You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@trafficserver.apache.org by ig...@apache.org on 2011/04/13 04:00:43 UTC
svn commit: r1091627 - in
/trafficserver/site/branches/ats-cms/content/docs/trunk/admin:
event-logging-formats/index.en.mdtext
explicit-proxy-caching/index.en.mdtext getting-started/index.en.mdtext
security-options/index.en.mdtext
Author: igalic
Date: Wed Apr 13 02:00:43 2011
New Revision: 1091627
URL: http://svn.apache.org/viewvc?rev=1091627&view=rev
Log:
Clean up links and repetition.
Remove condenscending phrasing - I will assume that our users know that files
are best edited by opening them in an editor, and that it's best way to keep
the changed content is to save the file, before quitting that editor.
This is far from done, but it's good progress.
Modified:
trafficserver/site/branches/ats-cms/content/docs/trunk/admin/event-logging-formats/index.en.mdtext
trafficserver/site/branches/ats-cms/content/docs/trunk/admin/explicit-proxy-caching/index.en.mdtext
trafficserver/site/branches/ats-cms/content/docs/trunk/admin/getting-started/index.en.mdtext
trafficserver/site/branches/ats-cms/content/docs/trunk/admin/security-options/index.en.mdtext
Modified: trafficserver/site/branches/ats-cms/content/docs/trunk/admin/event-logging-formats/index.en.mdtext
URL: http://svn.apache.org/viewvc/trafficserver/site/branches/ats-cms/content/docs/trunk/admin/event-logging-formats/index.en.mdtext?rev=1091627&r1=1091626&r2=1091627&view=diff
==============================================================================
--- trafficserver/site/branches/ats-cms/content/docs/trunk/admin/event-logging-formats/index.en.mdtext (original)
+++ trafficserver/site/branches/ats-cms/content/docs/trunk/admin/event-logging-formats/index.en.mdtext Wed Apr 13 02:00:43 2011
@@ -20,8 +20,8 @@ Notice: Licensed to the Apache Softwa
# Event Logging Formats # {#EventLoggingFormats}
-* [Custom Logging Fields](#66912) provides descriptions of logging fields.
-* [Logging Format Cross-Reference](#63460) provides cross-references between Trafic Server logging fields and Netscape & Squid logging fields (including Netscape Extended and Extended-2 fields).
+* [Custom Logging Fields](#CustomLoggingFields) provides descriptions of logging fields.
+* [Logging Format Cross-Reference](#LoggingFormatCrossReference) provides cross-references between Trafic Server logging fields and Netscape & Squid logging fields (including Netscape Extended and Extended-2 fields).
## Custom Logging Fields ## {#CustomLoggingFields}
@@ -239,7 +239,7 @@ Notice: Licensed to the Apache Softwa
Traffic Server and the time at which Traffic Server sends the last byte of
the response back to the client.
-## Logging Format Cross-Reference ## {#LoggingFormatCross-Reference}
+## Logging Format Cross-Reference ## {#LoggingFormatCrossReference}
The following sections illustrate the correspondence between Traffic Server
logging fields and standard logging fields for the Squid and Netscape formats.
Modified: trafficserver/site/branches/ats-cms/content/docs/trunk/admin/explicit-proxy-caching/index.en.mdtext
URL: http://svn.apache.org/viewvc/trafficserver/site/branches/ats-cms/content/docs/trunk/admin/explicit-proxy-caching/index.en.mdtext?rev=1091627&r1=1091626&r2=1091627&view=diff
==============================================================================
--- trafficserver/site/branches/ats-cms/content/docs/trunk/admin/explicit-proxy-caching/index.en.mdtext (original)
+++ trafficserver/site/branches/ats-cms/content/docs/trunk/admin/explicit-proxy-caching/index.en.mdtext Wed Apr 13 02:00:43 2011
@@ -23,7 +23,7 @@ client software (i.e., browsers) to send
## Explicit Proxy Caching for HTTP ## {#ExplicitProxyCachingforHTTP}
- If you do not configure Traffic Server to use the transparency option (with
+If you do not configure Traffic Server to use the transparency option (with
which client requests are intercepted en route to origin servers by a switch/router
and rerouted to the Traffic Server machine), then clients must configure their
web browsers to send HTTP requests to the Traffic Server proxy cache by configuring
@@ -38,14 +38,14 @@ must provide the following information:
* The fully-qualified hostname or IP address of the Traffic Server node
* The Traffic Server proxy server port (port 8080)
-In addition, clients can specify _not_ to use Traffic Server for certain sites
-- in such cases, requests to the listed sites go directly to the origin server.
+In addition, clients can specify _not_ to use Traffic Server for certain sites -
+in such cases, requests to the listed sites go directly to the origin server.
The procedures for manual configuration vary among browser versions; refer
to specific browser documentation for complete proxy configuration instructions.
You do not need to set any special configuration options on Traffic Server
if you want to accept requests from manually-configured browsers.
-### Using a PAC File ### {#UsingaPACFile}
+### Using a PAC File ### {#UsingPACFile}
A **PAC file** is a specialized JavaScript function definition that a browser
calls to determine how requests are handled. Clients must specify (in their
@@ -56,33 +56,10 @@ the URL for this file to your clients.
If you want to store a PAC file on the Traffic Server system, then you must
perform the following configuration:
-* Either copy an existing PAC file into the Traffic Server `config` directory or enter a script that defines the proxy server configuration settings in the `proxy.pac` file provided (the file is empty by default).
-* Specify the port Traffic Server uses to serve the PAC file. The default port is 8083.
-
-##### Configure Traffic Server to provide a PAC file manually: ##### {#ConfigureTSprovideaPACfilemanually}
-
-1. If you have an existing PAC file, then replace the `proxy.pac` file located in the Traffic Server `config` directory with the existing file.
-2. In a text editor, open the `records.config` file located in the Traffic Server `config` directory.
-3. Edit the following variable:
-4. **Variable** **Description**
-`_proxy.config.admin.autoconf_port_`
-:
-
- Set this variable to specify the port Traffic Server uses to serve the PAC
- file. The default port is 8083.
-
-
-
-5. Save and close the `records.config` file.
-6. In a text editor, open the `proxy.pac` file located in the Traffic Server `config` directory.
-
-* If you copied an existing PAC file into the Traffic Server config directory, then the `proxy.pac` file contains your proxy configuration settings. Check the settings and make changes if necessary.
-* If you did not copy an existing PAC file into the Traffic Server `config` directory, then the `proxy.pac` file is empty. Enter a script that will provide the proxy server configuration settings. A sample script is provided in [Sample PAC File](#SamplePACFile).
-
-Save and close the `proxy.pac` file.
- Restart Traffic Server.
- Inform your users to set their browsers to point to this PAC file; [click here
-for browser settings](#SetBrowsersPointPACFile).
+* Either copy an existing PAC file into the Traffic Server `config` directory
+ or enter a script that defines the proxy server configuration settings in the
+ `proxy.pac` file provided. The file is empty by default. A sample script is provided in [Sample PAC File](#SamplePACFile).
+* Specify the port Traffic Server uses to serve the PAC file. The default port is [8083](../configuration-files/records.config#proxy.config.admin.autoconf_port).
#### Sample PAC File #### {#SamplePACFile}
@@ -90,57 +67,13 @@ The following sample PAC file instructs
hosts without a fully-qualified domain name and to all hosts in the local domain.
All other requests go to the Traffic Server named `myproxy.company.com`.
-`function FindProxyForURL(url, host)
-{
- if (isPlainHostName(host)) ||
- (localHostOrDomainIs(host, ".company.com")) {
- return "DIRECT";
- }
- else
- return "PROXY myproxy.company.com:8080;" +
- "DIRECT";
-} `
-
-### Â ### {#Â }
-
-Â
-
-
-
-
-
-
-
-
-
-
-
-* [Overview](intro.htm)
-* [Getting Started](getstart.htm)
-* [HTTP Proxy Caching ](http.htm)
-* [Explicit Proxy Caching](explicit.htm)
-* [Reverse Proxy and HTTP Redirects](reverse.htm)
-* [Hierarchical Caching](hier.htm)
-* [Configuring the Cache](cache.htm)
-* [Monitoring Traffic](monitor.htm)
-* [Configuring Traffic Server](configure.htm)
-* [Security Options](secure.htm)
-* [Working with Log Files](log.htm)
-* [Traffic Line Commands](cli.htm)
-* [Event Logging Formats](logfmts.htm)
-* [Configuration Files](files.htm)
-* [Traffic Server Error Messages](errors.htm)
-* [FAQ and Troubleshooting Tips](trouble.htm)
-* [Traffic Server 管çåæå](ts_admin_chinese.pdf) (PDF)
-
-
-
-
-
- Copyright © 2011 [The Apache Software Foundation](http://www.apache.org/).
-Licensed under the [Apache License](http://www.apache.org/licenses/), Version
-2.0. Apache Traffic Server, Apache, the Apache Traffic Server logo, and the
-Apache feather logo are trademarks of The Apache Software Foundation.
-
-
+ ::::javascript
+ function FindProxyForURL(url, host)
+ {
+ if (isPlainHostName(host)) || (localHostOrDomainIs(host, ".company.com")) {
+ return "DIRECT";
+ }
+ else
+ return "PROXY myproxy.company.com:8080; DIRECT";
+ }
Modified: trafficserver/site/branches/ats-cms/content/docs/trunk/admin/getting-started/index.en.mdtext
URL: http://svn.apache.org/viewvc/trafficserver/site/branches/ats-cms/content/docs/trunk/admin/getting-started/index.en.mdtext?rev=1091627&r1=1091626&r2=1091627&view=diff
==============================================================================
--- trafficserver/site/branches/ats-cms/content/docs/trunk/admin/getting-started/index.en.mdtext (original)
+++ trafficserver/site/branches/ats-cms/content/docs/trunk/admin/getting-started/index.en.mdtext Wed Apr 13 02:00:43 2011
@@ -37,8 +37,9 @@ the health of the Traffic Server system.
##### To run the `trafficserver start` command: ##### {#runTSstartcommand}
1. Log on to the Traffic Server node as the Traffic Server administrator and navigate to the Traffic Server `bin` directory.
-2. Enter the following command:
-`./trafficserver start`
+2. Enter the following command:
+
+ ./trafficserver start
## Start Traffic Line ## {#StartTrafficLine}
@@ -46,13 +47,13 @@ Traffic Line provides a quick way of vie
configuring the Traffic Server system via command-line interface. To execute
individual commands or script multiple commands, refer to [Traffic Line Commands](../traffic-line-commands).
-##### To start a Traffic Line session: ##### {#startaTrafficLinesession}
+Traffic Line commands take the following form:
+
+ ./traffic_line -command argument
-1. Log on to a Traffic Server node as the Traffic Server administrator and navigate to the Traffic Server `bin` directory.
- Traffic Line commands take the following form:
-`./traffic_line` _`-command argument`_
-2. For a list of `traffic_line` commands, enter:
-`./traffic_line -h`
+For a list of `traffic_line` commands, enter:
+
+ ./traffic_line -h
## Start Traffic Shell ## {#StartTrafficShell}
@@ -60,16 +61,13 @@ Traffic Shell is a command-line tool tha
Traffic Server; it can be used instead of Traffic Line. Traffic Server provides
documentation for Traffic Shell in the form of manual (`man`) pages.
-##### To start Traffic Shell and read an overview `man` page: ##### {#startTrafficShellreadanoverviewmanpage}
+ ./start_traffic_shell
-1. Log on to a Traffic Server node as the Traffic Server administrator and navigate to the Traffic Server `bin` directory.
-2. Enter the following command:
-`./start_traffic_shell`
+The `man` page describes how to use Traffic Shell, how to obtain a list of available
+commands, and how to obtain documentation about each command.
-3. Enter the following command to display the `traffic_shell` overview `man` page:
-`man traffic_shell`
+ man traffic_shell
- The `man` page describes how to use Traffic Shell, how to obtain a list of available commands, and how to obtain documentation about each command.
## Stop Traffic Server ## {#StopTS}
@@ -78,9 +76,5 @@ the attribute `stop`. This command stops
`traffic_server`, and `traffic_cop`). Do not manually stop processes, as this
can lead to unpredictable results.
-##### To run the `trafficserver stop` command: ##### {#runTSstopcommand}
-
-1. Log on to the node as the Traffic Server administrator and navigate to the Traffic Server `bin` directory.
-2. Enter the following command:
-`./trafficserver stop`
+ ./trafficserver stop
Modified: trafficserver/site/branches/ats-cms/content/docs/trunk/admin/security-options/index.en.mdtext
URL: http://svn.apache.org/viewvc/trafficserver/site/branches/ats-cms/content/docs/trunk/admin/security-options/index.en.mdtext?rev=1091627&r1=1091626&r2=1091627&view=diff
==============================================================================
--- trafficserver/site/branches/ats-cms/content/docs/trunk/admin/security-options/index.en.mdtext (original)
+++ trafficserver/site/branches/ats-cms/content/docs/trunk/admin/security-options/index.en.mdtext Wed Apr 13 02:00:43 2011
@@ -24,7 +24,7 @@ Traffic Server provides a number of secu
This chapter discusses the following topics:
* [Controlling Client Access to the Proxy Cache](#ControllingClientAccessProxyCache)
-* [Configuring DNS Server Selection (Split DNS)](#ConfiguringDNSServerSelectionSplit)
+* [Configuring DNS Server Selection (Split DNS)](#SplitDNS)
* [Configuring Proxy Authentication](#ConfiguringProxyAuthentication)
* [Using SSL Termination](#UsingSSLTermination)
@@ -35,16 +35,14 @@ cache by editing a configuration file.
##### To specify the clients allowed to use the proxy cache: ##### {#specifyclientsalloweduseproxycache}
-1. In a text editor, open the `ip_allow.config` file located in the Traffic Server `config` directory.
-2. Add a line in the file for each IP address or range of IP addresses allowed to access Traffic Server (refer to [ip_allow.config](files.htm#ip_allow.config)).
-3. Save and close the `ip_allow.config` file.
-4. Navigate to the Traffic Server `bin` directory.
+2. Add a line in the file `ip_allow.config` for each IP address or range of
+ IP addresses allowed to access Traffic Server (refer to [ip_allow.config](../configuration-files/ip_allow.config)).
5. Run the command `traffic_line -x` to apply the configuration changes.
-## Configuring DNS Server Selection (Split DNS) ## {#ConfiguringDNSServerSelection(SplitDNS)}
+## Configuring DNS Server Selection (Split DNS) ## {#SplitDNS}
-The **Split DNS **option enables you to configure Traffic Server to use multiple
+The **Split DNS** option enables you to configure Traffic Server to use multiple
DNS servers, as dictated by your security requirements. For example, you might
configure Traffic Server to use one set of DNS servers to resolve hostnames
on your internal network, while allowing DNS servers outside the firewall to
@@ -54,18 +52,14 @@ while continuing to provide direct acces
To configure Split DNS, you must do the following:
-* Specify the rules for performing DNS server selection based on the destination domain, the destination host, or a URL regular expression.
+* Specify the rules for performing DNS server selection based on the destination domain,
+ the destination host, or a URL regular expression.
* Enable the **Split DNS** option.
##### To configure Split DNS: ##### {#configureSplitDNS}
-1. In a text editor, open the `splitdns.config` file located in the Traffic Server `config` directory.
-2. Add rules to the `splitdns.config` file. For information about the format of the `splitdns.config` file, [click here](files.htm#splitdns.config).
-3. Save and close the `splitdns.config` file.
-4. In a text editor, open the `records.config` file located in the Traffic Server `config` directory.
-5. Set the variable _`proxy.process.dns.splitDNS.enabled`_ to `1` to enable split DNS.
-7. Save and close the `records.config` file.
-8. Navigate to the Traffic Server `bin` directory.
+2. Add rules to the `splitdns.config` file. (Refer to [`splitdns.config`](../configuration-files/splitdns.config).
+5. In the file `records.config` the variable [_`proxy.process.dns.splitDNS.enabled`_](../configuration-files/records.config#proxy.process.dns.splitDNS.enabled) to `1` to enable split DNS.
9. Run the command `traffic_line -x` to apply the configuration changes.
## Using SSL Termination ## {#UsingSSLTermination}
@@ -92,13 +86,7 @@ The figure below illustrates communicati
(and between Traffic Server and an origin server) when the SSL termination
option is enabled & configured for** client/Traffic Server connections only**.
-
-
->
->
->
-> _**Client and Traffic Server communication using SSL termination**_
->
+
The figure above depicts the following:
@@ -122,58 +110,38 @@ The client decrypts and displays the con
To configure Traffic Server to use the SSL termination option for client/Traffic
Server connections, you must do the following:
-* Obtain and install an SSL server certificate from a recognized certificate authority (such as VeriSign). The SSL server certificate contains information that enables the client to authenticate Traffic Server and exchange encryption keys.
+* Obtain and install an SSL server certificate from a recognized certificate authority.
+ The SSL server certificate contains information that enables the client to authenticate
+ Traffic Server and exchange encryption keys.
* Configure SSL termination options:
* Enable the **SSL termination** option.
- Set the port number used for SSL communication.
- Specify the filename and location of the server certificate.
- (Optional) Configure the use of client certificates.
- Client certificates are located on the client. If you configure Traffic Server to require client certificates, then Traffic Server verifies the client certificate during the SSL handshake that authenticates the client. If you configure Traffic Server to _not_ require client certificates, then access to Traffic Server is managed through other Traffic Server options that have been set (such as rules in the `ip_allow.config` file).
- Specify the filename and location of the Traffic Server private key (if the private key is not located in the server certificate file).
- Traffic Server uses its private key during the SSL handshake to decrypt the session encryption keys. The private key must be stored and protected against theft.
- (Optional) Configure the use of Certification Authorities (CAs).
- CAs add security by verifying the identity of the person requesting a certificate.
+ * Set the port number used for SSL communication.
+ * Specify the filename and location of the server certificate.
+ * (Optional) Configure the use of client certificates:
+ Client certificates are located on the client. If you configure Traffic Server to require client
+ certificates, then Traffic Server verifies the client certificate during the SSL handshake that
+ authenticates the client. If you configure Traffic Server to _not_ require client certificates,
+ then access to Traffic Server is managed through other Traffic Server options that have been set
+ (such as rules in the [`ip_allow.config`](../configuration-files/ip_allow.config) file).
+ * Specify the filename and location of the Traffic Server private key (if the private key is not
+ located in the server certificate file).
+ Traffic Server uses its private key during the SSL handshake to decrypt the session encryption keys.
+ The private key must be stored and protected against theft.
+ * (Optional) Configure the use of Certification Authorities (CAs).
+ CAs add security by verifying the identity of the person requesting a certificate.
##### To configure SSL termination for client/Traffic Server connections: ##### {#configureSSLterminationforclient/TSconnections}
-1. In a text editor, open the `records.config` file located in the Traffic Server `config` directory.
-2. Edit the following variables in the `SSL Termination` section of the file:
-3. **Variable** **Description**
-`_proxy.config.ssl.enabled_`
-: Set this variable to 1 to enable the SSL termination option.
-`_proxy.config.ssl.server_port_`
-: Set this variable to specify the port used for SSL communication. The default
- port is 443.
-`_proxy.config.ssl.client.certification_level_`
-: Set this variable to one of the following values:
- `0` - no client certificates are required. Traffic Server does not verify client certificates during the SSL handshake. Access to Traffic Server depends on Traffic Server configuration options (such as access control lists).
- `1` - client certificates are optional. If a client has a certificate, then the certificate is validated. If the client does not have a certificate, then the client is still allowed access to Traffic Server unless access is denied through other Traffic Server configuration options.
- `2` - client certificates are required. The client must be authenticated during the SSL handshake; Clients without a certificate are not allowed to access Traffic Server.
-`_proxy.config.ssl.server.cert.filename_`
-: Set this variable to specify the filename of the Traffic Server SSL server certificate.
- Traffic Server provides a demo server certificate called `server.pem` - use this certificate to verify that the SSL feature is working.
- If you are using multiple server certificates, then set this variable to specify the default filename.
-`_proxy.config.ssl.server.cert.path_`
-: Set this variable to specify the location of the Traffic Server SSL server
- certificate. The default directory is the Traffic Server `config` directory.
-
-`_proxy.config.ssl.server.private_key.filename_`
-: Set this variable to specify the filename of the Traffic Server private key.
- Change this variable only if the private key is not located in the Traffic
- Server SSL server certificate file.
-`_proxy.config.ssl.server.private_key.path_`
-: Set this variable to specify the location of the Traffic Server private key.
- Change this variable only if the private key is not located in the Traffic
- Server SSL server certificate file.
-`_proxy.config.ssl.CA.cert.filename_`
-: Specify the filename of the certificate authority that client certificates
- will be verified against. The default value is `NULL`.
-`_proxy.config.ssl.CA.cert.path_`
-: Specify the location of the certificate authority file that client certificates
- will be verified against. The default value is `NULL`.
-
-4. Save and close the `records.config` file.
-5. Navigate to the Traffic Server `bin` directory.
+2. Edit the following variables in the `SSL Termination` section of the `records.config` file:
+ * [_`proxy.config.ssl.enabled`_](../configuration-files/records.config#proxy.config.ssl.enabled)
+ * [_`proxy.config.ssl.server_port`_](../configuration-files/records.config#proxy.config.ssl.server_port)
+ * [_`proxy.config.ssl.client.certification_level`_](../configuration-files/records.config#proxy.config.ssl.client.certification_level)
+ * [_`proxy.config.ssl.server.cert.filename`_](../configuration-files/records.config#proxy.config.ssl.server.cert.filename)
+ * [_`proxy.config.ssl.server.cert.path`_](../configuration-files/records.config#proxy.config.ssl.server.cert.path)
+ * [_`proxy.config.ssl.server.private_key.filename`_](../configuration-files/records.config#proxy.config.ssl.server.private_key.filename)
+ * [_`proxy.config.ssl.server.private_key.path`_](../configuration-files/records.config#proxy.config.ssl.server.private_key.path)
+ * [_`proxy.config.ssl.CA.cert.filename`_](../configuration-files/records.config#proxy.config.ssl.CA.cert.filename)
+ * [_`proxy.config.ssl.CA.cert.path`_](../configuration-files/records.config#proxy.config.ssl.CA.cert.path)
6. Run the command `traffic_line -L` to restart Traffic Server on the local node or `traffic_line -M` to restart Traffic Server on all the nodes in a cluster.
### Traffic Server and Origin Server Connections ### {#TSOriginServerConnections}
@@ -182,13 +150,7 @@ The figure below illustrates communicati
server when the SSL termination option is enabled for **Traffic Server/origin
server connections**.
-
-
->
->
->
-> _**Traffic Server and origin server communication using SSL termination**_
->
+
The figure above depicts the following:
@@ -211,55 +173,35 @@ text version of the content to the clien
To configure Traffic Server to use the SSL termination option for Traffic Server
and origin server connections, you must do the following:
-* Obtain and install an SSL client certificate from a recognized certificate authority (such as VeriSign). The SSL client certificate contains information that allows the origin server to authenticate Traffic Server (the client certificate is optional).
+* Obtain and install an SSL client certificate from a recognized certificate authority.
+ The SSL client certificate contains information that allows the origin server to
+ authenticate Traffic Server (the client certificate is optional).
* Configure SSL termination options:
* Enable the SSL termination option.
- Set the port number used for SSL communication.
- Specify the filename and location of the SSL client certificate (if you choose
-to use a client certificate).
- Specify the filename and location of the Traffic Server private key (if the private key is not located in the client certificate file).
- Traffic Server uses its private key during the SSL handshake to decrypt the session encryption keys. The private key must be stored and protected against theft.
- Configure the use of CAs.
- CAs allow the Traffic Server that's acting as a client to verify the identity of the server with which it is communicating, thereby enabling exchange of encryption keys.
+ * Set the port number used for SSL communication.
+ * Specify the filename and location of the SSL client certificate (if you choose
+ to use a client certificate).
+ * Specify the filename and location of the Traffic Server private key (if the
+ private key is not located in the client certificate file).
+ Traffic Server uses its private key during the SSL handshake to decrypt the
+ session encryption keys. The private key must be stored and protected against theft.
+ * Configure the use of CAs.
+ CAs allow the Traffic Server that's acting as a client to verify the identity of
+ the server with which it is communicating, thereby enabling exchange of encryption keys.
##### To configure SSL termination for Traffic Server/origin server connections: ##### {#configureSSLterminationforTS/originserverconnections}
-1. In a text editor, open the `records.config` file located in the Traffic Server `config` directory.
-2. Edit the following variables in the `SSL Termination `section of the file:
-3. **Variable** **Description**
-`_proxy.config.ssl.auth.enabled_`
-: Set this variable to `1` to enable the SSL termination option.
-`_proxy.config.ssl.server_port_`
-: Set this variable to specify the port used for SSL communication. The default
- port is `443`.
-`_proxy.config.ssl.client.verify.server_`
-: Set this option to `1` to require Traffic Server to verify the origin server
- certificate with the Certificate Authority.
-`_proxy.config.ssl.client.cert.filename_`
-: If you have installed an SSL client certificate on Traffic Server, then set
- this variable to specify the client certificate filename.
-`_proxy.config.ssl.client.cert.path_`
-: If you have installed an SSL client certificate on Traffic Server, then set
- this variable to the location of the client certificate. The default location
- is the Traffic Server `config` directory.
-`_proxy.config.ssl.client.private_key.filename_`
-: Set this variable to specify the filename of the Traffic Server private key.
- Change this variable only if the private key is not located in the Traffic
- Server SSL client certificate file.
-`_proxy.config.ssl.client.private_key.path_`
-: Set this variable to specify the location of the Traffic Server private key.
- Change this variable only if the private key is not located in the SSL client
- certificate file.
-`_proxy.config.ssl.client.CA.cert.filename_`
-: Specify the filename of the Certificate Authority against which the origin
- server will be verified. The default value is `NULL`.
-`_proxy.config.ssl.client.CA.cert.path_`
-: Specify the location of the Certificate Authority file against which the origin
- server will be verified. The default value is `NULL`.
-
-4. Save and close the `records.config` file.
-5. Navigate to the Traffic Server `bin` directory.
+2. Edit the following variables in the `SSL Termination` section of the `records.config` file:
+ * [_`proxy.config.ssl.auth.enabled`_](../configuration-files/records.config#proxy.config.ssl.auth.enabled)
+ * [`proxy.config.ssl.server_port`](../configuration-files/records.config#proxy.config.ssl.server_port)
+ * [`proxy.config.ssl.client.verify.server`](../configuration-files/records.config#proxy.config.ssl.client.verify.server)
+ * [`proxy.config.ssl.client.cert.filename`](../configuration-files/records.config#proxy.config.ssl.client.cert.filename)
+ * [`proxy.config.ssl.client.cert.path`](../configuration-files/records.config#proxy.config.ssl.client.cert.path)
+ * [`proxy.config.ssl.client.private_key.filename`](../configuration-files/records.config#proxy.config.ssl.client.private_key.filename)
+ * [`proxy.config.ssl.client.private_key.path`](../configuration-files/records.config#proxy.config.ssl.client.private_key.path)
+ * [`proxy.config.ssl.client.CA.cert.filename`](../configuration-files/records.config#proxy.config.ssl.client.CA.cert.filename)
+ * [`proxy.config.ssl.client.CA.cert.path`](../configuration-files/records.config#proxy.config.ssl.client.CA.cert.path)
6. Run the command `traffic_line -L` to restart Traffic Server on the local node or `traffic_line -M` to restart Traffic Server on all the nodes in a cluster.
### Configuring Traffic Server to Use an SSL Accelerator Card ### {#ConfiguringTSUseanSSLAcceleratorCard}
@@ -272,82 +214,9 @@ you'll use the library supported & provi
##### Configure Traffic Server to use an SSL accelerator card: ##### {#ConfigureTSuseanSSLacceleratorcard}
-1. In a text editor, open the `records.config` file located in the Traffic Server `config` directory.
-2. Edit the following variables in the `SSL Termination` section of the file:
-3. **Variable** **Description**
-`_proxy.confg.ssl.accelerator_required_`
-: Set this specify if an accelerator card is required for operation.
-
- You may specify:
- `0` - not required
- `1` - accelerator card is required and Traffic Server will not enable SSL unless an accelerator card is present.
- `2` - accelerator card is required and Traffic Server will not start unless an accelerator card is present.
-
-
-
-
- You can verify operation by running` /home/y/bin/openssl_accelerated` (this
- comes as part of `openssl_engines_init`).
-
-
-`_proxy.confg.ssl.accelerator.type_`
-:
-
- Specifies if the Cavium SSL accelerator card is installed on (and required
- by) your Traffic Server machine:
-
-
-
-
- `0` = none. No SSL accelerator card is installed on the Traffic Server machine,
- so the CPU on the Traffic Server machine determines the number of requests
- served per second.
-
-
-
-
- `1` = an accelerator card is present and required by Traffic Server.
-
-
-
-4. Save and close the `records.config` file.
-5. Navigate to the Traffic Server `bin` directory.
-6. Run the command `traffic_line -L` to restart Traffic Server on the local node or `traffic_line -M` to restart Traffic Server on all the nodes in a cluster.
-
-
-
-
-
-
-
-
-
-* [Overview](intro.htm)
-* [Getting Started](getstart.htm)
-* [HTTP Proxy Caching ](http.htm)
-* [Explicit Proxy Caching](explicit.htm)
-* [Reverse Proxy and HTTP Redirects](reverse.htm)
-* [Hierarchical Caching](hier.htm)
-* [Configuring the Cache](cache.htm)
-* [Monitoring Traffic](monitor.htm)
-* [Configuring Traffic Server](configure.htm)
-* [Security Options](secure.htm)
-* [Working with Log Files](log.htm)
-* [Traffic Line Commands](cli.htm)
-* [Event Logging Formats](logfmts.htm)
-* [Configuration Files](files.htm)
-* [Traffic Server Error Messages](errors.htm)
-* [FAQ and Troubleshooting Tips](trouble.htm)
-* [Traffic Server 管çåæå](ts_admin_chinese.pdf) (PDF)
-
-
-
-
-
- Copyright © 2011 [The Apache Software Foundation](http://www.apache.org/).
-Licensed under the [Apache License](http://www.apache.org/licenses/), Version
-2.0. Apache Traffic Server, Apache, the Apache Traffic Server logo, and the
-Apache feather logo are trademarks of The Apache Software Foundation.
-
-
+2. Edit the following variables in the `SSL Termination` section of the `records.config` file:
+ * [_`proxy.confg.ssl.accelerator_required`_](../configuration-files/records.config#proxy.config.ssl.accelerator_required)
+ * [_`proxy.confg.ssl.accelerator.type`_](../configuration-files/records.config#proxy.confg.ssl.accelerator.type)
+6. Run the command `traffic_line -L` to restart Traffic Server on the local node or `traffic_line -M`
+ to restart Traffic Server on all the nodes in a cluster.