diff options
Diffstat (limited to 'httpd/httpd.conf.5')
| -rw-r--r-- | httpd/httpd.conf.5 | 48 |
1 files changed, 41 insertions, 7 deletions
diff --git a/httpd/httpd.conf.5 b/httpd/httpd.conf.5 index 2bd3ec7..a3c9762 100644 --- a/httpd/httpd.conf.5 +++ b/httpd/httpd.conf.5 @@ -1,4 +1,4 @@ -.\" $OpenBSD: httpd.conf.5,v 1.73 2016/05/09 19:36:54 tj Exp $ +.\" $OpenBSD: httpd.conf.5,v 1.84 2017/08/11 20:30:45 jmc Exp $ .\" .\" Copyright (c) 2014, 2015 Reyk Floeter <reyk@openbsd.org> .\" @@ -14,7 +14,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: May 9 2016 $ +.Dd $Mdocdate: August 11 2017 $ .Dt HTTPD.CONF 5 .Os .Sh NAME @@ -221,6 +221,8 @@ The configured IP address of the server. The configured TCP server port of the server. .It Ic $SERVER_NAME The name of the server. +.It Ic $HTTP_HOST +The host from the HTTP Host header. .It Pf % Ar n The capture index .Ar n @@ -240,8 +242,14 @@ Set the maximum number of requests per persistent HTTP connection. Persistent connections are negotiated using the Keep-Alive header in HTTP/1.0 and enabled by default in HTTP/1.1. The default maximum number of requests per connection is 100. +.It Ic request timeout Ar seconds +Specify the inactivity timeout for HTTP operations between client and server, +for example the maximum time to wait for a request from the client. +The default timeout is 60 seconds (1 minute). +The maximum is 2147483647 seconds (68 years). .It Ic timeout Ar seconds -Specify the inactivity timeout in seconds for accepted sessions. +Specify the inactivity timeout in seconds for accepted sessions, +for example the maximum time to wait for I/O from the FastCGI backend. The default timeout is 600 seconds (10 minutes). The maximum is 2147483647 seconds (68 years). .El @@ -358,6 +366,11 @@ Specify server configuration rules for a specific location. The .Ar path argument will be matched against the request path with shell globbing rules. +In case of multiple location statements in the same context, the +first matching location statement will be put into effect, while all +later ones will be ignored. +Therefore it is advisable to match for more specific paths first +and for generic ones later on. A location section may include most of the server configuration rules except .Ic alias , @@ -519,10 +532,12 @@ Valid parameter values are none, legacy and auto. For legacy a fixed key length of 1024 bits is used, whereas for auto the key length is determined automatically. The default is none, which disables DHE cipher suites. -.It Ic ecdhe Ar curve -Specify the ECDHE curve to use for ECDHE cipher suites. -Valid parameter values are none, auto and the short name of any known curve. -The default is auto. +.It Ic ecdhe Ar curves +Specify a comma separated list of elliptic curves to use for ECDHE cipher suites, +in order of preference. +The special value of "default" will use the default curves; see +.Xr tls_config_set_ecdhecurves 3 +for further details. .It Ic key Ar file Specify the private key to use for this server. The @@ -533,6 +548,16 @@ root directory of .Nm httpd . The default is .Pa /etc/ssl/private/server.key . +.It Ic ocsp Ar file +Specify an OCSP response to be stapled during TLS handshakes +with this server. +The +.Ar file +should contain a DER-format OCSP response retrieved from an +OCSP server for the +.Ar certificate +in use. +The default is to not use OCSP stapling. .It Ic protocols Ar string Specify the TLS protocols to enable for this server. If not specified, the value @@ -541,6 +566,13 @@ will be used (secure protocols; TLSv1.2-only). Refer to the .Xr tls_config_parse_protocols 3 function for other valid protocol string values. +.It Ic ticket Ic lifetime Ar seconds +Enable TLS session tickets with a +.Ar seconds +session lifetime. +It is possible to set +.Ar seconds +to default to use the httpd default timeout of 2 hours. .El .El .Sh TYPES @@ -560,6 +592,7 @@ will use built-in media types for .Ar image/gif , .Ar image/png , .Ar image/jpeg , +.Ar image/svg+xml , and .Ar application/javascript . .Pp @@ -659,6 +692,7 @@ server "www.example.com" { .Xr htpasswd 1 , .Xr patterns 7 , .Xr httpd 8 , +.Xr ocspcheck 8 , .Xr slowcgi 8 .Sh AUTHORS .An -nosplit |