From ce95017bf16f7937013134fc5188900d3e2cd9c7 Mon Sep 17 00:00:00 2001
From: Reyk Floeter <reyk@esdenera.com>
Date: Wed, 16 Aug 2017 09:27:36 +0200
Subject: sync

---
 httpd/httpd.conf.5 | 48 +++++++++++++++++++++++++++++++++++++++++-------
 1 file changed, 41 insertions(+), 7 deletions(-)

(limited to 'httpd/httpd.conf.5')

diff --git a/httpd/httpd.conf.5 b/httpd/httpd.conf.5
index 2bd3ec7..a3c9762 100644
--- a/httpd/httpd.conf.5
+++ b/httpd/httpd.conf.5
@@ -1,4 +1,4 @@
-.\"	$OpenBSD: httpd.conf.5,v 1.73 2016/05/09 19:36:54 tj Exp $
+.\"	$OpenBSD: httpd.conf.5,v 1.84 2017/08/11 20:30:45 jmc Exp $
 .\"
 .\" Copyright (c) 2014, 2015 Reyk Floeter <reyk@openbsd.org>
 .\"
@@ -14,7 +14,7 @@
 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\"
-.Dd $Mdocdate: May 9 2016 $
+.Dd $Mdocdate: August 11 2017 $
 .Dt HTTPD.CONF 5
 .Os
 .Sh NAME
@@ -221,6 +221,8 @@ The configured IP address of the server.
 The configured TCP server port of the server.
 .It Ic $SERVER_NAME
 The name of the server.
+.It Ic $HTTP_HOST
+The host from the HTTP Host header.
 .It Pf % Ar n
 The capture index
 .Ar n
@@ -240,8 +242,14 @@ Set the maximum number of requests per persistent HTTP connection.
 Persistent connections are negotiated using the Keep-Alive header in
 HTTP/1.0 and enabled by default in HTTP/1.1.
 The default maximum number of requests per connection is 100.
+.It Ic request timeout Ar seconds
+Specify the inactivity timeout for HTTP operations between client and server,
+for example the maximum time to wait for a request from the client.
+The default timeout is 60 seconds (1 minute).
+The maximum is 2147483647 seconds (68 years).
 .It Ic timeout Ar seconds
-Specify the inactivity timeout in seconds for accepted sessions.
+Specify the inactivity timeout in seconds for accepted sessions,
+for example the maximum time to wait for I/O from the FastCGI backend.
 The default timeout is 600 seconds (10 minutes).
 The maximum is 2147483647 seconds (68 years).
 .El
@@ -358,6 +366,11 @@ Specify server configuration rules for a specific location.
 The
 .Ar path
 argument will be matched against the request path with shell globbing rules.
+In case of multiple location statements in the same context, the
+first matching location statement will be put into effect, while all
+later ones will be ignored.
+Therefore it is advisable to match for more specific paths first
+and for generic ones later on.
 A location section may include most of the server configuration rules
 except
 .Ic alias ,
@@ -519,10 +532,12 @@ Valid parameter values are none, legacy and auto.
 For legacy a fixed key length of 1024 bits is used, whereas for auto the key
 length is determined automatically.
 The default is none, which disables DHE cipher suites.
-.It Ic ecdhe Ar curve
-Specify the ECDHE curve to use for ECDHE cipher suites.
-Valid parameter values are none, auto and the short name of any known curve.
-The default is auto.
+.It Ic ecdhe Ar curves
+Specify a comma separated list of elliptic curves to use for ECDHE cipher suites,
+in order of preference.
+The special value of "default" will use the default curves; see
+.Xr tls_config_set_ecdhecurves 3
+for further details.
 .It Ic key Ar file
 Specify the private key to use for this server.
 The
@@ -533,6 +548,16 @@ root directory of
 .Nm httpd .
 The default is
 .Pa /etc/ssl/private/server.key .
+.It Ic ocsp Ar file
+Specify an OCSP response to be stapled during TLS handshakes
+with this server.
+The
+.Ar file
+should contain a DER-format OCSP response retrieved from an
+OCSP server for the
+.Ar certificate
+in use.
+The default is to not use OCSP stapling.
 .It Ic protocols Ar string
 Specify the TLS protocols to enable for this server.
 If not specified, the value
@@ -541,6 +566,13 @@ will be used (secure protocols; TLSv1.2-only).
 Refer to the
 .Xr tls_config_parse_protocols 3
 function for other valid protocol string values.
+.It Ic ticket Ic lifetime Ar seconds
+Enable TLS session tickets with a
+.Ar seconds
+session lifetime.
+It is possible to set
+.Ar seconds
+to default to use the httpd default timeout of 2 hours.
 .El
 .El
 .Sh TYPES
@@ -560,6 +592,7 @@ will use built-in media types for
 .Ar image/gif ,
 .Ar image/png ,
 .Ar image/jpeg ,
+.Ar image/svg+xml ,
 and
 .Ar application/javascript .
 .Pp
@@ -659,6 +692,7 @@ server "www.example.com" {
 .Xr htpasswd 1 ,
 .Xr patterns 7 ,
 .Xr httpd 8 ,
+.Xr ocspcheck 8 ,
 .Xr slowcgi 8
 .Sh AUTHORS
 .An -nosplit
-- 
cgit v1.2.3-54-g00ecf