diff options
Diffstat (limited to '')
| -rw-r--r-- | web/server/h2o/libh2o/doc/configure/proxy_directives.html | 535 |
1 files changed, 535 insertions, 0 deletions
diff --git a/web/server/h2o/libh2o/doc/configure/proxy_directives.html b/web/server/h2o/libh2o/doc/configure/proxy_directives.html new file mode 100644 index 00000000..6b8bb7e0 --- /dev/null +++ b/web/server/h2o/libh2o/doc/configure/proxy_directives.html @@ -0,0 +1,535 @@ +<!DOCTYPE html> +<html> +<head> +<meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> +<meta name="viewport" content="width=device-width,initial-scale=1,user-scalable=no" /> +<base href="../" /> + +<!-- oktavia --> +<link rel="stylesheet" href="assets/searchstyle.css" type="text/css" /> +<script src="search/jquery-1.9.1.min.js"></script> +<script src="search/oktavia-jquery-ui.js"></script> +<script src="search/oktavia-english-search.js"></script> +<!-- /oktavia --> + +<link rel="stylesheet" href="assets/style.css" type="text/css" /> + +<title>Proxy Directives - Configure - H2O - the optimized HTTP/2 server</title> +</head> +<body> +<div id="body"> +<div id="top"> + +<h1> +<a href="index.html">H2O</a> +</h1> +<p class="description">the optimized HTTP/1.x, HTTP/2 server</p> + +<!-- oktavia --> +<form id="searchform"> +<input class="search" type="search" name="search" id="search" results="5" value="" placeholder="Search" /> +<div id="searchresult_box"> +<div id="close_search_box">×</div> +<div id="searchresult_summary"></div> +<div id="searchresult"></div> +<div id="searchresult_nav"></div> +<span class="pr">Powered by <a href="https://github.com/shibukawa/oktavia">Oktavia</a></span> +</div> +</form> +<!-- /oktavia --> + +</div> + +<table id="menu"> +<tr> +<td><a href="index.html">Top</a></td> +<td><a href="install.html">Install</a></td> +<td class="selected">Configure</td> +<td><a href="faq.html">FAQ</a></td> +<td><a href="http://blog.kazuhooku.com/search/label/H2O" target="_blank">Blog</a></td> +<td><a href="http://github.com/h2o/h2o/" target="_blank">Source</a></td> +</tr> +</table> + +<div id="main"> + +<h2> +<a href="configure.html">Configure</a> > +Proxy Directives +</h2> + + +<p> +Proxy module is the reverse proxy implementation for H2O - it implements a HTTP client that forwards a HTTP request to an upstream server. +</p> +<p> +When forwarding the requests, the module sets following request headers: +<ul> +<li><a href="https://tools.ietf.org/html/rfc7230#section-5.7.1">via</a></li> +<li><a href="http://docs.aws.amazon.com/ElasticLoadBalancing/latest/DeveloperGuide/x-forwarded-headers.html#x-forwarded-for">x-forwarded-for</a></li> +<li><a href="http://docs.aws.amazon.com/ElasticLoadBalancing/latest/DeveloperGuide/x-forwarded-headers.html#x-forwarded-proto">x-forwarded-proto</a></li> +</ul> +</p> +<p> +The HTTP client only supports HTTP/1. +Support for HTTPS has been introduced in version 2.0. +</p> +<p> +Following sections describe the configuration directives defined for the module. +</p> + +<div id="proxy.reverse.url" class="directive-head"> +<h3><a href="configure/proxy_directives.html#proxy.reverse.url"><code>"proxy.reverse.url"</code></a></h3> +</div> + +<dl class="directive-desc"> +<dt>Description:</dt> +<dd> +<p> +Forwards the requests to the specified URL, and proxies the response. +</p> + +<div class="example"> +<div class="caption">Example. Forwarding the requests to application server running on <code>127.0.0.1:8080</code></div> +<pre><code>proxy.reverse.url: "http://127.0.0.1:8080/" +</code></pre> +</div> + +<p> +If you want load balancing multiple backends, replace 127.0.0.1 with hostname which returns IP addresses via DNS or /etc/hosts. +</p> +<p> +In addition to TCP/IP over IPv4 and IPv6, the proxy handler can also connect to an HTTP server listening to a Unix socket. +Path to the unix socket should be surrounded by square brackets, and prefixed with <code>unix:</code> (e.g. <code>http://[unix:/path/to/socket]/path</code>). +</p> + + +</dd> +<dt><a href="configure/syntax_and_structure.html#config_levels">Level</a>:</dt> +<dd>path</dd> +</dl> + +<div id="proxy.preserve-host" class="directive-head"> +<h3><a href="configure/proxy_directives.html#proxy.preserve-host"><code>"proxy.preserve-host"</code></a></h3> +</div> + +<dl class="directive-desc"> +<dt>Description:</dt> +<dd> +<p> +A boolean flag (<code>ON</code> or <code>OFF</code>) designating whether or not to pass <code>Host</code> header from incoming request to upstream. +</p> + +</dd> +<dt><a href="configure/syntax_and_structure.html#config_levels">Level</a>:</dt> +<dd>global, host, path, extension</dd> +<dt>Default:</dt> +<dd><code><pre>proxy.preserve-host: OFF</pre></code> +</dl> + + +<div id="proxy.preserve-x-forwarded-proto" class="directive-head"> +<div class="directive-since">since v2.0</div> +<h3><a href="configure/proxy_directives.html#proxy.preserve-x-forwarded-proto"><code>"proxy.preserve-x-forwarded-proto"</code></a></h3> +</div> + +<dl class="directive-desc"> +<dt>Description:</dt> +<dd> +<p> +A boolean flag(<code>ON</code> or <code>OFF</code>) indicating if the server preserve the received <code>x-forwarded-proto</code> request header. +</p> + +<p> +By default, when transmitting a HTTP request to an upstream HTTP server, H2O removes the received <code>x-forwarded-proto</code> request header and sends its own, as a precaution measure to prevent an attacker connecting through HTTP to lie that they are connected via HTTPS. +However in case H2O is run behind a trusted HTTPS proxy, such protection might not be desirable, and this configuration directive can be used to modify the behaviour. +</p> + +</dd> +<dt><a href="configure/syntax_and_structure.html#config_levels">Level</a>:</dt> +<dd>global</dd> +<dt>Default:</dt> +<dd><code><pre>proxy.preserve-x-forwarded-proto: OFF</pre></code> +</dl> + +<div id="proxy.proxy-protocol" class="directive-head"> +<div class="directive-since">since v2.1</div> +<h3><a href="configure/proxy_directives.html#proxy.proxy-protocol"><code>"proxy.proxy-protocol"</code></a></h3> +</div> + +<dl class="directive-desc"> +<dt>Description:</dt> +<dd> +<p> +A boolean flag (<code>ON</code> or <code>OFF</code>) indicating if <a href="http://www.haproxy.org/download/1.5/doc/proxy-protocol.txt" target="_blank">PROXY protocol</a> should be used when connecting to the application server. +</p> + +<p> +When using the PROXY protocol, connections to the application server cannot be persistent (i.e. <a href="configure/proxy_directives.html#proxy.timeout.keepalive"><code>proxy.timeout.keepalive</code></a> must be set to zero). +</p> + +</dd> +<dt><a href="configure/syntax_and_structure.html#config_levels">Level</a>:</dt> +<dd>global, host, path, extension</dd> +<dt>Default:</dt> +<dd><code><pre>proxy.proxy-protocol: OFF</pre></code> +<dt>See also:</dt> +<dd><a href="configure/proxy_directives.html#proxy.timeout.keepalive"><code>proxy.timeout.keepalive</code></a> +</dd> +</dl> + +<div id="proxy.emit-x-forwarded-headers" class="directive-head"> +<div class="directive-since">since v2.1</div> +<h3><a href="configure/proxy_directives.html#proxy.emit-x-forwarded-headers"><code>"proxy.emit-x-forwarded-headers"</code></a></h3> +</div> + +<dl class="directive-desc"> +<dt>Description:</dt> +<dd> +<p> +A boolean flag(<code>ON</code> or <code>OFF</code>) indicating if the server will append or add the <code>x-forwarded-proto</code> and <code>x-forwarded-for</code> request headers. +</p> + +<p> +By default, when forwarding an HTTP request H2O sends its own <code>x-forwarded-proto</code> and <code>x-forwarded-for</code> request headers (or might append its value in the <code>x-forwarded-proto</code> case, see <code>proxy.preserve-x-forwarded-proto</code>). This might not be always desirable. Please keep in mind security implications when setting this of <code>OFF</code>, since it might allow an attacker to spoof the originator or the protocol of a request. +</p> + +</dd> +<dt><a href="configure/syntax_and_structure.html#config_levels">Level</a>:</dt> +<dd>global</dd> +<dt>Default:</dt> +<dd><code><pre>proxy.emit-x-forwarded-headers: ON</pre></code> +<dt>See also:</dt> +<dd><a href="configure/proxy_directives.html#proxy.emit-via-header"><code>proxy.emit-via-header</code></a> +</dd> +</dl> + +<div id="proxy.emit-via-header" class="directive-head"> +<div class="directive-since">since v2.2</div> +<h3><a href="configure/proxy_directives.html#proxy.emit-via-header"><code>"proxy.emit-via-header"</code></a></h3> +</div> + +<dl class="directive-desc"> +<dt>Description:</dt> +<dd> +<p> +A boolean flag (<code>ON</code> or <code>OFF</code>) indicating if the server adds or appends an entry to the <code>via</code> request header. +</p> + +</dd> +<dt><a href="configure/syntax_and_structure.html#config_levels">Level</a>:</dt> +<dd>global</dd> +<dt>Default:</dt> +<dd><code><pre>proxy.emit-via-header: ON</pre></code> +<dt>See also:</dt> +<dd><a href="configure/proxy_directives.html#proxy.emit-x-forwarded-headers"><code>proxy.emit-x-forwarded-headers</code></a> +</dd> +</dl> + + +<div id="proxy.header.add" class="directive-head"> +<div class="directive-since">since v2.2</div> +<h3><a href="configure/proxy_directives.html#proxy.header.add"><code>"proxy.header.add"</code></a></h3> +</div> + +<dl class="directive-desc"> +<dt>Description:</dt> +<dd> +<p> +Modifies the request headers sent to the application server. +</p> + +<p> +The behavior is identical to <a href="configure/headers_directives.html#header.add"><code>header.add</code></a> except for the fact that it affects the request sent to the application server. +Please refer to the documentation of the <a href="configure/headers_directives.html">headers handler</a> to see how the directives can be used to mangle the headers. +</p> + +</dd> +<dt><a href="configure/syntax_and_structure.html#config_levels">Level</a>:</dt> +<dd>global, host, path, extensions</dd> +</dl> +<div id="proxy.header.append" class="directive-head"> +<div class="directive-since">since v2.2</div> +<h3><a href="configure/proxy_directives.html#proxy.header.append"><code>"proxy.header.append"</code></a></h3> +</div> + +<dl class="directive-desc"> +<dt>Description:</dt> +<dd> +<p> +Modifies the request headers sent to the application server. +</p> + +<p> +The behavior is identical to <a href="configure/headers_directives.html#header.append"><code>header.append</code></a> except for the fact that it affects the request sent to the application server. +Please refer to the documentation of the <a href="configure/headers_directives.html">headers handler</a> to see how the directives can be used to mangle the headers. +</p> + +</dd> +<dt><a href="configure/syntax_and_structure.html#config_levels">Level</a>:</dt> +<dd>global, host, path, extensions</dd> +</dl> +<div id="proxy.header.merge" class="directive-head"> +<div class="directive-since">since v2.2</div> +<h3><a href="configure/proxy_directives.html#proxy.header.merge"><code>"proxy.header.merge"</code></a></h3> +</div> + +<dl class="directive-desc"> +<dt>Description:</dt> +<dd> +<p> +Modifies the request headers sent to the application server. +</p> + +<p> +The behavior is identical to <a href="configure/headers_directives.html#header.merge"><code>header.merge</code></a> except for the fact that it affects the request sent to the application server. +Please refer to the documentation of the <a href="configure/headers_directives.html">headers handler</a> to see how the directives can be used to mangle the headers. +</p> + +</dd> +<dt><a href="configure/syntax_and_structure.html#config_levels">Level</a>:</dt> +<dd>global, host, path, extensions</dd> +</dl> +<div id="proxy.header.set" class="directive-head"> +<div class="directive-since">since v2.2</div> +<h3><a href="configure/proxy_directives.html#proxy.header.set"><code>"proxy.header.set"</code></a></h3> +</div> + +<dl class="directive-desc"> +<dt>Description:</dt> +<dd> +<p> +Modifies the request headers sent to the application server. +</p> + +<p> +The behavior is identical to <a href="configure/headers_directives.html#header.set"><code>header.set</code></a> except for the fact that it affects the request sent to the application server. +Please refer to the documentation of the <a href="configure/headers_directives.html">headers handler</a> to see how the directives can be used to mangle the headers. +</p> + +</dd> +<dt><a href="configure/syntax_and_structure.html#config_levels">Level</a>:</dt> +<dd>global, host, path, extensions</dd> +</dl> +<div id="proxy.header.setifempty" class="directive-head"> +<div class="directive-since">since v2.2</div> +<h3><a href="configure/proxy_directives.html#proxy.header.setifempty"><code>"proxy.header.setifempty"</code></a></h3> +</div> + +<dl class="directive-desc"> +<dt>Description:</dt> +<dd> +<p> +Modifies the request headers sent to the application server. +</p> + +<p> +The behavior is identical to <a href="configure/headers_directives.html#header.setifempty"><code>header.setifempty</code></a> except for the fact that it affects the request sent to the application server. +Please refer to the documentation of the <a href="configure/headers_directives.html">headers handler</a> to see how the directives can be used to mangle the headers. +</p> + +</dd> +<dt><a href="configure/syntax_and_structure.html#config_levels">Level</a>:</dt> +<dd>global, host, path, extensions</dd> +</dl> +<div id="proxy.header.unset" class="directive-head"> +<div class="directive-since">since v2.2</div> +<h3><a href="configure/proxy_directives.html#proxy.header.unset"><code>"proxy.header.unset"</code></a></h3> +</div> + +<dl class="directive-desc"> +<dt>Description:</dt> +<dd> +<p> +Modifies the request headers sent to the application server. +</p> + +<p> +The behavior is identical to <a href="configure/headers_directives.html#header.unset"><code>header.unset</code></a> except for the fact that it affects the request sent to the application server. +Please refer to the documentation of the <a href="configure/headers_directives.html">headers handler</a> to see how the directives can be used to mangle the headers. +</p> + +</dd> +<dt><a href="configure/syntax_and_structure.html#config_levels">Level</a>:</dt> +<dd>global, host, path, extensions</dd> +</dl> + + +<div id="proxy.ssl.cafile" class="directive-head"> +<div class="directive-since">since v2.0</div> +<h3><a href="configure/proxy_directives.html#proxy.ssl.cafile"><code>"proxy.ssl.cafile"</code></a></h3> +</div> + +<dl class="directive-desc"> +<dt>Description:</dt> +<dd> +<p> +Specifies the file storing the list of trusted root certificates. +</p> + +<p> +By default, H2O uses <code>share/h2o/ca-bundle.crt</code>. The file contains a set of trusted root certificates maintained by Mozilla, downloaded and converted using <a href="https://curl.haxx.se/docs/mk-ca-bundle.html">mk-ca-bundle.pl</a>. +</p> + +</dd> +<dt><a href="configure/syntax_and_structure.html#config_levels">Level</a>:</dt> +<dd>global, host, path, extension</dd> +<dt>See also:</dt> +<dd><a href="configure/proxy_directives.html#proxy.ssl.verify-peer"><code>proxy.ssl.verify-peer</code></a> +</dd> +</dl> + +<div id="proxy.ssl.session-cache" class="directive-head"> +<div class="directive-since">since v2.1</div> +<h3><a href="configure/proxy_directives.html#proxy.ssl.session-cache"><code>"proxy.ssl.session-cache"</code></a></h3> +</div> + +<dl class="directive-desc"> +<dt>Description:</dt> +<dd> +<p> +Specifies whether if and how a session cache should be used for TLS connections to the application server. +</p> + +<p> +Since version 2.1, result of the TLS handshakes to the application server is memoized and later used to resume the connection, unless set to <code>OFF</code> using this directive. +If the value is a mapping, then the following two attributes must be specified: +<dl> +<dt>lifetime:</dt> +<dd>validity of session cache entries in seconds</dd> +<dt>capacity:</dt> +<dd>maxmum number of entries to be kept in the session cache</dd> +</dl> +If set to <code>ON</code>, <code>lifetime</code> and <code>capacity</code> will be set to 86,400 (one day) and 4,096. +</p> + +</dd> +<dt><a href="configure/syntax_and_structure.html#config_levels">Level</a>:</dt> +<dd>global, host, path, extension</dd> +<dt>Default:</dt> +<dd><code><pre>proxy.ssl.session-cache: ON</pre></code> +</dl> + +<div id="proxy.ssl.verify-peer" class="directive-head"> +<div class="directive-since">since v2.0</div> +<h3><a href="configure/proxy_directives.html#proxy.ssl.verify-peer"><code>"proxy.ssl.verify-peer"</code></a></h3> +</div> + +<dl class="directive-desc"> +<dt>Description:</dt> +<dd> +<p> +A boolean flag (<code>ON</code> or <code>OFF</code>) indicating if the server certificate and hostname should be verified. +</p> + +<p> +If set to <code>ON</code>, the HTTP client implementation of H2O verifies the peer's certificate using the list of trusted certificates as well as compares the hostname presented in the certificate against the connecting hostname. +</p> + +</dd> +<dt><a href="configure/syntax_and_structure.html#config_levels">Level</a>:</dt> +<dd>global, host, path, extension</dd> +<dt>Default:</dt> +<dd><code><pre>proxy.ssl.verify-peer: ON</pre></code> +<dt>See also:</dt> +<dd><a href="configure/proxy_directives.html#proxy.ssl.cafile"><code>proxy.ssl.cafile</code></a> +</dd> +</dl> + +<div id="proxy.timeout.io" class="directive-head"> +<h3><a href="configure/proxy_directives.html#proxy.timeout.io"><code>"proxy.timeout.io"</code></a></h3> +</div> + +<dl class="directive-desc"> +<dt>Description:</dt> +<dd> +<p> +Sets the upstream I/O timeout in milliseconds. +</p> + +</dd> +<dt><a href="configure/syntax_and_structure.html#config_levels">Level</a>:</dt> +<dd>global, host, path, extension</dd> +<dt>Default:</dt> +<dd><code><pre>proxy.timeout.io: 30000</pre></code> +</dl> + + +<div id="proxy.timeout.keepalive" class="directive-head"> +<h3><a href="configure/proxy_directives.html#proxy.timeout.keepalive"><code>"proxy.timeout.keepalive"</code></a></h3> +</div> + +<dl class="directive-desc"> +<dt>Description:</dt> +<dd> +<p> +Sets the upstream timeout for idle connections in milliseconds. +</p> + +<p> +Upstream connection becomes non-persistent if the value is set to zero. +The value should be set to something smaller than that being set at the upstream server. +</p> + +</dd> +<dt><a href="configure/syntax_and_structure.html#config_levels">Level</a>:</dt> +<dd>global, host, path, extension</dd> +<dt>Default:</dt> +<dd><code><pre>proxy.timeout.keepalive: 2000</pre></code> +</dl> + +<div id="proxy.websocket" class="directive-head"> +<h3><a href="configure/proxy_directives.html#proxy.websocket"><code>"proxy.websocket"</code></a></h3> +</div> + +<dl class="directive-desc"> +<dt>Description:</dt> +<dd> +<p> +A boolean flag (<code>ON</code> or <code>OFF</code>) indicating whether or not to allow upgrading the proxied connection to <a href="https://tools.ietf.org/html/rfc6455">the WebSocket protocol</a>. +</p> + +<p> +When set to <code>ON</code>, the proxied connection will be upgraded to a bi-directional tunnel stream if upgrading to WebSocket connection is permitted by the backend server (i.e. if the backend server responds to a WebSocket handshake with <code>101</code> status code). +</p> +<p> +Support for WebSocket is considered experimental for the time being and therefore is not yet turned on by default. +</p> + +</dd> +<dt><a href="configure/syntax_and_structure.html#config_levels">Level</a>:</dt> +<dd>global, host, path, extension</dd> +<dt>Default:</dt> +<dd><code><pre>proxy.websocket: OFF</pre></code> +</dl> + +<div id="proxy.websocket.timeout" class="directive-head"> +<h3><a href="configure/proxy_directives.html#proxy.websocket.timeout"><code>"proxy.websocket.timeout"</code></a></h3> +</div> + +<dl class="directive-desc"> +<dt>Description:</dt> +<dd> +<p> +Sets idle timeout of a WebSocket connection being proxied. +</p> + +</dd> +<dt><a href="configure/syntax_and_structure.html#config_levels">Level</a>:</dt> +<dd>global, host, path, extension</dd> +<dt>Default:</dt> +<dd><code><pre>proxy.websocket.timeout: 300000</pre></code> +</dl> + + + + + +</div> +<div id="footer"> +<p> +Copyright © 2015 <a href="http://dena.com/intl/">DeNA Co., Ltd.</a> et al. +</p> +</div> +</body> +</html> |