.\" Man page generated from reStructuredText. . .TH "RECORDS.CONFIG" "5" "January 24, 2017" "7.0" "Apache Traffic Server" .SH NAME records.config \- the records.config file (by default, located in /usr/local/etc/trafficserver/) is a list of configurable variables used by the Traffic Server software. Many of the variables in records.config are set automatically when you set configuration options with traffic_ctl config set. After you modify records.config, run the command traffic_ctl config reload to apply the changes. When you apply changes to one node in a cluster, Traffic Server automatically applies the changes to all other nodes in the cluster . .nr rst2man-indent-level 0 . .de1 rstReportMargin \\$1 \\n[an-margin] level \\n[rst2man-indent-level] level margin: \\n[rst2man-indent\\n[rst2man-indent-level]] - \\n[rst2man-indent0] \\n[rst2man-indent1] \\n[rst2man-indent2] .. .de1 INDENT .\" .rstReportMargin pre: . RS \\$1 . nr rst2man-indent\\n[rst2man-indent-level] \\n[an-margin] . nr rst2man-indent-level +1 .\" .rstReportMargin post: .. .de UNINDENT . RE .\" indent \\n[an-margin] .\" old: \\n[rst2man-indent\\n[rst2man-indent-level]] .nr rst2man-indent-level -1 .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]] .in \\n[rst2man-indent\\n[rst2man-indent-level]]u .. .SH FORMAT .sp Each variable has the following format: .INDENT 0.0 .INDENT 3.5 .sp .nf .ft C SCOPE variable_name DATATYPE variable_value .ft P .fi .UNINDENT .UNINDENT .SS Scope .sp All variables are defined within a scope, which is related to clustering, and determines the level at which the variable is applied. The value for \fBSCOPE\fP must be one of: .TS center; |l|l|. _ T{ Scope T} T{ Description T} _ T{ \fBCONFIG\fP T} T{ All members of the cluster. T} _ T{ \fBLOCAL\fP T} T{ Only the local machine. T} _ .TE .SS Data Type .sp A variable\(aqs type is defined by the \fBDATATYPE\fP and must be one of: .TS center; |l|l|. _ T{ Type T} T{ Description T} _ T{ \fBFLOAT\fP T} T{ Floating point, expressed as a decimal number without units or exponents. T} _ T{ \fBINT\fP T} T{ Integers, expressed with or without unit prefixes (as described below). T} _ T{ \fBSTRING\fP T} T{ String of characters up to the first newline. No quoting necessary. T} _ .TE .SS Values .sp The \fIvariable_value\fP must conform to the variable\(aqs type. For \fBSTRING\fP, this is simply any character data until the first newline. .sp For integer (\fBINT\fP) variables, values are expressed as any normal integer, e.g. \fB32768\fP\&. They can also be expressed using more human readable values using standard unit prefixes, e.g. \fB32K\fP\&. The following prefixes are supported for all \fBINT\fP type configurations: .TS center; |l|l|l|. _ T{ Prefix T} T{ Description T} T{ Equivalent in Bytes T} _ T{ \fBK\fP T} T{ Kilobytes T} T{ 1,024 bytes T} _ T{ \fBM\fP T} T{ Megabytes T} T{ 1,048,576 bytes (1024\s-2\u2\d\s0) T} _ T{ \fBG\fP T} T{ Gigabytes T} T{ 1,073,741,824 bytes (1024\s-2\u3\d\s0) T} _ T{ \fBT\fP T} T{ Terabytes T} T{ 1,099,511,627,776 bytes (1024\s-2\u4\d\s0) T} _ .TE .sp \fBIMPORTANT:\fP .INDENT 0.0 .INDENT 3.5 Unless \fI\%proxy.config.disable_configuration_modification\fP is enabled, Traffic Server writes configurations back to disk periodically. When doing so, the unit prefixes are not preserved. .UNINDENT .UNINDENT .sp Floating point variables (\fBFLOAT\fP) must be expressed as a regular decimal number. Unit prefixes are not supported, nor are alternate notations (scientific, exponent, etc.). .SS Additional Attributes .SS Deprecated .sp A variable marked as \fIDeprecated\fP is still functional but should be avoided as it may be removed in a future release without warning. .SS Reloadable .sp A variable marked as \fIReloadable\fP can be updated via the command: .INDENT 0.0 .INDENT 3.5 .sp .nf .ft C traffic_ctl config reload .ft P .fi .UNINDENT .UNINDENT .sp This updates configuration parameters without restarting Traffic Server or interrupting the processing of requests. .SS Overridable .sp A variable marked as \fIOverridable\fP can be changed on a per\-remap basis using plugins (like the \fIadmin\-plugins\-conf\-remap\fP), affecting operations within the current transaction only. .SH EXAMPLES .sp In the following example, the variable \fI\%proxy.config.proxy_name\fP is a \fBSTRING\fP datatype with the value \fBmy_server\fP\&. This means that the name of the Traffic Server proxy is \fBmy_server\fP\&. .INDENT 0.0 .INDENT 3.5 .sp .nf .ft C CONFIG proxy.config.proxy_name STRING my_server .ft P .fi .UNINDENT .UNINDENT .sp If the server name should be \fBthat_server\fP the line would be .INDENT 0.0 .INDENT 3.5 .sp .nf .ft C CONFIG proxy.config.proxy_name STRING that_server .ft P .fi .UNINDENT .UNINDENT .sp In the following example, the variable \fBproxy.config.arm.enabled\fP is a yes/no flag. A value of \fB0\fP (zero) disables the option; a value of \fB1\fP enables the option. .INDENT 0.0 .INDENT 3.5 .sp .nf .ft C CONFIG proxy.config.arm.enabled INT 0 .ft P .fi .UNINDENT .UNINDENT .sp In the following example, the variable sets the cluster startup timeout to 10 seconds. .INDENT 0.0 .INDENT 3.5 .sp .nf .ft C CONFIG proxy.config.cluster.startup_timeout INT 10 .ft P .fi .UNINDENT .UNINDENT .sp The last examples configures a 64GB RAM cache, using a human readable prefix. .INDENT 0.0 .INDENT 3.5 .sp .nf .ft C CONFIG proxy.config.cache.ram_cache.size INT 64G .ft P .fi .UNINDENT .UNINDENT .SH ENVIRONMENT OVERRIDES .sp Every \fI\%records.config\fP configuration variable can be overridden by a corresponding environment variable. This can be useful in situations where you need a static \fI\%records.config\fP but still want to tweak one or two settings. The override variable is formed by converting the \fI\%records.config\fP variable name to upper case, and replacing any dot separators with an underscore. .sp Overriding a variable from the environment is permanent and will not be affected by future configuration changes made in \fI\%records.config\fP or applied with \fBtraffic_ctl\fP\&. .sp For example, we could override the \fI\%proxy.config.product_company\fP variable like this: .INDENT 0.0 .INDENT 3.5 .sp .nf .ft C $ PROXY_CONFIG_PRODUCT_COMPANY=example traffic_cop & $ traffic_ctl config get proxy.config.product_company .ft P .fi .UNINDENT .UNINDENT .SH CONFIGURATION VARIABLES .sp The following list describes the configuration variables available in the \fI\%records.config\fP file. .SS System Variables .INDENT 0.0 .TP .B proxy.config.product_company .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type STRING.TP .B Default Apache Software Foundation.UNINDENT The name of the organization developing Traffic Server. .INDENT 0.0 .TP .B proxy.config.product_vendor .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type STRING.TP .B Default Apache.UNINDENT The name of the vendor providing Traffic Server. .INDENT 0.0 .TP .B proxy.config.product_name .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type STRING.TP .B Default Traffic Server.UNINDENT The name of the product. .INDENT 0.0 .TP .B proxy.config.proxy_name .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type STRING.TP .B Default build_machine.TP .B Reloadable Yes.UNINDENT The name of the Traffic Server node. .INDENT 0.0 .TP .B proxy.config.bin_path .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type STRING.TP .B Default bin.UNINDENT The location of the Traffic Server \fBbin\fP directory. .INDENT 0.0 .TP .B proxy.config.proxy_binary .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type STRING.TP .B Default traffic_server.UNINDENT The name of the executable that runs the \fBtraffic_server\fP process. .INDENT 0.0 .TP .B proxy.config.proxy_binary_opts .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type STRING.TP .B Default \-M.UNINDENT The command\-line options for starting Traffic Server. .INDENT 0.0 .TP .B proxy.config.manager_binary .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type STRING.TP .B Default traffic_manager.UNINDENT The name of the executable that runs the \fBtraffic_manager\fP process. .INDENT 0.0 .TP .B proxy.config.env_prep .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type STRING.TP .B Default \fI*NONE*\fP.UNINDENT The script executed before the \fBtraffic_manager\fP process spawns the \fBtraffic_server\fP process. .INDENT 0.0 .TP .B proxy.config.config_dir .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type STRING.TP .B Default etc/trafficserver.UNINDENT The directory that contains Traffic Server configuration files. This is a read\-only configuration option that contains the \fBSYSCONFDIR\fP value specified at build time relative to the installation prefix. The \fB$TS_ROOT\fP environment variable can be used alter the installation prefix at run time. .INDENT 0.0 .TP .B proxy.config.syslog_facility .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type STRING.TP .B Default LOG_DAEMON.UNINDENT The facility used to record system log files. Refer to \fIadmin\-monitoring\-logging\-understanding\fP for more in\-depth discussion of the contents and interpretations of log files. .INDENT 0.0 .TP .B proxy.config.cop.core_signal .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 0.UNINDENT The signal sent to \fBtraffic_cop\fP\(aqs managed processes to stop them. .sp A value of \fB0\fP means no signal will be sent. .INDENT 0.0 .TP .B proxy.config.cop.linux_min_memfree_kb .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 0.UNINDENT The minimum amount of free memory space allowed before Traffic Server stops the \fBtraffic_server\fP and \fBtraffic_manager\fP processes to prevent the system from hanging. .INDENT 0.0 .TP .B proxy.config.cop.linux_min_swapfree_kb .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 0.UNINDENT The minimum amount of free swap space allowed before Traffic Server stops the \fBtraffic_server\fP and \fBtraffic_manager\fP processes to prevent the system from hanging. This configuration variable applies if swap is enabled in Linux 2.2 only. .INDENT 0.0 .TP .B proxy.config.cop.init_sleep_time .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 0.UNINDENT The minimum amount of addtional duration allowed before Traffic Server detects that the \fBtraffic_server\fP is not responsive and attempts a restart during startup. This configuration variable allows Traffic Server a longer init time to load potentially large configuration files such as remap config. Note that this applies only during startup of Traffic Server and does not apply to the run time heartbeat checking. .INDENT 0.0 .TP .B proxy.config.cop.active_health_checks .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 3.UNINDENT Specifies which, if any, of \fBtraffic_server\fP and \fBtraffic_manager\fP that \fBtraffic_cop\fP is allowed to kill in the event of failed health checks. The possible values are: .TS center; |l|l|. _ T{ Value T} T{ Description T} _ T{ \fB0\fP T} T{ \fBtraffic_cop\fP is not allowed to kill any processes. T} _ T{ \fB1\fP T} T{ Only \fBtraffic_manager\fP can be killed on failed health checks. T} _ T{ \fB2\fP T} T{ Only \fBtraffic_server\fP can be killed on failed health checks. T} _ T{ \fB3\fP T} T{ \fBtraffic_server\fP and \fBtraffic_manager\fP can be killed on failures (default). T} _ .TE .INDENT 0.0 .TP .B proxy.config.output.logfile .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type STRING.TP .B Default traffic.out.UNINDENT The name and location of the file that contains warnings, status messages, and error messages produced by the Traffic Server processes. If no path is specified, then Traffic Server creates the file in its logging directory. .INDENT 0.0 .TP .B proxy.config.output.logfile.rolling_enabled .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 0.TP .B Reloadable Yes.UNINDENT Specifies how the output log is rolled. You can specify the following values: .TS center; |l|l|. _ T{ Value T} T{ Description T} _ T{ \fB0\fP T} T{ Disables output log rolling. T} _ T{ \fB1\fP T} T{ Enables output log rolling at specific intervals (specified with the \fI\%proxy.config.output.logfile.rolling_interval_sec\fP variable). The clock starts ticking on Traffic Server boot. T} _ T{ \fB2\fP T} T{ Enables output log rolling when the output log reaches a specific size (specified with \fI\%proxy.config.output.logfile.rolling_size_mb\fP). T} _ .TE .INDENT 0.0 .TP .B proxy.config.output.logfile.rolling_interval_sec .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 3600.TP .B Metric seconds.TP .B Reloadable Yes.UNINDENT Specifies how often the output log is rolled, in seconds. The timer starts on Traffic Server bootup. .INDENT 0.0 .TP .B proxy.config.output.logfile.rolling_size_mb .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 100.TP .B Metric megabytes.TP .B Reloadable Yes.UNINDENT Specifies at what size to roll the output log at. .INDENT 0.0 .TP .B proxy.config.snapshot_dir .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type STRING.TP .B Default snapshots.UNINDENT The directory in which Traffic Server stores configuration snapshots on the local system. Unless you specify an absolute path, this directory is located in the Traffic Server \fBSYSCONFDIR\fP directory. .SS Thread Variables .INDENT 0.0 .TP .B proxy.config.exec_thread.autoconfig .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 1.UNINDENT When enabled (the default, \fB1\fP), Traffic Server scales threads according to the available CPU cores. See the config option below. .INDENT 0.0 .TP .B proxy.config.exec_thread.autoconfig.scale .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type FLOAT.TP .B Default 1.5.UNINDENT Factor by which Traffic Server scales the number of threads. The multiplier is usually the number of available CPU cores. By default this is scaling factor is \fB1.5\fP\&. .INDENT 0.0 .TP .B proxy.config.exec_thread.limit .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 2.UNINDENT The number of threads Traffic Server will create if \fIproxy.config.exec_thread.autoconfig\fP is set to \fB0\fP, otherwise this option is ignored. .INDENT 0.0 .TP .B proxy.config.accept_threads .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 1.UNINDENT The number of accept threads. If disabled (\fB0\fP), then accepts will be done in each of the worker threads. .INDENT 0.0 .TP .B proxy.config.thread.default.stacksize .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 1048576.UNINDENT Default thread stack size, in bytes, for all threads (default is 1 MB). .INDENT 0.0 .TP .B proxy.config.exec_thread.affinity .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 1.UNINDENT Bind threads to specific processing units. .TS center; |l|l|. _ T{ Value T} T{ Effect T} _ T{ \fB0\fP T} T{ Assign threads to machine. T} _ T{ \fB1\fP T} T{ Assign threads to NUMA nodes [default]. T} _ T{ \fB2\fP T} T{ Assign threads to sockets. T} _ T{ \fB3\fP T} T{ Assign threads to cores. T} _ T{ \fB4\fP T} T{ Assign threads to processing units. T} _ .TE .sp \fBNOTE:\fP .INDENT 0.0 .INDENT 3.5 This option only has an affect when Traffic Server has been compiled with \fB\-\-enable\-hwloc\fP\&. .UNINDENT .UNINDENT .INDENT 0.0 .TP .B proxy.config.system.file_max_pct .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type FLOAT.TP .B Default 0.9.UNINDENT Set the maximum number of file handles for the traffic_server process as a percentage of the the fs.file\-max proc value in Linux. The default is 90%. .INDENT 0.0 .TP .B proxy.config.crash_log_helper .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type STRING.TP .B Default traffic_crashlog.UNINDENT This option directs \fBtraffic_server\fP to spawn a crash log helper at startup. The value should be the path to an executable program. If the path is not absolute, it is located relative to configured \fBbin\fP directory. Any user\-provided program specified here must behave in a fashion compatible with \fBtraffic_crashlog\fP\&. Specifically, it must implement the \fItraffic_crashlog \-\-wait\fP behavior. .sp This setting not reloadable because the helper must be spawned before \fBtraffic_server\fP drops privilege. If this variable is set to \fBNULL\fP, no helper will be spawned. .INDENT 0.0 .TP .B proxy.config.restart.active_client_threshold .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 0.TP .B Reloadable Yes.UNINDENT This setting specifies the number of active client connections for use by \fItraffic_ctl server restart \-\-drain\fP\&. .SH NETWORK .INDENT 0.0 .TP .B proxy.config.net.connections_throttle .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 30000.UNINDENT The total number of client and origin server connections that the server can handle simultaneously. This is in fact the max number of file descriptors that the \fBtraffic_server\fP process can have open at any given time. Roughly 10% of these connections are reserved for origin server connections, i.e. from the default, only ~9,000 client connections can be handled. This should be tuned according to your memory size, and expected work load. .INDENT 0.0 .TP .B proxy.config.net.default_inactivity_timeout .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 86400.TP .B Reloadable Yes.UNINDENT The connection inactivity timeout (in seconds) to apply when Traffic Server detects that no inactivity timeout has been applied by the HTTP state machine. When this timeout is applied, the \fIproxy.process.net.default_inactivity_timeout_applied\fP metric is incremented. .sp See \fIadmin\-performance\-timeouts\fP for more discussion on Traffic Server timeouts. .INDENT 0.0 .TP .B proxy.config.net.inactivity_check_frequency .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 1.UNINDENT How frequent (in seconds) to check for inactive connections. If you deal with a lot of concurrent connections, increasing this setting can reduce pressure on the system. .INDENT 0.0 .TP .B proxy.local.incoming_ip_to_bind .UNINDENT .INDENT 0.0 .TP .B Scope LOCAL.TP .B Type STRING.TP .B Default 0.0.0.0 [::].UNINDENT Controls the global default IP addresses to which to bind proxy server ports. The value is a space separated list of IP addresses, one per supported IP address family (currently IPv4 and IPv6). .sp Unless explicitly specified in \fI\%proxy.config.http.server_ports\fP, the server port will be bound to one of these addresses, selected by IP address family. The built in default is any address. This is used if no address for a family is specified. This setting is useful if most or all server ports should be bound to the same address. .sp \fBNOTE:\fP .INDENT 0.0 .INDENT 3.5 This is ignored for inbound transparent server ports because they must be able to accept connections on arbitrary IP addresses. .UNINDENT .UNINDENT .SS Example .sp Set the global default for IPv4 to \fB192.168.101.18\fP and leave the global default for IPv6 as any address: .INDENT 0.0 .INDENT 3.5 .sp .nf .ft C LOCAL proxy.local.incoming_ip_to_bind STRING 192.168.101.18 .ft P .fi .UNINDENT .UNINDENT .SS Example .sp Set the global default for IPv4 to \fB191.68.101.18\fP and the global default for IPv6 to \fBfc07:192:168:101::17\fP: .INDENT 0.0 .INDENT 3.5 .sp .nf .ft C LOCAL proxy.local.incoming_ip_to_bind STRING 192.168.101.18 [fc07:192:168:101::17] .ft P .fi .UNINDENT .UNINDENT .INDENT 0.0 .TP .B proxy.local.outgoing_ip_to_bind .UNINDENT .INDENT 0.0 .TP .B Scope LOCAL.TP .B Type STRING.TP .B Default 0.0.0.0 [::].UNINDENT This controls the global default for the local IP address for outbound connections to origin servers. The value is a list of space separated IP addresses, one per supported IP address family (currently IPv4 and IPv6). .sp Unless explicitly specified in \fI\%proxy.config.http.server_ports\fP, one of these addresses, selected by IP address family, will be used as the local address for outbound connections. This setting is useful if most or all of the server ports should use the same outbound IP addresses. .sp \fBNOTE:\fP .INDENT 0.0 .INDENT 3.5 This is ignored for outbound transparent ports as the local outbound address will be the same as the client local address. .UNINDENT .UNINDENT .SS Example .sp Set the default local outbound IP address for IPv4 connections to \fB192.168.101.18\fP\&.: .INDENT 0.0 .INDENT 3.5 .sp .nf .ft C LOCAL proxy.local.outgoing_ip_to_bind STRING 192.168.101.18 .ft P .fi .UNINDENT .UNINDENT .SS Example .sp Set the default local outbound IP address to \fB192.168.101.17\fP for IPv4 and \fBfc07:192:168:101::17\fP for IPv6.: .INDENT 0.0 .INDENT 3.5 .sp .nf .ft C LOCAL proxy.local.outgoing_ip_to_bind STRING 192.168.101.17 [fc07:192:168:101::17] .ft P .fi .UNINDENT .UNINDENT .INDENT 0.0 .TP .B proxy.config.net.event_period .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 10.UNINDENT How often, in milli\-seconds, to schedule IO event processing. This is unlikely to be necessary to tune, and we discourage setting it to a value smaller than 10ms (on Linux). .INDENT 0.0 .TP .B proxy.config.net.accept_period .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 10.UNINDENT How often, in milli\-seconds, to schedule accept() processing. This is unlikely to be necessary to tune, and we discourage setting it to a value smaller than 10ms (on Linux). .INDENT 0.0 .TP .B proxy.config.net.retry_delay .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 10.TP .B Reloadable Yes.UNINDENT How long to wait until we retry various events that would otherwise block the network processing threads (e.g. locks). We discourage setting this to a value smaller than 10ms (on Linux). .INDENT 0.0 .TP .B proxy.config.net.throttle_delay .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 50.TP .B Reloadable Yes.UNINDENT When we trigger a throttling scenario, this how long our accept() are delayed. .SH CLUSTER .INDENT 0.0 .TP .B proxy.local.cluster.type .UNINDENT .INDENT 0.0 .TP .B Scope LOCAL.TP .B Type INT.TP .B Default 3.UNINDENT Sets the clustering mode: .TS center; |l|l|. _ T{ Value T} T{ Effect T} _ T{ \fB1\fP T} T{ Full\-clustering mode. T} _ T{ \fB2\fP T} T{ Management\-only mode. T} _ T{ \fB3\fP T} T{ No clustering. T} _ .TE .INDENT 0.0 .TP .B proxy.config.cluster.ethernet_interface .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default eth0.UNINDENT The network interface to be used for cluster communication. This has to be identical on all members of a clsuter. ToDo: Is that reasonable ?? Should this be local" .INDENT 0.0 .TP .B proxy.config.cluster.rsport .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 8088.UNINDENT The reliable service port. The reliable service port is used to send configuration information between the nodes in a cluster. All nodes in a cluster must use the same reliable service port. .INDENT 0.0 .TP .B proxy.config.cluster.threads .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 1.UNINDENT The number of threads for cluster communication. On heavy clusters, the number should be adjusted. It is recommend to use the thread CPU usage as a reference when adjusting. .INDENT 0.0 .TP .B proxy.config.clustger.ethernet_interface .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type STRING.TP .B Default \fI*NONE*\fP.UNINDENT Set the interface to use for cluster communications. .INDENT 0.0 .TP .B proxy.config.http.cache.cluster_cache_local .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 0.TP .B Overridable Yes.UNINDENT This turns on the local caching of objects in cluster mode. The point of this is to allow for popular or \fIhot\fP content to be cached on all nodes in a cluster. Be aware that the primary way to configure this behavior is via the \fBcache.config\fP configuration file using \fBaction=cluster\-cache\-local\fP directives. .sp This particular \fI\%records.config\fP configuration can be controlled per transaction or per remap rule. As such, it augments the \fBcache.config\fP directives, since you can turn on the local caching feature without complex regular expression matching. .sp This implies that turning this on in your global \fI\%records.config\fP is almost never what you want; instead, you want to use this either via e.g. \fBconf_remap.so\fP overrides for a certain remap rule, or through a custom plugin using the appropriate APIs. .SH LOCAL MANAGER .INDENT 0.0 .TP .B proxy.config.admin.synthetic_port .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 8083.UNINDENT The synthetic healthcheck port. .INDENT 0.0 .TP .B proxy.config.admin.number_config_bak .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 3.UNINDENT The maximum number of copies of rolled configuration files to keep. .INDENT 0.0 .TP .B proxy.config.admin.user_id .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type STRING.TP .B Default nobody.UNINDENT Designates the non\-privileged account to run the \fBtraffic_server\fP process as, which also has the effect of setting ownership of configuration and log files. .sp As of version 2.1.1 if the user_id is prefixed with pound character (\fB#\fP) the remainder of the string is considered to be a \fI\%numeric user identifier\fP\&. If the value is set to \fB#\-1\fP Traffic Server will not change the user during startup. .sp \fBIMPORTANT:\fP .INDENT 0.0 .INDENT 3.5 Attempting to set this option to \fBroot\fP or \fB#0\fP is now forbidden, as a measure to increase security. Doing so will cause a fatal failure upon startup in \fBtraffic_server\fP\&. However, there are two ways to bypass this restriction: .INDENT 0.0 .IP \(bu 2 Specify \fB\-DBIG_SECURITY_HOLE\fP in \fBCXXFLAGS\fP during compilation. .IP \(bu 2 Set the \fBuser_id=#\-1\fP and start trafficserver as root. .UNINDENT .UNINDENT .UNINDENT .INDENT 0.0 .TP .B proxy.config.admin.api.restricted .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 0.UNINDENT This setting specifies whether the management API should be restricted to root processes. If this is set to \fB0\fP, then on platforms that support passing process credentials, non\-root processes will be allowed to make read\-only management API calls. Any management API calls that modify server state (eg. setting a configuration variable) will still be restricted to root processes. .sp This setting is not reloadable, since it is must be applied when program:\fItraffic_manager\fP initializes. .INDENT 0.0 .TP .B proxy.config.disable_configuration_modification .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 0.TP .B Reloadable Yes.UNINDENT This setting prevents Traffic Server from rewriting the \fI\%records.config\fP configuration file. Dynamic configuration changes can still be made using \fBtraffic_ctl config set\fP, but these changes will not be persisted on service restarts or when \fItraffic_ctl config reload\fP is run. .SH PROCESS MANAGER .INDENT 0.0 .TP .B proxy.config.process_manager.mgmt_port .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 8084.UNINDENT The port used for internal communication between \fBtraffic_manager\fP and \fBtraffic_server\fP processes. .SH ALARM CONFIGURATION .INDENT 0.0 .TP .B proxy.config.alarm_email .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type STRING.TP .B Default \fI*NONE*\fP.TP .B Reloadable Yes.UNINDENT The address to which the alarm script should send email. .INDENT 0.0 .TP .B proxy.config.alarm.bin .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type STRING.TP .B Default example_alarm_bin.sh.TP .B Reloadable Yes.UNINDENT Name of the script file that can execute certain actions when an alarm is signaled. The script is invoked with up to 4 arguments: .INDENT 0.0 .IP \(bu 2 The alarm message. .IP \(bu 2 The value of \fI\%proxy.config.product_name\fP\&. .IP \(bu 2 The value of \fI\%proxy.config.admin.user_id\fP\&. .IP \(bu 2 The value of \fI\%proxy.config.alarm_email\fP\&. .UNINDENT .INDENT 0.0 .TP .B proxy.config.alarm.abs_path .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type STRING.TP .B Default NULL.TP .B Reloadable Yes.UNINDENT The absolute path to the directory containing the alarm script. If this is not set, the script will be located relative to \fI\%proxy.config.bin_path\fP\&. .INDENT 0.0 .TP .B proxy.config.alarm.script_runtime .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 5.TP .B Reloadable Yes.UNINDENT The number of seconds that Traffic Server allows the alarm script to run before aborting it. .SH HTTP ENGINE .INDENT 0.0 .TP .B proxy.config.http.server_ports .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type STRING.TP .B Default 8080 8080:ipv6.UNINDENT Ports used for proxying HTTP traffic. .sp This is a list, separated by space or comma, of port descriptors\&. Each descriptor is a sequence of keywords and values separated by colons. Not all keywords have values, those that do are specifically noted. Keywords with values can have an optional \fB=\fP character separating the keyword and value. The case of keywords is ignored. The order of keywords is irrelevant but unspecified results may occur if incompatible options are used (noted below). Options without values are idempotent. Options with values use the last (right most) value specified, except for \fBip\-out\fP as detailed later. .sp Quick reference chart: .TS center; |l|l|l|. _ T{ Name T} T{ Note T} T{ Definition T} _ T{ \fInumber\fP T} T{ Required T} T{ The local port. T} _ T{ blind T} T{ T} T{ Blind (\fBCONNECT\fP) port. T} _ T{ compress T} T{ Not Implemented T} T{ Compressed. T} _ T{ ipv4 T} T{ Default T} T{ Bind to IPv4 address family. T} _ T{ ipv6 T} T{ T} T{ Bind to IPv6 address family. T} _ T{ ip\-in T} T{ Value T} T{ Local inbound IP address. T} _ T{ ip\-out T} T{ Value T} T{ Local outbound IP address. T} _ T{ ip\-resolve T} T{ Value T} T{ IP address resolution style. T} _ T{ proto T} T{ Value T} T{ List of supported session protocols. T} _ T{ ssl T} T{ T} T{ SSL terminated. T} _ T{ tr\-full T} T{ T} T{ Fully transparent (inbound and outbound) T} _ T{ tr\-in T} T{ T} T{ Inbound transparent. T} _ T{ tr\-out T} T{ T} T{ Outbound transparent. T} _ T{ tr\-pass T} T{ T} T{ Pass through enabled. T} _ .TE .INDENT 0.0 .TP .B \fInumber\fP Local IP port to bind. This is the port to which ATS clients will connect. .TP .B blind Accept only the \fBCONNECT\fP method on this port. .sp Not compatible with: \fBtr\-in\fP, \fBssl\fP\&. .TP .B compress Compress the connection. Retained only by inertia, should be considered "not implemented". .TP .B ipv4 Use IPv4. This is the default and is included primarily for completeness. This forced if the \fBip\-in\fP option is used with an IPv4 address. .TP .B ipv6 Use IPv6. This is forced if the \fBip\-in\fP option is used with an IPv6 address. .TP .B ssl Require SSL termination for inbound connections. SSL \fImust be configured\fP for this option to provide a functional server port. .sp Not compatible with: \fBblind\fP\&. .TP .B proto Specify the \fIsession level protocols\fP supported. These should be separated by semi\-colons. For TLS proxy ports the default value is all available protocols. For non\-TLS proxy ports the default is HTTP only. .TP .B tr\-full Fully transparent. This is a convenience option and is identical to specifying both \fBtr\-in\fP and \fBtr\-out\fP\&. .sp Not compatible with: Any option not compatible with \fBtr\-in\fP or \fBtr\-out\fP\&. .TP .B tr\-in Inbound transparent. The proxy port will accept connections to any IP address on the port. To have IPv6 inbound transparent you must use this and the \fBipv6\fP option. This overrides \fI\%proxy.local.incoming_ip_to_bind\fP for this port. .sp Not compatible with: \fBip\-in\fP, \fBblind\fP .TP .B tr\-out Outbound transparent. If ATS connects to an origin server for a transaction on this port, it will use the client\(aqs address as its local address. This overrides \fI\%proxy.local.outgoing_ip_to_bind\fP for this port. .sp Not compatible with: \fBip\-out\fP, \fBip\-resolve\fP .TP .B tr\-pass Transparent pass through. This option is useful only for inbound transparent proxy ports. If the parsing of the expected HTTP header fails, then the transaction is switched to a blind tunnel instead of generating an error response to the client. It effectively enables \fI\%proxy.config.http.use_client_target_addr\fP for the transaction as there is no other place to obtain the origin server address. .TP .B ip\-in Set the local IP address for the port. This is the address to which clients will connect. This forces the IP address family for the port. The \fBipv4\fP or \fBipv6\fP can be used but it is optional and is an error for it to disagree with the IP address family of this value. An IPv6 address \fBmust\fP be enclosed in square brackets. If this option is omitted \fI\%proxy.local.incoming_ip_to_bind\fP is used. .sp Not compatible with: \fBtr\-in\fP\&. .TP .B ip\-out Set the local IP address for outbound connections. This is the address used by ATS locally when it connects to an origin server for transactions on this port. If this is omitted \fI\%proxy.local.outgoing_ip_to_bind\fP is used. .sp This option can used multiple times, once for each IP address family. The address used is selected by the IP address family of the origin server address. .sp Not compatible with: \fBtr\-out\fP\&. .TP .B ip\-resolve Set the \fI\%host resolution style\fP for transactions on this proxy port. .sp Not compatible with: \fBtr\-out\fP \- this option requires a value of \fBclient;none\fP which is forced and should not be explicitly specified. .UNINDENT .SS Example .sp Listen on port 80 on any address for IPv4 and IPv6.: .INDENT 0.0 .INDENT 3.5 .sp .nf .ft C 80 80:ipv6 .ft P .fi .UNINDENT .UNINDENT .SS Example .sp Listen transparently on any IPv4 address on port 8080, and transparently on port 8080 on local address \fBfc01:10:10:1::1\fP (which implies \fBipv6\fP).: .INDENT 0.0 .INDENT 3.5 .sp .nf .ft C IPv4:tr\-FULL:8080 TR\-full:IP\-in=[fc02:10:10:1::1]:8080 .ft P .fi .UNINDENT .UNINDENT .SS Example .sp Listen on port 8080 for IPv6, fully transparent. Set up an SSL port on 443. These ports will use the IP address from \fI\%proxy.local.incoming_ip_to_bind\fP\&. Listen on IP address \fB192.168.17.1\fP, port 80, IPv4, and connect to origin servers using the local address \fB10.10.10.1\fP for IPv4 and \fBfc01:10:10:1::1\fP for IPv6.: .INDENT 0.0 .INDENT 3.5 .sp .nf .ft C 8080:ipv6:tr\-full 443:ssl ip\-in=192.168.17.1:80:ip\-out=[fc01:10:10:1::1]:ip\-out=10.10.10.1 .ft P .fi .UNINDENT .UNINDENT .SS Example .sp Listen on port 9090 for TSL enabled HTTP/2 or HTTP connections, accept no other session protocols.: .INDENT 0.0 .INDENT 3.5 .sp .nf .ft C 9090:proto=http2;http:ssl .ft P .fi .UNINDENT .UNINDENT .INDENT 0.0 .TP .B proxy.config.http.connect_ports .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type STRING.TP .B Default 443 563.UNINDENT The range of origin server ports that can be used for tunneling via \fBCONNECT\fP\&. .sp Traffic Server allows tunnels only to the specified ports. Supports both wildcards (\fB*\fP) and ranges (e.g. \fB0\-1023\fP). .sp \fBNOTE:\fP .INDENT 0.0 .INDENT 3.5 These are the ports on the \fIorigin server\fP, not Traffic Server \fI\%proxy ports\fP\&. .UNINDENT .UNINDENT .INDENT 0.0 .TP .B proxy.config.http.insert_request_via_str .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 1.TP .B Reloadable Yes.TP .B Overridable Yes.UNINDENT Set how the \fBVia\fP field is handled on a request to the origin server. .TS center; |l|l|. _ T{ Value T} T{ Effect T} _ T{ \fB0\fP T} T{ Do not modify or set this Via header. T} _ T{ \fB1\fP T} T{ Update the Via, with normal verbosity. T} _ T{ \fB2\fP T} T{ Update the Via, with higher verbosity. T} _ T{ \fB3\fP T} T{ Update the Via, with highest verbosity. T} _ .TE .sp \fBNOTE:\fP .INDENT 0.0 .INDENT 3.5 The \fBVia\fP header string can be decoded with the \fI\%Via Decoder Ring\fP\&. .UNINDENT .UNINDENT .INDENT 0.0 .TP .B proxy.config.http.request_via_str .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type STRING.TP .B Default ApacheTrafficServer/${PACKAGE_VERSION}.TP .B Reloadable Yes.TP .B Overridable Yes.UNINDENT Set the server and version string in the \fBVia\fP request header to the origin server which is inserted when the value of \fI\%proxy.config.http.insert_request_via_str\fP is not \fB0\fP\&. Note that the actual default value is defined with \fB"ApacheTrafficServer/" PACKAGE_VERSION\fP in a C++ source code, and you must write such as \fBApacheTrafficServer/6.0.0\fP if you really set a value with the version in \fI\%records.config\fP file. If you want to hide the version, you can set this value to \fBApacheTrafficServer\fP\&. .INDENT 0.0 .TP .B proxy.config.http.insert_response_via_str .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 0.TP .B Reloadable Yes.TP .B Overridable Yes.UNINDENT Set how the \fBVia\fP field is handled on the response to the client. .TS center; |l|l|. _ T{ Value T} T{ Effect T} _ T{ \fB0\fP T} T{ Do not modify or set this via header. T} _ T{ \fB1\fP T} T{ Update the via, with normal verbosity. T} _ T{ \fB2\fP T} T{ Update the via, with higher verbosity. T} _ T{ \fB3\fP T} T{ Update the via, with highest verbosity. T} _ .TE .sp \fBNOTE:\fP .INDENT 0.0 .INDENT 3.5 The \fBVia\fP header string can be decoded with the \fI\%Via Decoder Ring\fP\&. .UNINDENT .UNINDENT .INDENT 0.0 .TP .B proxy.config.http.response_via_str .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type STRING.TP .B Default ApacheTrafficServer/${PACKAGE_VERSION}.TP .B Reloadable Yes.TP .B Overridable Yes.UNINDENT Set the server and version string in the \fBVia\fP response header to the client which is inserted when the value of \fI\%proxy.config.http.insert_response_via_str\fP is not \fB0\fP\&. Note that the actual default value is defined with \fB"ApacheTrafficServer/" PACKAGE_VERSION\fP in a C++ source code, and you must write such as \fBApacheTrafficServer/6.0.0\fP if you really set a value with the version in \fI\%records.config\fP file. If you want to hide the version, you can set this value to \fBApacheTrafficServer\fP\&. .INDENT 0.0 .TP .B proxy.config.http.send_100_continue_response .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 0.TP .B Reloadable Yes.UNINDENT You can specify one of the following: .TS center; |l|l|. _ T{ Value T} T{ Description T} _ T{ \fB0\fP T} T{ Traffic Server will buffer the request until the post body has been recieved and then send the request to the origin server. T} _ T{ \fB1\fP T} T{ Immediately return a \fB100 Continue\fP from Traffic Server without waiting for the post body. T} _ .TE .INDENT 0.0 .TP .B proxy.config.http.response_server_enabled .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 1.TP .B Reloadable Yes.TP .B Overridable Yes.UNINDENT You can specify one of the following: .TS center; |l|l|. _ T{ Value T} T{ Description T} _ T{ \fB0\fP T} T{ No \fBServer\fP header is added to the response. T} _ T{ \fB1\fP T} T{ The \fBServer\fP header is added according to \fI\%proxy.config.http.response_server_str\fP\&. T} _ T{ \fB2\fP T} T{ The \fBServer\fP header is added only if the response from origin does not have one already. T} _ .TE .INDENT 0.0 .TP .B proxy.config.http.response_server_str .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type STRING.TP .B Default ATS/${PACKAGE_VERSION}.TP .B Reloadable Yes.TP .B Overridable Yes.UNINDENT The \fBServer\fP string that Traffic Server will insert in a response header (if requested, see above). Note that the actual default value is defined with \fB"ATS/" PACKAGE_VERSION\fP in the C++ source, and you must write such as \fBATS/6.0.0\fP if you really set a value with the version in \fI\%records.config\fP\&. If you want to hide the version, you can set this value to \fBATS\fP\&. .INDENT 0.0 .TP .B proxy.config.http.insert_age_in_response .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 1.TP .B Reloadable Yes.TP .B Overridable Yes.UNINDENT This option specifies whether Traffic Server should insert an \fBAge\fP header in the response. The value is the cache\(aqs estimate of the amount of time since the response was generated or revalidated by the origin server. .TS center; |l|l|. _ T{ Value T} T{ Description T} _ T{ \fB0\fP T} T{ No \fBAge\fP header is added. T} _ T{ \fB1\fP T} T{ \fBAge\fP header is added. T} _ .TE .INDENT 0.0 .TP .B proxy.config.http.chunking_enabled .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 1.TP .B Reloadable Yes.TP .B Overridable Yes.UNINDENT Specifies whether Traffic Server can generate a chunked response: .TS center; |l|l|. _ T{ Value T} T{ Description T} _ T{ \fB0\fP T} T{ Never respond with chunked encoding. T} _ T{ \fB1\fP T} T{ Always respond with chunked encoding. T} _ T{ \fB2\fP T} T{ Generate a chunked response if the origin server has previously returned HTTP/1.1. T} _ T{ \fB3\fP T} T{ Generate a chunked response if the client request is HTTP/1.1 and the origin server has previously returned HTTP/1.1. T} _ .TE .sp \fBNOTE:\fP .INDENT 0.0 .INDENT 3.5 If HTTP/1.1 is used, then Traffic Server can use keep\-alive connections with pipelining to origin servers. .sp If HTTP/1.0 is used, then Traffic Server can use keep\-alive connections without pipelining to origin servers. .sp If HTTP/0.9 is used, then Traffic Server does not use keep\-alive connections to origin servers. .UNINDENT .UNINDENT .INDENT 0.0 .TP .B proxy.config.http.chunking.size .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 4096.TP .B Overridable Yes.UNINDENT If chunked transfer encoding is enabled with \fI\%proxy.config.http.chunking_enabled\fP, and the conditions specified by that option\(aqs setting are met by the current request, this option determines the size of the chunks, in bytes, to use when sending content to an HTTP/1.1 client. .INDENT 0.0 .TP .B proxy.config.http.send_http11_requests .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 1.TP .B Reloadable Yes.TP .B Overridable Yes.UNINDENT Specifies when and how Traffic Server uses HTTP/1.1 to communicate with the origin server. .TS center; |l|l|. _ T{ Value T} T{ Description T} _ T{ \fB0\fP T} T{ Never use HTTP/1.1. T} _ T{ \fB1\fP T} T{ Always use HTTP/1.1. T} _ T{ \fB2\fP T} T{ Use HTTP/1.1 with origin connections only if the server has previously returned HTTP/1.1. T} _ T{ \fB3\fP T} T{ If the client request is HTTP/1.1 and the origin server has previously returned HTTP/1.1, then use HTTP/1.1 for origin server connections. T} _ .TE .sp \fBNOTE:\fP .INDENT 0.0 .INDENT 3.5 If \fI\%proxy.config.http.use_client_target_addr\fP is set to \fB1\fP, then options \fB2\fP and \fB3\fP for this configuration variable cause the proxy to use the client HTTP version for upstream requests. .UNINDENT .UNINDENT .INDENT 0.0 .TP .B proxy.config.http.server_tcp_init_cwnd .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 0.TP .B Overridable Yes.UNINDENT Configures the size, in packets, of the initial TCP congestion window on sockets used by the HTTP engine. This option may only be used on operating systems which support the \fBTCP_INIT_CWND\fP option on TCP sockets. .INDENT 0.0 .TP .B proxy.config.http.auth_server_session_private .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 1.UNINDENT If enabled (\fB1\fP) anytime a request contains a \fBAuthorization\fP, \fBProxy\-Authorization\fP, or \fBWww\-Authenticate\fP header the connection will be closed and not reused. This marks the connection as private. When disabled (\fB0\fP) the connection will be available for reuse. .INDENT 0.0 .TP .B proxy.config.http.server_session_sharing.match .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type STRING.TP .B Default both.UNINDENT Enable and set the ability to re\-use server connections across client connections. The valid values are: .TS center; |l|l|. _ T{ Value T} T{ Description T} _ T{ \fBnone\fP T} T{ Do not match and do not re\-use server sessions. If using this in \fIts\-overridable\-config\fP (like the \fIadmin\-plugins\-conf\-remap\fP), use the integer \fB0\fP instead. T} _ T{ \fBboth\fP T} T{ Re\-use server sessions, if \fIboth\fP the IP address and fully qualified domain name match. If using this in \fIts\-overridable\-config\fP (like the \fIadmin\-plugins\-conf\-remap\fP), use the integer \fB1\fP instead. T} _ T{ \fBip\fP T} T{ Re\-use server sessions, checking only that the IP address and port of the origin server matches. If using this in \fIts\-overridable\-config\fP (like the \fIadmin\-plugins\-conf\-remap\fP), use the integer \fB2\fP instead. T} _ T{ \fBhost\fP T} T{ Re\-use server sessions, checking only that the fully qualified domain name matches. If using this in \fIts\-overridable\-config\fP (like the \fIadmin\-plugins\-conf\-remap\fP), use the integer \fB3\fP instead. T} _ .TE .sp It is strongly recommended to use either \fBnone\fP or \fBboth\fP for this value unless you have a specific need for the other settings. The most common reason is virtual hosts that share an IP address in which case performance can be enhanced if those sessions can be re\-used. However, not all web servers support requests for different virtual hosts on the same connection so use with caution. .sp \fBNOTE:\fP .INDENT 0.0 .INDENT 3.5 Server sessions to different ports never match even if the FQDN and IP address match. .UNINDENT .UNINDENT .INDENT 0.0 .TP .B proxy.config.http.server_session_sharing.pool .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type STRING.TP .B Default thread.UNINDENT Control the scope of server session re\-use if it is enabled by \fI\%proxy.config.http.server_session_sharing.match\fP\&. Valid values are: .TS center; |l|l|. _ T{ Value T} T{ Description T} _ T{ \fBglobal\fP T} T{ Re\-use sessions from a global pool of all server sessions. T} _ T{ \fBthread\fP T} T{ Re\-use sessions from a per\-thread pool. T} _ .TE .INDENT 0.0 .TP .B proxy.config.http.attach_server_session_to_client .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 0.TP .B Overridable Yes.UNINDENT Control the re\-use of an server session by a user agent (client) session. .sp If a user agent performs more than one HTTP transaction on its connection to Traffic Server a server session must be obtained for the second (and subsequent) transaction as for the first. This settings affects how that server session is selected. .sp If this setting is \fB0\fP then after the first transaction the server session for that transaction is released to the server pool (if any). When a server session is needed for subsequent transactions one is selected from the server pool or created if there is no suitable server session in the pool. .sp If this setting is not \fB0\fP then the current server session for the user agent session is "sticky". It will be preferred to any other server session (either from the pool or newly created). The server session will be detached from the user agent session only if it cannot be used for the transaction. This is determined by the \fI\%proxy.config.http.server_session_sharing.match\fP value. If the server session matches the next transaction according to this setting then it will be used, otherwise it will be released to the pool and a different session selected or created. .INDENT 0.0 .TP .B proxy.config.http.record_heartbeat .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 0.TP .B Reloadable Yes.UNINDENT Enables (\fB1\fP) or disables (\fB0\fP) \fBtraffic_cop\fP heartbeat logging. .INDENT 0.0 .TP .B proxy.config.http.use_client_target_addr .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 0.UNINDENT For fully transparent ports use the same origin server address as the client. .sp This option causes Traffic Server to avoid where possible doing DNS lookups in forward transparent proxy mode. The option is only effective if the following three conditions are true: .INDENT 0.0 .IP \(bu 2 Traffic Server is in forward proxy mode. .IP \(bu 2 The proxy port is inbound transparent. .IP \(bu 2 The target URL has not been modified by either remapping or a plugin. .UNINDENT .sp If any of these conditions are not true, then normal DNS processing is done for the connection. .sp There are three valid values. .TS center; |l|l|. _ T{ Value T} T{ Description T} _ T{ \fB0\fP T} T{ Disables the feature. T} _ T{ \fB1\fP T} T{ Enables the feature with address verification. The proxy does the regular DNS processing. If the client\-specified origin address is not in the set of addresses found by the proxy, the request continues to the client specified address, but the result is not cached. T} _ T{ \fB2\fP T} T{ Enables the feature with no address verification. No DNS processing is performed. The result is cached (if allowed otherwise). This option is vulnerable to cache poisoning if an incorrect \fBHost\fP header is specified, so this option should be used with extreme caution. See bug \fI\%TS\-2954\fP for details. T} _ .TE .sp If all of these conditions are met, then the origin server IP address is retrieved from the original client connection, rather than through HostDB or DNS lookup. In effect, client DNS resolution is used instead of Traffic Server DNS. .sp This can be used to be a little more efficient (looking up the target once by the client rather than by both the client and Traffic Server) but the primary use is when client DNS resolution can differ from that of Traffic Server\&. Two known uses cases are: .INDENT 0.0 .IP 1. 3 Embedded IP addresses in a protocol with DNS load sharing. In this case, even though Traffic Server and the client both make the same request to the same DNS resolver chain, they may get different origin server addresses. If the address is embedded in the protocol then the overall exchange will fail. One current example is Microsoft Windows update, which presumably embeds the address as a security measure. .IP 2. 3 The client has access to local DNS zone information which is not available to Traffic Server\&. There are corporate nets with local DNS information for internal servers which, by design, is not propagated outside the core corporate network. Depending a network topology it can be the case that Traffic Server can access the servers by IP address but cannot resolve such addresses by name. In such as case the client supplied target address must be used. .UNINDENT .sp This solution must be considered interim. In the longer term, it should be possible to arrange for much finer grained control of DNS lookup so that wildcard domain can be set to use Traffic Server or client resolution. In both known use cases, marking specific domains as client determined (rather than a single global switch) would suffice. It is possible to do this crudely with this flag by enabling it and then use identity URL mappings to re\-disable it for specific domains. .INDENT 0.0 .TP .B proxy.config.http.keep_alive_enabled_in .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 1.TP .B Overridable Yes.UNINDENT Enables (\fB1\fP) or disables (\fB0\fP) incoming keep\-alive connections. .INDENT 0.0 .TP .B proxy.config.http.keep_alive_enabled_out .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 1.TP .B Overridable Yes.UNINDENT Enables (\fB1\fP) or disables (\fB0\fP) outgoing keep\-alive connections. .sp \fBNOTE:\fP .INDENT 0.0 .INDENT 3.5 Enabling keep\-alive does not automatically enable purging of keep\-alive requests when nearing the connection limit, that is controlled by \fI\%proxy.config.http.server_max_connections\fP\&. .UNINDENT .UNINDENT .INDENT 0.0 .TP .B proxy.config.http.keep_alive_post_out .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 1.TP .B Overridable Yes.UNINDENT Controls wether new POST requests re\-use keep\-alive sessions (\fB1\fP) or create new connections per request (\fB0\fP). .INDENT 0.0 .TP .B proxy.config.http.disallow_post_100_continue .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 0.UNINDENT Allows you to return a 405 Method Not Supported with Posts also containing an Expect: 100\-continue. .sp When a Post w/ Expect: 100\-continue is blocked the stat proxy.process.http.disallowed_post_100_continue will be incremented. .INDENT 0.0 .TP .B proxy.config.http.default_buffer_size .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 8.UNINDENT Configures the default buffer size, in bytes, to allocate for incoming request bodies which lack a \fBContent\-length\fP header. .INDENT 0.0 .TP .B proxy.config.http.default_buffer_water_mark .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 32768.UNINDENT .INDENT 0.0 .TP .B proxy.config.http.request_header_max_size .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 131072.UNINDENT Controls the maximum size, in bytes, of an HTTP header in requests. Headers in a request which exceed this size will cause the entire request to be treated as invalid and rejected by the proxy. .INDENT 0.0 .TP .B proxy.config.http.response_header_max_size .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 131072.UNINDENT Controls the maximum size, in bytes, of headers in HTTP responses from the proxy. Any responses with a header exceeding this limit will be treated as invalid and a client error will be returned instead. .INDENT 0.0 .TP .B proxy.config.http.global_user_agent_header .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type STRING.TP .B Default null.TP .B Overridable Yes.UNINDENT An arbitrary string value that, if set, will be used to replace any request \fBUser\-Agent\fP header. .INDENT 0.0 .TP .B proxy.config.http.strict_uri_parsing .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 0.UNINDENT Enables (\fB1\fP) or disables (\fB0\fP) Traffic Server to return a 400 Bad Request if client\(aqs request URI includes character which is not \fI\%RFC 3986\fP compliant .INDENT 0.0 .TP .B proxy.config.http.errors.log_error_pages .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 1.TP .B Reloadable Yes.UNINDENT Enables (\fB1\fP) or disables (\fB0\fP) the logging of responses to bad requests to the error logging destination. Disabling this option prevents error responses (such as \fB403\fPs) from appearing in the error logs. Any HTTP response status codes equal to, or higher, than the minimum code defined by \fBTS_HTTP_STATUS_BAD_REQUEST\fP are affected by this setting. .SH PARENT PROXY CONFIGURATION .INDENT 0.0 .TP .B proxy.config.http.parent_proxy_routing_enable .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 0.TP .B Reloadable Yes.UNINDENT Enables (\fB1\fP) or disables (\fB0\fP) the parent caching option. Refer to \fIadmin\-hierarchical\-caching\fP\&. .INDENT 0.0 .TP .B proxy.config.http.parent_proxy.retry_time .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 300.TP .B Reloadable Yes.UNINDENT The amount of time allowed between connection retries to a parent cache that is unavailable. .INDENT 0.0 .TP .B proxy.config.http.parent_proxy.fail_threshold .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 10.TP .B Reloadable Yes.UNINDENT The number of times the connection to the parent cache can fail before Traffic Server considers the parent unavailable. .INDENT 0.0 .TP .B proxy.config.http.parent_proxy.total_connect_attempts .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 4.TP .B Reloadable Yes.TP .B Overridable Yes.UNINDENT The total number of connection attempts allowed to a parent cache before Traffic Server bypasses the parent or fails the request (depending on the \fBgo_direct\fP option in the \fBparent.config\fP file). .INDENT 0.0 .TP .B proxy.config.http.parent_proxy.per_parent_connect_attempts .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 2.TP .B Reloadable Yes.UNINDENT The total number of connection attempts allowed per parent, if multiple parents are used. .INDENT 0.0 .TP .B proxy.config.http.parent_proxy.connect_attempts_timeout .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 30.TP .B Reloadable Yes.UNINDENT The timeout value (in seconds) for parent cache connection attempts. .sp See \fIadmin\-performance\-timeouts\fP for more discussion on Traffic Server timeouts. .INDENT 0.0 .TP .B proxy.config.http.forward.proxy_auth_to_parent .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 0.TP .B Reloadable Yes.TP .B Overridable Yes.UNINDENT Configures Traffic Server to send proxy authentication headers on to the parent cache. .INDENT 0.0 .TP .B proxy.config.http.no_dns_just_forward_to_parent .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 0.TP .B Reloadable Yes.UNINDENT Don\(aqt try to resolve DNS, forward all DNS requests to the parent. This is off (\fB0\fP) by default. .SH HTTP CONNECTION TIMEOUTS .INDENT 0.0 .TP .B proxy.config.http.keep_alive_no_activity_timeout_in .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 115.TP .B Reloadable Yes.TP .B Overridable Yes.UNINDENT Specifies how long Traffic Server keeps connections to clients open for a subsequent request after a transaction ends. A value of \fB0\fP will disable the no activity timeout. .sp See \fIadmin\-performance\-timeouts\fP for more discussion on Traffic Server timeouts. .INDENT 0.0 .TP .B proxy.config.http.keep_alive_no_activity_timeout_out .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 120.TP .B Reloadable Yes.TP .B Overridable Yes.UNINDENT Specifies how long Traffic Server keeps connections to origin servers open for a subsequent transfer of data after a transaction ends. A value of \fB0\fP will disable the no activity timeout. .sp See \fIadmin\-performance\-timeouts\fP for more discussion on Traffic Server timeouts. .INDENT 0.0 .TP .B proxy.config.http.transaction_no_activity_timeout_in .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 30.TP .B Reloadable Yes.TP .B Overridable Yes.UNINDENT Specifies how long Traffic Server keeps connections to clients open if a transaction stalls. .sp See \fIadmin\-performance\-timeouts\fP for more discussion on Traffic Server timeouts. .INDENT 0.0 .TP .B proxy.config.http.transaction_no_activity_timeout_out .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 30.TP .B Reloadable Yes.TP .B Overridable Yes.UNINDENT Specifies how long Traffic Server keeps connections to origin servers open if the transaction stalls. .sp See \fIadmin\-performance\-timeouts\fP for more discussion on Traffic Server timeouts. .INDENT 0.0 .TP .B proxy.config.websocket.no_activity_timeout .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 600.TP .B Reloadable Yes.TP .B Overridable Yes.UNINDENT Specifies how long Traffic Server keeps connections open if a websocket stalls. .sp See \fIadmin\-performance\-timeouts\fP for more discussion on Traffic Server timeouts. .INDENT 0.0 .TP .B proxy.config.websocket.active_timeout .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 3600.TP .B Reloadable Yes.TP .B Overridable Yes.UNINDENT The maximum amount of time Traffic Server keeps websocket connections open. .sp See \fIadmin\-performance\-timeouts\fP for more discussion on Traffic Server timeouts. .INDENT 0.0 .TP .B proxy.config.http.transaction_active_timeout_in .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 900.TP .B Reloadable Yes.TP .B Overridable Yes.UNINDENT The maximum amount of time Traffic Server can remain connected to a client. If the transfer to the client is not complete before this timeout expires, then Traffic Server closes the connection. .sp The value of \fB0\fP specifies that there is no timeout. .sp See \fIadmin\-performance\-timeouts\fP for more discussion on Traffic Server timeouts. .INDENT 0.0 .TP .B proxy.config.http.transaction_active_timeout_out .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 0.TP .B Reloadable Yes.TP .B Overridable Yes.UNINDENT The maximum amount of time Traffic Server waits for fulfillment of a connection request to an origin server. If Traffic Server does not complete the transfer to the origin server before this timeout expires, then Traffic Server terminates the connection request. .sp The default value of \fB0\fP specifies that there is no timeout. .sp See \fIadmin\-performance\-timeouts\fP for more discussion on Traffic Server timeouts. .INDENT 0.0 .TP .B proxy.config.http.accept_no_activity_timeout .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 120.TP .B Reloadable Yes.UNINDENT The timeout interval in seconds before Traffic Server closes a connection that has no activity. .sp See \fIadmin\-performance\-timeouts\fP for more discussion on Traffic Server timeouts. .INDENT 0.0 .TP .B proxy.config.http.background_fill_active_timeout .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 0.TP .B Reloadable Yes.TP .B Overridable Yes.UNINDENT Specifies how long Traffic Server continues a background fill before giving up and dropping the origin server connection. .sp See \fIadmin\-performance\-timeouts\fP for more discussion on Traffic Server timeouts. .INDENT 0.0 .TP .B proxy.config.http.background_fill_completed_threshold .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type FLOAT.TP .B Default 0.0.TP .B Reloadable Yes.TP .B Overridable Yes.UNINDENT The proportion of total document size already transferred when a client aborts at which the proxy continues fetching the document from the origin server to get it into the cache (a \fBbackground fill\fP). .SH HTTP REDIRECTION .INDENT 0.0 .TP .B proxy.config.http.redirection_enabled .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 0.TP .B Reloadable Yes.TP .B Overridable Yes.UNINDENT This setting indicates whether Trafficserver does a redirect follow location on receiving a 3XX Redirect response from the Origin server. The redirection attempt is transparent to the client and the client is served the final response from the redirected\-to location. .INDENT 0.0 .TP .B proxy.config.http.number_of_redirections .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 1.TP .B Reloadable Yes.TP .B Overridable Yes.UNINDENT This setting determines the maximum number of times Trafficserver does a redirect follow location on receiving a 3XX Redirect response for a given client request. .INDENT 0.0 .TP .B proxy.config.http.redirect_host_no_port .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 1.UNINDENT This setting enables Trafficserver to not include the port in the Host header in the redirect follow request for default/standard ports (e.g. 80 for HTTP and 443 for HTTPS). Note that the port is still included in the Host header if it\(aqs non\-default. .INDENT 0.0 .TP .B proxy.config.http.redirect_use_orig_cache_key .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 0.TP .B Reloadable Yes.TP .B Overridable Yes.UNINDENT This setting enables Trafficserver to allow using original request cache key (for example, set using a TS API) during a 3xx redirect follow. The default behavior (0) is to use the URL specified by Location header in the 3xx response as the cache key. .SH ORIGIN SERVER CONNECT ATTEMPTS .INDENT 0.0 .TP .B proxy.config.http.connect_attempts_max_retries .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 3.TP .B Reloadable Yes.TP .B Overridable Yes.UNINDENT The maximum number of connection retries Traffic Server can make when the origin server is not responding. Each retry attempt lasts for \fI\%proxy.config.http.connect_attempts_timeout\fP seconds. Once the maximum number of retries is reached, the origin is marked dead. After this, the setting \fI\%proxy.config.http.connect_attempts_max_retries_dead_server\fP is used to limit the number of retry attempts to the known dead origin. .INDENT 0.0 .TP .B proxy.config.http.connect_attempts_max_retries_dead_server .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 1.TP .B Reloadable Yes.TP .B Overridable Yes.UNINDENT Maximum number of connection retries Traffic Server can make while an origin is marked dead. Typically this value is smaller than \fI\%proxy.config.http.connect_attempts_max_retries\fP so an error is returned to the client faster and also to reduce the load on the dead origin. The timeout interval \fI\%proxy.config.http.connect_attempts_timeout\fP in seconds is used with this setting. .INDENT 0.0 .TP .B proxy.config.http.server_max_connections .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 0.TP .B Reloadable Yes.UNINDENT Limits the number of socket connections across all origin servers to the value specified. To disable, set to zero (\fB0\fP). .sp This value is used in determining when and if to prune active origin sessions. Without this value set, connections to origins can consume all the way up to ts:cv:\fIproxy.config.net.connections_throttle\fP connections, which in turn can starve incoming requests from available connections. .INDENT 0.0 .TP .B proxy.config.http.origin_max_connections .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 0.TP .B Reloadable Yes.TP .B Overridable Yes.UNINDENT Limits the number of socket connections per origin server to the value specified. To enable, set to one (\fB1\fP). .INDENT 0.0 .TP .B proxy.config.http.origin_max_connections_queue .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default \-1.TP .B Reloadable Yes.TP .B Overridable Yes.UNINDENT Limits the number of requests to be queued when the \fI\%proxy.config.http.origin_max_connections\fP is reached. When disabled (\fB\-1\fP) requests are will wait indefinitely for an available connection. When set to \fB0\fP all requests past the \fI\%proxy.config.http.origin_max_connections\fP will immediately fail. When set to \fB>0\fP ATS will queue that many requests to go to the origin, any additional requests past the limit will immediately fail. .INDENT 0.0 .TP .B proxy.config.http.origin_min_keep_alive_connections .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 0.TP .B Reloadable Yes.UNINDENT As connection to an origin server are opened, keep at least \(aqn\(aq number of connections open to that origin, even if the connection isn\(aqt used for a long time period. Useful when the origin supports keep\-alive, removing the time needed to set up a new connection from the next request at the expense of added (inactive) connections. To enable, set to one (\fB1\fP). .INDENT 0.0 .TP .B proxy.config.http.connect_attempts_rr_retries .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 3.TP .B Reloadable Yes.TP .B Overridable Yes.UNINDENT The maximum number of failed connection attempts allowed before a round\-robin entry is marked as \(aqdown\(aq if a server has round\-robin DNS entries. .INDENT 0.0 .TP .B proxy.config.http.connect_attempts_timeout .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 30.TP .B Reloadable Yes.TP .B Overridable Yes.UNINDENT The timeout value (in seconds) for time to first byte for an origin server connection. .sp See \fIadmin\-performance\-timeouts\fP for more discussion on Traffic Server timeouts. .INDENT 0.0 .TP .B proxy.config.http.post_connect_attempts_timeout .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 1800.TP .B Reloadable Yes.TP .B Overridable Yes.UNINDENT The timeout value (in seconds) for an origin server connection when the client request is a \fBPOST\fP or \fBPUT\fP request. .sp See \fIadmin\-performance\-timeouts\fP for more discussion on Traffic Server timeouts. .INDENT 0.0 .TP .B proxy.config.http.down_server.cache_time .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 60.TP .B Reloadable Yes.TP .B Overridable Yes.UNINDENT Specifies how long (in seconds) Traffic Server remembers that an origin server was unreachable. .INDENT 0.0 .TP .B proxy.config.http.down_server.abort_threshold .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 10.TP .B Reloadable Yes.TP .B Overridable Yes.UNINDENT The number of seconds before Traffic Server marks an origin server as unavailable after a client abandons a request because the origin server was too slow in sending the response header. .INDENT 0.0 .TP .B proxy.config.http.uncacheable_requests_bypass_parent .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 1.TP .B Reloadable Yes.TP .B Overridable Yes.UNINDENT When enabled (1), Traffic Server bypasses the parent proxy for a request that is not cacheable. .SH CONGESTION CONTROL .INDENT 0.0 .TP .B proxy.config.http.congestion_control.enabled .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 0.UNINDENT Enables (\fB1\fP) or disables (\fB0\fP) the Congestion Control option, which configures Traffic Server to stop forwarding HTTP requests to origin servers when they become congested. Traffic Server sends the client a message to retry the congested origin server later. Refer to \fIusing\-congestion\-control\fP\&. .INDENT 0.0 .TP .B proxy.config.http.flow_control.enabled .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 0.TP .B Overridable Yes.UNINDENT Transaction buffering / flow control is enabled if this is set to a non\-zero value. Otherwise no flow control is done. .INDENT 0.0 .TP .B proxy.config.http.flow_control.high_water .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 0.TP .B Metric bytes.TP .B Overridable Yes.UNINDENT The high water mark for transaction buffer control. External source I/O is halted when the total buffer space in use by the transaction exceeds this value. .INDENT 0.0 .TP .B proxy.config.http.flow_control.low_water .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 0.TP .B Metric bytes.TP .B Overridable Yes.UNINDENT The low water mark for transaction buffer control. External source I/O is resumed when the total buffer space in use by the transaction is no more than this value. .INDENT 0.0 .TP .B proxy.config.http.websocket.max_number_of_connections .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default \-1.TP .B Reloadable Yes.UNINDENT When enabled >= (\fB0\fP), Traffic Server will enforce a maximum number of simultaneous websocket connections. .SH NEGATIVE RESPONSE CACHING .INDENT 0.0 .TP .B proxy.config.http.negative_caching_enabled .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 0.TP .B Reloadable Yes.TP .B Overridable Yes.UNINDENT When enabled (\fB1\fP), Traffic Server caches negative responses (such as \fB404 Not Found\fP) when a requested page does not exist. The next time a client requests the same page, Traffic Server serves the negative response directly from cache. .sp When disabled (\fB0\fP), Traffic Server will only cache the response if the response has \fBCache\-Control\fP headers. .sp The following negative responses are cached by Traffic Server: .TS center; |l|l|. _ T{ HTTP Response Code T} T{ Description T} _ T{ \fB204\fP T} T{ No Content T} _ T{ \fB305\fP T} T{ Use Proxy T} _ T{ \fB400\fP T} T{ Bad Request T} _ T{ \fB403\fP T} T{ Forbidden T} _ T{ \fB404\fP T} T{ Not Found T} _ T{ \fB405\fP T} T{ Method Not Allowed T} _ T{ \fB500\fP T} T{ Internal Server Error T} _ T{ \fB501\fP T} T{ Not Implemented T} _ T{ \fB502\fP T} T{ Bad Gateway T} _ T{ \fB503\fP T} T{ Service Unavailable T} _ T{ \fB504\fP T} T{ Gateway Timeout T} _ .TE .sp The cache lifetime for objects cached from this setting is controlled via \fI\%proxy.config.http.negative_caching_lifetime\fP\&. .INDENT 0.0 .TP .B proxy.config.http.negative_caching_lifetime .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 1800.TP .B Overridable Yes.UNINDENT How long (in seconds) Traffic Server keeps the negative responses valid in cache. This value only affects negative responses that do NOT have explicit \fBExpires:\fP or \fBCache\-Control:\fP lifetimes set by the server. .INDENT 0.0 .TP .B proxy.config.http.negative_revalidating_enabled .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 0.UNINDENT Enables (\fB1\fP) or disables (\fB0\fP) forcing revalidation of cached documents when Traffic Server receives a negative (\fB5xx\fP only) response from the origin server. .INDENT 0.0 .TP .B proxy.config.http.negative_revalidating_lifetime .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 1800.UNINDENT How long, in seconds, to consider a stale cached document valid if during the revalidation attempt Traffic Server receives a negative (\fB5xx\fP only) response from the origin server. .SH PROXY USER VARIABLES .INDENT 0.0 .TP .B proxy.config.http.anonymize_remove_from .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 0.TP .B Reloadable Yes.TP .B Overridable Yes.UNINDENT When enabled (\fB1\fP), Traffic Server removes the \fBFrom\fP header to protect the privacy of your users. .INDENT 0.0 .TP .B proxy.config.http.anonymize_remove_referer .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 0.TP .B Reloadable Yes.UNINDENT When enabled (\fB1\fP), Traffic Server removes the \fBReferrer\fP header to protect the privacy of your site and users. .INDENT 0.0 .TP .B proxy.config.http.anonymize_remove_user_agent .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 0.TP .B Reloadable Yes.TP .B Overridable Yes.UNINDENT When enabled (\fB1\fP), Traffic Server removes the \fBUser\-agent\fP header to protect the privacy of your site and users. .INDENT 0.0 .TP .B proxy.config.http.anonymize_remove_cookie .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 0.TP .B Reloadable Yes.TP .B Overridable Yes.UNINDENT When enabled (\fB1\fP), Traffic Server removes the \fBCookie\fP header to protect the privacy of your site and users. .INDENT 0.0 .TP .B proxy.config.http.anonymize_remove_client_ip .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 0.TP .B Reloadable Yes.TP .B Overridable Yes.UNINDENT When enabled (\fB1\fP), Traffic Server removes \fBClient\-IP\fP headers for more privacy. .INDENT 0.0 .TP .B proxy.config.http.insert_client_ip .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 1.TP .B Reloadable Yes.TP .B Overridable Yes.UNINDENT When enabled (\fB1\fP), Traffic Server inserts \fBClient\-IP\fP headers to retain the client IP address. .INDENT 0.0 .TP .B proxy.config.http.anonymize_other_header_list .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type STRING.TP .B Default NULL.TP .B Reloadable Yes.UNINDENT Comma separated list of headers Traffic Server should remove from outgoing requests. .INDENT 0.0 .TP .B proxy.config.http.insert_squid_x_forwarded_for .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 1.TP .B Reloadable Yes.TP .B Overridable Yes.UNINDENT When enabled (\fB1\fP), Traffic Server adds the client IP address to the \fBX\-Forwarded\-For\fP header. .INDENT 0.0 .TP .B proxy.config.http.normalize_ae_gzip .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 1.TP .B Reloadable Yes.TP .B Overridable Yes.UNINDENT Enable (\fB1\fP) to normalize all \fBAccept\-Encoding:\fP headers to one of the following: .INDENT 0.0 .IP \(bu 2 \fBAccept\-Encoding: gzip\fP (if the header has \fBgzip\fP or \fBx\-gzip\fP with any \fBq\fP) \fBOR\fP .IP \(bu 2 \fIblank\fP (for any header that does not include \fBgzip\fP) .UNINDENT .sp This is useful for minimizing cached alternates of documents (e.g. \fBgzip, deflate\fP vs. \fBdeflate, gzip\fP). Enabling this option is recommended if your origin servers use no encodings other than \fBgzip\fP\&. .SH SECURITY .INDENT 0.0 .TP .B proxy.config.http.push_method_enabled .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 0.TP .B Reloadable Yes.UNINDENT Enables (\fB1\fP) or disables (\fB0\fP) the HTTP \fBPUSH\fP option, which allows you to deliver content directly to the cache without a user request. .sp \fBIMPORTANT:\fP .INDENT 0.0 .INDENT 3.5 If you enable this option, then you must also specify a filtering rule in the ip_allow.config file to allow only certain machines to push content into the cache. .UNINDENT .UNINDENT .INDENT 0.0 .TP .B proxy.config.http.max_post_size .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 0.TP .B Reloadable Yes.UNINDENT This feature is disabled by default with a value of (\fB0\fP), any positive value will limit the size of post bodies. If a request is received with a post body larger than this limit the response will be terminated with 413 \- Request Entity Too Large and logged accordingly. .SH CACHE CONTROL .INDENT 0.0 .TP .B proxy.config.cache.enable_read_while_writer .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 1.TP .B Reloadable Yes.UNINDENT Specifies when to enable the ability to read a cached object while another connection is completing the write to cache for that same object. The goal here is to avoid multiple origin connections for the same cacheable object upon a cache miss. The possible values of this config are: .TS center; |l|l|. _ T{ Value T} T{ Description T} _ T{ \fB0\fP T} T{ Never read while writing. T} _ T{ \fB1\fP T} T{ Always read while writing. T} _ T{ \fB2\fP T} T{ Always read while writing, but allow non\-cached \fBRange\fP requests through to the origin server. T} _ .TE .sp The \fB2\fP option is useful to avoid delaying requests which can not easily be satisfied by the partially written response. .sp Several other configuration values need to be set for this to be usable. See \fIadmin\-configuration\-reducing\-origin\-requests\fP\&. .INDENT 0.0 .TP .B proxy.config.cache.read_while_writer.max_retries .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 10.TP .B Reloadable Yes.UNINDENT Specifies how many retries trafficserver attempts to trigger read_while_writer on failing to obtain the write VC mutex or until the first fragment is downloaded for the object being downloaded. The retry duration is specified using the setting \fI\%proxy.config.cache.read_while_writer_retry.delay\fP .INDENT 0.0 .TP .B proxy.config.cache.read_while_writer_retry.delay .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 50.TP .B Reloadable Yes.UNINDENT Specifies the delay in msec, trafficserver waits to reattempt read_while_writer on failing to obtain the write VC mutex or until the first fragment is downloaded for the object being downloaded. Note that trafficserver implements a progressive delay in reattempting, by doubling the configured duration from the third reattempt onwards. .INDENT 0.0 .TP .B proxy.config.cache.force_sector_size .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 0.TP .B Reloadable Yes.UNINDENT Forces the use of a specific hardware sector size, e.g. 4096, for all disks. .sp SSDs and "advanced format” drives claim a sector size of 512; however, it is safe to force a higher size than the hardware supports natively as we count atomicity in 512 byte increments. .sp 4096\-sized drives formatted for Windows will have partitions aligned on 63 512\-byte sector boundaries, so they will be unaligned. There are workarounds, but you need to do some research on your particular drive. Some drives have a one\-time option to switch the partition boundary, while others might require reformatting or repartitioning. .sp To be safe in Linux, you could just use the entire drive: \fB/dev/sdb\fP instead of \fB/dev/sdb1\fP and Traffic Server will do the right thing. Misaligned partitions on Linux are auto\-detected. .sp For example: If \fB/sys/block/sda/sda1/alignment_offset\fP is non\-zero, ATS will offset reads/writes to that disk by that alignment. If Linux knows about any existing partition misalignments, ATS will compensate. .sp Partitions formatted to support hardware sector size of more than 512 (e.g. 4096) will result in all objects stored in the cache to be integral multiples of 4096 bytes, which will result in some waste for small files. .INDENT 0.0 .TP .B proxy.config.http.cache.http .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 1.TP .B Reloadable Yes.TP .B Overridable Yes.UNINDENT Enables (\fB1\fP) or disables (\fB0\fP) caching of HTTP requests. .INDENT 0.0 .TP .B proxy.config.http.cache.generation .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default \-1.TP .B Reloadable Yes.TP .B Overridable Yes.UNINDENT If set to a value other than \fB\-1\fP, the value if this configuration option is combined with the cache key at cache lookup time. Changing this value has the effect of an instantaneous, zero\-cost cache purge since it will cause all subsequent cache keys to change. Since this is an overrideable configuration, it can be used to purge the entire cache, or just a specific \fBremap.config\fP rule. .INDENT 0.0 .TP .B proxy.config.http.cache.allow_empty_doc .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 1.TP .B Reloadable Yes.TP .B Deprecated Yes.UNINDENT Enables (\fB1\fP) or disables (\fB0\fP) caching objects that have an empty response body. This is particularly useful for caching 301 or 302 responses with a \fBLocation\fP header but no document body. This only works if the origin response also has a \fBContent\-Length\fP header. .INDENT 0.0 .TP .B proxy.config.http.doc_in_cache_skip_dns .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 1.TP .B Reloadable Yes.TP .B Overridable Yes.UNINDENT When enabled (\fB1\fP), do not perform origin server DNS resolution if a fresh copy of the requested document is available in the cache. This setting has no effect if HTTP caching is disabled or if there are IP based ACLs configured. .sp Note that plugins, particularly authorization plugins, which use the \fBTS_HTTP_OS_DNS_HOOK\fP hook may require this configuration variable to be disabled (\fB0\fP) in order to function properly. This will ensure that the hook will be evaluated and plugin execution will occur even when there is a fresh copy of the requested object in the cache (which would normally allow the DNS lookup to be skipped, thus eliminating the hook evaluation). .sp The downside is that the performance gain by skipping otherwise unnecessary DNS lookups is lost. Because the variable is overridable, you may retain this performance benefit for portions of your cache which do not require the use of \fBTS_HTTP_OS_DNS_HOOK\fP plugins, by ensuring that the setting is first disabled within only the relevant transactions. Refer to the documentation on \fIadmin\-plugins\-conf\-remap\fP for more information. .INDENT 0.0 .TP .B proxy.config.http.cache.ignore_client_no_cache .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 1.TP .B Reloadable Yes.TP .B Overridable Yes.UNINDENT When enabled (\fB1\fP), Traffic Server ignores client requests to bypass the cache. .INDENT 0.0 .TP .B proxy.config.http.cache.ims_on_client_no_cache .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 1.TP .B Reloadable Yes.TP .B Overridable Yes.UNINDENT When enabled (\fB1\fP), Traffic Server issues a conditional request to the origin server if an incoming request has a \fBNo\-Cache\fP header. .INDENT 0.0 .TP .B proxy.config.http.cache.ignore_server_no_cache .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 0.TP .B Reloadable Yes.TP .B Overridable Yes.UNINDENT When enabled (\fB1\fP), Traffic Server ignores origin server requests to bypass the cache. .INDENT 0.0 .TP .B proxy.config.http.cache.cache_responses_to_cookies .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 1.TP .B Reloadable Yes.TP .B Overridable Yes.UNINDENT Specifies how cookies are cached: .TS center; |l|l|. _ T{ Value T} T{ Description T} _ T{ \fB0\fP T} T{ Do not cache any responses to cookies. T} _ T{ \fB1\fP T} T{ Cache for any content\-type. T} _ T{ \fB2\fP T} T{ Cache only for image types. T} _ T{ \fB3\fP T} T{ Cache for all but text content\-types. T} _ T{ \fB4\fP T} T{ Cache for all but text content\-types; except origin server response without \fBSet\-Cookie\fP or with \fBCache\-Control: public\fP\&. T} _ .TE .INDENT 0.0 .TP .B proxy.config.http.cache.ignore_authentication .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 0.TP .B Overridable Yes.UNINDENT When enabled (\fB1\fP), Traffic Server ignores \fBWWW\-Authentication\fP headers in responses \fBWWW\-Authentication\fP headers are removed and not cached. .INDENT 0.0 .TP .B proxy.config.http.cache.cache_urls_that_look_dynamic .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 1.TP .B Reloadable Yes.TP .B Overridable Yes.UNINDENT Enables (\fB1\fP) or disables (\fB0\fP) caching of URLs that look dynamic, i.e.: URLs that end in \fB\&.asp\fP or contain a question mark (\fB?\fP), a semicolon (\fB;\fP), or \fBcgi\fP\&. For a full list, please refer to \fI\%HttpTransact::url_looks_dynamic\fP .INDENT 0.0 .TP .B proxy.config.http.cache.enable_default_vary_headers .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 0.TP .B Reloadable Yes.UNINDENT Enables (\fB1\fP) or disables (\fB0\fP) caching of alternate versions of HTTP objects that do not contain the \fBVary\fP header. .INDENT 0.0 .TP .B proxy.config.http.cache.when_to_revalidate .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 0.TP .B Reloadable Yes.TP .B Overridable Yes.UNINDENT Specifies when to revalidate content: .TS center; |l|l|. _ T{ Value T} T{ Description T} _ T{ \fB0\fP T} T{ Use cache directives or heuristic (the default value). T} _ T{ \fB1\fP T} T{ Stale if heuristic. T} _ T{ \fB2\fP T} T{ Always stale (always revalidate). T} _ T{ \fB3\fP T} T{ Never stale. T} _ T{ \fB4\fP T} T{ Use cache directives or heuristic (0) unless the request has an \fBIf\-Modified\-Since\fP header. T} _ .TE .sp If the request contains the \fBIf\-Modified\-Since\fP header, then Traffic Server always revalidates the cached content and uses the client\(aqs \fBIf\-Modified\-Since\fP header for the proxy request. .INDENT 0.0 .TP .B proxy.config.http.cache.required_headers .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 2.TP .B Reloadable Yes.TP .B Overridable Yes.UNINDENT The type of headers required in a request for the request to be cacheable. .TS center; |l|l|. _ T{ Value T} T{ Description T} _ T{ \fB0\fP T} T{ No headers required to make document cacheable. T} _ T{ \fB1\fP T} T{ Either the \fBLast\-Modified\fP header, or an explicit lifetime header (\fBExpires\fP or \fBCache\-Control: max\-age\fP) is required. T} _ T{ \fB2\fP T} T{ Explicit lifetime is required, from either \fBExpires\fP or \fBCache\-Control: max\-age\fP\&. T} _ .TE .INDENT 0.0 .TP .B proxy.config.http.cache.max_stale_age .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 604800.TP .B Reloadable Yes.TP .B Overridable Yes.UNINDENT The maximum age allowed for a stale response before it cannot be cached. .INDENT 0.0 .TP .B proxy.config.http.cache.range.lookup .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 1.TP .B Overridable Yes.UNINDENT When enabled (\fB1\fP), Traffic Server looks up range requests in the cache. .INDENT 0.0 .TP .B proxy.config.http.cache.range.write .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 0.TP .B Overridable Yes.UNINDENT When enabled (\fB1\fP), Traffic Server will attempt to write (lock) the URL to cache. This is rarely useful (at the moment), since it\(aqll only be able to write to cache if the origin has ignored the \fBRange:\fP header. For a use case where you know the origin will respond with a full (\fB200\fP) response, you can turn this on to allow it to be cached. .INDENT 0.0 .TP .B proxy.config.http.cache.ignore_accept_mismatch .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 2.TP .B Reloadable Yes.UNINDENT When enabled with a value of \fB1\fP, Traffic Server serves documents from cache with a \fBContent\-Type:\fP header even if it does not match the \fBAccept:\fP header of the request. If set to \fB2\fP (default), this logic only happens in the absence of a \fBVary\fP header in the cached response (which is the recommended and safe use). .sp \fBNOTE:\fP .INDENT 0.0 .INDENT 3.5 This option should only be enabled with \fB1\fP if you\(aqre having problems with caching \fIand\fP you origin server doesn\(aqt set the \fBVary\fP header. Alternatively, if the origin is incorrectly setting \fBVary: Accept\fP or doesn\(aqt respond with \fB406 (Not Acceptable)\fP, you can also enable this configuration with a \fB1\fP\&. .UNINDENT .UNINDENT .INDENT 0.0 .TP .B proxy.config.http.cache.ignore_accept_language_mismatch .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 2.TP .B Reloadable Yes.UNINDENT When enabled with a value of \fB1\fP, Traffic Server serves documents from cache with a \fBContent\-Language:\fP header even if it does not match the \fBAccept\-Language:\fP header of the request. If set to \fB2\fP (default), this logic only happens in the absence of a \fBVary\fP header in the cached response (which is the recommended and safe use). .sp \fBNOTE:\fP .INDENT 0.0 .INDENT 3.5 This option should only be enabled with \fB1\fP if you\(aqre having problems with caching \fIand\fP you origin server doesn\(aqt set the \fBVary\fP header. Alternatively, if the origin is incorrectly setting \fBVary: Accept\-Language\fP or doesn\(aqt respond with \fB406 (Not Acceptable)\fP, you can also enable this configuration with a \fB1\fP\&. .UNINDENT .UNINDENT .INDENT 0.0 .TP .B proxy.config.http.cache.ignore_accept_encoding_mismatch .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 2.TP .B Reloadable Yes.UNINDENT When enabled with a value of \fB1\fP, Traffic Server serves documents from cache with a \fBContent\-Encoding:\fP header even if it does not match the \fBAccept\-Encoding:\fP header of the request. If set to \fB2\fP (default), this logic only happens in the absence of a \fBVary\fP header in the cached response (which is the recommended and safe use). .sp \fBNOTE:\fP .INDENT 0.0 .INDENT 3.5 This option should only be enabled with \fB1\fP if you\(aqre having problems with caching \fIand\fP you origin server doesn\(aqt set the \fBVary\fP header. Alternatively, if the origin is incorrectly setting \fBVary: Accept\-Encoding\fP or doesn\(aqt respond with \fB406 (Not Acceptable)\fP you can also enable this configuration with a \fB1\fP\&. .UNINDENT .UNINDENT .INDENT 0.0 .TP .B proxy.config.http.cache.ignore_accept_charset_mismatch .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 2.TP .B Reloadable Yes.UNINDENT When enabled with a value of \fB1\fP, Traffic Server serves documents from cache with a \fBContent\-Type:\fP header even if it does not match the \fBAccept\-Charset:\fP header of the request. If set to \fB2\fP (default), this logic only happens in the absence of a \fBVary\fP header in the cached response (which is the recommended and safe use). .sp \fBNOTE:\fP .INDENT 0.0 .INDENT 3.5 This option should only be enabled with \fB1\fP if you\(aqre having problems with caching \fIand\fP you origin server doesn\(aqt set the \fBVary\fP header. Alternatively, if the origin is incorrectly setting \fBVary: Accept\-Charset\fP or doesn\(aqt respond with \fB406 (Not Acceptable)\fP, you can also enable this configuration with a \fB1\fP\&. .UNINDENT .UNINDENT .INDENT 0.0 .TP .B proxy.config.http.cache.ignore_client_cc_max_age .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 1.TP .B Reloadable Yes.TP .B Overridable Yes.UNINDENT When enabled (\fB1\fP), Traffic Server ignores any \fBCache\-Control: max\-age\fP headers from the client. This technically violates the HTTP RFC, but avoids a problem where a client can forcefully invalidate a cached object. .INDENT 0.0 .TP .B proxy.config.cache.max_doc_size .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 0.UNINDENT Specifies the maximum object size that will be cached. \fB0\fP is unlimited. .INDENT 0.0 .TP .B proxy.config.cache.min_average_object_size .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 8000.UNINDENT Specifies the lower boundary of average object sizes in the cache and is used in determining the number of \fIdirectory buckets\fP to allocate for the in\-memory cache directory. .INDENT 0.0 .TP .B proxy.config.cache.permit.pinning .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 0.TP .B Reloadable Yes.UNINDENT When enabled (\fB1\fP), Traffic Server will keep certain HTTP objects in the cache for a certain time as specified in cache.config. .INDENT 0.0 .TP .B proxy.config.cache.hit_evacuate_percent .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 0.UNINDENT The size of the region (as a percentage of the total content storage in a \fIcache stripe\fP) in front of the \fIwrite cursor\fP that constitutes a recent access hit for evacutating the accessed object. .sp When an object is accessed it can be marked for evacuation, that is to be copied over the write cursor and thereby preserved from being overwritten. This is done if it is no more than a specific number of bytes in front of the write cursor. The number of bytes is a percentage of the total number of bytes of content storage in the cache stripe where the object is stored and that percentage is set by this variable. .sp By default, the feature is off (set to 0). .INDENT 0.0 .TP .B proxy.config.cache.hit_evacuate_size_limit .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 0.TP .B Metric bytes.UNINDENT Limit the size of objects that are hit evacuated. .sp Objects larger than the limit are not hit evacuated. A value of 0 disables the limit. .INDENT 0.0 .TP .B proxy.config.cache.limits.http.max_alts .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 5.UNINDENT The maximum number of alternates that are allowed for any given URL. Disable by setting to 0. .INDENT 0.0 .TP .B proxy.config.cache.target_fragment_size .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 1048576.UNINDENT Sets the target size of a contiguous fragment of a file in the disk cache. When setting this, consider that larger numbers could waste memory on slow connections, but smaller numbers could increase (waste) seeks. .INDENT 0.0 .TP .B proxy.config.cache.alt_rewrite_max_size .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 4096.UNINDENT Configures the size, in bytes, of an alternate that will be considered small enough to trigger a rewrite of the resident alt fragment within a write vector. For further details on cache write vectors, refer to the developer documentation for \fBCacheVC\fP\&. .SH RAM CACHE .INDENT 0.0 .TP .B proxy.config.cache.ram_cache.size .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default \-1.UNINDENT By default the RAM cache size is automatically determined, based on disk cache size; approximately 10 MB of RAM cache per GB of disk cache. Alternatively, it can be set to a fixed value such as \fB20GB\fP (21474836480) .INDENT 0.0 .TP .B proxy.config.cache.ram_cache_cutoff .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 4194304.UNINDENT Objects greater than this size will not be kept in the RAM cache. This should be set high enough to keep objects accessed frequently in memory in order to improve performance. \fB4MB\fP (4194304) .INDENT 0.0 .TP .B proxy.config.cache.ram_cache.algorithm .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 0.UNINDENT Two distinct RAM caches are supported, the default (0) being the \fBCLFUS\fP (\fIClocked Least Frequently Used by Size\fP). As an alternative, a simpler \fBLRU\fP (\fILeast Recently Used\fP) cache is also available, by changing this configuration to 1. .INDENT 0.0 .TP .B proxy.config.cache.ram_cache.use_seen_filter .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 0.UNINDENT Enabling this option will filter inserts into the RAM cache to ensure that they have been seen at least once. For the \fBLRU\fP, this provides scan resistance. Note that \fBCLFUS\fP already requires that a document have history before it is inserted, so for \fBCLFUS\fP, setting this option means that a document must be seen three times before it is added to the RAM cache. .INDENT 0.0 .TP .B proxy.config.cache.ram_cache.compress .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 0.UNINDENT The \fBCLFUS\fP RAM cache also supports an optional in\-memory compression. This is not to be confused with \fBContent\-Encoding: gzip\fP compression. The RAM cache compression is intended to try to save space in the RAM, and is not visible to the User\-Agent (client). .sp Possible values are: .TS center; |l|l|. _ T{ Value T} T{ Description T} _ T{ \fB0\fP T} T{ No compression T} _ T{ \fB1\fP T} T{ Fastlz (extremely fast, relatively low compression) T} _ T{ \fB2\fP T} T{ Libz (moderate speed, reasonable compression) T} _ T{ \fB3\fP T} T{ Liblzma (very slow, high compression) T} _ .TE .sp Compression runs on task threads. To use more cores for RAM cache compression, increase \fI\%proxy.config.task_threads\fP\&. .SH HEURISTIC EXPIRATION .INDENT 0.0 .TP .B proxy.config.http.cache.heuristic_min_lifetime .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 3600.TP .B Reloadable Yes.TP .B Overridable Yes.UNINDENT The minimum amount of time, in seconds, an HTTP object without an expiration date can remain fresh in the cache before is considered to be stale. .INDENT 0.0 .TP .B proxy.config.http.cache.heuristic_max_lifetime .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 86400.TP .B Reloadable Yes.TP .B Overridable Yes.UNINDENT The maximum amount of time, in seconds, an HTTP object without an expiration date can remain fresh in the cache before is considered to be stale. .INDENT 0.0 .TP .B proxy.config.http.cache.heuristic_lm_factor .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type FLOAT.TP .B Default 0.10.TP .B Reloadable Yes.TP .B Overridable Yes.UNINDENT The aging factor for freshness computations. Traffic Server stores an object for this percentage of the time that elapsed since it last changed. .INDENT 0.0 .TP .B proxy.config.http.cache.guaranteed_min_lifetime .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 0.TP .B Reloadable Yes.TP .B Overridable Yes.UNINDENT Establishes a guaranteed minimum lifetime boundary for freshness heuristics. When heuristics are used, and the \fI\%proxy.config.http.cache.heuristic_lm_factor\fP aging factor is applied, the final minimum age calculated will never be lower than the value in this variable. .INDENT 0.0 .TP .B proxy.config.http.cache.guaranteed_max_lifetime .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 31536000.TP .B Reloadable Yes.TP .B Overridable Yes.UNINDENT Establishes a guaranteed maximum lifetime boundary for freshness heuristics. When heuristics are used, and the \fI\%proxy.config.http.cache.heuristic_lm_factor\fP aging factor is applied, the final maximum age calculated will never be higher than the value in this variable. .INDENT 0.0 .TP .B proxy.config.http.cache.fuzz.time .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 0.TP .B Reloadable Yes.TP .B Overridable Yes.TP .B Deprecated Yes.UNINDENT How often Traffic Server checks for an early refresh, during the period before the document stale time. The interval specified must be in seconds. .sp \fBNOTE:\fP .INDENT 0.0 .INDENT 3.5 Previous versions of Apache Traffic Server defaulted this to 240s. This feature is deprecated as of ATS v6.2.0. .UNINDENT .UNINDENT .INDENT 0.0 .TP .B proxy.config.http.cache.fuzz.probability .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type FLOAT.TP .B Default 0.0.TP .B Reloadable Yes.TP .B Overridable Yes.TP .B Deprecated Yes.UNINDENT The probability that a refresh is made on a document during the fuzz time specified in \fI\%proxy.config.http.cache.fuzz.time\fP\&. .sp \fBNOTE:\fP .INDENT 0.0 .INDENT 3.5 Previous versions of Apache Traffic Server defaulted this to 0.005 (0.5%). This feature is deprecated as of ATS v6.2.0 .UNINDENT .UNINDENT .INDENT 0.0 .TP .B proxy.config.http.cache.fuzz.min_time .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 0.TP .B Reloadable Yes.TP .B Overridable Yes.TP .B Deprecated Yes.UNINDENT Handles requests with a TTL less than \fI\%proxy.config.http.cache.fuzz.time\fP\&. It allows for different times to evaluate the probability of revalidation for small TTLs and big TTLs. Objects with small TTLs will start "rolling the revalidation dice" near the \fBfuzz.min_time\fP, while objects with large TTLs would start at \fBfuzz.time\fP\&. A logarithmic\-like function between determines the revalidation evaluation start time (which will be between \fBfuzz.min_time\fP and \fBfuzz.time\fP). As the object gets closer to expiring, the window start becomes more likely. By default this setting is not enabled, but should be enabled any time you have objects with small TTLs. .sp \fBNOTE:\fP .INDENT 0.0 .INDENT 3.5 These fuzzing options are marked as deprecated as of v6.2.0, and will be removed for v7.0.0. Instead, we recommend looking at the new \fBproxy\-config\-http\-cache\-open\-write\-fail\-action\fP configuration and the features around thundering heard avoidance (see \fIcache\-basics\fP for details). .UNINDENT .UNINDENT .SH DYNAMIC CONTENT & CONTENT NEGOTIATION .INDENT 0.0 .TP .B proxy.config.http.cache.vary_default_text .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type STRING.TP .B Default NULL.TP .B Reloadable Yes.UNINDENT The header on which Traffic Server varies for text documents. .sp For example: if you specify \fBUser\-agent\fP, then Traffic Server caches all the different user\-agent versions of documents it encounters. .INDENT 0.0 .TP .B proxy.config.http.cache.vary_default_images .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type STRING.TP .B Default NULL.TP .B Reloadable Yes.UNINDENT The header on which Traffic Server varies for images. .INDENT 0.0 .TP .B proxy.config.http.cache.vary_default_other .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type STRING.TP .B Default NULL.TP .B Reloadable Yes.UNINDENT The header on which Traffic Server varies for anything other than text and images. .INDENT 0.0 .TP .B proxy.config.http.cache.open_read_retry_time .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 10.TP .B Reloadable Yes.UNINDENT .INDENT 0.0 .INDENT 3.5 The number of milliseconds a cacheable request will wait before requesting the object from cache if an equivalent request is in flight. .UNINDENT .UNINDENT .INDENT 0.0 .TP .B proxy.config.http.cache.max_open_read_retries .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default \-1.TP .B Reloadable Yes.UNINDENT .INDENT 0.0 .INDENT 3.5 The number of times to attempt fetching an object from cache if there was an equivalent request in flight. .UNINDENT .UNINDENT .INDENT 0.0 .TP .B proxy.config.http.cache.max_open_write_retries .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 1.TP .B Reloadable Yes.TP .B Overridable Yes.UNINDENT .INDENT 0.0 .INDENT 3.5 The number of times to attempt a cache open write upon failure to get a write lock. .UNINDENT .UNINDENT .INDENT 0.0 .TP .B proxy.config.http.cache.open_write_fail_action .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 0.TP .B Reloadable Yes.TP .B Overridable Yes.UNINDENT .INDENT 0.0 .INDENT 3.5 This setting indicates the action taken on failing to obtain the cache open write lock on either a cache miss or a cache hit stale. This typically happens when there is more than one request to the same cache object simultaneously. During such a scenario, all but one (which goes to the origin) request is served either a stale copy or an error depending on this setting. .UNINDENT .UNINDENT .TS center; |l|l|. _ T{ Value T} T{ Description T} _ T{ \fB0\fP T} T{ Default. Disable cache and go to origin server. T} _ T{ \fB1\fP T} T{ Return a \fB502\fP error on a cache miss. T} _ T{ \fB2\fP T} T{ Serve stale if object\(aqs age is under \fI\%proxy.config.http.cache.max_stale_age\fP\&. Otherwise, go to origin server. T} _ T{ \fB3\fP T} T{ Return a \fB502\fP error on a cache miss or serve stale on a cache revalidate if object\(aqs age is under \fI\%proxy.config.http.cache.max_stale_age\fP\&. Otherwise, go to origin server. T} _ T{ \fB4\fP T} T{ Return a \fB502\fP error on either a cache miss or on a revalidation. T} _ .TE .SH CUSTOMIZABLE USER RESPONSE PAGES .INDENT 0.0 .TP .B proxy.config.body_factory.enable_customizations .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 1.UNINDENT Specifies whether customizable response pages are language specific or not: .TS center; |l|l|. _ T{ Value T} T{ Description T} _ T{ \fB1\fP T} T{ Enable customizable user response pages in the default directory only. T} _ T{ \fB2\fP T} T{ Enable language\-targeted user response pages. T} _ T{ \fB3\fP T} T{ Enable host\-targeted user response pages. T} _ .TE .INDENT 0.0 .TP .B proxy.config.body_factory.enable_logging .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 0.UNINDENT Enables (\fB1\fP) or disables (\fB0\fP) logging for customizable response pages. When enabled, Traffic Server records a message in the error log each time a customized response page is used or modified. .INDENT 0.0 .TP .B proxy.config.body_factory.template_sets_dir .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type STRING.TP .B Default etc/trafficserver/body_factory.UNINDENT The customizable response page default directory. If this is a relative path, Traffic Server resolves it relative to the \fBPREFIX\fP directory. .INDENT 0.0 .TP .B proxy.config.body_factory.template_base .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type STRING.TP .B Default "".TP .B Reloadable Yes.TP .B Overridable Yes.UNINDENT A prefix for the file name to use to find an error template file. If set (not the empty string) this value and an underscore are predended to the file name to find in the template sets directory. See \fIbody\-factory\fP\&. .INDENT 0.0 .TP .B proxy.config.body_factory.response_suppression_mode .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 0.UNINDENT Specifies when Traffic Server suppresses generated response pages: .TS center; |l|l|. _ T{ Value T} T{ Description T} _ T{ \fB0\fP T} T{ Never suppress generated response pages. T} _ T{ \fB1\fP T} T{ Always suppress generated response pages. T} _ T{ \fB2\fP T} T{ Suppress response pages only for intercepted traffic. T} _ .TE .INDENT 0.0 .TP .B proxy.config.http_ui_enabled .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 0.UNINDENT Specifies which http UI endpoints to allow within \fBremap.config\fP: .TS center; |l|l|. _ T{ Value T} T{ Description T} _ T{ \fB0\fP T} T{ Disable all http UI endpoints. T} _ T{ \fB1\fP T} T{ Enable only cache endpoints. T} _ T{ \fB2\fP T} T{ Enable only stats endpoints. T} _ T{ \fB3\fP T} T{ Enable all http UI endpoints. T} _ .TE .sp To enable any enpoint there needs to be an entry in \fBremap.config\fP which specifically enables it. Such a line would look like: .INDENT 0.0 .INDENT 3.5 .sp .nf .ft C map / http://{cache} .ft P .fi .UNINDENT .UNINDENT .sp The following are the cache endpoints: .TS center; |l|l|. _ T{ Name T} T{ Description T} _ T{ \fBcache\fP T} T{ UI to interact with the cache. T} _ .TE .sp The following are the stats endpoints: .TS center; |l|l|. _ T{ Name T} T{ Description T} _ T{ \fBcache\-internal\fP T} T{ Statistics about cache evacuation and volumes. T} _ T{ \fBhostdb\fP T} T{ Lookups against the hostdb. T} _ T{ \fBhttp\fP T} T{ HTTPSM details, this endpoint is also gated by \fI\%proxy.config.http.enable_http_info\fP\&. T} _ T{ \fBnet\fP T} T{ Lookup and listing of open connections. T} _ .TE .INDENT 0.0 .TP .B proxy.config.http.enable_http_info .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 0.UNINDENT Enables (\fB1\fP) or disables (\fB0\fP) access to an endpoint within \fI\%proxy.config.http_ui_enabled\fP which shows details about inflight transactions (HttpSM). .SH DNS .INDENT 0.0 .TP .B proxy.config.dns.search_default_domains .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 0.TP .B Reloadable Yes.UNINDENT Traffic Server can attempt to resolve unqualified hostnames by expanding to the local domain. For example if a client makes a request to an unqualified host (e.g. \fBhost_x\fP) and the Traffic Server local domain is \fBy.com\fP, then Traffic Server will expand the hostname to \fBhost_x.y.com\fP\&. .TS center; |l|l|. _ T{ Value T} T{ Description T} _ T{ \fB0\fP T} T{ Disable local domain expansion. T} _ T{ \fB1\fP T} T{ Enable local domain expansion. T} _ T{ \fB2\fP T} T{ Enable local domain expansion, but do not split local domain name. T} _ .TE .INDENT 0.0 .TP .B proxy.config.dns.splitDNS.enabled .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 0.TP .B Reloadable Yes.UNINDENT Enables (\fB1\fP) or disables (\fB0\fP) DNS server selection. When enabled, Traffic Server refers to the \fBsplitdns.config\fP file for the selection specification. Refer to \fIConfiguring DNS Server Selection\fP\&. .INDENT 0.0 .TP .B proxy.config.dns.resolv_conf .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type STRING.TP .B Default /etc/resolv.conf.UNINDENT Allows to specify which \fBresolv.conf\fP file to use for finding resolvers. While the format of this file must be the same as the standard \fBresolv.conf\fP file, this option allows an administrator to manage the set of resolvers in an external configuration file, without affecting how the rest of the operating system uses DNS. .INDENT 0.0 .TP .B proxy.config.dns.round_robin_nameservers .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 1.TP .B Reloadable Yes.UNINDENT Enables (\fB1\fP) or disables (\fB0\fP) DNS server round\-robin. .INDENT 0.0 .TP .B proxy.config.dns.nameservers .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type STRING.TP .B Default NULL.TP .B Reloadable Yes.UNINDENT The DNS servers. .INDENT 0.0 .TP .B proxy.config.srv_enabled .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 0.TP .B Reloadable Yes.TP .B Overridable Yes.UNINDENT Indicates whether to use SRV records for orgin server lookup. .INDENT 0.0 .TP .B proxy.config.dns.dedicated_thread .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 0.UNINDENT Create and dedicate a thread entirely for DNS processing. This is probably most useful on system which do a significant number of DNS lookups, typically forward proxies. But even on other systems, it can avoid some contention on the first worker thread (which otherwise takes on the burden of all DNS lookups). .INDENT 0.0 .TP .B proxy.config.dns.validate_query_name .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 0.UNINDENT When enabled (1) provides additional resilience against DNS forgery (for instance in DNS Injection attacks), particularly in forward or transparent proxies, but requires that the resolver populates the queries section of the response properly. .SH HOSTDB .INDENT 0.0 .TP .B proxy.config.hostdb.lookup_timeout .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 30.TP .B Metric seconds.TP .B Reloadable Yes.UNINDENT Time to wait for a DNS response in seconds. .sp See \fIadmin\-performance\-timeouts\fP for more discussion on Traffic Server timeouts. .INDENT 0.0 .TP .B proxy.config.hostdb.serve_stale_for .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default \fI*NONE*\fP.TP .B Metric seconds.TP .B Reloadable Yes.UNINDENT The number of seconds for which to use a stale NS record while initiating a background fetch for the new data. .sp If not set then stale records are not served. .INDENT 0.0 .TP .B proxy.config.hostdb.max_size .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 10737418240.TP .B Metric bytes.UNINDENT The maximum amount of space (in bytes) allocated to \fBhostdb\fP\&. Setting this value to \fB\-1\fP will disable size limit enforcement. .INDENT 0.0 .TP .B proxy.config.hostdb.max_count .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default \-1.UNINDENT The maximum number of entries that can be stored in hostdb. A value of \fB\-1\fP disables item count limit enforcement. .sp \fBNOTE:\fP .INDENT 0.0 .INDENT 3.5 For values above \fB200000\fP, you must increase \fI\%proxy.config.hostdb.max_size\fP by at least 44 bytes per entry. .UNINDENT .UNINDENT .INDENT 0.0 .TP .B proxy.config.hostdb.ttl_mode .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 0.TP .B Reloadable Yes.UNINDENT A host entry will eventually time out and be discarded. This variable controls how that time is calculated. A DNS request will return a TTL value and an internal value can be set with \fBproxy.config.hostdb.timeout\fP\&. This variable determines which value will be used. .TS center; |l|l|. _ T{ Value T} T{ TTL T} _ T{ \fB0\fP T} T{ The TTL from the DNS response. T} _ T{ \fB1\fP T} T{ The internal timeout value. T} _ T{ \fB2\fP T} T{ The smaller of the DNS and internal TTL values. The internal timeout value becomes a maximum TTL. T} _ T{ \fB3\fP T} T{ The larger of the DNS and internal TTL values. The internal timeout value become a minimum TTL. T} _ .TE .INDENT 0.0 .TP .B proxy.config.hostdb.fail.timeout .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 0.UNINDENT Time to live value for "failed" hostdb lookups. .sp \fBNOTE:\fP .INDENT 0.0 .INDENT 3.5 HostDB considers any response that does not contain a response to the query a failure. This means "failure" responses (such as SOA) are subject to this timeout .UNINDENT .UNINDENT .INDENT 0.0 .TP .B proxy.config.hostdb.strict_round_robin .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 0.TP .B Reloadable Yes.UNINDENT Set host resolution to use strict round robin. .sp When this and \fI\%proxy.config.hostdb.timed_round_robin\fP are both disabled (set to \fB0\fP), Traffic Server always uses the same origin server for the same client, for as long as the origin server is available. Otherwise if this is set then IP address is rotated on every request. This setting takes precedence over \fI\%proxy.config.hostdb.timed_round_robin\fP\&. .INDENT 0.0 .TP .B proxy.config.hostdb.timed_round_robin .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 0.TP .B Reloadable Yes.UNINDENT Set host resolution to use timed round robin. .sp When this and \fI\%proxy.config.hostdb.strict_round_robin\fP are both disabled (set to \fB0\fP), Traffic Server always uses the same origin server for the same client, for as long as the origin server is available. Otherwise if this is set to \fIN\fP the IP address is rotated if more than \fIN\fP seconds have passed since the first time the current address was used. .INDENT 0.0 .TP .B proxy.config.hostdb.host_file.path .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type STRING.TP .B Default NULL.UNINDENT Set the file path for an external host file. .sp If this is set (non\-empty) then the file is presumed to be a hosts file in the standard \fI\%host file format\fP\&. It is read and the entries there added to the HostDB. The file is periodically checked for a more recent modification date in which case it is reloaded. The interval is set with \fI\%proxy.config.hostdb.host_file.interval\fP\&. .sp While not technically reloadable, the value is read every time the file is to be checked so that if changed the new value will be used on the next check and the file will be treated as modified. .INDENT 0.0 .TP .B proxy.config.hostdb.host_file.interval .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 86400.TP .B Metric seconds.TP .B Reloadable Yes.UNINDENT Set the file changed check timer for \fI\%proxy.config.hostdb.host_file.path\fP\&. .sp The file is checked every this many seconds to see if it has changed. If so the HostDB is updated with the new values in the file. .INDENT 0.0 .TP .B proxy.config.hostdb.partitions .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 64.UNINDENT The number of partitions for hostdb. If you are seeing lock contention within hostdb\(aqs cache (due to a large number of records) you can increase the number of partitions .INDENT 0.0 .TP .B proxy.config.hostdb.ip_resolve .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type STRING.TP .B Default NULL.UNINDENT Set the host resolution style. .sp This is an ordered list of keywords separated by semicolons that specify how a host name is to be resolved to an IP address. The keywords are case insensitive. .TS center; |l|l|. _ T{ Keyword T} T{ Description T} _ T{ \fBipv4\fP T} T{ Resolve to an IPv4 address. T} _ T{ \fBipv6\fP T} T{ Resolve to an IPv6 address. T} _ T{ \fBclient\fP T} T{ Resolve to the same family as the client IP address. T} _ T{ \fBnone\fP T} T{ Stop resolving. T} _ .TE .sp The order of the keywords is critical. When a host name needs to be resolved it is resolved in same order as the keywords. If a resolution fails, the next option in the list is tried. The keyword \fBnone\fP means to give up resolution entirely. The keyword list has a maximum length of three keywords, more are never needed. By default there is an implicit \fBipv4;ipv6\fP attached to the end of the string unless the keyword \fBnone\fP appears. .SS Example .sp Use the incoming client family, then try IPv4 and IPv6. .INDENT 0.0 .INDENT 3.5 .sp .nf .ft C client;ipv4;ipv6 .ft P .fi .UNINDENT .UNINDENT .sp Because of the implicit resolution this can also be expressed as just .INDENT 0.0 .INDENT 3.5 .sp .nf .ft C client .ft P .fi .UNINDENT .UNINDENT .SS Example .sp Resolve only to IPv4. .INDENT 0.0 .INDENT 3.5 .sp .nf .ft C ipv4;none .ft P .fi .UNINDENT .UNINDENT .SS Example .sp Resolve only to the same family as the client (do not permit cross family transactions). .INDENT 0.0 .INDENT 3.5 .sp .nf .ft C client;none .ft P .fi .UNINDENT .UNINDENT .sp This value is a global default that can be overridden by \fI\%proxy.config.http.server_ports\fP\&. .sp \fBNOTE:\fP .INDENT 0.0 .INDENT 3.5 This style is used as a convenience for the administrator. During a resolution the \fIresolution order\fP will be one family, then possibly the other. This is determined by changing \fBclient\fP to \fBipv4\fP or \fBipv6\fP based on the client IP address and then removing duplicates. .UNINDENT .UNINDENT .sp \fBIMPORTANT:\fP .INDENT 0.0 .INDENT 3.5 This option has no effect on outbound transparent connections The local IP address used in the connection to the origin server is determined by the client, which forces the IP address family of the address used for the origin server. In effect, outbound transparent connections always use a resolution style of "\fBclient\fP". .UNINDENT .UNINDENT .INDENT 0.0 .TP .B proxy.config.hostdb.verify_after .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 720.UNINDENT Set the interval (in seconds) in which to re\-query DNS regardless of TTL status. .INDENT 0.0 .TP .B proxy.config.hostdb.filename .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type STRING.TP .B Default "host.db".UNINDENT The filename to persist hostdb to on disk. .INDENT 0.0 .TP .B proxy.config.cache.hostdb.sync_frequency .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 120.UNINDENT Set the frequency (in seconds) to sync hostdb to disk. .sp Note: hostdb is syncd to disk on a per\-partition basis (of which there are 64). This means that the minumum time to sync all data to disk is \fI\%proxy.config.cache.hostdb.sync_frequency\fP * 64 .SH LOGGING CONFIGURATION .INDENT 0.0 .TP .B proxy.config.log.logging_enabled .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 3.TP .B Reloadable Yes.UNINDENT Enables and disables event logging: .TS center; |l|l|. _ T{ Value T} T{ Effect T} _ T{ \fB0\fP T} T{ Logging disabled. T} _ T{ \fB1\fP T} T{ Log errors only. T} _ T{ \fB2\fP T} T{ Log transactions only. T} _ T{ \fB3\fP T} T{ Dull logging (errors and transactions). T} _ .TE .sp Refer to \fIadmin\-monitoring\-logging\fP for more information on event logging. .INDENT 0.0 .TP .B proxy.config.log.max_secs_per_buffer .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 5.TP .B Reloadable Yes.UNINDENT The maximum amount of time before data in the buffer is flushed to disk. .INDENT 0.0 .TP .B proxy.config.log.max_space_mb_for_logs .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 25000.TP .B Metric megabytes.TP .B Reloadable Yes.UNINDENT The amount of space allocated to the logging directory (in MB). The headroom amount specified by \fI\%proxy.config.log.max_space_mb_headroom\fP is taken from this space allocation. .sp \fBNOTE:\fP .INDENT 0.0 .INDENT 3.5 All files in the logging directory contribute to the space used, even if they are not log files. In collation client mode, if there is no local disk logging, or \fI\%proxy.config.log.max_space_mb_for_orphan_logs\fP is set to a higher value than \fI\%proxy.config.log.max_space_mb_for_logs\fP, Traffic Server will take \fI\%proxy.config.log.max_space_mb_for_orphan_logs\fP for maximum allowed log space. .UNINDENT .UNINDENT .INDENT 0.0 .TP .B proxy.config.log.max_space_mb_for_orphan_logs .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 25.TP .B Metric megabytes.TP .B Reloadable Yes.UNINDENT The amount of space allocated to the logging directory (in MB) if this node is acting as a collation client. .sp \fBNOTE:\fP .INDENT 0.0 .INDENT 3.5 When max_space_mb_for_orphan_logs is take as the maximum allowed log space in the logging system, the same rule apply to proxy.config.log.max_space_mb_for_logs also apply to proxy.config.log.max_space_mb_for_orphan_logs, ie: All files in the logging directory contribute to the space used, even if they are not log files. you may need to consider this when you enable full remote logging, and bump to the same size as proxy.config.log.max_space_mb_for_logs. .UNINDENT .UNINDENT .INDENT 0.0 .TP .B proxy.config.log.max_space_mb_headroom .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 1000.TP .B Metric megabytes.TP .B Reloadable Yes.UNINDENT The tolerance for the log space limit (in megabytes). If the variable \fI\%proxy.config.log.auto_delete_rolled_files\fP is set to \fB1\fP (enabled), then autodeletion of log files is triggered when the amount of free space available in the logging directory is less than the value specified here. .INDENT 0.0 .TP .B proxy.config.log.hostname .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type STRING.TP .B Default localhost.TP .B Reloadable Yes.UNINDENT The hostname of the machine running Traffic Server. .INDENT 0.0 .TP .B proxy.config.log.logfile_dir .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type STRING.TP .B Default var/log/trafficserver.TP .B Reloadable Yes.UNINDENT The path to the logging directory. This can be an absolute path or a path relative to the \fBPREFIX\fP directory in which Traffic Server is installed. .sp \fBNOTE:\fP .INDENT 0.0 .INDENT 3.5 The directory you specify must already exist. .UNINDENT .UNINDENT .INDENT 0.0 .TP .B proxy.config.log.logfile_perm .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type STRING.TP .B Default rw\-r\-\-r\-\-.TP .B Reloadable Yes.UNINDENT The log file permissions. The standard UNIX file permissions are used (owner, group, other). Permissible values are: .TS center; |l|l|. _ T{ Value T} T{ Description T} _ T{ \fB\-\fP T} T{ No permissions. T} _ T{ \fBr\fP T} T{ Read permission. T} _ T{ \fBw\fP T} T{ Write permission. T} _ T{ \fBx\fP T} T{ Execute permission. T} _ .TE .sp Permissions are subject to the umask settings for the Traffic Server process. This means that a umask setting of \fB002\fP will not allow write permission for others, even if specified in the configuration file. Permissions for existing log files are not changed when the configuration is modified. .INDENT 0.0 .TP .B proxy.local.log.collation_mode .UNINDENT .INDENT 0.0 .TP .B Scope LOCAL.TP .B Type INT.TP .B Default 0.TP .B Reloadable Yes.UNINDENT Set the log collation mode. .TS center; |l|l|. _ T{ Value T} T{ Effect T} _ T{ \fB0\fP T} T{ Log collation is disabled. T} _ T{ \fB1\fP T} T{ This host is a log collation server. T} _ T{ \fB2\fP T} T{ This host is a collation client and sends entries using standard formats to the collation server. T} _ T{ \fB3\fP T} T{ This host is a collation client and sends entries using the traditional custom formats to the collation server. T} _ T{ \fB4\fP T} T{ This host is a collation client and sends entries that use both the standard and traditional custom formats to the collation server. T} _ .TE .sp For information on sending custom formats to the collation server, refer to \fIadmin\-monitoring\-logging\-formats\fP and \fBlogging.config\fP\&. .sp \fBNOTE:\fP .INDENT 0.0 .INDENT 3.5 Although Traffic Server supports traditional custom logging, you should use the more versatile XML\-based custom formats. .UNINDENT .UNINDENT .INDENT 0.0 .TP .B proxy.config.log.collation_host .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type STRING.TP .B Default NULL.UNINDENT The hostname of the log collation server. .INDENT 0.0 .TP .B proxy.config.log.collation_port .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 8085.TP .B Reloadable Yes.UNINDENT The port used for communication between the collation server and client. .INDENT 0.0 .TP .B proxy.config.log.collation_secret .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type STRING.TP .B Default foobar.TP .B Reloadable Yes.UNINDENT The password used to validate logging data and prevent the exchange of unauthorized information when a collation server is being used. .INDENT 0.0 .TP .B proxy.config.log.collation_host_tagged .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 0.TP .B Reloadable Yes.UNINDENT When enabled (\fB1\fP), configures Traffic Server to include the hostname of the collation client that generated the log entry in each entry. .INDENT 0.0 .TP .B proxy.config.log.collation_retry_sec .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 5.TP .B Reloadable Yes.UNINDENT The number of seconds between collation server connection retries. .INDENT 0.0 .TP .B proxy.config.log.collation_host_timeout .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 86390.UNINDENT The number of seconds before inactivity time\-out events for the host side. This setting over\-rides the default set with proxy.config.net.default_inactivity_timeout for log collation connections. .sp The default is set for 10s less on the host side to help prevent any possible race conditions. If the host disconnects first, the client will see the disconnect before its own time\-out and re\-connect automatically. If the client does not see the disconnect, i.e., connection is "locked\-up" for some reason, it will disconnect when it reaches its own time\-out and then re\-connect automatically. .INDENT 0.0 .TP .B proxy.config.log.collation_client_timeout .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 86400.UNINDENT The number of seconds before inactivity time\-out events for the client side. This setting over\-rides the default set with proxy.config.net.default_inactivity_timeout for log collation connections. .INDENT 0.0 .TP .B proxy.config.log.rolling_enabled .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 1.TP .B Reloadable Yes.UNINDENT Specifies how log files are rolled. You can specify the following values: .TS center; |l|l|. _ T{ Value T} T{ Description T} _ T{ \fB0\fP T} T{ Disables log file rolling. T} _ T{ \fB1\fP T} T{ Enables log file rolling at specific intervals during the day (specified with the \fI\%proxy.config.log.rolling_interval_sec\fP and \fI\%proxy.config.log.rolling_offset_hr\fP variables). T} _ T{ \fB2\fP T} T{ Enables log file rolling when log files reach a specific size (specified with \fI\%proxy.config.log.rolling_size_mb\fP). T} _ T{ \fB3\fP T} T{ Enables log file rolling at specific intervals during the day or when log files reach a specific size (whichever occurs first). T} _ T{ \fB4\fP T} T{ Enables log file rolling at specific intervals during the day when log files reach a specific size (i.e. at a specified time if the file is of the specified size). T} _ .TE .INDENT 0.0 .TP .B proxy.config.log.rolling_interval_sec .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 86400.TP .B Reloadable Yes.UNINDENT The log file rolling interval, in seconds. The minimum value is \fB60\fP (1 minute). The maximum, and default, value is 86400 seconds (one day). .sp \fBNOTE:\fP .INDENT 0.0 .INDENT 3.5 If you start Traffic Server within a few minutes of the next rolling time, then rolling might not occur until the next rolling time. .UNINDENT .UNINDENT .INDENT 0.0 .TP .B proxy.config.log.rolling_offset_hr .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 0.TP .B Reloadable Yes.UNINDENT The file rolling offset hour. The hour of the day that starts the log rolling period. .INDENT 0.0 .TP .B proxy.config.log.rolling_size_mb .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 10.TP .B Reloadable Yes.UNINDENT The size, in megabytes, that log files must reach before rolling takes place. The minimum value for this setting is \fB10\fP\&. .INDENT 0.0 .TP .B proxy.config.log.auto_delete_rolled_files .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 1.TP .B Reloadable Yes.UNINDENT Enables (\fB1\fP) or disables (\fB0\fP) automatic deletion of rolled files. .INDENT 0.0 .TP .B proxy.config.log.sampling_frequency .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 1.TP .B Reloadable Yes.UNINDENT Configures Traffic Server to log only a sample of transactions rather than every transaction. You can specify the following values: .TS center; |l|l|. _ T{ Value T} T{ Description T} _ T{ \fB1\fP T} T{ Log every transaction. T} _ T{ \fB2\fP T} T{ Log every second transaction. T} _ T{ \fB3\fP T} T{ Log every third transaction. T} _ T{ \fIn\fP T} T{ \&... and so on... T} _ .TE .INDENT 0.0 .TP .B proxy.config.log.periodic_tasks_interval .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 5.TP .B Metric seconds.TP .B Reloadable Yes.UNINDENT How often Traffic Server executes log related periodic tasks, in seconds .INDENT 0.0 .TP .B proxy.config.http.slow.log.threshold .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 0.TP .B Metric milliseconds.TP .B Reloadable Yes.UNINDENT If set to a non\-zero value \fIN\fP then any connection that takes longer than \fIN\fP milliseconds from accept to completion will cause its timing stats to be written to the \fI\%debugging log file\fP\&. This is identifying data about the transaction and all of the \fBtransaction milestones\fP\&. .INDENT 0.0 .TP .B proxy.config.log.config.filename .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type STRING.TP .B Default logging.config.TP .B Reloadable Yes.UNINDENT This configuration value specifies the path to the \fBlogging.config\fP configuration file. If this is a relative path, Traffic Server loads it relative to the \fBSYSCONFDIR\fP directory. .SH DIAGNOSTIC LOGGING CONFIGURATION .INDENT 0.0 .TP .B proxy.config.diags.output.diag .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type STRING.TP .B Default E.UNINDENT .INDENT 0.0 .TP .B proxy.config.diags.output.debug .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type STRING.TP .B Default E.UNINDENT .INDENT 0.0 .TP .B proxy.config.diags.output.status .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type STRING.TP .B Default L.UNINDENT .INDENT 0.0 .TP .B proxy.config.diags.output.note .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type STRING.TP .B Default L.UNINDENT .INDENT 0.0 .TP .B proxy.config.diags.output.warning .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type STRING.TP .B Default L.UNINDENT .INDENT 0.0 .TP .B proxy.config.diags.output.error .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type STRING.TP .B Default SL.UNINDENT .INDENT 0.0 .TP .B proxy.config.diags.output.fatal .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type STRING.TP .B Default SL.UNINDENT .INDENT 0.0 .TP .B proxy.config.diags.output.alert .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type STRING.TP .B Default L.UNINDENT .INDENT 0.0 .TP .B proxy.config.diags.output.emergency .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type STRING.TP .B Default SL.UNINDENT The diagnosic output configuration variables control where Traffic Server should log diagnostic output. Messages at each diagnostic level can be directed to any combination of diagnostic destinations. Valid diagnostic message destinations are: .TS center; |l|l|. _ T{ Value T} T{ Description T} _ T{ \fBO\fP T} T{ Log to standard output. T} _ T{ \fBE\fP T} T{ Log to standard error. T} _ T{ \fBS\fP T} T{ Log to syslog. T} _ T{ \fBL\fP T} T{ Log to \fBdiags.log\fP\&. T} _ .TE .SS Example .sp To log debug diagnostics to both syslog and \fIdiags.log\fP: .INDENT 0.0 .INDENT 3.5 .sp .nf .ft C CONFIG proxy.config.diags.output.debug STRING SL .ft P .fi .UNINDENT .UNINDENT .INDENT 0.0 .TP .B proxy.config.diags.show_location .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 1.UNINDENT Annotates diagnostic messages with the source code location. Set to 1 to enable for Debug() messages only. Set to 2 to enable for all messages. .INDENT 0.0 .TP .B proxy.config.diags.debug.enabled .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 0.UNINDENT Enables logging for diagnostic messages whose log level is \fIdiag\fP or \fIdebug\fP\&. .INDENT 0.0 .TP .B proxy.config.diags.debug.tags .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type STRING.TP .B Default http.*|dns.*.UNINDENT Each Traffic Server \fIdiag\fP and \fIdebug\fP level message is annotated with a subsytem tag. This configuration contains a regular expression that filters the messages based on the tag. Some commonly used debug tags are: .TS center; |l|l|. _ T{ Tag T} T{ Subsytem usage T} _ T{ dns T} T{ DNS query resolution T} _ T{ http_hdrs T} T{ Logs the headers for HTTP requests and responses T} _ T{ privileges T} T{ Privilege elevation T} _ T{ ssl T} T{ TLS termination and certificate processing T} _ .TE .sp Traffic Server plugins will typically log debug messages using the \fBTSDebug()\fP API, passing the plugin name as the debug tag. .INDENT 0.0 .TP .B proxy.config.diags.logfile.rolling_enabled .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 0.TP .B Reloadable Yes.UNINDENT Specifies how the diagnostics log is rolled. You can specify the following values: .TS center; |l|l|. _ T{ Value T} T{ Description T} _ T{ \fB0\fP T} T{ Disables diagnostics log rolling. T} _ T{ \fB1\fP T} T{ Enables diagnostics log rolling at specific intervals (specified with \fI\%proxy.config.diags.logfile.rolling_interval_sec\fP). The "clock" starts ticking on Traffic Server startup. T} _ T{ \fB2\fP T} T{ Enables diagnostics log rolling when the diagnostics log reaches a specific size (specified with \fI\%proxy.config.diags.logfile.rolling_size_mb\fP). T} _ .TE .INDENT 0.0 .TP .B proxy.config.diags.logfile.rolling_interval_sec .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 3600.TP .B Metric seconds.TP .B Reloadable Yes.UNINDENT Specifies how often the diagnostics log is rolled, in seconds. The timer starts on Traffic Server bootup. .INDENT 0.0 .TP .B proxy.config.diags.logfile.rolling_size_mb .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 100.TP .B Metric megabytes.TP .B Reloadable Yes.UNINDENT Specifies at what size to roll the diagnostics log at. .SH REVERSE PROXY .INDENT 0.0 .TP .B proxy.config.reverse_proxy.enabled .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 1.TP .B Reloadable Yes.UNINDENT Enables (\fB1\fP) or disables (\fB0\fP) HTTP reverse proxy. .INDENT 0.0 .TP .B proxy.config.header.parse.no_host_url_redirect .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type STRING.TP .B Default NULL.TP .B Reloadable Yes.UNINDENT The URL to which to redirect requests with no host headers (reverse proxy). .SH URL REMAP RULES .INDENT 0.0 .TP .B proxy.config.url_remap.filename .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type STRING.TP .B Default remap.config.UNINDENT Sets the name of the \fBremap.config\fP file. .INDENT 0.0 .TP .B proxy.config.url_remap.remap_required .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 1.TP .B Reloadable Yes.UNINDENT Set this variable to \fB1\fP if you want Traffic Server to serve requests only from origin servers listed in the mapping rules of the \fBremap.config\fP file. If a request does not match, then the browser will receive an error. .INDENT 0.0 .TP .B proxy.config.url_remap.pristine_host_hdr .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 0.TP .B Reloadable Yes.TP .B Overridable Yes.UNINDENT Set this variable to \fB1\fP if you want to retain the client host header in a request during remapping. .SH SSL TERMINATION .INDENT 0.0 .TP .B proxy.config.ssl.server.cipher_suite .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type STRING.TP .B Default .UNINDENT Configures the set of encryption, digest, authentication, and key exchange algorithms provided by OpenSSL which Traffic Server will use for SSL connections. For the list of algorithms and instructions on constructing an appropriately formatting cipher_suite string, see \fI\%OpenSSL Ciphers\fP\&. .sp The current default, included in the \fBrecords.config.default\fP example configuration is: .sp ECDHE\-ECDSA\-AES256\-GCM\-SHA384:ECDHE\-RSA\-AES256\-GCM\-SHA384:ECDHE\-ECDSA\-AES128\-GCM\-SHA256:ECDHE\-RSA\-AES128\-GCM\-SHA256:DHE\-RSA\-AES256\-GCM\-SHA384:DHE\-DSS\-AES256\-GCM\-SHA384:DHE\-RSA\-AES128\-GCM\-SHA256:DHE\-DSS\-AES128\-GCM\-SHA256:ECDHE\-ECDSA\-AES256\-SHA384:ECDHE\-RSA\-AES256\-SHA384:ECDHE\-ECDSA\-AES256\-SHA:ECDHE\-RSA\-AES256\-SHA:ECDHE\-ECDSA\-AES128\-SHA256:ECDHE\-RSA\-AES128\-SHA256:ECDHE\-ECDSA\-AES128\-SHA:ECDHE\-RSA\-AES128\-SHA:DHE\-RSA\-AES256\-SHA256:DHE\-DSS\-AES256\-SHA256:DHE\-RSA\-AES128\-SHA256:DHE\-DSS\-AES128\-SHA256:DHE\-RSA\-AES256\-SHA:DHE\-DSS\-AES256\-SHA:DHE\-RSA\-AES128\-SHA:DHE\-DSS\-AES128\-SHA:AES256\-GCM\-SHA384:AES128\-GCM\-SHA256:AES256\-SHA256:AES128\-SHA256:AES256\-SHA:AES128\-SHA:DES\-CBC3\-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH\-DSS\-DES\-CBC3\-SHA:!EDH\-RSA\-DES\-CBC3\-SHA:!KRB5\-DES\-CBC3\-SHA .INDENT 0.0 .TP .B proxy.config.ssl.TLSv1 .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 1.UNINDENT Enables (\fB1\fP) or disables (\fB0\fP) TLSv1. .INDENT 0.0 .TP .B proxy.config.ssl.TLSv1_1 .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 1.UNINDENT Enables (\fB1\fP) or disables (\fB0\fP) TLS v1.1. If not specified, enabled by default. [Requires OpenSSL v1.0.1 and higher] .INDENT 0.0 .TP .B proxy.config.ssl.TLSv1_2 .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 1.UNINDENT Enables (\fB1\fP) or disables (\fB0\fP) TLS v1.2. If not specified, enabled by default. [Requires OpenSSL v1.0.1 and higher] .INDENT 0.0 .TP .B proxy.config.ssl.client.certification_level .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 0.UNINDENT Sets the client certification level: .TS center; |l|l|. _ T{ Value T} T{ Description T} _ T{ \fB0\fP T} T{ Client certificates are \fBignored\fP\&. Traffic Server does not verify client certificates during the SSL handshake. Access to Traffic Server depends on Traffic Server configuration options (such as access control lists). T} _ T{ \fB1\fP T} T{ Client certificates are \fBoptional\fP\&. If a client has a certificate, then the certificate is validated. If the client does not have a certificate, then the client is still allowed access to Traffic Server unless access is denied through other Traffic Server configuration options. T} _ T{ \fB2\fP T} T{ Client certificates are \fBrequired\fP\&. The client must be authenticated during the SSL handshake. Clients without a certificate are not allowed to access Traffic Server\&. T} _ .TE .INDENT 0.0 .TP .B proxy.config.ssl.server.multicert.filename .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type STRING.TP .B Default ssl_multicert.config.UNINDENT The location of the \fBssl_multicert.config\fP file, relative to the Traffic Server configuration directory. In the following example, if the Traffic Server configuration directory is \fI/etc/trafficserver\fP, the Traffic Server SSL configuration file and the corresponding certificates are located in \fI/etc/trafficserver/ssl\fP: .INDENT 0.0 .INDENT 3.5 .sp .nf .ft C CONFIG proxy.config.ssl.server.multicert.filename STRING ssl/ssl_multicert.config CONFIG proxy.config.ssl.server.cert.path STRING etc/trafficserver/ssl CONFIG proxy.config.ssl.server.private_key.path STRING etc/trafficserver/ssl .ft P .fi .UNINDENT .UNINDENT .INDENT 0.0 .TP .B proxy.config.ssl.server.cert.path .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type STRING.TP .B Default /config.UNINDENT The location of the SSL certificates and chains used for accepting and validation new SSL sessions. If this is a relative path, it is appended to the Traffic Server installation PREFIX. All certificates and certificate chains listed in \fBssl_multicert.config\fP will be loaded relative to this path. .INDENT 0.0 .TP .B proxy.config.ssl.server.private_key.path .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type STRING.TP .B Default NULL.UNINDENT The location of the SSL certificate private keys. Change this variable only if the private key is not located in the SSL certificate file. All private keys listed in \fBssl_multicert.config\fP will be loaded relative to this path. .INDENT 0.0 .TP .B proxy.config.ssl.server.cert_chain.filename .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type STRING.TP .B Default NULL.UNINDENT The name of a file containing a global certificate chain that should be used with every server certificate. This file is only used if there are certificates defined in \fBssl_multicert.config\fP\&. Unless this is an absolute path, it is loaded relative to the path specified by \fI\%proxy.config.ssl.server.cert.path\fP\&. .INDENT 0.0 .TP .B proxy.config.ssl.server.dhparams_file .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type STRING.TP .B Default NULL.UNINDENT The name of a file containing a set of Diffie\-Hellman key exchange parameters. If not specified, 2048\-bit DH parameters from \fI\%RFC 5114\fP are used. These parameters are only used if a DHE (or EDH) cipher suite has been selected. .INDENT 0.0 .TP .B proxy.config.ssl.CA.cert.path .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type STRING.TP .B Default NULL.UNINDENT The location of the certificate authority file that client certificates will be verified against. .INDENT 0.0 .TP .B proxy.config.ssl.CA.cert.filename .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type STRING.TP .B Default NULL.UNINDENT The filename of the certificate authority that client certificates will be verified against. .INDENT 0.0 .TP .B proxy.config.ssl.server.ticket_key.filename .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type STRING.TP .B Default ssl_ticket.key.UNINDENT The filename of the default and global ticket key for SSL sessions. The location of the \fBssl_ticket.key\fP file, relative to the \fI\%proxy.config.ssl.server.cert.path\fP directory. .INDENT 0.0 .TP .B proxy.config.ssl.max_record_size .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 0.UNINDENT This configuration specifies the maximum number of bytes to write into a SSL record when replying over a SSL session. In some circumstances this setting can improve response latency by reducing buffering at the SSL layer. This setting can have a value between 0 and 16383 (max TLS record size). .sp The default of \fB0\fP means to always write all available data into a single SSL record. .sp A value of \fB\-1\fP means TLS record size is dynamically determined. The strategy employed is to use small TLS records that fit into a single TCP segment for the first ~1 MB of data, but, increase the record size to 16 KB after that to optimize throughput. The record size is reset back to a single segment after ~1 second of inactivity and the record size ramping mechanism is repeated again. .INDENT 0.0 .TP .B proxy.config.ssl.session_cache .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 2.UNINDENT Enables the SSL session cache: .TS center; |l|l|. _ T{ Value T} T{ Description T} _ T{ \fB0\fP T} T{ Disables the session cache entirely. T} _ T{ \fB1\fP T} T{ Enables the session cache using OpenSSL\(aqs implementation. T} _ T{ \fB2\fP T} T{ Default. Enables the session cache using Traffic Server\(aqs implementation. This implentation should perform much better than the OpenSSL implementation. T} _ .TE .INDENT 0.0 .TP .B proxy.config.ssl.session_cache.timeout .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 0.UNINDENT This configuration specifies the lifetime of SSL session cache entries in seconds. If it is \fB0\fP, then the SSL library will use a default value, typically 300 seconds. Note: This option has no affect when using the Traffic Server session cache (option \fB2\fP in \fBproxy.config.ssl.session_cache\fP) .INDENT 0.0 .INDENT 3.5 See \fIadmin\-performance\-timeouts\fP for more discussion on Traffic Server timeouts. .UNINDENT .UNINDENT .INDENT 0.0 .TP .B proxy.config.ssl.session_cache.auto_clear .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 1.UNINDENT This will set the OpenSSL auto clear flag. Auto clear is enabled by default with \fB1\fP it can be disabled by changing this setting to \fB0\fP\&. .INDENT 0.0 .TP .B proxy.config.ssl.session_cache.size .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 102400.UNINDENT This configuration specifies the maximum number of entries the SSL session cache may contain. .INDENT 0.0 .TP .B proxy.config.ssl.session_cache.num_buckets .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 256.UNINDENT This configuration specifies the number of buckets to use with the Traffic Server SSL session cache implementation. The TS implementation is a fixed size hash map where each bucket is protected by a mutex. .INDENT 0.0 .TP .B proxy.config.ssl.session_cache.skip_cache_on_bucket_contention .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 0.UNINDENT This configuration specifies the behavior of the Traffic Server SSL session cache implementation during lock contention on each bucket: .TS center; |l|l|. _ T{ Value T} T{ Description T} _ T{ \fB0\fP T} T{ Default. Don\(aqt skip session caching when bucket lock is contented. T} _ T{ \fB1\fP T} T{ Disable the SSL session cache for a connection during lock contention. T} _ .TE .INDENT 0.0 .TP .B proxy.config.ssl.hsts_max_age .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default \-1.UNINDENT This configuration specifies the max\-age value that will be used when adding the Strict\-Transport\-Security header. The value is in seconds. A value of \fB0\fP will set the max\-age value to \fB0\fP and should remove the HSTS entry from the client. A value of \fB\-1\fP will disable this feature and not set the header. This option is only used for HTTPS requests and the header will not be set on HTTP requests. .INDENT 0.0 .TP .B proxy.config.ssl.hsts_include_subdomains .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 0.UNINDENT Enables (\fB1\fP) or disables (\fB0\fP) adding the includeSubdomain value to the Strict\-Transport\-Security header. proxy.config.ssl.hsts_max_age needs to be set to a non \fB\-1\fP value for this configuration to take effect. .INDENT 0.0 .TP .B proxy.config.ssl.allow_client_renegotiation .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 0.UNINDENT This configuration specifies whether the client is able to initiate renegotiation of the SSL connection. The default of \fB0\fP, means the client can\(aqt initiate renegotiation. .INDENT 0.0 .TP .B proxy.config.ssl.cert.load_elevated .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 0.UNINDENT Enables (\fB1\fP) or disables (\fB0\fP) elevation of traffic_server privileges during loading of SSL certificates. By enabling this, SSL certificate files\(aq access rights can be restricted to help reduce the vulnerability of certificates. .sp This feature requires Traffic Server to be built with POSIX capabilities enabled. .INDENT 0.0 .TP .B proxy.config.ssl.handshake_timeout_in .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 0.UNINDENT When enabled this limits the total duration for the server side SSL handshake. .sp See \fIadmin\-performance\-timeouts\fP for more discussion on Traffic Server timeouts. .INDENT 0.0 .TP .B proxy.config.ssl.wire_trace_enabled .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 0.UNINDENT When enabled this turns on wire tracing of SSL connections that meet the conditions specified by wire_trace_percentage, wire_trace_addr and wire_trace_server_name. .INDENT 0.0 .TP .B proxy.config.ssl.wire_trace_percentage .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 0.UNINDENT This specifies the percentage of traffic meeting the other wire_trace conditions to be traced. .INDENT 0.0 .TP .B proxy.config.ssl.wire_trace_addr .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type STRING.TP .B Default NULL.UNINDENT This specifies the client IP for which wire_traces should be printed. .INDENT 0.0 .TP .B proxy.config.ssl.wire_trace_server_name .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type STRING.TP .B Default NULL.UNINDENT This specifies the server name for which wire_traces should be printed. This only works if traffic_server is built with TS_USE_TLS_SNI flag set to true. .SS Client\-Related Configuration .INDENT 0.0 .TP .B proxy.config.ssl.client.verify.server .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 0.UNINDENT Configures Traffic Server to verify the origin server certificate with the Certificate Authority (CA). .INDENT 0.0 .TP .B proxy.config.ssl.client.cert.filename .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type STRING.TP .B Default NULL.UNINDENT The filename of SSL client certificate installed on Traffic Server. .INDENT 0.0 .TP .B proxy.config.ssl.client.cert.path .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type STRING.TP .B Default /config.UNINDENT The location of the SSL client certificate installed on Traffic Server. .INDENT 0.0 .TP .B proxy.config.ssl.client.private_key.filename .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type STRING.TP .B Default NULL.UNINDENT The filename of the Traffic Server private key. Change this variable only if the private key is not located in the Traffic Server SSL client certificate file. .INDENT 0.0 .TP .B proxy.config.ssl.client.private_key.path .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type STRING.TP .B Default NULL.UNINDENT The location of the Traffic Server private key. Change this variable only if the private key is not located in the SSL client certificate file. .INDENT 0.0 .TP .B proxy.config.ssl.client.CA.cert.filename .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type STRING.TP .B Default NULL.UNINDENT The filename of the certificate authority against which the origin server will be verified. .INDENT 0.0 .TP .B proxy.config.ssl.client.CA.cert.path .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type STRING.TP .B Default NULL.UNINDENT Specifies the location of the certificate authority file against which the origin server will be verified. .SH OCSP STAPLING CONFIGURATION .INDENT 0.0 .TP .B proxy.config.ssl.ocsp.enabled .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 0.UNINDENT Enable OCSP stapling. .TS center; |l|l|. _ T{ Value T} T{ Description T} _ T{ \fB0\fP T} T{ Disables OCSP Stapling. T} _ T{ \fB1\fP T} T{ Allows Traffic Server to request SSL certificate revocation status from an OCSP responder. T} _ .TE .INDENT 0.0 .TP .B proxy.config.ssl.ocsp.cache_timeout .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 3600.UNINDENT Number of seconds before an OCSP response expires in the stapling cache. .sp See \fIadmin\-performance\-timeouts\fP for more discussion on Traffic Server timeouts. .INDENT 0.0 .TP .B proxy.config.ssl.ocsp.request_timeout .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 10.UNINDENT Timeout (in seconds) for queries to OCSP responders. .sp See \fIadmin\-performance\-timeouts\fP for more discussion on Traffic Server timeouts. .INDENT 0.0 .TP .B proxy.config.ssl.ocsp.update_period .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 60.UNINDENT Update period (in seconds) for stapling caches. .SH HTTP/2 CONFIGURATION .INDENT 0.0 .TP .B proxy.config.http2.max_concurrent_streams_in .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 100.TP .B Reloadable Yes.UNINDENT The maximum number of concurrent streams per inbound connection. .sp \fBNOTE:\fP .INDENT 0.0 .INDENT 3.5 Reloading this value affects only new HTTP/2 connections, not the ones already established. .UNINDENT .UNINDENT .INDENT 0.0 .TP .B proxy.config.http2.min_concurrent_streams_in .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 10.TP .B Reloadable Yes.UNINDENT The minimum number of concurrent streams per inbound connection. This is used when \fI\%proxy.config.http2.max_active_streams_in\fP is set larger than \fB0\fP\&. .INDENT 0.0 .TP .B proxy.config.http2.max_active_streams_in .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 0.TP .B Reloadable Yes.UNINDENT Limits the maximum number of connection wide active streams. When connection wide active streams are larger than this value, SETTINGS_MAX_CONCURRENT_STREAMS will be reduced to \fI\%proxy.config.http2.min_concurrent_streams_in\fP\&. To disable, set to zero (\fB0\fP). .INDENT 0.0 .TP .B proxy.config.http2.initial_window_size_in .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 1048576.TP .B Reloadable Yes.UNINDENT The initial window size for inbound connections. .INDENT 0.0 .TP .B proxy.config.http2.max_frame_size .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 16384.TP .B Reloadable Yes.UNINDENT Indicates the size of the largest frame payload that the sender is willing to receive. .INDENT 0.0 .TP .B proxy.config.http2.header_table_size .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 4096.TP .B Reloadable Yes.UNINDENT The maximum size of the header compression table used to decode header blocks. .INDENT 0.0 .TP .B proxy.config.http2.max_header_list_size .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 4294967295.TP .B Reloadable Yes.UNINDENT This advisory setting informs a peer of the maximum size of header list that the sender is prepared to accept blocks. The default value, which is the unsigned int maximum value in Traffic Server, implies unlimited size. .INDENT 0.0 .TP .B proxy.config.http2.stream_priority_enabled .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 0.TP .B Reloadable Yes.UNINDENT Enable the experimental HTTP/2 Stream Priority feature. .SH PLUG-IN CONFIGURATION .INDENT 0.0 .TP .B proxy.config.plugin.plugin_dir .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type STRING.TP .B Default config/plugins.UNINDENT Specifies the location of Traffic Server plugins. .INDENT 0.0 .TP .B proxy.config.remap.num_remap_threads .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 0.UNINDENT When this variable is set to \fB0\fP, plugin remap callbacks are executed in line on network threads. If remap processing takes significant time, this can be cause additional request latency. Setting this variable to causes remap processing to take place on a dedicated thread pool, freeing the network threads to service additional requests. .SH SOCKS PROCESSOR .INDENT 0.0 .TP .B proxy.config.socks.socks_needed .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 0.UNINDENT Enables (\fB1\fP) or disables (\fB0\fP) the SOCKS processor .INDENT 0.0 .TP .B proxy.config.socks.socks_version .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 4.UNINDENT Specifies the SOCKS version (\fB4\fP) or (\fB5\fP) .INDENT 0.0 .TP .B proxy.config.socks.socks_config_file .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type STRING.TP .B Default socks.config.UNINDENT The socks_onfig file allows you to specify ranges of IP addresses that will not be relayed to the SOCKS server. It can also be used to configure AUTH information for SOCKSv5 servers. .INDENT 0.0 .TP .B proxy.config.socks.socks_timeout .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 100.UNINDENT The activity timeout value (in seconds) for SOCKS server connections. .sp See \fIadmin\-performance\-timeouts\fP for more discussion on Traffic Server timeouts. .INDENT 0.0 .TP .B proxy.config.socks.server_connect_timeout .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 10.UNINDENT The timeout value (in seconds) for SOCKS server connection attempts. .sp See \fIadmin\-performance\-timeouts\fP for more discussion on Traffic Server timeouts. .INDENT 0.0 .TP .B proxy.config.socks.per_server_connection_attempts .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 1.UNINDENT The total number of connection attempts allowed per SOCKS server, if multiple servers are used. .INDENT 0.0 .TP .B proxy.config.socks.connection_attempts .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 4.UNINDENT The total number of connection attempts allowed to a SOCKS server Traffic Server bypasses the server or fails the request .INDENT 0.0 .TP .B proxy.config.socks.server_retry_timeout .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 300.UNINDENT The timeout value (in seconds) for SOCKS server connection retry attempts. .sp See \fIadmin\-performance\-timeouts\fP for more discussion on Traffic Server timeouts. .INDENT 0.0 .TP .B proxy.config.socks.default_servers .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type STRING.TP .B Default \fI*NONE*\fP.UNINDENT Default list of SOCKS servers and their ports. .INDENT 0.0 .TP .B proxy.config.socks.server_retry_time .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 300.UNINDENT The amount of time allowed between connection retries to a SOCKS server that is unavailable. .INDENT 0.0 .TP .B proxy.config.socks.server_fail_threshold .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 2.UNINDENT The number of times the connection to the SOCKS server can fail before Traffic Server considers the server unavailable. .INDENT 0.0 .TP .B proxy.config.socks.accept_enabled .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 0.UNINDENT Enables (1) or disables (0) the SOCKS proxy option. As a SOCKS proxy, Traffic Server receives SOCKS traffic (usually on port 1080) and forwards all requests directly to the SOCKS server. .INDENT 0.0 .TP .B proxy.config.socks.accept_port .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 1080.UNINDENT Specifies the port on which Traffic Server accepts SOCKS traffic. .INDENT 0.0 .TP .B proxy.config.socks.http_port .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 80.UNINDENT Specifies the port on which Traffic Server accepts HTTP proxy requests over SOCKS connections.. .SH SOCKETS .INDENT 0.0 .TP .B proxy.config.net.defer_accept .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 1.UNINDENT default: \fB1\fP meaning \fBon\fP all Platforms except Linux: \fB45\fP seconds .sp This directive enables operating system specific optimizations for a listening socket. \fBdefer_accept\fP holds a call to \fBaccept(2)\fP back until data has arrived. In Linux\(aq special case this is up to a maximum of 45 seconds. .INDENT 0.0 .TP .B proxy.config.net.listen_backlog .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default \-1 :reloadable:.UNINDENT This directive sets the maximum number of pending connections. If it is set to \-1, Traffic Server will automatically set this to a platform\-specific maximum. .INDENT 0.0 .TP .B proxy.config.net.tcp_congestion_control_in .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type STRING.TP .B Default "".UNINDENT This directive will override the congestion control algorithm for incoming connections (accept sockets). On linux the allowed values are typically specified in a space separated list in /proc/sys/net/ipv4/tcp_allowed_congestion_control .INDENT 0.0 .TP .B proxy.config.net.tcp_congestion_control_out .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type STRING.TP .B Default "".UNINDENT This directive will override the congestion control algorithm for outgoing connections (connect sockets). On linux the allowed values are typically specified in a space separated list in /proc/sys/net/ipv4/tcp_allowed_congestion_control .INDENT 0.0 .TP .B proxy.config.net.sock_send_buffer_size_in .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 0.UNINDENT Sets the send buffer size for connections from the client to Traffic Server. .INDENT 0.0 .TP .B proxy.config.net.sock_recv_buffer_size_in .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 0.UNINDENT Sets the receive buffer size for connections from the client to Traffic Server. .INDENT 0.0 .TP .B proxy.config.net.sock_option_flag_in .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 0x5.UNINDENT Turns different options "on" for the socket handling client connections:: .INDENT 0.0 .INDENT 3.5 .sp .nf .ft C TCP_NODELAY (1) SO_KEEPALIVE (2) SO_LINGER (4) \- with a timeout of 0 seconds .ft P .fi .UNINDENT .UNINDENT .sp \fBNOTE:\fP .INDENT 0.0 .INDENT 3.5 This is a bitmask and you need to decide what bits to set. Therefore, you must set the value to \fB3\fP if you want to enable nodelay and keepalive options above. .UNINDENT .UNINDENT .INDENT 0.0 .TP .B proxy.config.net.sock_send_buffer_size_out .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 0.TP .B Overridable Yes.UNINDENT Sets the send buffer size for connections from Traffic Server to the origin server. .INDENT 0.0 .TP .B proxy.config.net.sock_recv_buffer_size_out .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 0.TP .B Overridable Yes.UNINDENT Sets the receive buffer size for connections from Traffic Server to the origin server. .INDENT 0.0 .TP .B proxy.config.net.sock_option_flag_out .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 0x1.TP .B Overridable Yes.UNINDENT Turns different options "on" for the origin server socket:: .INDENT 0.0 .INDENT 3.5 .sp .nf .ft C TCP_NODELAY (1) SO_KEEPALIVE (2) SO_LINGER (4) \- with a timeout of 0 seconds .ft P .fi .UNINDENT .UNINDENT .sp \fBNOTE:\fP .INDENT 0.0 .INDENT 3.5 This is a bitmask and you need to decide what bits to set. Therefore, you must set the value to \fB3\fP if you want to enable nodelay and keepalive options above. .sp When SO_LINGER is enabled, the linger timeout time is set to 0. This is useful when Traffic Server and the origin server are co\-located and large numbers of sockets are retained in the TIME_WAIT state. .UNINDENT .UNINDENT .INDENT 0.0 .TP .B proxy.config.net.sock_mss_in .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 0.UNINDENT Same as the command line option \fB\-\-accept_mss\fP that sets the MSS for all incoming requests. .INDENT 0.0 .TP .B proxy.config.net.sock_packet_mark_in .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 0x0.UNINDENT Set the packet mark on traffic destined for the client (the packets that make up a client response). .sp \fBSEE ALSO:\fP .INDENT 0.0 .INDENT 3.5 \fI\%Traffic Shaping\fP .UNINDENT .UNINDENT .INDENT 0.0 .TP .B proxy.config.net.sock_packet_mark_out .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 0x0.TP .B Overridable Yes.UNINDENT Set the packet mark on traffic destined for the origin (the packets that make up an origin request). .sp \fBSEE ALSO:\fP .INDENT 0.0 .INDENT 3.5 \fI\%Traffic Shaping\fP .UNINDENT .UNINDENT .INDENT 0.0 .TP .B proxy.config.net.sock_packet_tos_in .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 0x0.UNINDENT Set the ToS/DiffServ Field on packets sent to the client (the packets that make up a client response). .sp \fBSEE ALSO:\fP .INDENT 0.0 .INDENT 3.5 \fI\%Traffic Shaping\fP .UNINDENT .UNINDENT .INDENT 0.0 .TP .B proxy.config.net.sock_packet_tos_out .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 0x0.TP .B Overridable Yes.UNINDENT Set the ToS/DiffServ Field on packets sent to the origin (the packets that make up an origin request). .sp \fBSEE ALSO:\fP .INDENT 0.0 .INDENT 3.5 \fI\%Traffic Shaping\fP .UNINDENT .UNINDENT .INDENT 0.0 .TP .B proxy.config.net.poll_timeout .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 10 (or 30 on Solaris).UNINDENT Same as the command line option \fB\-\-poll_timeout\fP, or \fB\-t\fP, which specifies the timeout used for the polling mechanism used. This timeout is always in milliseconds (ms). This is the timeout to \fBepoll_wait()\fP on Linux platforms, and to \fBkevent()\fP on BSD type OSs. The default value is \fB10\fP on all platforms. .sp Changing this configuration can reduce CPU usage on an idle system, since periodic tasks gets processed at these intervals. On busy servers, this overhead is diminished, since polled events triggers morefrequently. However, increasing the setting can also introduce additional latency for certain operations, and timed events. It\(aqs recommended not to touch this setting unless your CPU usage is unacceptable at idle workload. Some alternatives to this could be: .INDENT 0.0 .INDENT 3.5 .sp .nf .ft C Reduce the number of worker threads (net\-threads) Reduce the number of disk (AIO) threads Make sure accept threads are enabled .ft P .fi .UNINDENT .UNINDENT .sp The relevant configurations for this are: .INDENT 0.0 .INDENT 3.5 .sp .nf .ft C CONFIG proxy.config.exec_thread.autoconfig INT 0 CONFIG proxy.config.exec_thread.limit INT 2 CONFIG proxy.config.accept_threads INT 1 CONFIG proxy.config.cache.threads_per_disk INT 8 .ft P .fi .UNINDENT .UNINDENT .sp See \fIadmin\-performance\-timeouts\fP for more discussion on Traffic Server timeouts. .INDENT 0.0 .TP .B proxy.config.task_threads .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 2.UNINDENT Specifies the number of task threads to run. These threads are used for various tasks that should be off\-loaded from the normal network threads. .INDENT 0.0 .TP .B proxy.config.allocator.thread_freelist_size .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 512.UNINDENT Sets the maximum number of elements that can be contained in a ProxyAllocator (per\-thread) before returning the objects to the global pool .INDENT 0.0 .TP .B proxy.config.allocator.thread_freelist_low_watermark .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 32.UNINDENT Sets the minimum number of items a ProxyAllocator (per\-thread) will guarantee to be holding at any one time. .INDENT 0.0 .TP .B proxy.config.allocator.hugepages .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 0.UNINDENT Enable (1) the use of huge pages on supported platforms. (Currently only Linux) .sp You must also enable hugepages at the OS level. In a modern linux Kernel this can be done by setting \fB/proc/sys/vm/nr_overcommit_hugepages\fP to a sufficiently large value. It is reasonable to use (system memory/hugepage size) because these pages are only created on demand. .sp For more information on the implications of enabling huge pages, see \fIWikipedia _\fP\&. .INDENT 0.0 .TP .B proxy.config.http.enabled .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 1.UNINDENT Turn on or off support for HTTP proxying. This is rarely used, the one exception being if you run Traffic Server with a protocol plugin, and would like for it to not support HTTP requests at all. .INDENT 0.0 .TP .B proxy.config.http.wait_for_cache .UNINDENT .INDENT 0.0 .TP .B Scope CONFIG.TP .B Type INT.TP .B Default 0.UNINDENT Accepting inbound connections and starting the cache are independent operations in Traffic Server\&. This variable controls the relative timing of these operations and Traffic Server dependency on cache because if cache is required then inbound connection accepts should be deferred until the validity of the cache requirement is determined. Cache initialization failure will be logged in \fBdiags.log\fP\&. .TS center; |l|l|. _ T{ Value T} T{ Description T} _ T{ \fB0\fP T} T{ Decouple inbound connections and cache initialization. Connections will be accepted as soon as possible and Traffic Server will run regardless of the results of cache initialization. T} _ T{ \fB1\fP T} T{ Do not accept inbound connections until cache initialization has finished. Traffic Server will run regardless of the results of cache initialization. T} _ T{ \fB2\fP T} T{ Do not accept inbound connections until cache initialization has finished and been sufficiently successful that cache is enabled. This means at least one cache span is usable. If there are no spans in \fBstorage.config\fP or none of the spans can be successfully parsed and initialized then Traffic Server will shut down. T} _ T{ \fB3\fP T} T{ Do not accept inbound connections until cache initialization has finished and been completely successful. This requires at least one cache span in \fBstorage.config\fP and that every span specified is valid and successfully initialized. Any error will cause Traffic Server to shut down. T} _ .TE .SH COPYRIGHT 2015, dev@trafficserver.apache.org .\" Generated by docutils manpage writer. .