Update man pages

This commit is contained in:
Tatsuhiro Tsujikawa 2016-02-07 21:24:11 +09:00
parent 92e66fc167
commit c8b6a79225
6 changed files with 166 additions and 55 deletions

View File

@ -1,6 +1,6 @@
.\" Man page generated from reStructuredText. .\" Man page generated from reStructuredText.
. .
.TH "H2LOAD" "1" "January 25, 2016" "1.7.0" "nghttp2" .TH "H2LOAD" "1" "February 07, 2016" "1.8.0-DEV" "nghttp2"
.SH NAME .SH NAME
h2load \- HTTP/2 benchmarking tool h2load \- HTTP/2 benchmarking tool
. .

View File

@ -1,6 +1,6 @@
.\" Man page generated from reStructuredText. .\" Man page generated from reStructuredText.
. .
.TH "NGHTTP" "1" "January 25, 2016" "1.7.0" "nghttp2" .TH "NGHTTP" "1" "February 07, 2016" "1.8.0-DEV" "nghttp2"
.SH NAME .SH NAME
nghttp \- HTTP/2 client nghttp \- HTTP/2 client
. .

View File

@ -1,6 +1,6 @@
.\" Man page generated from reStructuredText. .\" Man page generated from reStructuredText.
. .
.TH "NGHTTPD" "1" "January 25, 2016" "1.7.0" "nghttp2" .TH "NGHTTPD" "1" "February 07, 2016" "1.8.0-DEV" "nghttp2"
.SH NAME .SH NAME
nghttpd \- HTTP/2 server nghttpd \- HTTP/2 server
. .
@ -139,6 +139,17 @@ Make error response gzipped.
.UNINDENT .UNINDENT
.INDENT 0.0 .INDENT 0.0
.TP .TP
.B \-w, \-\-window\-bits=<N>
Sets the stream level initial window size to 2**<N>\-1.
.UNINDENT
.INDENT 0.0
.TP
.B \-W, \-\-connection\-window\-bits=<N>
Sets the connection level initial window size to
2**<N>\-1.
.UNINDENT
.INDENT 0.0
.TP
.B \-\-dh\-param\-file=<PATH> .B \-\-dh\-param\-file=<PATH>
Path to file that contains DH parameters in PEM format. Path to file that contains DH parameters in PEM format.
Without this option, DHE cipher suites are not Without this option, DHE cipher suites are not

View File

@ -104,6 +104,15 @@ OPTIONS
Make error response gzipped. Make error response gzipped.
.. option:: -w, --window-bits=<N>
Sets the stream level initial window size to 2\*\*<N>-1.
.. option:: -W, --connection-window-bits=<N>
Sets the connection level initial window size to
2\*\*<N>-1.
.. option:: --dh-param-file=<PATH> .. option:: --dh-param-file=<PATH>
Path to file that contains DH parameters in PEM format. Path to file that contains DH parameters in PEM format.

View File

@ -1,6 +1,6 @@
.\" Man page generated from reStructuredText. .\" Man page generated from reStructuredText.
. .
.TH "NGHTTPX" "1" "January 25, 2016" "1.7.0" "nghttp2" .TH "NGHTTPX" "1" "February 07, 2016" "1.8.0-DEV" "nghttp2"
.SH NAME .SH NAME
nghttpx \- HTTP/2 proxy nghttpx \- HTTP/2 proxy
. .
@ -121,7 +121,9 @@ Default: \fB127.0.0.1,80\fP
Set frontend host and port. If <HOST> is \(aq*\(aq, it Set frontend host and port. If <HOST> is \(aq*\(aq, it
assumes all addresses including both IPv4 and IPv6. assumes all addresses including both IPv4 and IPv6.
UNIX domain socket can be specified by prefixing path UNIX domain socket can be specified by prefixing path
name with "unix:" (e.g., unix:/var/run/nghttpx.sock) name with "unix:" (e.g., unix:/var/run/nghttpx.sock).
This option can be used multiple times to listen to
multiple addresses.
.sp .sp
Default: \fB*,3000\fP Default: \fB*,3000\fP
.UNINDENT .UNINDENT
@ -163,6 +165,22 @@ be specified by \fI\%\-\-backend\-read\-timeout\fP and
.B \-\-accept\-proxy\-protocol .B \-\-accept\-proxy\-protocol
Accept PROXY protocol version 1 on frontend connection. Accept PROXY protocol version 1 on frontend connection.
.UNINDENT .UNINDENT
.INDENT 0.0
.TP
.B \-\-backend\-no\-tls
Disable SSL/TLS on backend connections. For HTTP/2
backend connections, TLS is enabled by default. For
HTTP/1 backend connections, TLS is disabled by default,
and can be enabled by \fI\%\-\-backend\-http1\-tls\fP option. If
both \fI\%\-\-backend\-no\-tls\fP and \fI\%\-\-backend\-http1\-tls\fP options
are used, \fI\%\-\-backend\-no\-tls\fP has the precedence.
.UNINDENT
.INDENT 0.0
.TP
.B \-\-backend\-http1\-tls
Enable SSL/TLS on backend HTTP/1 connections. See also
\fI\%\-\-backend\-no\-tls\fP option.
.UNINDENT
.SS Performance .SS Performance
.INDENT 0.0 .INDENT 0.0
.TP .TP
@ -396,19 +414,17 @@ described in OpenSSL ciphers(1).
.INDENT 0.0 .INDENT 0.0
.TP .TP
.B \-k, \-\-insecure .B \-k, \-\-insecure
Don\(aqt verify backend server\(aqs certificate if \fI\%\-p\fP, Don\(aqt verify backend server\(aqs certificate if TLS is
\fI\%\-\-client\fP or \fI\%\-\-http2\-bridge\fP are given and enabled for backend connections.
\fI\%\-\-backend\-no\-tls\fP is not given.
.UNINDENT .UNINDENT
.INDENT 0.0 .INDENT 0.0
.TP .TP
.B \-\-cacert=<PATH> .B \-\-cacert=<PATH>
Set path to trusted CA certificate file if \fI\%\-p\fP, \fI\%\-\-client\fP Set path to trusted CA certificate file used in backend
or \fI\%\-\-http2\-bridge\fP are given and \fI\%\-\-backend\-no\-tls\fP is not TLS connections. The file must be in PEM format. It
given. The file must be in PEM format. It can contain can contain multiple certificates. If the linked
multiple certificates. If the linked OpenSSL is OpenSSL is configured to load system wide certificates,
configured to load system wide certificates, they are they are loaded at startup regardless of this option.
loaded at startup regardless of this option.
.UNINDENT .UNINDENT
.INDENT 0.0 .INDENT 0.0
.TP .TP
@ -616,6 +632,21 @@ TLS HTTP/2 backends.
.sp .sp
Default: \fB1s\fP Default: \fB1s\fP
.UNINDENT .UNINDENT
.INDENT 0.0
.TP
.B \-\-no\-http2\-cipher\-black\-list
Allow black listed cipher suite on HTTP/2 connection.
See \fI\%https://tools.ietf.org/html/rfc7540#appendix\-A\fP for
the complete HTTP/2 cipher suites black list.
.UNINDENT
.INDENT 0.0
.TP
.B \-\-backend\-tls\-session\-cache\-per\-worker=<N>
Set the maximum number of backend TLS session cache
stored per worker.
.sp
Default: \fB10000\fP
.UNINDENT
.SS HTTP/2 and SPDY .SS HTTP/2 and SPDY
.INDENT 0.0 .INDENT 0.0
.TP .TP
@ -666,11 +697,6 @@ Default: \fB16\fP
.UNINDENT .UNINDENT
.INDENT 0.0 .INDENT 0.0
.TP .TP
.B \-\-backend\-no\-tls
Disable SSL/TLS on backend connections.
.UNINDENT
.INDENT 0.0
.TP
.B \-\-http2\-no\-cookie\-crumbling .B \-\-http2\-no\-cookie\-crumbling
Don\(aqt crumble cookie header field. Don\(aqt crumble cookie header field.
.UNINDENT .UNINDENT
@ -868,11 +894,12 @@ Specify the parameter value sent out with "by" parameter
of Forwarded header field. If "obfuscated" is given, of Forwarded header field. If "obfuscated" is given,
the string is randomly generated at startup. If "ip" is the string is randomly generated at startup. If "ip" is
given, the interface address of the connection, given, the interface address of the connection,
including port number, is sent with "by" parameter. including port number, is sent with "by" parameter. In
User can also specify the static obfuscated string. The case of UNIX domain socket, "localhost" is used instead
limitation is that it must start with "_", and only of address and port. User can also specify the static
consists of character set [A\-Za\-z0\-9._\-], as described obfuscated string. The limitation is that it must start
in RFC 7239. with "_", and only consists of character set
[A\-Za\-z0\-9._\-], as described in RFC 7239.
.sp .sp
Default: \fBobfuscated\fP Default: \fBobfuscated\fP
.UNINDENT .UNINDENT
@ -884,7 +911,8 @@ parameter of Forwarded header field. If "obfuscated" is
given, the string is randomly generated for each client given, the string is randomly generated for each client
connection. If "ip" is given, the remote client address connection. If "ip" is given, the remote client address
of the connection, without port number, is sent with of the connection, without port number, is sent with
"for" parameter. "for" parameter. In case of UNIX domain socket,
"localhost" is used instead of address.
.sp .sp
Default: \fBobfuscated\fP Default: \fBobfuscated\fP
.UNINDENT .UNINDENT
@ -940,22 +968,42 @@ Example: \fI\%\-\-add\-response\-header\fP="foo: bar"
.UNINDENT .UNINDENT
.INDENT 0.0 .INDENT 0.0
.TP .TP
.B \-\-header\-field\-buffer=<SIZE> .B \-\-request\-header\-field\-buffer=<SIZE>
Set maximum buffer size for incoming HTTP request header Set maximum buffer size for incoming HTTP request header
field list. This is the sum of header name and value in field list. This is the sum of header name and value in
bytes. bytes. If trailer fields exist, they are counted
towards this number.
.sp .sp
Default: \fB64K\fP Default: \fB64K\fP
.UNINDENT .UNINDENT
.INDENT 0.0 .INDENT 0.0
.TP .TP
.B \-\-max\-header\-fields=<N> .B \-\-max\-request\-header\-fields=<N>
Set maximum number of incoming HTTP request header Set maximum number of incoming HTTP request header
fields, which appear in one request or response header fields. If trailer fields exist, they are counted
field list. towards this number.
.sp .sp
Default: \fB100\fP Default: \fB100\fP
.UNINDENT .UNINDENT
.INDENT 0.0
.TP
.B \-\-response\-header\-field\-buffer=<SIZE>
Set maximum buffer size for incoming HTTP response
header field list. This is the sum of header name and
value in bytes. If trailer fields exist, they are
counted towards this number.
.sp
Default: \fB64K\fP
.UNINDENT
.INDENT 0.0
.TP
.B \-\-max\-response\-header\-fields=<N>
Set maximum number of incoming HTTP response header
fields. If trailer fields exist, they are counted
towards this number.
.sp
Default: \fB500\fP
.UNINDENT
.SS Debug .SS Debug
.INDENT 0.0 .INDENT 0.0
.TP .TP

View File

@ -104,7 +104,9 @@ Connections
Set frontend host and port. If <HOST> is '\*', it Set frontend host and port. If <HOST> is '\*', it
assumes all addresses including both IPv4 and IPv6. assumes all addresses including both IPv4 and IPv6.
UNIX domain socket can be specified by prefixing path UNIX domain socket can be specified by prefixing path
name with "unix:" (e.g., unix:/var/run/nghttpx.sock) name with "unix:" (e.g., unix:/var/run/nghttpx.sock).
This option can be used multiple times to listen to
multiple addresses.
Default: ``*,3000`` Default: ``*,3000``
@ -141,6 +143,20 @@ Connections
Accept PROXY protocol version 1 on frontend connection. Accept PROXY protocol version 1 on frontend connection.
.. option:: --backend-no-tls
Disable SSL/TLS on backend connections. For HTTP/2
backend connections, TLS is enabled by default. For
HTTP/1 backend connections, TLS is disabled by default,
and can be enabled by :option:`--backend-http1-tls` option. If
both :option:`--backend-no-tls` and :option:`\--backend-http1-tls` options
are used, :option:`--backend-no-tls` has the precedence.
.. option:: --backend-http1-tls
Enable SSL/TLS on backend HTTP/1 connections. See also
:option:`--backend-no-tls` option.
Performance Performance
~~~~~~~~~~~ ~~~~~~~~~~~
@ -354,18 +370,16 @@ SSL/TLS
.. option:: -k, --insecure .. option:: -k, --insecure
Don't verify backend server's certificate if :option:`-p`\, Don't verify backend server's certificate if TLS is
:option:`--client` or :option:`\--http2-bridge` are given and enabled for backend connections.
:option:`--backend-no-tls` is not given.
.. option:: --cacert=<PATH> .. option:: --cacert=<PATH>
Set path to trusted CA certificate file if :option:`-p`\, :option:`--client` Set path to trusted CA certificate file used in backend
or :option:`--http2-bridge` are given and :option:`\--backend-no-tls` is not TLS connections. The file must be in PEM format. It
given. The file must be in PEM format. It can contain can contain multiple certificates. If the linked
multiple certificates. If the linked OpenSSL is OpenSSL is configured to load system wide certificates,
configured to load system wide certificates, they are they are loaded at startup regardless of this option.
loaded at startup regardless of this option.
.. option:: --private-key-passwd-file=<PATH> .. option:: --private-key-passwd-file=<PATH>
@ -551,6 +565,19 @@ SSL/TLS
Default: ``1s`` Default: ``1s``
.. option:: --no-http2-cipher-black-list
Allow black listed cipher suite on HTTP/2 connection.
See https://tools.ietf.org/html/rfc7540#appendix-A for
the complete HTTP/2 cipher suites black list.
.. option:: --backend-tls-session-cache-per-worker=<N>
Set the maximum number of backend TLS session cache
stored per worker.
Default: ``10000``
HTTP/2 and SPDY HTTP/2 and SPDY
~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~
@ -596,10 +623,6 @@ HTTP/2 and SPDY
Default: ``16`` Default: ``16``
.. option:: --backend-no-tls
Disable SSL/TLS on backend connections.
.. option:: --http2-no-cookie-crumbling .. option:: --http2-no-cookie-crumbling
Don't crumble cookie header field. Don't crumble cookie header field.
@ -773,11 +796,12 @@ HTTP
of Forwarded header field. If "obfuscated" is given, of Forwarded header field. If "obfuscated" is given,
the string is randomly generated at startup. If "ip" is the string is randomly generated at startup. If "ip" is
given, the interface address of the connection, given, the interface address of the connection,
including port number, is sent with "by" parameter. including port number, is sent with "by" parameter. In
User can also specify the static obfuscated string. The case of UNIX domain socket, "localhost" is used instead
limitation is that it must start with "_", and only of address and port. User can also specify the static
consists of character set [A-Za-z0-9._-], as described obfuscated string. The limitation is that it must start
in RFC 7239. with "_", and only consists of character set
[A-Za-z0-9._-], as described in RFC 7239.
Default: ``obfuscated`` Default: ``obfuscated``
@ -788,7 +812,8 @@ HTTP
given, the string is randomly generated for each client given, the string is randomly generated for each client
connection. If "ip" is given, the remote client address connection. If "ip" is given, the remote client address
of the connection, without port number, is sent with of the connection, without port number, is sent with
"for" parameter. "for" parameter. In case of UNIX domain socket,
"localhost" is used instead of address.
Default: ``obfuscated`` Default: ``obfuscated``
@ -836,22 +861,40 @@ HTTP
used several times to specify multiple header fields. used several times to specify multiple header fields.
Example: :option:`--add-response-header`\="foo: bar" Example: :option:`--add-response-header`\="foo: bar"
.. option:: --header-field-buffer=<SIZE> .. option:: --request-header-field-buffer=<SIZE>
Set maximum buffer size for incoming HTTP request header Set maximum buffer size for incoming HTTP request header
field list. This is the sum of header name and value in field list. This is the sum of header name and value in
bytes. bytes. If trailer fields exist, they are counted
towards this number.
Default: ``64K`` Default: ``64K``
.. option:: --max-header-fields=<N> .. option:: --max-request-header-fields=<N>
Set maximum number of incoming HTTP request header Set maximum number of incoming HTTP request header
fields, which appear in one request or response header fields. If trailer fields exist, they are counted
field list. towards this number.
Default: ``100`` Default: ``100``
.. option:: --response-header-field-buffer=<SIZE>
Set maximum buffer size for incoming HTTP response
header field list. This is the sum of header name and
value in bytes. If trailer fields exist, they are
counted towards this number.
Default: ``64K``
.. option:: --max-response-header-fields=<N>
Set maximum number of incoming HTTP response header
fields. If trailer fields exist, they are counted
towards this number.
Default: ``500``
Debug Debug
~~~~~ ~~~~~