walkero
/
nghttp2
1
0
Fork 0
Code Issues Pull Requests Projects Releases 1 Wiki Activity

Update man pages

This commit is contained in:
Tatsuhiro Tsujikawa 2016-03-25 02:15:29 +09:00
parent 8e84bbd781
commit 333dd73a18
5 changed files with 73 additions and 88 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
doc/h2load.1
View File

@ -1,6 +1,6 @@
.\" Man page generated from reStructuredText. .\" Man page generated from reStructuredText.
. .
.TH "H2LOAD" "1" "March 20, 2016" "1.9.0-DEV" "nghttp2" .TH "H2LOAD" "1" "March 25, 2016" "1.9.0-DEV" "nghttp2"
.SH NAME .SH NAME
h2load \- HTTP/2 benchmarking tool h2load \- HTTP/2 benchmarking tool
. .

2
doc/nghttp.1
View File

@ -1,6 +1,6 @@
.\" Man page generated from reStructuredText. .\" Man page generated from reStructuredText.
. .
.TH "NGHTTP" "1" "March 20, 2016" "1.9.0-DEV" "nghttp2" .TH "NGHTTP" "1" "March 25, 2016" "1.9.0-DEV" "nghttp2"
.SH NAME .SH NAME
nghttp \- HTTP/2 client nghttp \- HTTP/2 client
. .

2
doc/nghttpd.1
View File

@ -1,6 +1,6 @@
.\" Man page generated from reStructuredText. .\" Man page generated from reStructuredText.
. .
.TH "NGHTTPD" "1" "March 20, 2016" "1.9.0-DEV" "nghttp2" .TH "NGHTTPD" "1" "March 25, 2016" "1.9.0-DEV" "nghttp2"
.SH NAME .SH NAME
nghttpd \- HTTP/2 server nghttpd \- HTTP/2 server
. .

80
doc/nghttpx.1
View File

@ -1,6 +1,6 @@
.\" Man page generated from reStructuredText. .\" Man page generated from reStructuredText.
. .
.TH "NGHTTPX" "1" "March 20, 2016" "1.9.0-DEV" "nghttp2" .TH "NGHTTPX" "1" "March 25, 2016" "1.9.0-DEV" "nghttp2"
.SH NAME .SH NAME
nghttpx \- HTTP/2 proxy nghttpx \- HTTP/2 proxy
. .
@ -40,14 +40,14 @@ A reverse proxy for HTTP/2, HTTP/1 and SPDY.
.TP .TP
.B <PRIVATE_KEY> .B <PRIVATE_KEY>
Set path to server\(aqs private key. Required unless Set path to server\(aqs private key. Required unless
\fI\%\-\-frontend\-no\-tls\fP are given. "no\-tls" keyword is used in \fI\%\-\-frontend\fP option.
.UNINDENT .UNINDENT
.INDENT 0.0 .INDENT 0.0
.TP .TP
.B <CERT> .B <CERT>
Set path to server\(aqs certificate. Required unless Set path to server\(aqs certificate. Required unless
\fI\%\-\-frontend\-no\-tls\fP are given. To make OCSP stapling "no\-tls" keyword is used in \fI\%\-\-frontend\fP option. To make
work, this must be an absolute path. OCSP stapling work, this must be an absolute path.
.UNINDENT .UNINDENT
.SH OPTIONS .SH OPTIONS
.sp .sp
@ -55,7 +55,7 @@ The options are categorized into several groups.
.SS Connections .SS Connections
.INDENT 0.0 .INDENT 0.0
.TP .TP
.B \-b, \-\-backend=(<HOST>,<PORT>|unix:<PATH>)[;[<PATTERN>[:...]][;proto=<PROTO>]] .B \-b, \-\-backend=(<HOST>,<PORT>|unix:<PATH>)[;[<PATTERN>[:...]][;proto=<PROTO>][;tls]]
Set backend host and port. The multiple backend Set backend host and port. The multiple backend
addresses are accepted by repeating this option. UNIX addresses are accepted by repeating this option. UNIX
domain socket can be specified by prefixing path name domain socket can be specified by prefixing path name
@ -86,10 +86,11 @@ shorter ones.
.sp .sp
Host can include "*" in the left most position to Host can include "*" in the left most position to
indicate wildcard match (only suffix match is done). indicate wildcard match (only suffix match is done).
For example, host pattern "*www.nghttp2.org" matches The "*" must match at least one character. For example,
against "www.nghttp2.org" and "1www.ngttp2.org", but host pattern "*.nghttp2.org" matches against
does not match against "nghttp2.org". The exact hosts "www.nghttp2.org" and "git.ngttp2.org", but does not
match takes precedence over the wildcard hosts match. match against "nghttp2.org". The exact hosts match
takes precedence over the wildcard hosts match.
.sp .sp
If <PATTERN> is omitted or empty string, "\fI/\fP" is used as If <PATTERN> is omitted or empty string, "\fI/\fP" is used as
pattern, which matches all request paths (catch\-all pattern, which matches all request paths (catch\-all
@ -123,7 +124,10 @@ must have the same <PROTO> value if it is given.
quotes: "h2", "http/1.1". The default value of <PROTO> quotes: "h2", "http/1.1". The default value of <PROTO>
is "http/1.1". Note that usually "h2" refers to HTTP/2 is "http/1.1". Note that usually "h2" refers to HTTP/2
over TLS. But in this option, it may mean HTTP/2 over over TLS. But in this option, it may mean HTTP/2 over
cleartext TCP unless \fI\%\-\-backend\-tls\fP is used. cleartext TCP unless "tls" keyword is used (see below).
.sp
Optionally, TLS can be enabled by specifying "tls"
keyword. TLS is not enabled by default.
.sp .sp
Since ";" and ":" are used as delimiter, <PATTERN> must Since ";" and ":" are used as delimiter, <PATTERN> must
not contain these characters. Since ";" has special not contain these characters. Since ";" has special
@ -133,7 +137,7 @@ Default: \fB127.0.0.1,80\fP
.UNINDENT .UNINDENT
.INDENT 0.0 .INDENT 0.0
.TP .TP
.B \-f, \-\-frontend=(<HOST>,<PORT>|unix:<PATH>) .B \-f, \-\-frontend=(<HOST>,<PORT>|unix:<PATH>)[;no\-tls]
Set frontend host and port. If <HOST> is \(aq*\(aq, it Set frontend host and port. If <HOST> is \(aq*\(aq, it
assumes all addresses including both IPv4 and IPv6. assumes all addresses including both IPv4 and IPv6.
UNIX domain socket can be specified by prefixing path UNIX domain socket can be specified by prefixing path
@ -141,6 +145,9 @@ name with "unix:" (e.g., unix:/var/run/nghttpx.sock).
This option can be used multiple times to listen to This option can be used multiple times to listen to
multiple addresses. multiple addresses.
.sp .sp
Optionally, TLS can be disabled by specifying "no\-tls"
keyword. TLS is enabled by default.
.sp
Default: \fB*,3000\fP Default: \fB*,3000\fP
.UNINDENT .UNINDENT
.INDENT 0.0 .INDENT 0.0
@ -181,11 +188,6 @@ be specified by \fI\%\-\-backend\-read\-timeout\fP and
.B \-\-accept\-proxy\-protocol .B \-\-accept\-proxy\-protocol
Accept PROXY protocol version 1 on frontend connection. Accept PROXY protocol version 1 on frontend connection.
.UNINDENT .UNINDENT
.INDENT 0.0
.TP
.B \-\-backend\-tls
Enable SSL/TLS on backend connections.
.UNINDENT
.SS Performance .SS Performance
.INDENT 0.0 .INDENT 0.0
.TP .TP
@ -528,7 +530,7 @@ required.
.UNINDENT .UNINDENT
.INDENT 0.0 .INDENT 0.0
.TP .TP
.B \-\-tls\-ticket\-key\-memcached=<HOST>,<PORT> .B \-\-tls\-ticket\-key\-memcached=<HOST>,<PORT>[;tls]
Specify address of memcached server to get TLS ticket Specify address of memcached server to get TLS ticket
keys for session resumption. This enables shared TLS keys for session resumption. This enables shared TLS
ticket key between multiple nghttpx instances. nghttpx ticket key between multiple nghttpx instances. nghttpx
@ -538,7 +540,9 @@ ticket keys from memcached, and use them, possibly
replacing current set of keys. It is up to extern TLS replacing current set of keys. It is up to extern TLS
ticket key generator to rotate keys frequently. See ticket key generator to rotate keys frequently. See
"TLS SESSION TICKET RESUMPTION" section in manual page "TLS SESSION TICKET RESUMPTION" section in manual page
to know the data format in memcached entry. to know the data format in memcached entry. Optionally,
memcached connection can be encrypted with TLS by
specifying "tls" keyword.
.UNINDENT .UNINDENT
.INDENT 0.0 .INDENT 0.0
.TP .TP
@ -587,12 +591,6 @@ aes\-128\-cbc is used.
.UNINDENT .UNINDENT
.INDENT 0.0 .INDENT 0.0
.TP .TP
.B \-\-tls\-ticket\-key\-memcached\-tls
Enable SSL/TLS on memcached connections to get TLS
ticket keys.
.UNINDENT
.INDENT 0.0
.TP
.B \-\-tls\-ticket\-key\-memcached\-cert\-file=<PATH> .B \-\-tls\-ticket\-key\-memcached\-cert\-file=<PATH>
Path to client certificate for memcached connections to Path to client certificate for memcached connections to
get TLS ticket keys. get TLS ticket keys.
@ -625,10 +623,12 @@ Disable OCSP stapling.
.UNINDENT .UNINDENT
.INDENT 0.0 .INDENT 0.0
.TP .TP
.B \-\-tls\-session\-cache\-memcached=<HOST>,<PORT> .B \-\-tls\-session\-cache\-memcached=<HOST>,<PORT>[;tls]
Specify address of memcached server to store session Specify address of memcached server to store session
cache. This enables shared session cache between cache. This enables shared session cache between
multiple nghttpx instances. multiple nghttpx instances. Optionally, memcached
connection can be encrypted with TLS by specifying "tls"
keyword.
.UNINDENT .UNINDENT
.INDENT 0.0 .INDENT 0.0
.TP .TP
@ -643,12 +643,6 @@ Default: \fBauto\fP
.UNINDENT .UNINDENT
.INDENT 0.0 .INDENT 0.0
.TP .TP
.B \-\-tls\-session\-cache\-memcached\-tls
Enable SSL/TLS on memcached connections to store session
cache.
.UNINDENT
.INDENT 0.0
.TP
.B \-\-tls\-session\-cache\-memcached\-cert\-file=<PATH> .B \-\-tls\-session\-cache\-memcached\-cert\-file=<PATH>
Path to client certificate for memcached connections to Path to client certificate for memcached connections to
store session cache. store session cache.
@ -731,11 +725,6 @@ Default: \fB16\fP
.UNINDENT .UNINDENT
.INDENT 0.0 .INDENT 0.0
.TP .TP
.B \-\-frontend\-no\-tls
Disable SSL/TLS on frontend connections.
.UNINDENT
.INDENT 0.0
.TP
.B \-\-backend\-http2\-window\-bits=<N> .B \-\-backend\-http2\-window\-bits=<N>
Sets the initial window size of HTTP/2 backend Sets the initial window size of HTTP/2 backend
connection to 2**<N>\-1. connection to 2**<N>\-1.
@ -778,10 +767,11 @@ does not support server push.
.INDENT 0.0 .INDENT 0.0
.TP .TP
.B (default mode) .B (default mode)
Accept HTTP/2, SPDY and HTTP/1.1 over SSL/TLS. If Accept HTTP/2, SPDY and HTTP/1.1 over SSL/TLS. "no\-tls"
\fI\%\-\-frontend\-no\-tls\fP is used, accept HTTP/2 and HTTP/1.1. keyword is used in \fI\%\-\-frontend\fP option, accept HTTP/2 and
The incoming HTTP/1.1 connection can be upgraded to HTTP/1.1 over cleartext TCP. The incoming HTTP/1.1
HTTP/2 through HTTP Upgrade. connection can be upgraded to HTTP/2 through HTTP
Upgrade.
.UNINDENT .UNINDENT
.INDENT 0.0 .INDENT 0.0
.TP .TP
@ -1289,8 +1279,8 @@ as a memcached entry key, with expiry time 12 hours. Session timeout
is set to 12 hours. is set to 12 hours.
.sp .sp
By default, connections to memcached server are not encrypted. To By default, connections to memcached server are not encrypted. To
enable encryption, use \fI\%\-\-tls\-session\-cache\-memcached\-tls\fP enable encryption, use \fBtls\fP keyword in
option. \fI\%\-\-tls\-session\-cache\-memcached\fP option.
.SS TLS SESSION TICKET RESUMPTION .SS TLS SESSION TICKET RESUMPTION
.sp .sp
By default, session ticket is shared by all worker threads. The By default, session ticket is shared by all worker threads. The
@ -1336,8 +1326,8 @@ keys. The key appeared first is used as encryption key. All the
remaining keys are used as decryption only. remaining keys are used as decryption only.
.sp .sp
By default, connections to memcached server are not encrypted. To By default, connections to memcached server are not encrypted. To
enable encryption, use \fI\%\-\-tls\-ticket\-key\-memcached\-tls\fP enable encryption, use \fBtls\fP keyword in
option. \fI\%\-\-tls\-ticket\-key\-memcached\fP option.
.sp .sp
If \fI\%\-\-tls\-ticket\-key\-file\fP is given, encryption key is read If \fI\%\-\-tls\-ticket\-key\-file\fP is given, encryption key is read
from the given file. In this case, nghttpx does not rotate key from the given file. In this case, nghttpx does not rotate key

75
doc/nghttpx.1.rst
View File

@ -20,13 +20,13 @@ A reverse proxy for HTTP/2, HTTP/1 and SPDY.
Set path to server's private key. Required unless Set path to server's private key. Required unless
:option:`--frontend-no-tls` are given. "no-tls" keyword is used in :option:`--frontend` option.
.. describe:: <CERT> .. describe:: <CERT>
Set path to server's certificate. Required unless Set path to server's certificate. Required unless
:option:`--frontend-no-tls` are given. To make OCSP stapling "no-tls" keyword is used in :option:`--frontend` option. To make
work, this must be an absolute path. OCSP stapling work, this must be an absolute path.
OPTIONS OPTIONS
@ -37,7 +37,7 @@ The options are categorized into several groups.
Connections Connections
~~~~~~~~~~~ ~~~~~~~~~~~
.. option:: -b, --backend=(<HOST>,<PORT>|unix:<PATH>)[;[<PATTERN>[:...]][;proto=<PROTO>]] .. option:: -b, --backend=(<HOST>,<PORT>|unix:<PATH>)[;[<PATTERN>[:...]][;proto=<PROTO>][;tls]]
Set backend host and port. The multiple backend Set backend host and port. The multiple backend
addresses are accepted by repeating this option. UNIX addresses are accepted by repeating this option. UNIX
@ -69,10 +69,11 @@ Connections
Host can include "\*" in the left most position to Host can include "\*" in the left most position to
indicate wildcard match (only suffix match is done). indicate wildcard match (only suffix match is done).
For example, host pattern "\*www.nghttp2.org" matches The "*" must match at least one character. For example,
against "www.nghttp2.org" and "1www.ngttp2.org", but host pattern "\*.nghttp2.org" matches against
does not match against "nghttp2.org". The exact hosts "www.nghttp2.org" and "git.ngttp2.org", but does not
match takes precedence over the wildcard hosts match. match against "nghttp2.org". The exact hosts match
takes precedence over the wildcard hosts match.
If <PATTERN> is omitted or empty string, "*/*" is used as If <PATTERN> is omitted or empty string, "*/*" is used as
pattern, which matches all request paths (catch-all pattern, which matches all request paths (catch-all
@ -106,7 +107,10 @@ Connections
quotes: "h2", "http/1.1". The default value of <PROTO> quotes: "h2", "http/1.1". The default value of <PROTO>
is "http/1.1". Note that usually "h2" refers to HTTP/2 is "http/1.1". Note that usually "h2" refers to HTTP/2
over TLS. But in this option, it may mean HTTP/2 over over TLS. But in this option, it may mean HTTP/2 over
cleartext TCP unless :option:`--backend-tls` is used. cleartext TCP unless "tls" keyword is used (see below).
Optionally, TLS can be enabled by specifying "tls"
keyword. TLS is not enabled by default.
Since ";" and ":" are used as delimiter, <PATTERN> must Since ";" and ":" are used as delimiter, <PATTERN> must
not contain these characters. Since ";" has special not contain these characters. Since ";" has special
@ -115,7 +119,7 @@ Connections
Default: ``127.0.0.1,80`` Default: ``127.0.0.1,80``
.. option:: -f, --frontend=(<HOST>,<PORT>|unix:<PATH>) .. option:: -f, --frontend=(<HOST>,<PORT>|unix:<PATH>)[;no-tls]
Set frontend host and port. If <HOST> is '\*', it Set frontend host and port. If <HOST> is '\*', it
assumes all addresses including both IPv4 and IPv6. assumes all addresses including both IPv4 and IPv6.
@ -124,6 +128,10 @@ Connections
This option can be used multiple times to listen to This option can be used multiple times to listen to
multiple addresses. multiple addresses.
Optionally, TLS can be disabled by specifying "no-tls"
keyword. TLS is enabled by default.
Default: ``*,3000`` Default: ``*,3000``
.. option:: --backlog=<N> .. option:: --backlog=<N>
@ -160,10 +168,6 @@ Connections
Accept PROXY protocol version 1 on frontend connection. Accept PROXY protocol version 1 on frontend connection.
.. option:: --backend-tls
Enable SSL/TLS on backend connections.
Performance Performance
~~~~~~~~~~~ ~~~~~~~~~~~
@ -473,7 +477,7 @@ SSL/TLS
ticket key sharing between nghttpx instances is not ticket key sharing between nghttpx instances is not
required. required.
.. option:: --tls-ticket-key-memcached=<HOST>,<PORT> .. option:: --tls-ticket-key-memcached=<HOST>,<PORT>[;tls]
Specify address of memcached server to get TLS ticket Specify address of memcached server to get TLS ticket
keys for session resumption. This enables shared TLS keys for session resumption. This enables shared TLS
@ -484,7 +488,9 @@ SSL/TLS
replacing current set of keys. It is up to extern TLS replacing current set of keys. It is up to extern TLS
ticket key generator to rotate keys frequently. See ticket key generator to rotate keys frequently. See
"TLS SESSION TICKET RESUMPTION" section in manual page "TLS SESSION TICKET RESUMPTION" section in manual page
to know the data format in memcached entry. to know the data format in memcached entry. Optionally,
memcached connection can be encrypted with TLS by
specifying "tls" keyword.
.. option:: --tls-ticket-key-memcached-address-family=(auto|IPv4|IPv6) .. option:: --tls-ticket-key-memcached-address-family=(auto|IPv4|IPv6)
@ -526,11 +532,6 @@ SSL/TLS
either aes-128-cbc or aes-256-cbc. By default, either aes-128-cbc or aes-256-cbc. By default,
aes-128-cbc is used. aes-128-cbc is used.
.. option:: --tls-ticket-key-memcached-tls
Enable SSL/TLS on memcached connections to get TLS
ticket keys.
.. option:: --tls-ticket-key-memcached-cert-file=<PATH> .. option:: --tls-ticket-key-memcached-cert-file=<PATH>
Path to client certificate for memcached connections to Path to client certificate for memcached connections to
@ -558,11 +559,13 @@ SSL/TLS
Disable OCSP stapling. Disable OCSP stapling.
.. option:: --tls-session-cache-memcached=<HOST>,<PORT> .. option:: --tls-session-cache-memcached=<HOST>,<PORT>[;tls]
Specify address of memcached server to store session Specify address of memcached server to store session
cache. This enables shared session cache between cache. This enables shared session cache between
multiple nghttpx instances. multiple nghttpx instances. Optionally, memcached
connection can be encrypted with TLS by specifying "tls"
keyword.
.. option:: --tls-session-cache-memcached-address-family=(auto|IPv4|IPv6) .. option:: --tls-session-cache-memcached-address-family=(auto|IPv4|IPv6)
@ -574,11 +577,6 @@ SSL/TLS
Default: ``auto`` Default: ``auto``
.. option:: --tls-session-cache-memcached-tls
Enable SSL/TLS on memcached connections to store session
cache.
.. option:: --tls-session-cache-memcached-cert-file=<PATH> .. option:: --tls-session-cache-memcached-cert-file=<PATH>
Path to client certificate for memcached connections to Path to client certificate for memcached connections to
@ -655,10 +653,6 @@ HTTP/2 and SPDY
Default: ``16`` Default: ``16``
.. option:: --frontend-no-tls
Disable SSL/TLS on frontend connections.
.. option:: --backend-http2-window-bits=<N> .. option:: --backend-http2-window-bits=<N>
Sets the initial window size of HTTP/2 backend Sets the initial window size of HTTP/2 backend
@ -701,10 +695,11 @@ Mode
.. describe:: (default mode) .. describe:: (default mode)
Accept HTTP/2, SPDY and HTTP/1.1 over SSL/TLS. If Accept HTTP/2, SPDY and HTTP/1.1 over SSL/TLS. "no-tls"
:option:`--frontend-no-tls` is used, accept HTTP/2 and HTTP/1.1. keyword is used in :option:`--frontend` option, accept HTTP/2 and
The incoming HTTP/1.1 connection can be upgraded to HTTP/1.1 over cleartext TCP. The incoming HTTP/1.1
HTTP/2 through HTTP Upgrade. connection can be upgraded to HTTP/2 through HTTP
Upgrade.
.. option:: -s, --http2-proxy .. option:: -s, --http2-proxy
@ -1168,8 +1163,8 @@ as a memcached entry key, with expiry time 12 hours. Session timeout
is set to 12 hours. is set to 12 hours.
By default, connections to memcached server are not encrypted. To By default, connections to memcached server are not encrypted. To
enable encryption, use :option:`--tls-session-cache-memcached-tls` enable encryption, use ``tls`` keyword in
option. :option:`--tls-session-cache-memcached` option.
TLS SESSION TICKET RESUMPTION TLS SESSION TICKET RESUMPTION
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
@ -1211,8 +1206,8 @@ keys. The key appeared first is used as encryption key. All the
remaining keys are used as decryption only. remaining keys are used as decryption only.
By default, connections to memcached server are not encrypted. To By default, connections to memcached server are not encrypted. To
enable encryption, use :option:`--tls-ticket-key-memcached-tls` enable encryption, use ``tls`` keyword in
option. :option:`--tls-ticket-key-memcached` option.
If :option:`--tls-ticket-key-file` is given, encryption key is read If :option:`--tls-ticket-key-file` is given, encryption key is read
from the given file. In this case, nghttpx does not rotate key from the given file. In this case, nghttpx does not rotate key