Mercurial > hg > nginx-site
changeset 2112:9f7e12cf974f
Documented the $ssl_preread_alpn_protocols variable.
| author | Vladimir Homutov <vl@nginx.com> |
|---|---|
| date | Fri, 16 Mar 2018 13:37:02 +0300 |
| parents | dab82d534f0f |
| children | 180269c4a220 |
| files | xml/en/docs/stream/ngx_stream_ssl_preread_module.xml xml/ru/docs/stream/ngx_stream_ssl_preread_module.xml |
| diffstat | 2 files changed, 71 insertions(+), 12 deletions(-) [+] |
line wrap: on
line diff
--- a/xml/en/docs/stream/ngx_stream_ssl_preread_module.xml +++ b/xml/en/docs/stream/ngx_stream_ssl_preread_module.xml @@ -9,7 +9,7 @@ <module name="Module ngx_stream_ssl_preread_module" link="/en/docs/stream/ngx_stream_ssl_preread_module.html" lang="en" - rev="1"> + rev="2"> <section id="summary"> @@ -19,7 +19,9 @@ extracting information from the <link url="https://tools.ietf.org/html/rfc5246#section-7.4.1.2">ClientHello</link> message without terminating SSL/TLS, for example, the sever name requested through -<link url="https://tools.ietf.org/html/rfc6066#section-3">SNI</link>. +<link url="https://tools.ietf.org/html/rfc6066#section-3">SNI</link> +or protocols advertised in +<link url="https://tools.ietf.org/html/rfc7301">ALPN</link>. This module is not built by default, it should be enabled with the <literal>--with-stream_ssl_preread_module</literal> configuration parameter. @@ -31,6 +33,9 @@ configuration parameter. <section id="example" name="Example Configuration"> <para> + +Selecting an upstream based on server name: + <example> map $ssl_preread_server_name $name { backend.example.com backend; @@ -48,9 +53,25 @@ upstream backend2 { } server { - listen 12346; - proxy_pass $name; - ssl_preread on; + listen 12346; + proxy_pass $name; + ssl_preread on; +} +</example> + +Selecting an upstream based on protocol: + +<example> +map $ssl_preread_alpn_protocols $proxy { + ~\bh2\b 127.0.0.1:8001; + ~\bhttp/1.1\b 127.0.0.1:8002; + ~\bxmpp-client\b 127.0.0.1:8003; +} + +server { + listen 9000; + proxy_pass $proxy; + ssl_preread on; } </example> @@ -84,7 +105,15 @@ the <link doc="stream_processing.xml" id <tag-name id="var_ssl_preread_server_name"><var>$ssl_preread_server_name</var></tag-name> <tag-desc> -returns the server name requested through SNI +server name requested through SNI +</tag-desc> + +<tag-name id="var_ssl_preread_alpn_protocols"><var>$ssl_preread_alpn_protocols</var></tag-name> +<tag-desc> +list of protocols advertised by the client through ALPN (1.13.10) +<para> +The values are separated by commas. +</para> </tag-desc> </list>
--- a/xml/ru/docs/stream/ngx_stream_ssl_preread_module.xml +++ b/xml/ru/docs/stream/ngx_stream_ssl_preread_module.xml @@ -9,7 +9,7 @@ <module name="Модуль ngx_stream_ssl_preread_module" link="/ru/docs/stream/ngx_stream_ssl_preread_module.html" lang="ru" - rev="1"> + rev="2"> <section id="summary"> @@ -19,7 +19,9 @@ <link url="https://tools.ietf.org/html/rfc5246#section-7.4.1.2">ClientHello</link> без терминирования SSL/TLS, например имя сервера, запрошенное через -<link url="https://tools.ietf.org/html/rfc6066#section-3">SNI</link>. +<link url="https://tools.ietf.org/html/rfc6066#section-3">SNI</link> +или протоколы указанные в +<link url="https://tools.ietf.org/html/rfc7301">ALPN</link>. По умолчанию этот модуль не собирается, его сборку необходимо разрешить с помощью конфигурационного параметра <literal>--with-stream_ssl_preread_module</literal>. @@ -31,6 +33,9 @@ <section id="example" name="Пример конфигурации"> <para> + +Выбор сервера по имени: + <example> map $ssl_preread_server_name $name { backend.example.com backend; @@ -48,11 +53,28 @@ upstream backend2 { } server { - listen 12346; - proxy_pass $name; - ssl_preread on; + listen 12346; + proxy_pass $name; + ssl_preread on; } </example> + +Выбор сервера по протоколу: + +<example> +map $ssl_preread_alpn_protocols $proxy { + ~\bh2\b 127.0.0.1:8001; + ~\bhttp/1.1\b 127.0.0.1:8002; + ~\bxmpp-client\b 127.0.0.1:8003; +} + +server { + listen 9000; + proxy_pass $proxy; + ssl_preread on; +} +</example> + </para> </section> @@ -83,7 +105,15 @@ server { <tag-name id="var_ssl_preread_server_name"><var>$ssl_preread_server_name</var></tag-name> <tag-desc> -возвращает имя сервера, запрошенное через SNI +имя сервера, запрошенное через SNI +</tag-desc> + +<tag-name id="var_ssl_preread_alpn_protocols"><var>$ssl_preread_alpn_protocols</var></tag-name> +<tag-desc> +список протоколов, переданный клиентом через ALPN (1.3.10) +<para> +Значения разделены запятыми. +</para> </tag-desc> </list>