# HG changeset patch # User Ruslan Ermilov # Date 1544434500 -10800 # Node ID f4b9660316c529e906ef3252c25c3d64a763d196 # Parent 8da870c88c7532f8ce11362270e4d9af23d54439 Updated docs for the upcoming NGINX Plus release. diff --git a/xml/en/docs/http/ngx_http_auth_jwt_module.xml b/xml/en/docs/http/ngx_http_auth_jwt_module.xml --- a/xml/en/docs/http/ngx_http_auth_jwt_module.xml +++ b/xml/en/docs/http/ngx_http_auth_jwt_module.xml @@ -9,7 +9,7 @@ + rev="8">
@@ -38,7 +38,7 @@ via the algorithms: +algorithms: @@ -54,6 +54,10 @@ RS256, RS384, RS512 ES256, ES384, ES512 + +EdDSA (Ed25519 and Ed448 signatures) (1.15.7) + + Prior to version 1.13.7, @@ -190,6 +194,45 @@ Parameter value can contain variables. + +uri + +http +server +location +limit_except +1.15.6 + + +Allows retrieving a +JSON Web Key Set +file from a subrequest for validating JWT signature and +sets the URI where the subrequest will be sent to. +To avoid validation overhead, +it is recommended to cache the key file: + +proxy_cache_path /data/nginx/cache levels=1 keys_zone=foo:10m; + +server { + ... + + location / { + auth_jwt "closed site"; + auth_jwt_key_request /jwks_uri; + } + + location = /jwks_uri { + internal; + proxy_cache foo; + proxy_pass http://idp.example.com/keys; + } +} + + + + + + time 0s diff --git a/xml/en/docs/stream/ngx_stream_zone_sync_module.xml b/xml/en/docs/stream/ngx_stream_zone_sync_module.xml --- a/xml/en/docs/stream/ngx_stream_zone_sync_module.xml +++ b/xml/en/docs/stream/ngx_stream_zone_sync_module.xml @@ -9,7 +9,7 @@ + rev="4">
@@ -208,7 +208,7 @@ A domain name that resolves to several I multiple nodes at once. - + The resolve parameter instructs nginx to monitor changes of the IP addresses that correspond to a domain name of the node and automatically modify the configuration @@ -325,6 +325,29 @@ the certificate of another cluster serve + +name +host from zone_sync_server +stream +server +1.15.7 + + +Allows overriding the server name used to +verify +the certificate of a cluster server and to be +passed through SNI +when establishing a connection with the cluster server. + + + +By default, the host part of the address is used, +or resolved IP address if the parameter is specified. + + + + + file @@ -360,6 +383,23 @@ Enables the specified protocols for conn + +on | off +off +stream +server +1.15.7 + + +Enables or disables passing of the server name through +TLS +Server Name Indication extension (SNI, RFC 6066) +when establishing a connection with another cluster server. + + + + + file diff --git a/xml/ru/docs/http/ngx_http_auth_jwt_module.xml b/xml/ru/docs/http/ngx_http_auth_jwt_module.xml --- a/xml/ru/docs/http/ngx_http_auth_jwt_module.xml +++ b/xml/ru/docs/http/ngx_http_auth_jwt_module.xml @@ -9,7 +9,7 @@ + rev="8">
@@ -36,7 +36,7 @@ JWT claims должны быть зашифрованы в структуре Модуль поддерживает следующие криптографические -алгоритмы: +алгоритмы: @@ -52,6 +52,10 @@ RS256, RS384, RS512 ES256, ES384, ES512 + +EdDSA (подписи Ed25519 и Ed448) (1.15.7) + + До версии 1.13.7 @@ -188,6 +192,45 @@ location / { + +uri + +http +server +location +limit_except +1.15.6 + + +Позволяет получать файл в формате +JSON Web Key Set +из подзапроса для проверки подписи JWT и +задаёт URI, на который будет отправлен подзапрос. +Для предотвращения дополнительных затрат на проверку +файл рекомендутеся кэшировать. + +proxy_cache_path /data/nginx/cache levels=1 keys_zone=foo:10m; + +server { + ... + + location / { + auth_jwt "closed site"; + auth_jwt_key_request /jwks_uri; + } + + location = /jwks_uri { + internal; + proxy_cache foo; + proxy_pass http://idp.example.com/keys; + } +} + + + + + + время 0s