docs: add TLS stats to cluster stats doc

docs/root/_include/ssl_stats.rst

@@ -0,0 +1,20 @@
+.. csv-table::
+   :header: Name, Type, Description
+   :widths: 1, 1, 2
+
+   connection_error, Counter, Total TLS connection errors not including failed certificate verifications
+   handshake, Counter, Total successful TLS connection handshakes
+   session_reused, Counter, Total successful TLS session resumptions
+   no_certificate, Counter, Total successful TLS connections with no client certificate
+   fail_verify_no_cert, Counter, Total TLS connections that failed because of missing client certificate
+   fail_verify_error, Counter, Total TLS connections that failed CA verification
+   fail_verify_san, Counter, Total TLS connections that failed SAN verification
+   fail_verify_cert_hash, Counter, Total TLS connections that failed certificate pinning verification
+   ocsp_staple_failed, Counter, Total TLS connections that failed compliance with the OCSP policy
+   ocsp_staple_omitted, Counter, Total TLS connections that succeeded without stapling an OCSP response
+   ocsp_staple_responses, Counter, Total TLS connections where a valid OCSP response was available (irrespective of whether the client requested stapling)
+   ocsp_staple_requests, Counter, Total TLS connections where the client requested an OCSP staple
+   ciphers.<cipher>, Counter, Total successful TLS connections that used cipher <cipher>
+   curves.<curve>, Counter, Total successful TLS connections that used ECDHE curve <curve>
+   sigalgs.<sigalg>, Counter, Total successful TLS connections that used signature algorithm <sigalg>
+   versions.<version>, Counter, Total successful TLS connections that used protocol version <version>

docs/root/configuration/listeners/stats.rst

@@ -22,22 +22,15 @@ Every listener has a statistics tree rooted at *listener.<address>.* with the fo
    downstream_pre_cx_active, Gauge, Sockets currently undergoing listener filter processing
    global_cx_overflow, Counter, Total connections rejected due to enforecement of the global connection limit
    no_filter_chain_match, Counter, Total connections that didn't match any filter chain
-   ssl.connection_error, Counter, Total TLS connection errors not including failed certificate verifications
-   ssl.handshake, Counter, Total successful TLS connection handshakes
-   ssl.session_reused, Counter, Total successful TLS session resumptions
-   ssl.no_certificate, Counter, Total successful TLS connections with no client certificate
-   ssl.fail_verify_no_cert, Counter, Total TLS connections that failed because of missing client certificate
-   ssl.fail_verify_error, Counter, Total TLS connections that failed CA verification
-   ssl.fail_verify_san, Counter, Total TLS connections that failed SAN verification
-   ssl.fail_verify_cert_hash, Counter, Total TLS connections that failed certificate pinning verification
-   ssl.ocsp_staple_failed, Counter, Total TLS connections that failed compliance with the OCSP policy
-   ssl.ocsp_staple_omitted, Counter, Total TLS connections that succeeded without stapling an OCSP response
-   ssl.ocsp_staple_responses, Counter, Total TLS connections where a valid OCSP response was available (irrespective of whether the client requested stapling)
-   ssl.ocsp_staple_requests, Counter, Total TLS connections where the client requested an OCSP staple
-   ssl.ciphers.<cipher>, Counter, Total successful TLS connections that used cipher <cipher>
-   ssl.curves.<curve>, Counter, Total successful TLS connections that used ECDHE curve <curve>
-   ssl.sigalgs.<sigalg>, Counter, Total successful TLS connections that used signature algorithm <sigalg>
-   ssl.versions.<version>, Counter, Total successful TLS connections that used protocol version <version>
+
+.. _config_listener_stats_tls:
+
+TLS statistics
+--------------
+
+The following TLS statistics are rooted at *listener.<address>.ssl.*:
+
+.. include:: ../../_include/ssl_stats.rst
 
 .. _config_listener_stats_per_handler:
 

docs/root/configuration/upstream/cluster_manager/cluster_stats.rst

@@ -219,6 +219,15 @@ are rooted at *cluster.<name>.* and contain the following statistics:
   external.upstream_rq_<\*>, Counter, External origin specific HTTP response codes
   external.upstream_rq_time, Histogram, External origin request time milliseconds
 
+.. _config_cluster_manager_cluster_stats_tls:
+
+TLS statistics
+--------------
+
+If TLS is used by the cluster the following statistics are rooted at *cluster.<name>.ssl.*:
+
+.. include:: ../../../_include/ssl_stats.rst
+
 .. _config_cluster_manager_cluster_stats_alt_tree:
 
 Alternate tree dynamic HTTP statistics