diff options
Diffstat (limited to 'doc/nghttpx.1')
-rw-r--r-- | doc/nghttpx.1 | 26 |
1 files changed, 13 insertions, 13 deletions
diff --git a/doc/nghttpx.1 b/doc/nghttpx.1 index 6b9f54b..f1a72f9 100644 --- a/doc/nghttpx.1 +++ b/doc/nghttpx.1 @@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]] .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]] .in \\n[rst2man-indent\\n[rst2man-indent-level]]u .. -.TH "NGHTTPX" "1" "Apr 04, 2024" "1.61.0" "nghttp2" +.TH "NGHTTPX" "1" "May 19, 2024" "1.62.1" "nghttp2" .SH NAME nghttpx \- HTTP/2 proxy .SH SYNOPSIS @@ -371,7 +371,7 @@ Default: \fBauto\fP .TP .B \-\-backend\-http\-proxy\-uri=<URI> Specify proxy URI in the form -\fI\%http:/\fP/[<USER>:<PASS>@]<PROXY>:<PORT>. If a proxy +\X'tty: link http:/'\fI\%http:/\fP\X'tty: link'/[<USER>:<PASS>@]<PROXY>:<PORT>. If a proxy requires authentication, specify <USER> and <PASS>. Note that they must be properly percent\-encoded. This proxy is used when the backend connection is HTTP/2. @@ -1057,7 +1057,7 @@ Default: \fB1s\fP .B \-\-no\-http2\-cipher\-block\-list Allow block listed cipher suite on frontend HTTP/2 connection. See -\fI\%https://tools.ietf.org/html/rfc7540#appendix\-A\fP for the +\X'tty: link https://tools.ietf.org/html/rfc7540#appendix-A'\fI\%https://tools.ietf.org/html/rfc7540#appendix\-A\fP\X'tty: link' for the complete HTTP/2 cipher suites block list. .UNINDENT .INDENT 0.0 @@ -1065,7 +1065,7 @@ complete HTTP/2 cipher suites block list. .B \-\-client\-no\-http2\-cipher\-block\-list Allow block listed cipher suite on backend HTTP/2 connection. See -\fI\%https://tools.ietf.org/html/rfc7540#appendix\-A\fP for the +\X'tty: link https://tools.ietf.org/html/rfc7540#appendix-A'\fI\%https://tools.ietf.org/html/rfc7540#appendix\-A\fP\X'tty: link' for the complete HTTP/2 cipher suites block list. .UNINDENT .INDENT 0.0 @@ -2116,9 +2116,9 @@ than main process. .SH SERVER PUSH .sp nghttpx supports HTTP/2 server push in default mode with Link header -field. nghttpx looks for Link header field (\fI\%RFC 5988\fP) in response headers from +field. nghttpx looks for Link header field (\X'tty: link http://tools.ietf.org/html/rfc5988'\fI\%RFC 5988\fP\X'tty: link') in response headers from backend server and extracts URI\-reference with parameter -\fBrel=preload\fP (see \fI\%preload\fP) +\fBrel=preload\fP (see \X'tty: link http://w3c.github.io/preload/#interoperability-with-http-link-header'\fI\%preload\fP\X'tty: link') and pushes those URIs to the frontend client. Here is a sample Link header field to initiate server push: .INDENT 0.0 @@ -2164,7 +2164,7 @@ delete the socket and continues to use it. .sp OCSP query is done using external Python script \fBfetch\-ocsp\-response\fP, which has been originally developed in Perl -as part of h2o project (\fI\%https://github.com/h2o/h2o\fP), and was +as part of h2o project (\X'tty: link https://github.com/h2o/h2o'\fI\%https://github.com/h2o/h2o\fP\X'tty: link'), and was translated into Python. .sp The script file is usually installed under @@ -2260,15 +2260,15 @@ automatically. To rotate key, one has to restart nghttpx (see SIGNALS). .SH CERTIFICATE TRANSPARENCY .sp -nghttpx supports TLS \fBsigned_certificate_timestamp\fP extension (\fI\%RFC -6962\fP). The relevant options +nghttpx supports TLS \fBsigned_certificate_timestamp\fP extension (\X'tty: link https://tools.ietf.org/html/rfc6962'\fI\%RFC +6962\fP\X'tty: link'). The relevant options are \fI\%\-\-tls\-sct\-dir\fP and \fBsct\-dir\fP parameter in \fI\%\-\-subcert\fP\&. They takes a directory, and nghttpx reads all files whose extension is \fB\&.sct\fP under the directory. The \fB*.sct\fP files are encoded as \fBSignedCertificateTimestamp\fP struct described -in \fI\%section 3.2 of RFC 69662\fP\&. This format is -the same one used by \fI\%nginx\-ct\fP and \fI\%mod_ssl_ct\fP\&. -\fI\%ct\-submit\fP can be +in \X'tty: link https://tools.ietf.org/html/rfc6962#section-3.2'\fI\%section 3.2 of RFC 69662\fP\X'tty: link'\&. This format is +the same one used by \X'tty: link https://github.com/grahamedgecombe/nginx-ct'\fI\%nginx\-ct\fP\X'tty: link' and \X'tty: link https://httpd.apache.org/docs/trunk/mod/mod_ssl_ct.html'\fI\%mod_ssl_ct\fP\X'tty: link'\&. +\X'tty: link https://github.com/grahamedgecombe/ct-submit'\fI\%ct\-submit\fP\X'tty: link' can be used to submit certificates to log servers, and obtain the \fBSignedCertificateTimestamp\fP struct which can be used with nghttpx. .SH MRUBY SCRIPTING @@ -2512,7 +2512,7 @@ On assignment, copy of given value is assigned. The path does not include authority component of URI. This may include query component. nghttpx makes certain normalization for path. It decodes percent\-encoding for unreserved characters -(see \fI\%https://tools.ietf.org/html/rfc3986#section\-2.3\fP), and +(see \X'tty: link https://tools.ietf.org/html/rfc3986#section-2.3'\fI\%https://tools.ietf.org/html/rfc3986#section\-2.3\fP\X'tty: link'), and resolves \(dq..\(dq and \(dq.\(dq. But it may leave characters which should be percent\-encoded as is. So be careful when comparing path against desired string. |