From 34d3c45d358e70cbe98f87f4e187d7e51080c967 Mon Sep 17 00:00:00 2001
From: Tatsuhiro Tsujikawa <tatsuhiro.t@gmail.com>
Date: Wed, 19 Apr 2017 23:03:08 +0900
Subject: [PATCH] Update manual pages

---
 doc/h2load.1      |  2 +-
 doc/nghttp.1      |  2 +-
 doc/nghttpd.1     |  2 +-
 doc/nghttpx.1     | 35 ++++++++++++++++++++++-------------
 doc/nghttpx.1.rst | 32 ++++++++++++++++++++------------
 5 files changed, 45 insertions(+), 28 deletions(-)

diff --git a/doc/h2load.1 b/doc/h2load.1
index f92d06db..d632e656 100644
--- a/doc/h2load.1
+++ b/doc/h2load.1
@@ -1,6 +1,6 @@
 .\" Man page generated from reStructuredText.
 .
-.TH "H2LOAD" "1" "Apr 09, 2017" "1.22.0-DEV" "nghttp2"
+.TH "H2LOAD" "1" "Apr 19, 2017" "1.22.0-DEV" "nghttp2"
 .SH NAME
 h2load \- HTTP/2 benchmarking tool
 .
diff --git a/doc/nghttp.1 b/doc/nghttp.1
index f49d7638..67069c62 100644
--- a/doc/nghttp.1
+++ b/doc/nghttp.1
@@ -1,6 +1,6 @@
 .\" Man page generated from reStructuredText.
 .
-.TH "NGHTTP" "1" "Apr 09, 2017" "1.22.0-DEV" "nghttp2"
+.TH "NGHTTP" "1" "Apr 19, 2017" "1.22.0-DEV" "nghttp2"
 .SH NAME
 nghttp \- HTTP/2 client
 .
diff --git a/doc/nghttpd.1 b/doc/nghttpd.1
index 34164aa4..ebdb8897 100644
--- a/doc/nghttpd.1
+++ b/doc/nghttpd.1
@@ -1,6 +1,6 @@
 .\" Man page generated from reStructuredText.
 .
-.TH "NGHTTPD" "1" "Apr 09, 2017" "1.22.0-DEV" "nghttp2"
+.TH "NGHTTPD" "1" "Apr 19, 2017" "1.22.0-DEV" "nghttp2"
 .SH NAME
 nghttpd \- HTTP/2 server
 .
diff --git a/doc/nghttpx.1 b/doc/nghttpx.1
index e789794e..7d92c05c 100644
--- a/doc/nghttpx.1
+++ b/doc/nghttpx.1
@@ -1,6 +1,6 @@
 .\" Man page generated from reStructuredText.
 .
-.TH "NGHTTPX" "1" "Apr 09, 2017" "1.22.0-DEV" "nghttp2"
+.TH "NGHTTPX" "1" "Apr 19, 2017" "1.22.0-DEV" "nghttp2"
 .SH NAME
 nghttpx \- HTTP/2 proxy
 .
@@ -73,14 +73,16 @@ path which ends  with "\fI/\fP" also matches  the request path
 which  only  lacks  trailing  \(aq\fI/\fP\(aq  (e.g.,  path  "\fI/foo/\fP"
 matches request path  "\fI/foo\fP").  If it does  not end with
 "\fI/\fP", it  performs exact match against  the request path.
-If host  is given, it  performs exact match  against the
-request host.  If  host alone is given,  "\fI/\fP" is appended
-to it,  so that it  matches all request paths  under the
-host   (e.g.,   specifying   "nghttp2.org"   equals   to
-"nghttp2.org/").  CONNECT  method is  treated specially.
-It does  not have path,  and we don\(aqt allow  empty path.
-To workaround  this, we  assume that CONNECT  method has
-"\fI/\fP" as path.
+If  host  is given,  it  performs  a match  against  the
+request host.   For a  request received on  the frontend
+lister  with "sni\-fwd"  parameter enabled,  SNI host  is
+used instead of a request host.  If host alone is given,
+"\fI/\fP" is  appended to it,  so that it matches  all request
+paths  under the  host  (e.g., specifying  "nghttp2.org"
+equals  to "nghttp2.org/").   CONNECT method  is treated
+specially.  It  does not have  path, and we  don\(aqt allow
+empty path.  To workaround  this, we assume that CONNECT
+method has "\fI/\fP" as path.
 .sp
 Patterns with  host take  precedence over  patterns with
 just path.   Then, longer patterns take  precedence over
@@ -221,6 +223,11 @@ parameters are mutually exclusive.
 Optionally, TLS  can be disabled by  specifying "no\-tls"
 parameter.  TLS is enabled by default.
 .sp
+If "sni\-fwd" parameter is  used, when performing a match
+to select a backend server,  SNI host name received from
+the client  is used  instead of  the request  host.  See
+\fI\%\-\-backend\fP option about the pattern match.
+.sp
 To  make this  frontend as  API endpoint,  specify "api"
 parameter.   This   is  disabled  by  default.    It  is
 important  to  limit the  access  to  the API  frontend.
@@ -1142,15 +1149,17 @@ $alpn: ALPN identifier of the protocol which generates
 the response.   For HTTP/1,  ALPN is  always http/1.1,
 regardless of minor version.
 .IP \(bu 2
-$ssl_cipher: cipher used for SSL/TLS connection.
+$tls_cipher: cipher used for SSL/TLS connection.
 .IP \(bu 2
-$ssl_protocol: protocol for SSL/TLS connection.
+$tls_protocol: protocol for SSL/TLS connection.
 .IP \(bu 2
-$ssl_session_id: session ID for SSL/TLS connection.
+$tls_session_id: session ID for SSL/TLS connection.
 .IP \(bu 2
-$ssl_session_reused:  "r"   if  SSL/TLS   session  was
+$tls_session_reused:  "r"   if  SSL/TLS   session  was
 reused.  Otherwise, "."
 .IP \(bu 2
+$tls_sni: SNI server name for SSL/TLS connection.
+.IP \(bu 2
 $backend_host:  backend  host   used  to  fulfill  the
 request.  "\-" if backend host is not available.
 .IP \(bu 2
diff --git a/doc/nghttpx.1.rst b/doc/nghttpx.1.rst
index 182ad244..8dc9e0fb 100644
--- a/doc/nghttpx.1.rst
+++ b/doc/nghttpx.1.rst
@@ -57,14 +57,16 @@ Connections
     which  only  lacks  trailing  '*/*'  (e.g.,  path  "*/foo/*"
     matches request path  "*/foo*").  If it does  not end with
     "*/*", it  performs exact match against  the request path.
-    If host  is given, it  performs exact match  against the
-    request host.  If  host alone is given,  "*/*" is appended
-    to it,  so that it  matches all request paths  under the
-    host   (e.g.,   specifying   "nghttp2.org"   equals   to
-    "nghttp2.org/").  CONNECT  method is  treated specially.
-    It does  not have path,  and we don't allow  empty path.
-    To workaround  this, we  assume that CONNECT  method has
-    "*/*" as path.
+    If  host  is given,  it  performs  a match  against  the
+    request host.   For a  request received on  the frontend
+    lister  with "sni-fwd"  parameter enabled,  SNI host  is
+    used instead of a request host.  If host alone is given,
+    "*/*" is  appended to it,  so that it matches  all request
+    paths  under the  host  (e.g., specifying  "nghttp2.org"
+    equals  to "nghttp2.org/").   CONNECT method  is treated
+    specially.  It  does not have  path, and we  don't allow
+    empty path.  To workaround  this, we assume that CONNECT
+    method has "*/*" as path.
 
     Patterns with  host take  precedence over  patterns with
     just path.   Then, longer patterns take  precedence over
@@ -205,6 +207,11 @@ Connections
     Optionally, TLS  can be disabled by  specifying "no-tls"
     parameter.  TLS is enabled by default.
 
+    If "sni-fwd" parameter is  used, when performing a match
+    to select a backend server,  SNI host name received from
+    the client  is used  instead of  the request  host.  See
+    :option:`--backend` option about the pattern match.
+
     To  make this  frontend as  API endpoint,  specify "api"
     parameter.   This   is  disabled  by  default.    It  is
     important  to  limit the  access  to  the API  frontend.
@@ -1039,11 +1046,12 @@ Logging
     * $alpn: ALPN identifier of the protocol which generates
       the response.   For HTTP/1,  ALPN is  always http/1.1,
       regardless of minor version.
-    * $ssl_cipher: cipher used for SSL/TLS connection.
-    * $ssl_protocol: protocol for SSL/TLS connection.
-    * $ssl_session_id: session ID for SSL/TLS connection.
-    * $ssl_session_reused:  "r"   if  SSL/TLS   session  was
+    * $tls_cipher: cipher used for SSL/TLS connection.
+    * $tls_protocol: protocol for SSL/TLS connection.
+    * $tls_session_id: session ID for SSL/TLS connection.
+    * $tls_session_reused:  "r"   if  SSL/TLS   session  was
       reused.  Otherwise, "."
+    * $tls_sni: SNI server name for SSL/TLS connection.
     * $backend_host:  backend  host   used  to  fulfill  the
       request.  "-" if backend host is not available.
     * $backend_port:  backend  port   used  to  fulfill  the