Update man pages

This commit is contained in:
Tatsuhiro Tsujikawa 2016-03-25 02:15:29 +09:00
parent 8e84bbd781
commit 333dd73a18
5 changed files with 73 additions and 88 deletions

View File

@ -1,6 +1,6 @@
.\" Man page generated from reStructuredText.
.
.TH "H2LOAD" "1" "March 20, 2016" "1.9.0-DEV" "nghttp2"
.TH "H2LOAD" "1" "March 25, 2016" "1.9.0-DEV" "nghttp2"
.SH NAME
h2load \- HTTP/2 benchmarking tool
.

View File

@ -1,6 +1,6 @@
.\" Man page generated from reStructuredText.
.
.TH "NGHTTP" "1" "March 20, 2016" "1.9.0-DEV" "nghttp2"
.TH "NGHTTP" "1" "March 25, 2016" "1.9.0-DEV" "nghttp2"
.SH NAME
nghttp \- HTTP/2 client
.

View File

@ -1,6 +1,6 @@
.\" Man page generated from reStructuredText.
.
.TH "NGHTTPD" "1" "March 20, 2016" "1.9.0-DEV" "nghttp2"
.TH "NGHTTPD" "1" "March 25, 2016" "1.9.0-DEV" "nghttp2"
.SH NAME
nghttpd \- HTTP/2 server
.

View File

@ -1,6 +1,6 @@
.\" Man page generated from reStructuredText.
.
.TH "NGHTTPX" "1" "March 20, 2016" "1.9.0-DEV" "nghttp2"
.TH "NGHTTPX" "1" "March 25, 2016" "1.9.0-DEV" "nghttp2"
.SH NAME
nghttpx \- HTTP/2 proxy
.
@ -40,14 +40,14 @@ A reverse proxy for HTTP/2, HTTP/1 and SPDY.
.TP
.B <PRIVATE_KEY>
Set path to server\(aqs private key. Required unless
\fI\%\-\-frontend\-no\-tls\fP are given.
"no\-tls" keyword is used in \fI\%\-\-frontend\fP option.
.UNINDENT
.INDENT 0.0
.TP
.B <CERT>
Set path to server\(aqs certificate. Required unless
\fI\%\-\-frontend\-no\-tls\fP are given. To make OCSP stapling
work, this must be an absolute path.
"no\-tls" keyword is used in \fI\%\-\-frontend\fP option. To make
OCSP stapling work, this must be an absolute path.
.UNINDENT
.SH OPTIONS
.sp
@ -55,7 +55,7 @@ The options are categorized into several groups.
.SS Connections
.INDENT 0.0
.TP
.B \-b, \-\-backend=(<HOST>,<PORT>|unix:<PATH>)[;[<PATTERN>[:...]][;proto=<PROTO>]]
.B \-b, \-\-backend=(<HOST>,<PORT>|unix:<PATH>)[;[<PATTERN>[:...]][;proto=<PROTO>][;tls]]
Set backend host and port. The multiple backend
addresses are accepted by repeating this option. UNIX
domain socket can be specified by prefixing path name
@ -86,10 +86,11 @@ shorter ones.
.sp
Host can include "*" in the left most position to
indicate wildcard match (only suffix match is done).
For example, host pattern "*www.nghttp2.org" matches
against "www.nghttp2.org" and "1www.ngttp2.org", but
does not match against "nghttp2.org". The exact hosts
match takes precedence over the wildcard hosts match.
The "*" must match at least one character. For example,
host pattern "*.nghttp2.org" matches against
"www.nghttp2.org" and "git.ngttp2.org", but does not
match against "nghttp2.org". The exact hosts match
takes precedence over the wildcard hosts match.
.sp
If <PATTERN> is omitted or empty string, "\fI/\fP" is used as
pattern, which matches all request paths (catch\-all
@ -123,7 +124,10 @@ must have the same <PROTO> value if it is given.
quotes: "h2", "http/1.1". The default value of <PROTO>
is "http/1.1". Note that usually "h2" refers to HTTP/2
over TLS. But in this option, it may mean HTTP/2 over
cleartext TCP unless \fI\%\-\-backend\-tls\fP is used.
cleartext TCP unless "tls" keyword is used (see below).
.sp
Optionally, TLS can be enabled by specifying "tls"
keyword. TLS is not enabled by default.
.sp
Since ";" and ":" are used as delimiter, <PATTERN> must
not contain these characters. Since ";" has special
@ -133,7 +137,7 @@ Default: \fB127.0.0.1,80\fP
.UNINDENT
.INDENT 0.0
.TP
.B \-f, \-\-frontend=(<HOST>,<PORT>|unix:<PATH>)
.B \-f, \-\-frontend=(<HOST>,<PORT>|unix:<PATH>)[;no\-tls]
Set frontend host and port. If <HOST> is \(aq*\(aq, it
assumes all addresses including both IPv4 and IPv6.
UNIX domain socket can be specified by prefixing path
@ -141,6 +145,9 @@ name with "unix:" (e.g., unix:/var/run/nghttpx.sock).
This option can be used multiple times to listen to
multiple addresses.
.sp
Optionally, TLS can be disabled by specifying "no\-tls"
keyword. TLS is enabled by default.
.sp
Default: \fB*,3000\fP
.UNINDENT
.INDENT 0.0
@ -181,11 +188,6 @@ be specified by \fI\%\-\-backend\-read\-timeout\fP and
.B \-\-accept\-proxy\-protocol
Accept PROXY protocol version 1 on frontend connection.
.UNINDENT
.INDENT 0.0
.TP
.B \-\-backend\-tls
Enable SSL/TLS on backend connections.
.UNINDENT
.SS Performance
.INDENT 0.0
.TP
@ -528,7 +530,7 @@ required.
.UNINDENT
.INDENT 0.0
.TP
.B \-\-tls\-ticket\-key\-memcached=<HOST>,<PORT>
.B \-\-tls\-ticket\-key\-memcached=<HOST>,<PORT>[;tls]
Specify address of memcached server to get TLS ticket
keys for session resumption. This enables shared TLS
ticket key between multiple nghttpx instances. nghttpx
@ -538,7 +540,9 @@ ticket keys from memcached, and use them, possibly
replacing current set of keys. It is up to extern TLS
ticket key generator to rotate keys frequently. See
"TLS SESSION TICKET RESUMPTION" section in manual page
to know the data format in memcached entry.
to know the data format in memcached entry. Optionally,
memcached connection can be encrypted with TLS by
specifying "tls" keyword.
.UNINDENT
.INDENT 0.0
.TP
@ -587,12 +591,6 @@ aes\-128\-cbc is used.
.UNINDENT
.INDENT 0.0
.TP
.B \-\-tls\-ticket\-key\-memcached\-tls
Enable SSL/TLS on memcached connections to get TLS
ticket keys.
.UNINDENT
.INDENT 0.0
.TP
.B \-\-tls\-ticket\-key\-memcached\-cert\-file=<PATH>
Path to client certificate for memcached connections to
get TLS ticket keys.
@ -625,10 +623,12 @@ Disable OCSP stapling.
.UNINDENT
.INDENT 0.0
.TP
.B \-\-tls\-session\-cache\-memcached=<HOST>,<PORT>
.B \-\-tls\-session\-cache\-memcached=<HOST>,<PORT>[;tls]
Specify address of memcached server to store session
cache. This enables shared session cache between
multiple nghttpx instances.
multiple nghttpx instances. Optionally, memcached
connection can be encrypted with TLS by specifying "tls"
keyword.
.UNINDENT
.INDENT 0.0
.TP
@ -643,12 +643,6 @@ Default: \fBauto\fP
.UNINDENT
.INDENT 0.0
.TP
.B \-\-tls\-session\-cache\-memcached\-tls
Enable SSL/TLS on memcached connections to store session
cache.
.UNINDENT
.INDENT 0.0
.TP
.B \-\-tls\-session\-cache\-memcached\-cert\-file=<PATH>
Path to client certificate for memcached connections to
store session cache.
@ -731,11 +725,6 @@ Default: \fB16\fP
.UNINDENT
.INDENT 0.0
.TP
.B \-\-frontend\-no\-tls
Disable SSL/TLS on frontend connections.
.UNINDENT
.INDENT 0.0
.TP
.B \-\-backend\-http2\-window\-bits=<N>
Sets the initial window size of HTTP/2 backend
connection to 2**<N>\-1.
@ -778,10 +767,11 @@ does not support server push.
.INDENT 0.0
.TP
.B (default mode)
Accept HTTP/2, SPDY and HTTP/1.1 over SSL/TLS. If
\fI\%\-\-frontend\-no\-tls\fP is used, accept HTTP/2 and HTTP/1.1.
The incoming HTTP/1.1 connection can be upgraded to
HTTP/2 through HTTP Upgrade.
Accept HTTP/2, SPDY and HTTP/1.1 over SSL/TLS. "no\-tls"
keyword is used in \fI\%\-\-frontend\fP option, accept HTTP/2 and
HTTP/1.1 over cleartext TCP. The incoming HTTP/1.1
connection can be upgraded to HTTP/2 through HTTP
Upgrade.
.UNINDENT
.INDENT 0.0
.TP
@ -1289,8 +1279,8 @@ as a memcached entry key, with expiry time 12 hours. Session timeout
is set to 12 hours.
.sp
By default, connections to memcached server are not encrypted. To
enable encryption, use \fI\%\-\-tls\-session\-cache\-memcached\-tls\fP
option.
enable encryption, use \fBtls\fP keyword in
\fI\%\-\-tls\-session\-cache\-memcached\fP option.
.SS TLS SESSION TICKET RESUMPTION
.sp
By default, session ticket is shared by all worker threads. The
@ -1336,8 +1326,8 @@ keys. The key appeared first is used as encryption key. All the
remaining keys are used as decryption only.
.sp
By default, connections to memcached server are not encrypted. To
enable encryption, use \fI\%\-\-tls\-ticket\-key\-memcached\-tls\fP
option.
enable encryption, use \fBtls\fP keyword in
\fI\%\-\-tls\-ticket\-key\-memcached\fP option.
.sp
If \fI\%\-\-tls\-ticket\-key\-file\fP is given, encryption key is read
from the given file. In this case, nghttpx does not rotate key

View File

@ -20,13 +20,13 @@ A reverse proxy for HTTP/2, HTTP/1 and SPDY.
Set path to server's private key. Required unless
:option:`--frontend-no-tls` are given.
"no-tls" keyword is used in :option:`--frontend` option.
.. describe:: <CERT>
Set path to server's certificate. Required unless
:option:`--frontend-no-tls` are given. To make OCSP stapling
work, this must be an absolute path.
"no-tls" keyword is used in :option:`--frontend` option. To make
OCSP stapling work, this must be an absolute path.
OPTIONS
@ -37,7 +37,7 @@ The options are categorized into several groups.
Connections
~~~~~~~~~~~
.. option:: -b, --backend=(<HOST>,<PORT>|unix:<PATH>)[;[<PATTERN>[:...]][;proto=<PROTO>]]
.. option:: -b, --backend=(<HOST>,<PORT>|unix:<PATH>)[;[<PATTERN>[:...]][;proto=<PROTO>][;tls]]
Set backend host and port. The multiple backend
addresses are accepted by repeating this option. UNIX
@ -69,10 +69,11 @@ Connections
Host can include "\*" in the left most position to
indicate wildcard match (only suffix match is done).
For example, host pattern "\*www.nghttp2.org" matches
against "www.nghttp2.org" and "1www.ngttp2.org", but
does not match against "nghttp2.org". The exact hosts
match takes precedence over the wildcard hosts match.
The "*" must match at least one character. For example,
host pattern "\*.nghttp2.org" matches against
"www.nghttp2.org" and "git.ngttp2.org", but does not
match against "nghttp2.org". The exact hosts match
takes precedence over the wildcard hosts match.
If <PATTERN> is omitted or empty string, "*/*" is used as
pattern, which matches all request paths (catch-all
@ -106,7 +107,10 @@ Connections
quotes: "h2", "http/1.1". The default value of <PROTO>
is "http/1.1". Note that usually "h2" refers to HTTP/2
over TLS. But in this option, it may mean HTTP/2 over
cleartext TCP unless :option:`--backend-tls` is used.
cleartext TCP unless "tls" keyword is used (see below).
Optionally, TLS can be enabled by specifying "tls"
keyword. TLS is not enabled by default.
Since ";" and ":" are used as delimiter, <PATTERN> must
not contain these characters. Since ";" has special
@ -115,7 +119,7 @@ Connections
Default: ``127.0.0.1,80``
.. option:: -f, --frontend=(<HOST>,<PORT>|unix:<PATH>)
.. option:: -f, --frontend=(<HOST>,<PORT>|unix:<PATH>)[;no-tls]
Set frontend host and port. If <HOST> is '\*', it
assumes all addresses including both IPv4 and IPv6.
@ -124,6 +128,10 @@ Connections
This option can be used multiple times to listen to
multiple addresses.
Optionally, TLS can be disabled by specifying "no-tls"
keyword. TLS is enabled by default.
Default: ``*,3000``
.. option:: --backlog=<N>
@ -160,10 +168,6 @@ Connections
Accept PROXY protocol version 1 on frontend connection.
.. option:: --backend-tls
Enable SSL/TLS on backend connections.
Performance
~~~~~~~~~~~
@ -473,7 +477,7 @@ SSL/TLS
ticket key sharing between nghttpx instances is not
required.
.. option:: --tls-ticket-key-memcached=<HOST>,<PORT>
.. option:: --tls-ticket-key-memcached=<HOST>,<PORT>[;tls]
Specify address of memcached server to get TLS ticket
keys for session resumption. This enables shared TLS
@ -484,7 +488,9 @@ SSL/TLS
replacing current set of keys. It is up to extern TLS
ticket key generator to rotate keys frequently. See
"TLS SESSION TICKET RESUMPTION" section in manual page
to know the data format in memcached entry.
to know the data format in memcached entry. Optionally,
memcached connection can be encrypted with TLS by
specifying "tls" keyword.
.. option:: --tls-ticket-key-memcached-address-family=(auto|IPv4|IPv6)
@ -526,11 +532,6 @@ SSL/TLS
either aes-128-cbc or aes-256-cbc. By default,
aes-128-cbc is used.
.. option:: --tls-ticket-key-memcached-tls
Enable SSL/TLS on memcached connections to get TLS
ticket keys.
.. option:: --tls-ticket-key-memcached-cert-file=<PATH>
Path to client certificate for memcached connections to
@ -558,11 +559,13 @@ SSL/TLS
Disable OCSP stapling.
.. option:: --tls-session-cache-memcached=<HOST>,<PORT>
.. option:: --tls-session-cache-memcached=<HOST>,<PORT>[;tls]
Specify address of memcached server to store session
cache. This enables shared session cache between
multiple nghttpx instances.
multiple nghttpx instances. Optionally, memcached
connection can be encrypted with TLS by specifying "tls"
keyword.
.. option:: --tls-session-cache-memcached-address-family=(auto|IPv4|IPv6)
@ -574,11 +577,6 @@ SSL/TLS
Default: ``auto``
.. option:: --tls-session-cache-memcached-tls
Enable SSL/TLS on memcached connections to store session
cache.
.. option:: --tls-session-cache-memcached-cert-file=<PATH>
Path to client certificate for memcached connections to
@ -655,10 +653,6 @@ HTTP/2 and SPDY
Default: ``16``
.. option:: --frontend-no-tls
Disable SSL/TLS on frontend connections.
.. option:: --backend-http2-window-bits=<N>
Sets the initial window size of HTTP/2 backend
@ -701,10 +695,11 @@ Mode
.. describe:: (default mode)
Accept HTTP/2, SPDY and HTTP/1.1 over SSL/TLS. If
:option:`--frontend-no-tls` is used, accept HTTP/2 and HTTP/1.1.
The incoming HTTP/1.1 connection can be upgraded to
HTTP/2 through HTTP Upgrade.
Accept HTTP/2, SPDY and HTTP/1.1 over SSL/TLS. "no-tls"
keyword is used in :option:`--frontend` option, accept HTTP/2 and
HTTP/1.1 over cleartext TCP. The incoming HTTP/1.1
connection can be upgraded to HTTP/2 through HTTP
Upgrade.
.. option:: -s, --http2-proxy
@ -1168,8 +1163,8 @@ as a memcached entry key, with expiry time 12 hours. Session timeout
is set to 12 hours.
By default, connections to memcached server are not encrypted. To
enable encryption, use :option:`--tls-session-cache-memcached-tls`
option.
enable encryption, use ``tls`` keyword in
:option:`--tls-session-cache-memcached` option.
TLS SESSION TICKET RESUMPTION
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
@ -1211,8 +1206,8 @@ keys. The key appeared first is used as encryption key. All the
remaining keys are used as decryption only.
By default, connections to memcached server are not encrypted. To
enable encryption, use :option:`--tls-ticket-key-memcached-tls`
option.
enable encryption, use ``tls`` keyword in
:option:`--tls-ticket-key-memcached` option.
If :option:`--tls-ticket-key-file` is given, encryption key is read
from the given file. In this case, nghttpx does not rotate key