Update man pages

2016-02-29 00:55:16 +09:00 · 2016-02-29 00:55:16 +09:00 · 1b9b03b68f
parent a59445ccff
commit 1b9b03b68f
5 changed files with 171 additions and 227 deletions
--- a/doc/h2load.1
+++ b/doc/h2load.1
@ -1,6 +1,6 @@
 .\" Man page generated from reStructuredText.
 .
-.TH "H2LOAD" "1" "February 25, 2016" "1.8.0" "nghttp2"
+.TH "H2LOAD" "1" "February 29, 2016" "1.9.0-DEV" "nghttp2"
 .SH NAME
 h2load \- HTTP/2 benchmarking tool
 .
--- a/doc/nghttp.1
+++ b/doc/nghttp.1
@ -1,6 +1,6 @@
 .\" Man page generated from reStructuredText.
 .
-.TH "NGHTTP" "1" "February 25, 2016" "1.8.0" "nghttp2"
+.TH "NGHTTP" "1" "February 29, 2016" "1.9.0-DEV" "nghttp2"
 .SH NAME
 nghttp \- HTTP/2 client
 .
--- a/doc/nghttpd.1
+++ b/doc/nghttpd.1
@ -1,6 +1,6 @@
 .\" Man page generated from reStructuredText.
 .
-.TH "NGHTTPD" "1" "February 25, 2016" "1.8.0" "nghttp2"
+.TH "NGHTTPD" "1" "February 29, 2016" "1.9.0-DEV" "nghttp2"
 .SH NAME
 nghttpd \- HTTP/2 server
 .
--- a/doc/nghttpx.1
+++ b/doc/nghttpx.1
@ -1,6 +1,6 @@
 .\" Man page generated from reStructuredText.
 .
-.TH "NGHTTPX" "1" "February 25, 2016" "1.8.0" "nghttp2"
+.TH "NGHTTPX" "1" "February 29, 2016" "1.9.0-DEV" "nghttp2"
 .SH NAME
 nghttpx \- HTTP/2 proxy
 .
@ -39,15 +39,15 @@ A reverse proxy for HTTP/2, HTTP/1 and SPDY.
 .INDENT 0.0
 .TP
 .B <PRIVATE_KEY>
-Set path  to server\(aqs private key.   Required unless \fI\%\-p\fP,
+Set  path  to  server\(aqs private  key.   Required  unless
-\fI\%\-\-client\fP or \fI\%\-\-frontend\-no\-tls\fP are given.
+\fI\%\-\-frontend\-no\-tls\fP are given.
 .UNINDENT
 .INDENT 0.0
 .TP
 .B <CERT>
-Set path  to server\(aqs certificate.  Required  unless \fI\%\-p\fP,
+Set  path  to  server\(aqs  certificate.   Required  unless
-\fI\%\-\-client\fP or  \fI\%\-\-frontend\-no\-tls\fP are given.  To  make OCSP
+\fI\%\-\-frontend\-no\-tls\fP  are  given.   To make  OCSP  stapling
-stapling work, this must be absolute path.
+work, this must be an absolute path.
 .UNINDENT
 .SH OPTIONS
 .sp
@ -55,38 +55,39 @@ The options are categorized into several groups.
 .SS Connections
 .INDENT 0.0
 .TP
-.B \-b, \-\-backend=(<HOST>,<PORT>|unix:<PATH>)[;<PATTERN>[:...]]
+.B \-b, \-\-backend=(<HOST>,<PORT>|unix:<PATH>)[;[<PATTERN>[:...]][;proto=<PROTO>]]
 Set  backend  host  and   port.   The  multiple  backend
 addresses are  accepted by repeating this  option.  UNIX
 domain socket  can be  specified by prefixing  path name
 with "unix:" (e.g., unix:/var/run/backend.sock).
 .sp
 Optionally, if <PATTERN>s are given, the backend address
-is only used  if request matches the pattern.   If \fI\%\-s\fP or
+is  only  used  if  request  matches  the  pattern.   If
-\fI\%\-p\fP  is  used,  <PATTERN>s   are  ignored.   The  pattern
+\fI\%\-\-http2\-proxy\fP  is  used,  <PATTERN>s are  ignored.   The
-matching  is closely  designed to  ServeMux in  net/http
+pattern  matching is  closely  designed  to ServeMux  in
-package of Go  programming language.  <PATTERN> consists
+net/http package of  Go programming language.  <PATTERN>
-of path, host + path or  just host.  The path must start
+consists of  path, host +  path or just host.   The path
-with "\fI/\fP".  If  it ends with "\fI/\fP", it  matches all request
+must start  with "\fI/\fP".  If  it ends with "\fI/\fP",  it matches
-path in  its subtree.  To  deal with the request  to the
+all  request path  in  its subtree.   To  deal with  the
-directory without  trailing slash,  the path  which ends
+request  to the  directory without  trailing slash,  the
-with "\fI/\fP" also matches the  request path which only lacks
+path which ends  with "\fI/\fP" also matches  the request path
-trailing \(aq\fI/\fP\(aq  (e.g., path  "\fI/foo/\fP" matches  request path
+which  only  lacks  trailing  \(aq\fI/\fP\(aq  (e.g.,  path  "\fI/foo/\fP"
-"\fI/foo\fP").  If it does not end with "\fI/\fP", it performs exact
+matches request path  "\fI/foo\fP").  If it does  not end with
-match against  the request path.   If host is  given, it
+"\fI/\fP", it  performs exact match against  the request path.
-performs exact match against  the request host.  If host
+If host  is given, it  performs exact match  against the
-alone  is given,  "\fI/\fP"  is  appended to  it,  so that  it
+request host.  If  host alone is given,  "\fI/\fP" is appended
-matches  all   request  paths  under  the   host  (e.g.,
+to it,  so that it  matches all request paths  under the
-specifying "nghttp2.org" equals to "nghttp2.org/").
+host   (e.g.,   specifying   "nghttp2.org"   equals   to
 "nghttp2.org/").
 .sp
 Patterns with  host take  precedence over  patterns with
 just path.   Then, longer patterns take  precedence over
 shorter  ones,  breaking  a  tie by  the  order  of  the
 appearance in the configuration.
 .sp
-If <PATTERN> is  omitted, "\fI/\fP" is used  as pattern, which
+If <PATTERN> is omitted or  empty string, "\fI/\fP" is used as
-matches  all  request  paths (catch\-all  pattern).   The
+pattern,  which  matches  all request  paths  (catch\-all
-catch\-all backend must be given.
+pattern).  The catch\-all backend must be given.
 .sp
 When doing  a match, nghttpx made  some normalization to
 pattern, request host and path.  For host part, they are
@ -109,6 +110,15 @@ and \fI\%\-b\fP\(aq127.0.0.1,8080;www.nghttp2.org\(aq.
 The backend addresses sharing same <PATTERN> are grouped
 together forming  load balancing  group.
 .sp
 Optionally,   backend   application  protocol   can   be
 specified in <PROTO>.  All that share the same <PATTERN>
 must  have  the  same  <PROTO> value  if  it  is  given.
 <PROTO>  should be  one  of the  following list  without
 quotes: "h2", "http/1.1".  The  default value of <PROTO>
 is "http/1.1".  Note that  usually "h2" refers to HTTP/2
 over TLS.  But  in this option, it may  mean HTTP/2 over
 cleartext TCP unless \fI\%\-\-backend\-tls\fP is used.
 .sp
 Since ";" and ":" are  used as delimiter, <PATTERN> must
 not  contain these  characters.  Since  ";" has  special
 meaning in shell, the option value must be quoted.
@ -167,19 +177,8 @@ Accept PROXY protocol version 1 on frontend connection.
 .UNINDENT
 .INDENT 0.0
 .TP
-.B \-\-backend\-no\-tls
+.B \-\-backend\-tls
-Disable  SSL/TLS  on  backend connections.   For  HTTP/2
+Enable SSL/TLS on backend connections.
 backend  connections, TLS  is enabled  by default.   For
 HTTP/1 backend connections, TLS  is disabled by default,
 and can  be enabled  by \fI\%\-\-backend\-http1\-tls\fP  option.  If
 both  \fI\%\-\-backend\-no\-tls\fP  and \fI\%\-\-backend\-http1\-tls\fP  options
 are used, \fI\%\-\-backend\-no\-tls\fP has the precedence.
 .UNINDENT
 .INDENT 0.0
 .TP
 .B \-\-backend\-http1\-tls
 Enable SSL/TLS on backend  HTTP/1 connections.  See also
 \fI\%\-\-backend\-no\-tls\fP option.
 .UNINDENT
 .SS Performance
 .INDENT 0.0
@ -269,37 +268,27 @@ Default: \fB0\fP
 .UNINDENT
 .INDENT 0.0
 .TP
-.B \-\-backend\-http2\-connections\-per\-worker=<N>
+.B \-\-backend\-connections\-per\-host=<N>
-Set   maximum   number   of  backend   HTTP/2   physical
+Set  maximum number  of  backend concurrent  connections
-connections  per  worker.   If  pattern is  used  in  \fI\%\-b\fP
+(and/or  streams in  case  of HTTP/2)  per origin  host.
-option, this limit is applied  to each pattern group (in
+This option  is meaningful when \fI\%\-\-http2\-proxy\fP  option is
-other  words, each  pattern group  can have  maximum <N>
+used.   The  origin  host  is  determined  by  authority
-HTTP/2  connections).  The  default  value  is 0,  which
+portion of  request URI (or :authority  header field for
-means  that  the value  is  adjusted  to the  number  of
+HTTP/2).   To  limit  the   number  of  connections  per
-backend addresses.  If pattern  is used, this adjustment
+frontend        for       default        mode,       use
-is done for each pattern group.
+\fI\%\-\-backend\-connections\-per\-frontend\fP\&.
 .UNINDENT
 .INDENT 0.0
 .TP
 .B \-\-backend\-http1\-connections\-per\-host=<N>
 Set   maximum  number   of  backend   concurrent  HTTP/1
 connections per origin host.   This option is meaningful
 when \fI\%\-s\fP option  is used.  The origin  host is determined
 by  authority  portion  of request  URI  (or  :authority
 header  field  for  HTTP/2).   To limit  the  number  of
 connections   per  frontend   for   default  mode,   use
 \fI\%\-\-backend\-http1\-connections\-per\-frontend\fP\&.
 .sp
 Default: \fB8\fP
 .UNINDENT
 .INDENT 0.0
 .TP
-.B \-\-backend\-http1\-connections\-per\-frontend=<N>
+.B \-\-backend\-connections\-per\-frontend=<N>
-Set   maximum  number   of  backend   concurrent  HTTP/1
+Set  maximum number  of  backend concurrent  connections
-connections per frontend.  This  option is only used for
+(and/or streams  in case of HTTP/2)  per frontend.  This
-default mode.   0 means unlimited.  To  limit the number
+option  is   only  used  for  default   mode.   0  means
-of connections  per host for  HTTP/2 or SPDY  proxy mode
+unlimited.  To limit the  number of connections per host
-(\-s option), use \fI\%\-\-backend\-http1\-connections\-per\-host\fP\&.
+with          \fI\%\-\-http2\-proxy\fP         option,          use
 \fI\%\-\-backend\-connections\-per\-host\fP\&.
 .sp
 Default: \fB0\fP
 .UNINDENT
@ -700,9 +689,19 @@ the complete HTTP/2 cipher suites black list.
 .SS HTTP/2 and SPDY
 .INDENT 0.0
 .TP
-.B \-c, \-\-http2\-max\-concurrent\-streams=<N>
+.B \-c, \-\-frontend\-http2\-max\-concurrent\-streams=<N>
 Set the maximum number of  the concurrent streams in one
-HTTP/2 and SPDY session.
+frontend HTTP/2 and SPDY session.
 .sp
 Default: \(ga\(ga 100\(ga\(ga
 .UNINDENT
 .INDENT 0.0
 .TP
 .B \-\-backend\-http2\-max\-concurrent\-streams=<N>
 Set the maximum number of  the concurrent streams in one
 backend  HTTP/2 session.   This sets  maximum number  of
 concurrent opened pushed streams.  The maximum number of
 concurrent requests are set by a remote server.
 .sp
 Default: \fB100\fP
 .UNINDENT
@ -743,7 +742,7 @@ Default: \fB16\fP
 Sets the  per\-connection window  size of  HTTP/2 backend
 connection to 2**<N>\-1.
 .sp
-Default: \fB16\fP
+Default: \fB30\fP
 .UNINDENT
 .INDENT 0.0
 .TP
@ -764,11 +763,10 @@ protocol security.
 Disable HTTP/2 server push.  Server push is supported by
 default mode and HTTP/2  frontend via Link header field.
 It is  also supported if  both frontend and  backend are
-HTTP/2 (which implies  \fI\%\-\-http2\-bridge\fP or \fI\%\-\-client\fP mode).
+HTTP/2 in default mode.  In  this case, server push from
-In  this  case,  server  push from  backend  session  is
+backend session is relayed  to frontend, and server push
-relayed  to frontend,  and server  push via  Link header
+via Link header field  is also supported.  SPDY frontend
-field is  also supported.   HTTP SPDY frontend  does not
+does not support server push.
 support server push.
 .UNINDENT
 .SS Mode
 .INDENT 0.0
@ -777,39 +775,13 @@ support server push.
 Accept  HTTP/2,  SPDY  and HTTP/1.1  over  SSL/TLS.   If
 \fI\%\-\-frontend\-no\-tls\fP is  used, accept HTTP/2  and HTTP/1.1.
 The  incoming HTTP/1.1  connection  can  be upgraded  to
-HTTP/2  through  HTTP  Upgrade.   The  protocol  to  the
+HTTP/2  through  HTTP  Upgrade.
 backend is HTTP/1.1.
 .UNINDENT
 .INDENT 0.0
 .TP
 .B \-s, \-\-http2\-proxy
-Like default mode, but enable secure proxy mode.
+Like default mode, but enable forward proxy.  This is so
-.UNINDENT
+called HTTP/2 proxy mode.
 .INDENT 0.0
 .TP
 .B \-\-http2\-bridge
 Like default  mode, but communicate with  the backend in
 HTTP/2 over SSL/TLS.  Thus  the incoming all connections
 are converted  to HTTP/2  connection and relayed  to the
 backend.  See \fI\%\-\-backend\-http\-proxy\-uri\fP option if you are
 behind  the proxy  and want  to connect  to the  outside
 HTTP/2 proxy.
 .UNINDENT
 .INDENT 0.0
 .TP
 .B \-\-client
 Accept  HTTP/2   and  HTTP/1.1  without   SSL/TLS.   The
 incoming HTTP/1.1  connection can be upgraded  to HTTP/2
 connection through  HTTP Upgrade.   The protocol  to the
 backend is HTTP/2.   To use nghttpx as  a forward proxy,
 use \fI\%\-p\fP option instead.
 .UNINDENT
 .INDENT 0.0
 .TP
 .B \-p, \-\-client\-proxy
 Like \fI\%\-\-client\fP  option, but it also  requires the request
 path from frontend must be an absolute URI, suitable for
 use as a forward proxy.
 .UNINDENT
 .SS Logging
 .INDENT 0.0
@ -975,18 +947,16 @@ is received, it is left unaltered.
 .INDENT 0.0
 .TP
 .B \-\-no\-location\-rewrite
-Don\(aqt rewrite  location header field  on \fI\%\-\-http2\-bridge\fP,
+Don\(aqt  rewrite location  header field  in default  mode.
-\fI\%\-\-client\fP  and  default   mode.   For  \fI\%\-\-http2\-proxy\fP  and
+When \fI\%\-\-http2\-proxy\fP  is used, location header  field will
-\fI\%\-\-client\-proxy\fP mode,  location header field will  not be
+not be altered regardless of this option.
 altered regardless of this option.
 .UNINDENT
 .INDENT 0.0
 .TP
 .B \-\-host\-rewrite
-Rewrite   host   and   :authority   header   fields   on
+Rewrite  host and  :authority header  fields in  default
-\fI\%\-\-http2\-bridge\fP,   \fI\%\-\-client\fP   and  default   mode.    For
+mode.  When  \fI\%\-\-http2\-proxy\fP is  used, these  headers will
-\fI\%\-\-http2\-proxy\fP  and  \fI\%\-\-client\-proxy\fP mode,  these  headers
+not be altered regardless of this option.
 will not be altered regardless of this option.
 .UNINDENT
 .INDENT 0.0
 .TP
@ -1258,12 +1228,12 @@ associated stream\(aqs status code must be 200.
 This limitation may be loosened in the future release.
 .sp
 nghttpx also supports server push if both frontend and backend are
-HTTP/2 (which implies \fI\%\-\-http2\-bridge\fP or \fI\%\-\-client\fP).
+HTTP/2 in default mode.  In this case, in addition to server push via
-In this case, in addition to server push via Link header field, server
+Link header field, server push from backend is forwarded to frontend
-push from backend is relayed to frontend HTTP/2 session.
+HTTP/2 session.
 .sp
-HTTP/2 server push will be disabled if \fI\%\-\-http2\-proxy\fP or
+HTTP/2 server push will be disabled if \fI\%\-\-http2\-proxy\fP is
-\fI\%\-\-client\-proxy\fP is used.
+used.
 .SH UNIX DOMAIN SOCKET
 .sp
 nghttpx supports UNIX domain socket with a filename for both frontend
--- a/doc/nghttpx.1.rst
+++ b/doc/nghttpx.1.rst
@ -19,14 +19,14 @@ A reverse proxy for HTTP/2, HTTP/1 and SPDY.
 .. describe:: <PRIVATE_KEY>
-    Set path  to server's private key.   Required unless :option:`-p`\,
+    Set  path  to  server's private  key.   Required  unless
-    :option:`--client` or :option:`\--frontend-no-tls` are given.
+    :option:`--frontend-no-tls` are given.
 .. describe:: <CERT>
-    Set path  to server's certificate.  Required  unless :option:`-p`\,
+    Set  path  to  server's  certificate.   Required  unless
-    :option:`--client` or  :option:`\--frontend-no-tls` are given.  To  make OCSP
+    :option:`--frontend-no-tls`  are  given.   To make  OCSP  stapling
-    stapling work, this must be absolute path.
+    work, this must be an absolute path.
 OPTIONS
@ -37,7 +37,7 @@ The options are categorized into several groups.
 Connections
 ~~~~~~~~~~~
-.. option:: -b, --backend=(<HOST>,<PORT>|unix:<PATH>)[;<PATTERN>[:...]]
+.. option:: -b, --backend=(<HOST>,<PORT>|unix:<PATH>)[;[<PATTERN>[:...]][;proto=<PROTO>]]
    Set  backend  host  and   port.   The  multiple  backend
    addresses are  accepted by repeating this  option.  UNIX
@ -45,31 +45,32 @@ Connections
    with "unix:" (e.g., unix:/var/run/backend.sock).
    Optionally, if <PATTERN>s are given, the backend address
-    is only used  if request matches the pattern.   If :option:`-s` or
+    is  only  used  if  request  matches  the  pattern.   If
-    :option:`-p`  is  used,  <PATTERN>s   are  ignored.   The  pattern
+    :option:`--http2-proxy`  is  used,  <PATTERN>s are  ignored.   The
-    matching  is closely  designed to  ServeMux in  net/http
+    pattern  matching is  closely  designed  to ServeMux  in
-    package of Go  programming language.  <PATTERN> consists
+    net/http package of  Go programming language.  <PATTERN>
-    of path, host + path or  just host.  The path must start
+    consists of  path, host +  path or just host.   The path
-    with "*/*".  If  it ends with "*/*", it  matches all request
+    must start  with "*/*".  If  it ends with "*/*",  it matches
-    path in  its subtree.  To  deal with the request  to the
+    all  request path  in  its subtree.   To  deal with  the
-    directory without  trailing slash,  the path  which ends
+    request  to the  directory without  trailing slash,  the
-    with "*/*" also matches the  request path which only lacks
+    path which ends  with "*/*" also matches  the request path
-    trailing '*/*'  (e.g., path  "*/foo/*" matches  request path
+    which  only  lacks  trailing  '*/*'  (e.g.,  path  "*/foo/*"
-    "*/foo*").  If it does not end with "*/*", it performs exact
+    matches request path  "*/foo*").  If it does  not end with
-    match against  the request path.   If host is  given, it
+    "*/*", it  performs exact match against  the request path.
-    performs exact match against  the request host.  If host
+    If host  is given, it  performs exact match  against the
-    alone  is given,  "*/*"  is  appended to  it,  so that  it
+    request host.  If  host alone is given,  "*/*" is appended
-    matches  all   request  paths  under  the   host  (e.g.,
+    to it,  so that it  matches all request paths  under the
-    specifying "nghttp2.org" equals to "nghttp2.org/").
+    host   (e.g.,   specifying   "nghttp2.org"   equals   to
    "nghttp2.org/").
    Patterns with  host take  precedence over  patterns with
    just path.   Then, longer patterns take  precedence over
    shorter  ones,  breaking  a  tie by  the  order  of  the
    appearance in the configuration.
-    If <PATTERN> is  omitted, "*/*" is used  as pattern, which
+    If <PATTERN> is omitted or  empty string, "*/*" is used as
-    matches  all  request  paths (catch-all  pattern).   The
+    pattern,  which  matches  all request  paths  (catch-all
-    catch-all backend must be given.
+    pattern).  The catch-all backend must be given.
    When doing  a match, nghttpx made  some normalization to
    pattern, request host and path.  For host part, they are
@ -92,6 +93,15 @@ Connections
    The backend addresses sharing same <PATTERN> are grouped
    together forming  load balancing  group.
    Optionally,   backend   application  protocol   can   be
    specified in <PROTO>.  All that share the same <PATTERN>
    must  have  the  same  <PROTO> value  if  it  is  given.
    <PROTO>  should be  one  of the  following list  without
    quotes: "h2", "http/1.1".  The  default value of <PROTO>
    is "http/1.1".  Note that  usually "h2" refers to HTTP/2
    over TLS.  But  in this option, it may  mean HTTP/2 over
    cleartext TCP unless :option:`--backend-tls` is used.
    Since ";" and ":" are  used as delimiter, <PATTERN> must
    not  contain these  characters.  Since  ";" has  special
    meaning in shell, the option value must be quoted.
@ -144,19 +154,9 @@ Connections
    Accept PROXY protocol version 1 on frontend connection.
-.. option:: --backend-no-tls
+.. option:: --backend-tls
-    Disable  SSL/TLS  on  backend connections.   For  HTTP/2
+    Enable SSL/TLS on backend connections.
    backend  connections, TLS  is enabled  by default.   For
    HTTP/1 backend connections, TLS  is disabled by default,
    and can  be enabled  by :option:`--backend-http1-tls`  option.  If
    both  :option:`--backend-no-tls`  and :option:`\--backend-http1-tls`  options
    are used, :option:`--backend-no-tls` has the precedence.
 .. option:: --backend-http1-tls
    Enable SSL/TLS on backend  HTTP/1 connections.  See also
    :option:`--backend-no-tls` option.
 Performance
@ -237,36 +237,27 @@ Performance
    Default: ``0``
-.. option:: --backend-http2-connections-per-worker=<N>
+.. option:: --backend-connections-per-host=<N>
-    Set   maximum   number   of  backend   HTTP/2   physical
+    Set  maximum number  of  backend concurrent  connections
-    connections  per  worker.   If  pattern is  used  in  :option:`-b`
+    (and/or  streams in  case  of HTTP/2)  per origin  host.
-    option, this limit is applied  to each pattern group (in
+    This option  is meaningful when :option:`--http2-proxy`  option is
-    other  words, each  pattern group  can have  maximum <N>
+    used.   The  origin  host  is  determined  by  authority
-    HTTP/2  connections).  The  default  value  is 0,  which
+    portion of  request URI (or :authority  header field for
-    means  that  the value  is  adjusted  to the  number  of
+    HTTP/2).   To  limit  the   number  of  connections  per
-    backend addresses.  If pattern  is used, this adjustment
+    frontend        for       default        mode,       use
-    is done for each pattern group.
+    :option:`--backend-connections-per-frontend`\.
 .. option:: --backend-http1-connections-per-host=<N>
    Set   maximum  number   of  backend   concurrent  HTTP/1
    connections per origin host.   This option is meaningful
    when :option:`-s` option  is used.  The origin  host is determined
    by  authority  portion  of request  URI  (or  :authority
    header  field  for  HTTP/2).   To limit  the  number  of
    connections   per  frontend   for   default  mode,   use
    :option:`--backend-http1-connections-per-frontend`\.
    Default: ``8``
-.. option:: --backend-http1-connections-per-frontend=<N>
+.. option:: --backend-connections-per-frontend=<N>
-    Set   maximum  number   of  backend   concurrent  HTTP/1
+    Set  maximum number  of  backend concurrent  connections
-    connections per frontend.  This  option is only used for
+    (and/or streams  in case of HTTP/2)  per frontend.  This
-    default mode.   0 means unlimited.  To  limit the number
+    option  is   only  used  for  default   mode.   0  means
-    of connections  per host for  HTTP/2 or SPDY  proxy mode
+    unlimited.  To limit the  number of connections per host
-    (-s option), use :option:`--backend-http1-connections-per-host`\.
+    with          :option:`--http2-proxy`         option,          use
    :option:`--backend-connections-per-host`\.
    Default: ``0``
@ -626,10 +617,19 @@ SSL/TLS
 HTTP/2 and SPDY
 ~~~~~~~~~~~~~~~
-.. option:: -c, --http2-max-concurrent-streams=<N>
+.. option:: -c, --frontend-http2-max-concurrent-streams=<N>
    Set the maximum number of  the concurrent streams in one
-    HTTP/2 and SPDY session.
+    frontend HTTP/2 and SPDY session.
    Default: `` 100``
 .. option:: --backend-http2-max-concurrent-streams=<N>
    Set the maximum number of  the concurrent streams in one
    backend  HTTP/2 session.   This sets  maximum number  of
    concurrent opened pushed streams.  The maximum number of
    concurrent requests are set by a remote server.
    Default: ``100``
@ -665,7 +665,7 @@ HTTP/2 and SPDY
    Sets the  per-connection window  size of  HTTP/2 backend
    connection to 2\*\*<N>-1.
-    Default: ``16``
+    Default: ``30``
 .. option:: --http2-no-cookie-crumbling
@ -683,11 +683,10 @@ HTTP/2 and SPDY
    Disable HTTP/2 server push.  Server push is supported by
    default mode and HTTP/2  frontend via Link header field.
    It is  also supported if  both frontend and  backend are
-    HTTP/2 (which implies  :option:`--http2-bridge` or :option:`\--client` mode).
+    HTTP/2 in default mode.  In  this case, server push from
-    In  this  case,  server  push from  backend  session  is
+    backend session is relayed  to frontend, and server push
-    relayed  to frontend,  and server  push via  Link header
+    via Link header field  is also supported.  SPDY frontend
-    field is  also supported.   HTTP SPDY frontend  does not
+    does not support server push.
    support server push.
 Mode
@ -699,35 +698,12 @@ Mode
    Accept  HTTP/2,  SPDY  and HTTP/1.1  over  SSL/TLS.   If
    :option:`--frontend-no-tls` is  used, accept HTTP/2  and HTTP/1.1.
    The  incoming HTTP/1.1  connection  can  be upgraded  to
-    HTTP/2  through  HTTP  Upgrade.   The  protocol  to  the
+    HTTP/2  through  HTTP  Upgrade.
    backend is HTTP/1.1.
 .. option:: -s, --http2-proxy
-    Like default mode, but enable secure proxy mode.
+    Like default mode, but enable forward proxy.  This is so
-
+    called HTTP/2 proxy mode.
 .. option:: --http2-bridge
    Like default  mode, but communicate with  the backend in
    HTTP/2 over SSL/TLS.  Thus  the incoming all connections
    are converted  to HTTP/2  connection and relayed  to the
    backend.  See :option:`--backend-http-proxy-uri` option if you are
    behind  the proxy  and want  to connect  to the  outside
    HTTP/2 proxy.
 .. option:: --client
    Accept  HTTP/2   and  HTTP/1.1  without   SSL/TLS.   The
    incoming HTTP/1.1  connection can be upgraded  to HTTP/2
    connection through  HTTP Upgrade.   The protocol  to the
    backend is HTTP/2.   To use nghttpx as  a forward proxy,
    use :option:`-p` option instead.
 .. option:: -p, --client-proxy
    Like :option:`--client`  option, but it also  requires the request
    path from frontend must be an absolute URI, suitable for
    use as a forward proxy.
 Logging
@ -868,17 +844,15 @@ HTTP
 .. option:: --no-location-rewrite
-    Don't rewrite  location header field  on :option:`--http2-bridge`\,
+    Don't  rewrite location  header field  in default  mode.
-    :option:`--client`  and  default   mode.   For  :option:`\--http2-proxy`  and
+    When :option:`--http2-proxy`  is used, location header  field will
-    :option:`--client-proxy` mode,  location header field will  not be
+    not be altered regardless of this option.
    altered regardless of this option.
 .. option:: --host-rewrite
-    Rewrite   host   and   :authority   header   fields   on
+    Rewrite  host and  :authority header  fields in  default
-    :option:`--http2-bridge`\,   :option:`--client`   and  default   mode.    For
+    mode.  When  :option:`--http2-proxy` is  used, these  headers will
-    :option:`--http2-proxy`  and  :option:`\--client-proxy` mode,  these  headers
+    not be altered regardless of this option.
    will not be altered regardless of this option.
 .. option:: --altsvc=<PROTOID,PORT[,HOST,[ORIGIN]]>
@ -1126,12 +1100,12 @@ Currently, the following restriction is applied for server push:
 This limitation may be loosened in the future release.
 nghttpx also supports server push if both frontend and backend are
-HTTP/2 (which implies :option:`--http2-bridge` or :option:`--client`).
+HTTP/2 in default mode.  In this case, in addition to server push via
-In this case, in addition to server push via Link header field, server
+Link header field, server push from backend is forwarded to frontend
-push from backend is relayed to frontend HTTP/2 session.
+HTTP/2 session.
-HTTP/2 server push will be disabled if :option:`--http2-proxy` or
+HTTP/2 server push will be disabled if :option:`--http2-proxy` is
-:option:`--client-proxy` is used.
+used.
 UNIX DOMAIN SOCKET
 ------------------