mirrors/caddy-website
1
0
Fork 0
mirror of https://github.com/caddyserver/website.git synced 2025-04-21 04:26:16 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

docs: Update a variety of docs for upcoming 2.1 betas

Browse source
This commit is contained in:
Matthew Holt 2020-05-11 17:13:32 -06:00 committed by Francis Lavoie
parent 9441648ca8
commit fa3b5f6699
No known key found for this signature in database
GPG key ID: 7D1A27F0725BE5D8
5 changed files with 50 additions and 8 deletions
Download patch file Download diff file Expand all files Collapse all files

4
src/docs/markdown/caddyfile/directives/reverse_proxy.md
View file

@ -62,7 +62,7 @@ Upstream addresses can take the form of a conventional [Caddy network address](/
- `unix//var/php.sock`
- `srv+http://internal:5099`
Note: Schemes cannot be mixed, since they modify the common transport configuration (a TLS-enabled transport cannot carry both HTTPS and plaintext HTTP). Specifying ports 80 and 443 are the same as specifying the HTTP and HTTPS schemes, respectively. Any explicit transport configuration will not be overwritten, and omitting schemes or using other ports will not assume a particular transport. Additionally, schemes cannot contain paths or query strings, as that would imply simultaneous rewriting the request while proxying, which behavior is not defined or supported.
Note: Schemes cannot be mixed, since they modify the common transport configuration (a TLS-enabled transport cannot carry both HTTPS and plaintext HTTP). Specifying ports 80 and 443 are the same as specifying the HTTP and HTTPS schemes, respectively. Any explicit transport configuration will not be overwritten, and omitting schemes or using other ports will not assume a particular transport. Additionally, schemes cannot contain paths or query strings, as that would imply simultaneous rewriting the request while proxying, which behavior is not defined or supported. If the address is not a URL (i.e. does not have a scheme), then placeholders can be used, but this makes the upstream dynamic.
**Load balancing** is used whenever more than one upstream is defined.
@ -128,6 +128,7 @@ transport http {
tls_insecure_skip_verify
tls_timeout <duration>
tls_trusted_ca_certs <pem_files...>
tls_server_name <sni>
keepalive [off|<duration>]
keepalive_idle_conns <max_count>
}
@ -141,6 +142,7 @@ transport http {
- **tls_insecure_skip_verify** turns off security. _Do not use in production._
- **tls_timeout** is a [duration value](/docs/conventions#durations) that specifies how long to wait for the TLS handshake to complete.
- **tls_trusted_ca_certs** is a list of PEM files that specify CA public keys to trust when connecting to the backend.
- **tls_server_name** sets the ServerName (SNI) to put in the ClientHello; only needed if the remote server it.
- **keepalive** is either `off` or a [duration value](/docs/conventions#durations) that specifies how long to keep connections open.
- **keepalive_idle_conns** defines the maximum number of connections to keep alive.