pveproxy: add docs for /etc/default/pveproxy

[pve-docs.git] / pveproxy.adoc

diff --git a/pveproxy.adoc b/pveproxy.adoc
index fbb739483b425ea368f28b0f6e3d4c1c6235bb84..d50d04a967f540627daea77c14f8623eeb7f0cfb 100644 (file)
--- a/pveproxy.adoc
+++ b/pveproxy.adoc
@@ -64,11 +64,17 @@ SSL Cipher Suite
 
 You can define the cipher list in `/etc/default/pveproxy`, for example
 
- CIPHERS="HIGH:MEDIUM:!aNULL:!MD5"
+ CIPHERS="ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256"
 
 Above is the default. See the ciphers(1) man page from the openssl
 package for a list of all available options.
 
+Additionally you can define that the client choses the used cipher in
+`/etc/default/pveproxy` (default is the first cipher in the list available to
+both client and `pveproxy`):
+
+ HONOR_CIPHER_ORDER=0
+
 
 Diffie-Hellman Parameters
 -------------------------
@@ -98,6 +104,14 @@ The private key may not use a passphrase.
 
 See the Host System Administration chapter of the documentation for details.
 
+COMPRESSION
+-----------
+
+By default `pveproxy` uses gzip HTTP-level compression for compressible
+content, if the client supports it. This can disabled in `/etc/default/pveproxy`
+
+ COMPRESSION=0
+
 ifdef::manvolnum[]
 include::pve-copyright.adoc[]
 endif::manvolnum[]