usual_tls_port

Added in version 1.7.29.

Changed in version renamed: to usual_tls_port since 1.13.3

This server exposes an usual OpenSSL based TLS listening port in front of another local server.

The following common keys are supported:

listen

required, type: tcp listen

Listening configuration for this server.

The instance count setting will be ignored if listen_in_worker is correctly enabled.

tls_server

required, type: openssl server config

Enables TLS on the listening socket using OpenSSL and configures the TLS parameters.

server

required, type: str

Name of the next server to which accepted connections are forwarded.

The next server must be able to accept TLS connections.

Example:

- name: usual-front
  type: usual_tls_port
  listen: 0.0.0.0:8443
  tls:
    cert_pairs:
      certificate: server.crt
      private_key: server.key
  server: plain_tls_backend

proxy_protocol

optional, type: proxy protocol version

PROXY Protocol version expected on incoming TCP connections.

If set, connections with no matched PROXY Protocol message will be dropped.

The TLS handshake with the client will happen after we receive the PROXY Protocol message.

Note

The ingress_network_filter option on this server always applies to the real socket client address.

default: not set, which means PROXY protocol won’t be used

proxy_protocol_read_timeout

optional, type: humanize duration

Timeout for reading a complete PROXY Protocol message.

default: 5s