X-Git-Url: https://git.proxmox.com/?a=blobdiff_plain;f=ceph%2Fdoc%2Fradosgw%2Ffrontends.rst;h=5c6900f54489df1a3f3db8f368f9101eba0c61d9;hb=20effc670b57271cb089376d6d0800990e5218d5;hp=ff6323ee454b345439cae2f9856af67e6209eeeb;hpb=28e407b858acd3bddc89f68583571f771bb42e46;p=ceph.git diff --git a/ceph/doc/radosgw/frontends.rst b/ceph/doc/radosgw/frontends.rst index ff6323ee4..5c6900f54 100644 --- a/ceph/doc/radosgw/frontends.rst +++ b/ceph/doc/radosgw/frontends.rst @@ -1,3 +1,5 @@ +.. _rgw_frontends: + ============== HTTP Frontends ============== @@ -5,12 +7,13 @@ HTTP Frontends .. contents:: The Ceph Object Gateway supports two embedded HTTP frontend libraries -that can be configured with ``rgw_frontends``. +that can be configured with ``rgw_frontends``. See `Config Reference`_ +for details about the syntax. Beast ===== -.. versionadded:: Luminous +.. versionadded:: Mimic The ``beast`` frontend uses the Boost.Beast library for HTTP parsing and the Boost.Asio library for asynchronous network i/o. @@ -18,79 +21,119 @@ and the Boost.Asio library for asynchronous network i/o. Options ------- -``port`` +``port`` and ``ssl_port`` -:Description: Sets the listening port number. Can be specified multiple +:Description: Sets the ipv4 & ipv6 listening port number. Can be specified multiple times as in ``port=80 port=8000``. - :Type: Integer :Default: ``80`` -``endpoint`` +``endpoint`` and ``ssl_endpoint`` -:Description: Sets the listening address in the form ``address[:port]``, - where the address is an IPv4 address string in dotted decimal - form, or an IPv6 address in hexadecimal notation. The - optional port defaults to 80. Can be specified multiple times - as in ``endpoint=::1 endpoint=192.168.0.100:8000``. +:Description: Sets the listening address in the form ``address[:port]``, where + the address is an IPv4 address string in dotted decimal form, or + an IPv6 address in hexadecimal notation surrounded by square + brackets. Specifying a IPv6 endpoint would listen to v6 only. The + optional port defaults to 80 for ``endpoint`` and 443 for + ``ssl_endpoint``. Can be specified multiple times as in + ``endpoint=[::1] endpoint=192.168.0.100:8000``. :Type: Integer :Default: None -Civetweb -======== - -.. versionadded:: Firefly +``ssl_certificate`` -The ``civetweb`` frontend uses the Civetweb HTTP library, which is a -fork of Mongoose. +:Description: Path to the SSL certificate file used for SSL-enabled endpoints. + If path is prefixed with ``config://``, the certificate will be + pulled from the ceph monitor ``config-key`` database. +:Type: String +:Default: None -Options -------- -``port`` +``ssl_private_key`` -:Description: Sets the listening port number. For SSL-enabled ports, add an - ``s`` suffix like ``443s``. To bind a specific IPv4 or IPv6 - address, use the form ``address:port``. Multiple endpoints - can either be separated by ``+`` as in ``127.0.0.1:8000+443s``, - or by providing multiple options as in ``port=8000 port=443s``. +:Description: Optional path to the private key file used for SSL-enabled + endpoints. If one is not given, the ``ssl_certificate`` file + is used as the private key. + If path is prefixed with ``config://``, the certificate will be + pulled from the ceph monitor ``config-key`` database. :Type: String -:Default: ``7480`` +:Default: None +``ssl_options`` -``num_threads`` +:Description: Optional colon separated list of ssl context options: -:Description: Sets the number of threads spawned by Civetweb to handle - incoming HTTP connections. This effectively limits the number - of concurrent connections that the frontend can service. + ``default_workarounds`` Implement various bug workarounds. -:Type: Integer -:Default: ``rgw_thread_pool_size`` + ``no_compression`` Disable compression. + ``no_sslv2`` Disable SSL v2. -``request_timeout_ms`` + ``no_sslv3`` Disable SSL v3. -:Description: The amount of time in milliseconds that Civetweb will wait - for more incoming data before giving up. + ``no_tlsv1`` Disable TLS v1. -:Type: Integer -:Default: ``30000`` + ``no_tlsv1_1`` Disable TLS v1.1. + ``no_tlsv1_2`` Disable TLS v1.2. -``ssl_certificate`` + ``single_dh_use`` Always create a new key when using tmp_dh parameters. -:Description: Path to the SSL certificate file used for SSL-enabled ports. +:Type: String +:Default: ``no_sslv2:no_sslv3:no_tlsv1:no_tlsv1_1`` + +``ssl_ciphers`` + +:Description: Optional list of one or more cipher strings separated by colons. + The format of the string is described in openssl's ciphers(1) + manual. :Type: String :Default: None +``tcp_nodelay`` + +:Description: If set the socket option will disable Nagle's algorithm on + the connection which means that packets will be sent as soon + as possible instead of waiting for a full buffer or timeout to occur. -A complete list of supported options can be found in the `Civetweb User Manual`_. + ``1`` Disable Nagel's algorithm for all sockets. + + ``0`` Keep the default: Nagel's algorithm enabled. + +:Type: Integer (0 or 1) +:Default: 0 + +``max_connection_backlog`` + +:Description: Optional value to define the maximum size for the queue of + connections waiting to be accepted. If not configured, the value + from ``boost::asio::socket_base::max_connections`` will be used. + +:Type: Integer +:Default: None + +``request_timeout_ms`` + +:Description: The amount of time in milliseconds that Beast will wait + for more incoming data or outgoing data before giving up. + Setting this value to 0 will disable timeout. + +:Type: Integer +:Default: ``65000`` + +``max_header_size`` + +:Description: The maximum number of header bytes available for a single request. + +:Type: Integer +:Default: ``16384`` +:Maximum: ``65536`` Generic Options @@ -108,4 +151,4 @@ Some frontend options are generic and supported by all frontends: :Default: None -.. _Civetweb User Manual: https://civetweb.github.io/civetweb/UserManual.html +.. _Config Reference: ../config-ref