trafficserver-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From mlib...@apache.org
Subject svn commit: r917681 [7/8] - /incubator/trafficserver/site/trunk/docs/admin/
Date Mon, 01 Mar 2010 19:53:48 GMT
Modified: incubator/trafficserver/site/trunk/docs/admin/secure.htm
URL: http://svn.apache.org/viewvc/incubator/trafficserver/site/trunk/docs/admin/secure.htm?rev=917681&r1=917680&r2=917681&view=diff
==============================================================================
--- incubator/trafficserver/site/trunk/docs/admin/secure.htm (original)
+++ incubator/trafficserver/site/trunk/docs/admin/secure.htm Mon Mar  1 19:53:47 2010
@@ -1,26 +1,27 @@
-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
 <html>
 <head>
-<title>Traffic Server Administrator's Guide</title>
-
-<!--#include file="top.html" -->
+<title>Traffic Edge Administrator’s Guide</title>
+<meta content="text/html; charset=UTF-8" http-equiv="content-type"/>
+<link rel="stylesheet" href="doc.css" type="text/css" media="all" />
+</head>
 
+<body>
 <h1>Security Options</h1>
 <p>Traffic Server provides a number of security features.</p>
 <p>This chapter discusses the following topics: </p>
 <ul>
-<li><a href="#ControllingClientAccessProxyCache">Controlling Client Access to
the Proxy Cache</a></li> 
-<li><a href="#ControllingAccessTrafficManager">Controlling Access: SSL</a></li>

-<li><a href="#ConfiguringDNSServerSelectionSplit">Configuring DNS Server Selection
(Split DNS)</a></li> 
-<li><a href="#ConfiguringProxyAuthentication">Configuring Proxy Authentication</a></li>

-<li><a href="#UsingSSLTermination">Using SSL Termination</a></li>

+<li><a href="#ControllingClientAccessProxyCache"><em>Controlling Client
Access to the Proxy Cache</em></a></li> 
+<li><a href="#ControllingAccessTrafficManager"><em>Controlling Access:
SSL</em></a></li> 
+<li><a href="#ConfiguringDNSServerSelectionSplit"><em>Configuring DNS Server
Selection (Split DNS)</em></a></li> 
+<li><a href="#ConfiguringProxyAuthentication"><em>Configuring Proxy Authentication</em></a></li>

+<li><a href="#UsingSSLTermination"><em>Using SSL Termination</em></a></li>

 </ul>
 <h2 id="ControllingClientAccessProxyCache">Controlling Client Access to the Proxy Cache</h2>
 <p>You can configure Traffic Server to allow only certain clients to use the proxy
cache by  editing a configuration file.</p>
 <h5>To specify the clients allowed to use the proxy cache: </h5>
 <ol>
   <li>In a text editor, open the <code>ip_allow.config</code> file located
in the Traffic Server <code>config</code> directory. </li>
-  <li>Add a line in the file for each IP address or range of IP addresses allowed to
access Traffic Server (refer to <a href="files.htm#ip_allow.config">ip_allow.config</a>).
</li>
+  <li>Add a line in the file for each IP address or range of IP addresses allowed to
access Traffic Server (refer to <a href="files.htm#53256"><em>ip_allow.config</em></a>).
</li>
   <li>Save and close the <code>ip_allow.config</code> file. </li>
   <li>Navigate to the Traffic Server <code>bin</code> directory.</li>
   <li>Run the command <code>traffic_line -x</code> to apply the configuration
changes.</li>
@@ -28,40 +29,42 @@
 <h2 id="ControllingAccessTrafficManager">Controlling Access via SSL</h2>
 <p>By restricting access to Traffic Server, you ensure that only authenticated users
can change configuration options and view network traffic statistics. </p>
 <h3 id="UsingSSLSecureAdministration">Using SSL for Secure Administration</h3>
-<p>Traffic Server supports the Secure Sockets Layer  (<b>SSL</b>) protocol
to provide protection for remote administrative monitoring and configuration. SSL security
provides authentication for both ends of a network connection via certificates and provides
privacy via encryption. </p>
-<p>To use SSL, you must do the following:  </p>
+<p>Traffic Server supports the Secure Sockets Layer protocol (SSL) to provide protection
for remote administrative monitoring and configuration. SSL security provides authentication
for both ends of a network connection via certificates, and provides privacy via encryption.
</p>
+<p>To use SSL, you must perform the following procedures:  </p>
 <ul>
   <li>Obtain an SSL certificate  </li>
   <li>Enable SSL   </li>
 </ul>
 <h4>Obtain an SSL Certificate </h4>
-<p>The SSL certificate is a text file  you must install in the Traffic Server <code>config</code>
directory. Either rename the certificate to the default filename <code>private_key.pem</code>,
or specify the name of the certificate in the configuration file (follow the procedure in
<a href="#EnablingSSL">Enabling SSL</a>). </p>
+<p>The SSL certificate is a text file  you must install in the Traffic Server <code>config</code>
directory. You must either rename the certificate to the default filename <code>private_key.pem</code>,
or specify the name of the certificate in the configuration file (follow the procedure in
<a href="#EnablingSSL"><em>Enabling SSL</em></a>). </p>
 <h4 id="EnablingSSL">Enable SSL</h4>
-<p>After you've obtained an SSL certificate, enable SSL  by manually editing a configuration
file. Follow the steps below:</p>
+<p>After you have obtained an SSL certificate, enable SSL  by manually editing a configuration
file. Follow the steps below:</p>
 <ol>
   <li>In a text editor, open the <code>records.config</code> file located
in the Traffic Server <code>config</code> directory.  </li>
   <li>Edit the following variables:</li>
-  <table width="1232" border="1">
+<br />
+<table width="1232" border="1">
     <tr>
       <th width="322" scope="col">Variable</th>
       <th width="894" scope="col">Description</th>
     </tr>
     <tr>
       <td><code><i>proxy.config.admin.use_ssl</i></code></td>
-      <td>Set this variable to <code>1</code> to enable SSL.</td>
+      <td>Set this variable to 1 to enable SSL.</td>
   </tr>
       <tr>
       <td><code><i>proxy.config.admin.ssl_cert_file</i></code></td>
       <td>Set this variable to specify the filename of the SSL certificate. You have
to change the filename only if the certificate file does not use the default name <code>private_key.pem</code>.</td>
   </tr>
 </table>
+<br />
   <li>Save and close the <code>records.config</code> file. </li>
   <li>Navigate to the Traffic Server <code>bin</code> directory.</li>
   <li>Run the command <code>traffic_line -x</code> to apply the configuration
changes.</li>
 </ol>
 <h2><a name="ConfiguringDNSServerSelectionSplit"></a>Configuring DNS Server
Selection (Split DNS)</h2>
-<p>The <b>Split DNS </b>option enables you to configure Traffic Server
to use multiple DNS servers, as dictated by your security requirements. For example, you might
configure Traffic Server to use one set of DNS servers to resolve hostnames on your internal
network, while allowing DNS servers outside the firewall to resolve hosts on the Internet.
This maintains the security of your intranet, while continuing to provide direct access to
sites outside your organization. </p>
-<p>To configure Split DNS, you must do the following: </p>
+<p>The Split DNS option enables you to configure Traffic Server to use multiple DNS
servers, as dictated by your security requirements. For example, you might configure Traffic
Server to use one set of DNS servers to resolve hostnames on your internal network, while
allowing DNS servers outside the firewall to resolve hosts on the Internet. This maintains
the security of your intranet, while continuing to provide direct access to sites outside
your organization. </p>
+<p>To configure Split DNS, you must perform the following tasks: </p>
 <ul>
   <li>Specify the rules for performing DNS server selection based on the destination
domain, the destination host, or a URL regular expression. </li>
   <li>Enable the <b>Split DNS</b> option.</li>
@@ -69,24 +72,26 @@
 <h5>To configure Split DNS: </h5>
 <ol>
   <li>In a text editor, open the <code>splitdns.config</code> file located
in the Traffic Server <code>config</code> directory. </li>
-  <li>Add rules to the <code>splitdns.config</code> file. For information
about the format of the <code>splitdns.config</code> file, <a href="files.htm#splitdns.config">click
here</a>. </li>
+  <li>Add rules to the <code>splitdns.config</code> file. For information
about the format of the <code>splitdns.config</code> file, <a href="files.htm#132448"><em>click
here</em></a>. </li>
   <li>Save and close the <code>splitdns.config</code> file.</li>
   <li>In a text editor, open the <code>records.config</code> file located
in the Traffic Server <code>config</code> directory. </li>
   <li>Edit the following variables:</li>
-  <table width="1232" border="1">
+  <br />
+<table width="1232" border="1">
     <tr>
       <th width="322" scope="col">Variable</th>
       <th width="894" scope="col">Description</th>
     </tr>
     <tr>
       <td><code><i>proxy.process.dns.splitDNS.enabled</i></code></td>
-      <td>Set this variable to <code>1</code> to enable split DNS.</td>
+      <td>Set this variable to 1 to enable split DNS.</td>
   </tr>
    <tr>
       <td><code><i>proxy.config.dns.splitdns.def_domain</i></code></td>
       <td>Set this variable to specify the default domain for split DNS requests. Traffic
Server appends this value automatically to a hostname that does not include a domain before
determining which DNS server to use.</td>
   </tr>
 </table>
+<br />
   <li>Save and close the <code>records.config</code> file. </li>
   <li>Navigate to the Traffic Server <code>bin</code> directory. </li>
   <li>Run the command <code>traffic_line -x</code> to apply the configuration
changes. </li>
@@ -94,45 +99,46 @@
 
 
 <h2><a name="UsingSSLTermination"></a>Using SSL Termination</h2>
-<p>The Traffic Server <b>SSL termination</b> option enables you to secure
connections in reverse proxy mode between a client and a Traffic Server and/or Traffic Server
and an origin server. </p>
+<p>The Traffic Server SSL termination option enables you to secure connections in reverse
proxy mode between a client and a Traffic Server and/or Traffic Server and an origin server.
 </p>
 <p>The following sections describe how to enable and configure the SSL termination
option.  </p>
 <ul>
-  <li>Enable and configure SSL termination for client/Traffic Server connections: <a
href="#ClientTrafficEdgeConnections">Client and Traffic Server Connections</a>. </li>
-  <li>Enable and configure SSL termination for Traffic Server/origin server connections:
 <a href="#TrafficEdgeOriginServerConnections">Traffic Server and Origin Server Connections</a>.
</li>
-  <li>Enable and configure SSL termination for both client/Traffic Server and Traffic
Server/origin server connections: <a href="#ClientTrafficEdgeConnections">Client and
Traffic Server Connections</a> and <a href="#TrafficEdgeOriginServerConnections">Traffic
Server and Origin Server Connections</a>, respectively.</li>
+  <li>To enable and configure SSL termination for client/Traffic Server connections:
<a href="#ClientTrafficEdgeConnections"><em>Client and Traffic Server Connections</em></a>.
</li>
+  <li>To enable and configure SSL termination for Traffic Server/origin server connections:
 <a href="#TrafficEdgeOriginServerConnections"><em>Traffic Server and Origin Server
Connections</em></a>. </li>
+  <li>To enable and configure SSL termination for both client/Traffic Server and Traffic
Server/origin server connections: <a href="#ClientTrafficEdgeConnections"><em>Client
and Traffic Server Connections</em></a> and <a href="#TrafficEdgeOriginServerConnections"><em>Traffic
Server and Origin Server Connections</em></a>. </li>
 </ul>
-<p>If you install an SSL accelerator card on your Traffic Server system, then you must
perform additional configuration steps - refer to <a href="#ConfiguringTrafficEdgeSSLAcceleratorCard">Configuring
Traffic Server to Use an SSL Accelerator Card</a>. </p>
+<p>If you install an SSL accelerator card on your Traffic Server system, then you must
perform additional configuration steps - refer to <a href="#ConfiguringTrafficEdgeSSLAcceleratorCard"><em>Configuring
Traffic Server to Use an SSL Accelerator Card</em></a>. </p>
 <h3 id="ClientTrafficEdgeConnections">Client and Traffic Server Connections </h3>
-<p>The figure below illustrates communication between a client and Traffic Server (and
between Traffic Server and an origin server) when the SSL termination option is enabled &amp;
configured for<b> client/Traffic Server connections only</b>.</p>
+<p>The figure below illustrates communication between a client and Traffic Server and
between Traffic Server and an origin server, when the SSL termination option is enabled &amp;
configured <i>for client/Traffic Server connections only.</i></p>
 <p><img src="images/ssl_c.jpg" width="1017" height="388" /></p>
 <blockquote>
   <p><em><b>Client and Traffic Server communication using SSL termination</b></em></p>
 </blockquote>
-<p>The figure above depicts the following: </p>
-<p><strong>Step 1:</strong> The client sends an HTTPS request for content.
Traffic Server receives the request and performs the SSL 'handshake' to authenticate the client
(depending on the authentication options configured) and  determine the encryption method
that will be used. If the client is allowed access, then Traffic Server checks its cache for
the requested content. </p>
+<p>The figure above demonstrates the following: </p>
+<p><strong>Step 1:</strong> The client sends an HTTPS request for content.
Traffic Server receives the request and performs the SSL 'handshake' to authenticate the client
(depending on the authentication options configured) and  determine the encryption method
to be used. If the client is allowed access, then Traffic Server checks its cache for the
requested content. </p>
 <p><strong>Step 2:</strong> If the request is a cache hit and the content
is fresh, thenTraffic Server encrypts the content and sends it to the client. The client decrypts
the content (using the method determined during the handshake) and displays it. </p>
-<p><strong>Step 3:</strong> If the request is a cache miss or cached content
is stale, then Traffic Server communicates with the origin server via HTTP and obtains a plain
text version of the content. Traffic Server saves the plain text version of the content in
its cache, encrypts the content, and sends it to the client. The client decrypts and displays
the content. </p>
-<p>To configure Traffic Server to use the SSL termination option for client/Traffic
Server connections, you must do the following: </p>
+<p><strong>Step 3:</strong> If the request is a cache miss or is stale,
then Traffic Server communicates with the origin server via HTTP and obtains a plain text
version of the content. Traffic Server saves the plain text version of the content in its
cache, encrypts the content, and sends it to the client. The client decrypts and displays
the content. </p>
+<p>To configure Traffic Server to use the SSL termination option for client/Traffic
Server connections, you must perform the following procedures: </p>
 <ul>
   <li>Obtain and install an SSL server certificate from a recognized certificate authority
(such as VeriSign). The SSL server certificate contains information that enables the client
to authenticate Traffic Server and exchange  encryption keys. </li>
   <li>Configure SSL termination options: </li>
 <ul> 
-<li>Enable the <b>SSL termination</b> option. </li>
+<li>Enable the SSL termination option. </li>
   <li>Set the port number used for SSL communication. </li>
   <li>Specify the filename and location of the server certificate. </li>
-  <li>(Optional) Configure the use of client certificates. <br />
-    Client certificates are located on the client. If you configure Traffic Server to require
client certificates, then Traffic Server verifies the client certificate during the SSL handshake
that authenticates the client. If you configure Traffic Server to <em>not</em>
require client certificates, then access to Traffic Server is managed through other Traffic
Server options that have been set (such as rules in the <code>ip_allow.config</code>
file). </li>
-  <li>Specify the filename and location of the Traffic Server private key (if the private
key is not located in the server certificate file). <br />
+  <li><em>(Optional)</em> Configure the use of client certificates. <br
/>
+    Client certificates are located on the client. If you configure Traffic Server to require
client certificates, then Traffic Server verifies the client certificate during the SSL handshake
to authenticate the client. If you configure Traffic Server to <em>not</em> require
client certificates, then access to Traffic Server is managed through other Traffic Server
options that have been set (such as rules in the <code>ip_allow.config</code>
file). </li>
+  <li>Specify the filename and location of the Traffic Server private key (if the private
key is not located in the server certificate file) <br />
     Traffic Server uses its private key during the SSL handshake to decrypt the session encryption
keys. The private key must be stored and protected against theft. </li>
-  <li>(Optional) Configure the use of Certification Authorities (CAs). <br />
-    CAs  add security by verifying the identity of the person requesting a certificate.</li>
+  <li><i>(Optional)</i> Configure the use of certification authorities
(CAs). <br />
+    CAs provide added security by verifying the identity of the person requesting a certificate.</li>
 </ul>
 </ul>
 <h5>To configure SSL termination for client/Traffic Server connections: </h5>
 <ol>
   <li>In a text editor, open the <code>records.config</code> file located
in the Traffic Server <code>config</code> directory.  </li>
   <li>Edit the following variables in the <code>SSL Termination</code>
section of the file: </li>
-  <table width="1232" border="1">
+  <br />
+<table width="1232" border="1">
     <tr>
       <th width="322" scope="col">Variable</th>
       <th width="894" scope="col">Description</th>
@@ -147,16 +153,11 @@
   </tr>
    <tr>
       <td><code><i>proxy.config.ssl.client.certification_level</i></code></td>
-      <td>Set this variable to one of the following values:<br />
-        <code>0</code> - no client certificates are required. Traffic Server
does not verify client certificates during the SSL handshake. Access to Traffic Server depends
on Traffic Server configuration options (such as access control lists).<br />
-        <code>1</code> - client certificates are optional. If a client has a
certificate, then the certificate is validated. If the client does not have a certificate,
then the client is still allowed access to Traffic Server unless access is denied through
other Traffic Server configuration options.<br />
-        <code>2</code> - client certificates are required. The client must be
authenticated during the SSL handshake; Clients without a certificate are not allowed to access
Traffic Server.</td>
+      <td>Set this variable to one of the following values:<br />0 specifies
that no client certificates are required. Traffic Server does not verify client certificates
during the SSL handshake. Access to Traffic Server depends on Traffic Server configuration
options (such as access control lists).<br />1 specifies that client certificates are
optional. If a client has a certificate, the certificate is validated. If the client does
not have a certificate, the client is still allowed access to Traffic Server unless access
is denied through other Traffic Server configuration options.<br />2 specifies that
client certificates are required. The client must be authenticated during the SSL handshake.
Clients without a certificate are not allowed to access Traffic Server.</td>
   </tr>
    <tr>
       <td><code><i>proxy.config.ssl.server.cert.filename</i></code></td>
-      <td>Set this variable to specify the filename of the Traffic Server SSL server
certificate.<br />
-        Traffic Server provides a demo server certificate called <code>server.pem</code>
- use this certificate to verify that the SSL feature is working.<br />
-        If you are using multiple server certificates, then set this variable to specify
the default filename.</td>
+      <td>Set this variable to specify the filename of the Traffic Server SSL server
certificate.<br />Traffic Server provides a demo server certificate called <code>server.pem</code>.
You can use this certificate to verify that the SSL feature is working.<br />If you
are using multiple server certificates, set this variable to specify the default filename.</td>
   </tr>
    <tr>
       <td><code><i>proxy.config.ssl.server.cert.path</i></code></td>
@@ -179,23 +180,25 @@
       <td>Specify the location of the certificate authority file that client certificates
will be verified against. The default value is <code>NULL</code>.</td>
   </tr>
 </table>
+<br />
   <li>Save and close the <code>records.config</code> file. </li>
   <li>Navigate to the Traffic Server <code>bin</code> directory.  </li>
   <li>Run the command <code>traffic_line -L</code> to restart Traffic Server
on the local node or <code>traffic_line -M</code> to restart Traffic Server on
all the nodes in a cluster. </li>
 </ol>
 <h3 id="TrafficEdgeOriginServerConnections">Traffic Server and Origin Server Connections</h3>
-<p>The figure below illustrates communication between Traffic Server and an origin
server when the SSL termination option is enabled for <b>Traffic Server/origin server
connections</b>.</p>
+<p>The figure below illustrates communication between Traffic Server and an origin
server when the SSL termination option is enabled for<i> Traffic Server/origin server
connections</i>.</p>
 <p><img src="images/ssl_os.jpg" width="1039" height="313" /></p>
 <blockquote>
   <p><em><b>Traffic Server and origin server communication using SSL termination</b></em></p>
 </blockquote>
-<p>The figure above depicts the following: </p>
-<p><strong>Step 1:</strong> If a client request is a cache miss or is stale,
then Traffic Server sends an HTTPS request for the content to the origin server. The origin
server receives the request and performs the SSL handshake to authenticate Traffic Server
and determine the encryption method to be used. </p>
-<p><strong>Step 2:</strong> If Traffic Server is allowed access, then the
origin server encrypts the content and sends it to Traffic Server, where it is decrypted (using
the method determined during the handshake).  A plain text version of the content is saved
in the cache. </p>
-<p><strong>Step 3:</strong> If SSL termination is enabled for client /Traffic
Server connections, then Traffic Server re-encrypts the content and sends it to the client
via HTTPS, where it is decrypted and displayed. If SSL termination is not enabled for client/Traffic
Server connections, then Traffic Server sends the plain text version of the content to the
client via HTTP. </p>
-<p>To configure Traffic Server to use the SSL termination option for Traffic Server
and origin server connections, you must do the following: </p>
+<p>The figure above demonstrates the following: </p>
+<p><strong>Step 1:</strong> If a client request is a cache miss or is stale,
then Traffic Server sends an HTTPS request for the content to the origin server. The origin
server receives the request and performs the SSL handshake to authenticate Traffic Server
and to determine the encryption method to be used. </p>
+<p><strong>Step 2:</strong> If Traffic Server is allowed access, then the
origin server encrypts the content and sends it to Traffic Server, where it is decrypted (using
the method determined during the handshake) and the plain text version of the content saved
in the cache. </p>
+<p><strong>Step 3:</strong> If SSL termination is enabled for client /Traffic
Server connections, then Traffic Server re-encrypts the content and sends it to the client
via HTTPS, where it is decrypted and displayed. If SSL termination is not enabled for client/Traffic
Server connections, Traffic Server sends the plain text version of the content to the client
via HTTP. </p>
+<p>To configure Traffic Server to use the SSL termination option for Traffic Server
and origin server connections, you must perform the following steps: </p>
 <ul>
-  <li>Obtain and install an SSL client certificate from a recognized certificate authority
(such as VeriSign). The SSL client certificate contains information that allows the origin
server to authenticate Traffic Server (the client certificate is optional).  </li>
+  <li>Obtain and install an SSL <em>client</em> certificate from a recognized
certificate authority (such as VeriSign). The SSL client certificate contains information
that allows the origin server to authenticate Traffic Server. <br />
+  The client certificate is optional.  </li>
   <li>Configure SSL termination options: </li>
  <ul> <li>Enable the SSL termination option. </li>
    <li>Set the port number used for SSL communication. </li>
@@ -203,37 +206,38 @@
    <li>Specify the filename and location of the Traffic Server private key (if the
private key is not located in the client certificate file). <br />
     Traffic Server uses its private key during the SSL handshake to decrypt the session encryption
keys. The private key must be stored and protected against theft. </li>
    <li>Configure the use of CAs. <br />
-    CAs allow the Traffic Server that's acting as a client to verify the identity of the
server with which it is communicating, thereby enabling  exchange  of encryption keys.</li>
+    CAs allow the Traffic Server that's acting as a client to verify the identity of the
server with which it is communicating; this enables exchange  of encryption keys.</li>
  </ul>
 </ul>
 <h5>To configure SSL termination for Traffic Server/origin server connections: </h5>
 <ol>
   <li>In a text editor, open the <code>records.config</code> file located
in the Traffic Server <code>config</code> directory.  </li>
-  <li>Edit the following variables in the <code>SSL Termination </code>section
of the file: </li>
-  <table width="1232" border="1">
+  <li>Edit the following variables in the SSL Termination section of the file: </li>
+  <br />
+<table width="1232" border="1">
     <tr>
       <th width="322" scope="col">Variable</th>
       <th width="894" scope="col">Description</th>
     </tr>
     <tr>
       <td><code><i>proxy.config.ssl.auth.enabled</i></code></td>
-      <td>Set this variable to <code>1</code> to enable the SSL termination
option.</td>
+      <td>Set this variable to 1 to enable the SSL termination option.</td>
   </tr>
    <tr>
       <td><code><i>proxy.config.ssl.server_port</i></code></td>
-      <td>Set this variable to specify the port used for SSL communication. The default
port is <code>443</code>.</td>
+      <td>Set this variable to specify the port used for SSL communication. The default
port is 443.</td>
   </tr>
    <tr>
       <td><code><i>proxy.config.ssl.client.verify.server</i></code></td>
-      <td>Set this option to <code>1</code> to require Traffic Server to
verify the origin server certificate with the Certificate Authority.</td>
+      <td>Set this option to 1 to require Traffic Server to verify the origin server
certificate with the CA.</td>
   </tr>
    <tr>
       <td><code><i>proxy.config.ssl.client.cert.filename</i></code></td>
-      <td>If you have installed an SSL client certificate on Traffic Server, then set
this variable to specify the   client certificate filename.</td>
+      <td>If you have installed an SSL client certificate on Traffic Server, set this
variable to specify the filename of client certificate.</td>
   </tr>
    <tr>
       <td><code><i>proxy.config.ssl.client.cert.path</i></code></td>
-      <td>If you have installed an SSL client certificate on Traffic Server, then set
this variable to the location of the client certificate. The default location is the Traffic
Server <code>config</code> directory.</td>
+      <td>If you have installed an SSL client certificate on Traffic Server, set this
variable to specify the location of the client certificate. The default directory is the Traffic
Server <code>config</code> directory.</td>
   </tr>
    <tr>
       <td><code><i>proxy.config.ssl.client.private_key.filename</i></code></td>
@@ -245,24 +249,26 @@
   </tr>
    <tr>
       <td><code><i>proxy.config.ssl.client.CA.cert.filename</i></code></td>
-      <td>Specify the filename of the Certificate Authority against which the origin
server will be verified. The default value is <code>NULL</code>.</td>
+      <td>Specify the filename of the certificate authority against which the origin
server will be verified.The default value is <code>NULL</code>.</td>
   </tr>
    <tr>
       <td><code><i>proxy.config.ssl.client.CA.cert.path</i></code></td>
-      <td>Specify the location of the Certificate Authority file against which the
origin server will be verified. The default value is <code>NULL</code>.</td>
+      <td>Specify the location of the certificate authority file against which the
origin server will be verified.The default value is <code>NULL</code>.</td>
   </tr>
 </table>
+<br />
   <li>Save and close the <code>records.config</code> file. </li>
   <li>Navigate to the Traffic Server <code>bin</code> directory. </li>
   <li>Run the command <code>traffic_line -L</code> to restart Traffic Server
on the local node or <code>traffic_line -M</code> to restart Traffic Server on
all the nodes in a cluster. </li>
 </ol>
 <h3 id="ConfiguringTrafficEdgeSSLAcceleratorCard">Configuring Traffic Server to Use
an SSL Accelerator Card </h3>
-<p>You can install an SSL accelerator card on your Traffic Server machine to accelerate
the number of requests Traffic Server can process. Traffic Server supports the Cavium accelerator
card. If you opt not to use an SSL accelerator card, then you'll use your normal SSL library;
if you install the Cavium card, then you'll use the library supported &amp; provided by
the  card manufacturer.</p>
+<p>You can install an SSL accelerator card on your Traffic Server machine to accelerate
the number of requests Traffic Server can process. Traffic Server supports the Cavium accelerator
card. If you opt not to use an SSL accelerator card, then you'll use your normal SSL library;
if you install the Cavium card, then you'll use the library supported &amp; provided by
the  manufacturer.</p>
 <h5>Configure Traffic Server to use an SSL accelerator card: </h5>
 <ol>
   <li>In a text editor, open the <code>records.config</code> file located
in the Traffic Server <code>config</code> directory.  </li>
   <li>Edit the following variables in the <code>SSL Termination</code>
section of the file: </li>
-  <table width="1232" border="1">
+<br />
+<table width="1232" border="1">
     <tr>
       <th width="322" scope="col">Variable</th>
       <th width="894" scope="col">Description</th>
@@ -272,22 +278,24 @@
       <td>Set this specify  if an accelerator card is required for operation.
           
         <p>You may specify:<br />
-          <code>0</code> - not required<br />
-          <code>1</code> - accelerator card is required and Traffic Server will
not enable SSL unless an accelerator card is present.<br />
-          <code>2</code> - accelerator card is required and Traffic Server will
not start unless an accelerator card is present.</p>
+          0 - not required<br />
+          1 - accelerator card is required and Traffic Server will not enable SSL unless
an accelerator card is present.<br />
+          2 - accelerator card is required and Traffic Server will not start unless an accelerator
card is present.</p>
       <p>You can verify operation by running<code> /home/y/bin/openssl_accelerated</code>
(this comes as part of <code>openssl_engines_init</code>).</p></td>
   </tr>
     <tr>
       <td><p><code><i>proxy.confg.ssl.accelerator.type</i></code></p></td>
       <td><p>Specifies if the Cavium SSL accelerator card is installed on (and
required by) your Traffic Server machine:</p>
-        <p><code>0</code> = none. No SSL accelerator card is installed
on the Traffic Server machine, so the CPU on the Traffic Server machine determines the number
of requests served per second.</p>
-      <p><code>1</code> =  an accelerator card is present and required
by Traffic Server.</p></td>
+        <p>0 = none (no SSL accelerator card is installed on the Traffic Server machine.
The CPU on the Traffic Server machine determines the number of requests served per second).</p>
+      <p>1 =  accelerator card is present and required by Traffic Server.</p></td>
   </tr>
 </table>
+<br />
   <li>Save and close the <code>records.config</code> file. </li>
   <li>Navigate to the Traffic Server <code>bin</code> directory.  </li>
   <li>Run the command <code>traffic_line -L</code> to restart Traffic Server
on the local node or <code>traffic_line -M</code> to restart Traffic Server on
all the nodes in a cluster. </li>
 </ol>
 
 
-<!--#include file="bottom.html" -->
\ No newline at end of file
+</body>
+</html>
\ No newline at end of file

Modified: incubator/trafficserver/site/trunk/docs/admin/top.html
URL: http://svn.apache.org/viewvc/incubator/trafficserver/site/trunk/docs/admin/top.html?rev=917681&r1=917680&r2=917681&view=diff
==============================================================================
--- incubator/trafficserver/site/trunk/docs/admin/top.html (original)
+++ incubator/trafficserver/site/trunk/docs/admin/top.html Mon Mar  1 19:53:47 2010
@@ -1,26 +1,17 @@
-<meta content="text/html; charset=UTF-8" http-equiv="content-type"/>
-   <link rel="stylesheet" type="text/css" href="http://yui.yahooapis.com/2.8.0r4/build/grids/grids-min.css">
-   <link rel="stylesheet" href="doc.css" type="text/css">
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1" />
+<title>Untitled Document</title>
+<link href="../sdk/css/ydoc.css" rel="stylesheet" type="text/css" media="all" />
 </head>
-<body>
-<div id="doc3" class="yui-t2">
-   <div id="hd" role="banner">
 
-    <form action="../search.html" id="cse-search-box">
-      <input type="hidden" name="cx" value="014552695451971253177:hliljs75koi" />
-      <input type="hidden" name="cof" value="FORID:10" />
-      <input type="hidden" name="ie" value="UTF-8" />
-      <input type="text" name="q" size="31" />
-      <input type="submit" name="sa" value="Search Documentation" />
-    </form>
-    <script type="text/javascript" src="http://www.google.com/cse/brand?form=cse-search-box&lang=en"></script>
-    <div class="doctitle"> <a href="preface.htm" target="mainFrame"><img width="249"
height="56" src="../../../images/ts75.png" style="vertical-align:bottom;"/></a>
-      <h1 class="doctitle">Administrator's Guide</h1>
-    </div>
 
-
-   </div>
-   <div id="bd" role="main">
-      <div id="yui-main">
-         <div class="yui-b">
-            <div role="contentinfo" class="yui-g">
+<body> 
+<div class="doctitle">
+<a href="index.html">Home</a>
+<img width="249" height="56" src="../sdk/images/docbook/ts75.png"/>
+<h1 class="doctitle">Traffic Server Administrator's Guide</h1>
+</div>
+</body>
+</html>

Propchange: incubator/trafficserver/site/trunk/docs/admin/top.html
            ('svn:executable' removed)



Mime
View raw message