nghttpx: Use raw-string iteral to output help
This commit is contained in:
parent
e4dacb2f6f
commit
8ccb6e463d
611
src/shrpx.cc
611
src/shrpx.cc
|
@ -467,8 +467,8 @@ void print_version(std::ostream& out)
|
||||||
namespace {
|
namespace {
|
||||||
void print_usage(std::ostream& out)
|
void print_usage(std::ostream& out)
|
||||||
{
|
{
|
||||||
out << "Usage: nghttpx [OPTIONS]... [<PRIVATE_KEY> <CERT>]\n"
|
out << R"(Usage: nghttpx [OPTIONS]... [<PRIVATE_KEY> <CERT>]
|
||||||
<< "A reverse proxy for HTTP/2, HTTP/1 and SPDY." << std::endl;
|
A reverse proxy for HTTP/2, HTTP/1 and SPDY.)" << std::endl;
|
||||||
}
|
}
|
||||||
} // namespace
|
} // namespace
|
||||||
|
|
||||||
|
@ -476,313 +476,308 @@ namespace {
|
||||||
void print_help(std::ostream& out)
|
void print_help(std::ostream& out)
|
||||||
{
|
{
|
||||||
print_usage(out);
|
print_usage(out);
|
||||||
out << "\n"
|
out << R"(
|
||||||
<< " <PRIVATE_KEY> Set path to server's private key. Required\n"
|
<PRIVATE_KEY> Set path to server's private key. Required
|
||||||
<< " unless -p, --client or --frontend-no-tls\n"
|
unless -p, --client or --frontend-no-tls are
|
||||||
<< " are given.\n"
|
given.
|
||||||
<< " <CERT> Set path to server's certificate. Required\n"
|
<CERT> Set path to server's certificate. Required
|
||||||
<< " unless -p, --client or --frontend-no-tls\n"
|
unless -p, --client or --frontend-no-tls are
|
||||||
<< " are given.\n"
|
given.
|
||||||
<< "Options:\n"
|
Options:
|
||||||
<< " The options are categorized into several groups.\n"
|
The options are categorized into several groups.
|
||||||
<< "\n"
|
|
||||||
<< "Connections:\n"
|
Connections:
|
||||||
<< " -b, --backend=<HOST,PORT>\n"
|
-b, --backend=<HOST,PORT>
|
||||||
<< " Set backend host and port.\n"
|
Set backend host and port.
|
||||||
<< " Default: '"
|
Default: ')"
|
||||||
<< get_config()->downstream_host << ","
|
<< get_config()->downstream_host << ","
|
||||||
<< get_config()->downstream_port << "'\n"
|
<< get_config()->downstream_port << R"('
|
||||||
<< " -f, --frontend=<HOST,PORT>\n"
|
-f, --frontend=<HOST,PORT>
|
||||||
<< " Set frontend host and port.\n"
|
Set frontend host and port.
|
||||||
<< " Default: '"
|
Default: ')"
|
||||||
<< get_config()->host << "," << get_config()->port << "'\n"
|
<< get_config()->host << "," << get_config()->port << R"('
|
||||||
<< " --backlog=<NUM> Set listen backlog size. If -1 is given,\n"
|
--backlog=<NUM> Set listen backlog size. If -1 is given,
|
||||||
<< " libevent will choose suitable value.\n"
|
libevent will choose suitable value.
|
||||||
<< " Default: "
|
Default: )"
|
||||||
<< get_config()->backlog << "\n"
|
<< get_config()->backlog << R"(
|
||||||
<< " --backend-ipv4 Resolve backend hostname to IPv4 address\n"
|
--backend-ipv4 Resolve backend hostname to IPv4 address only.
|
||||||
<< " only.\n"
|
--backend-ipv6 Resolve backend hostname to IPv6 address only.
|
||||||
<< " --backend-ipv6 Resolve backend hostname to IPv6 address\n"
|
|
||||||
<< " only.\n"
|
Performance:
|
||||||
<< "\n"
|
-n, --workers=<CORES>
|
||||||
<< "Performance:\n"
|
Set the number of worker threads.
|
||||||
<< " -n, --workers=<CORES>\n"
|
Default: )"
|
||||||
<< " Set the number of worker threads.\n"
|
<< get_config()->num_worker << R"(
|
||||||
<< " Default: "
|
--read-rate=<RATE>
|
||||||
<< get_config()->num_worker << "\n"
|
Set maximum average read rate on frontend
|
||||||
<< " --read-rate=<RATE> Set maximum average read rate on frontend\n"
|
connection. Setting 0 to this option means read
|
||||||
<< " connection. Setting 0 to this option means\n"
|
rate is unlimited.
|
||||||
<< " read rate is unlimited.\n"
|
Default: )"
|
||||||
<< " Default: "
|
<< get_config()->read_rate << R"(
|
||||||
<< get_config()->read_rate << "\n"
|
--read-burst=<SIZE>
|
||||||
<< " --read-burst=<SIZE>\n"
|
Set maximum read burst size on frontend
|
||||||
<< " Set maximum read burst size on frontend\n"
|
connection. Setting 0 to this option means read
|
||||||
<< " connection. Setting 0 to this option means\n"
|
burst size is unlimited.
|
||||||
<< " read burst size is unlimited.\n"
|
Default: )"
|
||||||
<< " Default: "
|
<< get_config()->read_burst << R"(
|
||||||
<< get_config()->read_burst << "\n"
|
--write-rate=<RATE>
|
||||||
<< " --write-rate=<RATE>\n"
|
Set maximum average write rate on frontend
|
||||||
<< " Set maximum average write rate on frontend\n"
|
connection. Setting 0 to this option means write
|
||||||
<< " connection. Setting 0 to this option means\n"
|
rate is unlimited.
|
||||||
<< " write rate is unlimited.\n"
|
Default: )"
|
||||||
<< " Default: "
|
<< get_config()->write_rate << R"(
|
||||||
<< get_config()->write_rate << "\n"
|
--write-burst=<SIZE>
|
||||||
<< " --write-burst=<SIZE>\n"
|
Set maximum write burst size on frontend
|
||||||
<< " Set maximum write burst size on frontend\n"
|
connection. Setting 0 to this option means write
|
||||||
<< " connection. Setting 0 to this option means\n"
|
burst size is unlimited.
|
||||||
<< " write burst size is unlimited.\n"
|
Default: )"
|
||||||
<< " Default: "
|
<< get_config()->write_burst << R"(
|
||||||
<< get_config()->write_burst << "\n"
|
--worker-read-rate=<RATE>
|
||||||
<< " --worker-read-rate=<RATE>\n"
|
Set maximum average read rate on frontend
|
||||||
<< " Set maximum average read rate on frontend\n"
|
connection per worker. Setting 0 to this option
|
||||||
<< " connection per worker. Setting 0 to this\n"
|
means read rate is unlimited.
|
||||||
<< " option means read rate is unlimited.\n"
|
Default: )"
|
||||||
<< " Default: "
|
<< get_config()->worker_read_rate << R"(
|
||||||
<< get_config()->worker_read_rate << "\n"
|
--worker-read-burst=<SIZE>
|
||||||
<< " --worker-read-burst=<SIZE>\n"
|
Set maximum read burst size on frontend
|
||||||
<< " Set maximum read burst size on frontend\n"
|
connection per worker. Setting 0 to this option
|
||||||
<< " connection per worker. Setting 0 to this\n"
|
means read burst size is unlimited.
|
||||||
<< " option means read burst size is unlimited.\n"
|
Default: )"
|
||||||
<< " Default: "
|
<< get_config()->worker_read_burst << R"(
|
||||||
<< get_config()->worker_read_burst << "\n"
|
--worker-write-rate=<RATE>
|
||||||
<< " --worker-write-rate=<RATE>\n"
|
Set maximum average write rate on frontend
|
||||||
<< " Set maximum average write rate on frontend\n"
|
connection per worker. Setting 0 to this option
|
||||||
<< " connection per worker. Setting 0 to this\n"
|
means write rate is unlimited.
|
||||||
<< " option means write rate is unlimited.\n"
|
Default: )"
|
||||||
<< " Default: "
|
<< get_config()->worker_write_rate << R"(
|
||||||
<< get_config()->worker_write_rate << "\n"
|
--worker-write-burst=<SIZE>
|
||||||
<< " --worker-write-burst=<SIZE>\n"
|
Set maximum write burst size on frontend
|
||||||
<< " Set maximum write burst size on frontend\n"
|
connection per worker. Setting 0 to this option
|
||||||
<< " connection per worker. Setting 0 to this\n"
|
means write burst size is unlimited.
|
||||||
<< " option means write burst size is unlimited.\n"
|
Default: )"
|
||||||
<< " Default: "
|
<< get_config()->worker_write_burst << R"(
|
||||||
<< get_config()->worker_write_burst << "\n"
|
|
||||||
<< "\n"
|
Timeout:
|
||||||
<< "Timeout:\n"
|
--frontend-http2-read-timeout=<SEC>
|
||||||
<< " --frontend-http2-read-timeout=<SEC>\n"
|
Specify read timeout for HTTP/2 and SPDY frontend
|
||||||
<< " Specify read timeout for HTTP/2.0 and SPDY frontend\n"
|
connection.
|
||||||
<< " connection. Default: "
|
Default: )"
|
||||||
<< get_config()->http2_upstream_read_timeout.tv_sec << "\n"
|
<< get_config()->http2_upstream_read_timeout.tv_sec << R"(
|
||||||
<< " --frontend-read-timeout=<SEC>\n"
|
--frontend-read-timeout=<SEC>
|
||||||
<< " Specify read timeout for HTTP/1.1 frontend\n"
|
Specify read timeout for HTTP/1.1 frontend
|
||||||
<< " connection. Default: "
|
connection.
|
||||||
<< get_config()->upstream_read_timeout.tv_sec << "\n"
|
Default: )"
|
||||||
<< " --frontend-write-timeout=<SEC>\n"
|
<< get_config()->upstream_read_timeout.tv_sec << R"(
|
||||||
<< " Specify write timeout for all frontends.\n"
|
--frontend-write-timeout=<SEC>
|
||||||
<< " connection. Default: "
|
Specify write timeout for all frontend
|
||||||
<< get_config()->upstream_write_timeout.tv_sec << "\n"
|
connections.
|
||||||
<< " --backend-read-timeout=<SEC>\n"
|
Default: )"
|
||||||
<< " Specify read timeout for backend connection.\n"
|
<< get_config()->upstream_write_timeout.tv_sec << R"(
|
||||||
<< " Default: "
|
--backend-read-timeout=<SEC>
|
||||||
<< get_config()->downstream_read_timeout.tv_sec << "\n"
|
Specify read timeout for backend connection.
|
||||||
<< " --backend-write-timeout=<SEC>\n"
|
Default: )"
|
||||||
<< " Specify write timeout for backend\n"
|
<< get_config()->downstream_read_timeout.tv_sec << R"(
|
||||||
<< " connection. Default: "
|
--backend-write-timeout=<SEC>
|
||||||
<< get_config()->downstream_write_timeout.tv_sec << "\n"
|
Specify write timeout for backend connection.
|
||||||
<< " --backend-keep-alive-timeout=<SEC>\n"
|
Default: )"
|
||||||
<< " Specify keep-alive timeout for backend\n"
|
<< get_config()->downstream_write_timeout.tv_sec << R"(
|
||||||
<< " connection. Default: "
|
--backend-keep-alive-timeout=<SEC>
|
||||||
<< get_config()->downstream_idle_read_timeout.tv_sec << "\n"
|
Specify keep-alive timeout for backend
|
||||||
<< " --backend-http-proxy-uri=<URI>\n"
|
connection.
|
||||||
<< " Specify proxy URI in the form\n"
|
Default: )"
|
||||||
<< " http://[<USER>:<PASS>@]<PROXY>:<PORT>. If\n"
|
<< get_config()->downstream_idle_read_timeout.tv_sec << R"(
|
||||||
<< " a proxy requires authentication, specify\n"
|
--backend-http-proxy-uri=<URI>
|
||||||
<< " <USER> and <PASS>. Note that they must be\n"
|
Specify proxy URI in the form
|
||||||
<< " properly percent-encoded. This proxy is used\n"
|
http://[<USER>:<PASS>@]<PROXY>:<PORT>. If a
|
||||||
<< " when the backend connection is HTTP/2.0. First,\n"
|
proxy requires authentication, specify <USER> and
|
||||||
<< " make a CONNECT request to the proxy and\n"
|
<PASS>. Note that they must be properly
|
||||||
<< " it connects to the backend on behalf of\n"
|
percent-encoded. This proxy is used when the
|
||||||
<< " nghttpx. This forms tunnel. After that, nghttpx\n"
|
backend connection is HTTP/2. First, make a
|
||||||
<< " performs SSL/TLS handshake with the\n"
|
CONNECT request to the proxy and it connects to
|
||||||
<< " downstream through the tunnel. The timeouts\n"
|
the backend on behalf of nghttpx. This forms
|
||||||
<< " when connecting and making CONNECT request\n"
|
tunnel. After that, nghttpx performs SSL/TLS
|
||||||
<< " can be specified by --backend-read-timeout\n"
|
handshake with the downstream through the tunnel.
|
||||||
<< " and --backend-write-timeout options.\n"
|
The timeouts when connecting and making CONNECT
|
||||||
<< "\n"
|
request can be specified by
|
||||||
<< "SSL/TLS:\n"
|
--backend-read-timeout and
|
||||||
<< " --ciphers=<SUITE> Set allowed cipher list. The format of the\n"
|
--backend-write-timeout options.
|
||||||
<< " string is described in OpenSSL ciphers(1).\n"
|
|
||||||
<< " If this option is used, --honor-cipher-order\n"
|
SSL/TLS:
|
||||||
<< " is implicitly enabled.\n"
|
--ciphers=<SUITE> Set allowed cipher list. The format of the
|
||||||
<< " --honor-cipher-order\n"
|
string is described in OpenSSL ciphers(1). If
|
||||||
<< " Honor server cipher order, giving the\n"
|
this option is used, --honor-cipher-order is
|
||||||
<< " ability to mitigate BEAST attacks.\n"
|
implicitly enabled.
|
||||||
<< " -k, --insecure Don't verify backend server's certificate\n"
|
--honor-cipher-order
|
||||||
<< " if -p, --client or --http2-bridge are given\n"
|
Honor server cipher order, giving the ability to
|
||||||
<< " and --backend-no-tls is not given\n"
|
mitigate BEAST attacks.
|
||||||
<< " --cacert=<PATH> Set path to trusted CA certificate file\n"
|
-k, --insecure
|
||||||
<< " if -p, --client or --http2-bridge are given\n"
|
Don't verify backend server's certificate if -p,
|
||||||
<< " and --backend-no-tls is not given\n"
|
--client or --http2-bridge are given and
|
||||||
<< " The file must be in PEM format. It can\n"
|
--backend-no-tls is not given.
|
||||||
<< " contain multiple certificates. If the\n"
|
--cacert=<PATH> Set path to trusted CA certificate file if -p,
|
||||||
<< " linked OpenSSL is configured to load system\n"
|
--client or --http2-bridge are given and
|
||||||
<< " wide certificates, they are loaded\n"
|
--backend-no-tls is not given. The file must be
|
||||||
<< " at startup regardless of this option.\n"
|
in PEM format. It can contain multiple
|
||||||
<< " --private-key-passwd-file=<FILEPATH>\n"
|
certificates. If the linked OpenSSL is
|
||||||
<< " Path to file that contains password for the\n"
|
configured to load system wide certificates, they
|
||||||
<< " server's private key. If none is given and\n"
|
are loaded at startup regardless of this option.
|
||||||
<< " the private key is password protected it'll\n"
|
--private-key-passwd-file=<FILEPATH>
|
||||||
<< " be requested interactively.\n"
|
Path to file that contains password for the
|
||||||
<< " --subcert=<KEYPATH>:<CERTPATH>\n"
|
server's private key. If none is given and the
|
||||||
<< " Specify additional certificate and private\n"
|
private key is password protected it'll be
|
||||||
<< " key file. nghttpx will choose certificates\n"
|
requested interactively.
|
||||||
<< " based on the hostname indicated by client\n"
|
--subcert=<KEYPATH>:<CERTPATH>
|
||||||
<< " using TLS SNI extension. This option can be\n"
|
Specify additional certificate and private key
|
||||||
<< " used multiple times.\n"
|
file. nghttpx will choose certificates based on
|
||||||
<< " --backend-tls-sni-field=<HOST>\n"
|
the hostname indicated by client using TLS SNI
|
||||||
<< " Explicitly set the content of the TLS SNI\n"
|
extension. This option can be used multiple
|
||||||
<< " extension. This will default to the backend\n"
|
times.
|
||||||
<< " HOST name.\n"
|
--backend-tls-sni-field=<HOST>
|
||||||
<< " --dh-param-file=<PATH>\n"
|
Explicitly set the content of the TLS SNI
|
||||||
<< " Path to file that contains DH parameters in\n"
|
extension. This will default to the backend HOST
|
||||||
<< " PEM format. Without this option, DHE cipher\n"
|
name.
|
||||||
<< " suites are not available.\n"
|
--dh-param-file=<PATH>
|
||||||
<< " --npn-list=<LIST> Comma delimited list of NPN/ALPN protocol sorted\n"
|
Path to file that contains DH parameters in PEM
|
||||||
<< " in the order of preference. That means\n"
|
format. Without this option, DHE cipher suites
|
||||||
<< " most desirable protocol comes first.\n"
|
are not available.
|
||||||
<< " The parameter must be delimited by a single\n"
|
--npn-list=<LIST> Comma delimited list of NPN/ALPN protocol sorted
|
||||||
<< " comma only and any white spaces are treated\n"
|
in the order of preference. That means most
|
||||||
<< " as a part of protocol string.\n"
|
desirable protocol comes first. The parameter
|
||||||
<< " Default: " << DEFAULT_NPN_LIST << "\n"
|
must be delimited by a single comma only and any
|
||||||
<< " --verify-client Require and verify client certificate.\n"
|
white spaces are treated as a part of protocol
|
||||||
<< " --verify-client-cacert=<PATH>\n"
|
string.
|
||||||
<< " Path to file that contains CA certificates\n"
|
Default: )" << DEFAULT_NPN_LIST << R"(
|
||||||
<< " to verify client certificate.\n"
|
--verify-client Require and verify client certificate.
|
||||||
<< " The file must be in PEM format. It can\n"
|
--verify-client-cacert=<PATH>
|
||||||
<< " contain multiple certificates.\n"
|
Path to file that contains CA certificates to
|
||||||
<< " --client-private-key-file=<PATH>\n"
|
verify client certificate. The file must be in
|
||||||
<< " Path to file that contains client private\n"
|
PEM format. It can contain multiple
|
||||||
<< " key used in backend client authentication.\n"
|
certificates.
|
||||||
<< " --client-cert-file=<PATH>\n"
|
--client-private-key-file=<PATH>
|
||||||
<< " Path to file that contains client\n"
|
Path to file that contains client private key
|
||||||
<< " certificate used in backend client\n"
|
used in backend client authentication.
|
||||||
<< " authentication.\n"
|
--client-cert-file=<PATH>
|
||||||
<< " --tls-proto-list=<LIST>\n"
|
Path to file that contains client certificate
|
||||||
<< " Comma delimited list of SSL/TLS protocol to\n"
|
used in backend client authentication.
|
||||||
<< " be enabled.\n"
|
--tls-proto-list=<LIST>
|
||||||
<< " The following protocols are available:\n"
|
Comma delimited list of SSL/TLS protocol to be
|
||||||
<< " TLSv1.2, TLSv1.1, TLSv1.0, SSLv3\n"
|
enabled. The following protocols are available:
|
||||||
<< " The name matching is done in case-insensitive\n"
|
TLSv1.2, TLSv1.1, TLSv1.0 and SSLv3. The name
|
||||||
<< " manner.\n"
|
matching is done in case-insensitive manner. The
|
||||||
<< " The parameter must be delimited by a single\n"
|
parameter must be delimited by a single comma
|
||||||
<< " comma only and any white spaces are treated\n"
|
only and any white spaces are treated as a part
|
||||||
<< " as a part of protocol string.\n"
|
of protocol string.
|
||||||
<< " Default: " << DEFAULT_TLS_PROTO_LIST << "\n"
|
Default: )" << DEFAULT_TLS_PROTO_LIST << R"(
|
||||||
<< "\n"
|
|
||||||
<< "HTTP/2.0 and SPDY:\n"
|
HTTP/2 and SPDY:
|
||||||
<< " -c, --http2-max-concurrent-streams=<NUM>\n"
|
-c, --http2-max-concurrent-streams=<NUM>
|
||||||
<< " Set the maximum number of the concurrent\n"
|
Set the maximum number of the concurrent streams
|
||||||
<< " streams in one HTTP/2.0 and SPDY session.\n"
|
in one HTTP/2 and SPDY session.
|
||||||
<< " Default: "
|
Default: )"
|
||||||
<< get_config()->http2_max_concurrent_streams << "\n"
|
<< get_config()->http2_max_concurrent_streams << R"(
|
||||||
<< " --frontend-http2-window-bits=<N>\n"
|
--frontend-http2-window-bits=<N>
|
||||||
<< " Sets the per-stream initial window size of HTTP/2.0\n"
|
Sets the per-stream initial window size of HTTP/2
|
||||||
<< " SPDY frontend connection. For HTTP/2.0, the size is\n"
|
SPDY frontend connection. For HTTP/2, the size
|
||||||
<< " 2**<N>-1. For SPDY, the size is 2**<N>\n"
|
is 2**<N>-1. For SPDY, the size is 2**<N>.
|
||||||
<< " Default: "
|
Default: )"
|
||||||
<< get_config()->http2_upstream_window_bits << "\n"
|
<< get_config()->http2_upstream_window_bits << R"(
|
||||||
<< " --frontend-http2-connection-window-bits=<N>\n"
|
--frontend-http2-connection-window-bits=<N>
|
||||||
<< " Sets the per-connection window size of HTTP/2.0 and\n"
|
Sets the per-connection window size of HTTP/2 and
|
||||||
<< " SPDY frontend connection. For HTTP/2.0, the size is\n"
|
SPDY frontend connection. For HTTP/2, the size
|
||||||
<< " 2**<N>-1. For SPDY, the size is 2**<N>.\n"
|
is 2**<N>-1. For SPDY, the size is 2**<N>.
|
||||||
<< " Default: "
|
Default: )"
|
||||||
<< get_config()->http2_upstream_connection_window_bits << "\n"
|
<< get_config()->http2_upstream_connection_window_bits << R"(
|
||||||
<< " --frontend-no-tls Disable SSL/TLS on frontend connections.\n"
|
--frontend-no-tls Disable SSL/TLS on frontend connections.
|
||||||
<< " --backend-http2-window-bits=<N>\n"
|
--backend-http2-window-bits=<N>
|
||||||
<< " Sets the initial window size of HTTP/2.0 backend\n"
|
Sets the initial window size of HTTP/2 backend
|
||||||
<< " connection to 2**<N>-1.\n"
|
connection to 2**<N>-1.
|
||||||
<< " Default: "
|
Default: )"
|
||||||
<< get_config()->http2_downstream_window_bits << "\n"
|
<< get_config()->http2_downstream_window_bits << R"(
|
||||||
<< " --backend-http2-connection-window-bits=<N>\n"
|
--backend-http2-connection-window-bits=<N>
|
||||||
<< " Sets the per-connection window size of HTTP/2.0\n"
|
Sets the per-connection window size of HTTP/2
|
||||||
<< " backend connection to 2**<N>-1.\n"
|
backend connection to 2**<N>-1.
|
||||||
<< " Default: "
|
Default: )"
|
||||||
<< get_config()->http2_downstream_connection_window_bits << "\n"
|
<< get_config()->http2_downstream_connection_window_bits << R"(
|
||||||
<< " --backend-no-tls Disable SSL/TLS on backend connections.\n"
|
--backend-no-tls Disable SSL/TLS on backend connections.
|
||||||
<< " --http2-no-cookie-crumbling\n"
|
--http2-no-cookie-crumbling
|
||||||
<< " Don't crumble cookie header field.\n"
|
Don't crumble cookie header field.
|
||||||
<< " --padding=<N> Add at most <N> bytes to a HTTP/2 frame payload\n"
|
--padding=<N> Add at most <N> bytes to a HTTP/2 frame payload
|
||||||
<< " as padding.\n"
|
as padding. Specify 0 to disable padding. This
|
||||||
<< " Specify 0 to disable padding. This option is\n"
|
option is meant for debugging purpose and not
|
||||||
<< " meant for debugging purpose and not intended\n"
|
intended to enhance protocol security.
|
||||||
<< " to enhance protocol security.\n"
|
|
||||||
<< "\n"
|
Mode:
|
||||||
<< "Mode:\n"
|
(default mode) Accept HTTP/2, SPDY and HTTP/1.1 over SSL/TLS.
|
||||||
<< " (default mode) Accept HTTP/2.0, SPDY and HTTP/1.1 over\n"
|
If --frontend-no-tls is used, accept HTTP/2 and
|
||||||
<< " SSL/TLS. If --frontend-no-tls is used,\n"
|
HTTP/1.1. The incoming HTTP/1.1 connection can
|
||||||
<< " accept HTTP/2.0 and HTTP/1.1. The incoming\n"
|
be upgraded to HTTP/2 through HTTP Upgrade. The
|
||||||
<< " HTTP/1.1 connection can be upgraded to\n"
|
protocol to the backend is HTTP/1.1.
|
||||||
<< " HTTP/2.0 through HTTP Upgrade.\n"
|
-s, --http2-proxy Like default mode, but enable secure proxy mode.
|
||||||
<< " The protocol to the backend is HTTP/1.1.\n"
|
--http2-bridge Like default mode, but communicate with the
|
||||||
<< " -s, --http2-proxy Like default mode, but enable secure proxy mode.\n"
|
backend in HTTP/2 over SSL/TLS. Thus the
|
||||||
<< " --http2-bridge Like default mode, but communicate with the\n"
|
incoming all connections are converted to HTTP/2
|
||||||
<< " backend in HTTP/2.0 over SSL/TLS. Thus the\n"
|
connection and relayed to the backend. See
|
||||||
<< " incoming all connections are converted\n"
|
--backend-http-proxy-uri option if you are behind
|
||||||
<< " to HTTP/2.0 connection and relayed to\n"
|
the proxy and want to connect to the outside
|
||||||
<< " the backend. See --backend-http-proxy-uri\n"
|
HTTP/2 proxy.
|
||||||
<< " option if you are behind the proxy and want\n"
|
--client Accept HTTP/2 and HTTP/1.1 without SSL/TLS. The
|
||||||
<< " to connect to the outside HTTP/2.0 proxy.\n"
|
incoming HTTP/1.1 connection can be upgraded to
|
||||||
<< " --client Accept HTTP/2.0 and HTTP/1.1 without SSL/TLS.\n"
|
HTTP/2 connection through HTTP Upgrade. The
|
||||||
<< " The incoming HTTP/1.1 connection can be\n"
|
protocol to the backend is HTTP/2. To use
|
||||||
<< " upgraded to HTTP/2.0 connection through\n"
|
nghttpx as a forward proxy, use -p option
|
||||||
<< " HTTP Upgrade.\n"
|
instead.
|
||||||
<< " The protocol to the backend is HTTP/2.0.\n"
|
-p, --client-proxy
|
||||||
<< " To use nghttpx as a forward proxy, use -p\n"
|
Like --client option, but it also requires the
|
||||||
<< " option instead.\n"
|
request path from frontend must be an absolute
|
||||||
<< " -p, --client-proxy Like --client option, but it also requires\n"
|
URI, suitable for use as a forward proxy.
|
||||||
<< " the request path from frontend must be\n"
|
|
||||||
<< " an absolute URI, suitable for use as a\n"
|
Logging:
|
||||||
<< " forward proxy.\n"
|
-L, --log-level=<LEVEL>
|
||||||
<< "\n"
|
Set the severity level of log output. <LEVEL>
|
||||||
<< "Logging:\n"
|
must be one of INFO, WARNING, ERROR and FATAL.
|
||||||
<< " -L, --log-level=<LEVEL>\n"
|
Default: WARNING
|
||||||
<< " Set the severity level of log output.\n"
|
--accesslog Print simple accesslog to stderr.
|
||||||
<< " INFO, WARNING, ERROR and FATAL.\n"
|
--syslog Send log messages to syslog.
|
||||||
<< " Default: WARNING\n"
|
--syslog-facility=<FACILITY>
|
||||||
<< " --accesslog Print simple accesslog to stderr.\n"
|
Set syslog facility to <FACILITY>.
|
||||||
<< " --syslog Send log messages to syslog.\n"
|
Default: )"
|
||||||
<< " --syslog-facility=<FACILITY>\n"
|
<< str_syslog_facility(get_config()->syslog_facility) << R"(
|
||||||
<< " Set syslog facility.\n"
|
|
||||||
<< " Default: "
|
Misc:
|
||||||
<< str_syslog_facility(get_config()->syslog_facility) << "\n"
|
--add-x-forwarded-for
|
||||||
<< "\n"
|
Append X-Forwarded-For header field to the
|
||||||
<< "Misc:\n"
|
downstream request.
|
||||||
<< " --add-x-forwarded-for\n"
|
--no-via Don't append to Via header field. If Via header
|
||||||
<< " Append X-Forwarded-For header field to the\n"
|
field is received, it is left unaltered.
|
||||||
<< " downstream request.\n"
|
--frontend-http2-dump-request-header=<PATH>
|
||||||
<< " --no-via Don't append to Via header field. If Via\n"
|
Dumps request headers received by HTTP/2 frontend
|
||||||
<< " header field is received, it is left\n"
|
to the file denoted in <PATH>. The output is
|
||||||
<< " unaltered.\n"
|
done in HTTP/1 header field format and each
|
||||||
<< " --frontend-http2-dump-request-header=<PATH>\n"
|
header block is followed by an empty line. This
|
||||||
<< " Dumps request headers received by HTTP/2.0\n"
|
option is not thread safe and MUST NOT be used
|
||||||
<< " frontend to the file denoted in PATH.\n"
|
with option -n<N>, where <N> >= 2.
|
||||||
<< " The output is done in HTTP/1 header field\n"
|
--frontend-http2-dump-response-header=<PATH>
|
||||||
<< " format and each header block is followed by\n"
|
Dumps response headers sent from HTTP/2 frontend
|
||||||
<< " an empty line.\n"
|
to the file denoted in <PATH>. The output is
|
||||||
<< " This option is not thread safe and MUST NOT\n"
|
done in HTTP/1 header field format and each
|
||||||
<< " be used with option -n=N, where N >= 2.\n"
|
header block is followed by an empty line. This
|
||||||
<< " --frontend-http2-dump-response-header=<PATH>\n"
|
option is not thread safe and MUST NOT be used
|
||||||
<< " Dumps response headers sent from HTTP/2.0\n"
|
with option -n<N>, where <N> >= 2.
|
||||||
<< " frontend to the file denoted in PATH.\n"
|
-o, --frontend-frame-debug
|
||||||
<< " The output is done in HTTP/1 header field\n"
|
Print HTTP/2 frames in frontend to stderr. This
|
||||||
<< " format and each header block is followed by\n"
|
option is not thread safe and MUST NOT be used
|
||||||
<< " an empty line.\n"
|
with option -n=N, where N >= 2.
|
||||||
<< " This option is not thread safe and MUST NOT\n"
|
-D, --daemon
|
||||||
<< " be used with option -n=N, where N >= 2.\n"
|
Run in a background. If -D is used, the current
|
||||||
<< " -o, --frontend-frame-debug\n"
|
working directory is changed to '/'.
|
||||||
<< " Print HTTP/2 frames in frontend to stderr.\n"
|
--pid-file=<PATH> Set path to save PID of this program.
|
||||||
<< " This option is not thread safe and MUST NOT\n"
|
--user=<USER> Run this program as <USER>. This option is
|
||||||
<< " be used with option -n=N, where N >= 2.\n"
|
intended to be used to drop root privileges.
|
||||||
<< " -D, --daemon Run in a background. If -D is used, the\n"
|
--conf=<PATH> Load configuration from <PATH>.
|
||||||
<< " current working directory is changed to '/'.\n"
|
Default: )"
|
||||||
<< " --pid-file=<PATH> Set path to save PID of this program.\n"
|
<< get_config()->conf_path << R"(
|
||||||
<< " --user=<USER> Run this program as USER. This option is\n"
|
-v, --version Print version and exit.
|
||||||
<< " intended to be used to drop root privileges.\n"
|
-h, --help Print this help and exit.)"
|
||||||
<< " --conf=<PATH> Load configuration from PATH.\n"
|
|
||||||
<< " Default: "
|
|
||||||
<< get_config()->conf_path << "\n"
|
|
||||||
<< " -v, --version Print version and exit.\n"
|
|
||||||
<< " -h, --help Print this help and exit.\n"
|
|
||||||
<< std::endl;
|
<< std::endl;
|
||||||
}
|
}
|
||||||
} // namespace
|
} // namespace
|
||||||
|
|
Loading…
Reference in New Issue