Apache traffic server 配置文件records.config的官方文档
2015-05-25 11:39
701 查看
records.config¶
Therecords.configfile (by default, located in
/usr/local/etc/trafficserver/) is a list of configurable variables
used bythe Traffic Server software. Many of the variables in the
records.configfile are
set automatically when you set configurationoptions in Traffic Line. After you modify the
records.config
file,run the command
traffic_line -xto apply the changes.When you apply changes to one node in a cluster, Traffic Serverautomatically applies the changes to all other nodes in the cluster.
Format¶
Each variable has the following format:SCOPE variable_name DATATYPE variable_value
where
SCOPEis related to clustering and is either
CONFIG(all members ofthe cluster) or
LOCAL(only the local machine)
DATATYPEis one of
INT(integer),
STRING(string),
FLOAT(floating point).:A variable marked as
Deprecatedis still functional but should be avoidedas it may be removed in a future release without warning.
A variable marked as
Reloadablecan be updated via the command:
traffic_line -x
INTtype configurations are expressed as any normal integer,e.g.
32768. They can also be expressed using more human readable valuesusing standard prefixes, e.g.
32K. The following prefixes are supportedfor all
INTtype configurations
KKilobytes (1024 bytes)
MMegabytes (1024^2 or 1,048,576 bytes)
GGigabytes (1024^3 or 1,073,741,824 bytes)
TTerabytes (1024^4 or 1,099,511,627,776 bytes)
Note
Traffic Server currently writes back configurations to disk periodically,and when doing so, will not preserve the prefixes.
Examples¶
In the following example, the variableproxy.config.proxy_name isa
STRINGdatatype with the value
my_server. This means that thename of the Traffic Server proxy is
my_server.
CONFIG proxy.config.proxy_name STRING my_server
If the server name should be
that_serverthe line would be
CONFIG proxy.config.proxy_name STRING that_server
In the following example, the variable
proxy.config.arm.enabledisa yes/no flag. A value of
0(zero) disables the option; a value of
1enables the option.
CONFIG proxy.config.arm.enabled INT 0
In the following example, the variable sets the cluster startup timeoutto 10 seconds.
CONFIG proxy.config.cluster.startup_timeout INT 10
The last examples configures a 64GB RAM cache, using a human readableprefix.
CONFIG proxy.config.cache.ram_cache.size INT 64G
Environment Overrides¶
Everyrecords.configconfiguration variable can be overriddenby a corresponding environment variable. This can be useful insituations where you need a static
records.configbut stillwant to tweak one or two settings. The override variable is formedby converting the
records.configvariable name to uppercase, and replacing any dot separators with an underscore.
Overriding a variable from the environment is permanent and willnot be affected by future configuration changes made in
records.config
or applied with traffic_line.
For example, we could override the
proxy.config.product_company variablelike this:
$ PROXY_CONFIG_PRODUCT_COMPANY=example traffic_cop & $ traffic_line -r proxy.config.product_company
Configuration Variables¶
The following list describes the configuration variables available intherecords.configfile.
System Variables¶
proxy.config.product_company¶
Scope: | CONFIG |
---|---|
Type: | STRING |
Default: | Apache Software Foundation |
proxy.config.product_vendor¶
Scope: | CONFIG |
---|---|
Type: | STRING |
Default: | Apache |
proxy.config.product_name¶
Scope: | CONFIG |
---|---|
Type: | STRING |
Default: | Traffic Server |
proxy.config.proxy_name¶
Scope: | CONFIG |
---|---|
Type: | STRING |
Default: | ``build_machine`` |
Reloadable: | Yes |
proxy.config.bin_path¶
Scope: | CONFIG |
---|---|
Type: | STRING |
Default: | bin |
bindirectory.
proxy.config.proxy_binary¶
Scope: | CONFIG |
---|---|
Type: | STRING |
Default: | traffic_server |
proxy.config.proxy_binary_opts¶
Scope: | CONFIG |
---|---|
Type: | STRING |
Default: | -M |
proxy.config.manager_binary¶
Scope: | CONFIG |
---|---|
Type: | STRING |
Default: | traffic_manager |
proxy.config.env_prep¶
Scope: | CONFIG |
---|---|
Type: | STRING |
Default: | *NONE* |
traffic_server process.
proxy.config.config_dir¶
Scope: | CONFIG |
---|---|
Type: | STRING |
Default: | etc/trafficserver |
SYSCONFDIRvalue specified at build time relative to theinstallation prefix.
The
$TS_ROOTenvironment variable canbe used alter the installation prefix at run time.
proxy.config.syslog_facility¶
Scope: | CONFIG |
---|---|
Type: | STRING |
Default: | LOG_DAEMON |
Understanding Traffic Server Log Files.
proxy.config.cop.core_signal¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 0 |
A value of
0means no signal will be sent.
proxy.config.cop.linux_min_memfree_kb¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 0 |
traffic_server and traffic_manager processes toprevent the system from hanging.
proxy.config.cop.linux_min_swapfree_kb¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 0 |
traffic_server and traffic_manager processes toprevent the system from hanging. This configuration variable applies ifswap is enabled in Linux 2.2 only.
proxy.config.cop.init_sleep_time¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 0 |
traffic_server is not responsive and attempts a restartduring startup. This configuration variable allows Traffic Server a longer inittime to load potentially large configuration files such as remap config. Note thatthis applies
only during startup of Traffic Server and does not apply to the runtime heartbeat checking.
proxy.config.output.logfile¶
Scope: | CONFIG |
---|---|
Type: | STRING |
Default: | traffic.out |
proxy.config.snapshot_dir¶
Scope: | CONFIG |
---|---|
Type: | STRING |
Default: | snapshots |
SYSCONFDIRdirectory.
proxy.config.exec_thread.autoconfig¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 1 |
1), Traffic Server scales threads according to the available CPU cores. See the config option below.
proxy.config.exec_thread.autoconfig.scale¶
Scope: | CONFIG |
---|---|
Type: | FLOAT |
Default: | 1.5 |
1.5.
proxy.config.exec_thread.limit¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 2 |
proxy.config.accept_threads¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 1 |
1), runs a separate thread for accept processing. If disabled (
0), then only 1 thread can be created.
proxy.config.thread.default.stacksize¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 1048576 |
proxy.config.exec_thread.affinity¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 0 |
Value | Effect |
---|---|
0 | assign threads to machine |
1 | assign threads to NUMA nodes |
2 | assign threads to sockets |
3 | assign threads to cores |
4 | assign threads to processing units |
This option only has an affect when Traffic Server has been compiled with
--enable-hwloc.
proxy.config.system.file_max_pct¶
Scope: | CONFIG |
---|---|
Type: | FLOAT |
Default: | 0.9 |
proxy.config.crash_log_helper¶
Scope: | CONFIG |
---|---|
Type: | STRING |
Default: | traffic_crashlog |
bindirectory. Any user-providedprogram specified here must behave in a fashion compatible withtraffic_crashlog. Specifically, it must implementthe
traffic_crashlog --waitbehavior.
This setting not reloadable because the helper must be spawnedbefore
traffic_server drops privilege. If this variableis set to
NULL, no helper will be spawned.
proxy.config.restart.active_client_threshold¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 0 :reloadable: |
traffic_line --drain.
Network¶
proxy.config.net.connections_throttle¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 30000 |
traffic_server process can have open at anygiven time. Roughly 10% of these connections are reserved for origin serverconnections, i.e. from the default, only ~9,000 client connections can behandled. This should be tuned according
to your memory size, and expectedwork load.
proxy.config.net.default_inactivity_timeout¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 86400 |
Reloadable: | Yes |
incremented.
proxy.config.net.inactivity_check_frequency¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 1 |
proxy.local.incoming_ip_to_bind¶
Scope: | LOCAL |
---|---|
Type: | STRING |
Default: | 0.0.0.0 [::] |
Unless explicitly specified in
proxy.config.http.server_ports the server port will be bound to one of these addresses, selected by IP address family. The built in default is any address. This is used if no address for a family is specified. This setting is useful if most or all server
ports should be bound to the same address.
Note
This is ignored for inbound transparent server ports because they must be able to accept connections on arbitrary IP addresses.
Example
Set the global default for IPv4 to
192.168.101.18and leave the global default for IPv6 as any address.:
LOCAL proxy.local.incoming_ip_to_bind STRING 192.168.101.18
Example
Set the global default for IPv4 to
191.68.101.18and the global default for IPv6 to
fc07:192:168:101::17.:
LOCAL proxy.local.incoming_ip_to_bind STRING 192.168.101.18 [fc07:192:168:101::17]
proxy.local.outgoing_ip_to_bind¶
Scope: | LOCAL |
---|---|
Type: | STRING |
Default: | 0.0.0.0 [::] |
Unless explicitly specified in
proxy.config.http.server_ports one of these addresses, selected by IP address family, will be used as the local address for outbound connections. This setting is useful if most or all of the server ports should use the same outbound IP addresses.
Note
This is ignored for outbound transparent ports as the local outbound address will be the same as the client local address.
Example
Set the default local outbound IP address for IPv4 connections to
192.168.101.18.:
LOCAL proxy.local.outgoing_ip_to_bind STRING 192.168.101.18
Example
Set the default local outbound IP address to
192.168.101.17for IPv4 and
fc07:192:168:101::17for IPv6.:
LOCAL proxy.local.outgoing_ip_to_bind STRING 192.168.101.17 [fc07:192:168:101::17]
Cluster¶
proxy.local.cluster.type¶
Scope: | LOCAL |
---|---|
Type: | INT |
Default: | 3 |
Value | Effect |
---|---|
1 | full-clustering mode |
2 | management-only mode |
3 | no clustering |
proxy.config.cluster.ethernet_interface¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | eth0 |
proxy.config.cluster.rsport¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 8088 |
proxy.config.cluster.threads¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 1 |
proxy.config.clustger.ethernet_interface¶
Scope: | CONFIG |
---|---|
Type: | STRING |
Default: | *NONE* |
proxy.config.http.cache.cluster_cache_local¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 0 |
hot content to be cached on all nodesin a cluster. Be aware that the primary way to configure this behavior isvia the
cache.configconfiguration file using
action=cluster-cache-localdirectives.
This particular
records.configconfiguration can be controlled pertransaction or per remap rule. As such, it augments the
cache.config
directives, since you can turn on the local cachingfeature without complex regular expression matching.
This implies that turning this on in your global
records.configisalmost never what you want; instead, you want to use this either viae.g.
conf_remap.sooverrides for a certain remap rule, or through acustom plugin using the appropriate APIs.
Local Manager¶
proxy.config.lm.sem_id¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 11452 |
proxy.config.admin.autoconf_port¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 8083 |
proxy.config.admin.number_config_bak¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 3 |
proxy.config.admin.user_id¶
Scope: | CONFIG |
---|---|
Type: | STRING |
Default: | nobody |
The nonprivileged user account designated to Traffic Server.
As of version 2.1.1 if the user_id is prefixed with pound character (#) the remaining of the string is considered to bea
numeric user identifier. If the value is set to
#-1TrafficServer will not change the user during startup.
Setting
user_idto
rootor
#0is now forbidden toincrease security. Trying to do so, will cause thetraffic_server fatal failure. However there are two ways tobypass that restriction
Specify
-DBIG_SECURITY_HOLEin
CXXFLAGSduring compilation.
Set the
user_id=#-1and start trafficserver as root.
proxy.config.admin.api.restricted¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 1 |
0, then on platforms thatsupport passing process credentials, non-root processes will beallowed to make read-only management API calls. Any management APIcalls that modify server state (eg. setting
a configuration variable)will still be restricted to root processes.
This setting is not reloadable, since it is must be applied whenprogram:traffic_manager initializes.
Note
In Traffic Server 6.0, the default value of
proxy.config.admin.api.restrictedwill be changed to
0.
Process Manager¶
proxy.config.process_manager.mgmt_port¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 8084 |
traffic_server processes.
Alarm Configuration¶
proxy.config.alarm_email¶
Scope: | CONFIG |
---|---|
Type: | STRING |
Default: | *NONE* |
Reloadable: | Yes |
proxy.config.alarm.bin¶
Scope: | CONFIG |
---|---|
Type: | STRING |
Default: | example_alarm_bin.sh |
Reloadable: | Yes |
the alarm message
the value of
proxy.config.product_name
the value of
proxy.config.admin.user_id
the value of
proxy.config.alarm_email
proxy.config.alarm.abs_path¶
Scope: | CONFIG |
---|---|
Type: | STRING |
Default: | NULL |
Reloadable: | Yes |
proxy.config.bin_path.
proxy.config.alarm.script_runtime¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 5 |
Reloadable: | Yes |
HTTP Engine¶
proxy.config.http.server_ports¶
Scope: | CONFIG |
---|---|
Type: | STRING |
Default: | 8080 |
This is a list, separated by space or comma, of
port descriptors. Each descriptor is a sequence of keywords and values separated by colons. Not all keywords have values, those that do are specifically noted. Keywords with values can have an optional ‘=’ character separating the keyword and value.
The case of keywords is ignored. The order of keywords is irrelevant but unspecified results may occur if incompatible options are used (noted below). Options without values are idempotent. Options with values use the last (right most) value specified, except
for
ip-outas detailed later.
Quick reference chart.
Name | Note | Definition |
---|---|---|
number | Required | The local port. |
blind | Blind (CONNECT) port. | |
compress | N/I | Compressed. Not implemented. |
ipv4 | Default | Bind to IPv4 address family. |
ipv6 | Bind to IPv6 address family. | |
ip-in | Value | Local inbound IP address. |
ip-out | Value | Local outbound IP address. |
ip-resolve | Value | IP address resolution style. |
proto | Value | List of supported session protocols. |
ssl | SSL terminated. | |
tr-full | Fully transparent (inbound and outbound) | |
tr-in | Inbound transparent. | |
tr-out | Outbound transparent. | |
tr-pass | Pass through enabled. |
Accept only the
CONNECTmethod on this port.
Not compatible with:
tr-in,
ssl.
compressCompress the connection. Retained only by inertia, should be considered “not implemented”.ipv4Use IPv4. This is the default and is included primarily for completeness. This forced if the
ip-inoption is used with an IPv4 address.ipv6Use IPv6. This is forced if the
ip-inoption is used with an IPv6 address.ssl
Require SSL termination for inbound connections. SSL
must be configured for this option to provide a functional server port.
Not compatible with:
blind.
protoSpecify the
session level protocols supported. These should beseparated by semi-colons. For TLS proxy ports the default value isall available protocols. For non-TLS proxy ports the default is HTTPonly. SPDY can be enabled on non-TLS proxy ports but that
must be done explicitly.tr-full
Fully transparent. This is a convenience option and is identical to specifying both
tr-inand
tr-out.
Not compatible with: Any option not compatible with
tr-inor
tr-out.tr-in
Inbound transparent. The proxy port will accept connections to any IP address on the port. To have IPv6 inbound transparent you must use this and the
ipv6option. This overrides
proxy.local.incoming_ip_to_bindfor this port.
Not compatible with:
ip-in,
blindtr-out
Outbound transparent. If ATS connects to an origin server for a transaction on this port, it will use the client’s address as its local address. This overrides
proxy.local.outgoing_ip_to_bindfor this port.
Not compatible with:
ip-out,
ip-resolve
tr-passTransparent pass through. This option is useful only for inbound transparent proxy ports. If the parsing of the expected HTTP header fails, then the transaction is switched to a blind tunnel instead of generating an error response to the client. It effectively
enables
proxy.config.http.use_client_target_addrfor the transaction as there is no other place to obtain the origin server address.ip-in
Set the local IP address for the port. This is the address to which clients will connect. This forces the IP address family for the port. The
ipv4or
ipv6can be used but it is optional and is an error for it to disagree with the IP address family of this value. An IPv6 address
must be enclosed in square brackets. If this option is omitted
proxy.local.incoming_ip_to_bindis used.
Not compatible with:
tr-in.
ip-out
Set the local IP address for outbound connections. This is the address used by ATS locally when it connects to an origin server for transactions on this port. If this is omitted
proxy.local.outgoing_ip_to_bindis used.
This option can used multiple times, once for each IP address family. The address used is selected by the IP address family of the origin server address.
Not compatible with:
tr-out.
ip-resolve
Set the
host resolution stylefor transactions on this proxy port.
Not compatible with:
tr-out- this option requires a value of
client;nonewhich is forced and should not be explicitly specified.
Example
Listen on port 80 on any address for IPv4 and IPv6.:
80 80:ipv6
Example
Listen transparently on any IPv4 address on port 8080, andtransparently on port 8080 on local address
fc01:10:10:1::1(which implies
ipv6).:
IPv4:tr-FULL:8080 TR-full:IP-in=[fc02:10:10:1::1]:8080
Example
Listen on port 8080 for IPv6, fully transparent. Set up an SSL port on 443. These ports will use the IP address from
proxy.local.incoming_ip_to_bind. Listen on IP address
192.168.17.1, port 80, IPv4, and connect to origin servers using the local address
10.10.10.1for IPv4 and
fc01:10:10:1::1for IPv6.:
8080:ipv6:tr-full 443:ssl ip-in=192.168.17.1:80:ip-out=[fc01:10:10:1::1]:ip-out=10.10.10.1
Example
Listen on port 9090 for TSL enabled SPDY or HTTP connections, accept no other session protocols.:
9090:proto=spdy;http:ssl
proxy.config.http.connect_ports¶
Scope: | CONFIG |
---|---|
Type: | STRING |
Default: | 443 563 |
CONNECT.
Traffic Server allows tunnels only to the specified ports.Supports both wildcards (‘*’) and ranges (“0-1023”).
Note
These are the ports on the origin server, not Traffic Server
proxy ports.
proxy.config.http.insert_request_via_str¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 1 |
Reloadable: | Yes |
Viafield is handled on a request to the origin server.
Value | Effect |
---|---|
0 | Do not modify / set this via header |
1 | Update the via, with normal verbosity |
2 | Update the via, with higher verbosity |
3 | Update the via, with highest verbosity |
The
Viaheader string can be decoded with the
Via Decoder Ring.
proxy.config.http.insert_response_via_str¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 0 |
Reloadable: | Yes |
Viafield is handled on the response to the client.
Value | Effect |
---|---|
0 | Do not modify / set this via header |
1 | Update the via, with normal verbosity |
2 | Update the via, with higher verbosity |
3 | Update the via, with highest verbosity |
The
Viaheader string can be decoded with the
Via Decoder Ring.
proxy.config.http.send_100_continue_response¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 0 |
Reloadable: | Yes |
0ATS buffer the request until the post body has been recieved and then send the request to origin.
1immediately return a 100 Continue from ATS without waiting for the post body
proxy.config.http.response_server_enabled¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 1 |
Reloadable: | Yes |
0no Server: header is added to the response.
1the Server: header is added (see string below).
2the Server: header is added only if the response from origin does not have one already.
proxy.config.http.insert_age_in_response¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 1 |
Reloadable: | Yes |
Ageheader in the response. The Age field value is the cache’sestimate of the amount of time since the response was generated or revalidated by the origin server.
0no
Ageheader is added
1the
Ageheader is added
proxy.config.http.response_server_str¶
Scope: | CONFIG |
---|---|
Type: | STRING |
Default: | ATS/ |
Reloadable: | Yes |
proxy.config.http.enable_url_expandomatic¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 0 |
Reloadable: | Yes |
1) or disables (
0)
.comdomain expansion. This configures the Traffic Server to resolve unqualified hostnames byprepending with
www.and appending with
.combefore redirecting to the expanded address. For example: if a client makesa request to
host, then Traffic Server redirects the request to
www.host.com.
proxy.config.http.chunking_enabled¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 1 |
Reloadable: | Yes |
0Never
1Always
2Generate a chunked response if the server has returned HTTP/1.1 before
3= Generate a chunked response if the client request is HTTP/1.1 and the origin server has returned HTTP/1.1 before
Note
If HTTP/1.1 is used, then Traffic Server can usekeep-alive connections with pipelining to origin servers. IfHTTP/0.9 is used, then Traffic Server does not use
keep-aliveconnections to origin servers. If HTTP/1.0 is used, then TrafficServer can use
keep-aliveconnections without pipelining toorigin servers.
proxy.config.http.send_http11_requests¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 1 |
Reloadable: | Yes |
0Never
1Always
2If the server has returned HTTP/1.1 before
3If the client request is HTTP/1.1 and the server has returned HTTP/1.1 before
Note
If
proxy.config.http.use_client_target_addris set to 1, options 2 and 3 cause the proxy to usethe client HTTP version for upstream requests.
proxy.config.http.share_server_sessions¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 2 |
Deprecated: | Yes |
1) or disables (
0) the reuse of server sessions. Thedefault (
2)
is similar to enabled, except it creates a server sessionpool per network thread. This has the best performance characteristics.Note that setting this parameter to (
2) will not work correctly unlessthe
dedicated SSL threads are disabled (
proxy.config.ssl.number.threadsis
set to (
-1)).
proxy.config.http.auth_server_session_private¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 1 |
1) anytime a request contains a (
Authorization), (
Proxy-Authorization)or
(
Www-Authenticate) header the connection will be closed and not reused. This marksthe connection as private. When disabled (
0) the
connection will be available for reuse.
proxy.config.http.server_session_sharing.match¶
Scope: | CONFIG |
---|---|
Type: | STRING |
Default: | both |
noneDo not match, do not re-use server sessions.ipRe-use server sessions, check only that the IP address and port of the origin server matches.hostRe-use server sessions, check only that the fully qualified domain name matches.bothRe-use server sessions, but only if the IP address and fully qualified domain name match.
It is strongly recommended to use either none or
both for this value unless you have a specific need to use ipor
host. The most common reason is virtual hosts that share an IP address in which case performance can be enhancedif those sessions can be re-used. However, not all web servers support requests for different virtual hosts on thesame connection so usewith caution.
proxy.config.http.server_session_sharing.pool¶
Scope: | CONFIG |
---|---|
Type: | STRING |
Default: | thread |
proxy.config.http.server_session_sharing.match. The valid values are
globalRe-use sessions from a global pool of all server sessions.threadRe-use sessions from a per-thread pool.
proxy.config.http.attach_server_session_to_client¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 0 |
If a user agent performs more than one HTTP transaction on its connection to Traffic Server a server session must beobtained for the second (and subsequent) transaction as for the first. This settings affects how that server sessionis
selected.
If this setting is
0then after the first transaction the server session for that transaction is released to theserver pool (if any). When a server session is needed for
subsequent transactions one is selected from the serverpool or created if there is no suitable server session in the pool.
If this setting is not
0then the current server session for the user agent session is “sticky”. It will bepreferred to any other server session (either from the pool or
newly created). The server session will be detachedfrom the user agent session only if it cannot be used for the transaction. This is determined by the
proxy.config.http.server_session_sharing.match
value. If the server session matches the next transactionaccording to this setting then it will be used, otherwise it will be released to the pool and a different sessionselected or created.
proxy.config.http.record_heartbeat¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 0 |
Reloadable: | Yes |
1) or disables (
0)
traffic_cop heartbeat logging.
proxy.config.http.use_client_target_addr¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 0 |
This option causes Traffic Server to avoid where possible doing DNSlookups in forward transparent proxy mode. The option is onlyeffective if the following three conditions are true -
Traffic Server is in forward proxy mode.
The proxy port is inbound transparent.
The target URL has not been modified by either remapping or a plugin.
If any of these conditions are not true, then normal DNS processingis done for the connection.
There are three valid values.* 0 - Disables the feature.* 1 - Enables the feature with address verification. The Proxy does theregular DNS processing. If the client-specified origin address is not in theset of addresses found by the Proxy, the request continues
to the clientspecified address, but the result is not cached.* 2 - Enables the feature with no address verification. No DNS processingis performed. The result is cached (if allowed otherwise). This option isvulnerable to cache poisoning if an incorrect Host
header is specified, sothis option should be used with extreme caution. See bug
TS-2954 fordetails.
If all of these conditions are met, then the origin server IPaddress is retrieved from the original client connection, ratherthan through HostDB or DNS lookup. In effect, client DNS resolutionis used instead of Traffic Server DNS.
This can be used to be a little more efficient (looking up thetarget once by the client rather than by both the client and TrafficServer) but the primary use is when client DNS resolution can differfrom that of Traffic Server. Two known uses cases are:
Embedded IP addresses in a protocol with DNS load sharing. Inthis case, even though Traffic Server and the client both makethe same request to the same DNS resolver chain, they may getdifferent origin server addresses. If the address is embedded inthe protocol
then the overall exchange will fail. One currentexample is Microsoft Windows update, which presumably embeds theaddress as a security measure.
The client has access to local DNS zone information which is notavailable to Traffic Server. There are corporate nets with localDNS information for internal servers which, by design, is notpropagated outside the core corporate network. Depending anetwork
topology it can be the case that Traffic Server canaccess the servers by IP address but cannot resolve suchaddresses by name. In such as case the client supplied targetaddress must be used.
This solution must be considered interim. In the longer term, itshould be possible to arrange for much finer grained control of DNSlookup so that wildcard domain can be set to use Traffic Server orclient resolution. In both known use cases, marking specific
domainsas client determined (rather than a single global switch) wouldsuffice. It is possible to do this crudely with this flag byenabling it and then use identity URL mappings to re-disable it forspecific domains.
proxy.config.http.keep_alive_enabled_in¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 1 |
1) or disables (
0) incoming keep-alive connections.
proxy.config.http.keep_alive_enabled_out¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 1 |
1) or disables (
0) outgoing keep-alive connections.
Note
Enabling keep-alive does not automatically enable purging of keep-aliverequests when nearing the connection limit, that is controlled by
proxy.config.http.server_max_connections.
proxy.config.http.keep_alive_post_out¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 1 |
1) orcreate new connections per request (
0).
proxy.config.http.send_408_post_timeout_response¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 0 |
1)
proxy.config.http.disallow_post_100_continue¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 0 |
When a Post w/ Expect: 100-continue is blocked the statproxy.process.http.disallowed_post_100_continue will be incremented.
Parent Proxy Configuration¶
proxy.config.http.parent_proxy_routing_enable¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 0 |
Reloadable: | Yes |
1) or disables (
0) the parent caching option. Refer to
Hierarchical Caching.
proxy.config.http.parent_proxy.retry_time¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 300 |
Reloadable: | Yes |
proxy.config.http.parent_proxy.fail_threshold¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 10 |
Reloadable: | Yes |
proxy.config.http.parent_proxy.total_connect_attempts¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 4 |
Reloadable: | Yes |
go_directoption in the
parent.configfile).
proxy.config.http.parent_proxy.per_parent_connect_attempts¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 2 |
Reloadable: | Yes |
proxy.config.http.parent_proxy.connect_attempts_timeout¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 30 |
Reloadable: | Yes |
proxy.config.http.forward.proxy_auth_to_parent¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 0 |
Reloadable: | Yes |
proxy.config.http.no_dns_just_forward_to_parent¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 0 |
Reloadable: | Yes |
0) by default.
HTTP Connection Timeouts¶
proxy.config.http.keep_alive_no_activity_timeout_in¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 115 |
Reloadable: | Yes |
0will disablethe no activity timeout.
proxy.config.http.keep_alive_no_activity_timeout_out¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 120 |
Reloadable: | Yes |
0will disable the no activity timeout.
proxy.config.http.transaction_no_activity_timeout_in¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 30 |
Reloadable: | Yes |
proxy.config.http.transaction_no_activity_timeout_out¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 30 |
Reloadable: | Yes |
proxy.config.http.transaction_active_timeout_in¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 900 |
Reloadable: | Yes |
The value of
0specifies that there is no timeout.
proxy.config.http.transaction_active_timeout_out¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 0 |
Reloadable: | Yes |
The default value of
0specifies that there is no timeout.
proxy.config.http.accept_no_activity_timeout¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 120 |
Reloadable: | Yes |
proxy.config.http.background_fill_active_timeout¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 0 |
Reloadable: | Yes |
proxy.config.http.background_fill_completed_threshold¶
Scope: | CONFIG |
---|---|
Type: | FLOAT |
Default: | 0.0 |
Reloadable: | Yes |
background fill).
Origin Server Connect Attempts¶
proxy.config.http.connect_attempts_max_retries¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 6 |
Reloadable: | Yes |
proxy.config.http.connect_attempts_timeout seconds. Once the maximum number of retries isreached, the origin is marked dead. After this, the setting
proxy.config.http.connect_attempts_max_retries_dead_serveris used to limit the number of retry attempts to the known dead origin.
proxy.config.http.connect_attempts_max_retries_dead_server¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 3 |
Reloadable: | Yes |
so an error is returned to the client faster and also to reduce the load on the dead origin.The timeout interval
proxy.config.http.connect_attempts_timeout in seconds is used with this setting.
proxy.config.http.server_max_connections¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 0 |
Reloadable: | Yes |
0).
Note
This value is used in determining when and if to prune active origin sessions. Without this value set connectionsto origins can consume all the way up to ts:cv:proxy.config.net.connections_throttle connections, which in turn canstarve
incoming requests from available connections.
proxy.config.http.origin_max_connections¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 0 |
Reloadable: | Yes |
1).
proxy.config.http.origin_min_keep_alive_connections¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 0 |
Reloadable: | Yes |
fromthe next request at the expense of added (inactive) connections. To enable, set to one (
1).
proxy.config.http.connect_attempts_rr_retries¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 3 |
Reloadable: | Yes |
proxy.config.http.connect_attempts_timeout¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 30 |
Reloadable: | Yes |
proxy.config.http.post_connect_attempts_timeout¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 1800 |
Reloadable: | Yes |
POSTor
PUTrequest.
proxy.config.http.down_server.cache_time¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 300 |
Reloadable: | Yes |
proxy.config.http.down_server.abort_threshold¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 10 |
Reloadable: | Yes |
proxy.config.http.uncacheable_requests_bypass_parent¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 1 |
Congestion Control¶
proxy.config.http.congestion_control.enabled¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 0 |
1) or disables (
0) the Congestion Control option, which configures Traffic Server to stop forwardingHTTP requests to origin
servers when they become congested. Traffic Server sends the client a message to retry thecongested origin server later. Refer to
Using Congestion Control.
proxy.config.http.flow_control.enabled¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 0 |
proxy.config.http.flow_control.high_water¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 0 |
Metric: | bytes |
proxy.config.http.flow_control.low_water¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 0 |
Metric: | bytes |
Negative Response Caching¶
proxy.config.http.negative_caching_enabled¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 0 |
Reloadable: | Yes |
1), Traffic Server caches negative responses (such as
404 Not Found) when a requested page doesnot exist. The next time a client requests the same page, Traffic Server serves the negative response directly fromcache. When disabled (
0)
Traffic Server will only cache the response if the response has
Cache-Controlheaders.
Note
The following negative responses are cached by Traffic Server::
204 No Content 305 Use Proxy 400 Bad Request 403 Forbidden 404 Not Found 405 Method Not Allowed 500 Internal Server Error 501 Not Implemented 502 Bad Gateway 503 Service Unavailable 504 Gateway Timeout
The cache lifetime for objects cached from this setting is controlled via
proxy.config.http.negative_caching_lifetime.
proxy.config.http.negative_caching_lifetime¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 1800 |
Expires:or
Cache-Control:lifetimes set by the server.
Proxy User Variables¶
proxy.config.http.anonymize_remove_from¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 0 |
Reloadable: | Yes |
1), Traffic Server removes the
Fromheader to protect the privacy of your users.
proxy.config.http.anonymize_remove_referer¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 0 |
Reloadable: | Yes |
1), Traffic Server removes the
Referrerheader to protect the privacy of your site and users.
proxy.config.http.anonymize_remove_user_agent¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 0 |
Reloadable: | Yes |
1), Traffic Server removes the
User-agentheader to protect the privacy of your site and users.
proxy.config.http.anonymize_remove_cookie¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 0 |
Reloadable: | Yes |
1), Traffic Server removes the
Cookieheader to protect the privacy of your site and users.
proxy.config.http.anonymize_remove_client_ip¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 0 |
Reloadable: | Yes |
1), Traffic Server removes
Client-IPheaders for more privacy.
proxy.config.http.anonymize_insert_client_ip¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 1 |
Reloadable: | Yes |
1), Traffic Server inserts
Client-IPheaders to retain the client IP address.
proxy.config.http.anonymize_other_header_list¶
Scope: | CONFIG |
---|---|
Type: | STRING |
Default: | NULL |
Reloadable: | Yes |
proxy.config.http.insert_squid_x_forwarded_for¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 1 |
Reloadable: | Yes |
1), Traffic Server adds the client IP address to the
X-Forwarded-Forheader.
proxy.config.http.normalize_ae_gzip¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 1 |
Reloadable: | Yes |
1) to normalize all
Accept-Encoding:headers to one of the following:
Accept-Encoding: gzip(if the header has
gzipor
x-gzipwith any
q) OR
blank (for any header that does not include
gzip)
This is useful for minimizing cached alternates of documents (e.g.
gzip, deflatevs.
deflate,gzip). Enabling this option isrecommended if your origin servers use no encodings other than
gzip.
Security¶
proxy.config.http.push_method_enabled¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 0 |
Reloadable: | Yes |
1) or disables (
0) the HTTP
PUSHoption, which allows you to deliver content directly to the cache without a userrequest.
Important
If you enable this option, then you must also specifya filtering rule in the ip_allow.config file to allow only certainmachines to push content into the cache.
proxy.config.http.max_post_size¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 0 |
Reloadable: | Yes |
0), any positivevalue will limit the size of post bodies. If a request is received with apost body larger than this limit the response will
be terminated with413 - Request Entity Too Large and logged accordingly.
Cache Control¶
proxy.config.cache.enable_read_while_writer¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 1 |
Reloadable: | Yes |
miss. The possible values of this config are:
0= never read while writing
1= always read while writing
2= always read while writing, but allow non-cached Range requests through to the origin
The
2option is useful to avoid delaying requests which can not easilybe satisfied by the partially written response.
Several other configuration values need to be set for this to beusable. See
Reducing Origin Server Requests.
proxy.config.cache.force_sector_size¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 0 |
Reloadable: | Yes |
proxy.config.http.cache.http¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 1 |
Reloadable: | Yes |
1) or disables (
0) caching of HTTP requests.
proxy.config.http.cache.allow_empty_doc¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 1 |
Reloadable: | Yes |
1) or disables (
0) caching objects that have an emptyresponse body. This is particularly useful for caching 301 or 302
responseswith a
Locationheader but no document body. This only works if theorigin response also has a
Content-Lengthheader.
proxy.config.http.cache.ignore_client_no_cache¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 1 |
Reloadable: | Yes |
1), Traffic Server ignores client requests to bypass the cache.
proxy.config.http.cache.ims_on_client_no_cache¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 1 |
Reloadable: | Yes |
1), Traffic Server issues a conditional request to the origin server if an incoming request has a
No-Cacheheader.
proxy.config.http.cache.ignore_server_no_cache¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 0 |
Reloadable: | Yes |
1), Traffic Server ignores origin server requests to bypass the cache.
proxy.config.http.cache.cache_responses_to_cookies¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 1 |
Reloadable: | Yes |
0= do not cache any responses to cookies
1= cache for any content-type
2= cache only for image types
3= cache for all but text content-types
proxy.config.http.cache.ignore_authentication¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 0 |
1), Traffic Server ignores
WWW-Authenticationheaders in responses
WWW-Authenticationheaders are removed andnot cached.
proxy.config.http.cache.cache_urls_that_look_dynamic¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 1 |
Reloadable: | Yes |
1) or disables (
0) caching of URLs that look dynamic, i.e.: URLs that end in
``.asp`` or contain a questionmark (``?``), a semicolon (``;``), or
``cgi``. For a full list, please refer toHttpTransact::url_looks_dynamic
proxy.config.http.cache.enable_default_vary_headers¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 0 |
Reloadable: | Yes |
1) or disables (
0) caching of alternate versions of HTTP objects that do not contain the
Varyheader.
proxy.config.http.cache.when_to_revalidate¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 0 |
Reloadable: | Yes |
0= use cache directives or heuristic (the default value)
1= stale if heuristic
2= always stale (always revalidate)
3= never stale
4= use cache directives or heuristic (0) unless the request
has an
If-Modified-Sinceheader
If the request contains the
If-Modified-Sinceheader, thenTraffic Server always revalidates the cached content and uses theclient’s
If-Modified-Sinceheader for the proxy request.
proxy.config.http.cache.required_headers¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 2 |
Reloadable: | Yes |
0= no headers required to make document cacheable
1= either the
Last-Modifiedheader, or an explicit lifetime header,
Expiresor
Cache-Control: max-age, is required
2= explicit lifetime is required,
Expiresor
Cache-Control: max-age
proxy.config.http.cache.max_stale_age¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 604800 |
Reloadable: | Yes |
proxy.config.http.cache.range.lookup¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 1 |
1), Traffic Server looks up range requests in the cache.
proxy.config.http.cache.range.write¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 0 |
1), Traffic Server will attempt to write (lock) the URLto cache. This is rarely useful (at the moment), since it’ll only be ableto write to cache if the origin has ignored the
Range:` header. For a usecase where you know the origin will respond with a full (``200) response,you can turn this on to allow it to be cached.
proxy.config.http.cache.ignore_accept_mismatch¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 2 |
Reloadable: | Yes |
1, Traffic Server serves documents from cache with a
Content-Type:header even if it does not match the
Accept:header of therequest. If set to
2(default), this logic only happens in the absence of a
Varyheader in the cached response (which is the recommended and safe use).
Note
This option should only be enabled with
1if you’re havingproblems with caching and you origin server doesn’t set the
Varyheader. Alternatively, if the origin is incorrectly setting
Vary: Acceptor doesn’t respond with
406 (Not Acceptable),you can also enable this configuration with a
1.
proxy.config.http.cache.ignore_accept_language_mismatch¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 2 |
Reloadable: | Yes |
1, Traffic Server serves documents from cache with a
Content-Language:header even if it does not match the
Accept-Language:header of the request. If set to
2(default), this logic only happens in the absence of a
Varyheader in the cached response (which is the recommended and safe use).
Note
This option should only be enabled with
1if you’re havingproblems with caching and you origin server doesn’t set the
Varyheader. Alternatively, if the origin is incorrectly setting
Vary: Accept-Languageor doesn’t respond with
406 (Not Acceptable),you can also enable this configuration with a
1.
proxy.config.http.cache.ignore_accept_encoding_mismatch¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 2 |
Reloadable: | Yes |
1, Traffic Server serves documents from cache with a
Content-Encoding:header even if it does not match the
Accept-Encoding:header of the request. If set to
2(default), this logic only happens in the absence of a
Varyheader in the cached response (which is the recommended and safe use).
Note
This option should only be enabled with
1if you’re havingproblems with caching and you origin server doesn’t set the
Varyheader. Alternatively, if the origin is incorrectly setting
Vary: Accept-Encodingor doesn’t respond with
406 (Not Acceptable)you can also enable this configuration with a
1.
proxy.config.http.cache.ignore_accept_charset_mismatch¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 2 |
Reloadable: | Yes |
1, Traffic Server serves documents from cache with a
Content-Type:header even if it does not match the
Accept-Charset:headerof the request. If set to
2(default), this logic only happens in the absence of a
Varyheader in the cached response (which is the recommended and safe use).
Note
This option should only be enabled with
1if you’re havingproblems with caching and you origin server doesn’t set the
Varyheader. Alternatively, if the origin is incorrectly setting
Vary: Accept-Charsetor doesn’t respond with
406 (Not Acceptable),you can also enable this configuration with a
1.
proxy.config.http.cache.ignore_client_cc_max_age¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 1 |
Reloadable: | Yes |
1), Traffic Server ignores any
Cache-Control:max-ageheaders from the client. This technically violates the HTTP RFC,but avoids a problem where a client can forcefully invalidate a cached object.
proxy.config.cache.max_doc_size¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 0 |
0is unlimited.
proxy.config.cache.permit.pinning¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 1 |
Reloadable: | Yes |
1), Traffic Server will keep certain HTTP objects in the cache for a certain time as specified in cache.config.
proxy.config.cache.hit_evacuate_percent¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 0 |
cache stripe) in front of thewrite cursor that constitutes a recent access hit
for evacutating the accessed object.
When an object is accessed it can be marked for evacuation, that is to be copied over the write cursor andthereby preserved from being overwritten. This is done if it is no more than a specific number of bytes in front ofthe write
cursor. The number of bytes is a percentage of the total number of bytes of content storage in the cachestripe where the object is stored and that percentage is set by this variable.
By default, the feature is off (set to 0).
proxy.config.cache.hit_evacuate_size_limit¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 0 |
Metric: | bytes |
Objects larger than the limit are not hit evacuated. A value of 0 disables the limit.
proxy.config.cache.limits.http.max_alts¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 5 |
proxy.config.cache.target_fragment_size¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 1048576 |
RAM Cache¶
proxy.config.cache.ram_cache.size¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | -1 |
proxy.config.cache.ram_cache_cutoff¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 4194304 |
proxy.config.cache.ram_cache.algorithm¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 0 |
thisconfiguration to 1.
proxy.config.cache.ram_cache.use_seen_filter¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 0 |
LRU, this provides scanresistance. Note that CLFUS already requires that a document have historybefore it is inserted, so for
CLFUS, setting this option means that adocument must be seen three times before it is added to the RAM cache.
proxy.config.cache.ram_cache.compress¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 0 |
Content-Encoding:gzipcompression.The RAM cache compression is intended to try to save space in the RAM,and is not visible to the User-Agent (client).
Possible values are:
0= no compression
1= fastlz (extremely fast, relatively low compression)
2= libz (moderate speed, reasonable compression)
3= liblzma (very slow, high compression)
Note
Compression runs on task threads. To use more cores for RAM cache compression, increase
proxy.config.task_threads.
Heuristic Expiration¶
proxy.config.http.cache.heuristic_min_lifetime¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 3600 |
Reloadable: | Yes |
proxy.config.http.cache.heuristic_max_lifetime¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 86400 |
Reloadable: | Yes |
proxy.config.http.cache.heuristic_lm_factor¶
Scope: | CONFIG |
---|---|
Type: | FLOAT |
Default: | 0.10 |
Reloadable: | Yes |
proxy.config.http.cache.fuzz.time¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 240 |
Reloadable: | Yes |
Fuzzy Revalidation
proxy.config.http.cache.fuzz.probability¶
Scope: | CONFIG |
---|---|
Type: | FLOAT |
Default: | 0.005 |
Reloadable: | Yes |
proxy.config.http.cache.fuzz.min_time¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 0 |
Reloadable: | Yes |
By default this setting is not enabled, but should be enabled anytime you have objects with small TTLs. The default value is
0.
Dynamic Content & Content Negotiation¶
proxy.config.http.cache.vary_default_text¶
Scope: | CONFIG |
---|---|
Type: | STRING |
Default: | NULL |
Reloadable: | Yes |
For example: if you specify
User-agent, then Traffic Server cachesall the different user-agent versions of documents it encounters.
proxy.config.http.cache.vary_default_images¶
Scope: | CONFIG |
---|---|
Type: | STRING |
Default: | NULL |
Reloadable: | Yes |
proxy.config.http.cache.vary_default_other¶
Scope: | CONFIG |
---|---|
Type: | STRING |
Default: | NULL |
Reloadable: | Yes |
proxy.config.http.cache.open_read_retry_time¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 10 |
Reloadable: | Yes |
proxy.config.http.cache.max_open_read_retries¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | -1 |
Reloadable: | Yes |
Customizable User Response Pages¶
proxy.config.body_factory.enable_customizations¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 1 |
1= enable customizable user response pages in the default directory only
2= enable language-targeted user response pages
proxy.config.body_factory.enable_logging¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 0 |
1) or disables (
0) logging for customizable response pages. When enabled, Traffic Server records a message inthe error
log each time a customized response page is used or modified.
proxy.config.body_factory.template_sets_dir¶
Scope: | CONFIG |
---|---|
Type: | STRING |
Default: | etc/trafficserver/body_factory |
PREFIXdirectory.
proxy.config.body_factory.response_suppression_mode¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 0 |
0= never suppress generated response pages
1= always suppress generated response pages
2= suppress response pages only for intercepted traffic
proxy.config.http_ui_enabled¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 0 |
remap.config:
0= disable all http UI endpoints
1= enable only cache endpoints
2= enable only stats endpoints
3= enable all http UI endpoints
To enable any enpoint there needs to be an entry in
remap.configwhichspecifically enables it. Such a line would look like:
map / http://{stat}
The following are the cache endpoints:
cache= UI to interact with the cache
The following are the stats endpoints:
cache-internal= statistics about cache evacuation and volumes
hostdb= lookups against the hostdb
http= HTTPSM details, this endpoint is also gated by
proxy.config.http.enable_http_info
net= lookup and listing of open connections
stat= list of all records.config options and metrics
test= test callback page
proxy.config.http.enable_http_info¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 0 |
1) or disables (
0) access to an endpoint within
proxy.config.http_ui_enabledwhich shows details about inflight transactions (HttpSM).
DNS¶
proxy.config.dns.search_default_domains¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 0 |
Reloadable: | Yes |
1) or disables (
0) local domain expansion.
Traffic Server can attempt to resolve unqualified hostnames byexpanding to the local domain. For example if a client makes arequest to an unqualified host (
host_x) and the Traffic Serverlocal
domain is
y.com, then Traffic Server will expand thehostname to
host_x.y.com.
proxy.config.dns.splitDNS.enabled¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 0 |
Reloadable: | Yes |
1) or disables (
0) DNS server selection. When enabled, Traffic Server refers to the
splitdns.configfile forthe selection specification. Refer to
Configuring DNS Server Selection (Split DNS).
proxy.config.dns.url_expansions¶
Scope: | CONFIG |
---|---|
Type: | STRING |
Default: | NULL |
orgas the value for this variable (Traffic Server automaticallyadds the dot (.)).
Note
If the variable
proxy.config.http.enable_url_expandomaticis set to
1(the default value), then you do not have toadd
``www.`` and ``.com`` to this list because Traffic Server automatically tries www. and .com after trying the valuesyou’ve specified.
proxy.config.dns.resolv_conf¶
Scope: | CONFIG |
---|---|
Type: | STRING |
Default: | /etc/resolv.conf |
resolv.conffile to use for finding resolvers. While the format of this file must be the same as thestandard
resolv.conffile, this option allows an administrator to manage the set of resolvers in an external configuration file,without affecting how the rest of the operating system uses DNS.
proxy.config.dns.round_robin_nameservers¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 1 |
Reloadable: | Yes |
1) or disables (
0) DNS server round-robin.
proxy.config.dns.nameservers¶
Scope: | CONFIG |
---|---|
Type: | STRING |
Default: | NULL |
Reloadable: | Yes |
proxy.config.srv_enabled¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 0 |
Reloadable: | Yes |
proxy.config.dns.dedicated_thread¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 0 |
otherwise takes on the burden ofall DNS lookups).
proxy.config.dns.validate_query_name¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 0 |
HostDB¶
proxy.config.hostdb.lookup_timeout¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 120 |
Metric: | seconds |
Reloadable: | Yes |
proxy.config.hostdb.serve_stale_for¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | *NONE* |
Metric: | seconds |
Reloadable: | Yes |
If not set then stale records are not served.
proxy.config.hostdb.storage_size¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 33554432 |
Metric: | bytes |
hostdb.The value of this variable must be increased if you increase the size of theproxy.config.hostdb.size
variable.
proxy.config.hostdb.size¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 120000 |
Note
For values above
200000, you must increase
proxy.config.hostdb.storage_sizeby at least 44 bytes per entry.
proxy.config.hostdb.ttl_mode¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 0 |
Reloadable: | Yes |
proxy.config.hostdb.timeout. Thisvariable determines which value will be used.
Value | TTL |
---|---|
0 | The TTL from the DNS response. |
1 | The internal timeout value. |
2 | The smaller of the DNS and internal TTL values. The internal timeout value becomes a maximum TTL. |
3 | The larger of the DNS and internal TTL values. The internal timeout value become a minimum TTL. |
proxy.config.hostdb.timeout¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 1440 |
Metric: | minutes |
Reloadable: | Yes |
in minutes.
See
proxy.config.hostdb.ttl_modefor when this value is used.
proxy.config.hostdb.strict_round_robin¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 0 |
Reloadable: | Yes |
When this and
proxy.config.hostdb.timed_round_robinare both disabled (set to
0), Traffic Server alwaysuses the same origin server for the same client, for as long as the origin server is available. Otherwise if this isset then IP address is rotated on every request. This
setting takes precedence over
proxy.config.hostdb.timed_round_robin.
proxy.config.hostdb.timed_round_robin¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 0 |
Reloadable: | Yes |
When this and
proxy.config.hostdb.strict_round_robinare both disabled (set to
0), Traffic Server alwaysuses the same origin server for the same client, for as long as the origin server is available. Otherwise if this isset to
N the IP address is rotated if more than N seconds have past since the first time thecurrent address was used.
proxy.config.hostdb.host_file.path¶
Scope: | CONFIG |
---|---|
Type: | STRING |
Default: | /etc/hosts |
If this is set (non-empty) then the file is presumed to be a hosts file in the standard
host file format. It is read and the entries there added to the HostDB. The file is periodically checked for a more recent modification date in which case it is reloaded. The interval is set by the value
proxy.config.hostdb.host_file.interval.
While not technically reloadable, the value is read every time the file is to be checked so that if changed the newvalue will be used on the next check and the file will be treated as modified.
proxy.config.hostdb.host_file.interval¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 86400 |
Metric: | seconds |
Reloadable: | Yes |
proxy.config.hostdb.host_file.path.
The file is checked every this many seconds to see if it has changed. If so the HostDB is updated with the new values in the file.
proxy.config.hostdb.ip_resolve¶
Scope: | CONFIG |
---|---|
Type: | STRING |
Default: | NULL |
This is an ordered list of keywords separated by semicolons that specify how a host name is to be resolved to an IP address. The keywords are caseinsensitive.
Keyword | Meaning |
---|---|
ipv4 | Resolve to an IPv4 address. |
ipv6 | Resolve to an IPv6 address. |
client | Resolve to the same family as the client IP address. |
none | Stop resolving. |
nonemeans to give up resolutionentirely. The keyword list has a maximum length of three keywords, more are never needed. By default there is animplicit
ipv4;ipv6attached to the end of the string unless the keyword
noneappears.
Example
Use the incoming client family, then try IPv4 and IPv6.
client;ipv4;ipv6
Because of the implicit resolution this can also be expressed as just
client
Example
Resolve only to IPv4.
ipv4;none
Example
Resolve only to the same family as the client (do not permit cross family transactions).
client;none
This value is a global default that can be overridden by
proxy.config.http.server_ports.
Note
This style is used as a convenience for the administrator. During a resolution the
resolution order will beone family, then possibly the other. This is determined by changing
clientto
ipv4or
ipv6based on theclient IP address and then removing duplicates.
Important
This option has no effect on outbound transparent connections The local IP address used in the connection to theorigin server is determined by the client, which forces the IP address family of the address used for the originserver. In effect,
outbound transparent connections always use a resolution style of “
client”.
Logging Configuration¶
proxy.config.log.logging_enabled¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 3 |
Reloadable: | Yes |
0= logging disabled
1= log errors only
2= log transactions only
3= full logging (errors + transactions)
Refer to
Working with Log Files.
proxy.config.log.max_secs_per_buffer¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 5 |
Reloadable: | Yes |
proxy.config.log.max_space_mb_for_logs¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 25000 |
Metric: | megabytes |
Reloadable: | Yes |
Note
All files in the logging directory contribute to the space used, even if they are not log files. In collation clientmode, if there is no local disk logging, or
proxy.config.log.max_space_mb_for_orphan_logsis set to a highervalue than
proxy.config.log.max_space_mb_for_logs, TS will take
proxy.config.log.max_space_mb_for_orphan_logs
for maximum allowed log space.
proxy.config.log.max_space_mb_for_orphan_logs¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 25 |
Metric: | megabytes |
Reloadable: | Yes |
Note
When max_space_mb_for_orphan_logs is take as the maximum allowed log space in the logging system, the same rule applyto proxy.config.log.max_space_mb_for_logs also apply to proxy.config.log.max_space_mb_for_orphan_logs, ie: All filesin the logging
directory contribute to the space used, even if they are not log files. you may need to consider thiswhen you enable full remote logging, and bump to the same size as proxy.config.log.max_space_mb_for_logs.
proxy.config.log.max_space_mb_headroom¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 1000 |
Metric: | megabytes |
Reloadable: | Yes |
proxy.config.log.auto_delete_rolled_filesis set to
1(enabled), then autodeletion of log files is triggered when the amount of free space available in the logging directory is less thanthe value specified here.
proxy.config.log.hostname¶
Scope: | CONFIG |
---|---|
Type: | STRING |
Default: | localhost |
Reloadable: | Yes |
proxy.config.log.logfile_dir¶
Scope: | CONFIG |
---|---|
Type: | STRING |
Default: | var/log/trafficserver |
Reloadable: | Yes |
PREFIXdirectory in which TrafficServer is installed.
Note
The directory you specify must already exist.
proxy.config.log.logfile_perm¶
Scope: | CONFIG |
---|---|
Type: | STRING |
Default: | rw-r–r– |
Reloadable: | Yes |
-no permission
rread permission
wwrite permission
xexecute permission
Permissions are subject to the umask settings for the Traffic Server process. This means that a umask setting of
002will not allowwrite permission for others, even if specified
in the configuration file. Permissions for existing log files are not changed when theconfiguration is changed.
proxy.config.log.custom_logs_enabled¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 1 |
Reloadable: | Yes |
1) or disables (
0) custom logging.
proxy.config.log.squid_log_enabled¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 1 |
Reloadable: | Yes |
1) or disables (
0) the
squid log file format.
proxy.config.log.squid_log_is_ascii¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 0 |
Reloadable: | Yes |
1= ASCII
0= binary
proxy.config.log.squid_log_name¶
Scope: | CONFIG |
---|---|
Type: | STRING |
Default: | squid |
Reloadable: | Yes |
squid log filename.
proxy.config.log.squid_log_header¶
Scope: | CONFIG |
---|---|
Type: | STRING |
Default: | NULL |
squid log file header text.
proxy.config.log.common_log_enabled¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 0 |
Reloadable: | Yes |
1) or disables (
0) the
Netscape common log file format.
proxy.config.log.common_log_is_ascii¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 1 |
Reloadable: | Yes |
1= ASCII
0= binary
proxy.config.log.common_log_name¶
Scope: | CONFIG |
---|---|
Type: | STRING |
Default: | common |
Reloadable: | Yes |
proxy.config.log.common_log_header¶
Scope: | CONFIG |
---|---|
Type: | STRING |
Default: | NULL |
Reloadable: | Yes |
proxy.config.log.extended_log_enabled¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 0 |
Reloadable: | Yes |
1) or disables (
0) the
Netscape extended log file format.
proxy.config.log.extended_log_is_ascii¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 0 |
1= ASCII
0= binary
proxy.config.log.extended_log_name¶
Scope: | CONFIG |
---|---|
Type: | STRING |
Default: | extended |
proxy.config.log.extended_log_header¶
Scope: | CONFIG |
---|---|
Type: | STRING |
Default: | NULL |
Reloadable: | Yes |
proxy.config.log.extended2_log_enabled¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 0 |
Reloadable: | Yes |
1) or disables (
0) the
Netscape Extended-2 log fileformat.
proxy.config.log.extended2_log_is_ascii¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 1 |
Reloadable: | Yes |
1= ASCII
0= binary
proxy.config.log.extended2_log_name¶
Scope: | CONFIG |
---|---|
Type: | STRING |
Default: | extended2 |
Reloadable: | Yes |
proxy.config.log.extended2_log_header¶
Scope: | CONFIG |
---|---|
Type: | STRING |
Default: | NULL |
Reloadable: | Yes |
proxy.config.log.separate_icp_logs¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 0 |
Reloadable: | Yes |
1), configures Traffic Server to store ICP transactions in a separate log file.
0= separation is disabled, all ICP transactions are recorded in the same file as HTTP transactions
1= all ICP transactions are recorded in a separate log file.
-1= filter all ICP transactions from the default log files; ICP transactions are not logged anywhere.
proxy.config.log.separate_host_logs¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 0 |
Reloadable: | Yes |
1), configures Traffic Server to create a separate log file for HTTP transactions for each origin server listed in the
log_hosts.config
file. Refer to
HTTP Host Log Splitting.
proxy.local.log.collation_mode¶
Scope: | LOCAL |
---|---|
Type: | INT |
Default: | 0 |
Reloadable: | Yes |
Value | Effect |
---|---|
0 | collation is disabled |
1 | this host is a log collation server |
2 | this host is a collation client and sends entries using standard formats to the collation server |
3 | this host is a collation client and sends entries using the traditional custom formats to the collation server |
4 | this host is a collation client and sends entries that use both the standard and traditional custom formats to the collation server |
logs_xml.config.
Note
Although Traffic Server supports traditional custom logging, you should use the more versatile XML-based custom formats.
proxy.config.log.collation_host¶
Scope: | CONFIG |
---|---|
Type: | STRING |
Default: | NULL |
proxy.config.log.collation_port¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 8085 |
Reloadable: | Yes |
proxy.config.log.collation_secret¶
Scope: | CONFIG |
---|---|
Type: | STRING |
Default: | foobar |
Reloadable: | Yes |
proxy.config.log.collation_host_tagged¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 0 |
Reloadable: | Yes |
1), configures Traffic Server to include the hostname of the collation client that generated the log entry in each entry.
proxy.config.log.collation_retry_sec¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 5 |
Reloadable: | Yes |
proxy.config.log.rolling_enabled¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 1 |
Reloadable: | Yes |
0= disables log file rolling
1= enables log file rolling at specific intervals during the day (specified with the
proxy.config.log.rolling_interval_sec and
proxy.config.log.rolling_offset_hr variables)
2= enables log file rolling when log files reach a specific size (specified with the
proxy.config.log.rolling_size_mb variable)
3= enables log file rolling at specific intervals during the day or when log files reach a specific size (whichever occurs first)
4= enables log file rolling at specific intervals during the day when log files reach a specific size (i.e., at a specified
time if the file is of the specified size)
proxy.config.log.rolling_interval_sec¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 86400 |
Reloadable: | Yes |
60(1 minute). The maximum, and default, value is 86400 seconds (one day).
Note
If you start Traffic Server within a few minutes of the next rolling time, then rolling might not occur until the next rolling time.
proxy.config.log.rolling_offset_hr¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 0 |
Reloadable: | Yes |
proxy.config.log.rolling_size_mb¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 10 |
Reloadable: | Yes |
proxy.config.log.auto_delete_rolled_files¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 1 |
Reloadable: | Yes |
1) or disables (
0) automatic deletion of rolled files.
proxy.config.log.sampling_frequency¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 1 |
Reloadable: | Yes |
1= log every transaction
2= log every second transaction
3= log every third transaction and so on...
proxy.config.http.slow.log.threshold¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 0 |
Metric: | milliseconds |
Reloadable: | Yes |
N milliseconds from accept tocompletion will cause its timing stats to be written to the
debugging log file. This is identifying data about the transaction and all of the
transaction milestones.
Diagnostic Logging Configuration¶
proxy.config.diags.output.diag¶
Scope: | CONFIG |
---|---|
Type: | STRING |
Default: | E |
proxy.config.diags.output.debug¶
Scope: | CONFIG |
---|---|
Type: | STRING |
Default: | E |
proxy.config.diags.output.status¶
Scope: | CONFIG |
---|---|
Type: | STRING |
Default: | L |
proxy.config.diags.output.note¶
Scope: | CONFIG |
---|---|
Type: | STRING |
Default: | L |
proxy.config.diags.output.warning¶
Scope: | CONFIG |
---|---|
Type: | STRING |
Default: | L |
proxy.config.diags.output.error¶
Scope: | CONFIG |
---|---|
Type: | STRING |
Default: | SL |
proxy.config.diags.output.fatal¶
Scope: | CONFIG |
---|---|
Type: | STRING |
Default: | SL |
proxy.config.diags.output.alert¶
Scope: | CONFIG |
---|---|
Type: | STRING |
Default: | L |
proxy.config.diags.output.emergency¶
Scope: | CONFIG |
---|---|
Type: | STRING |
Default: | SL |
are:
‘O’ = Log to standard output
‘E’ = Log to standard error
‘S’ = Log to syslog
‘L’ = Log to diags.log
Example
To log debug diagnostics to both syslog and diags.log:
CONFIG proxy.config.diags.output.debug STRING SL
proxy.config.diags.show_location¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 1 |
proxy.config.diags.debug.enabled¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 0 |
debug.
proxy.config.diags.debug.tags¶
Scope: | CONFIG |
---|---|
Type: | STRING |
Default: | http.*|dns.* |
Tag | Subsytem usage |
---|---|
dns | DNS query resolution |
http_hdrs | Logs the headers for HTTP requests and responses |
privileges | Privilege elevation |
ssl | TLS termination and certificate processing |
TSDebug()API, passing the plugin name as the debugtag.
Reverse Proxy¶
proxy.config.reverse_proxy.enabled¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 1 |
Reloadable: | Yes |
1) or disables (
0) HTTP reverse proxy.
proxy.config.header.parse.no_host_url_redirect¶
Scope: | CONFIG |
---|---|
Type: | STRING |
Default: | NULL |
Reloadable: | Yes |
URL Remap Rules¶
proxy.config.url_remap.filename¶
Scope: | CONFIG |
---|---|
Type: | STRING |
Default: | remap.config |
remap.configfile.
proxy.config.url_remap.default_to_server_pac¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 0 |
Reloadable: | Yes |
1) or disables (
0) requests for a PAC file on the proxyservice port (8080 by default) to be redirected to the PACport.
For this type of redirection to work, the variableproxy.config.reverse_proxy.enabled must be set to
1.
proxy.config.url_remap.default_to_server_pac_port¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | -1 |
Reloadable: | Yes |
-1is the defaultsetting that sets the PAC port to the autoconfiguration port (thedefault autoconfiguration port is 8083). This variable can be usedtogether with the
proxy.config.url_remap.default_to_server_pacvariable to get a PAC file from a different port. You must createand run a process that serves a PAC file on this port. For example:if you create a Perl script that listens on port 9000 and writes aPAC file in
response to any request, then you can set this variableto
9000. Browsers that request the PAC file from a proxy serveron port 8080 will get the PAC file served by the Perl script.
proxy.config.url_remap.remap_required¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 1 |
Reloadable: | Yes |
1if you want Traffic Server to serverequests only from origin servers listed in the mapping rules of the
remap.config
file. If a request does not match, then the browserwill receive an error.
proxy.config.url_remap.pristine_host_hdr¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 0 |
Reloadable: | Yes |
1if you want to retain the client hostheader in a request during remapping.
SSL Termination¶
proxy.config.ssl.SSLv2¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 0 |
1) or disables (
0) SSLv2. Please don’t enable it.
proxy.config.ssl.SSLv3¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 0 |
1) or disables (
0) SSLv3.
proxy.config.ssl.TLSv1¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 1 |
1) or disables (
0) TLSv1.
proxy.config.ssl.TLSv1_1¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 1 |
1) or disables (
0) TLS v1.1. If not specified, enabled by default. [Requires OpenSSL v1.0.1 and higher]
proxy.config.ssl.TLSv1_2¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 1 |
1) or disables (
0) TLS v1.2. If not specified, DISABLED by default. [Requires OpenSSL v1.0.1 and higher]
proxy.config.ssl.client.certification_level¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 0 |
0= no client certificates are required. Traffic Server does
not verify client certificates during the SSL handshake. Accessto Traffic Server depends on Traffic Server configuration options(such as access control lists).
1= client certificates are optional. If a client has a
certificate, then the certificate is validated. If the clientdoes not have a certificate, then the client is still allowedaccess to Traffic Server unless access is denied through otherTraffic Server configuration options.
2= client certificates are required. The client must be
authenticated during the SSL handshake. Clients without acertificate are not allowed to access Traffic Server.
proxy.config.ssl.number.threads¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 0 |
0= autoconfigure, this will allow Traffic Server to determinethe appropriate number of threads
-1= disable, this makes ET_NET threads behave like ET_SSL threadsNote: this does not disable SSL, it simply allows another thread poolto assist in SSL tasks without dedicated SSL threads.
>0= Use a non-zero number of SSL threads
proxy.config.ssl.server.multicert.filename¶
Scope: | CONFIG |
---|---|
Type: | STRING |
Default: | ssl_multicert.config |
ssl_multicert.configfile, relativeto the Traffic Server configuration directory. In the followingexample, if the Traffic Server configuration directory is/etc/trafficserver,
the Traffic Server SSL configuration fileand the corresponding certificates are located in/etc/trafficserver/ssl:
CONFIG proxy.config.ssl.server.multicert.filename STRING ssl/ssl_multicert.config CONFIG proxy.config.ssl.server.cert.path STRING etc/trafficserver/ssl CONFIG proxy.config.ssl.server.private_key.path STRING etc/trafficserver/ssl
proxy.config.ssl.server.cert.path¶
Scope: | CONFIG |
---|---|
Type: | STRING |
Default: | /config |
ssl_multicert.configwill be loaded relative to this path.
proxy.config.ssl.server.private_key.path¶
Scope: | CONFIG |
---|---|
Type: | STRING |
Default: | NULL |
ssl_multicert.configwill be loaded relative to thispath.
proxy.config.ssl.server.cert_chain.filename¶
Scope: | CONFIG |
---|---|
Type: | STRING |
Default: | NULL |
ssl_multicert.config.Unless this is an absolute path, it is loaded relative to thepath specified by
proxy.config.ssl.server.cert.path.
proxy.config.ssl.server.dhparams_file¶
Scope: | CONFIG |
---|---|
Type: | STRING |
Default: | NULL |
RFC 5114 areused. These parameters are only used if a DHE (or EDH) cipher suite hasbeen selected.
proxy.config.ssl.CA.cert.path¶
Scope: | CONFIG |
---|---|
Type: | STRING |
Default: | NULL |
proxy.config.ssl.CA.cert.filename¶
Scope: | CONFIG |
---|---|
Type: | STRING |
Default: | NULL |
proxy.config.ssl.server.ticket_key.filename¶
Scope: | CONFIG |
---|---|
Type: | STRING |
Default: | ssl_ticket.key |
ssl_ticket.keyfile, relative to the
proxy.config.ssl.server.cert.path
directory.
proxy.config.ssl.max_record_size¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 0 |
can have a value between 0and 16383 (max TLS record size).
The default of
0means to always write all available data intoa single SSL record.
A value of
-1means TLS record size is dynamically determined. Thestrategy employed is to use small TLS records that fit into a singleTCP segment for the first ~1 MB of
data, but, increase the record size to16 KB after that to optimize throughput. The record size is reset back toa single segment after ~1 second of inactivity and the record size rampingmechanism is repeated again.
proxy.config.ssl.session_cache¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 2 |
0= Disables the session cache entirely
1= Enables the session cache using OpenSSLs implementation.
2= (default) Enables the session cache using Traffic Server’s implementation.
This implentation should perform much better than the OpenSSLimplementation.
proxy.config.ssl.session_cache.timeout¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 0 |
0, then the SSL library will usea default value, typically 300 seconds. Note: This option has no affectwhen using the Traffic Server session cache (option
2in
proxy.config.ssl.session_cache)
proxy.config.ssl.session_cache.auto_clear¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 1 |
1it can be disabled by changing this setting to
0.
proxy.config.ssl.session_cache.size¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 102400 |
proxy.config.ssl.session_cache.num_buckets¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 1024 |
proxy.config.ssl.session_cache.skip_cache_on_bucket_contention¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 0 |
0= (default) Don’t skip session caching when bucket lock is contented.
1= Don’t use the SSL session cache for this connection during lock contention.
proxy.config.ssl.hsts_max_age¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | -1 |
0will set the max-age value to
0and should remove theHSTS entry from the client. A value of
-1will disable this feature andnot set the header. This option is only used for HTTPS requests and theheader will not be set on HTTP requests.
proxy.config.ssl.hsts_include_subdomains¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 0 |
1) or disables (
0) adding the includeSubdomain valueto the Strict-Transport-Security header. proxy.config.ssl.hsts_max_ageneeds
to be set to a non
-1value for this configuration to take effect.
proxy.config.ssl.allow_client_renegotiation¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 0 |
0, meansthe client can’t initiate renegotiation.
proxy.config.ssl.cert.load_elevated¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 0 |
1) or disables (
0) elevation of traffic_serverprivileges during loading of SSL certificates. By
enabling this, SSLcertificate files’ access rights can be restricted to help reduce thevulnerability of certificates.
This feature requires Traffic Server to be built with POSIXcapabilities enabled.
Client-Related Configuration¶
proxy.config.ssl.client.verify.server¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 0 |
proxy.config.ssl.client.cert.filename¶
Scope: | CONFIG |
---|---|
Type: | STRING |
Default: | NULL |
proxy.config.ssl.client.cert.path¶
Scope: | CONFIG |
---|---|
Type: | STRING |
Default: | /config |
proxy.config.ssl.client.private_key.filename¶
Scope: | CONFIG |
---|---|
Type: | STRING |
Default: | NULL |
proxy.config.ssl.client.private_key.path¶
Scope: | CONFIG |
---|---|
Type: | STRING |
Default: | NULL |
proxy.config.ssl.client.CA.cert.filename¶
Scope: | CONFIG |
---|---|
Type: | STRING |
Default: | NULL |
proxy.config.ssl.client.CA.cert.path¶
Scope: | CONFIG |
---|---|
Type: | STRING |
Default: | NULL |
ICP Configuration¶
proxy.config.icp.enabled¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 0 |
0= disables ICP
1= allows Traffic Server to receive ICP queries only
2= allows Traffic Server to send and receive ICP queries
Refer to <admin-icp-peering>.
proxy.config.icp.icp_interface¶
Scope: | CONFIG |
---|---|
Type: | STRING |
Default: | your_interface |
Note
The Traffic Server installation script detects yournetwork interface and sets this variable appropriately. If yoursystem has multiple network interfaces, check that this variablespecifies the correct interface.
proxy.config.icp.icp_port¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 3130 |
Reloadable: | Yes |
proxy.config.icp.query_timeout¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 2 |
Reloadable: | Yes |
HTTP/2 Configuration¶
proxy.config.http2.enabled¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 0 |
Note
This configuration will be eliminated for v6.0.0, where HTTP/2 isenabled by default and controlled via the ports configuration.
proxy.config.http2.max_concurrent_streams_in¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 100 |
Reloadable: | Yes |
Note
Reloading this value affects only new HTTP/2 connections, not theones already established.
proxy.config.http2.initial_window_size_in¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 1048576 |
Reloadable: | Yes |
proxy.config.http2.max_frame_size¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 16384 |
Reloadable: | Yes |
proxy.config.http2.header_table_size¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 4096 |
Reloadable: | Yes |
proxy.config.http2.max_header_list_size¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 4294967295 |
Reloadable: | Yes |
SPDY Configuration¶
proxy.config.spdy.accept_no_activity_timeout¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 30 |
Reloadable: | Yes |
proxy.config.spdy.no_activity_timeout_in¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 30 |
Reloadable: | Yes |
proxy.config.spdy.initial_window_size_in¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 65536 |
Reloadable: | Yes |
proxy.config.spdy.max_concurrent_streams_in¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 100 |
Reloadable: | Yes |
Note
Reloading this value affects only new SPDY connections, not theones already established..
Scheduled Update Configuration¶
proxy.config.update.enabled¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 0 |
1) or disables (
0) the Scheduled Update option.
proxy.config.update.force¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 0 |
Reloadable: | Yes |
1) or disables (
0) a force immediate update. Whenenabled, Traffic Server overrides the scheduling expiration time forall
scheduled update entries and initiates updates until this optionis disabled.
proxy.config.update.retry_count¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 10 |
Reloadable: | Yes |
proxy.config.update.retry_interval¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 2 |
Reloadable: | Yes |
proxy.config.update.concurrent_updates¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 100 |
Reloadable: | Yes |
Plug-in Configuration¶
proxy.config.plugin.plugin_dir¶
Scope: | CONFIG |
---|---|
Type: | STRING |
Default: | config/plugins |
proxy.config.remap.num_remap_threads¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 0 |
0, plugin remap callbacks areexecuted in line on network threads. If remap processing takessignificant time, this can be cause additional request latency.Setting
this variable to causes remap processing to take placeon a dedicated thread pool, freeing the network threads to serviceadditional requests.
SOCKS Processor¶
proxy.config.socks.socks_needed¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 0 |
1) or disables (
0) the SOCKS processor
proxy.config.socks.socks_version¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 4 |
4) or (
5)
proxy.config.socks.socks_config_file¶
Scope: | CONFIG |
---|---|
Type: | STRING |
Default: | socks.config |
proxy.config.socks.socks_timeout¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 100 |
proxy.config.socks.server_connect_timeout¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 10 |
proxy.config.socks.per_server_connection_attempts¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 1 |
proxy.config.socks.connection_attempts¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 4 |
proxy.config.socks.server_retry_timeout¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 300 |
proxy.config.socks.default_servers¶
Scope: | CONFIG |
---|---|
Type: | STRING |
Default: | *NONE* |
proxy.config.socks.server_retry_time¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 300 |
proxy.config.socks.server_fail_threshold¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 2 |
proxy.config.socks.accept_enabled¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 0 |
proxy.config.socks.accept_port¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 1080 |
proxy.config.socks.http_port¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 80 |
Sockets¶
proxy.config.net.defer_accept¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 1 |
1meaning
onall Platforms except Linux:
45seconds
This directive enables operating system specific optimizations for a listening socket.
defer_acceptholds a call to
accept(2)back until data has arrived. In Linux’ special case this is up to a maximum of 45 seconds.
proxy.config.net.sock_send_buffer_size_in¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 0 |
proxy.config.net.sock_recv_buffer_size_in¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 0 |
proxy.config.net.sock_option_flag_in¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 0x5 |
TCP_NODELAY (1) SO_KEEPALIVE (2) SO_LINGER (4) - with a timeout of 0 seconds
Note
This is a bitmask and you need to decide what bits to set. Therefore,you must set the value to
3if you want to enable nodelay andkeepalive options above.
proxy.config.net.sock_send_buffer_size_out¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 0 |
proxy.config.net.sock_recv_buffer_size_out¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 0 |
proxy.config.net.sock_option_flag_out¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 0x1 |
TCP_NODELAY (1) SO_KEEPALIVE (2) SO_LINGER (4) - with a timeout of 0 seconds
Note
This is a bitmask and you need to decide what bits to set. Therefore,you must set the value to
3if you want to enable nodelay andkeepalive options above.
When SO_LINGER is enabled, the linger timeout time is setto 0. This is useful when Traffic Server and the origin serverare co-located and large numbers of sockets are retainedin the TIME_WAIT state.
proxy.config.net.sock_mss_in¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 0 |
--accept_mssthat sets the MSS for all incoming requests.
proxy.config.net.sock_packet_mark_in¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 0x0 |
See also
Traffic Shaping
proxy.config.net.sock_packet_mark_out¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 0x0 |
See also
Traffic Shaping
proxy.config.net.sock_packet_tos_in¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 0x0 |
See also
Traffic Shaping
proxy.config.net.sock_packet_tos_out¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 0x0 |
See also
Traffic Shaping
proxy.config.net.poll_timeout¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 10 (or 30 on Solaris) |
--poll_timeout, or
-t, whichspecifies the timeout used for the polling mechanism used. This timeout isalways in milliseconds (ms). This is the timeout to
epoll_wait()onLinux platforms, and to
kevent()on BSD type OSs. The default value is
10on all platforms.
Changing this configuration can reduce CPU usage on an idle system, sinceperiodic tasks gets processed at these intervals. On busy servers, thisoverhead is diminished, since polled events triggers morefrequently.However, increasing
the setting can also introduce additional latency forcertain operations, and timed events. It’s recommended not to touch thissetting unless your CPU usage is unacceptable at idle workload. Somealternatives to this could be:
Reduce the number of worker threads (net-threads) Reduce the number of disk (AIO) threads Make sure accept threads are enabled
The relevant configurations for this are:
CONFIG proxy.config.exec_thread.autoconfig INT 0 CONFIG proxy.config.exec_thread.limit INT 2 CONFIG proxy.config.accept_threads INT 1 CONFIG proxy.config.cache.threads_per_disk INT 8
proxy.config.task_threads¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 2 |
proxy.config.allocator.thread_freelist_size¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 512 |
proxy.config.allocator.thread_freelist_low_watermark¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 32 |
proxy.config.http.enabled¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 1 |
Next
Previous
© Copyright 2014, dev@trafficserver.apache.org.
Built with Sphinx using a
theme provided by Read the Docs.
相关文章推荐
- ApacheHttpServer修改httpd.conf配置文件
- Apache Server 2.2 多站点域名转向配置文件
- Apache Traffic Server配置cluster服务
- Android官方开发文档Training系列课程中文版:分享文件之配置文件共享
- 图解修改IIS web.config配置文件增设置默认文档的方法
- MyBatis 官方文档学习3---XML 映射配置文件
- Apache Server 的httpd.conf文件注释及配置指导
- Apache最新官方配置文件中文版说明
- Tomcat服务器配置文件server.xml的配置解析及Context的配置(网上文档的学习整理)
- Apache Server 的httpd.conf文件注释及配置指导
- Cassandra 3.x官方文档_cassandra.yaml配置文件
- cmd命令行查看configServer中的配置文件
- Nginx 官方文档翻译 - nginx的配置文件管理
- log4j.properties文件配置--官方文档
- Photon 4.0 PhotonServer.config 和 log4net.config 新建项目配置文件
- trafficserver records.config参数说明
- smartfoxserver中配置文件config.xml的使用技巧及其说明
- ATS缓存配置(Apache Traffic Server 学习笔记 2)——持续更新
- Apache server configuration file(Apache 服务器配置文件)
- Apache Server的httpd.conf文件注释及配置指导