nghttpx: Update doc for HTTP/1 TLS backend connections
This commit is contained in:
Tatsuhiro Tsujikawa
parent
2e38208d74
commit
6806196404
26
src/shrpx.cc
26
src/shrpx.cc
|
|
@ -1283,9 +1283,15 @@ Connections:
|
||||||
--accept-proxy-protocol
|
--accept-proxy-protocol
|
||||||
Accept PROXY protocol version 1 on frontend connection.
|
Accept PROXY protocol version 1 on frontend connection.
|
||||||
--backend-no-tls
|
--backend-no-tls
|
||||||
Disable SSL/TLS on backend connections.
|
Disable SSL/TLS on backend connections. For HTTP/2
|
||||||
|
backend connections, TLS is enabled by default. For
|
||||||
|
HTTP/1 backend connections, TLS is disabled by default,
|
||||||
|
and can be enabled by --backend-http1-tls option. If
|
||||||
|
both --backend-no-tls and --backend-http1-tls options
|
||||||
|
are used, --backend-no-tls has the precedence.
|
||||||
--backend-http1-tls
|
--backend-http1-tls
|
||||||
Enable SSL/TLS on backend HTTP/1 connections.
|
Enable SSL/TLS on backend HTTP/1 connections. See also
|
||||||
|
--backend-no-tls option.
|
||||||
|
|
||||||
Performance:
|
Performance:
|
||||||
-n, --workers=<N>
|
-n, --workers=<N>
|
||||||
|
|
@ -1435,16 +1441,14 @@ SSL/TLS:
|
||||||
Set allowed cipher list. The format of the string is
|
Set allowed cipher list. The format of the string is
|
||||||
described in OpenSSL ciphers(1).
|
described in OpenSSL ciphers(1).
|
||||||
-k, --insecure
|
-k, --insecure
|
||||||
Don't verify backend server's certificate if -p,
|
Don't verify backend server's certificate if TLS is
|
||||||
--client or --http2-bridge are given and
|
enabled for backend connections.
|
||||||
--backend-no-tls is not given.
|
|
||||||
--cacert=<PATH>
|
--cacert=<PATH>
|
||||||
Set path to trusted CA certificate file if -p, --client
|
Set path to trusted CA certificate file used in backend
|
||||||
or --http2-bridge are given and --backend-no-tls is not
|
TLS connections. The file must be in PEM format. It
|
||||||
given. The file must be in PEM format. It can contain
|
can contain multiple certificates. If the linked
|
||||||
multiple certificates. If the linked OpenSSL is
|
OpenSSL is configured to load system wide certificates,
|
||||||
configured to load system wide certificates, they are
|
they are loaded at startup regardless of this option.
|
||||||
loaded at startup regardless of this option.
|
|
||||||
--private-key-passwd-file=<PATH>
|
--private-key-passwd-file=<PATH>
|
||||||
Path to file that contains password for the server's
|
Path to file that contains password for the server's
|
||||||
private key. If none is given and the private key is
|
private key. If none is given and the private key is
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue