Apache traffic server 配置文件records.config的官方文档
来源:互联网 发布:淘宝客佣金链接 编辑:程序博客网 时间:2024/06/08 07:23
records.config¶
The records.config file (by default, located in/usr/local/etc/trafficserver/) is a list of configurable variables used bythe Traffic Server software. Many of the variables in therecords.config file are set automatically when you set configurationoptions in Traffic Line. After you modify therecords.config file,run the command traffic_line-x to apply the changes.When you apply changes to one node in a cluster, Traffic Serverautomatically applies the changes to all other nodes in the cluster.
Format¶
Each variable has the following format:
SCOPE variable_name DATATYPE variable_valuewhere
SCOPE is related to clustering and is eitherCONFIG (all members ofthe cluster) orLOCAL (only the local machine)
DATATYPE is one ofINT (integer), STRING (string), FLOAT(floating point).:A variable marked asDeprecated is still functional but should be avoidedas it may be removed in a future release without warning.
A variable marked as Reloadable can be updated via the command:
traffic_line -xINT type configurations are expressed as any normal integer,e.g.32768. They can also be expressed using more human readable valuesusing standard prefixes, e.g.32K. The following prefixes are supportedfor all INT type configurations
KKilobytes (1024 bytes)MMegabytes (1024^2 or 1,048,576 bytes)GGigabytes (1024^3 or 1,073,741,824 bytes)TTerabytes (1024^4 or 1,099,511,627,776 bytes)
Note
Traffic Server currently writes back configurations to disk periodically,and when doing so, will not preserve the prefixes.
Examples¶
In the following example, the variable proxy.config.proxy_name isa STRING datatype with the valuemy_server. This means that thename of the Traffic Server proxy ismy_server.
CONFIG proxy.config.proxy_name STRING my_serverIf the server name should be that_server the line would be
CONFIG proxy.config.proxy_name STRING that_serverIn the following example, the variable proxy.config.arm.enabled isa yes/no flag. A value of0 (zero) disables the option; a value of1 enables the option.
CONFIG proxy.config.arm.enabled INT 0In the following example, the variable sets the cluster startup timeoutto 10 seconds.
CONFIG proxy.config.cluster.startup_timeout INT 10The last examples configures a 64GB RAM cache, using a human readableprefix.
CONFIG proxy.config.cache.ram_cache.size INT 64GEnvironment Overrides¶
Every records.config configuration variable can be overriddenby a corresponding environment variable. This can be useful insituations where you need a staticrecords.config but stillwant to tweak one or two settings. The override variable is formedby converting therecords.config variable name to uppercase, and replacing any dot separators with an underscore.
Overriding a variable from the environment is permanent and willnot be affected by future configuration changes made inrecords.config or applied with traffic_line.
For example, we could override the proxy.config.product_company variablelike this:
$ PROXY_CONFIG_PRODUCT_COMPANY=example traffic_cop &$ traffic_line -r proxy.config.product_companyConfiguration Variables¶
The following list describes the configuration variables available inthe records.config file.
System Variables¶
proxy.config.product_company¶
The name of the organization developing Traffic Server.
proxy.config.product_vendor¶
The name of the vendor providing Traffic Server.
proxy.config.product_name¶
The name of the product.
proxy.config.proxy_name¶
The name of the Traffic Server node.
proxy.config.bin_path¶
The location of the Traffic Server bin directory.
proxy.config.proxy_binary¶
The name of the executable that runs the traffic_server process.
proxy.config.proxy_binary_opts¶
The command-line options for starting Traffic Server.
proxy.config.manager_binary¶
The name of the executable that runs the traffic_manager process.
proxy.config.env_prep¶
The script executed before the traffic_manager process spawnsthetraffic_server process.
proxy.config.config_dir¶
The directory that contains Traffic Server configuration files.This is a read-only configuration option that contains theSYSCONFDIR value specified at build time relative to theinstallation prefix. The $TS_ROOT environment variable canbe used alter the installation prefix at run time.
proxy.config.syslog_facility¶
The facility used to record system log files. Refer to Understanding Traffic Server Log Files.
proxy.config.cop.core_signal¶
The signal sent to traffic_cop‘s managed processes to stop them.
A value of 0 means no signal will be sent.
proxy.config.cop.linux_min_memfree_kb¶
The minimum amount of free memory space allowed before Traffic Server stopsthetraffic_server and traffic_manager processes toprevent the system from hanging.
proxy.config.cop.linux_min_swapfree_kb¶
The minimum amount of free swap space allowed before Traffic Server stopsthe traffic_server and traffic_manager processes toprevent the system from hanging. This configuration variable applies ifswap is enabled in Linux 2.2 only.
proxy.config.cop.init_sleep_time¶
The minimum amount of addtional duration allowed before Traffic Server detectsthat thetraffic_server is not responsive and attempts a restartduring startup. This configuration variable allows Traffic Server a longer inittime to load potentially large configuration files such as remap config. Note thatthis applies only during startup of Traffic Server and does not apply to the runtime heartbeat checking.
proxy.config.output.logfile¶
The name and location of the file that contains warnings, status messages, and error messages produced by the Traffic Serverprocesses. If no path is specified, then Traffic Server creates the file in its logging directory.
proxy.config.snapshot_dir¶
The directory in which Traffic Server stores configurationsnapshots on the local system. Unless you specify an absolutepath, this directory is located in the Traffic ServerSYSCONFDIRdirectory.
proxy.config.exec_thread.autoconfig¶
When enabled (the default, 1), Traffic Server scales threads according to the available CPU cores. See the config option below.
proxy.config.exec_thread.autoconfig.scale¶
Factor by which Traffic Server scales the number of threads. The multiplier is usually the number of available CPU cores. By defaultthis is scaling factor is1.5.
proxy.config.exec_thread.limit¶
The number of threads Traffic Server will create if proxy.config.exec_thread.autoconfig is set to0, otherwise this option is ignored.
proxy.config.accept_threads¶
When enabled (1), runs a separate thread for accept processing. If disabled (0), then only 1 thread can be created.
proxy.config.thread.default.stacksize¶
The new default thread stack size, for all threads. The original default is set at 1 MB.
proxy.config.exec_thread.affinity¶
Bind threads to specific processing units.
Note
This option only has an affect when Traffic Server has been compiled with--enable-hwloc.
proxy.config.system.file_max_pct¶
Set the maximum number of file handles for the traffic_server process as a percentage of the the fs.file-max proc value in Linux. The default is 90%.
proxy.config.crash_log_helper¶
This option directs traffic_server to spawn a crashlog helper at startup. The value should be the path to anexecutable program. If the path is not absolute, it is locatedrelative to configuredbin directory. Any user-providedprogram specified here must behave in a fashion compatible withtraffic_crashlog. Specifically, it must implementthetraffic_crashlog--wait behavior.
This setting not reloadable because the helper must be spawnedbeforetraffic_server drops privilege. If this variableis set toNULL, no helper will be spawned.
proxy.config.restart.active_client_threshold¶
This setting specifies the number of active client connectionsfor use by traffic_line--drain.
Network¶
proxy.config.net.connections_throttle¶
The total number of client and origin server connections that the servercan handle simultaneously. This is in fact the max number of filedescriptors that thetraffic_server process can have open at anygiven time. Roughly 10% of these connections are reserved for origin serverconnections, i.e. from the default, only ~9,000 client connections can behandled. This should be tuned according to your memory size, and expectedwork load.
proxy.config.net.default_inactivity_timeout¶
The connection inactivity timeout (in seconds) to apply whenTraffic Server detects that no inactivity timeout has been appliedby the HTTP state machine. When this timeout is applied, theproxy.process.net.default_inactivity_timeout_applied metricis incremented.
proxy.config.net.inactivity_check_frequency¶
How frequent (in seconds) to check for inactive connections. If you dealwith a lot of concurrent connections, increasing this setting can reducepressure on the system.
proxy.local.incoming_ip_to_bind¶
Controls the global default IP addresses to which to bind proxy server ports. The value is a space separated list of IP addresses, one per supported IP address family (currently IPv4 and IPv6).
Unless explicitly specified in proxy.config.http.server_ports the server port will be bound to one of these addresses, selected by IP address family. The built in default is any address. This is used if no address for a family is specified. This setting is useful if most or all server ports should be bound to the same address.
Note
This is ignored for inbound transparent server ports because they must be able to accept connections on arbitrary IP addresses.
Example
Set the global default for IPv4 to 192.168.101.18 and leave the global default for IPv6 as any address.:
LOCAL proxy.local.incoming_ip_to_bind STRING 192.168.101.18Example
Set the global default for IPv4 to 191.68.101.18 and the global default for IPv6 tofc07:192:168:101::17.:
LOCAL proxy.local.incoming_ip_to_bind STRING 192.168.101.18 [fc07:192:168:101::17]proxy.local.outgoing_ip_to_bind¶
This controls the global default for the local IP address for outbound connections to origin servers. The value is a list of space separated IP addresses, one per supported IP address family (currently IPv4 and IPv6).
Unless explicitly specified in proxy.config.http.server_ports one of these addresses, selected by IP address family, will be used as the local address for outbound connections. This setting is useful if most or all of the server ports should use the same outbound IP addresses.
Note
This is ignored for outbound transparent ports as the local outbound address will be the same as the client local address.
Example
Set the default local outbound IP address for IPv4 connections to 192.168.101.18.:
LOCAL proxy.local.outgoing_ip_to_bind STRING 192.168.101.18Example
Set the default local outbound IP address to 192.168.101.17 for IPv4 andfc07:192:168:101::17 for IPv6.:
LOCAL proxy.local.outgoing_ip_to_bind STRING 192.168.101.17 [fc07:192:168:101::17]Cluster¶
proxy.local.cluster.type¶
Sets the clustering mode:
proxy.config.cluster.ethernet_interface¶
The network interface to be used for cluster communication. This has to beidentical on all members of a clsuter. ToDo: Is that reasonable ?? Shouldthis be local”
proxy.config.cluster.rsport¶
The reliable service port. The reliable service port is used to send configuration information between the nodes in a cluster. All nodesin a cluster must use the same reliable service port.
proxy.config.cluster.threads¶
The number of threads for cluster communication. On heavy cluster, the number should be adjusted. It is recommend that take the threadCPU usage as a reference when adjusting.
proxy.config.clustger.ethernet_interface¶
Set the interface to use for cluster communications.
proxy.config.http.cache.cluster_cache_local¶
This turns on the local caching of objects in cluster mode. The point ofthis is to allow for popular orhot content to be cached on all nodesin a cluster. Be aware that the primary way to configure this behavior isvia thecache.config configuration file usingaction=cluster-cache-local directives.
This particular records.config configuration can be controlled pertransaction or per remap rule. As such, it augments thecache.config directives, since you can turn on the local cachingfeature without complex regular expression matching.
This implies that turning this on in your global records.config isalmost never what you want; instead, you want to use this either viae.g.conf_remap.so overrides for a certain remap rule, or through acustom plugin using the appropriate APIs.
Local Manager¶
proxy.config.lm.sem_id¶
The semaphore ID for the local manager.
proxy.config.admin.autoconf_port¶
The autoconfiguration port.
proxy.config.admin.number_config_bak¶
The maximum number of copies of rolled configuration files to keep.
proxy.config.admin.user_id¶
Option used to specify who to run the traffic_server process as; also used to specify ownership of config and log files.
The nonprivileged user account designated to Traffic Server.
As of version 2.1.1 if the user_id is prefixed with pound character (#) the remaining of the string is considered to beanumeric user identifier. If the value is set to #-1 TrafficServer will not change the user during startup.
Setting user_id toroot or #0 is now forbidden toincrease security. Trying to do so, will cause thetraffic_server fatal failure. However there are two ways tobypass that restriction
- Specify
-DBIG_SECURITY_HOLEinCXXFLAGSduring compilation. - Set the
user_id=#-1and start trafficserver as root.
proxy.config.admin.api.restricted¶
This setting specifies whether the management API should be restrictedto root processes. If this is set to0, then on platforms thatsupport passing process credentials, non-root processes will beallowed to make read-only management API calls. Any management APIcalls that modify server state (eg. setting a configuration variable)will still be restricted to root processes.
This setting is not reloadable, since it is must be applied whenprogram:traffic_manager initializes.
Note
In Traffic Server 6.0, the default value ofproxy.config.admin.api.restricted will be changed to 0.
Process Manager¶
proxy.config.process_manager.mgmt_port¶
The port used for internal communication between the traffic_manager andtraffic_server processes.
Alarm Configuration¶
proxy.config.alarm_email¶
The address to which the alarm script should send email.
proxy.config.alarm.bin¶
Name of the script file that can execute certain actions whenan alarm is signaled. The script is invoked with up to 4 arguments:
- the alarm message
- the value of
proxy.config.product_name- the value of
proxy.config.admin.user_id- the value of
proxy.config.alarm_email
proxy.config.alarm.abs_path¶
The absolute path to the directory containing the alarm script.If this is not set, the script will be located relative toproxy.config.bin_path.
proxy.config.alarm.script_runtime¶
The number of seconds that Traffic Server allows the alarm scriptto run before aborting it.
HTTP Engine¶
proxy.config.http.server_ports¶
Ports used for proxying HTTP traffic.
This is a list, separated by space or comma, of port descriptors. Each descriptor is a sequence of keywords and values separated by colons. Not all keywords have values, those that do are specifically noted. Keywords with values can have an optional ‘=’ character separating the keyword and value. The case of keywords is ignored. The order of keywords is irrelevant but unspecified results may occur if incompatible options are used (noted below). Options without values are idempotent. Options with values use the last (right most) value specified, except for ip-out as detailed later.
Quick reference chart.
CONNECT) port.compressN/ICompressed. Not implemented.ipv4DefaultBind to IPv4 address family.ipv6 Bind to IPv6 address family.ip-inValueLocal inbound IP address.ip-outValueLocal outbound IP address.ip-resolveValueIP address resolution style.protoValueList of supported session protocols.ssl SSL terminated.tr-full Fully transparent (inbound and outbound)tr-in Inbound transparent.tr-out Outbound transparent.tr-pass Pass through enabled.- number
- Local IP port to bind. This is the port to which ATS clients will connect.
- blind
Accept only the
CONNECTmethod on this port.Not compatible with:
tr-in,ssl.- compress
- Compress the connection. Retained only by inertia, should be considered “not implemented”.
- ipv4
- Use IPv4. This is the default and is included primarily for completeness. This forced if the
ip-inoption is used with an IPv4 address. - ipv6
- Use IPv6. This is forced if the
ip-inoption is used with an IPv6 address. - ssl
Require SSL termination for inbound connections. SSL must be configured for this option to provide a functional server port.
Not compatible with:
blind.- proto
- Specify the session level protocols supported. These should beseparated by semi-colons. For TLS proxy ports the default value isall available protocols. For non-TLS proxy ports the default is HTTPonly. SPDY can be enabled on non-TLS proxy ports but that must be done explicitly.
- tr-full
Fully transparent. This is a convenience option and is identical to specifying both
tr-inandtr-out.Not compatible with: Any option not compatible with
tr-inortr-out.- tr-in
Inbound transparent. The proxy port will accept connections to any IP address on the port. To have IPv6 inbound transparent you must use this and the
ipv6option. This overridesproxy.local.incoming_ip_to_bindfor this port.Not compatible with:
ip-in,blind- tr-out
Outbound transparent. If ATS connects to an origin server for a transaction on this port, it will use the client’s address as its local address. This overrides
proxy.local.outgoing_ip_to_bindfor this port.Not compatible with:
ip-out,ip-resolve- tr-pass
- Transparent pass through. This option is useful only for inbound transparent proxy ports. If the parsing of the expected HTTP header fails, then the transaction is switched to a blind tunnel instead of generating an error response to the client. It effectively enables
proxy.config.http.use_client_target_addrfor the transaction as there is no other place to obtain the origin server address. - ip-in
Set the local IP address for the port. This is the address to which clients will connect. This forces the IP address family for the port. The
ipv4oripv6can be used but it is optional and is an error for it to disagree with the IP address family of this value. An IPv6 addressmust be enclosed in square brackets. If this option is omittedproxy.local.incoming_ip_to_bindis used.Not compatible with:
tr-in.- ip-out
Set the local IP address for outbound connections. This is the address used by ATS locally when it connects to an origin server for transactions on this port. If this is omitted
proxy.local.outgoing_ip_to_bindis used.This option can used multiple times, once for each IP address family. The address used is selected by the IP address family of the origin server address.
Not compatible with:
tr-out.- ip-resolve
Set the
host resolution stylefor transactions on this proxy port.Not compatible with:
tr-out- this option requires a value ofclient;nonewhich is forced and should not be explicitly specified.
Example
Listen on port 80 on any address for IPv4 and IPv6.:
80 80:ipv6Example
Listen transparently on any IPv4 address on port 8080, andtransparently on port 8080 on local addressfc01:10:10:1::1(which impliesipv6).:
IPv4:tr-FULL:8080 TR-full:IP-in=[fc02:10:10:1::1]:8080Example
Listen on port 8080 for IPv6, fully transparent. Set up an SSL port on 443. These ports will use the IP address fromproxy.local.incoming_ip_to_bind. Listen on IP address192.168.17.1, port 80, IPv4, and connect to origin servers using the local address10.10.10.1 for IPv4 andfc01:10:10:1::1 for IPv6.:
8080:ipv6:tr-full 443:ssl ip-in=192.168.17.1:80:ip-out=[fc01:10:10:1::1]:ip-out=10.10.10.1Example
Listen on port 9090 for TSL enabled SPDY or HTTP connections, accept no other session protocols.:
9090:proto=spdy;http:sslproxy.config.http.connect_ports¶
The range of origin server ports that can be used for tunneling via CONNECT.
Traffic Server allows tunnels only to the specified ports.Supports both wildcards (‘*’) and ranges (“0-1023”).
Note
These are the ports on the origin server, not Traffic Serverproxy ports.
proxy.config.http.insert_request_via_str¶
Set how the Via field is handled on a request to the origin server.
Note
The Via header string can be decoded with theVia Decoder Ring.
proxy.config.http.insert_response_via_str¶
Set how the Via field is handled on the response to the client.
Note
The Via header string can be decoded with theVia Decoder Ring.
proxy.config.http.send_100_continue_response¶
You can specify one of the following:
0ATS buffer the request until the post body has been recieved and then send the request to origin.1immediately return a 100 Continue from ATS without waiting for the post body
proxy.config.http.response_server_enabled¶
You can specify one of the following:
0no Server: header is added to the response.1the Server: header is added (see string below).2the Server: header is added only if the response from origin does not have one already.
proxy.config.http.insert_age_in_response¶
This option specifies whether Traffic Server should insert anAge header in the response. The Age field value is the cache’sestimate of the amount of time since the response was generated or revalidated by the origin server.
0noAgeheader is added1theAgeheader is added
proxy.config.http.response_server_str¶
The Server: string that ATS will insert in a response header (if requested, see above). Note that the current version number isalways appended to this string.
proxy.config.http.enable_url_expandomatic¶
Enables (1) or disables (0).com domain expansion. This configures the Traffic Server to resolve unqualified hostnames byprepending withwww. and appending with.com before redirecting to the expanded address. For example: if a client makesa request tohost, then Traffic Server redirects the request towww.host.com.
proxy.config.http.chunking_enabled¶
Specifies whether Traffic Sever can generate a chunked response:
0Never1Always2Generate a chunked response if the server has returned HTTP/1.1 before3= Generate a chunked response if the client request is HTTP/1.1 and the origin server has returned HTTP/1.1 before
Note
If HTTP/1.1 is used, then Traffic Server can usekeep-alive connections with pipelining to origin servers. IfHTTP/0.9 is used, then Traffic Server does not usekeep-aliveconnections to origin servers. If HTTP/1.0 is used, then TrafficServer can usekeep-alive connections without pipelining toorigin servers.
proxy.config.http.send_http11_requests¶
Specifies when and how Traffic Sever uses HTTP/1.1 to communicate with the origin server
0Never1Always2If the server has returned HTTP/1.1 before3If the client request is HTTP/1.1 and the server has returned HTTP/1.1 before
Note
If proxy.config.http.use_client_target_addr is set to 1, options 2 and 3 cause the proxy to usethe client HTTP version for upstream requests.
Enables (1) or disables (0) the reuse of server sessions. Thedefault (2) is similar to enabled, except it creates a server sessionpool per network thread. This has the best performance characteristics.Note that setting this parameter to (2) will not work correctly unlessthe dedicated SSL threads are disabled (proxy.config.ssl.number.threadsis set to (-1)).
proxy.config.http.auth_server_session_private¶
If enabled (1) anytime a request contains a (Authorization), (Proxy-Authorization)or (Www-Authenticate) header the connection will be closed and not reused. This marksthe connection as private. When disabled (0) the connection will be available for reuse.
proxy.config.http.server_session_sharing.match¶
Enable and set the ability to re-use server connections across client connections. The valid values are
- none
- Do not match, do not re-use server sessions.
- ip
- Re-use server sessions, check only that the IP address and port of the origin server matches.
- host
- Re-use server sessions, check only that the fully qualified domain name matches.
- both
- Re-use server sessions, but only if the IP address and fully qualified domain name match.
It is strongly recommended to use either none orboth for this value unless you have a specific need to use iporhost. The most common reason is virtual hosts that share an IP address in which case performance can be enhancedif those sessions can be re-used. However, not all web servers support requests for different virtual hosts on thesame connection so use with caution.
proxy.config.http.server_session_sharing.pool¶
Control the scope of server session re-use if it is enabled byproxy.config.http.server_session_sharing.match. The valid values are
- global
- Re-use sessions from a global pool of all server sessions.
- thread
- Re-use sessions from a per-thread pool.
proxy.config.http.attach_server_session_to_client¶
Control the re-use of an server session by a user agent (client) session.
If a user agent performs more than one HTTP transaction on its connection to Traffic Server a server session must beobtained for the second (and subsequent) transaction as for the first. This settings affects how that server sessionis selected.
If this setting is 0 then after the first transaction the server session for that transaction is released to theserver pool (if any). When a server session is needed for subsequent transactions one is selected from the serverpool or created if there is no suitable server session in the pool.
If this setting is not 0 then the current server session for the user agent session is “sticky”. It will bepreferred to any other server session (either from the pool or newly created). The server session will be detachedfrom the user agent session only if it cannot be used for the transaction. This is determined by theproxy.config.http.server_session_sharing.match value. If the server session matches the next transactionaccording to this setting then it will be used, otherwise it will be released to the pool and a different sessionselected or created.
proxy.config.http.record_heartbeat¶
Enables (1) or disables (0)traffic_cop heartbeat logging.
proxy.config.http.use_client_target_addr¶
For fully transparent ports use the same origin server address as the client.
This option causes Traffic Server to avoid where possible doing DNSlookups in forward transparent proxy mode. The option is onlyeffective if the following three conditions are true -
- Traffic Server is in forward proxy mode.
- The proxy port is inbound transparent.
- The target URL has not been modified by either remapping or a plugin.
If any of these conditions are not true, then normal DNS processingis done for the connection.
There are three valid values.* 0 - Disables the feature.* 1 - Enables the feature with address verification. The Proxy does theregular DNS processing. If the client-specified origin address is not in theset of addresses found by the Proxy, the request continues to the clientspecified address, but the result is not cached.* 2 - Enables the feature with no address verification. No DNS processingis performed. The result is cached (if allowed otherwise). This option isvulnerable to cache poisoning if an incorrect Host header is specified, sothis option should be used with extreme caution. See bug TS-2954 fordetails.
If all of these conditions are met, then the origin server IPaddress is retrieved from the original client connection, ratherthan through HostDB or DNS lookup. In effect, client DNS resolutionis used instead of Traffic Server DNS.
This can be used to be a little more efficient (looking up thetarget once by the client rather than by both the client and TrafficServer) but the primary use is when client DNS resolution can differfrom that of Traffic Server. Two known uses cases are:
- Embedded IP addresses in a protocol with DNS load sharing. Inthis case, even though Traffic Server and the client both makethe same request to the same DNS resolver chain, they may getdifferent origin server addresses. If the address is embedded inthe protocol then the overall exchange will fail. One currentexample is Microsoft Windows update, which presumably embeds theaddress as a security measure.
- The client has access to local DNS zone information which is notavailable to Traffic Server. There are corporate nets with localDNS information for internal servers which, by design, is notpropagated outside the core corporate network. Depending anetwork topology it can be the case that Traffic Server canaccess the servers by IP address but cannot resolve suchaddresses by name. In such as case the client supplied targetaddress must be used.
This solution must be considered interim. In the longer term, itshould be possible to arrange for much finer grained control of DNSlookup so that wildcard domain can be set to use Traffic Server orclient resolution. In both known use cases, marking specific domainsas client determined (rather than a single global switch) wouldsuffice. It is possible to do this crudely with this flag byenabling it and then use identity URL mappings to re-disable it forspecific domains.
proxy.config.http.keep_alive_enabled_in¶
Enables (1) or disables (0) incoming keep-alive connections.
proxy.config.http.keep_alive_enabled_out¶
Enables (1) or disables (0) outgoing keep-alive connections.
Note
Enabling keep-alive does not automatically enable purging of keep-aliverequests when nearing the connection limit, that is controlled byproxy.config.http.server_max_connections.
proxy.config.http.keep_alive_post_out¶
Controls wether new POST requests re-use keep-alive sessions (1) orcreate new connections per request (0).
proxy.config.http.send_408_post_timeout_response¶
Controls wether POST timeout sends a HTTP status 408 response (1)
proxy.config.http.disallow_post_100_continue¶
Allows you to return a 405 Method Not Supported with Posts alsocontaining an Expect: 100-continue.
When a Post w/ Expect: 100-continue is blocked the statproxy.process.http.disallowed_post_100_continue will be incremented.
Parent Proxy Configuration¶
proxy.config.http.parent_proxy_routing_enable¶
Enables (1) or disables (0) the parent caching option. Refer toHierarchical Caching.
proxy.config.http.parent_proxy.retry_time¶
The amount of time allowed between connection retries to a parent cache that is unavailable.
proxy.config.http.parent_proxy.fail_threshold¶
The number of times the connection to the parent cache can fail before Traffic Server considers the parent unavailable.
proxy.config.http.parent_proxy.total_connect_attempts¶
The total number of connection attempts allowed to a parent cache before Traffic Server bypasses the parent or fails the request(depending on thego_direct option in theparent.config file).
proxy.config.http.parent_proxy.per_parent_connect_attempts¶
The total number of connection attempts allowed per parent, if multiple parents are used.
proxy.config.http.parent_proxy.connect_attempts_timeout¶
The timeout value (in seconds) for parent cache connection attempts.
proxy.config.http.forward.proxy_auth_to_parent¶
Configures Traffic Server to send proxy authentication headers on to the parent cache.
proxy.config.http.no_dns_just_forward_to_parent¶
Don’t try to resolve DNS, forward all DNS requests to the parent. This is off (0) by default.
HTTP Connection Timeouts¶
proxy.config.http.keep_alive_no_activity_timeout_in¶
Specifies how long Traffic Server keeps connections to clients open for asubsequent request after a transaction ends. A value of0 will disablethe no activity timeout.
proxy.config.http.keep_alive_no_activity_timeout_out¶
Specifies how long Traffic Server keeps connections to origin servers openfor a subsequent transfer of data after a transaction ends. A value of0 will disable the no activity timeout.
proxy.config.http.transaction_no_activity_timeout_in¶
Specifies how long Traffic Server keeps connections to clients open if a transaction stalls.
proxy.config.http.transaction_no_activity_timeout_out¶
Specifies how long Traffic Server keeps connections to origin servers open if the transaction stalls.
proxy.config.http.transaction_active_timeout_in¶
The maximum amount of time Traffic Server can remain connected to a client. If the transfer to the client is not complete before thistimeout expires, then Traffic Server closes the connection.
The value of 0 specifies that there is no timeout.
proxy.config.http.transaction_active_timeout_out¶
The maximum amount of time Traffic Server waits for fulfillment of a connection request to an origin server. If Traffic Server does notcomplete the transfer to the origin server before this timeout expires, then Traffic Server terminates the connection request.
The default value of 0 specifies that there is no timeout.
proxy.config.http.accept_no_activity_timeout¶
The timeout interval in seconds before Traffic Server closes a connection that has no activity.
proxy.config.http.background_fill_active_timeout¶
Specifies how long Traffic Server continues a background fill before giving up and dropping the origin server connection.
proxy.config.http.background_fill_completed_threshold¶
The proportion of total document size already transferred when a client aborts at which the proxy continues fetching the documentfrom the origin server to get it into the cache (abackground fill).
Origin Server Connect Attempts¶
proxy.config.http.connect_attempts_max_retries¶
The maximum number of connection retries Traffic Server can make when the origin server is not responding.Each retry attempt lasts forproxy.config.http.connect_attempts_timeout seconds. Once the maximum number of retries isreached, the origin is marked dead. After this, the settingproxy.config.http.connect_attempts_max_retries_dead_serveris used to limit the number of retry attempts to the known dead origin.
proxy.config.http.connect_attempts_max_retries_dead_server¶
Maximum number of connection retries Traffic Server can make while an origin is marked dead. Typically this value is smaller thanproxy.config.http.connect_attempts_max_retries so an error is returned to the client faster and also to reduce the load on the dead origin.The timeout intervalproxy.config.http.connect_attempts_timeout in seconds is used with this setting.
proxy.config.http.server_max_connections¶
Limits the number of socket connections across all origin servers to the value specified. To disable, set to zero (0).
Note
This value is used in determining when and if to prune active origin sessions. Without this value set connectionsto origins can consume all the way up to ts:cv:proxy.config.net.connections_throttle connections, which in turn canstarve incoming requests from available connections.
proxy.config.http.origin_max_connections¶
Limits the number of socket connections per origin server to the value specified. To enable, set to one (1).
proxy.config.http.origin_min_keep_alive_connections¶
As connection to an origin server are opened, keep at least ‘n’ number of connections open to that origin, even ifthe connection isn’t used for a long time period. Useful when the origin supports keep-alive, removing the timeneeded to set up a new connection fromthe next request at the expense of added (inactive) connections. To enable, set to one (1).
proxy.config.http.connect_attempts_rr_retries¶
The maximum number of failed connection attempts allowed before a round-robin entry is marked as ‘down’ if a serverhas round-robin DNS entries.
proxy.config.http.connect_attempts_timeout¶
The timeout value (in seconds) for time to first byte for an origin server connection.
proxy.config.http.post_connect_attempts_timeout¶
The timeout value (in seconds) for an origin server connection when the client request is aPOST or PUTrequest.
proxy.config.http.down_server.cache_time¶
Specifies how long (in seconds) Traffic Server remembers that an origin server was unreachable.
proxy.config.http.down_server.abort_threshold¶
The number of seconds before Traffic Server marks an origin server as unavailable after a client abandons a requestbecause the origin server was too slow in sending the response header.
proxy.config.http.uncacheable_requests_bypass_parent¶
When enabled (1), Traffic Server bypasses the parent proxy for a request that is not cacheable.
Congestion Control¶
proxy.config.http.congestion_control.enabled¶
Enables (1) or disables (0) the Congestion Control option, which configures Traffic Server to stop forwardingHTTP requests to origin servers when they become congested. Traffic Server sends the client a message to retry thecongested origin server later. Refer toUsing Congestion Control.
proxy.config.http.flow_control.enabled¶
Transaction buffering / flow control is enabled if this is set to a non-zero value. Otherwise no flow control is done.
proxy.config.http.flow_control.high_water¶
The high water mark for transaction buffer control. External source I/O is halted when the total buffer space in useby the transaction exceeds this value.
proxy.config.http.flow_control.low_water¶
The low water mark for transaction buffer control. External source I/O is resumed when the total buffer space in useby the transaction is no more than this value.
Negative Response Caching¶
proxy.config.http.negative_caching_enabled¶
When enabled (1), Traffic Server caches negative responses (such as404 NotFound) when a requested page doesnot exist. The next time a client requests the same page, Traffic Server serves the negative response directly fromcache. When disabled (0) Traffic Server will only cache the response if the response has Cache-Control headers.
Note
The following negative responses are cached by Traffic Server::
204 No Content305 Use Proxy400 Bad Request403 Forbidden404 Not Found405 Method Not Allowed500 Internal Server Error501 Not Implemented502 Bad Gateway503 Service Unavailable504 Gateway TimeoutThe cache lifetime for objects cached from this setting is controlled viaproxy.config.http.negative_caching_lifetime.
proxy.config.http.negative_caching_lifetime¶
How long (in seconds) Traffic Server keeps the negative responses valid in cache. This value only affects negativeresponses that do have explicitExpires: or Cache-Control: lifetimes set by the server.
Proxy User Variables¶
proxy.config.http.anonymize_remove_from¶
When enabled (1), Traffic Server removes theFrom header to protect the privacy of your users.
proxy.config.http.anonymize_remove_referer¶
When enabled (1), Traffic Server removes theReferrer header to protect the privacy of your site and users.
proxy.config.http.anonymize_remove_user_agent¶
When enabled (1), Traffic Server removes theUser-agent header to protect the privacy of your site and users.
proxy.config.http.anonymize_remove_cookie¶
When enabled (1), Traffic Server removes theCookie header to protect the privacy of your site and users.
proxy.config.http.anonymize_remove_client_ip¶
When enabled (1), Traffic Server removesClient-IP headers for more privacy.
proxy.config.http.anonymize_insert_client_ip¶
When enabled (1), Traffic Server insertsClient-IP headers to retain the client IP address.
proxy.config.http.anonymize_other_header_list¶
Comma separated list of headers Traffic Server should remove from outgoing requests.
proxy.config.http.insert_squid_x_forwarded_for¶
When enabled (1), Traffic Server adds the client IP address to theX-Forwarded-For header.
proxy.config.http.normalize_ae_gzip¶
Enable (1) to normalize allAccept-Encoding: headers to one of the following:
Accept-Encoding: gzip(if the header hasgziporx-gzipwith anyq) OR- blank (for any header that does not include
gzip)
This is useful for minimizing cached alternates of documents (e.g.gzip, deflate vs.deflate, gzip). Enabling this option isrecommended if your origin servers use no encodings other thangzip.
Security¶
proxy.config.http.push_method_enabled¶
Enables (1) or disables (0) the HTTPPUSH option, which allows you to deliver content directly to the cache without a userrequest.
Important
If you enable this option, then you must also specifya filtering rule in the ip_allow.config file to allow only certainmachines to push content into the cache.
proxy.config.http.max_post_size¶
This feature is disabled by default with a value of (0), any positivevalue will limit the size of post bodies. If a request is received with apost body larger than this limit the response will be terminated with413 - Request Entity Too Large and logged accordingly.
Cache Control¶
proxy.config.cache.enable_read_while_writer¶
Specifies when to enable the ability to read a cached object while anotherconnection is completing the write to cache for that same object. The goalhere is to avoid multiple origin connections for the same cacheable objectupon a cache miss. The possible values of this config are:
0= never read while writing1= always read while writing2= always read while writing, but allow non-cached Range requests through to the origin
The 2 option is useful to avoid delaying requests which can not easilybe satisfied by the partially written response.
Several other configuration values need to be set for this to beusable. SeeReducing Origin Server Requests.
proxy.config.cache.force_sector_size¶
Forces the use of a specific hardware sector size (512 - 8192 bytes).
proxy.config.http.cache.http¶
Enables (1) or disables (0) caching of HTTP requests.
proxy.config.http.cache.allow_empty_doc¶
Enables (1) or disables (0) caching objects that have an emptyresponse body. This is particularly useful for caching 301 or 302 responseswith a Location header but no document body. This only works if theorigin response also has aContent-Length header.
proxy.config.http.cache.ignore_client_no_cache¶
When enabled (1), Traffic Server ignores client requests to bypass the cache.
proxy.config.http.cache.ims_on_client_no_cache¶
When enabled (1), Traffic Server issues a conditional request to the origin server if an incoming request has aNo-Cache header.
proxy.config.http.cache.ignore_server_no_cache¶
When enabled (1), Traffic Server ignores origin server requests to bypass the cache.
proxy.config.http.cache.cache_responses_to_cookies¶
Specifies how cookies are cached:
0= do not cache any responses to cookies1= cache for any content-type2= cache only for image types3= cache for all but text content-types
proxy.config.http.cache.ignore_authentication¶
When enabled (1), Traffic Server ignoresWWW-Authentication headers in responsesWWW-Authentication headers are removed andnot cached.
proxy.config.http.cache.cache_urls_that_look_dynamic¶
Enables (1) or disables (0) caching of URLs that look dynamic, i.e.: URLs that end in``.asp`` or contain a questionmark (``?``), a semicolon (``;``), or``cgi``. For a full list, please refer toHttpTransact::url_looks_dynamic
proxy.config.http.cache.enable_default_vary_headers¶
Enables (1) or disables (0) caching of alternate versions of HTTP objects that do not contain theVary header.
proxy.config.http.cache.when_to_revalidate¶
Specifies when to revalidate content:
0= use cache directives or heuristic (the default value)1= stale if heuristic2= always stale (always revalidate)3= never stale4= use cache directives or heuristic (0) unless the requesthas an
If-Modified-Sinceheader
If the request contains the If-Modified-Since header, thenTraffic Server always revalidates the cached content and uses theclient’sIf-Modified-Since header for the proxy request.
proxy.config.http.cache.required_headers¶
The type of headers required in a request for the request to be cacheable.
0= no headers required to make document cacheable1= either theLast-Modifiedheader, or an explicit lifetime header,ExpiresorCache-Control: max-age, is required2= explicit lifetime is required,ExpiresorCache-Control: max-age
proxy.config.http.cache.max_stale_age¶
The maximum age allowed for a stale response before it cannot be cached.
proxy.config.http.cache.range.lookup¶
When enabled (1), Traffic Server looks up range requests in the cache.
proxy.config.http.cache.range.write¶
When enabled (1), Traffic Server will attempt to write (lock) the URLto cache. This is rarely useful (at the moment), since it’ll only be ableto write to cache if the origin has ignored theRange:` header. For a usecase where you know the origin will respond with a full (``200) response,you can turn this on to allow it to be cached.
proxy.config.http.cache.ignore_accept_mismatch¶
When enabled with a value of 1, Traffic Server serves documents from cache with aContent-Type: header even if it does not match theAccept: header of therequest. If set to2 (default), this logic only happens in the absence of aVary header in the cached response (which is the recommended and safe use).
Note
This option should only be enabled with 1 if you’re havingproblems with caching and you origin server doesn’t set theVaryheader. Alternatively, if the origin is incorrectly settingVary:Accept or doesn’t respond with 406 (Not Acceptable),you can also enable this configuration with a1.
proxy.config.http.cache.ignore_accept_language_mismatch¶
When enabled with a value of 1, Traffic Server serves documents from cache with aContent-Language: header even if it does not match theAccept-Language:header of the request. If set to2 (default), this logic only happens in the absence of aVary header in the cached response (which is the recommended and safe use).
Note
This option should only be enabled with 1 if you’re havingproblems with caching and you origin server doesn’t set theVaryheader. Alternatively, if the origin is incorrectly settingVary:Accept-Language or doesn’t respond with 406 (Not Acceptable),you can also enable this configuration with a1.
proxy.config.http.cache.ignore_accept_encoding_mismatch¶
When enabled with a value of 1, Traffic Server serves documents from cache with aContent-Encoding: header even if it does not match theAccept-Encoding:header of the request. If set to2 (default), this logic only happens in the absence of aVary header in the cached response (which is the recommended and safe use).
Note
This option should only be enabled with 1 if you’re havingproblems with caching and you origin server doesn’t set theVaryheader. Alternatively, if the origin is incorrectly settingVary:Accept-Encoding or doesn’t respond with 406 (Not Acceptable)you can also enable this configuration with a1.
proxy.config.http.cache.ignore_accept_charset_mismatch¶
When enabled with a value of 1, Traffic Server serves documents from cache with aContent-Type: header even if it does not match theAccept-Charset: headerof the request. If set to2 (default), this logic only happens in the absence of aVary header in the cached response (which is the recommended and safe use).
Note
This option should only be enabled with 1 if you’re havingproblems with caching and you origin server doesn’t set theVaryheader. Alternatively, if the origin is incorrectly settingVary:Accept-Charset or doesn’t respond with 406 (Not Acceptable),you can also enable this configuration with a1.
proxy.config.http.cache.ignore_client_cc_max_age¶
When enabled (1), Traffic Server ignores anyCache-Control:max-age headers from the client. This technically violates the HTTP RFC,but avoids a problem where a client can forcefully invalidate a cached object.
proxy.config.cache.max_doc_size¶
Specifies the maximum object size that will be cached. 0 is unlimited.
proxy.config.cache.permit.pinning¶
When enabled (1), Traffic Server will keep certain HTTP objects in the cache for a certain time as specified in cache.config.
proxy.config.cache.hit_evacuate_percent¶
The size of the region (as a percentage of the total content storage in acache stripe) in front of thewrite cursor that constitutes a recent access hit for evacutating the accessed object.
When an object is accessed it can be marked for evacuation, that is to be copied over the write cursor andthereby preserved from being overwritten. This is done if it is no more than a specific number of bytes in front ofthe write cursor. The number of bytes is a percentage of the total number of bytes of content storage in the cachestripe where the object is stored and that percentage is set by this variable.
By default, the feature is off (set to 0).
proxy.config.cache.hit_evacuate_size_limit¶
Limit the size of objects that are hit evacuated.
Objects larger than the limit are not hit evacuated. A value of 0 disables the limit.
proxy.config.cache.limits.http.max_alts¶
The maximum number of alternates that are allowed for any given URL.Disable by setting to 0.
proxy.config.cache.target_fragment_size¶
Sets the target size of a contiguous fragment of a file in the disk cache.When setting this, consider that larger numbers could waste memory on slowconnections, but smaller numbers could increase (waste) seeks.
RAM Cache¶
proxy.config.cache.ram_cache.size¶
By default the RAM cache size is automatically determined, based ondisk cache size; approximately 10 MB of RAM cache per GB of disk cache.Alternatively, it can be set to a fixed value such as20GB (21474836480)
proxy.config.cache.ram_cache_cutoff¶
Objects greater than this size will not be kept in the RAM cache.This should be set high enough to keep objects accessed frequentlyin memory in order to improve performance.4MB (4194304)
proxy.config.cache.ram_cache.algorithm¶
Two distinct RAM caches are supported, the default (0) being the CLFUS(Clocked Least Frequently Used by Size). As an alternative, a simplerLRU (Least Recently Used) cache is also available, by changing thisconfiguration to 1.
proxy.config.cache.ram_cache.use_seen_filter¶
Enabling this option will filter inserts into the RAM cache to ensure thatthey have been seen at least once. For theLRU, this provides scanresistance. Note that CLFUS already requires that a document have historybefore it is inserted, so forCLFUS, setting this option means that adocument must be seen three times before it is added to the RAM cache.
proxy.config.cache.ram_cache.compress¶
The CLFUS RAM cache also supports an optional in-memory compression.This is not to be confused withContent-Encoding: gzip compression.The RAM cache compression is intended to try to save space in the RAM,and is not visible to the User-Agent (client).
Possible values are:
0= no compression1= fastlz (extremely fast, relatively low compression)2= libz (moderate speed, reasonable compression)3= liblzma (very slow, high compression)
Note
Compression runs on task threads. To use more cores for RAM cache compression, increaseproxy.config.task_threads.
Heuristic Expiration¶
proxy.config.http.cache.heuristic_min_lifetime¶
The minimum amount of time an HTTP object without an expiration date can remain fresh in the cache before isconsidered to be stale.
proxy.config.http.cache.heuristic_max_lifetime¶
The maximum amount of time an HTTP object without an expiration date can remain fresh in the cache before isconsidered to be stale.
proxy.config.http.cache.heuristic_lm_factor¶
The aging factor for freshness computations. Traffic Server stores an object for this percentage of the time thatelapsed since it last changed.
proxy.config.http.cache.fuzz.time¶
How often Traffic Server checks for an early refresh, during the period before the document stale time. The intervalspecified must be in seconds. SeeFuzzy Revalidation
proxy.config.http.cache.fuzz.probability¶
The probability that a refresh is made on a document during the specified fuzz time.
proxy.config.http.cache.fuzz.min_time¶
Handles requests with a TTL less than fuzz.time – it allows for different times to evaluate the probability of revalidation for small TTLs and big TTLs. Objects with small TTLs will start “rolling the revalidation dice” near the fuzz.min_time, while objects with large TTLs would start at fuzz.time. A logarithmic like function between determines the revalidation evaluation start time (which will be between fuzz.min_time and fuzz.time). As the object gets closer to expiring, the window start becomes more likely. By default this setting is not enabled, but should be enabled anytime you have objects with small TTLs. The default value is0.
Dynamic Content & Content Negotiation¶
proxy.config.http.cache.vary_default_text¶
The header on which Traffic Server varies for text documents.
For example: if you specify User-agent, then Traffic Server cachesall the different user-agent versions of documents it encounters.
proxy.config.http.cache.vary_default_images¶
The header on which Traffic Server varies for images.
proxy.config.http.cache.vary_default_other¶
The header on which Traffic Server varies for anything other than text and images.
proxy.config.http.cache.open_read_retry_time¶
The number of milliseconds a cacheable request will wait before requesting the object from cache if an equivalent request is in flight.
proxy.config.http.cache.max_open_read_retries¶
The number of times to attempt fetching an object from cache if there was an equivalent request in flight.
Customizable User Response Pages¶
proxy.config.body_factory.enable_customizations¶
Specifies whether customizable response pages are language specificor not:
1= enable customizable user response pages in the default directory only2= enable language-targeted user response pages
proxy.config.body_factory.enable_logging¶
Enables (1) or disables (0) logging for customizable response pages. When enabled, Traffic Server records a message inthe error log each time a customized response page is used or modified.
proxy.config.body_factory.template_sets_dir¶
The customizable response page default directory. If this is arelative path, Traffic Server resolves it relative to thePREFIX directory.
proxy.config.body_factory.response_suppression_mode¶
Specifies when Traffic Server suppresses generated response pages:
0= never suppress generated response pages1= always suppress generated response pages2= suppress response pages only for intercepted traffic
proxy.config.http_ui_enabled¶
Specifies which http UI endpoints to allow within remap.config:
0= disable all http UI endpoints1= enable only cache endpoints2= enable only stats endpoints3= enable all http UI endpoints
To enable any enpoint there needs to be an entry in remap.config whichspecifically enables it. Such a line would look like:
map / http://{stat}The following are the cache endpoints:
cache= UI to interact with the cache
The following are the stats endpoints:
cache-internal= statistics about cache evacuation and volumeshostdb= lookups against the hostdbhttp= HTTPSM details, this endpoint is also gated byproxy.config.http.enable_http_infonet= lookup and listing of open connectionsstat= list of all records.config options and metricstest= test callback page
proxy.config.http.enable_http_info¶
Enables (1) or disables (0) access to an endpoint withinproxy.config.http_ui_enabledwhich shows details about inflight transactions (HttpSM).
DNS¶
proxy.config.dns.search_default_domains¶
Enables (1) or disables (0) local domain expansion.
Traffic Server can attempt to resolve unqualified hostnames byexpanding to the local domain. For example if a client makes arequest to an unqualified host (host_x) and the Traffic Serverlocal domain is y.com , then Traffic Server will expand thehostname tohost_x.y.com.
proxy.config.dns.splitDNS.enabled¶
Enables (1) or disables (0) DNS server selection. When enabled, Traffic Server refers to thesplitdns.config file forthe selection specification. Refer toConfiguring DNS Server Selection (Split DNS).
proxy.config.dns.url_expansions¶
Specifies a list of hostname extensions that are automatically added to the hostname after a failed lookup. For example: if you wantTraffic Server to add the hostname extension .org, then specifyorg as the value for this variable (Traffic Server automaticallyadds the dot (.)).
Note
If the variable proxy.config.http.enable_url_expandomatic is set to1 (the default value), then you do not have toadd``www.`` and ``.com`` to this list because Traffic Server automatically tries www. and .com after trying the valuesyou’ve specified.
proxy.config.dns.resolv_conf¶
Allows to specify which resolv.conf file to use for finding resolvers. While the format of this file must be the same as thestandardresolv.conf file, this option allows an administrator to manage the set of resolvers in an external configuration file,without affecting how the rest of the operating system uses DNS.
proxy.config.dns.round_robin_nameservers¶
Enables (1) or disables (0) DNS server round-robin.
proxy.config.dns.nameservers¶
The DNS servers.
proxy.config.srv_enabled¶
Indicates whether to use SRV records for orgin server lookup.
proxy.config.dns.dedicated_thread¶
Create and dedicate a thread entirely for DNS processing. This is probablymost useful on system which do a significant number of DNS lookups,typically forward proxies. But even on other systems, it can avoid somecontention on the first worker thread (which otherwise takes on the burden ofall DNS lookups).
proxy.config.dns.validate_query_name¶
When enabled (1) provides additional resilience against DNS forgery (for instancein DNS Injection attacks), particularly in forward or transparent proxies, butrequires that the resolver populates the queries section of the response properly.
HostDB¶
proxy.config.hostdb.lookup_timeout¶
Time to wait for a DNS response in seconds.
proxy.config.hostdb.serve_stale_for¶
The number of seconds for which to use a stale NS record while initiating abackground fetch for the new data.
If not set then stale records are not served.
proxy.config.hostdb.storage_size¶
The amount of space (in bytes) used to store hostdb.The value of this variable must be increased if you increase the size of theproxy.config.hostdb.size variable.
proxy.config.hostdb.size¶
The maximum number of entries that can be stored in the database.
Note
For values above 200000, you must increaseproxy.config.hostdb.storage_size by at least 44 bytes per entry.
proxy.config.hostdb.ttl_mode¶
A host entry will eventually time out and be discarded. This variable controls how that time is calculated. A DNSrequest will return a TTL value and an internal value can be set withproxy.config.hostdb.timeout. Thisvariable determines which value will be used.
proxy.config.hostdb.timeout¶
Internal time to live value for host DB entries, in minutes.
See proxy.config.hostdb.ttl_mode for when this value is used.
proxy.config.hostdb.strict_round_robin¶
Set host resolution to use strict round robin.
When this and proxy.config.hostdb.timed_round_robin are both disabled (set to0), Traffic Server alwaysuses the same origin server for the same client, for as long as the origin server is available. Otherwise if this isset then IP address is rotated on every request. This setting takes precedence overproxy.config.hostdb.timed_round_robin.
proxy.config.hostdb.timed_round_robin¶
Set host resolution to use timed round robin.
When this and proxy.config.hostdb.strict_round_robin are both disabled (set to0), Traffic Server alwaysuses the same origin server for the same client, for as long as the origin server is available. Otherwise if this isset toN the IP address is rotated if more than N seconds have past since the first time thecurrent address was used.
proxy.config.hostdb.host_file.path¶
Set the file path for an external host file.
If this is set (non-empty) then the file is presumed to be a hosts file in the standardhost file format. It is read and the entries there added to the HostDB. The file is periodically checked for a more recent modification date in which case it is reloaded. The interval is set by the valueproxy.config.hostdb.host_file.interval.
While not technically reloadable, the value is read every time the file is to be checked so that if changed the newvalue will be used on the next check and the file will be treated as modified.
proxy.config.hostdb.host_file.interval¶
Set the file changed check timer for proxy.config.hostdb.host_file.path.
The file is checked every this many seconds to see if it has changed. If so the HostDB is updated with the new values in the file.
proxy.config.hostdb.ip_resolve¶
Set the host resolution style.
This is an ordered list of keywords separated by semicolons that specify how a host name is to be resolved to an IP address. The keywords are caseinsensitive.
The order of the keywords is critical. When a host name needs to be resolved it is resolved in same order as thekeywords. If a resolution fails, the next option in the list is tried. The keywordnone means to give up resolutionentirely. The keyword list has a maximum length of three keywords, more are never needed. By default there is animplicitipv4;ipv6 attached to the end of the string unless the keywordnone appears.
Example
Use the incoming client family, then try IPv4 and IPv6.
client;ipv4;ipv6Because of the implicit resolution this can also be expressed as just
clientExample
Resolve only to IPv4.
ipv4;noneExample
Resolve only to the same family as the client (do not permit cross family transactions).
client;noneThis value is a global default that can be overridden by proxy.config.http.server_ports.
Note
This style is used as a convenience for the administrator. During a resolution theresolution order will beone family, then possibly the other. This is determined by changingclient to ipv4 or ipv6 based on theclient IP address and then removing duplicates.
Important
This option has no effect on outbound transparent connections The local IP address used in the connection to theorigin server is determined by the client, which forces the IP address family of the address used for the originserver. In effect, outbound transparent connections always use a resolution style of “client”.
Logging Configuration¶
proxy.config.log.logging_enabled¶
Enables and disables event logging:
0= logging disabled1= log errors only2= log transactions only3= full logging (errors + transactions)
Refer to Working with Log Files.
proxy.config.log.max_secs_per_buffer¶
The maximum amount of time before data in the buffer is flushed to disk.
proxy.config.log.max_space_mb_for_logs¶
The amount of space allocated to the logging directory (in MB).
Note
All files in the logging directory contribute to the space used, even if they are not log files. In collation clientmode, if there is no local disk logging, orproxy.config.log.max_space_mb_for_orphan_logs is set to a highervalue thanproxy.config.log.max_space_mb_for_logs, TS will takeproxy.config.log.max_space_mb_for_orphan_logs for maximum allowed log space.
proxy.config.log.max_space_mb_for_orphan_logs¶
The amount of space allocated to the logging directory (in MB) if this node is acting as a collation client.
Note
When max_space_mb_for_orphan_logs is take as the maximum allowed log space in the logging system, the same rule applyto proxy.config.log.max_space_mb_for_logs also apply to proxy.config.log.max_space_mb_for_orphan_logs, ie: All filesin the logging directory contribute to the space used, even if they are not log files. you may need to consider thiswhen you enable full remote logging, and bump to the same size as proxy.config.log.max_space_mb_for_logs.
proxy.config.log.max_space_mb_headroom¶
The tolerance for the log space limit (in megabytes). If the variable proxy.config.log.auto_delete_rolled_files is set to1(enabled), then autodeletion of log files is triggered when the amount of free space available in the logging directory is less thanthe value specified here.
proxy.config.log.hostname¶
The hostname of the machine running Traffic Server.
proxy.config.log.logfile_dir¶
The path to the logging directory. This can be an absolute pathor a path relative to thePREFIX directory in which TrafficServer is installed.
Note
The directory you specify must already exist.
proxy.config.log.logfile_perm¶
The log file permissions. The standard UNIX file permissions are used (owner, group, other). Permissible values are:
- no permissionr read permission w write permission x execute permission
Permissions are subject to the umask settings for the Traffic Server process. This means that a umask setting of002 will not allowwrite permission for others, even if specified in the configuration file. Permissions for existing log files are not changed when theconfiguration is changed.
proxy.config.log.custom_logs_enabled¶
Enables (1) or disables (0) custom logging.
proxy.config.log.squid_log_enabled¶
Enables (1) or disables (0) thesquid log file format.
proxy.config.log.squid_log_is_ascii¶
The squid log file type:
1= ASCII0= binary
proxy.config.log.squid_log_name¶
The squid log filename.
proxy.config.log.squid_log_header¶
The squid log file header text.
proxy.config.log.common_log_enabled¶
Enables (1) or disables (0) theNetscape common log file format.
proxy.config.log.common_log_is_ascii¶
The Netscape common log file type:
1= ASCII0= binary
proxy.config.log.common_log_name¶
The Netscape common log filename.
proxy.config.log.common_log_header¶
The Netscape common log file header text.
proxy.config.log.extended_log_enabled¶
Enables (1) or disables (0) theNetscape extended log file format.
proxy.config.log.extended_log_is_ascii¶
The Netscape extended log file type:
1= ASCII0= binary
proxy.config.log.extended_log_name¶
The Netscape extended log filename.
proxy.config.log.extended_log_header¶
The Netscape extended log file header text.
proxy.config.log.extended2_log_enabled¶
Enables (1) or disables (0) theNetscape Extended-2 log fileformat.
proxy.config.log.extended2_log_is_ascii¶
The Netscape Extended-2 log file type:
1= ASCII0= binary
proxy.config.log.extended2_log_name¶
The Netscape Extended-2 log filename.
proxy.config.log.extended2_log_header¶
The Netscape Extended-2 log file header text.
proxy.config.log.separate_icp_logs¶
When enabled (1), configures Traffic Server to store ICP transactions in a separate log file.
0= separation is disabled, all ICP transactions are recorded in the same file as HTTP transactions1= all ICP transactions are recorded in a separate log file.-1= filter all ICP transactions from the default log files; ICP transactions are not logged anywhere.
proxy.config.log.separate_host_logs¶
When enabled (1), configures Traffic Server to create a separate log file for HTTP transactions for each origin server listed in thelog_hosts.config file. Refer to HTTP Host Log Splitting.
proxy.local.log.collation_mode¶
Set the log collation mode.
For information on sending XML-based custom formats to the collationserver, refer tologs_xml.config.
Note
Although Traffic Server supports traditional custom logging, you should use the more versatile XML-based custom formats.
proxy.config.log.collation_host¶
The hostname of the log collation server.
proxy.config.log.collation_port¶
The port used for communication between the collation server and client.
proxy.config.log.collation_secret¶
The password used to validate logging data and prevent the exchange of unauthorized information when a collation server is being used.
proxy.config.log.collation_host_tagged¶
When enabled (1), configures Traffic Server to include the hostname of the collation client that generated the log entry in each entry.
proxy.config.log.collation_retry_sec¶
The number of seconds between collation server connection retries.
proxy.config.log.rolling_enabled¶
Specifies how log files are rolled. You can specify the following values:
0= disables log file rolling1= enables log file rolling at specific intervals during the day (specified with theproxy.config.log.rolling_interval_sec andproxy.config.log.rolling_offset_hr variables)
2= enables log file rolling when log files reach a specific size (specified with theproxy.config.log.rolling_size_mb variable)3= enables log file rolling at specific intervals during the day or when log files reach a specific size (whichever occurs first)4= enables log file rolling at specific intervals during the day when log files reach a specific size (i.e., at a specifiedtime if the file is of the specified size)
proxy.config.log.rolling_interval_sec¶
The log file rolling interval, in seconds. The minimum value is60 (1 minute). The maximum, and default, value is 86400 seconds (one day).
Note
If you start Traffic Server within a few minutes of the next rolling time, then rolling might not occur until the next rolling time.
proxy.config.log.rolling_offset_hr¶
The file rolling offset hour. The hour of the day that starts the log rolling period.
proxy.config.log.rolling_size_mb¶
The size that log files must reach before rolling takes place.
proxy.config.log.auto_delete_rolled_files¶
Enables (1) or disables (0) automatic deletion of rolled files.
proxy.config.log.sampling_frequency¶
Configures Traffic Server to log only a sample of transactions rather than every transaction. You can specify the following values:
1= log every transaction2= log every second transaction3= log every third transaction and so on...
proxy.config.http.slow.log.threshold¶
If set to a non-zero value N then any connection that takes longer thanN milliseconds from accept tocompletion will cause its timing stats to be written to thedebugging log file. This is identifying data about the transaction and all of thetransactionmilestones.
Diagnostic Logging Configuration¶
proxy.config.diags.output.diag¶
proxy.config.diags.output.debug¶
proxy.config.diags.output.status¶
proxy.config.diags.output.note¶
proxy.config.diags.output.warning¶
proxy.config.diags.output.error¶
proxy.config.diags.output.fatal¶
proxy.config.diags.output.alert¶
proxy.config.diags.output.emergency¶
The diagnosic output configuration variables control where TrafficServer should log diagnostic output. Messages at each diagnostic levelcan be directed to any combination of diagnostic destinations.Valid diagnostic message destinations are:
- ‘O’ = Log to standard output
- ‘E’ = Log to standard error
- ‘S’ = Log to syslog
- ‘L’ = Log to diags.log
Example
To log debug diagnostics to both syslog and diags.log:
CONFIG proxy.config.diags.output.debug STRING SLproxy.config.diags.show_location¶
Annotates diagnostic messages with the source code location.
proxy.config.diags.debug.enabled¶
Enables logging for diagnostic messages whose log level is diag ordebug.
proxy.config.diags.debug.tags¶
Each Traffic Server diag and debug level message is annotatedwith a subsytem tag. This configuration contains a regularexpression that filters the messages based on the tag. Somecommonly used debug tags are:
Traffic Server plugins will typically log debug messages usingtheTSDebug()API, passing the plugin name as the debugtag.
Reverse Proxy¶
proxy.config.reverse_proxy.enabled¶
Enables (1) or disables (0) HTTP reverse proxy.
proxy.config.header.parse.no_host_url_redirect¶
The URL to which to redirect requests with no host headers (reverseproxy).
URL Remap Rules¶
proxy.config.url_remap.filename¶
Sets the name of the remap.config file.
proxy.config.url_remap.default_to_server_pac¶
Enables (1) or disables (0) requests for a PAC file on the proxyservice port (8080 by default) to be redirected to the PACport. For this type of redirection to work, the variableproxy.config.reverse_proxy.enabled must be set to1.
proxy.config.url_remap.default_to_server_pac_port¶
Sets the PAC port so that PAC requests made to the Traffic Serverproxy service port are redirected this port.-1 is the defaultsetting that sets the PAC port to the autoconfiguration port (thedefault autoconfiguration port is 8083). This variable can be usedtogether with theproxy.config.url_remap.default_to_server_pacvariable to get a PAC file from a different port. You must createand run a process that serves a PAC file on this port. For example:if you create a Perl script that listens on port 9000 and writes aPAC file in response to any request, then you can set this variableto 9000. Browsers that request the PAC file from a proxy serveron port 8080 will get the PAC file served by the Perl script.
proxy.config.url_remap.remap_required¶
Set this variable to 1 if you want Traffic Server to serverequests only from origin servers listed in the mapping rules of theremap.config file. If a request does not match, then the browserwill receive an error.
proxy.config.url_remap.pristine_host_hdr¶
Set this variable to 1 if you want to retain the client hostheader in a request during remapping.
SSL Termination¶
proxy.config.ssl.SSLv2¶
Enables (1) or disables (0) SSLv2. Please don’t enable it.
proxy.config.ssl.SSLv3¶
Enables (1) or disables (0) SSLv3.
proxy.config.ssl.TLSv1¶
Enables (1) or disables (0) TLSv1.
proxy.config.ssl.TLSv1_1¶
Enables (1) or disables (0) TLS v1.1. If not specified, enabled by default. [Requires OpenSSL v1.0.1 and higher]
proxy.config.ssl.TLSv1_2¶
Enables (1) or disables (0) TLS v1.2. If not specified, DISABLED by default. [Requires OpenSSL v1.0.1 and higher]
proxy.config.ssl.client.certification_level¶
Sets the client certification level:
0= no client certificates are required. Traffic Server doesnot verify client certificates during the SSL handshake. Accessto Traffic Server depends on Traffic Server configuration options(such as access control lists).
1= client certificates are optional. If a client has acertificate, then the certificate is validated. If the clientdoes not have a certificate, then the client is still allowedaccess to Traffic Server unless access is denied through otherTraffic Server configuration options.
2= client certificates are required. The client must beauthenticated during the SSL handshake. Clients without acertificate are not allowed to access Traffic Server.
proxy.config.ssl.number.threads¶
Sets the number of SSL threads to use, this defaults to 0 (autoconfigure).
0= autoconfigure, this will allow Traffic Server to determinethe appropriate number of threads-1= disable, this makes ET_NET threads behave like ET_SSL threadsNote: this does not disable SSL, it simply allows another thread poolto assist in SSL tasks without dedicated SSL threads.>0= Use a non-zero number of SSL threads
proxy.config.ssl.server.multicert.filename¶
The location of the ssl_multicert.config file, relativeto the Traffic Server configuration directory. In the followingexample, if the Traffic Server configuration directory is/etc/trafficserver, the Traffic Server SSL configuration fileand the corresponding certificates are located in/etc/trafficserver/ssl:
CONFIG proxy.config.ssl.server.multicert.filename STRING ssl/ssl_multicert.configCONFIG proxy.config.ssl.server.cert.path STRING etc/trafficserver/sslCONFIG proxy.config.ssl.server.private_key.path STRING etc/trafficserver/sslproxy.config.ssl.server.cert.path¶
The location of the SSL certificates and chains used for acceptingand validation new SSL sessions. If this is a relative path,it is appended to the Traffic Server installation PREFIX. Allcertificates and certificate chains listed inssl_multicert.config will be loaded relative to this path.
proxy.config.ssl.server.private_key.path¶
The location of the SSL certificate private keys. Change thisvariable only if the private key is not located in the SSLcertificate file. All private keys listed inssl_multicert.config will be loaded relative to thispath.
proxy.config.ssl.server.cert_chain.filename¶
The name of a file containing a global certificate chain thatshould be used with every server certificate. This file is onlyused if there are certificates defined inssl_multicert.config.Unless this is an absolute path, it is loaded relative to thepath specified byproxy.config.ssl.server.cert.path.
proxy.config.ssl.server.dhparams_file¶
The name of a file containing a set of Diffie-Hellman key exchangeparameters. If not specified, 2048-bit DH parameters fromRFC 5114 areused. These parameters are only used if a DHE (or EDH) cipher suite hasbeen selected.
proxy.config.ssl.CA.cert.path¶
The location of the certificate authority file that clientcertificates will be verified against.
proxy.config.ssl.CA.cert.filename¶
The filename of the certificate authority that client certificateswill be verified against.
proxy.config.ssl.server.ticket_key.filename¶
The location of the ssl_ticket.key file, relative to theproxy.config.ssl.server.cert.path directory.
proxy.config.ssl.max_record_size¶
This configuration specifies the maximum number of bytes to writeinto a SSL record when replying over a SSL session. In somecircumstances this setting can improve response latency by reducingbuffering at the SSL layer. This setting can have a value between 0and 16383 (max TLS record size).
The default of 0 means to always write all available data intoa single SSL record.
A value of -1 means TLS record size is dynamically determined. Thestrategy employed is to use small TLS records that fit into a singleTCP segment for the first ~1 MB of data, but, increase the record size to16 KB after that to optimize throughput. The record size is reset back toa single segment after ~1 second of inactivity and the record size rampingmechanism is repeated again.
proxy.config.ssl.session_cache¶
Enables the SSL Session Cache:- 0 = Disables the session cache entirely
1= Enables the session cache using OpenSSLs implementation.2= (default) Enables the session cache using Traffic Server’s implementation.This implentation should perform much better than the OpenSSLimplementation.
proxy.config.ssl.session_cache.timeout¶
This configuration specifies the lifetime of SSL session cacheentries in seconds. If it is0, then the SSL library will usea default value, typically 300 seconds. Note: This option has no affectwhen using the Traffic Server session cache (option2 inproxy.config.ssl.session_cache)
proxy.config.ssl.session_cache.auto_clear¶
This will set the OpenSSL auto clear flag. Auto clear is enabled bydefault with1 it can be disabled by changing this setting to0.
proxy.config.ssl.session_cache.size¶
This configuration specifies the maximum number of entriesthe SSL session cache may contain.
proxy.config.ssl.session_cache.num_buckets¶
This configuration specifies the number of buckets to use with theTraffic Server SSL session cache implementation. The TS implementationis a fixed size hash map where each bucket is protected by a mutex.
proxy.config.ssl.session_cache.skip_cache_on_bucket_contention¶
This configuration specifies the behavior of the Traffic Server SSL sessioncache implementation during lock contention on each bucket:
0= (default) Don’t skip session caching when bucket lock is contented.1= Don’t use the SSL session cache for this connection during lock contention.
proxy.config.ssl.hsts_max_age¶
This configuration specifies the max-age value that will be usedwhen adding the Strict-Transport-Security header. The value is in seconds.A value of0 will set the max-age value to0 and should remove theHSTS entry from the client. A value of-1 will disable this feature andnot set the header. This option is only used for HTTPS requests and theheader will not be set on HTTP requests.
proxy.config.ssl.hsts_include_subdomains¶
Enables (1) or disables (0) adding the includeSubdomain valueto the Strict-Transport-Security header. proxy.config.ssl.hsts_max_ageneeds to be set to a non -1 value for this configuration to take effect.
proxy.config.ssl.allow_client_renegotiation¶
This configuration specifies whether the client is able to initiaterenegotiation of the SSL connection. The default of0, meansthe client can’t initiate renegotiation.
proxy.config.ssl.cert.load_elevated¶
Enables (1) or disables (0) elevation of traffic_serverprivileges during loading of SSL certificates. By enabling this, SSLcertificate files’ access rights can be restricted to help reduce thevulnerability of certificates.
This feature requires Traffic Server to be built with POSIXcapabilities enabled.
ICP Configuration¶
proxy.config.icp.enabled¶
Sets ICP mode for hierarchical caching:
0= disables ICP1= allows Traffic Server to receive ICP queries only2= allows Traffic Server to send and receive ICP queries
Refer to <admin-icp-peering>.
proxy.config.icp.icp_interface¶
Specifies the network interface used for ICP traffic.
Note
The Traffic Server installation script detects yournetwork interface and sets this variable appropriately. If yoursystem has multiple network interfaces, check that this variablespecifies the correct interface.
proxy.config.icp.icp_port¶
Specifies the UDP port that you want to use for ICP messages.
proxy.config.icp.query_timeout¶
Specifies the timeout used for ICP queries.
HTTP/2 Configuration¶
proxy.config.http2.enabled¶
Enable the experimental HTTP/2 feature. This implements most of thespecifications, with the one big exception being server PUSH.
Note
This configuration will be eliminated for v6.0.0, where HTTP/2 isenabled by default and controlled via the ports configuration.
proxy.config.http2.max_concurrent_streams_in¶
The maximum number of concurrent streams per inbound connection.
Note
Reloading this value affects only new HTTP/2 connections, not theones already established.
proxy.config.http2.initial_window_size_in¶
The initial window size for inbound connections.
proxy.config.http2.max_frame_size¶
Indicates the size of the largest frame payload that the sender is willingto receive.
proxy.config.http2.header_table_size¶
The maximum size of the header compression table used to decode headerblocks.
proxy.config.http2.max_header_list_size¶
This advisory setting informs a peer of the maximum size of header listthat the sender is prepared to accept blocks. The default value, which isthe unsigned int maximum value in Traffic Server, implies unlimited size.
SPDY Configuration¶
proxy.config.spdy.accept_no_activity_timeout¶
How long a SPDY connection will be kept open after an accept without any streams created.
proxy.config.spdy.no_activity_timeout_in¶
How long a stream is kept open without activity.
proxy.config.spdy.initial_window_size_in¶
The initial window size for inbound connections.
proxy.config.spdy.max_concurrent_streams_in¶
The maximum number of concurrent streams per inbound connection.
Note
Reloading this value affects only new SPDY connections, not theones already established..
Scheduled Update Configuration¶
proxy.config.update.enabled¶
Enables (1) or disables (0) the Scheduled Update option.
proxy.config.update.force¶
Enables (1) or disables (0) a force immediate update. Whenenabled, Traffic Server overrides the scheduling expiration time forall scheduled update entries and initiates updates until this optionis disabled.
proxy.config.update.retry_count¶
Specifies the number of times Traffic Server can retry the scheduledupdate of a URL in the event of failure.
proxy.config.update.retry_interval¶
Specifies the delay (in seconds) between each scheduled update retryfor a URL in the event of failure.
proxy.config.update.concurrent_updates¶
Specifies the maximum simultaneous update requests allowed at anytime. This option prevents the scheduled update process fromoverburdening the host.
Plug-in Configuration¶
proxy.config.plugin.plugin_dir¶
Specifies the location of Traffic Server plugins.
proxy.config.remap.num_remap_threads¶
When this variable is set to 0, plugin remap callbacks areexecuted in line on network threads. If remap processing takessignificant time, this can be cause additional request latency.Setting this variable to causes remap processing to take placeon a dedicated thread pool, freeing the network threads to serviceadditional requests.
SOCKS Processor¶
proxy.config.socks.socks_needed¶
Enables (1) or disables (0) the SOCKS processor
proxy.config.socks.socks_version¶
Specifies the SOCKS version (4) or (5)
proxy.config.socks.socks_config_file¶
The socks_onfig file allows you to specify ranges of IP addressesthat will not be relayed to the SOCKS server. It can also be usedto configure AUTH information for SOCKSv5 servers.
proxy.config.socks.socks_timeout¶
The activity timeout value (in seconds) for SOCKS server connections.
proxy.config.socks.server_connect_timeout¶
The timeout value (in seconds) for SOCKS server connection attempts.
proxy.config.socks.per_server_connection_attempts¶
The total number of connection attempts allowed per SOCKS server,if multiple servers are used.
proxy.config.socks.connection_attempts¶
The total number of connection attempts allowed to a SOCKS serverTraffic Server bypasses the server or fails the request
proxy.config.socks.server_retry_timeout¶
The timeout value (in seconds) for SOCKS server connection retry attempts.
proxy.config.socks.default_servers¶
Default list of SOCKS servers and their ports.
proxy.config.socks.server_retry_time¶
The amount of time allowed between connection retries to a SOCKSserver that is unavailable.
proxy.config.socks.server_fail_threshold¶
The number of times the connection to the SOCKS server can failbefore Traffic Server considers the server unavailable.
proxy.config.socks.accept_enabled¶
Enables (1) or disables (0) the SOCKS proxy option. As a SOCKSproxy, Traffic Server receives SOCKS traffic (usually on port1080) and forwards all requests directly to the SOCKS server.
proxy.config.socks.accept_port¶
Specifies the port on which Traffic Server accepts SOCKS traffic.
proxy.config.socks.http_port¶
Specifies the port on which Traffic Server accepts HTTP proxy requestsover SOCKS connections..
Sockets¶
proxy.config.net.defer_accept¶
default: 1 meaningon all Platforms except Linux:45 seconds
This directive enables operating system specific optimizations for a listening socket.defer_accept holds a call toaccept(2)back until data has arrived. In Linux’ special case this is up to a maximum of 45 seconds.
proxy.config.net.sock_send_buffer_size_in¶
Sets the send buffer size for connections from the client to Traffic Server.
proxy.config.net.sock_recv_buffer_size_in¶
Sets the receive buffer size for connections from the client to Traffic Server.
proxy.config.net.sock_option_flag_in¶
Turns different options “on” for the socket handling client connections::
TCP_NODELAY (1)SO_KEEPALIVE (2)SO_LINGER (4) - with a timeout of 0 secondsNote
This is a bitmask and you need to decide what bits to set. Therefore,you must set the value to3 if you want to enable nodelay andkeepalive options above.
proxy.config.net.sock_send_buffer_size_out¶
Sets the send buffer size for connections from Traffic Server to the origin server.
proxy.config.net.sock_recv_buffer_size_out¶
Sets the receive buffer size for connections from Traffic Server tothe origin server.
proxy.config.net.sock_option_flag_out¶
Turns different options “on” for the origin server socket::
TCP_NODELAY (1)SO_KEEPALIVE (2)SO_LINGER (4) - with a timeout of 0 secondsNote
This is a bitmask and you need to decide what bits to set. Therefore,you must set the value to3 if you want to enable nodelay andkeepalive options above.
When SO_LINGER is enabled, the linger timeout time is setto 0. This is useful when Traffic Server and the origin serverare co-located and large numbers of sockets are retainedin the TIME_WAIT state.
proxy.config.net.sock_mss_in¶
Same as the command line option --accept_mss that sets the MSS for all incoming requests.
proxy.config.net.sock_packet_mark_in¶
Set the packet mark on traffic destined for the client(the packets that make up a client response).
See also
Traffic Shaping
proxy.config.net.sock_packet_mark_out¶
Set the packet mark on traffic destined for the origin(the packets that make up an origin request).
See also
Traffic Shaping
proxy.config.net.sock_packet_tos_in¶
Set the ToS/DiffServ Field on packets sent to the client(the packets that make up a client response).
See also
Traffic Shaping
proxy.config.net.sock_packet_tos_out¶
Set the ToS/DiffServ Field on packets sent to the origin(the packets that make up an origin request).
See also
Traffic Shaping
proxy.config.net.poll_timeout¶
Same as the command line option --poll_timeout, or -t, whichspecifies the timeout used for the polling mechanism used. This timeout isalways in milliseconds (ms). This is the timeout toepoll_wait() onLinux platforms, and tokevent() on BSD type OSs. The default value is10 on all platforms.
Changing this configuration can reduce CPU usage on an idle system, sinceperiodic tasks gets processed at these intervals. On busy servers, thisoverhead is diminished, since polled events triggers morefrequently.However, increasing the setting can also introduce additional latency forcertain operations, and timed events. It’s recommended not to touch thissetting unless your CPU usage is unacceptable at idle workload. Somealternatives to this could be:
Reduce the number of worker threads (net-threads)Reduce the number of disk (AIO) threadsMake sure accept threads are enabledThe relevant configurations for this are:
CONFIG proxy.config.exec_thread.autoconfig INT 0CONFIG proxy.config.exec_thread.limit INT 2CONFIG proxy.config.accept_threads INT 1CONFIG proxy.config.cache.threads_per_disk INT 8proxy.config.task_threads¶
Specifies the number of task threads to run. These threads are used forvarious tasks that should be off-loaded from the normal network threads.
proxy.config.allocator.thread_freelist_size¶
Sets the maximum number of elements that can be contained in a ProxyAllocator (per-thread)before returning the objects to the global pool
proxy.config.allocator.thread_freelist_low_watermark¶
Sets the minimum number of items a ProxyAllocator (per-thread) will guarantee to beholding at any one time.
proxy.config.http.enabled¶
Turn on or off support for HTTP proxying. This is rarely used, the oneexception being if you run Traffic Server with a protocol plugin, and wouldlike for it to not support HTTP requests at all.
© Copyright 2014, dev@trafficserver.apache.org.
- Apache traffic server 配置文件records.config的官方文档
- apache的官方文档
- Apache Traffic Server 简介
- Apache Traffic Server 安装
- Apache Traffic Server
- Apache Traffic Server 简介
- Apache Traffic Server 简介
- Apache Traffic Server 认知
- Apache Traffic Server 简介
- apache traffic server架构
- Apache Traffic Server 简介
- ATS (Apache Traffic Server) 配置
- Apache Traffic Server编译安装
- 整理的一些关于apache traffic server的FAQ条目
- records.config
- apache traffic server官网的几张图片
- Apache Traffic Server 4.2.1/5.3.2上的坑!
- traffic server中的cache.config字段总结
- IOC-->IOC+AOP-->热插拔的系统架构实现演化
- 【转】java多线程例子
- 斯坦福大学深度学习与自然语言处理第一讲:引言
- JavaScript数字转换为中文的方法
- 最大公约数与最小公倍数(C++)
- Apache traffic server 配置文件records.config的官方文档
- 线程局部存储实现
- ios、Android界面适配,欢迎大家一起补充,探讨
- MD5 Hash + Salt的密码存储方式实现
- 我的Android广告平台选择经历
- jquery中this与$(this)的用法区别.和于js中的this区别
- TWaver自动化设计平台Legolas —— 交互事件响应动作
- 正则表达式 \b \b的用法
- Hashmap
