Commit fc70ea60 authored by Tatsuhiro Tsujikawa's avatar Tatsuhiro Tsujikawa

Update doc

parent 4a732d3c
......@@ -190,9 +190,10 @@ example, you can send GET request to the server using nghttp:</p>
<h2>HTTP/2 proxy mode<a class="headerlink" href="#http-2-proxy-mode" title="Permalink to this headline"></a></h2>
<p>If nghttpx is invoked with <tt class="docutils literal"><span class="pre">-s</span></tt> option, it operates in HTTP/2 proxy
mode. The supported protocols in frontend and backend connections are
the same in <a class="reference internal" href="#default-mode">default mode</a>. The difference is that this mode acts like
forward proxy and assumes the backend is HTTP/1 proxy server (e.g.,
squid). So HTTP/1 request must include absolute URI in request line.</p>
the same in <a class="reference internal" href="#default-mode">default mode</a>. The difference is that this mode acts
like forward proxy and assumes the backend is HTTP/1 proxy server
(e.g., squid, traffic server). So HTTP/1 request must include
absolute URI in request line.</p>
<p>By default, frontend connection is encrypted, this mode is also called
secure proxy. If nghttpx is linked with spdylay, it supports SPDY
protocols and it works as so called SPDY proxy.</p>
......@@ -205,29 +206,45 @@ work for each request, for example, dispatching requests to the origin
server and caching contents.</p>
<p>For example, to make nghttpx listen to encrypted HTTP/2 requests at
port 8443, and a backend HTTP/1 proxy server is configured to listen
to HTTP/1 request at port 3128 in the same host, run nghttpx
to HTTP/1 request at port 8080 in the same host, run nghttpx
command-line like this:</p>
<div class="highlight-c"><div class="highlight"><pre>$ nghttpx -s -f0.0.0.0,8443 -b127.0.0.1,3128 /path/to/server.key /path/to/server.crt
<div class="highlight-c"><div class="highlight"><pre>$ nghttpx -s -f&#39;*,8443&#39; -b127.0.0.1,8080 /path/to/server.key /path/to/server.crt
</pre></div>
</div>
<p>At the time of this writing, there is no known HTTP/2 client which
supports HTTP/2 proxy in this fashion. You can use Google Chrome to
use this as secure (SPDY) proxy to test it out, though it does not use
HTTP/2 at all.</p>
<p>The one way to configure Google Chrome to use secure proxy is create
proxy.pac script like this:</p>
<p>At the time of this writing, Firefox nightly supports HTTP/2 proxy.
Chromium can use nghttpx as secure (SPDY) proxy and will support
HTTP/2 proxy in the near future.</p>
<p>To make Firefox nightly or Chromium use nghttpx as HTTP/2 or SPDY
proxy, user has to create proxy.pac script file like this:</p>
<div class="highlight-javascript"><div class="highlight"><pre><span class="kd">function</span> <span class="nx">FindProxyForURL</span><span class="p">(</span><span class="nx">url</span><span class="p">,</span> <span class="nx">host</span><span class="p">)</span> <span class="p">{</span>
<span class="k">return</span> <span class="s2">&quot;HTTPS SERVERADDR:PORT&quot;</span><span class="p">;</span>
<span class="p">}</span>
</pre></div>
</div>
<p><tt class="docutils literal"><span class="pre">SERVERADDR</span></tt> and <tt class="docutils literal"><span class="pre">PORT</span></tt> is the hostname/address and port of the
machine nghttpx is running. Please note that Google Chrome requires
valid certificate for secure proxy.</p>
<p>Then run Google Chrome with the following arguments:</p>
machine nghttpx is running. Please note that both Firefox nightly and
Chromium requires valid certificate for secure proxy.</p>
<p>For Firefox nightly, open Preference window and select Advanced then
click Network tab. Clicking Connection Settings button will show the
dialog. Select &#8220;Automatic proxy configuration URL&#8221; and enter the path
to proxy.pac file, something like this:</p>
<div class="highlight-c"><div class="highlight"><pre><span class="nl">file:</span><span class="c1">///path/to/proxy.pac</span>
</pre></div>
</div>
<p>For Chromium, use following command-line:</p>
<div class="highlight-c"><div class="highlight"><pre>$ google-chrome --proxy-pac-url=file:///path/to/proxy.pac --use-npn
</pre></div>
</div>
<p>Squid may work as out-of-box. Traffic server requires to be
configured as forward proxy. Here is the minimum configuration items
to edit:</p>
<div class="highlight-c"><div class="highlight"><pre><span class="n">CONFIG</span> <span class="n">proxy</span><span class="p">.</span><span class="n">config</span><span class="p">.</span><span class="n">reverse_proxy</span><span class="p">.</span><span class="n">enabled</span> <span class="n">INT</span> <span class="mi">0</span>
<span class="n">CONFIG</span> <span class="n">proxy</span><span class="p">.</span><span class="n">config</span><span class="p">.</span><span class="n">url_remap</span><span class="p">.</span><span class="n">remap_required</span> <span class="n">INT</span> <span class="mi">0</span>
</pre></div>
</div>
<p>Consult Traffic server <a class="reference external" href="https://docs.trafficserver.apache.org/en/latest/admin/forward-proxy.en.html">documentation</a>
to know how to configure traffic server as forward proxy and its
security implications.</p>
</div>
<div class="section" id="client-mode">
<h2>Client mode<a class="headerlink" href="#client-mode" title="Permalink to this headline"></a></h2>
......
No preview for this file type
......@@ -184,18 +184,17 @@ header compression
<tr class="row-even"><td>Large header (CONTINUATION)</td>
<td>Yes</td>
</tr>
<tr class="row-odd"><td>BLOCKED extension</td>
<tr class="row-odd"><td>ALTSVC extension</td>
<td>Yes *1</td>
</tr>
<tr class="row-even"><td>ALTSVC extension</td>
<td>Yes *2</td>
</tr>
</tbody>
</table>
<ul class="simple">
<li>*1 As described in draft-12.</li>
<li>*2 As described in draft-12, but reserved byte was removed.</li>
<li>*1 As described in draft-12, but reserved byte was removed. ALTSVC
may be removed from nghttp2 public API since it is not stabilized
yet.</li>
</ul>
<p>BLOCKED frame, which once existed in h2-12, was removed in h2-13.</p>
</div>
<div class="section" id="public-test-server">
<h2>Public Test Server<a class="headerlink" href="#public-test-server" title="Permalink to this headline"></a></h2>
......@@ -597,7 +596,7 @@ sample configuration file <tt class="docutils literal"><span class="pre">nghttpx
<p>With <tt class="docutils literal"><span class="pre">--http2-proxy</span></tt> option, it works as so called secure proxy (aka
SPDY proxy):</p>
<div class="highlight-c"><div class="highlight"><pre><span class="n">Client</span> <span class="o">&lt;--</span> <span class="p">(</span><span class="n">HTTP</span><span class="o">/</span><span class="mi">2</span><span class="p">,</span> <span class="n">SPDY</span><span class="p">,</span> <span class="n">HTTP</span><span class="o">/</span><span class="mf">1.1</span><span class="p">)</span> <span class="o">--&gt;</span> <span class="n">nghttpx</span> <span class="o">&lt;--</span> <span class="p">(</span><span class="n">HTTP</span><span class="o">/</span><span class="mf">1.1</span><span class="p">)</span> <span class="o">--&gt;</span> <span class="n">Proxy</span>
<span class="p">[</span><span class="n">secure</span> <span class="n">proxy</span><span class="p">]</span> <span class="p">(</span><span class="n">e</span><span class="p">.</span><span class="n">g</span><span class="p">.,</span> <span class="n">Squid</span><span class="p">)</span>
<span class="p">[</span><span class="n">secure</span> <span class="n">proxy</span><span class="p">]</span> <span class="p">(</span><span class="n">e</span><span class="p">.</span><span class="n">g</span><span class="p">.,</span> <span class="n">Squid</span><span class="p">,</span> <span class="n">ATS</span><span class="p">)</span>
</pre></div>
</div>
<p>The <tt class="docutils literal"><span class="pre">Client</span></tt> in the above is needs to be configured to use
......
This diff is collapsed.
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment