usual_tls_port
Added in version 1.7.29.
Changed in version renamed: to usual_tls_port since 1.13.3
This server exposes an usual OpenSSL based TLS listening port in front of another local server.
The following common keys are supported:
listen
required, type: tcp listen
Listening configuration for this server.
The instance count setting will be ignored if listen_in_worker is correctly enabled.
tls_server
required, type: openssl server config
Enables TLS on the listening socket using OpenSSL and configures the TLS parameters.
server
required, type: str
Name of the next server to which accepted connections are forwarded.
The next server must be able to accept TLS connections.
Example:
- name: usual-front
type: usual_tls_port
listen: 0.0.0.0:8443
tls:
cert_pairs:
certificate: server.crt
private_key: server.key
server: plain_tls_backend
proxy_protocol
optional, type: proxy protocol version
PROXY Protocol version expected on incoming TCP connections.
If set, connections with no matched PROXY Protocol message will be dropped.
The TLS handshake with the client will happen after we receive the PROXY Protocol message.
Note
The ingress_network_filter option on this server always applies to
the real socket client address.
default: not set, which means PROXY protocol won’t be used
proxy_protocol_read_timeout
optional, type: humanize duration
Timeout for reading a complete PROXY Protocol message.
default: 5s