nghttpx: Longer help message
This commit is contained in:
parent
29d6cfae80
commit
0d614cf103
539
src/shrpx.cc
539
src/shrpx.cc
|
@ -767,48 +767,48 @@ namespace {
|
||||||
void print_help(std::ostream &out) {
|
void print_help(std::ostream &out) {
|
||||||
print_usage(out);
|
print_usage(out);
|
||||||
out << R"(
|
out << R"(
|
||||||
<PRIVATE_KEY> Set path to server's private key. Required
|
<PRIVATE_KEY>
|
||||||
unless -p, --client or --frontend-no-tls are
|
Set path to server's private key. Required unless -p,
|
||||||
given.
|
--client or --frontend-no-tls are given.
|
||||||
<CERT> Set path to server's certificate. Required
|
<CERT> Set path to server's certificate. Required unless -p,
|
||||||
unless -p, --client or --frontend-no-tls are
|
--client or --frontend-no-tls are given.
|
||||||
given.
|
|
||||||
Options:
|
Options:
|
||||||
The options are categorized into several groups.
|
The options are categorized into several groups.
|
||||||
|
|
||||||
Connections:
|
Connections:
|
||||||
-b, --backend=<HOST,PORT>
|
-b, --backend=<HOST,PORT>
|
||||||
Set backend host and port. For HTTP/1 backend,
|
Set backend host and port. For HTTP/1 backend, multiple
|
||||||
multiple backend addresses are accepted by
|
backend addresses are accepted by repeating this option.
|
||||||
repeating this option. HTTP/2 backend does not
|
HTTP/2 backend does not support multiple backend
|
||||||
support multiple backend addresses and the first
|
addresses and the first occurrence of this option is
|
||||||
occurrence of this option is used.
|
used.
|
||||||
Default: )" << DEFAULT_DOWNSTREAM_HOST << ","
|
Default: )" << DEFAULT_DOWNSTREAM_HOST << ","
|
||||||
<< DEFAULT_DOWNSTREAM_PORT << R"(
|
<< DEFAULT_DOWNSTREAM_PORT << R"(
|
||||||
-f, --frontend=<HOST,PORT>
|
-f, --frontend=<HOST,PORT>
|
||||||
Set frontend host and port. If <HOST> is '*', it
|
Set frontend host and port. If <HOST> is '*', it
|
||||||
assumes all addresses including both IPv4 and
|
assumes all addresses including both IPv4 and IPv6.
|
||||||
IPv6.
|
|
||||||
Default: )" << get_config()->host.get() << ","
|
Default: )" << get_config()->host.get() << ","
|
||||||
<< get_config()->port << R"(
|
<< get_config()->port << R"(
|
||||||
--backlog=<N> Set listen backlog size.
|
--backlog=<N>
|
||||||
|
Set listen backlog size.
|
||||||
Default: )" << get_config()->backlog << R"(
|
Default: )" << get_config()->backlog << R"(
|
||||||
--backend-ipv4 Resolve backend hostname to IPv4 address only.
|
--backend-ipv4
|
||||||
--backend-ipv6 Resolve backend hostname to IPv6 address only.
|
Resolve backend hostname to IPv4 address only.
|
||||||
|
--backend-ipv6
|
||||||
|
Resolve backend hostname to IPv6 address only.
|
||||||
--backend-http-proxy-uri=<URI>
|
--backend-http-proxy-uri=<URI>
|
||||||
Specify proxy URI in the form
|
Specify proxy URI in the form
|
||||||
http://[<USER>:<PASS>@]<PROXY>:<PORT>. If a
|
http://[<USER>:<PASS>@]<PROXY>:<PORT>. If a proxy
|
||||||
proxy requires authentication, specify <USER> and
|
requires authentication, specify <USER> and <PASS>.
|
||||||
<PASS>. Note that they must be properly
|
Note that they must be properly percent-encoded. This
|
||||||
percent-encoded. This proxy is used when the
|
proxy is used when the backend connection is HTTP/2.
|
||||||
backend connection is HTTP/2. First, make a
|
First, make a CONNECT request to the proxy and it
|
||||||
CONNECT request to the proxy and it connects to
|
connects to the backend on behalf of nghttpx. This
|
||||||
the backend on behalf of nghttpx. This forms
|
forms tunnel. After that, nghttpx performs SSL/TLS
|
||||||
tunnel. After that, nghttpx performs SSL/TLS
|
handshake with the downstream through the tunnel. The
|
||||||
handshake with the downstream through the tunnel.
|
timeouts when connecting and making CONNECT request can
|
||||||
The timeouts when connecting and making CONNECT
|
be specified by --backend-read-timeout and
|
||||||
request can be specified by
|
|
||||||
--backend-read-timeout and
|
|
||||||
--backend-write-timeout options.
|
--backend-write-timeout options.
|
||||||
|
|
||||||
Performance:
|
Performance:
|
||||||
|
@ -816,374 +816,353 @@ Performance:
|
||||||
Set the number of worker threads.
|
Set the number of worker threads.
|
||||||
Default: )" << get_config()->num_worker << R"(
|
Default: )" << get_config()->num_worker << R"(
|
||||||
--read-rate=<SIZE>
|
--read-rate=<SIZE>
|
||||||
Set maximum average read rate on frontend
|
Set maximum average read rate on frontend connection.
|
||||||
connection. Setting 0 to this option means read
|
Setting 0 to this option means read rate is unlimited.
|
||||||
rate is unlimited.
|
|
||||||
Default: )" << get_config()->read_rate << R"(
|
Default: )" << get_config()->read_rate << R"(
|
||||||
--read-burst=<SIZE>
|
--read-burst=<SIZE>
|
||||||
Set maximum read burst size on frontend
|
Set maximum read burst size on frontend connection.
|
||||||
connection. Setting 0 to this option means read
|
Setting 0 to this option means read burst size is
|
||||||
burst size is unlimited.
|
unlimited.
|
||||||
Default: )" << get_config()->read_burst << R"(
|
Default: )" << get_config()->read_burst << R"(
|
||||||
--write-rate=<SIZE>
|
--write-rate=<SIZE>
|
||||||
Set maximum average write rate on frontend
|
Set maximum average write rate on frontend connection.
|
||||||
connection. Setting 0 to this option means write
|
Setting 0 to this option means write rate is unlimited.
|
||||||
rate is unlimited.
|
|
||||||
Default: )" << get_config()->write_rate << R"(
|
Default: )" << get_config()->write_rate << R"(
|
||||||
--write-burst=<SIZE>
|
--write-burst=<SIZE>
|
||||||
Set maximum write burst size on frontend
|
Set maximum write burst size on frontend connection.
|
||||||
connection. Setting 0 to this option means write
|
Setting 0 to this option means write burst size is
|
||||||
burst size is unlimited.
|
unlimited.
|
||||||
Default: )" << get_config()->write_burst << R"(
|
Default: )" << get_config()->write_burst << R"(
|
||||||
--worker-read-rate=<SIZE>
|
--worker-read-rate=<SIZE>
|
||||||
Set maximum average read rate on frontend
|
Set maximum average read rate on frontend connection per
|
||||||
connection per worker. Setting 0 to this option
|
worker. Setting 0 to this option means read rate is
|
||||||
means read rate is unlimited. Not implemented
|
unlimited. Not implemented yet.
|
||||||
yet.
|
|
||||||
Default: )" << get_config()->worker_read_rate << R"(
|
Default: )" << get_config()->worker_read_rate << R"(
|
||||||
--worker-read-burst=<SIZE>
|
--worker-read-burst=<SIZE>
|
||||||
Set maximum read burst size on frontend
|
Set maximum read burst size on frontend connection per
|
||||||
connection per worker. Setting 0 to this option
|
worker. Setting 0 to this option means read burst size
|
||||||
means read burst size is unlimited. Not
|
is unlimited. Not implemented yet.
|
||||||
implemented yet.
|
|
||||||
Default: )" << get_config()->worker_read_burst << R"(
|
Default: )" << get_config()->worker_read_burst << R"(
|
||||||
--worker-write-rate=<SIZE>
|
--worker-write-rate=<SIZE>
|
||||||
Set maximum average write rate on frontend
|
Set maximum average write rate on frontend connection
|
||||||
connection per worker. Setting 0 to this option
|
per worker. Setting 0 to this option means write rate
|
||||||
means write rate is unlimited. Not implemented
|
is unlimited. Not implemented yet.
|
||||||
yet.
|
|
||||||
Default: )" << get_config()->worker_write_rate << R"(
|
Default: )" << get_config()->worker_write_rate << R"(
|
||||||
--worker-write-burst=<SIZE>
|
--worker-write-burst=<SIZE>
|
||||||
Set maximum write burst size on frontend
|
Set maximum write burst size on frontend connection per
|
||||||
connection per worker. Setting 0 to this option
|
worker. Setting 0 to this option means write burst size
|
||||||
means write burst size is unlimited. Not
|
is unlimited. Not implemented yet.
|
||||||
implemented yet.
|
|
||||||
Default: )" << get_config()->worker_write_burst << R"(
|
Default: )" << get_config()->worker_write_burst << R"(
|
||||||
--worker-frontend-connections=<N>
|
--worker-frontend-connections=<N>
|
||||||
Set maximum number of simultaneous connections
|
Set maximum number of simultaneous connections frontend
|
||||||
frontend accepts. Setting 0 means unlimited.
|
accepts. Setting 0 means unlimited.
|
||||||
Default: )" << get_config()->worker_frontend_connections
|
Default: )" << get_config()->worker_frontend_connections << R"(
|
||||||
<< R"(
|
|
||||||
--backend-http1-connections-per-host=<N>
|
--backend-http1-connections-per-host=<N>
|
||||||
Set maximum number of backend concurrent HTTP/1
|
Set maximum number of backend concurrent HTTP/1
|
||||||
connections per host. This option is meaningful
|
connections per host. This option is meaningful when -s
|
||||||
when -s option is used. To limit the number of
|
option is used. To limit the number of connections per
|
||||||
connections per frontend for default mode, use
|
frontend for default mode, use
|
||||||
--backend-http1-connections-per-frontend.
|
--backend-http1-connections-per-frontend.
|
||||||
Default: )"
|
Default: )" << get_config()->downstream_connections_per_host
|
||||||
<< get_config()->downstream_connections_per_host << R"(
|
<< R"(
|
||||||
--backend-http1-connections-per-frontend=<N>
|
--backend-http1-connections-per-frontend=<N>
|
||||||
Set maximum number of backend concurrent HTTP/1
|
Set maximum number of backend concurrent HTTP/1
|
||||||
connections per frontend. This option is only
|
connections per frontend. This option is only used for
|
||||||
used for default mode. 0 means unlimited. To
|
default mode. 0 means unlimited. To limit the number
|
||||||
limit the number of connections per host for
|
of connections per host for HTTP/2 or SPDY proxy mode
|
||||||
HTTP/2 or SPDY proxy mode (-s option), use
|
(-s option), use --backend-http1-connections-per-host.
|
||||||
--backend-http1-connections-per-host.
|
Default: )" << get_config()->downstream_connections_per_frontend
|
||||||
Default: )"
|
<< R"(
|
||||||
<< get_config()->downstream_connections_per_frontend << R"(
|
|
||||||
--rlimit-nofile=<N>
|
--rlimit-nofile=<N>
|
||||||
Set maximum number of open files (RLIMIT_NOFILE)
|
Set maximum number of open files (RLIMIT_NOFILE) to <N>.
|
||||||
to <N>. If 0 is given, nghttpx does not set the
|
If 0 is given, nghttpx does not set the limit.
|
||||||
limit.
|
|
||||||
Default: )" << get_config()->rlimit_nofile << R"(
|
Default: )" << get_config()->rlimit_nofile << R"(
|
||||||
|
|
||||||
Timeout:
|
Timeout:
|
||||||
--frontend-http2-read-timeout=<SEC>
|
--frontend-http2-read-timeout=<SEC>
|
||||||
Specify read timeout for HTTP/2 and SPDY frontend
|
Specify read timeout for HTTP/2 and SPDY frontend
|
||||||
connection.
|
connection.
|
||||||
Default: )" << get_config()->http2_upstream_read_timeout
|
Default: )" << get_config()->http2_upstream_read_timeout << R"(
|
||||||
<< R"(
|
|
||||||
--frontend-read-timeout=<SEC>
|
--frontend-read-timeout=<SEC>
|
||||||
Specify read timeout for HTTP/1.1 frontend
|
Specify read timeout for HTTP/1.1 frontend connection.
|
||||||
connection.
|
|
||||||
Default: )" << get_config()->upstream_read_timeout << R"(
|
Default: )" << get_config()->upstream_read_timeout << R"(
|
||||||
--frontend-write-timeout=<SEC>
|
--frontend-write-timeout=<SEC>
|
||||||
Specify write timeout for all frontend
|
Specify write timeout for all frontend connections.
|
||||||
connections.
|
|
||||||
Default: )" << get_config()->upstream_write_timeout << R"(
|
Default: )" << get_config()->upstream_write_timeout << R"(
|
||||||
--stream-read-timeout=<SEC>
|
--stream-read-timeout=<SEC>
|
||||||
Specify read timeout for HTTP/2 and SPDY streams.
|
Specify read timeout for HTTP/2 and SPDY streams. 0
|
||||||
0 means no timeout.
|
means no timeout.
|
||||||
Default: )" << get_config()->stream_read_timeout << R"(
|
Default: )" << get_config()->stream_read_timeout << R"(
|
||||||
--stream-write-timeout=<SEC>
|
--stream-write-timeout=<SEC>
|
||||||
Specify write timeout for HTTP/2 and SPDY
|
Specify write timeout for HTTP/2 and SPDY streams. 0
|
||||||
streams. 0 means no timeout.
|
means no timeout.
|
||||||
Default: )" << get_config()->stream_write_timeout << R"(
|
Default: )" << get_config()->stream_write_timeout << R"(
|
||||||
--backend-read-timeout=<SEC>
|
--backend-read-timeout=<SEC>
|
||||||
Specify read timeout for backend connection.
|
Specify read timeout for backend connection.
|
||||||
Default: )" << get_config()->downstream_read_timeout << R"(
|
Default: )" << get_config()->downstream_read_timeout << R"(
|
||||||
--backend-write-timeout=<SEC>
|
--backend-write-timeout=<SEC>
|
||||||
Specify write timeout for backend connection.
|
Specify write timeout for backend connection.
|
||||||
Default: )" << get_config()->downstream_write_timeout
|
Default: )" << get_config()->downstream_write_timeout << R"(
|
||||||
<< R"(
|
|
||||||
--backend-keep-alive-timeout=<SEC>
|
--backend-keep-alive-timeout=<SEC>
|
||||||
Specify keep-alive timeout for backend
|
Specify keep-alive timeout for backend connection.
|
||||||
connection.
|
Default: )" << get_config()->downstream_idle_read_timeout << R"(
|
||||||
Default: )" << get_config()->downstream_idle_read_timeout
|
|
||||||
<< R"(
|
|
||||||
--listener-disable-timeout=<SEC>
|
--listener-disable-timeout=<SEC>
|
||||||
After accepting connection failed, connection
|
After accepting connection failed, connection listener
|
||||||
listener is disabled for a given time in seconds.
|
is disabled for a given time in seconds. Specifying 0
|
||||||
Specifying 0 disables this feature.
|
disables this feature.
|
||||||
Default: )" << get_config()->listener_disable_timeout
|
Default: )" << get_config()->listener_disable_timeout << R"(
|
||||||
<< R"(
|
|
||||||
|
|
||||||
SSL/TLS:
|
SSL/TLS:
|
||||||
--ciphers=<SUITE> Set allowed cipher list. The format of the
|
--ciphers=<SUITE>
|
||||||
string is described in OpenSSL ciphers(1).
|
Set allowed cipher list. The format of the string is
|
||||||
|
described in OpenSSL ciphers(1).
|
||||||
-k, --insecure
|
-k, --insecure
|
||||||
Don't verify backend server's certificate if -p,
|
Don't verify backend server's certificate if -p,
|
||||||
--client or --http2-bridge are given and
|
--client or --http2-bridge are given and
|
||||||
--backend-no-tls is not given.
|
--backend-no-tls is not given.
|
||||||
--cacert=<PATH> Set path to trusted CA certificate file if -p,
|
--cacert=<PATH>
|
||||||
--client or --http2-bridge are given and
|
Set path to trusted CA certificate file if -p, --client
|
||||||
--backend-no-tls is not given. The file must be
|
or --http2-bridge are given and --backend-no-tls is not
|
||||||
in PEM format. It can contain multiple
|
given. The file must be in PEM format. It can contain
|
||||||
certificates. If the linked OpenSSL is
|
multiple certificates. If the linked OpenSSL is
|
||||||
configured to load system wide certificates, they
|
configured to load system wide certificates, they are
|
||||||
are loaded at startup regardless of this option.
|
loaded at startup regardless of this option.
|
||||||
--private-key-passwd-file=<PATH>
|
--private-key-passwd-file=<PATH>
|
||||||
Path to file that contains password for the
|
Path to file that contains password for the server's
|
||||||
server's private key. If none is given and the
|
private key. If none is given and the private key is
|
||||||
private key is password protected it'll be
|
password protected it'll be requested interactively.
|
||||||
requested interactively.
|
|
||||||
--subcert=<KEYPATH>:<CERTPATH>
|
--subcert=<KEYPATH>:<CERTPATH>
|
||||||
Specify additional certificate and private key
|
Specify additional certificate and private key file.
|
||||||
file. nghttpx will choose certificates based on
|
nghttpx will choose certificates based on the hostname
|
||||||
the hostname indicated by client using TLS SNI
|
indicated by client using TLS SNI extension. This
|
||||||
extension. This option can be used multiple
|
option can be used multiple times.
|
||||||
times.
|
|
||||||
--backend-tls-sni-field=<HOST>
|
--backend-tls-sni-field=<HOST>
|
||||||
Explicitly set the content of the TLS SNI
|
Explicitly set the content of the TLS SNI extension.
|
||||||
extension. This will default to the backend HOST
|
This will default to the backend HOST name.
|
||||||
name.
|
|
||||||
--dh-param-file=<PATH>
|
--dh-param-file=<PATH>
|
||||||
Path to file that contains DH parameters in PEM
|
Path to file that contains DH parameters in PEM format.
|
||||||
format. Without this option, DHE cipher suites
|
Without this option, DHE cipher suites are not
|
||||||
are not available.
|
available.
|
||||||
--npn-list=<LIST> Comma delimited list of ALPN protocol identifier
|
--npn-list=<LIST>
|
||||||
sorted in the order of preference. That means
|
Comma delimited list of ALPN protocol identifier sorted
|
||||||
most desirable protocol comes first. This is
|
in the order of preference. That means most desirable
|
||||||
used in both ALPN and NPN. The parameter must be
|
protocol comes first. This is used in both ALPN and
|
||||||
delimited by a single comma only and any white
|
NPN. The parameter must be delimited by a single comma
|
||||||
spaces are treated as a part of protocol string.
|
only and any white spaces are treated as a part of
|
||||||
|
protocol string.
|
||||||
Default: )" << DEFAULT_NPN_LIST << R"(
|
Default: )" << DEFAULT_NPN_LIST << R"(
|
||||||
--verify-client Require and verify client certificate.
|
--verify-client
|
||||||
|
Require and verify client certificate.
|
||||||
--verify-client-cacert=<PATH>
|
--verify-client-cacert=<PATH>
|
||||||
Path to file that contains CA certificates to
|
Path to file that contains CA certificates to verify
|
||||||
verify client certificate. The file must be in
|
client certificate. The file must be in PEM format. It
|
||||||
PEM format. It can contain multiple
|
can contain multiple certificates.
|
||||||
certificates.
|
|
||||||
--client-private-key-file=<PATH>
|
--client-private-key-file=<PATH>
|
||||||
Path to file that contains client private key
|
Path to file that contains client private key used in
|
||||||
used in backend client authentication.
|
backend client authentication.
|
||||||
--client-cert-file=<PATH>
|
--client-cert-file=<PATH>
|
||||||
Path to file that contains client certificate
|
Path to file that contains client certificate used in
|
||||||
used in backend client authentication.
|
backend client authentication.
|
||||||
--tls-proto-list=<LIST>
|
--tls-proto-list=<LIST>
|
||||||
Comma delimited list of SSL/TLS protocol to be
|
Comma delimited list of SSL/TLS protocol to be enabled.
|
||||||
enabled. The following protocols are available:
|
The following protocols are available: TLSv1.2, TLSv1.1
|
||||||
TLSv1.2, TLSv1.1 and TLSv1.0. The name matching
|
and TLSv1.0. The name matching is done in
|
||||||
is done in case-insensitive manner. The
|
case-insensitive manner. The parameter must be
|
||||||
parameter must be delimited by a single comma
|
delimited by a single comma only and any white spaces
|
||||||
only and any white spaces are treated as a part
|
are treated as a part of protocol string.
|
||||||
of protocol string.
|
|
||||||
Default: )" << DEFAULT_TLS_PROTO_LIST << R"(
|
Default: )" << DEFAULT_TLS_PROTO_LIST << R"(
|
||||||
--tls-ticket-key-file=<PATH>
|
--tls-ticket-key-file=<PATH>
|
||||||
Path to file that contains 48 bytes random data
|
Path to file that contains 48 bytes random data to
|
||||||
to construct TLS session ticket parameters. This
|
construct TLS session ticket parameters. This options
|
||||||
options can be used repeatedly to specify
|
can be used repeatedly to specify multiple ticket
|
||||||
multiple ticket parameters. If several files are
|
parameters. If several files are given, only the first
|
||||||
given, only the first key is used to encrypt TLS
|
key is used to encrypt TLS session tickets. Other keys
|
||||||
session tickets. Other keys are accepted but
|
are accepted but server will issue new session ticket
|
||||||
server will issue new session ticket with first
|
with first key. This allows session key rotation.
|
||||||
key. This allows session key rotation. Please
|
Please note that key rotation does not occur
|
||||||
note that key rotation does not occur
|
automatically. User should rearrange files or change
|
||||||
automatically. User should rearrange files or
|
options values and restart nghttpx gracefully. If
|
||||||
change options values and restart nghttpx
|
opening or reading given file fails, all loaded keys are
|
||||||
gracefully. If opening or reading given file
|
discarded and it is treated as if none of this option is
|
||||||
fails, all loaded keys are discarded and it is
|
given. If this option is not given or an error occurred
|
||||||
treated as if none of this option is given. If
|
|
||||||
this option is not given or an error occurred
|
|
||||||
while opening or reading a file, key is generated
|
while opening or reading a file, key is generated
|
||||||
automatically and renewed every 12hrs. At most 2
|
automatically and renewed every 12hrs. At most 2 keys
|
||||||
keys are stored in memory.
|
are stored in memory.
|
||||||
--tls-ctx-per-worker
|
--tls-ctx-per-worker
|
||||||
Create OpenSSL's SSL_CTX per worker, so that no
|
Create OpenSSL's SSL_CTX per worker, so that no internal
|
||||||
internal locking is required. This may improve
|
locking is required. This may improve scalability with
|
||||||
scalability with multi threaded configuration.
|
multi threaded configuration. If this option is
|
||||||
If this option is enabled, session ID is no
|
enabled, session ID is no longer shared accross SSL_CTX
|
||||||
longer shared accross SSL_CTX objects, which
|
objects, which means session ID generated by one worker
|
||||||
means session ID generated by one worker is not
|
is not acceptable by another worker. On the other hand,
|
||||||
acceptable by another worker. On the other hand,
|
session ticket key is shared across all worker threads.
|
||||||
session ticket key is shared across all worker
|
|
||||||
threads.
|
|
||||||
|
|
||||||
HTTP/2 and SPDY:
|
HTTP/2 and SPDY:
|
||||||
-c, --http2-max-concurrent-streams=<N>
|
-c, --http2-max-concurrent-streams=<N>
|
||||||
Set the maximum number of the concurrent streams
|
Set the maximum number of the concurrent streams in one
|
||||||
in one HTTP/2 and SPDY session.
|
HTTP/2 and SPDY session.
|
||||||
Default: )" << get_config()->http2_max_concurrent_streams
|
Default: )" << get_config()->http2_max_concurrent_streams << R"(
|
||||||
<< R"(
|
|
||||||
--frontend-http2-window-bits=<N>
|
--frontend-http2-window-bits=<N>
|
||||||
Sets the per-stream initial window size of HTTP/2
|
Sets the per-stream initial window size of HTTP/2 SPDY
|
||||||
SPDY frontend connection. For HTTP/2, the size
|
frontend connection. For HTTP/2, the size is 2**<N>-1.
|
||||||
is 2**<N>-1. For SPDY, the size is 2**<N>.
|
For SPDY, the size is 2**<N>.
|
||||||
Default: )" << get_config()->http2_upstream_window_bits
|
Default: )" << get_config()->http2_upstream_window_bits << R"(
|
||||||
<< R"(
|
|
||||||
--frontend-http2-connection-window-bits=<N>
|
--frontend-http2-connection-window-bits=<N>
|
||||||
Sets the per-connection window size of HTTP/2 and
|
Sets the per-connection window size of HTTP/2 and SPDY
|
||||||
SPDY frontend connection. For HTTP/2, the size
|
frontend connection. For HTTP/2, the size is
|
||||||
is 2**<N>-1. For SPDY, the size is 2**<N>.
|
2**<N>-1. For SPDY, the size is 2**<N>.
|
||||||
Default: )"
|
Default: )" << get_config()->http2_upstream_connection_window_bits
|
||||||
<< get_config()->http2_upstream_connection_window_bits << R"(
|
<< R"(
|
||||||
--frontend-no-tls Disable SSL/TLS on frontend connections.
|
--frontend-no-tls
|
||||||
|
Disable SSL/TLS on frontend connections.
|
||||||
--backend-http2-window-bits=<N>
|
--backend-http2-window-bits=<N>
|
||||||
Sets the initial window size of HTTP/2 backend
|
Sets the initial window size of HTTP/2 backend
|
||||||
connection to 2**<N>-1.
|
connection to 2**<N>-1.
|
||||||
Default: )" << get_config()->http2_downstream_window_bits
|
Default: )" << get_config()->http2_downstream_window_bits << R"(
|
||||||
<< R"(
|
|
||||||
--backend-http2-connection-window-bits=<N>
|
--backend-http2-connection-window-bits=<N>
|
||||||
Sets the per-connection window size of HTTP/2
|
Sets the per-connection window size of HTTP/2 backend
|
||||||
backend connection to 2**<N>-1.
|
connection to 2**<N>-1.
|
||||||
Default: )"
|
Default: )"
|
||||||
<< get_config()->http2_downstream_connection_window_bits << R"(
|
<< get_config()->http2_downstream_connection_window_bits << R"(
|
||||||
--backend-no-tls Disable SSL/TLS on backend connections.
|
--backend-no-tls
|
||||||
|
Disable SSL/TLS on backend connections.
|
||||||
--http2-no-cookie-crumbling
|
--http2-no-cookie-crumbling
|
||||||
Don't crumble cookie header field.
|
Don't crumble cookie header field.
|
||||||
--padding=<N> Add at most <N> bytes to a HTTP/2 frame payload
|
--padding=<N>
|
||||||
as padding. Specify 0 to disable padding. This
|
Add at most <N> bytes to a HTTP/2 frame payload as
|
||||||
option is meant for debugging purpose and not
|
padding. Specify 0 to disable padding. This option is
|
||||||
intended to enhance protocol security.
|
meant for debugging purpose and not intended to enhance
|
||||||
|
protocol security.
|
||||||
|
|
||||||
Mode:
|
Mode:
|
||||||
(default mode) Accept HTTP/2, SPDY and HTTP/1.1 over SSL/TLS.
|
(default mode)
|
||||||
If --frontend-no-tls is used, accept HTTP/2 and
|
Accept HTTP/2, SPDY and HTTP/1.1 over SSL/TLS. If
|
||||||
HTTP/1.1. The incoming HTTP/1.1 connection can
|
--frontend-no-tls is used, accept HTTP/2 and HTTP/1.1.
|
||||||
be upgraded to HTTP/2 through HTTP Upgrade. The
|
The incoming HTTP/1.1 connection can be upgraded to
|
||||||
protocol to the backend is HTTP/1.1.
|
HTTP/2 through HTTP Upgrade. The protocol to the
|
||||||
-s, --http2-proxy Like default mode, but enable secure proxy mode.
|
backend is HTTP/1.1.
|
||||||
--http2-bridge Like default mode, but communicate with the
|
-s, --http2-proxy
|
||||||
backend in HTTP/2 over SSL/TLS. Thus the
|
Like default mode, but enable secure proxy mode.
|
||||||
incoming all connections are converted to HTTP/2
|
--http2-bridge
|
||||||
connection and relayed to the backend. See
|
Like default mode, but communicate with the backend in
|
||||||
--backend-http-proxy-uri option if you are behind
|
HTTP/2 over SSL/TLS. Thus the incoming all connections
|
||||||
the proxy and want to connect to the outside
|
are converted to HTTP/2 connection and relayed to the
|
||||||
|
backend. See --backend-http-proxy-uri option if you are
|
||||||
|
behind the proxy and want to connect to the outside
|
||||||
HTTP/2 proxy.
|
HTTP/2 proxy.
|
||||||
--client Accept HTTP/2 and HTTP/1.1 without SSL/TLS. The
|
--client Accept HTTP/2 and HTTP/1.1 without SSL/TLS. The
|
||||||
incoming HTTP/1.1 connection can be upgraded to
|
incoming HTTP/1.1 connection can be upgraded to HTTP/2
|
||||||
HTTP/2 connection through HTTP Upgrade. The
|
connection through HTTP Upgrade. The protocol to the
|
||||||
protocol to the backend is HTTP/2. To use
|
backend is HTTP/2. To use nghttpx as a forward proxy,
|
||||||
nghttpx as a forward proxy, use -p option
|
use -p option instead.
|
||||||
instead.
|
|
||||||
-p, --client-proxy
|
-p, --client-proxy
|
||||||
Like --client option, but it also requires the
|
Like --client option, but it also requires the request
|
||||||
request path from frontend must be an absolute
|
path from frontend must be an absolute URI, suitable for
|
||||||
URI, suitable for use as a forward proxy.
|
use as a forward proxy.
|
||||||
|
|
||||||
Logging:
|
Logging:
|
||||||
-L, --log-level=<LEVEL>
|
-L, --log-level=<LEVEL>
|
||||||
Set the severity level of log output. <LEVEL>
|
Set the severity level of log output. <LEVEL> must be
|
||||||
must be one of INFO, NOTICE, WARN, ERROR and
|
one of INFO, NOTICE, WARN, ERROR and FATAL.
|
||||||
FATAL.
|
|
||||||
Default: NOTICE
|
Default: NOTICE
|
||||||
--accesslog-file=<PATH>
|
--accesslog-file=<PATH>
|
||||||
Set path to write access log. To reopen file,
|
Set path to write access log. To reopen file, send USR1
|
||||||
send USR1 signal to nghttpx.
|
signal to nghttpx.
|
||||||
--accesslog-syslog
|
--accesslog-syslog
|
||||||
Send access log to syslog. If this option is
|
Send access log to syslog. If this option is used,
|
||||||
used, --accesslog-file option is ignored.
|
--accesslog-file option is ignored.
|
||||||
--accesslog-format=<FORMAT>
|
--accesslog-format=<FORMAT>
|
||||||
Specify format string for access log. The
|
Specify format string for access log. The default
|
||||||
default format is combined format. The following
|
format is combined format. The following variables are
|
||||||
variables are available:
|
available:
|
||||||
|
|
||||||
* $remote_addr: client IP address.
|
* $remote_addr: client IP address.
|
||||||
* $time_local: local time in Common Log format.
|
* $time_local: local time in Common Log format.
|
||||||
* $time_iso8601: local time in ISO 8601 format.
|
* $time_iso8601: local time in ISO 8601 format.
|
||||||
* $request: HTTP request line.
|
* $request: HTTP request line.
|
||||||
* $status: HTTP response status code.
|
* $status: HTTP response status code.
|
||||||
* $body_bytes_sent: the number of bytes sent to
|
* $body_bytes_sent: the number of bytes sent to client
|
||||||
client as response body.
|
as response body.
|
||||||
* $http_<VAR>: value of HTTP request header <VAR>
|
* $http_<VAR>: value of HTTP request header <VAR> where
|
||||||
where '_' in <VAR> is replaced with '-'.
|
'_' in <VAR> is replaced with '-'.
|
||||||
* $remote_port: client port.
|
* $remote_port: client port.
|
||||||
* $server_port: server port.
|
* $server_port: server port.
|
||||||
* $request_time: request processing time in
|
* $request_time: request processing time in seconds with
|
||||||
seconds with milliseconds resolution.
|
milliseconds resolution.
|
||||||
* $pid: PID of the running process.
|
* $pid: PID of the running process.
|
||||||
* $alpn: ALPN identifier of the protocol which
|
* $alpn: ALPN identifier of the protocol which generates
|
||||||
generates the response. For HTTP/1, ALPN is
|
the response. For HTTP/1, ALPN is always http/1.1,
|
||||||
always http/1.1, regardless of minor version.
|
regardless of minor version.
|
||||||
|
|
||||||
Default: )" << DEFAULT_ACCESSLOG_FORMAT << R"(
|
Default: )" << DEFAULT_ACCESSLOG_FORMAT << R"(
|
||||||
--errorlog-file=<PATH>
|
--errorlog-file=<PATH>
|
||||||
Set path to write error log. To reopen file,
|
Set path to write error log. To reopen file, send USR1
|
||||||
send USR1 signal to nghttpx.
|
signal to nghttpx.
|
||||||
Default: )" << get_config()->errorlog_file.get() << R"(
|
Default: )" << get_config()->errorlog_file.get() << R"(
|
||||||
--errorlog-syslog Send error log to syslog. If this option is
|
--errorlog-syslog
|
||||||
used, --errorlog-file option is ignored.
|
Send error log to syslog. If this option is used,
|
||||||
|
--errorlog-file option is ignored.
|
||||||
--syslog-facility=<FACILITY>
|
--syslog-facility=<FACILITY>
|
||||||
Set syslog facility to <FACILITY>.
|
Set syslog facility to <FACILITY>.
|
||||||
Default: )"
|
Default: )" << str_syslog_facility(get_config()->syslog_facility)
|
||||||
<< str_syslog_facility(get_config()->syslog_facility) << R"(
|
<< R"(
|
||||||
|
|
||||||
Misc:
|
Misc:
|
||||||
--add-x-forwarded-for
|
--add-x-forwarded-for
|
||||||
Append X-Forwarded-For header field to the
|
Append X-Forwarded-For header field to the downstream
|
||||||
downstream request.
|
request.
|
||||||
--strip-incoming-x-forwarded-for
|
--strip-incoming-x-forwarded-for
|
||||||
Strip X-Forwarded-For header field from inbound
|
Strip X-Forwarded-For header field from inbound client
|
||||||
client requests.
|
requests.
|
||||||
--no-via Don't append to Via header field. If Via header
|
--no-via Don't append to Via header field. If Via header field
|
||||||
field is received, it is left unaltered.
|
is received, it is left unaltered.
|
||||||
--no-location-rewrite
|
--no-location-rewrite
|
||||||
Don't rewrite location header field on
|
Don't rewrite location header field on --http2-bridge,
|
||||||
--http2-bridge, --client and default mode. For
|
--client and default mode. For --http2-proxy and
|
||||||
--http2-proxy and --client-proxy mode, location
|
--client-proxy mode, location header field will not be
|
||||||
header field will not be altered regardless of
|
altered regardless of this option.
|
||||||
this option.
|
|
||||||
--altsvc=<PROTOID,PORT[,HOST,[ORIGIN]]>
|
--altsvc=<PROTOID,PORT[,HOST,[ORIGIN]]>
|
||||||
Specify protocol ID, port, host and origin of
|
Specify protocol ID, port, host and origin of
|
||||||
alternative service. <HOST> and <ORIGIN> are
|
alternative service. <HOST> and <ORIGIN> are optional.
|
||||||
optional. They are advertised in alt-svc header
|
They are advertised in alt-svc header field or HTTP/2
|
||||||
field or HTTP/2 ALTSVC frame. This option can be
|
ALTSVC frame. This option can be used multiple times to
|
||||||
used multiple times to specify multiple
|
specify multiple alternative services. Example:
|
||||||
alternative services. Example: --altsvc=h2,443
|
--altsvc=h2,443
|
||||||
--add-response-header=<HEADER>
|
--add-response-header=<HEADER>
|
||||||
Specify additional header field to add to
|
Specify additional header field to add to response
|
||||||
response header set. This option just appends
|
header set. This option just appends header field and
|
||||||
header field and won't replace anything already
|
won't replace anything already set. This option can be
|
||||||
set. This option can be used several times to
|
used several times to specify multiple header fields.
|
||||||
specify multiple header fields.
|
|
||||||
Example: --add-response-header="foo: bar"
|
Example: --add-response-header="foo: bar"
|
||||||
--frontend-http2-dump-request-header=<PATH>
|
--frontend-http2-dump-request-header=<PATH>
|
||||||
Dumps request headers received by HTTP/2 frontend
|
Dumps request headers received by HTTP/2 frontend to the
|
||||||
to the file denoted in <PATH>. The output is
|
file denoted in <PATH>. The output is done in HTTP/1
|
||||||
done in HTTP/1 header field format and each
|
header field format and each header block is followed by
|
||||||
header block is followed by an empty line. This
|
an empty line. This option is not thread safe and MUST
|
||||||
option is not thread safe and MUST NOT be used
|
NOT be used with option -n<N>, where <N> >= 2.
|
||||||
with option -n<N>, where <N> >= 2.
|
|
||||||
--frontend-http2-dump-response-header=<PATH>
|
--frontend-http2-dump-response-header=<PATH>
|
||||||
Dumps response headers sent from HTTP/2 frontend
|
Dumps response headers sent from HTTP/2 frontend to the
|
||||||
to the file denoted in <PATH>. The output is
|
file denoted in <PATH>. The output is done in HTTP/1
|
||||||
done in HTTP/1 header field format and each
|
header field format and each header block is followed by
|
||||||
header block is followed by an empty line. This
|
an empty line. This option is not thread safe and MUST
|
||||||
option is not thread safe and MUST NOT be used
|
NOT be used with option -n<N>, where <N> >= 2.
|
||||||
with option -n<N>, where <N> >= 2.
|
|
||||||
-o, --frontend-frame-debug
|
-o, --frontend-frame-debug
|
||||||
Print HTTP/2 frames in frontend to stderr. This
|
Print HTTP/2 frames in frontend to stderr. This option
|
||||||
option is not thread safe and MUST NOT be used
|
is not thread safe and MUST NOT be used with option
|
||||||
with option -n=N, where N >= 2.
|
-n=N, where N >= 2.
|
||||||
-D, --daemon
|
-D, --daemon
|
||||||
Run in a background. If -D is used, the current
|
Run in a background. If -D is used, the current working
|
||||||
working directory is changed to '/'.
|
directory is changed to '/'.
|
||||||
--pid-file=<PATH> Set path to save PID of this program.
|
--pid-file=<PATH>
|
||||||
--user=<USER> Run this program as <USER>. This option is
|
Set path to save PID of this program.
|
||||||
intended to be used to drop root privileges.
|
--user=<USER>
|
||||||
--conf=<PATH> Load configuration from <PATH>.
|
Run this program as <USER>. This option is intended to
|
||||||
|
be used to drop root privileges.
|
||||||
|
--conf=<PATH>
|
||||||
|
Load configuration from <PATH>.
|
||||||
Default: )" << get_config()->conf_path.get() << R"(
|
Default: )" << get_config()->conf_path.get() << R"(
|
||||||
-v, --version Print version and exit.
|
-v, --version
|
||||||
|
Print version and exit.
|
||||||
-h, --help Print this help and exit.
|
-h, --help Print this help and exit.
|
||||||
|
|
||||||
The <SIZE> argument is an integer and an optional unit (e.g., 10K is
|
The <SIZE> argument is an integer and an optional unit (e.g., 10K is
|
||||||
|
|
Loading…
Reference in New Issue