Update man pages

This commit is contained in:
Tatsuhiro Tsujikawa 2014-05-16 23:54:09 +09:00
parent de5c821530
commit 453e12cd1f
4 changed files with 371 additions and 216 deletions

View File

@ -1,5 +1,5 @@
.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.45.1. .\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.45.1.
.TH H2LOAD "1" "May 2014" "h2load nghttp2/0.4.0-DEV" "User Commands" .TH H2LOAD "1" "May 2014" "h2load nghttp2/0.4.0" "User Commands"
.SH NAME .SH NAME
h2load \- HTTP/2 benchmarking tool h2load \- HTTP/2 benchmarking tool
.SH SYNOPSIS .SH SYNOPSIS

View File

@ -1,43 +1,46 @@
.\" nghttp2 manual page .\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.45.1.
.TH nghttp2 "1" "January 2014" "nghttp2" "User Commands" .TH NGHTTP "1" "May 2014" "nghttp nghttp2/0.4.0" "User Commands"
.SH NAME .SH NAME
nghttp2 \- HTTP2 experimental client nghttp \- HTTP/2 experimental client
.SH SYNOPSIS .SH SYNOPSIS
\fBnghttp\fP [\fIOPTIONS\fP] \fIURI\fP... .B nghttp
[\fI\,OPTIONS\/\fR]... \fI\,<URI>\/\fR...
.SH DESCRIPTION .SH DESCRIPTION
Experimental client for HTTP 2.0. HTTP/2 experimental client
.TP
<URI>
Specify URI to access.
.SH OPTIONS .SH OPTIONS
.TP .TP
\fB\-v\fR, \fB\-\-verbose\fR \fB\-v\fR, \fB\-\-verbose\fR
Print debug information such as reception/ Print debug information such as reception and
transmission of frames and name/value pairs. transmission of frames and name/value pairs.
.TP .TP
\fB\-n\fR, \fB\-\-null\-out\fR \fB\-n\fR, \fB\-\-null\-out\fR
Discard downloaded data. Discard downloaded data.
.TP .TP
\fB\-O\fR, \fB\-\-remote\-name\fR \fB\-O\fR, \fB\-\-remote\-name\fR
Save download data in the current directory. Save download data in the current directory. The
The filename is dereived from URI. If URI filename is dereived from URI. If URI ends with
ends with '/', 'index.html' is used as a \&'/', 'index.html' is used as a filename. Not
filename. Not implemented yet. implemented yet.
.TP .TP
\fB\-t\fR, \fB\-\-timeout=\fR<N> \fB\-t\fR, \fB\-\-timeout=\fR<N>
Timeout each request after <N> seconds. Timeout each request after <N> seconds.
.TP .TP
\fB\-w\fR, \fB\-\-window\-bits=\fR<N> \fB\-w\fR, \fB\-\-window\-bits=\fR<N>
Sets the stream level initial window size Sets the stream level initial window size to
to 2**<N>\-1. 2**<N>\-1.
.TP .TP
\fB\-W\fR, \fB\-\-connection\-window\-bits=\fR<N> \fB\-W\fR, \fB\-\-connection\-window\-bits=\fR<N>
Sets the connection level initial window Sets the connection level initial window size to
size to 2**<N>\-1. 2**<N>\-1.
.TP .TP
\fB\-a\fR, \fB\-\-get\-assets\fR \fB\-a\fR, \fB\-\-get\-assets\fR
Download assets such as stylesheets, images Download assets such as stylesheets, images and
and script files linked from the downloaded script files linked from the downloaded resource.
resource. Only links whose origins are the Only links whose origins are the same with the
same with the linking resource will be linking resource will be downloaded.
downloaded.
.TP .TP
\fB\-s\fR, \fB\-\-stat\fR \fB\-s\fR, \fB\-\-stat\fR
Print statistics. Print statistics.
@ -46,45 +49,61 @@ Print statistics.
Add a header to the requests. Add a header to the requests.
.TP .TP
\fB\-\-cert=\fR<CERT> \fB\-\-cert=\fR<CERT>
Use the specified client certificate file. Use the specified client certificate file. The
The file must be in PEM format. file must be in PEM format.
.TP .TP
\fB\-\-key=\fR<KEY> \fB\-\-key=\fR<KEY>
Use the client private key file. The file Use the client private key file. The file must
must be in PEM format. be in PEM format.
.TP .TP
\fB\-d\fR, \fB\-\-data=\fR<FILE> \fB\-d\fR, \fB\-\-data=\fR<FILE>
Post FILE to server. If \- is given, data Post FILE to server. If '\-' is given, data will
will be read from stdin. be read from stdin.
.TP .TP
\fB\-m\fR, \fB\-\-multiply=\fR<N> Request each URI <N> times. By default, same \fB\-g\fR, \fB\-\-compress\-data\fR
URI is not requested twice. This option When used with \fB\-d\fR option, compress request body
disables it too. on the fly using per\-frame compression.
.TP .TP
\fB\-f\fR, \fB\-\-no\-flow\-control\fR \fB\-m\fR, \fB\-\-multiply=\fR<N> Request each URI <N> times.
Disables connection and stream level flow By default, same URI
controls. is not requested twice. This option disables it
too.
.TP .TP
\fB\-u\fR, \fB\-\-upgrade\fR \fB\-u\fR, \fB\-\-upgrade\fR
Perform HTTP Upgrade for HTTP/2.0. This Perform HTTP Upgrade for HTTP/2. This option is
option is ignored if the request URI has ignored if the request URI has https scheme. If
https scheme. \fB\-d\fR is used, the HTTP upgrade request is performed
If \fB\-d\fR is used, the HTTP upgrade request is with OPTIONS method.
performed with OPTIONS method.
.TP .TP
\fB\-p\fR, \fB\-\-pri=\fR<PRIORITY> \fB\-p\fR, \fB\-\-weight=\fR<WEIGHT>
Sets stream priority. Default: 1073741824 Sets priority group weight. The valid value
range is [1, 256], inclusive.
Default: 16
.TP .TP
\fB\-M\fR, \fB\-\-peer\-max\-concurrent\-streams=\fR<N> \fB\-M\fR, \fB\-\-peer\-max\-concurrent\-streams=\fR<N>
Use <N> as SETTINGS_MAX_CONCURRENT_STREAMS Use <N> as SETTINGS_MAX_CONCURRENT_STREAMS value
value of remote endpoint as if it is of remote endpoint as if it is received in
received in SETTINGS frame. The default SETTINGS frame. The default is large enough as
is large enough as it is seen as unlimited. it is seen as unlimited.
.TP .TP
\fB\-c\fR, \fB\-\-header\-table\-size=\fR<N> \fB\-c\fR, \fB\-\-header\-table\-size=\fR<N>
Specify decoder header table size. Specify decoder header table size.
.TP .TP
\fB\-b\fR, \fB\-\-padding=\fR<N>
Add at most <N> bytes to a frame payload as
padding. Specify 0 to disable padding.
.TP
\fB\-\-color\fR \fB\-\-color\fR
Force colored log output. Force colored log output.
.TP
\fB\-\-continuation\fR
Send large header to test CONTINUATION.
.TP
\fB\-\-version\fR
Display version information and exit.
.TP
\fB\-h\fR, \fB\-\-help\fR
Display this help and exit.
.SH "SEE ALSO" .SH "SEE ALSO"
nghttpd(1), nghttpx(1)
nghttpd(1), nghttpx(1), h2load(1)

View File

@ -1,39 +1,45 @@
.\" nghttpd manual page .\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.45.1.
.TH nghttpd "1" "January 2014" "nghttpd" "User Commands" .TH NGHTTPD "1" "May 2014" "nghttpd nghttp2/0.4.0" "User Commands"
.SH NAME .SH NAME
nghttpd \- HTTP 2.0 experimental server nghttpd \- HTTP/2 experimental server
.SH SYNOPSIS .SH SYNOPSIS
\fBnghttpd\fP [\fIOPTIONS\fP...] [\fIPRIVATE_KEY\fP \fICERT\fP] .B nghttpd
[\fI\,OPTION\/\fR]... \fI\,<PORT> <PRIVATE_KEY> <CERT>\/\fR
.br
.B nghttpd
\fI\,--no-tls \/\fR[\fI\,OPTION\/\fR]... \fI\,<PORT>\/\fR
.SH DESCRIPTION .SH DESCRIPTION
Experimental HTTP 2.0 server. HTTP/2 experimental server
.SH "Positional arguments"
.TP .TP
\fIPRIVATE_KEY\fP <PORT>
Specify listening port number.
.TP
<PRIVATE_KEY>
Set path to server's private key. Required Set path to server's private key. Required
unless either \fB\-p\fR or \fB\-\-client\fR is specified. unless \fB\-\-no\-tls\fR is specified.
.TP .TP
\fICERT\fP <CERT>
Set path to server's certificate. Required Set path to server's certificate. Required
unless either \fB\-p\fR or \fB\-\-client\fR is specified. unless \fB\-\-no\-tls\fR is specified.
.SH OPTIONS .SH OPTIONS
.TP .TP
\fB\-D\fR, \fB\-\-daemon\fR \fB\-D\fR, \fB\-\-daemon\fR
Run in a background. If \fB\-D\fR is used, the Run in a background. If \fB\-D\fR is used, the current
current working directory is changed to '/'. working directory is changed to '/'. Therefore
Therefore if this option is used, \fB\-d\fR option if this option is used, \fB\-d\fR option must be
must be specified. specified.
.TP .TP
\fB\-V\fR, \fB\-\-verify\-client\fR \fB\-V\fR, \fB\-\-verify\-client\fR
The server sends a client certificate The server sends a client certificate request.
request. If the client did not return a If the client did not return a certificate, the
certificate, the handshake is terminated. handshake is terminated. Currently, this option
Currently, this option just requests a just requests a client certificate and does not
client certificate and does not verify it. verify it.
.TP .TP
\fB\-d\fR, \fB\-\-htdocs=\fR<PATH> \fB\-d\fR, \fB\-\-htdocs=\fR<PATH>
Specify document root. If this option is Specify document root. If this option is not
not specified, the document root is the specified, the document root is the current
current working directory. working directory.
.TP .TP
\fB\-v\fR, \fB\-\-verbose\fR \fB\-v\fR, \fB\-\-verbose\fR
Print debug information such as reception/ Print debug information such as reception/
@ -42,14 +48,36 @@ transmission of frames and name/value pairs.
\fB\-\-no\-tls\fR \fB\-\-no\-tls\fR
Disable SSL/TLS. Disable SSL/TLS.
.TP .TP
\fB\-f\fR, \fB\-\-no\-flow\-control\fR \fB\-c\fR, \fB\-\-header\-table\-size=\fR<N>
Disables connection and stream level flow Specify decoder header table size.
controls.
.TP .TP
\fB\-\-color\fR \fB\-\-color\fR
Force colored log output. Force colored log output.
.TP .TP
\fB\-p\fR, \fB\-\-push=\fR<PATH>=<PUSH_PATH,...>
Push resources <PUSH_PATH>s when <PATH> is
requested. This option can be used repeatedly to
specify multiple push configurations. <PATH> and
<PUSH_PATH>s are relative to document root. See
\fB\-\-htdocs\fR option. Example: \fB\-p\fR/=/foo.png
\fB\-p\fR/doc=/bar.css
.TP
\fB\-b\fR, \fB\-\-padding=\fR<N>
Add at most <N> bytes to a frame payload as
padding. Specify 0 to disable padding.
.TP
\fB\-n\fR, \fB\-\-workers=\fR<CORE>
Set the number of worker threads.
Default: 1
.TP
\fB\-e\fR, \fB\-\-error\-gzip\fR
Make error response gzipped.
.TP
\fB\-\-version\fR
Display version information and exit.
.TP
\fB\-h\fR, \fB\-\-help\fR \fB\-h\fR, \fB\-\-help\fR
Print this help. Display this help and exit.
.SH "SEE ALSO" .SH "SEE ALSO"
nghttp(1), nghttpx(1)
nghttp(1), nghttpx(1), h2load(1)

View File

@ -1,27 +1,26 @@
.\" nghttpx manual page .\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.45.1.
.TH nghttpx "1" "January 2014" "nghttpx" "User Commands" .TH NGHTTPX "1" "May 2014" "nghttpx nghttp2/0.4.0" "User Commands"
.SH NAME .SH NAME
nghttpx \- HTTP 2.0 experimental proxy nghttpx \- HTTP/2 experimental proxy
.SH SYNOPSIS .SH SYNOPSIS
\fBnghttpx\fP [\fIOPTIONS\fP...] [\fIPRIVATE_KEY\fP \fICERT\fP] .B nghttpx
[\fI\,OPTIONS\/\fR]... [\fI\,<PRIVATE_KEY> <CERT>\/\fR]
.SH DESCRIPTION .SH DESCRIPTION
Experimental HTTP 2.0 reverse proxy. A reverse proxy for HTTP/2, HTTP/1 and SPDY.
.LP
The default mode is to accept HTTP/2.0, SPDY (if compiled in) and
HTTP/1.1 over SSL/TLS. If \fB\-\-frontend\-no\-tls\fR is used, accept
HTTP/2.0 and HTTP/1.1. The incoming HTTP/1.1 connection can be
upgraded to HTTP/2.0 through HTTP Upgrade. The protocol to the
backend is HTTP/1.1.
.SH "Positional arguments"
.TP .TP
\fIPRIVATE_KEY\fP <PRIVATE_KEY>
Set path to server's private key. Required Set path to server's private key. Required
unless either \fB\-p\fR or \fB\-\-client\fR is specified. unless \fB\-p\fR, \fB\-\-client\fR or \fB\-\-frontend\-no\-tls\fR are
given.
.TP .TP
\fICERT\fP <CERT>
Set path to server's certificate. Required Set path to server's certificate. Required
unless either \fB\-p\fR or \fB\-\-client\fR is specified. unless \fB\-p\fR, \fB\-\-client\fR or \fB\-\-frontend\-no\-tls\fR are
given.
.SH OPTIONS .SH OPTIONS
.IP
The options are categorized into several groups.
.SS "Connections:"
.TP .TP
\fB\-b\fR, \fB\-\-backend=\fR<HOST,PORT> \fB\-b\fR, \fB\-\-backend=\fR<HOST,PORT>
Set backend host and port. Set backend host and port.
@ -32,207 +31,278 @@ Set frontend host and port.
Default: '0.0.0.0,3000' Default: '0.0.0.0,3000'
.TP .TP
\fB\-\-backlog=\fR<NUM> \fB\-\-backlog=\fR<NUM>
Set listen backlog size. Set listen backlog size. If \fB\-1\fR is given,
Default: 256 libevent will choose suitable value.
Default: \fB\-1\fR
.TP .TP
\fB\-\-backend\-ipv4\fR \fB\-\-backend\-ipv4\fR
Resolve backend hostname to IPv4 address Resolve backend hostname to IPv4 address only.
only.
.TP .TP
\fB\-\-backend\-ipv6\fR \fB\-\-backend\-ipv6\fR
Resolve backend hostname to IPv6 address Resolve backend hostname to IPv6 address only.
only. .SS "Performance:"
.TP .TP
\fB\-n\fR, \fB\-\-workers=\fR<CORES> \fB\-n\fR, \fB\-\-workers=\fR<CORES>
Set the number of worker threads. Set the number of worker threads.
Default: 1 Default: 1
.TP .TP
\fB\-\-read\-rate=\fR<RATE> Set maximum average read rate on frontend \fB\-\-read\-rate=\fR<RATE>
connection. Setting 0 to this option means Set maximum average read rate on frontend
read rate is unlimited. connection. Setting 0 to this option means read
rate is unlimited.
Default: 1048576 Default: 1048576
.TP .TP
\fB\-\-read\-burst=\fR<SIZE> \fB\-\-read\-burst=\fR<SIZE>
Set maximum read burst size on frontend Set maximum read burst size on frontend
connection. Setting 0 to this option means connection. Setting 0 to this option means read
read burst size is unlimited. burst size is unlimited.
Default: 4194304 Default: 4194304
.TP .TP
\fB\-\-write\-rate=\fR<RATE> \fB\-\-write\-rate=\fR<RATE>
Set maximum average write rate on frontend Set maximum average write rate on frontend
connection. Setting 0 to this option means connection. Setting 0 to this option means write
write rate is unlimited. rate is unlimited.
Default: 0 Default: 0
.TP .TP
\fB\-\-write\-burst=\fR<SIZE> \fB\-\-write\-burst=\fR<SIZE>
Set maximum write burst size on frontend Set maximum write burst size on frontend
connection. Setting 0 to this option means connection. Setting 0 to this option means write
write burst size is unlimited. burst size is unlimited.
Default: 0 Default: 0
.TP .TP
\fB\-\-worker\-read\-rate=\fR<RATE>
Set maximum average read rate on frontend
connection per worker. Setting 0 to this option
means read rate is unlimited.
Default: 0
.TP
\fB\-\-worker\-read\-burst=\fR<SIZE>
Set maximum read burst size on frontend
connection per worker. Setting 0 to this option
means read burst size is unlimited.
Default: 0
.TP
\fB\-\-worker\-write\-rate=\fR<RATE>
Set maximum average write rate on frontend
connection per worker. Setting 0 to this option
means write rate is unlimited.
Default: 0
.TP
\fB\-\-worker\-write\-burst=\fR<SIZE>
Set maximum write burst size on frontend
connection per worker. Setting 0 to this option
means write burst size is unlimited.
Default: 0
.SS "Timeout:"
.TP
\fB\-\-frontend\-http2\-read\-timeout=\fR<SEC> \fB\-\-frontend\-http2\-read\-timeout=\fR<SEC>
Specify read timeout for HTTP/2.0 and SPDY frontend Specify read timeout for HTTP/2 and SPDY frontend
connection. Default: 180 connection.
Default: 180
.TP .TP
\fB\-\-frontend\-read\-timeout=\fR<SEC> \fB\-\-frontend\-read\-timeout=\fR<SEC>
Specify read timeout for HTTP/1.1 frontend Specify read timeout for HTTP/1.1 frontend
connection. Default: 180 connection.
Default: 180
.TP .TP
\fB\-\-frontend\-write\-timeout=\fR<SEC> \fB\-\-frontend\-write\-timeout=\fR<SEC>
Specify write timeout for all frontends. Specify write timeout for all frontend
connection. Default: 60 connections.
Default: 60
.TP .TP
\fB\-\-backend\-read\-timeout=\fR<SEC> \fB\-\-backend\-read\-timeout=\fR<SEC>
Specify read timeout for backend connection. Specify read timeout for backend connection.
Default: 900 Default: 900
.TP .TP
\fB\-\-backend\-write\-timeout=\fR<SEC> \fB\-\-backend\-write\-timeout=\fR<SEC>
Specify write timeout for backend Specify write timeout for backend connection.
connection. Default: 60 Default: 60
.TP .TP
\fB\-\-backend\-keep\-alive\-timeout=\fR<SEC> \fB\-\-backend\-keep\-alive\-timeout=\fR<SEC>
Specify keep\-alive timeout for backend Specify keep\-alive timeout for backend
connection. Default: 60 connection.
Default: 60
.TP .TP
\fB\-\-backend\-http\-proxy\-uri=\fR<URI> \fB\-\-backend\-http\-proxy\-uri=\fR<URI>
Specify proxy URI in the form Specify proxy URI in the form
http://[<USER>:<PASS>@]<PROXY>:<PORT>. If http://[<USER>:<PASS>@]<PROXY>:<PORT>. If a
a proxy requires authentication, specify proxy requires authentication, specify <USER> and
<USER> and <PASS>. Note that they must be <PASS>. Note that they must be properly
properly percent\-encoded. This proxy is used percent\-encoded. This proxy is used when the
when the backend connection is HTTP/2.0. First, backend connection is HTTP/2. First, make a
make a CONNECT request to the proxy and CONNECT request to the proxy and it connects to
it connects to the backend on behalf of the backend on behalf of nghttpx. This forms
nghttpx. This forms tunnel. After that, nghttpx tunnel. After that, nghttpx performs SSL/TLS
performs SSL/TLS handshake with the handshake with the downstream through the tunnel.
downstream through the tunnel. The timeouts The timeouts when connecting and making CONNECT
when connecting and making CONNECT request request can be specified by
can be specified by \fB\-\-backend\-read\-timeout\fR \fB\-\-backend\-read\-timeout\fR and
and \fB\-\-backend\-write\-timeout\fR options. \fB\-\-backend\-write\-timeout\fR options.
.SS "SSL/TLS:"
.TP .TP
\fB\-\-ciphers=\fR<SUITE> \fB\-\-ciphers=\fR<SUITE>
Set allowed cipher list. The format of the Set allowed cipher list. The format of the
string is described in OpenSSL ciphers(1). string is described in OpenSSL ciphers(1). If
If this option is used, \fB\-\-honor\-cipher\-order\fR this option is used, \fB\-\-honor\-cipher\-order\fR is
is implicitly enabled. implicitly enabled.
.TP .TP
\fB\-\-honor\-cipher\-order\fR \fB\-\-honor\-cipher\-order\fR
Honor server cipher order, giving the Honor server cipher order, giving the ability to
ability to mitigate BEAST attacks. mitigate BEAST attacks.
.TP .TP
\fB\-k\fR, \fB\-\-insecure\fR \fB\-k\fR, \fB\-\-insecure\fR
When used with \fB\-p\fR or \fB\-\-client\fR, don't verify Don't verify backend server's certificate if \fB\-p\fR,
backend server's certificate. \fB\-\-client\fR or \fB\-\-http2\-bridge\fR are given and
\fB\-\-backend\-no\-tls\fR is not given.
.TP .TP
\fB\-\-cacert=\fR<PATH> \fB\-\-cacert=\fR<PATH>
When used with \fB\-p\fR or \fB\-\-client\fR, set path to Set path to trusted CA certificate file if \fB\-p\fR,
trusted CA certificate file. \fB\-\-client\fR or \fB\-\-http2\-bridge\fR are given and
The file must be in PEM format. It can \fB\-\-backend\-no\-tls\fR is not given. The file must be
contain multiple certificates. If the in PEM format. It can contain multiple
linked OpenSSL is configured to load system certificates. If the linked OpenSSL is
wide certificates, they are loaded configured to load system wide certificates, they
at startup regardless of this option. are loaded at startup regardless of this option.
.TP .TP
\fB\-\-private\-key\-passwd\-file=\fR<FILEPATH> \fB\-\-private\-key\-passwd\-file=\fR<FILEPATH>
Path to file that contains password for the Path to file that contains password for the
server's private key. If none is given and server's private key. If none is given and the
the private key is password protected it'll private key is password protected it'll be
be requested interactively. requested interactively.
.TP .TP
\fB\-\-subcert=\fR<KEYPATH>:<CERTPATH> \fB\-\-subcert=\fR<KEYPATH>:<CERTPATH>
Specify additional certificate and private Specify additional certificate and private key
key file. nghttpx will choose certificates file. nghttpx will choose certificates based on
based on the hostname indicated by client the hostname indicated by client using TLS SNI
using TLS SNI extension. This option can be extension. This option can be used multiple
used multiple times. times.
.TP .TP
\fB\-\-backend\-tls\-sni\-field=\fR<HOST> \fB\-\-backend\-tls\-sni\-field=\fR<HOST>
Explicitly set the content of the TLS SNI Explicitly set the content of the TLS SNI
extension. This will default to the backend extension. This will default to the backend HOST
HOST name. name.
.TP .TP
\fB\-\-dh\-param\-file=\fR<PATH> \fB\-\-dh\-param\-file=\fR<PATH>
Path to file that contains DH parameters in Path to file that contains DH parameters in PEM
PEM format. Without this option, DHE cipher format. Without this option, DHE cipher suites
suites are not available. are not available.
.TP .TP
\fB\-\-npn\-list=\fR<LIST> \fB\-\-npn\-list=\fR<LIST>
Comma delimited list of NPN protocol sorted Comma delimited list of NPN/ALPN protocol sorted
in the order of preference. That means in the order of preference. That means most
most desirable protocol comes first. desirable protocol comes first. The parameter
The parameter must be delimited by a single must be delimited by a single comma only and any
comma only and any white spaces are treated white spaces are treated as a part of protocol
as a part of protocol string. string.
Default: HTTP\-draft\-07/2.0,http/1.1 Default: h2\-12,spdy/3.1,spdy/3,spdy/2,http/1.1
.TP .TP
\fB\-\-verify\-client\fR \fB\-\-verify\-client\fR
Require and verify client certificate. Require and verify client certificate.
.TP .TP
\fB\-\-verify\-client\-cacert=\fR<PATH> \fB\-\-verify\-client\-cacert=\fR<PATH>
Path to file that contains CA certificates Path to file that contains CA certificates to
to verify client certificate. verify client certificate. The file must be in
The file must be in PEM format. It can PEM format. It can contain multiple
contain multiple certificates. certificates.
.TP .TP
\fB\-\-client\-private\-key\-file=\fR<PATH> \fB\-\-client\-private\-key\-file=\fR<PATH>
Path to file that contains client private Path to file that contains client private key
key used in backend client authentication. used in backend client authentication.
.TP .TP
\fB\-\-client\-cert\-file=\fR<PATH> \fB\-\-client\-cert\-file=\fR<PATH>
Path to file that contains client Path to file that contains client certificate
certificate used in backend client used in backend client authentication.
authentication. .TP
\fB\-\-tls\-proto\-list=\fR<LIST>
Comma delimited list of SSL/TLS protocol to be
enabled. The following protocols are available:
TLSv1.2, TLSv1.1, TLSv1.0 and SSLv3. The name
matching is done in case\-insensitive manner. The
parameter must be delimited by a single comma
only and any white spaces are treated as a part
of protocol string.
Default: TLSv1.2,TLSv1.1,TLSv1.0
.SS "HTTP/2 and SPDY:"
.TP .TP
\fB\-c\fR, \fB\-\-http2\-max\-concurrent\-streams=\fR<NUM> \fB\-c\fR, \fB\-\-http2\-max\-concurrent\-streams=\fR<NUM>
Set the maximum number of the concurrent Set the maximum number of the concurrent streams
streams in one HTTP/2.0 and SPDY session. in one HTTP/2 and SPDY session.
Default: 100 Default: 100
.TP .TP
\fB\-\-frontend\-http2\-window\-bits=\fR<N> \fB\-\-frontend\-http2\-window\-bits=\fR<N>
Sets the initial window size of HTTP/2.0 and SPDY Sets the per\-stream initial window size of HTTP/2
frontend connection to 2**<N>\-1. SPDY frontend connection. For HTTP/2, the size
is 2**<N>\-1. For SPDY, the size is 2**<N>.
Default: 16
.TP
\fB\-\-frontend\-http2\-connection\-window\-bits=\fR<N>
Sets the per\-connection window size of HTTP/2 and
SPDY frontend connection. For HTTP/2, the size
is 2**<N>\-1. For SPDY, the size is 2**<N>.
Default: 16 Default: 16
.TP .TP
\fB\-\-frontend\-no\-tls\fR \fB\-\-frontend\-no\-tls\fR
Disable SSL/TLS on frontend connections. Disable SSL/TLS on frontend connections.
.TP .TP
\fB\-\-backend\-http2\-window\-bits=\fR<N> \fB\-\-backend\-http2\-window\-bits=\fR<N>
Sets the initial window size of HTTP/2.0 and SPDY Sets the initial window size of HTTP/2 backend
connection to 2**<N>\-1.
Default: 16
.TP
\fB\-\-backend\-http2\-connection\-window\-bits=\fR<N>
Sets the per\-connection window size of HTTP/2
backend connection to 2**<N>\-1. backend connection to 2**<N>\-1.
Default: 16 Default: 16
.TP .TP
\fB\-\-backend\-no\-tls\fR \fB\-\-backend\-no\-tls\fR
Disable SSL/TLS on backend connections. Disable SSL/TLS on backend connections.
.TP .TP
\fB\-\-http2\-no\-cookie\-crumbling\fR
Don't crumble cookie header field.
.TP
\fB\-\-padding=\fR<N>
Add at most <N> bytes to a HTTP/2 frame payload
as padding. Specify 0 to disable padding. This
option is meant for debugging purpose and not
intended to enhance protocol security.
.SS "Mode:"
.TP
(default mode)
Accept HTTP/2, SPDY and HTTP/1.1 over SSL/TLS.
If \fB\-\-frontend\-no\-tls\fR is used, accept HTTP/2 and
HTTP/1.1. The incoming HTTP/1.1 connection can
be upgraded to HTTP/2 through HTTP Upgrade. The
protocol to the backend is HTTP/1.1.
.TP
\fB\-s\fR, \fB\-\-http2\-proxy\fR \fB\-s\fR, \fB\-\-http2\-proxy\fR
Like default mode, but enable secure proxy mode. Like default mode, but enable secure proxy mode.
.TP .TP
\fB\-\-http2\-bridge\fR \fB\-\-http2\-bridge\fR
Like default mode, but communicate with the Like default mode, but communicate with the
backend in HTTP/2.0 over SSL/TLS. Thus the backend in HTTP/2 over SSL/TLS. Thus the
incoming all connections are converted incoming all connections are converted to HTTP/2
to HTTP/2.0 connection and relayed to connection and relayed to the backend. See
the backend. See \fB\-\-backend\-http\-proxy\-uri\fR \fB\-\-backend\-http\-proxy\-uri\fR option if you are behind
option if you are behind the proxy and want the proxy and want to connect to the outside
to connect to the outside HTTP/2.0 proxy. HTTP/2 proxy.
.TP .TP
\fB\-\-client\fR \fB\-\-client\fR
Accept HTTP/2.0 and HTTP/1.1 without SSL/TLS. Accept HTTP/2 and HTTP/1.1 without SSL/TLS. The
The incoming HTTP/1.1 connection can be incoming HTTP/1.1 connection can be upgraded to
upgraded to HTTP/2.0 connection through HTTP/2 connection through HTTP Upgrade. The
HTTP Upgrade. protocol to the backend is HTTP/2. To use
The protocol to the backend is HTTP/2.0. nghttpx as a forward proxy, use \fB\-p\fR option
To use nghttpx as a forward proxy, use \fB\-p\fR instead.
option instead.
.TP .TP
\fB\-p\fR, \fB\-\-client\-proxy\fR Like \fB\-\-client\fR option, but it also requires \fB\-p\fR, \fB\-\-client\-proxy\fR
the request path from frontend must be Like \fB\-\-client\fR option, but it also requires the
an absolute URI, suitable for use as a request path from frontend must be an absolute
forward proxy. URI, suitable for use as a forward proxy.
.SS "Logging:"
.TP .TP
\fB\-L\fR, \fB\-\-log\-level=\fR<LEVEL> \fB\-L\fR, \fB\-\-log\-level=\fR<LEVEL>
Set the severity level of log output. Set the severity level of log output. <LEVEL>
INFO, WARNING, ERROR and FATAL. must be one of INFO, WARNING, ERROR and FATAL.
Default: WARNING Default: WARNING
.TP .TP
\fB\-\-accesslog\fR \fB\-\-accesslog\fR
@ -242,32 +312,69 @@ Print simple accesslog to stderr.
Send log messages to syslog. Send log messages to syslog.
.TP .TP
\fB\-\-syslog\-facility=\fR<FACILITY> \fB\-\-syslog\-facility=\fR<FACILITY>
Set syslog facility. Set syslog facility to <FACILITY>.
Default: daemon Default: daemon
.SS "Misc:"
.TP .TP
\fB\-\-add\-x\-forwarded\-for\fR \fB\-\-add\-x\-forwarded\-for\fR
Append X\-Forwarded\-For header field to the Append X\-Forwarded\-For header field to the
downstream request. downstream request.
.TP .TP
\fB\-\-no\-via\fR \fB\-\-no\-via\fR
Don't append to Via header field. If Via Don't append to Via header field. If Via header
header field is received, it is left field is received, it is left unaltered.
unaltered. .TP
\fB\-\-altsvc=\fR<PROTOID,PORT[,HOST,[ORIGIN]]>
Specify protocol ID, port, host and origin of
alternative service. <HOST> and <ORIGIN> are
optional. They are advertised in alt\-svc header
field or HTTP/2 ALTSVC frame. This option can be
used multiple times to specify multiple
alternative services. Example: \fB\-\-altsvc\fR=\fI\,h2\/\fR,443
.TP
\fB\-\-add\-response\-header=\fR<HEADER>
Specify additional header field to add to
response header set. This option just appends
header field and won't replace anything already
set. This option can be used several times to
specify multiple header fields.
Example: \fB\-\-add\-response\-header=\fR"foo: bar"
.TP
\fB\-\-frontend\-http2\-dump\-request\-header=\fR<PATH>
Dumps request headers received by HTTP/2 frontend
to the file denoted in <PATH>. The output is
done in HTTP/1 header field format and each
header block is followed by an empty line. This
option is not thread safe and MUST NOT be used
with option \fB\-n\fR<N>, where <N> >= 2.
.TP
\fB\-\-frontend\-http2\-dump\-response\-header=\fR<PATH>
Dumps response headers sent from HTTP/2 frontend
to the file denoted in <PATH>. The output is
done in HTTP/1 header field format and each
header block is followed by an empty line. This
option is not thread safe and MUST NOT be used
with option \fB\-n\fR<N>, where <N> >= 2.
.TP
\fB\-o\fR, \fB\-\-frontend\-frame\-debug\fR
Print HTTP/2 frames in frontend to stderr. This
option is not thread safe and MUST NOT be used
with option \fB\-n\fR=\fI\,N\/\fR, where N >= 2.
.TP .TP
\fB\-D\fR, \fB\-\-daemon\fR \fB\-D\fR, \fB\-\-daemon\fR
Run in a background. If \fB\-D\fR is used, the Run in a background. If \fB\-D\fR is used, the current
current working directory is changed to '/'. working directory is changed to '/'.
.TP .TP
\fB\-\-pid\-file=\fR<PATH> \fB\-\-pid\-file=\fR<PATH>
Set path to save PID of this program. Set path to save PID of this program.
.TP .TP
\fB\-\-user=\fR<USER> \fB\-\-user=\fR<USER>
Run this program as USER. This option is Run this program as <USER>. This option is
intended to be used to drop root privileges. intended to be used to drop root privileges.
.TP .TP
\fB\-\-conf=\fR<PATH> \fB\-\-conf=\fR<PATH>
Load configuration from PATH. Load configuration from <PATH>.
Default: \fI/etc/nghttpx/nghttpx.conf\fP Default: \fI\,/etc/nghttpx/nghttpx.conf\/\fP
.TP .TP
\fB\-v\fR, \fB\-\-version\fR \fB\-v\fR, \fB\-\-version\fR
Print version and exit. Print version and exit.
@ -275,4 +382,5 @@ Print version and exit.
\fB\-h\fR, \fB\-\-help\fR \fB\-h\fR, \fB\-\-help\fR
Print this help and exit. Print this help and exit.
.SH "SEE ALSO" .SH "SEE ALSO"
nghttp(1), nghttpd(1)
nghttp(1), nghttpd(1), h2load(1)