Update doc

This commit is contained in:
Tatsuhiro Tsujikawa 2016-03-25 01:57:00 +09:00
parent a46c815e4e
commit f6b78a027c
1 changed files with 62 additions and 31 deletions

View File

@ -24,21 +24,22 @@ server's private key and certificate must be supplied to the command
line (or through configuration file). In this case, the frontend
protocol selection will be done via ALPN or NPN.
With :option:`--frontend-no-tls` option, user can turn off SSL/TLS in
frontend connection. In this case, SPDY protocol is not available
even if spdylay library is liked to nghttpx. HTTP/2 and HTTP/1 are
available on the frontend, and an HTTP/1 connection can be upgraded to
HTTP/2 using HTTP Upgrade. Starting HTTP/2 connection by sending
HTTP/2 connection preface is also supported.
To turn off encryption on frontend connection, use ``no-tls`` keyword
in :option:`--frontend` option. In this case, SPDY protocol is not
available even if spdylay library is liked to nghttpx. HTTP/2 and
HTTP/1 are available on the frontend, and an HTTP/1 connection can be
upgraded to HTTP/2 using HTTP Upgrade. Starting HTTP/2 connection by
sending HTTP/2 connection preface is also supported.
By default, backend connections are not encrypted. To enable TLS
encryption on backend connections, use :option:`--backend-tls` option.
Using patterns and ``proto`` keyword in :option:`--backend` option,
backend application protocol can be specified per host/request path
pattern. It means that you can use both HTTP/2 and HTTP/1 in backend
connections at the same time. Note that default backend protocol is
HTTP/1.1. To use HTTP/2 in backend, you have to specify ``h2`` in
``proto`` keyword in :option:`--backend` explicitly.
encryption on backend connections, use ``tls`` keyword in
:option:`--backend` option. Using patterns and ``proto`` keyword in
:option:`--backend` option, backend application protocol can be
specified per host/request path pattern. It means that you can use
both HTTP/2 and HTTP/1 in backend connections at the same time. Note
that default backend protocol is HTTP/1.1. To use HTTP/2 in backend,
you have to specify ``h2`` in ``proto`` keyword in :option:`--backend`
explicitly.
The backend is supposed to be Web server. For example, to make
nghttpx listen to encrypted HTTP/2 requests at port 8443, and a
@ -66,8 +67,8 @@ By default, frontend connection is encrypted. So this mode is also
called secure proxy. If nghttpx is linked with spdylay, it supports
SPDY protocols and it works as so called SPDY proxy.
With :option:`--frontend-no-tls` option, SSL/TLS is turned off in
frontend connection, so the connection gets insecure.
To turn off encryption on frontend connection, use ``no-tls`` keyword
in :option:`--frontend` option.
The backend must be HTTP proxy server. nghttpx supports multiple
backend server addresses. It translates incoming requests to HTTP
@ -76,10 +77,10 @@ work for each request, for example, dispatching requests to the origin
server and caching contents.
The backend connection is not encrypted by default. To enable
encryption, use :option:`--backend-tls` option. The default backend
protocol is HTTP/1.1. To use HTTP/2 in backend connection, use
:option:`--backend` option, and specify ``h2`` in ``proto`` keyword
explicitly.
encryption, use ``tls`` keyword in :option:`--backend` option. The
default backend protocol is HTTP/1.1. To use HTTP/2 in backend
connection, use :option:`--backend` option, and specify ``h2`` in
``proto`` keyword explicitly.
For example, to make nghttpx listen to encrypted HTTP/2 requests at
port 8443, and a backend HTTP proxy server is configured to listen to
@ -133,15 +134,15 @@ Disable frontend SSL/TLS
------------------------
The frontend connections are encrypted with SSL/TLS by default. To
turn off SSL/TLS, use :option:`--frontend-no-tls` option. If this
option is used, the private key and certificate are not required to
run nghttpx.
turn off SSL/TLS, use ``no-tls`` keyword in :option:`--frontend`
option. If this option is used, the private key and certificate are
not required to run nghttpx.
Enable backend SSL/TLS
----------------------
The backend connections are not encrypted by default. To enable
SSL/TLS encryption, :option:`--backend-tls` option.
SSL/TLS encryption, use ``tls`` keyword in :option:`--backend` option.
Enable SSL/TLS on memcached connection
--------------------------------------
@ -308,18 +309,48 @@ requests, do this:
Note that the backends share the same pattern must have the same
backend protocol. The default backend protocol is HTTP/1.1.
TLS can be enabed per pattern basis:
.. code-block:: text
backend=serv1,8443;/;proto=h2;tls
backend=serv2,8080;/ws/;proto=http/1.1
In the above case, connection to serv1 will be encrypted by TLS. On
the other hand, connection to serv2 will not be encrypted by TLS.
Deprecated modes
----------------
As of nghttpx 1.9.0, ``--http2-bridge``, ``--client`` and
``--client-proxy`` options were removed. These functionality can be
used using combinations of options.
``--client-proxy`` options have been removed. These functionality can
be used using combinations of options.
* ``--http2-bridge``: Use ``--backend='<ADDR>,<PORT>;;proto=h2'``, and
``--backend-tls``.
* ``--http2-bridge``: Use ``--backend='<ADDR>,<PORT>;;proto=h2;tls'``.
* ``--client``: Use ``--frontend-no-tls``,
``--backend='<ADDR>,<PORT>;;proto=h2'``, and ``--backend-tls``.
* ``--client``: Use ``--frontend='*,3000;no-tls'``,
``--backend='<ADDR>,<PORT>;;proto=h2;tls'``.
* ``--client-proxy``: Use ``--http2-proxy``, ``--frontend-no-tls``,
``--backend='<ADDR>,<PORT>;;proto=h2'``, and ``--backend-tls``.
* ``--client-proxy``: Use ``--http2-proxy``,
``--frontend='*,3000;no-tls'``,
``--backend='<ADDR>,<PORT>;;proto=h2;tls'``.
--frontend-no-tls and --backend-tls
-----------------------------------
As of nghttpx 1.9.0, ``--frontend-no-tls`` and ``--backend-tls`` have
been removed.
To disable encryption on frontend connection, use ``no-tls`` keyword
in :option:`--frontend` potion:
.. code-block:: text
frontend=*,3000;no-tls
To enable encryption on backend connection, use ``tls`` keyword in
:option:`--backend` option:
.. code-block:: text
backend=127.0.0.1,8080;tls