Update man pages

2016-03-25 02:15:29 +09:00 · 2016-03-25 02:15:29 +09:00 · 333dd73a18
parent 8e84bbd781
commit 333dd73a18
5 changed files with 73 additions and 88 deletions
--- a/doc/h2load.1
+++ b/doc/h2load.1
@ -1,6 +1,6 @@
 .\" Man page generated from reStructuredText.
 .
-.TH "H2LOAD" "1" "March 20, 2016" "1.9.0-DEV" "nghttp2"
+.TH "H2LOAD" "1" "March 25, 2016" "1.9.0-DEV" "nghttp2"
 .SH NAME
 h2load \- HTTP/2 benchmarking tool
 .
--- a/doc/nghttp.1
+++ b/doc/nghttp.1
@ -1,6 +1,6 @@
 .\" Man page generated from reStructuredText.
 .
-.TH "NGHTTP" "1" "March 20, 2016" "1.9.0-DEV" "nghttp2"
+.TH "NGHTTP" "1" "March 25, 2016" "1.9.0-DEV" "nghttp2"
 .SH NAME
 nghttp \- HTTP/2 client
 .
--- a/doc/nghttpd.1
+++ b/doc/nghttpd.1
@ -1,6 +1,6 @@
 .\" Man page generated from reStructuredText.
 .
-.TH "NGHTTPD" "1" "March 20, 2016" "1.9.0-DEV" "nghttp2"
+.TH "NGHTTPD" "1" "March 25, 2016" "1.9.0-DEV" "nghttp2"
 .SH NAME
 nghttpd \- HTTP/2 server
 .
--- a/doc/nghttpx.1
+++ b/doc/nghttpx.1
@ -1,6 +1,6 @@
 .\" Man page generated from reStructuredText.
 .
-.TH "NGHTTPX" "1" "March 20, 2016" "1.9.0-DEV" "nghttp2"
+.TH "NGHTTPX" "1" "March 25, 2016" "1.9.0-DEV" "nghttp2"
 .SH NAME
 nghttpx \- HTTP/2 proxy
 .
@ -40,14 +40,14 @@ A reverse proxy for HTTP/2, HTTP/1 and SPDY.
 .TP
 .B <PRIVATE_KEY>
 Set  path  to  server\(aqs private  key.   Required  unless
-\fI\%\-\-frontend\-no\-tls\fP are given.
+"no\-tls" keyword is used in \fI\%\-\-frontend\fP option.
 .UNINDENT
 .INDENT 0.0
 .TP
 .B <CERT>
 Set  path  to  server\(aqs  certificate.   Required  unless
-\fI\%\-\-frontend\-no\-tls\fP  are  given.   To make  OCSP  stapling
-work, this must be an absolute path.
+"no\-tls" keyword is used  in \fI\%\-\-frontend\fP option.  To make
+OCSP stapling work, this must be an absolute path.
 .UNINDENT
 .SH OPTIONS
 .sp
@ -55,7 +55,7 @@ The options are categorized into several groups.
 .SS Connections
 .INDENT 0.0
 .TP
-.B \-b, \-\-backend=(<HOST>,<PORT>|unix:<PATH>)[;[<PATTERN>[:...]][;proto=<PROTO>]]
+.B \-b, \-\-backend=(<HOST>,<PORT>|unix:<PATH>)[;[<PATTERN>[:...]][;proto=<PROTO>][;tls]]
 Set  backend  host  and   port.   The  multiple  backend
 addresses are  accepted by repeating this  option.  UNIX
 domain socket  can be  specified by prefixing  path name
@ -86,10 +86,11 @@ shorter ones.
 .sp
 Host  can  include "*"  in  the  left most  position  to
 indicate  wildcard match  (only suffix  match is  done).
-For  example,  host pattern  "*www.nghttp2.org"  matches
-against  "www.nghttp2.org"  and  "1www.ngttp2.org",  but
-does not  match against "nghttp2.org".  The  exact hosts
-match takes precedence over the wildcard hosts match.
+The "*" must match at least one character.  For example,
+host    pattern    "*.nghttp2.org"    matches    against
+"www.nghttp2.org"  and  "git.ngttp2.org", but  does  not
+match  against  "nghttp2.org".   The exact  hosts  match
+takes precedence over the wildcard hosts match.
 .sp
 If <PATTERN> is omitted or  empty string, "\fI/\fP" is used as
 pattern,  which  matches  all request  paths  (catch\-all
@ -123,7 +124,10 @@ must  have  the  same  <PROTO> value  if  it  is  given.
 quotes: "h2", "http/1.1".  The  default value of <PROTO>
 is "http/1.1".  Note that  usually "h2" refers to HTTP/2
 over TLS.  But  in this option, it may  mean HTTP/2 over
-cleartext TCP unless \fI\%\-\-backend\-tls\fP is used.
+cleartext TCP unless "tls" keyword is used (see below).
+.sp
+Optionally,  TLS  can  be enabled  by  specifying  "tls"
+keyword.  TLS is not enabled by default.
 .sp
 Since ";" and ":" are  used as delimiter, <PATTERN> must
 not  contain these  characters.  Since  ";" has  special
@ -133,7 +137,7 @@ Default: \fB127.0.0.1,80\fP
 .UNINDENT
 .INDENT 0.0
 .TP
-.B \-f, \-\-frontend=(<HOST>,<PORT>|unix:<PATH>)
+.B \-f, \-\-frontend=(<HOST>,<PORT>|unix:<PATH>)[;no\-tls]
 Set  frontend  host and  port.   If  <HOST> is  \(aq*\(aq,  it
 assumes  all addresses  including  both  IPv4 and  IPv6.
 UNIX domain  socket can  be specified by  prefixing path
@ -141,6 +145,9 @@ name  with  "unix:" (e.g.,  unix:/var/run/nghttpx.sock).
 This  option can  be used  multiple times  to listen  to
 multiple addresses.
 .sp
+Optionally, TLS  can be disabled by  specifying "no\-tls"
+keyword.  TLS is enabled by default.
+.sp
 Default: \fB*,3000\fP
 .UNINDENT
 .INDENT 0.0
@ -181,11 +188,6 @@ be     specified    by     \fI\%\-\-backend\-read\-timeout\fP    and
 .B \-\-accept\-proxy\-protocol
 Accept PROXY protocol version 1 on frontend connection.
 .UNINDENT
-.INDENT 0.0
-.TP
-.B \-\-backend\-tls
-Enable SSL/TLS on backend connections.
-.UNINDENT
 .SS Performance
 .INDENT 0.0
 .TP
@ -528,7 +530,7 @@ required.
 .UNINDENT
 .INDENT 0.0
 .TP
-.B \-\-tls\-ticket\-key\-memcached=<HOST>,<PORT>
+.B \-\-tls\-ticket\-key\-memcached=<HOST>,<PORT>[;tls]
 Specify address  of memcached  server to get  TLS ticket
 keys for  session resumption.   This enables  shared TLS
 ticket key between  multiple nghttpx instances.  nghttpx
@ -538,7 +540,9 @@ ticket  keys  from  memcached, and  use  them,  possibly
 replacing current set  of keys.  It is up  to extern TLS
 ticket  key generator  to rotate  keys frequently.   See
 "TLS SESSION  TICKET RESUMPTION" section in  manual page
-to know the data format in memcached entry.
+to know the data format in memcached entry.  Optionally,
+memcached  connection  can  be  encrypted  with  TLS  by
+specifying "tls" keyword.
 .UNINDENT
 .INDENT 0.0
 .TP
@ -587,12 +591,6 @@ aes\-128\-cbc is used.
 .UNINDENT
 .INDENT 0.0
 .TP
-.B \-\-tls\-ticket\-key\-memcached\-tls
-Enable  SSL/TLS  on  memcached connections  to  get  TLS
-ticket keys.
-.UNINDENT
-.INDENT 0.0
-.TP
 .B \-\-tls\-ticket\-key\-memcached\-cert\-file=<PATH>
 Path to client certificate  for memcached connections to
 get TLS ticket keys.
@ -625,10 +623,12 @@ Disable OCSP stapling.
 .UNINDENT
 .INDENT 0.0
 .TP
-.B \-\-tls\-session\-cache\-memcached=<HOST>,<PORT>
+.B \-\-tls\-session\-cache\-memcached=<HOST>,<PORT>[;tls]
 Specify  address of  memcached server  to store  session
 cache.   This  enables   shared  session  cache  between
-multiple nghttpx instances.
+multiple   nghttpx  instances.    Optionally,  memcached
+connection can be encrypted with TLS by specifying "tls"
+keyword.
 .UNINDENT
 .INDENT 0.0
 .TP
@ -643,12 +643,6 @@ Default: \fBauto\fP
 .UNINDENT
 .INDENT 0.0
 .TP
-.B \-\-tls\-session\-cache\-memcached\-tls
-Enable SSL/TLS on memcached connections to store session
-cache.
-.UNINDENT
-.INDENT 0.0
-.TP
 .B \-\-tls\-session\-cache\-memcached\-cert\-file=<PATH>
 Path to client certificate  for memcached connections to
 store session cache.
@ -731,11 +725,6 @@ Default: \fB16\fP
 .UNINDENT
 .INDENT 0.0
 .TP
-.B \-\-frontend\-no\-tls
-Disable SSL/TLS on frontend connections.
-.UNINDENT
-.INDENT 0.0
-.TP
 .B \-\-backend\-http2\-window\-bits=<N>
 Sets  the   initial  window   size  of   HTTP/2  backend
 connection to 2**<N>\-1.
@ -778,10 +767,11 @@ does not support server push.
 .INDENT 0.0
 .TP
 .B (default mode)
-Accept  HTTP/2,  SPDY  and HTTP/1.1  over  SSL/TLS.   If
-\fI\%\-\-frontend\-no\-tls\fP is  used, accept HTTP/2  and HTTP/1.1.
-The  incoming HTTP/1.1  connection  can  be upgraded  to
-HTTP/2  through  HTTP  Upgrade.
+Accept HTTP/2, SPDY and HTTP/1.1 over SSL/TLS.  "no\-tls"
+keyword is used in  \fI\%\-\-frontend\fP option, accept HTTP/2 and
+HTTP/1.1  over  cleartext  TCP.  The  incoming  HTTP/1.1
+connection  can  be  upgraded  to  HTTP/2  through  HTTP
+Upgrade.
 .UNINDENT
 .INDENT 0.0
 .TP
@ -1289,8 +1279,8 @@ as a memcached entry key, with expiry time 12 hours.  Session timeout
 is set to 12 hours.
 .sp
 By default, connections to memcached server are not encrypted.  To
-enable encryption, use \fI\%\-\-tls\-session\-cache\-memcached\-tls\fP
-option.
+enable encryption, use \fBtls\fP keyword in
+\fI\%\-\-tls\-session\-cache\-memcached\fP option.
 .SS TLS SESSION TICKET RESUMPTION
 .sp
 By default, session ticket is shared by all worker threads.  The
@ -1336,8 +1326,8 @@ keys.  The key appeared first is used as encryption key.  All the
 remaining keys are used as decryption only.
 .sp
 By default, connections to memcached server are not encrypted.  To
-enable encryption, use \fI\%\-\-tls\-ticket\-key\-memcached\-tls\fP
-option.
+enable encryption, use \fBtls\fP keyword in
+\fI\%\-\-tls\-ticket\-key\-memcached\fP option.
 .sp
 If \fI\%\-\-tls\-ticket\-key\-file\fP is given, encryption key is read
 from the given file.  In this case, nghttpx does not rotate key
--- a/doc/nghttpx.1.rst
+++ b/doc/nghttpx.1.rst
@ -20,13 +20,13 @@ A reverse proxy for HTTP/2, HTTP/1 and SPDY.

    
    Set  path  to  server's private  key.   Required  unless
-    :option:`--frontend-no-tls` are given.
+    "no-tls" keyword is used in :option:`--frontend` option.

 .. describe:: <CERT>

    Set  path  to  server's  certificate.   Required  unless
-    :option:`--frontend-no-tls`  are  given.   To make  OCSP  stapling
-    work, this must be an absolute path.
+    "no-tls" keyword is used  in :option:`--frontend` option.  To make
+    OCSP stapling work, this must be an absolute path.


 OPTIONS
@ -37,7 +37,7 @@ The options are categorized into several groups.
 Connections
 ~~~~~~~~~~~

-.. option:: -b, --backend=(<HOST>,<PORT>|unix:<PATH>)[;[<PATTERN>[:...]][;proto=<PROTO>]]
+.. option:: -b, --backend=(<HOST>,<PORT>|unix:<PATH>)[;[<PATTERN>[:...]][;proto=<PROTO>][;tls]]

    Set  backend  host  and   port.   The  multiple  backend
    addresses are  accepted by repeating this  option.  UNIX
@ -69,10 +69,11 @@ Connections

    Host  can  include "\*"  in  the  left most  position  to
    indicate  wildcard match  (only suffix  match is  done).
-    For  example,  host pattern  "\*www.nghttp2.org"  matches
-    against  "www.nghttp2.org"  and  "1www.ngttp2.org",  but
-    does not  match against "nghttp2.org".  The  exact hosts
-    match takes precedence over the wildcard hosts match.
+    The "*" must match at least one character.  For example,
+    host    pattern    "\*.nghttp2.org"    matches    against
+    "www.nghttp2.org"  and  "git.ngttp2.org", but  does  not
+    match  against  "nghttp2.org".   The exact  hosts  match
+    takes precedence over the wildcard hosts match.

    If <PATTERN> is omitted or  empty string, "*/*" is used as
    pattern,  which  matches  all request  paths  (catch-all
@ -106,7 +107,10 @@ Connections
    quotes: "h2", "http/1.1".  The  default value of <PROTO>
    is "http/1.1".  Note that  usually "h2" refers to HTTP/2
    over TLS.  But  in this option, it may  mean HTTP/2 over
-    cleartext TCP unless :option:`--backend-tls` is used.
+    cleartext TCP unless "tls" keyword is used (see below).
+
+    Optionally,  TLS  can  be enabled  by  specifying  "tls"
+    keyword.  TLS is not enabled by default.

    Since ";" and ":" are  used as delimiter, <PATTERN> must
    not  contain these  characters.  Since  ";" has  special
@ -115,7 +119,7 @@ Connections

    Default: ``127.0.0.1,80``

-.. option:: -f, --frontend=(<HOST>,<PORT>|unix:<PATH>)
+.. option:: -f, --frontend=(<HOST>,<PORT>|unix:<PATH>)[;no-tls]

    Set  frontend  host and  port.   If  <HOST> is  '\*',  it
    assumes  all addresses  including  both  IPv4 and  IPv6.
@ -124,6 +128,10 @@ Connections
    This  option can  be used  multiple times  to listen  to
    multiple addresses.

+    Optionally, TLS  can be disabled by  specifying "no-tls"
+    keyword.  TLS is enabled by default.
+
+
    Default: ``*,3000``

 .. option:: --backlog=<N>
@ -160,10 +168,6 @@ Connections

    Accept PROXY protocol version 1 on frontend connection.

-.. option:: --backend-tls
-
-    Enable SSL/TLS on backend connections.
-

 Performance
 ~~~~~~~~~~~
@ -473,7 +477,7 @@ SSL/TLS
    ticket  key sharing  between  nghttpx  instances is  not
    required.

-.. option:: --tls-ticket-key-memcached=<HOST>,<PORT>
+.. option:: --tls-ticket-key-memcached=<HOST>,<PORT>[;tls]

    Specify address  of memcached  server to get  TLS ticket
    keys for  session resumption.   This enables  shared TLS
@ -484,7 +488,9 @@ SSL/TLS
    replacing current set  of keys.  It is up  to extern TLS
    ticket  key generator  to rotate  keys frequently.   See
    "TLS SESSION  TICKET RESUMPTION" section in  manual page
-    to know the data format in memcached entry.
+    to know the data format in memcached entry.  Optionally,
+    memcached  connection  can  be  encrypted  with  TLS  by
+    specifying "tls" keyword.

 .. option:: --tls-ticket-key-memcached-address-family=(auto|IPv4|IPv6)

@ -526,11 +532,6 @@ SSL/TLS
    either   aes-128-cbc   or  aes-256-cbc.    By   default,
    aes-128-cbc is used.

-.. option:: --tls-ticket-key-memcached-tls
-
-    Enable  SSL/TLS  on  memcached connections  to  get  TLS
-    ticket keys.
-
 .. option:: --tls-ticket-key-memcached-cert-file=<PATH>

    Path to client certificate  for memcached connections to
@ -558,11 +559,13 @@ SSL/TLS

    Disable OCSP stapling.

-.. option:: --tls-session-cache-memcached=<HOST>,<PORT>
+.. option:: --tls-session-cache-memcached=<HOST>,<PORT>[;tls]

    Specify  address of  memcached server  to store  session
    cache.   This  enables   shared  session  cache  between
-    multiple nghttpx instances.
+    multiple   nghttpx  instances.    Optionally,  memcached
+    connection can be encrypted with TLS by specifying "tls"
+    keyword.

 .. option:: --tls-session-cache-memcached-address-family=(auto|IPv4|IPv6)

@ -574,11 +577,6 @@ SSL/TLS

    Default: ``auto``

-.. option:: --tls-session-cache-memcached-tls
-
-    Enable SSL/TLS on memcached connections to store session
-    cache.
-
 .. option:: --tls-session-cache-memcached-cert-file=<PATH>

    Path to client certificate  for memcached connections to
@ -655,10 +653,6 @@ HTTP/2 and SPDY

    Default: ``16``

-.. option:: --frontend-no-tls
-
-    Disable SSL/TLS on frontend connections.
-
 .. option:: --backend-http2-window-bits=<N>

    Sets  the   initial  window   size  of   HTTP/2  backend
@ -701,10 +695,11 @@ Mode
 .. describe:: (default mode)

    
-    Accept  HTTP/2,  SPDY  and HTTP/1.1  over  SSL/TLS.   If
-    :option:`--frontend-no-tls` is  used, accept HTTP/2  and HTTP/1.1.
-    The  incoming HTTP/1.1  connection  can  be upgraded  to
-    HTTP/2  through  HTTP  Upgrade.
+    Accept HTTP/2, SPDY and HTTP/1.1 over SSL/TLS.  "no-tls"
+    keyword is used in  :option:`--frontend` option, accept HTTP/2 and
+    HTTP/1.1  over  cleartext  TCP.  The  incoming  HTTP/1.1
+    connection  can  be  upgraded  to  HTTP/2  through  HTTP
+    Upgrade.

 .. option:: -s, --http2-proxy

@ -1168,8 +1163,8 @@ as a memcached entry key, with expiry time 12 hours.  Session timeout
 is set to 12 hours.

 By default, connections to memcached server are not encrypted.  To
-enable encryption, use :option:`--tls-session-cache-memcached-tls`
-option.
+enable encryption, use ``tls`` keyword in
+:option:`--tls-session-cache-memcached` option.

 TLS SESSION TICKET RESUMPTION
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
@ -1211,8 +1206,8 @@ keys.  The key appeared first is used as encryption key.  All the
 remaining keys are used as decryption only.

 By default, connections to memcached server are not encrypted.  To
-enable encryption, use :option:`--tls-ticket-key-memcached-tls`
-option.
+enable encryption, use ``tls`` keyword in
+:option:`--tls-ticket-key-memcached` option.

 If :option:`--tls-ticket-key-file` is given, encryption key is read
 from the given file.  In this case, nghttpx does not rotate key