1.25.3). +By default, nginx sends usage info +to the Instance Manager located at nginx-mgmt.local +every 30 minutes using the SSL connection. +The system resolver is used unless +a custom resolver is configured +and is invoked only once when the +configuration is loaded. + + + + +This module is available as part of our +commercial subscription. + + + +
+ + +
+ + + +mgmt { + usage_report endpoint=nginx-mgmt.local interval=30m; + resolver DNS_IP; + + uuid_file /var/lib/nginx/nginx.id; + + ssl_protocols TLSv1.2 TLSv1.3; + ssl_ciphers DEFAULT; + + ssl_certificate client_cert.pem; + ssl_certificate_key client_cert.key; + + # configure server certificate verification + # to validate the authenticity of NMS + ssl_trusted_certificate trusted_ca_cert.crt; + ssl_verify on; + ssl_verify_depth 2; +} + + + +
+ + +
+ + +time +15s +mgmt + + +Defines a timeout for establishing a connection with the Instance Manager. + + + + + + + + +main + + +Provides the configuration file context +in which the management server directives are specified. + + + + + + +time +60s +mgmt + + +Defines a timeout for reading a response from the Instance Manager. +The timeout is set only between two successive read operations, +not for the transmission of the whole response. +If the Instance Manager does not transmit anything within this time, +the connection is closed. + + + + + + + + address ... + [valid=time] + [ipv4=on|off] + [ipv6=on|off] + [status_zone=zone] + +mgmt + + +Configures name servers used to resolve names of the Instance Manager +into addresses, for example: + +resolver 127.0.0.1 [::1]:5353; + +The address can be specified as a domain name or IP address, +with an optional port. +If port is not specified, the port 53 is used. +Name servers are queried in a round-robin fashion. + + + +By default, nginx will look up both IPv4 and IPv6 addresses while resolving. +If looking up of IPv4 or IPv6 addresses is not desired, +the ipv4=off or +the ipv6=off parameter can be specified. + + + +By default, nginx caches answers using the TTL value of a response. +An optional valid parameter allows overriding it: + +resolver 127.0.0.1 [::1]:5353 valid=30s; + + +To prevent DNS spoofing, it is recommended +configuring DNS servers in a properly secured trusted local network. + + + + +The optional status_zone parameter +enables +collection +of DNS server statistics of requests and responses +in the specified zone. + + + + + + +time +30s +mgmt + + +Sets a timeout for name resolution. + + + + + + +time +60s +mgmt + + +Sets a timeout for transmitting a request to the Instance Manager. +The timeout is set only between two successive write operations, +not for the transmission of the whole request. +If the Instance Manager does not receive anything within this time, +the connection is closed. + + + + + + +on | off +on +mgmt + + +Enables the HTTPS protocol for all +connections to the Instance Manager. + + + + + + +file + +mgmt + + +Specifies a file with the certificate in the PEM format +used for authentication to the Instance Manager. + + + + + + +file + +mgmt + + +Specifies a file with the secret key in the PEM format +used for authentication to the Instance Manager. + + + + + + +ciphers +DEFAULT +mgmt + + +Specifies the enabled ciphers for requests to the Instance Manager. +The ciphers are specified in the format understood by the OpenSSL library. + + + +The full list can be viewed using the +“openssl ciphers” command. + + + + + + +file + +mgmt + + +Specifies a file with revoked certificates (CRL) +in the PEM format used to verify +the certificate of the Instance Manager. + + + + + + +name +ssl_name host +mgmt + + +Allows overriding the server name used to +verify +the certificate of the Instance Manager and to be +passed through SNI +when establishing a connection with the Instance Manager. + + + + + + +file + +mgmt + + +Specifies a file with passphrases for +secret keys +where each passphrase is specified on a separate line. +Passphrases are tried in turn when loading the key. + + + + + + + + [SSLv2] + [SSLv3] + [TLSv1] + [TLSv1.1] + [TLSv1.2] + [TLSv1.3] +TLSv1 TLSv1.1 TLSv1.2 TLSv1.3 +mgmt + + +Enables the specified protocols for requests to the Instance Manager. + + + + + + +on | off +off +mgmt + + +Enables or disables passing of the server name through +TLS +Server Name Indication extension (SNI, RFC 6066) +when establishing a connection with the Instance Manager. + + + + + + +file + +mgmt + + +Specifies a file with trusted CA certificates in the PEM format +used to verify +the certificate of the Instance Manager. + + + + + + +on | off +off +mgmt + + +Enables or disables verification of the Instance Manager certificate. + + + + + + +number +1 +mgmt + + +Sets the verification depth in the Instance Manager certificates chain. + + + + + + + [endpoint=address] + [interval=time] + +mgmt + + +Sets the address and port for IP, +or the path for a UNIX-domain socket on which +the Instance Manager is installed, +by default nginx-mgmt.local. +The interval sets an interval between reports +to the Instance Manager, by default 30m. + + + + + + +file +logs/uuid +mgmt + + +Specifies a file that keeps the ID of nginx instance. + + + +Examples: + +state /var/lib/nginx/nginx.id; # path for Linux +state /var/db/nginx/nginx.id; # path for FreeBSD + + + + +Changing the file content directly should be avoided. + + + + +
+ + diff --git a/xml/ru/docs/http/ngx_http_upstream_module.xml b/xml/ru/docs/http/ngx_http_upstream_module.xml --- a/xml/ru/docs/http/ngx_http_upstream_module.xml +++ b/xml/ru/docs/http/ngx_http_upstream_module.xml @@ -1360,6 +1360,25 @@ upstream backend { последнего сервера. +$upstream_last_server_name + +хранит имя последнего выбранного сервера группы (1.25.3); +позволяет передать его +через SNI: + +proxy_ssl_server_name on; +proxy_ssl_name $upstream_last_server_name; + + + + +Эта переменная доступна как часть +коммерческой подписки. + + + + + $upstream_queue_time хранит время, проведённое запросом в очереди diff --git a/xml/ru/docs/index.xml b/xml/ru/docs/index.xml --- a/xml/ru/docs/index.xml +++ b/xml/ru/docs/index.xml @@ -683,6 +683,11 @@ ngx_google_perftools_module + +ngx_mgmt_module [en] + + + ngx_otel_module [en]