native_tls_port

Added in version 1.7.29.

This server provides plain tls port, which can be placed in front of other servers.

The following common keys are supported:

• listen_in_worker

• tls ticketer

• ingress_network_filter

listen

required, type: tcp listen

Set the listen config for this server.

The instance count setting will be ignored if listen_in_worker is correctly enabled.

tls_server

required, type: openssl server config

Enable TLS on the listening socket by using OpenSSL and set TLS parameters.

server

required, type: str

Set name of the next server to send the accepted connections to.

The next server should be able to accept tls connections.

proxy_protocol

optional, type: proxy protocol version

Set the version of PROXY protocol we use for incoming tcp connections.

If set, connections with no matched PROXY Protocol message will be dropped.

The TLS handshake with the client will happen after we receive the PROXY Protocol message.

Note

The ingress_network_filter config option of this server will always applies to the real socket client address.

default: not set, which means PROXY protocol won’t be used

proxy_protocol_read_timeout

optional, type: humanize duration

Set the timeout value before we read a complete PROXY Protocol message.

default: 5s