update

README.md

@@ -84,6 +84,16 @@ http {
 
 Use `kit/http/websocket-map.conf` only when a `location {}` will include `kit/proxy_pass/websocket.conf`.
 
+```nginx
+http {
+	include kit/http/log-format-upstream.conf;
+}
+```
+
+Use `kit/http/log-format-upstream.conf` when you want a reusable access log
+format with upstream timing fields. It only defines `upstream_timing`; each
+server still opts in with its own `access_log` directive.
+
 ### Reverse proxy
 
 Plain HTTP reverse proxying only needs the `location {}`-level proxy snippets:
@@ -100,6 +110,33 @@ server {
 }
 ```
 
+### Streaming reverse proxy
+
+For SSE, token streaming, or other incremental responses, add the streaming and
+long-timeout snippets to the proxied location:
+
+```nginx
+http {
+	include kit/http/log-format-upstream.conf;
+
+	server {
+		include kit/listen/http.conf;
+		access_log /var/log/nginx/app.access.log upstream_timing;
+
+		location /events/ {
+			include kit/proxy_pass/forwarded.conf;
+			include kit/proxy_pass/streaming.conf;
+			include kit/proxy_pass/timeout-300.conf;
+			proxy_pass http://app_backend;
+		}
+	}
+}
+```
+
+Use `kit/proxy_pass/streaming.conf` only for locations that genuinely need
+incremental flushing. It intentionally changes buffering behavior and forces
+HTTP/1.1 for that location.
+
 ### Websocket reverse proxy
 
 Websocket proxying adds one `http {}`-level dependency plus the websocket location snippet:
@@ -150,6 +187,7 @@ server {
 ## Snippet reference
 
 - `kit/http/gzip.conf`: gzip compression for common text-based responses. Must be included inside `http {}`.
+- `kit/http/log-format-upstream.conf`: defines the `upstream_timing` access log format with upstream timing fields. Must be included inside `http {}`.
 - `kit/http/websocket-map.conf`: defines `$connection_upgrade` for websocket proxying. Must be included inside `http {}`.
 - `kit/listen/http.conf`: IPv4 and IPv6 HTTP listeners for `server {}`.
 - `kit/listen/https.conf`: IPv4 and IPv6 HTTPS listeners for `server {}` without enabling HTTP/2.
@@ -158,6 +196,7 @@ server {
 - `kit/security.conf`: common low-risk security headers and host normalization. Intended for `server {}`.
 - `kit/security-legacy.conf`: optional legacy compatibility headers such as `X-Download-Options` and `X-Permitted-Cross-Domain-Policies`.
 - `kit/fastcgi/hide-powered-by.conf`: hides `X-Powered-By` from FastCGI upstream responses.
+- `kit/fastcgi/timeout-300.conf`: longer FastCGI timeouts. Intended for `location {}`.
 - `kit/ssl/security.conf`: TLS protocol and session resumption settings. Intended for `server {}`.
 - `kit/ssl/hsts.conf`: HSTS header for HTTPS responses. Intended for `server {}`.
 - `kit/ssl/hsts-preload.conf`: HSTS variant with `preload`. Use only if the whole domain tree is preload-safe.
@@ -165,6 +204,8 @@ server {
 - `kit/redirect/to-primary-domain.conf`: redirects aliases to the primary `server_name`. Intended for `server {}`.
 - `kit/proxy_pass/forwarded.conf`: standard reverse proxy headers. Intended for `location {}`.
 - `kit/proxy_pass/hide-powered-by.conf`: hides `X-Powered-By` from proxied upstream responses.
+- `kit/proxy_pass/https-upstream.conf`: enables SNI for HTTPS upstreams. Intended for `location {}`.
+- `kit/proxy_pass/streaming.conf`: disables proxy buffering for streaming responses and requests. Intended for `location {}`.
 - `kit/proxy_pass/websocket.conf`: websocket upgrade headers. Requires `kit/http/websocket-map.conf`.
 - `kit/proxy_pass/timeout-300.conf`: longer proxy timeouts. Intended for `location {}`.
 
@@ -180,6 +221,8 @@ The script validates:
 
 - [examples/example.com.conf](examples/example.com.conf:1) as a server-level snippet.
 - [examples/reverse-proxy.nginx.conf](examples/reverse-proxy.nginx.conf:1) as a complete nginx config.
+- The optional logging, streaming, HTTPS-upstream, and timeout snippets via
+  synthetic configs assembled in the validation script.
 
 ## Notes