Skip to content

Commit d3025b9

Browse files
agentzhagentzh
committed
added more docs.
1 parent 3fa3f19 commit d3025b9

File tree

1 file changed

+41
-2
lines changed

1 file changed

+41
-2
lines changed

README.md

Lines changed: 41 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -3,6 +3,45 @@ NAME
33

44
lua-ssl-nginx-module - NGINX C module that extends `ngx_http_lua_module` for enhanced SSL/TLS capabilities
55

6+
Synopsis
7+
========
8+
9+
```nginx
10+
http {
11+
lua_package_path "/path/to/lua-ssl-nginx-module/lualib/?.lua;;";
12+
13+
lua_shared_dict my_cache 10m;
14+
15+
init_by_lua_block {
16+
require("ngx.ssl.session.ticket.key_rotation").init{
17+
shdict_name = "my_cache",
18+
shm_cache_positive_ttl = 24 * 3600 * 1000, -- in ms
19+
shm_cache_negative_ttl = 0, -- in ms
20+
disable_shm_cache = false, -- default false
21+
memc_key_prefix = "ticket-key/",
22+
ticket_ttl = 24 * 3600, -- in sec
23+
key_rotation_period = 3600, -- in sec
24+
}
25+
}
26+
27+
init_worker_by_lua_block {
28+
require("ngx.ssl.session.ticket.key_rotation").start_update_timer()
29+
}
30+
31+
server {
32+
listen 443 ssl;
33+
server_name "foo.com";
34+
35+
locatoin / {
36+
}
37+
38+
...
39+
}
40+
41+
...
42+
}
43+
```
44+
645
Description
746
===========
847

@@ -18,14 +57,14 @@ Memcached server(s) with a key containing the timestamp every hour. It has the f
1857
advantages:
1958

2059
1. We keep a list of keys inside the nginx server and only evict the oldest key every hour, which allows
21-
gradual phase-out of old keys.
60+
gradual phase-out of old keys. The size of the list depends on the `ticket_ttl` and `key_rotation_period` settings.
2261
1. The keys are updated automatically for all the virtual (SSL) servers defined in the `nginx.conf` file.
2362
1. No NGINX server reload or restart is needed. New keys are pulled from Memcached or
2463
Memcached-compatible servers automatically every hour.
2564
1. All network I/O is 100% nonblocking, that is, it never blocks any OS threads nor the nginx event loop, even on shm cache misses.
2665
1. All the core logic is in pure Lua, which is every easy to hack and adjust for special requirements.
2766
1. Uses shm cache for the keys so that only one worker needs to query the Memcached or
28-
Memcached-compatible servers.
67+
Memcached-compatible servers. The shm cache can be disabled though.
2968

3069
Installation
3170
============

0 commit comments

Comments
 (0)