[ { "name": "accept_mutex", "syntax": [ "accept_mutex on | off;" ], "def": "accept_mutex off;", "contexts": [ "events" ], "desc": "If accept_mutex is enabled,worker processes will accept new connections by turn.Otherwise, all worker processes will be notified about new connections,and if volume of new connections is low, some of the worker processesmay just waste system resources.", "notes": [ "\nThere is no need to enable accept_mutex\non systems that support the\nEPOLLEXCLUSIVE flag (1.11.3) or\nwhen using reuseport.\n", "\nPrior to version 1.11.3, the default value was on.\n" ], "since": null, "module": "Core functionality" }, { "name": "accept_mutex_delay", "syntax": [ "accept_mutex_delay time;" ], "def": "accept_mutex_delay 500ms;", "contexts": [ "events" ], "desc": "If accept_mutex is enabled, specifies the maximum timeduring which a worker process will try to restart accepting newconnections if another worker process is currently acceptingnew connections.", "notes": [], "since": null, "module": "Core functionality" }, { "name": "daemon", "syntax": [ "daemon on | off;" ], "def": "daemon on;", "contexts": [ "main" ], "desc": "Determines whether nginx should become a daemon.Mainly used during development.", "notes": [], "since": null, "module": "Core functionality" }, { "name": "debug_connection", "syntax": [ "debug_connection \n address |\n CIDR |\n unix:;" ], "def": null, "contexts": [ "events" ], "desc": "Enables debugging log for selected client connections.Other connections will use logging level set by theerror_log directive.Debugged connections are specified by IPv4 or IPv6 (1.3.0, 1.2.1)address or network.A connection may also be specified using a hostname.For connections using UNIX-domain sockets (1.3.0, 1.2.1),debugging log is enabled by the “unix:” parameter.", "notes": [ "\nFor this directive to work, nginx needs to\nbe built with --with-debug,\nsee “A debugging log”.\n" ], "since": null, "module": "Core functionality" }, { "name": "debug_points", "syntax": [ "debug_points abort | stop;" ], "def": null, "contexts": [ "main" ], "desc": "This directive is used for debugging.", "notes": [], "since": null, "module": "Core functionality" }, { "name": "env", "syntax": [ "env variable[=value];" ], "def": "env TZ;", "contexts": [ "main" ], "desc": "By default, nginx removes all environment variables inheritedfrom its parent process except the TZ variable.This directive allows preserving some of the inherited variables,changing their values, or creating new environment variables.These variables are then:", "notes": [], "since": null, "module": "Core functionality" }, { "name": "error_log", "syntax": [ "error_log file [level];" ], "def": "error_log logs/error.log error;", "contexts": [ "main", "http", "mail", "stream", "server", "location" ], "desc": "Configures logging.Several logs can be specified on the same level (1.5.2).If on the main configuration level writing a log to a fileis not explicitly defined, the default file will be used.", "notes": [ "\nFor debug logging to work, nginx needs to\nbe built with --with-debug,\nsee “A debugging log”.\n", "\nThe directive can be specified on the\nstream level\nstarting from version 1.7.11,\nand on the mail level\nstarting from version 1.9.0.\n" ], "since": null, "module": "Core functionality" }, { "name": "events", "syntax": [ "events { ... }" ], "def": null, "contexts": [ "main" ], "desc": "Provides the configuration file context in which the directives thataffect connection processing are specified.", "notes": [], "since": null, "module": "Core functionality" }, { "name": "include", "syntax": [ "include file | mask;" ], "def": null, "contexts": [ "any" ], "desc": "Includes another file, or files matching thespecified mask, into configuration.Included files should consist ofsyntactically correct directives and blocks.", "notes": [], "since": null, "module": "Core functionality" }, { "name": "load_module", "syntax": [ "load_module file;" ], "def": null, "contexts": [ "main" ], "desc": "Loads a dynamic module.", "notes": [], "since": "1.9.11", "module": "Core functionality" }, { "name": "lock_file", "syntax": [ "lock_file file;" ], "def": "lock_file logs/nginx.lock;", "contexts": [ "main" ], "desc": "nginx uses the locking mechanism to implement accept_mutexand serialize access to shared memory.On most systems the locks are implemented using atomic operations,and this directive is ignored.On other systems the “lock file” mechanism is used.This directive specifies a prefix for the names of lock files.", "notes": [], "since": null, "module": "Core functionality" }, { "name": "master_process", "syntax": [ "master_process on | off;" ], "def": "master_process on;", "contexts": [ "main" ], "desc": "Determines whether worker processes are started.This directive is intended for nginx developers.", "notes": [], "since": null, "module": "Core functionality" }, { "name": "multi_accept", "syntax": [ "multi_accept on | off;" ], "def": "multi_accept off;", "contexts": [ "events" ], "desc": "If multi_accept is disabled, a worker processwill accept one new connection at a time.Otherwise, a worker processwill accept all new connections at a time.", "notes": [ "\nThe directive is ignored if kqueue\nconnection processing method is used, because it reports\nthe number of new connections waiting to be accepted.\n" ], "since": null, "module": "Core functionality" }, { "name": "pcre_jit", "syntax": [ "pcre_jit on | off;" ], "def": "pcre_jit off;", "contexts": [ "main" ], "desc": "Enables or disables the use of “just-in-time compilation” (PCRE JIT)for the regular expressions known by the time of configuration parsing.", "notes": [ "\nThe JIT is available in PCRE libraries starting from version 8.20\nbuilt with the --enable-jit configuration parameter.\nWhen the PCRE library is built with nginx (--with-pcre=),\nthe JIT support is enabled via the\n--with-pcre-jit configuration parameter.\n" ], "since": "1.1.12", "module": "Core functionality" }, { "name": "pid", "syntax": [ "pid file;" ], "def": "pid logs/nginx.pid;", "contexts": [ "main" ], "desc": "Defines a file that will store the process ID of the main process.", "notes": [], "since": null, "module": "Core functionality" }, { "name": "ssl_engine", "syntax": [ "ssl_engine device;" ], "def": null, "contexts": [ "main" ], "desc": "Defines the name of the hardware SSL accelerator.", "notes": [], "since": null, "module": "Core functionality" }, { "name": "thread_pool", "syntax": [ "thread_pool \n name\n threads=number\n [max_queue=number];" ], "def": "thread_pool default threads=32 max_queue=65536;", "contexts": [ "main" ], "desc": "Defines named thread poolsused for multi-threaded reading and sending of fileswithout blockingworker processes.", "notes": [], "since": "1.7.11", "module": "Core functionality" }, { "name": "timer_resolution", "syntax": [ "timer_resolution interval;" ], "def": null, "contexts": [ "main" ], "desc": "Reduces timer resolution in worker processes, thus reducing thenumber of gettimeofday() system calls made.By default, gettimeofday() is called each timea kernel event is received.With reduced resolution, gettimeofday() is onlycalled once per specified interval.", "notes": [], "since": null, "module": "Core functionality" }, { "name": "use", "syntax": [ "use method;" ], "def": null, "contexts": [ "events" ], "desc": "Specifies the connection processingmethod to use.There is normally no need to specify it explicitly, because nginx willby default use the most efficient method.", "notes": [], "since": null, "module": "Core functionality" }, { "name": "user", "syntax": [ "user user [group];" ], "def": "user nobody nobody;", "contexts": [ "main" ], "desc": "Defines user and groupcredentials used by worker processes.If group is omitted, a group whose name equalsthat of user is used.", "notes": [], "since": null, "module": "Core functionality" }, { "name": "worker_aio_requests", "syntax": [ "worker_aio_requests number;" ], "def": "worker_aio_requests 32;", "contexts": [ "events" ], "desc": "When using aiowith the epollconnection processing method, sets the maximum number ofoutstanding asynchronous I/O operationsfor a single worker process.", "notes": [], "since": "1.1.4", "module": "Core functionality" }, { "name": "worker_connections", "syntax": [ "worker_connections number;" ], "def": "worker_connections 512;", "contexts": [ "events" ], "desc": "Sets the maximum number of simultaneous connections thatcan be opened by a worker process.", "notes": [], "since": null, "module": "Core functionality" }, { "name": "worker_cpu_affinity", "syntax": [ "worker_cpu_affinity cpumask ...;", "worker_cpu_affinity auto [cpumask];" ], "def": null, "contexts": [ "main" ], "desc": "Binds worker processes to the sets of CPUs.Each CPU set is represented by a bitmask of allowed CPUs.There should be a separate set defined for each of the worker processes.By default, worker processes are not bound to any specific CPUs.", "notes": [ "\nThe directive is only available on FreeBSD and Linux.\n" ], "since": null, "module": "Core functionality" }, { "name": "worker_priority", "syntax": [ "worker_priority number;" ], "def": "worker_priority 0;", "contexts": [ "main" ], "desc": "Defines the scheduling priority for worker processes like it isdone by the nice command: a negativenumbermeans higher priority.Allowed range normally varies from -20 to 20.", "notes": [], "since": null, "module": "Core functionality" }, { "name": "worker_processes", "syntax": [ "worker_processes number | auto;" ], "def": "worker_processes 1;", "contexts": [ "main" ], "desc": "Defines the number of worker processes.", "notes": [ "\nThe auto parameter is supported starting from\nversions 1.3.8 and 1.2.5.\n" ], "since": null, "module": "Core functionality" }, { "name": "worker_rlimit_core", "syntax": [ "worker_rlimit_core size;" ], "def": null, "contexts": [ "main" ], "desc": "Changes the limit on the largest size of a core file(RLIMIT_CORE) for worker processes.Used to increase the limit without restarting the main process.", "notes": [], "since": null, "module": "Core functionality" }, { "name": "worker_rlimit_nofile", "syntax": [ "worker_rlimit_nofile number;" ], "def": null, "contexts": [ "main" ], "desc": "Changes the limit on the maximum number of open files(RLIMIT_NOFILE) for worker processes.Used to increase the limit without restarting the main process.", "notes": [], "since": null, "module": "Core functionality" }, { "name": "worker_shutdown_timeout", "syntax": [ "worker_shutdown_timeout time;" ], "def": null, "contexts": [ "main" ], "desc": "Configures a timeout for a graceful shutdown of worker processes.When the time expires,nginx will try to close all the connections currently opento facilitate shutdown.", "notes": [], "since": "1.11.11", "module": "Core functionality" }, { "name": "working_directory", "syntax": [ "working_directory directory;" ], "def": null, "contexts": [ "main" ], "desc": "Defines the current working directory for a worker process.It is primarily used when writing a core-file, in which casea worker process should have write permission for thespecified directory.", "notes": [], "since": null, "module": "Core functionality" }, { "name": "absolute_redirect", "syntax": [ "absolute_redirect on | off;" ], "def": "absolute_redirect on;", "contexts": [ "http", "server", "location" ], "desc": "If disabled, redirects issued by nginx will be relative.", "notes": [], "since": "1.11.8", "module": "ngx_http_core_module" }, { "name": "aio", "syntax": [ "aio \n on |\n off |\n threads[=pool];" ], "def": "aio off;", "contexts": [ "http", "server", "location" ], "desc": "Enables or disables the use of asynchronous file I/O (AIO)on FreeBSD and Linux:", "notes": [], "since": "0.8.11", "module": "ngx_http_core_module" }, { "name": "aio_write", "syntax": [ "aio_write on | off;" ], "def": "aio_write off;", "contexts": [ "http", "server", "location" ], "desc": "If aio is enabled, specifies whether it is used for writing files.Currently, this only works when usingaio threadsand is limited to writing temporary fileswith data received from proxied servers.", "notes": [], "since": "1.9.13", "module": "ngx_http_core_module" }, { "name": "alias", "syntax": [ "alias path;" ], "def": null, "contexts": [ "location" ], "desc": "Defines a replacement for the specified location.For example, with the following configuration", "notes": [], "since": null, "module": "ngx_http_core_module" }, { "name": "chunked_transfer_encoding", "syntax": [ "chunked_transfer_encoding on | off;" ], "def": "chunked_transfer_encoding on;", "contexts": [ "http", "server", "location" ], "desc": "Allows disabling chunked transfer encoding in HTTP/1.1.It may come in handy when using a software failing to supportchunked encoding despite the standard’s requirement.", "notes": [], "since": null, "module": "ngx_http_core_module" }, { "name": "client_body_buffer_size", "syntax": [ "client_body_buffer_size size;" ], "def": "client_body_buffer_size 8k|16k;", "contexts": [ "http", "server", "location" ], "desc": "Sets buffer size for reading client request body.In case the request body is larger than the buffer,the whole body or only its part is written to atemporary file.By default, buffer size is equal to two memory pages.This is 8K on x86, other 32-bit platforms, and x86-64.It is usually 16K on other 64-bit platforms.", "notes": [], "since": null, "module": "ngx_http_core_module" }, { "name": "client_body_in_file_only", "syntax": [ "client_body_in_file_only \n on |\n clean |\n off;" ], "def": "client_body_in_file_only off;", "contexts": [ "http", "server", "location" ], "desc": "Determines whether nginx should save the entire client request bodyinto a file.This directive can be used during debugging, or when using the$request_body_filevariable, or the$r->request_body_filemethod of the modulengx_http_perl_module.", "notes": [], "since": null, "module": "ngx_http_core_module" }, { "name": "client_body_in_single_buffer", "syntax": [ "client_body_in_single_buffer on | off;" ], "def": "client_body_in_single_buffer off;", "contexts": [ "http", "server", "location" ], "desc": "Determines whether nginx should save the entire client request bodyin a single buffer.The directive is recommended when using the$request_bodyvariable, to save the number of copy operations involved.", "notes": [], "since": null, "module": "ngx_http_core_module" }, { "name": "client_body_temp_path", "syntax": [ "client_body_temp_path \n path\n [level1\n [level2\n [level3]]];" ], "def": "client_body_temp_path client_body_temp;", "contexts": [ "http", "server", "location" ], "desc": "Defines a directory for storing temporary files holding client request bodies.Up to three-level subdirectory hierarchy can be used under the specifieddirectory.For example, in the following configuration", "notes": [], "since": null, "module": "ngx_http_core_module" }, { "name": "client_body_timeout", "syntax": [ "client_body_timeout time;" ], "def": "client_body_timeout 60s;", "contexts": [ "http", "server", "location" ], "desc": "Defines a timeout for reading client request body.The timeout is set only for a period between two successive read operations,not for the transmission of the whole request body.If a client does not transmit anything within this time, the408 (Request Time-out)error is returned to the client.", "notes": [], "since": null, "module": "ngx_http_core_module" }, { "name": "client_header_buffer_size", "syntax": [ "client_header_buffer_size size;" ], "def": "client_header_buffer_size 1k;", "contexts": [ "http", "server" ], "desc": "Sets buffer size for reading client request header.For most requests, a buffer of 1K bytes is enough.However, if a request includes long cookies, or comes from a WAP client,it may not fit into 1K.If a request line or a request header field does not fit intothis buffer then larger buffers, configured by thelarge_client_header_buffers directive,are allocated.", "notes": [], "since": null, "module": "ngx_http_core_module" }, { "name": "client_header_timeout", "syntax": [ "client_header_timeout time;" ], "def": "client_header_timeout 60s;", "contexts": [ "http", "server" ], "desc": "Defines a timeout for reading client request header.If a client does not transmit the entire header within this time, the408 (Request Time-out)error is returned to the client.", "notes": [], "since": null, "module": "ngx_http_core_module" }, { "name": "client_max_body_size", "syntax": [ "client_max_body_size size;" ], "def": "client_max_body_size 1m;", "contexts": [ "http", "server", "location" ], "desc": "Sets the maximum allowed size of the client request body,specified in the“Content-Length”request header field.If the size in a request exceeds the configured value, the413 (Request Entity Too Large)error is returned to the client.Please be aware thatbrowsers cannot correctly displaythis error.Setting size to 0 disables checking of clientrequest body size.", "notes": [], "since": null, "module": "ngx_http_core_module" }, { "name": "connection_pool_size", "syntax": [ "connection_pool_size size;" ], "def": "connection_pool_size 256|512;", "contexts": [ "http", "server" ], "desc": "Allows accurate tuning of per-connection memory allocations.This directive has minimal impact on performanceand should not generally be used.By default, the size is equal to256 bytes on 32-bit platforms and 512 bytes on 64-bit platforms.", "notes": [ "\nPrior to version 1.9.8, the default value was 256 on all platforms.\n" ], "since": null, "module": "ngx_http_core_module" }, { "name": "default_type", "syntax": [ "default_type mime-type;" ], "def": "default_type text/plain;", "contexts": [ "http", "server", "location" ], "desc": "Defines the default MIME type of a response.Mapping of file name extensions to MIME types can be setwith the types directive.", "notes": [], "since": null, "module": "ngx_http_core_module" }, { "name": "directio", "syntax": [ "directio size | off;" ], "def": "directio off;", "contexts": [ "http", "server", "location" ], "desc": "Enables the use ofthe O_DIRECT flag (FreeBSD, Linux),the F_NOCACHE flag (macOS),or the directio() function (Solaris),when reading files that are larger than or equal tothe specified size.The directive automatically disables (0.7.15) the use ofsendfilefor a given request.It can be useful for serving large files:", "notes": [], "since": "0.7.7", "module": "ngx_http_core_module" }, { "name": "directio_alignment", "syntax": [ "directio_alignment size;" ], "def": "directio_alignment 512;", "contexts": [ "http", "server", "location" ], "desc": "Sets the alignment fordirectio.In most cases, a 512-byte alignment is enough.However, when using XFS under Linux, it needs to be increased to 4K.", "notes": [], "since": "0.8.11", "module": "ngx_http_core_module" }, { "name": "disable_symlinks", "syntax": [ "disable_symlinks off;", "disable_symlinks \n on |\n if_not_owner\n [from=part];" ], "def": "disable_symlinks off;", "contexts": [ "http", "server", "location" ], "desc": "Determines how symbolic links should be treated when opening files:", "notes": [ "\nOn systems that do not support opening of directories only for search,\nto use these parameters it is required that worker processes\nhave read permissions for all directories being checked.\n", "\nThe\nngx_http_autoindex_module,\nngx_http_random_index_module,\nand ngx_http_dav_module\nmodules currently ignore this directive.\n" ], "since": "1.1.15", "module": "ngx_http_core_module" }, { "name": "error_page", "syntax": [ "error_page \n code ...\n [=[response]]\n uri;" ], "def": null, "contexts": [ "http", "server", "location", "ifinlocation" ], "desc": "Defines the URI that will be shown for the specified errors.A uri value can contain variables.", "notes": [ "\nIf uri processing leads to an error,\nthe status code of the last occurred error is returned to the client.\n", "\nThe code 307 was not treated as a redirect until versions 1.1.16 and 1.0.13.\n", "\nThe code 308 was not treated as a redirect until version 1.13.0.\n" ], "since": null, "module": "ngx_http_core_module" }, { "name": "etag", "syntax": [ "etag on | off;" ], "def": "etag on;", "contexts": [ "http", "server", "location" ], "desc": "Enables or disables automatic generation of the “ETag”response header field for static resources.", "notes": [], "since": "1.3.3", "module": "ngx_http_core_module" }, { "name": "http", "syntax": [ "http { ... }" ], "def": null, "contexts": [ "main" ], "desc": "Provides the configuration file context in which the HTTP server directivesare specified.", "notes": [], "since": null, "module": "ngx_http_core_module" }, { "name": "if_modified_since", "syntax": [ "if_modified_since \n off |\n exact |\n before;" ], "def": "if_modified_since exact;", "contexts": [ "http", "server", "location" ], "desc": "Specifies how to compare modification time of a responsewith the time in the“If-Modified-Since”request header field:", "notes": [], "since": "0.7.24", "module": "ngx_http_core_module" }, { "name": "ignore_invalid_headers", "syntax": [ "ignore_invalid_headers on | off;" ], "def": "ignore_invalid_headers on;", "contexts": [ "http", "server" ], "desc": "Controls whether header fields with invalid names should be ignored.Valid names are composed of English letters, digits, hyphens, and possiblyunderscores (as controlled by the underscores_in_headersdirective).", "notes": [], "since": null, "module": "ngx_http_core_module" }, { "name": "internal", "syntax": [ "internal;" ], "def": null, "contexts": [ "location" ], "desc": "Specifies that a given location can only be used for internal requests.For external requests, the client error404 (Not Found)is returned.Internal requests are the following:", "notes": [], "since": null, "module": "ngx_http_core_module" }, { "name": "keepalive_disable", "syntax": [ "keepalive_disable none | browser ...;" ], "def": "keepalive_disable msie6;", "contexts": [ "http", "server", "location" ], "desc": "Disables keep-alive connections with misbehaving browsers.The browser parameters specify whichbrowsers will be affected.The value msie6 disables keep-alive connectionswith old versions of MSIE, once a POST request is received.The value safari disables keep-alive connectionswith Safari and Safari-like browsers on macOS and macOS-likeoperating systems.The value none enables keep-alive connectionswith all browsers.", "notes": [ "\nPrior to version 1.1.18, the value safari matched\nall Safari and Safari-like browsers on all operating systems, and\nkeep-alive connections with them were disabled by default.\n" ], "since": null, "module": "ngx_http_core_module" }, { "name": "keepalive_requests", "syntax": [ "keepalive_requests number;" ], "def": "keepalive_requests 100;", "contexts": [ "http", "server", "location" ], "desc": "Sets the maximum number of requests that can beserved through one keep-alive connection.After the maximum number of requests are made, the connection is closed.", "notes": [], "since": "0.8.0", "module": "ngx_http_core_module" }, { "name": "keepalive_timeout", "syntax": [ "keepalive_timeout \n timeout\n [header_timeout];" ], "def": "keepalive_timeout 75s;", "contexts": [ "http", "server", "location" ], "desc": "The first parameter sets a timeout during which a keep-aliveclient connection will stay open on the server side.The zero value disables keep-alive client connections.The optional second parameter sets a value in the“Keep-Alive: timeout=time”response header field.Two parameters may differ.", "notes": [], "since": null, "module": "ngx_http_core_module" }, { "name": "large_client_header_buffers", "syntax": [ "large_client_header_buffers number size;" ], "def": "large_client_header_buffers 4 8k;", "contexts": [ "http", "server" ], "desc": "Sets the maximum number and size ofbuffers used for reading large client request header.A request line cannot exceed the size of one buffer, or the414 (Request-URI Too Large)error is returned to the client.A request header field cannot exceed the size of one buffer as well, or the400 (Bad Request)error is returned to the client.Buffers are allocated only on demand.By default, the buffer size is equal to 8K bytes.If after the end of request processing a connection is transitionedinto the keep-alive state, these buffers are released.", "notes": [], "since": null, "module": "ngx_http_core_module" }, { "name": "limit_except", "syntax": [ "limit_except method ... { ... }" ], "def": null, "contexts": [ "location" ], "desc": "Limits allowed HTTP methods inside a location.The method parameter can be one of the following:GET,HEAD,POST,PUT,DELETE,MKCOL,COPY,MOVE,OPTIONS,PROPFIND,PROPPATCH,LOCK,UNLOCK,orPATCH.Allowing the GET method makes theHEAD method also allowed.Access to other methods can be limited using thengx_http_access_module,ngx_http_auth_basic_module,andngx_http_auth_jwt_module(1.13.10)modules directives:", "notes": [], "since": null, "module": "ngx_http_core_module" }, { "name": "limit_rate", "syntax": [ "limit_rate rate;" ], "def": "limit_rate 0;", "contexts": [ "http", "server", "location", "ifinlocation" ], "desc": "Limits the rate of response transmission to a client.The rate is specified in bytes per second.The zero value disables rate limiting.The limit is set per a request, and so if a client simultaneously openstwo connections, the overall rate will be twice as muchas the specified limit.", "notes": [], "since": null, "module": "ngx_http_core_module" }, { "name": "limit_rate_after", "syntax": [ "limit_rate_after size;" ], "def": "limit_rate_after 0;", "contexts": [ "http", "server", "location", "ifinlocation" ], "desc": "Sets the initial amount after which the further transmissionof a response to a client will be rate limited.", "notes": [], "since": "0.8.0", "module": "ngx_http_core_module" }, { "name": "lingering_close", "syntax": [ "lingering_close \n off |\n on |\n always;" ], "def": "lingering_close on;", "contexts": [ "http", "server", "location" ], "desc": "Controls how nginx closes client connections.", "notes": [], "since": "1.1.0", "module": "ngx_http_core_module" }, { "name": "lingering_time", "syntax": [ "lingering_time time;" ], "def": "lingering_time 30s;", "contexts": [ "http", "server", "location" ], "desc": "When lingering_close is in effect,this directive specifies the maximum time during which nginxwill process (read and ignore) additional data coming from a client.After that, the connection will be closed, even if there will bemore data.", "notes": [], "since": null, "module": "ngx_http_core_module" }, { "name": "lingering_timeout", "syntax": [ "lingering_timeout time;" ], "def": "lingering_timeout 5s;", "contexts": [ "http", "server", "location" ], "desc": "When lingering_close is in effect, this directive specifiesthe maximum waiting time for more client data to arrive.If data are not received during this time, the connection is closed.Otherwise, the data are read and ignored, and nginx starts waitingfor more data again.The “wait-read-ignore” cycle is repeated, but no longer than specified by thelingering_time directive.", "notes": [], "since": null, "module": "ngx_http_core_module" }, { "name": "listen", "syntax": [ "listen \n address[:port]\n [default_server]\n [ssl]\n [http2 | spdy]\n [proxy_protocol]\n [setfib=number]\n [fastopen=number]\n [backlog=number]\n [rcvbuf=size]\n [sndbuf=size]\n [accept_filter=filter]\n [deferred]\n [bind]\n [ipv6only=on|off]\n [reuseport]\n [so_keepalive=on|off|[keepidle]:[keepintvl]:[keepcnt]];", "listen \n port\n [default_server]\n [ssl]\n [http2 | spdy]\n [proxy_protocol]\n [setfib=number]\n [fastopen=number]\n [backlog=number]\n [rcvbuf=size]\n [sndbuf=size]\n [accept_filter=filter]\n [deferred]\n [bind]\n [ipv6only=on|off]\n [reuseport]\n [so_keepalive=on|off|[keepidle]:[keepintvl]:[keepcnt]];", "listen \n unix:path\n [default_server]\n [ssl]\n [http2 | spdy]\n [proxy_protocol]\n [backlog=number]\n [rcvbuf=size]\n [sndbuf=size]\n [accept_filter=filter]\n [deferred]\n [bind]\n [so_keepalive=on|off|[keepidle]:[keepintvl]:[keepcnt]];" ], "def": "listen *:80 | *:8000;", "contexts": [ "server" ], "desc": "Sets the address and port for IP,or the path for a UNIX-domain socket on whichthe server will accept requests.Both address and port,or only address or only port can be specified.An address may also be a hostname, for example:", "notes": [ "\nIn versions prior to 0.8.21 this parameter is named simply\ndefault.\n", "\nThe PROXY protocol version 2 is supported since version 1.13.11.\n", "\nIn versions prior to 0.8.21, they could only be\nspecified in the listen directive together with the\ndefault parameter.\n" ], "since": null, "module": "ngx_http_core_module" }, { "name": "location", "syntax": [ "location [\n = |\n ~ |\n ~* |\n ^~\n ] uri { ... }", "location @name { ... }" ], "def": null, "contexts": [ "server", "location" ], "desc": "Sets configuration depending on a request URI.", "notes": [ "\nIn versions from 0.7.1 to 0.8.41, if a request matched the prefix\nlocation without the “=” and “^~”\nmodifiers, the search also terminated and regular expressions were\nnot checked.\n" ], "since": null, "module": "ngx_http_core_module" }, { "name": "log_not_found", "syntax": [ "log_not_found on | off;" ], "def": "log_not_found on;", "contexts": [ "http", "server", "location" ], "desc": "Enables or disables logging of errors about not found files intoerror_log.", "notes": [], "since": null, "module": "ngx_http_core_module" }, { "name": "log_subrequest", "syntax": [ "log_subrequest on | off;" ], "def": "log_subrequest off;", "contexts": [ "http", "server", "location" ], "desc": "Enables or disables logging of subrequests intoaccess_log.", "notes": [], "since": null, "module": "ngx_http_core_module" }, { "name": "max_ranges", "syntax": [ "max_ranges number;" ], "def": null, "contexts": [ "http", "server", "location" ], "desc": "Limits the maximum allowed number of ranges in byte-range requests.Requests that exceed the limit are processed as if there were nobyte ranges specified.By default, the number of ranges is not limited.The zero value disables the byte-range support completely.", "notes": [], "since": "1.1.2", "module": "ngx_http_core_module" }, { "name": "merge_slashes", "syntax": [ "merge_slashes on | off;" ], "def": "merge_slashes on;", "contexts": [ "http", "server" ], "desc": "Enables or disables compression of two or more adjacent slashesin a URI into a single slash.", "notes": [], "since": null, "module": "ngx_http_core_module" }, { "name": "msie_padding", "syntax": [ "msie_padding on | off;" ], "def": "msie_padding on;", "contexts": [ "http", "server", "location" ], "desc": "Enables or disables adding comments to responses for MSIE clients with statusgreater than 400 to increase the response size to 512 bytes.", "notes": [], "since": null, "module": "ngx_http_core_module" }, { "name": "msie_refresh", "syntax": [ "msie_refresh on | off;" ], "def": "msie_refresh off;", "contexts": [ "http", "server", "location" ], "desc": "Enables or disables issuing refreshes instead of redirects for MSIE clients.", "notes": [], "since": null, "module": "ngx_http_core_module" }, { "name": "open_file_cache", "syntax": [ "open_file_cache off;", "open_file_cache \nmax=N\n[inactive=time];" ], "def": "open_file_cache off;", "contexts": [ "http", "server", "location" ], "desc": "Configures a cache that can store:", "notes": [], "since": null, "module": "ngx_http_core_module" }, { "name": "open_file_cache_errors", "syntax": [ "open_file_cache_errors on | off;" ], "def": "open_file_cache_errors off;", "contexts": [ "http", "server", "location" ], "desc": "Enables or disables caching of file lookup errors byopen_file_cache.", "notes": [], "since": null, "module": "ngx_http_core_module" }, { "name": "open_file_cache_min_uses", "syntax": [ "open_file_cache_min_uses number;" ], "def": "open_file_cache_min_uses 1;", "contexts": [ "http", "server", "location" ], "desc": "Sets the minimum number of file accesses duringthe period configured by the inactive parameterof the open_file_cache directive, required for a filedescriptor to remain open in the cache.", "notes": [], "since": null, "module": "ngx_http_core_module" }, { "name": "open_file_cache_valid", "syntax": [ "open_file_cache_valid time;" ], "def": "open_file_cache_valid 60s;", "contexts": [ "http", "server", "location" ], "desc": "Sets a time after whichopen_file_cacheelements should be validated.", "notes": [], "since": null, "module": "ngx_http_core_module" }, { "name": "output_buffers", "syntax": [ "output_buffers number size;" ], "def": "output_buffers 2 32k;", "contexts": [ "http", "server", "location" ], "desc": "Sets the number and size of thebuffers used for reading a response from a disk.", "notes": [ "\nPrior to version 1.9.5, the default value was 1 32k.\n" ], "since": null, "module": "ngx_http_core_module" }, { "name": "port_in_redirect", "syntax": [ "port_in_redirect on | off;" ], "def": "port_in_redirect on;", "contexts": [ "http", "server", "location" ], "desc": "Enables or disables specifying the port inabsolute redirects issued by nginx.", "notes": [], "since": null, "module": "ngx_http_core_module" }, { "name": "postpone_output", "syntax": [ "postpone_output size;" ], "def": "postpone_output 1460;", "contexts": [ "http", "server", "location" ], "desc": "If possible, the transmission of client data will be postponed untilnginx has at least size bytes of data to send.The zero value disables postponing data transmission.", "notes": [], "since": null, "module": "ngx_http_core_module" }, { "name": "read_ahead", "syntax": [ "read_ahead size;" ], "def": "read_ahead 0;", "contexts": [ "http", "server", "location" ], "desc": "Sets the amount of pre-reading for the kernel when working with file.", "notes": [], "since": null, "module": "ngx_http_core_module" }, { "name": "recursive_error_pages", "syntax": [ "recursive_error_pages on | off;" ], "def": "recursive_error_pages off;", "contexts": [ "http", "server", "location" ], "desc": "Enables or disables doing several redirects using theerror_pagedirective.The number of such redirects is limited.", "notes": [], "since": null, "module": "ngx_http_core_module" }, { "name": "request_pool_size", "syntax": [ "request_pool_size size;" ], "def": "request_pool_size 4k;", "contexts": [ "http", "server" ], "desc": "Allows accurate tuning of per-request memory allocations.This directive has minimal impact on performanceand should not generally be used.", "notes": [], "since": null, "module": "ngx_http_core_module" }, { "name": "reset_timedout_connection", "syntax": [ "reset_timedout_connection on | off;" ], "def": "reset_timedout_connection off;", "contexts": [ "http", "server", "location" ], "desc": "Enables or disables resetting timed out connections.The reset is performed as follows.Before closing a socket, theSO_LINGERoption is set on it with a timeout value of 0.When the socket is closed, TCP RST is sent to the client, and all memoryoccupied by this socket is released.This helps avoid keeping an already closed socket with filled buffersin a FIN_WAIT1 state for a long time.", "notes": [], "since": null, "module": "ngx_http_core_module" }, { "name": "resolver", "syntax": [ "resolver \n address ...\n [valid=time]\n [ipv6=on|off];" ], "def": null, "contexts": [ "http", "server", "location" ], "desc": "Configures name servers used to resolve names of upstream serversinto addresses, for example:", "notes": [ "\nBefore version 1.1.7, only a single name server could be configured.\nSpecifying name servers using IPv6 addresses is supported\nstarting from versions 1.3.1 and 1.2.2.\n", "\nResolving of names into IPv6 addresses is supported\nstarting from version 1.5.8.\n", "\nBefore version 1.1.9, tuning of caching time was not possible,\nand nginx always cached answers for the duration of 5 minutes.\n", "\nTo prevent DNS spoofing, it is recommended\nconfiguring DNS servers in a properly secured trusted local network.\n" ], "since": null, "module": "ngx_http_core_module" }, { "name": "resolver_timeout", "syntax": [ "resolver_timeout time;" ], "def": "resolver_timeout 30s;", "contexts": [ "http", "server", "location" ], "desc": "Sets a timeout for name resolution, for example:", "notes": [], "since": null, "module": "ngx_http_core_module" }, { "name": "root", "syntax": [ "root path;" ], "def": "root html;", "contexts": [ "http", "server", "location", "ifinlocation" ], "desc": "Sets the root directory for requests.For example, with the following configuration", "notes": [], "since": null, "module": "ngx_http_core_module" }, { "name": "satisfy", "syntax": [ "satisfy all | any;" ], "def": "satisfy all;", "contexts": [ "http", "server", "location" ], "desc": "Allows access if all (all) or at least one(any) of thengx_http_access_module,ngx_http_auth_basic_module,ngx_http_auth_request_module,orngx_http_auth_jwt_modulemodules allow access.", "notes": [], "since": null, "module": "ngx_http_core_module" }, { "name": "send_lowat", "syntax": [ "send_lowat size;" ], "def": "send_lowat 0;", "contexts": [ "http", "server", "location" ], "desc": "If the directive is set to a non-zero value, nginx will try to minimizethe number of send operations on client sockets by using eitherNOTE_LOWAT flag of thekqueue methodor the SO_SNDLOWAT socket option.In both cases the specified size is used.", "notes": [], "since": null, "module": "ngx_http_core_module" }, { "name": "send_timeout", "syntax": [ "send_timeout time;" ], "def": "send_timeout 60s;", "contexts": [ "http", "server", "location" ], "desc": "Sets a timeout for transmitting a response to the client.The timeout is set only between two successive write operations,not for the transmission of the whole response.If the client does not receive anything within this time,the connection is closed.", "notes": [], "since": null, "module": "ngx_http_core_module" }, { "name": "sendfile", "syntax": [ "sendfile on | off;" ], "def": "sendfile off;", "contexts": [ "http", "server", "location", "ifinlocation" ], "desc": "Enables or disables the use ofsendfile().", "notes": [ "\nBefore version 1.7.11, pre-loading could be enabled with\naio sendfile;.\n" ], "since": null, "module": "ngx_http_core_module" }, { "name": "sendfile_max_chunk", "syntax": [ "sendfile_max_chunk size;" ], "def": "sendfile_max_chunk 0;", "contexts": [ "http", "server", "location" ], "desc": "When set to a non-zero value, limits the amount of data that can betransferred in a single sendfile() call.Without the limit, one fast connection may seize the worker process entirely.", "notes": [], "since": null, "module": "ngx_http_core_module" }, { "name": "server", "syntax": [ "server { ... }" ], "def": null, "contexts": [ "http" ], "desc": "Sets configuration for a virtual server.There is no clear separation between IP-based (based on the IP address)and name-based (based on the “Host” request header field)virtual servers.Instead, the listen directives describe alladdresses and ports that should accept connections for the server, and theserver_name directive lists all server names.Example configurations are provided in the“How nginx processes a request” document.", "notes": [], "since": null, "module": "ngx_http_core_module" }, { "name": "server_name", "syntax": [ "server_name name ...;" ], "def": "server_name \"\";", "contexts": [ "server" ], "desc": "Sets names of a virtual server, for example:", "notes": [ "\nBefore 0.8.48, the machine’s hostname was used by default.\n" ], "since": null, "module": "ngx_http_core_module" }, { "name": "server_name_in_redirect", "syntax": [ "server_name_in_redirect on | off;" ], "def": "server_name_in_redirect off;", "contexts": [ "http", "server", "location" ], "desc": "Enables or disables the use of the primary server name, specified by theserver_name directive,in absolute redirects issued by nginx.When the use of the primary server name is disabled, the name from the“Host” request header field is used.If this field is not present, the IP address of the server is used.", "notes": [], "since": null, "module": "ngx_http_core_module" }, { "name": "server_names_hash_bucket_size", "syntax": [ "server_names_hash_bucket_size size;" ], "def": "server_names_hash_bucket_size 32|64|128;", "contexts": [ "http" ], "desc": "Sets the bucket size for the server names hash tables.The default value depends on the size of the processor’s cache line.The details of setting up hash tables are provided in a separatedocument.", "notes": [], "since": null, "module": "ngx_http_core_module" }, { "name": "server_names_hash_max_size", "syntax": [ "server_names_hash_max_size size;" ], "def": "server_names_hash_max_size 512;", "contexts": [ "http" ], "desc": "Sets the maximum size of the server names hash tables.The details of setting up hash tables are provided in a separatedocument.", "notes": [], "since": null, "module": "ngx_http_core_module" }, { "name": "server_tokens", "syntax": [ "server_tokens \n on |\n off |\n build |\n string;" ], "def": "server_tokens on;", "contexts": [ "http", "server", "location" ], "desc": "Enables or disables emitting nginx version on error pages and in the“Server” response header field.", "notes": [], "since": null, "module": "ngx_http_core_module" }, { "name": "subrequest_output_buffer_size", "syntax": [ "subrequest_output_buffer_size size;" ], "def": "subrequest_output_buffer_size 4k|8k;", "contexts": [ "http", "server", "location" ], "desc": "Sets the size of the buffer used forstoring the response body of a subrequest.By default, the buffer size is equal to one memory page.This is either 4K or 8K, depending on a platform.It can be made smaller, however.", "notes": [], "since": "1.13.10", "module": "ngx_http_core_module" }, { "name": "tcp_nodelay", "syntax": [ "tcp_nodelay on | off;" ], "def": "tcp_nodelay on;", "contexts": [ "http", "server", "location" ], "desc": "Enables or disables the use of the TCP_NODELAY option.The option is enabled when a connection is transitioned into thekeep-alive state.Additionally, it is enabled on SSL connections,for unbuffered proxying,and for WebSocket proxying.", "notes": [], "since": null, "module": "ngx_http_core_module" }, { "name": "tcp_nopush", "syntax": [ "tcp_nopush on | off;" ], "def": "tcp_nopush off;", "contexts": [ "http", "server", "location" ], "desc": "Enables or disables the use ofthe TCP_NOPUSH socket option on FreeBSDor the TCP_CORK socket option on Linux.The options are enabled only when sendfile is used.Enabling the option allows", "notes": [], "since": null, "module": "ngx_http_core_module" }, { "name": "try_files", "syntax": [ "try_files file ... uri;", "try_files file ... =code;" ], "def": null, "contexts": [ "server", "location" ], "desc": "Checks the existence of files in the specified order and usesthe first found file for request processing; the processingis performed in the current context.The path to a file is constructed from thefile parameteraccording to theroot and alias directives.It is possible to check directory’s existence by specifyinga slash at the end of a name, e.g. “$uri/”.If none of the files were found, an internal redirect to theuri specified in the last parameter is made.For example:", "notes": [], "since": null, "module": "ngx_http_core_module" }, { "name": "types", "syntax": [ "types { ... }" ], "def": "types {\n text/html html;\n image/gif gif;\n image/jpeg jpg;\n}", "contexts": [ "http", "server", "location" ], "desc": "Maps file name extensions to MIME types of responses.Extensions are case-insensitive.Several extensions can be mapped to one type, for example:", "notes": [], "since": null, "module": "ngx_http_core_module" }, { "name": "types_hash_bucket_size", "syntax": [ "types_hash_bucket_size size;" ], "def": "types_hash_bucket_size 64;", "contexts": [ "http", "server", "location" ], "desc": "Sets the bucket size for the types hash tables.The details of setting up hash tables are provided in a separatedocument.", "notes": [ "\nPrior to version 1.5.13,\nthe default value depended on the size of the processor’s cache line.\n" ], "since": null, "module": "ngx_http_core_module" }, { "name": "types_hash_max_size", "syntax": [ "types_hash_max_size size;" ], "def": "types_hash_max_size 1024;", "contexts": [ "http", "server", "location" ], "desc": "Sets the maximum size of the types hash tables.The details of setting up hash tables are provided in a separatedocument.", "notes": [], "since": null, "module": "ngx_http_core_module" }, { "name": "underscores_in_headers", "syntax": [ "underscores_in_headers on | off;" ], "def": "underscores_in_headers off;", "contexts": [ "http", "server" ], "desc": "Enables or disables the use of underscores in client request header fields.When the use of underscores is disabled, request header fields whose namescontain underscores aremarked as invalid and become subject to theignore_invalid_headers directive.", "notes": [], "since": null, "module": "ngx_http_core_module" }, { "name": "variables_hash_bucket_size", "syntax": [ "variables_hash_bucket_size size;" ], "def": "variables_hash_bucket_size 64;", "contexts": [ "http" ], "desc": "Sets the bucket size for the variables hash table.The details of setting up hash tables are provided in a separatedocument.", "notes": [], "since": null, "module": "ngx_http_core_module" }, { "name": "variables_hash_max_size", "syntax": [ "variables_hash_max_size size;" ], "def": "variables_hash_max_size 1024;", "contexts": [ "http" ], "desc": "Sets the maximum size of the variables hash table.The details of setting up hash tables are provided in a separatedocument.", "notes": [ "\nPrior to version 1.5.13, the default value was 512.\n" ], "since": null, "module": "ngx_http_core_module" }, { "name": "allow", "syntax": [ "allow \n address |\n CIDR |\n unix: |\n all;" ], "def": null, "contexts": [ "http", "server", "location", "limit_except" ], "desc": "Allows access for the specified network or address.If the special value unix: is specified (1.5.1),allows access for all UNIX-domain sockets.", "notes": [], "since": null, "module": "ngx_http_access_module" }, { "name": "deny", "syntax": [ "deny \n address |\n CIDR |\n unix: |\n all;" ], "def": null, "contexts": [ "http", "server", "location", "limit_except" ], "desc": "Denies access for the specified network or address.If the special value unix: is specified (1.5.1),denies access for all UNIX-domain sockets.", "notes": [], "since": null, "module": "ngx_http_access_module" }, { "name": "add_before_body", "syntax": [ "add_before_body uri;" ], "def": null, "contexts": [ "http", "server", "location" ], "desc": "Adds the text returned as a result of processing a given subrequestbefore the response body.An empty string (\"\") as a parameter cancels additioninherited from the previous configuration level.", "notes": [], "since": null, "module": "ngx_http_addition_module" }, { "name": "add_after_body", "syntax": [ "add_after_body uri;" ], "def": null, "contexts": [ "http", "server", "location" ], "desc": "Adds the text returned as a result of processing a given subrequestafter the response body.An empty string (\"\") as a parameter cancels additioninherited from the previous configuration level.", "notes": [], "since": null, "module": "ngx_http_addition_module" }, { "name": "addition_types", "syntax": [ "addition_types mime-type ...;" ], "def": "addition_types text/html;", "contexts": [ "http", "server", "location" ], "desc": "Allows adding text in responses with the specified MIME types,in addition to “text/html”.The special value “*” matches any MIME type (0.8.29).", "notes": [], "since": "0.7.9", "module": "ngx_http_addition_module" }, { "name": "api", "syntax": [ "api \n[write=on|off];" ], "def": null, "contexts": [ "location" ], "desc": "Turns on the REST API interface in the surrounding location.Access to this location should belimited.", "notes": [], "since": null, "module": "ngx_http_api_module" }, { "name": "auth_basic", "syntax": [ "auth_basic string | off;" ], "def": "auth_basic off;", "contexts": [ "http", "server", "location", "limit_except" ], "desc": "Enables validation of user name and password using the“HTTP Basic Authentication” protocol.The specified parameter is used as a realm.Parameter value can contain variables (1.3.10, 1.2.7).The special value off allows cancelling the effectof the auth_basic directiveinherited from the previous configuration level.", "notes": [], "since": null, "module": "ngx_http_auth_basic_module" }, { "name": "auth_basic_user_file", "syntax": [ "auth_basic_user_file file;" ], "def": null, "contexts": [ "http", "server", "location", "limit_except" ], "desc": "Specifies a file that keeps user names and passwords,in the following format:", "notes": [], "since": null, "module": "ngx_http_auth_basic_module" }, { "name": "auth_jwt", "syntax": [ "auth_jwt \n string\n [token=$variable] |\n off;" ], "def": "auth_jwt off;", "contexts": [ "http", "server", "location", "limit_except" ], "desc": "Enables validation of JSON Web Token.The specified string is used as a realm.Parameter value can contain variables.", "notes": [], "since": null, "module": "ngx_http_auth_jwt_module" }, { "name": "auth_jwt_claim_set", "syntax": [ "auth_jwt_claim_set $variable name ...;" ], "def": null, "contexts": [ "http" ], "desc": "Sets the variable to a JWT claim parameteridentified by key names.Name matching starts from the top level of the JSON tree.For arrays, the variable keeps a list of array elements separated by commas.", "notes": [ "\nPrior to version 1.13.7, only one key name could be specified,\nand the result was undefined for arrays.\n" ], "since": "1.11.10", "module": "ngx_http_auth_jwt_module" }, { "name": "auth_jwt_header_set", "syntax": [ "auth_jwt_header_set $variable name ...;" ], "def": null, "contexts": [ "http" ], "desc": "Sets the variable to a JOSE header parameteridentified by key names.Name matching starts from the top level of the JSON tree.For arrays, the variable keeps a list of array elements separated by commas.", "notes": [ "\nPrior to version 1.13.7, only one key name could be specified,\nand the result was undefined for arrays.\n" ], "since": "1.11.10", "module": "ngx_http_auth_jwt_module" }, { "name": "auth_jwt_key_file", "syntax": [ "auth_jwt_key_file file;" ], "def": null, "contexts": [ "http", "server", "location", "limit_except" ], "desc": "Specifies a file inJSON Web Key Setformat for validating JWT signature.Parameter value can contain variables.", "notes": [], "since": null, "module": "ngx_http_auth_jwt_module" }, { "name": "auth_jwt_leeway", "syntax": [ "auth_jwt_leeway time;" ], "def": "auth_jwt_leeway 0s;", "contexts": [ "http", "server", "location" ], "desc": "Sets the maximum allowable leeway to compensateclock skew when verifying theexpandnbfJWT claims.", "notes": [], "since": "1.13.10", "module": "ngx_http_auth_jwt_module" }, { "name": "auth_request", "syntax": [ "auth_request uri | off;" ], "def": "auth_request off;", "contexts": [ "http", "server", "location" ], "desc": "Enables authorization based on the result of a subrequest and setsthe URI to which the subrequest will be sent.", "notes": [], "since": null, "module": "ngx_http_auth_request_module" }, { "name": "auth_request_set", "syntax": [ "auth_request_set $variable value;" ], "def": null, "contexts": [ "http", "server", "location" ], "desc": "Sets the request variable to the givenvalue after the authorization request completes.The value may contain variables from the authorization request,such as $upstream_http_*.", "notes": [], "since": null, "module": "ngx_http_auth_request_module" }, { "name": "autoindex", "syntax": [ "autoindex on | off;" ], "def": "autoindex off;", "contexts": [ "http", "server", "location" ], "desc": "Enables or disables the directory listing output.", "notes": [], "since": null, "module": "ngx_http_autoindex_module" }, { "name": "autoindex_exact_size", "syntax": [ "autoindex_exact_size on | off;" ], "def": "autoindex_exact_size on;", "contexts": [ "http", "server", "location" ], "desc": "For the HTML format,specifies whether exact file sizes should be output in the directory listing,or rather rounded to kilobytes, megabytes, and gigabytes.", "notes": [], "since": null, "module": "ngx_http_autoindex_module" }, { "name": "autoindex_format", "syntax": [ "autoindex_format \n html |\n xml |\n json |\n jsonp;" ], "def": "autoindex_format html;", "contexts": [ "http", "server", "location" ], "desc": "Sets the format of a directory listing.", "notes": [], "since": "1.7.9", "module": "ngx_http_autoindex_module" }, { "name": "autoindex_localtime", "syntax": [ "autoindex_localtime on | off;" ], "def": "autoindex_localtime off;", "contexts": [ "http", "server", "location" ], "desc": "For the HTML format,specifies whether times in the directory listing should beoutput in the local time zone or UTC.", "notes": [], "since": null, "module": "ngx_http_autoindex_module" }, { "name": "ancient_browser", "syntax": [ "ancient_browser string ...;" ], "def": null, "contexts": [ "http", "server", "location" ], "desc": "If any of the specified substrings is found in the “User-Agent”request header field, the browser will be considered ancient.The special string “netscape4” corresponds to theregular expression “^Mozilla/[1-4]”.", "notes": [], "since": null, "module": "ngx_http_browser_module" }, { "name": "ancient_browser_value", "syntax": [ "ancient_browser_value string;" ], "def": "ancient_browser_value 1;", "contexts": [ "http", "server", "location" ], "desc": "Sets a value for the $ancient_browser variables.", "notes": [], "since": null, "module": "ngx_http_browser_module" }, { "name": "modern_browser", "syntax": [ "modern_browser browser version;", "modern_browser unlisted;" ], "def": null, "contexts": [ "http", "server", "location" ], "desc": "Specifies a version starting from which a browser is considered modern.A browser can be any one of the following: msie,gecko (browsers based on Mozilla),opera, safari,or konqueror.", "notes": [], "since": null, "module": "ngx_http_browser_module" }, { "name": "modern_browser_value", "syntax": [ "modern_browser_value string;" ], "def": "modern_browser_value 1;", "contexts": [ "http", "server", "location" ], "desc": "Sets a value for the $modern_browser variables.", "notes": [], "since": null, "module": "ngx_http_browser_module" }, { "name": "charset", "syntax": [ "charset charset | off;" ], "def": "charset off;", "contexts": [ "http", "server", "location", "ifinlocation" ], "desc": "Adds the specified charset to the “Content-Type”response header field.If this charset is different from the charset specifiedin the source_charset directive, a conversion is performed.", "notes": [], "since": null, "module": "ngx_http_charset_module" }, { "name": "charset_map", "syntax": [ "charset_map charset1 charset2 { ... }" ], "def": null, "contexts": [ "http" ], "desc": "Describes the conversion table from one charset to another.A reverse conversion table is built using the same data.Character codes are given in hexadecimal.Missing characters in the range 80-FF are replaced with “?”.When converting from UTF-8, characters missing in a one-byte charsetare replaced with “&#XXXX;”.", "notes": [], "since": null, "module": "ngx_http_charset_module" }, { "name": "charset_types", "syntax": [ "charset_types mime-type ...;" ], "def": "charset_types text/html text/xml text/plain text/vnd.wap.wml\napplication/javascript application/rss+xml;", "contexts": [ "http", "server", "location" ], "desc": "Enables module processing in responses with the specified MIME typesin addition to “text/html”.The special value “*” matches any MIME type (0.8.29).", "notes": [ "\nUntil version 1.5.4, “application/x-javascript” was used\nas the default MIME type instead of “application/javascript”.\n" ], "since": "0.7.9", "module": "ngx_http_charset_module" }, { "name": "override_charset", "syntax": [ "override_charset on | off;" ], "def": "override_charset off;", "contexts": [ "http", "server", "location", "ifinlocation" ], "desc": "Determines whether a conversion should be performed for answersreceived from a proxied or a FastCGI/uwsgi/SCGI/gRPC serverwhen the answers already carry a charset in the “Content-Type”response header field.If conversion is enabled, a charset specified in the receivedresponse is used as a source charset.", "notes": [ "\nIt should be noted that if a response is received in a subrequest\nthen the conversion from the response charset to the main request charset\nis always performed, regardless of the override_charset\ndirective setting.\n" ], "since": null, "module": "ngx_http_charset_module" }, { "name": "source_charset", "syntax": [ "source_charset charset;" ], "def": null, "contexts": [ "http", "server", "location", "ifinlocation" ], "desc": "Defines the source charset of a response.If this charset is different from the charset specifiedin the charset directive, a conversion is performed.", "notes": [], "since": null, "module": "ngx_http_charset_module" }, { "name": "create_full_put_path", "syntax": [ "create_full_put_path on | off;" ], "def": "create_full_put_path off;", "contexts": [ "http", "server", "location" ], "desc": "The WebDAV specification only allows creating files in alreadyexisting directories.This directive allows creating all needed intermediate directories.", "notes": [], "since": null, "module": "ngx_http_dav_module" }, { "name": "dav_access", "syntax": [ "dav_access users:permissions ...;" ], "def": "dav_access user:rw;", "contexts": [ "http", "server", "location" ], "desc": "Sets access permissions for newly created files and directories, e.g.:", "notes": [], "since": null, "module": "ngx_http_dav_module" }, { "name": "dav_methods", "syntax": [ "dav_methods \n off | method ...;" ], "def": "dav_methods off;", "contexts": [ "http", "server", "location" ], "desc": "Allows the specified HTTP and WebDAV methods.The parameter off denies all methods processedby this module.The following methods are supported:PUT, DELETE, MKCOL,COPY, and MOVE.", "notes": [], "since": null, "module": "ngx_http_dav_module" }, { "name": "min_delete_depth", "syntax": [ "min_delete_depth number;" ], "def": "min_delete_depth 0;", "contexts": [ "http", "server", "location" ], "desc": "Allows the DELETE method to remove files provided thatthe number of elements in a request path is not less than the specifiednumber.For example, the directive", "notes": [], "since": null, "module": "ngx_http_dav_module" }, { "name": "empty_gif", "syntax": [ "empty_gif;" ], "def": null, "contexts": [ "location" ], "desc": "Turns on module processing in a surrounding location.", "notes": [], "since": null, "module": "ngx_http_empty_gif_module" }, { "name": "f4f", "syntax": [ "f4f;" ], "def": null, "contexts": [ "location" ], "desc": "Turns on module processing in the surrounding location.", "notes": [], "since": null, "module": "ngx_http_f4f_module" }, { "name": "f4f_buffer_size", "syntax": [ "f4f_buffer_size size;" ], "def": "f4f_buffer_size 512k;", "contexts": [ "http", "server", "location" ], "desc": "Sets the size of the buffer used forreading the .f4x index file.", "notes": [], "since": null, "module": "ngx_http_f4f_module" }, { "name": "fastcgi_bind", "syntax": [ "fastcgi_bind \n address\n [transparent] |\n off;" ], "def": null, "contexts": [ "http", "server", "location" ], "desc": "Makes outgoing connections to a FastCGI server originatefrom the specified local IP address with an optional port (1.11.2).Parameter value can contain variables (1.3.12).The special value off (1.3.12) cancels the effectof the fastcgi_bind directiveinherited from the previous configuration level, which allows thesystem to auto-assign the local IP address and port.", "notes": [], "since": "0.8.22", "module": "ngx_http_fastcgi_module" }, { "name": "fastcgi_buffer_size", "syntax": [ "fastcgi_buffer_size size;" ], "def": "fastcgi_buffer_size 4k|8k;", "contexts": [ "http", "server", "location" ], "desc": "Sets the size of the buffer used for reading the first partof the response received from the FastCGI server.This part usually contains a small response header.By default, the buffer size is equal to one memory page.This is either 4K or 8K, depending on a platform.It can be made smaller, however.", "notes": [], "since": null, "module": "ngx_http_fastcgi_module" }, { "name": "fastcgi_buffering", "syntax": [ "fastcgi_buffering on | off;" ], "def": "fastcgi_buffering on;", "contexts": [ "http", "server", "location" ], "desc": "Enables or disables buffering of responses from the FastCGI server.", "notes": [], "since": "1.5.6", "module": "ngx_http_fastcgi_module" }, { "name": "fastcgi_buffers", "syntax": [ "fastcgi_buffers number size;" ], "def": "fastcgi_buffers 8 4k|8k;", "contexts": [ "http", "server", "location" ], "desc": "Sets the number and size of thebuffers used for reading a response from the FastCGI server,for a single connection.By default, the buffer size is equal to one memory page.This is either 4K or 8K, depending on a platform.", "notes": [], "since": null, "module": "ngx_http_fastcgi_module" }, { "name": "fastcgi_busy_buffers_size", "syntax": [ "fastcgi_busy_buffers_size size;" ], "def": "fastcgi_busy_buffers_size 8k|16k;", "contexts": [ "http", "server", "location" ], "desc": "When buffering of responses from the FastCGIserver is enabled, limits the total size of buffers thatcan be busy sending a response to the client while the response is notyet fully read.In the meantime, the rest of the buffers can be used for reading the responseand, if needed, buffering part of the response to a temporary file.By default, size is limited by the size of two buffers set by thefastcgi_buffer_size and fastcgi_buffers directives.", "notes": [], "since": null, "module": "ngx_http_fastcgi_module" }, { "name": "fastcgi_cache", "syntax": [ "fastcgi_cache zone | off;" ], "def": "fastcgi_cache off;", "contexts": [ "http", "server", "location" ], "desc": "Defines a shared memory zone used for caching.The same zone can be used in several places.Parameter value can contain variables (1.7.9).The off parameter disables caching inheritedfrom the previous configuration level.", "notes": [], "since": null, "module": "ngx_http_fastcgi_module" }, { "name": "fastcgi_cache_background_update", "syntax": [ "fastcgi_cache_background_update on | off;" ], "def": "fastcgi_cache_background_update off;", "contexts": [ "http", "server", "location" ], "desc": "Allows starting a background subrequestto update an expired cache item,while a stale cached response is returned to the client.Note that it is necessary toallowthe usage of a stale cached response when it is being updated.", "notes": [], "since": "1.11.10", "module": "ngx_http_fastcgi_module" }, { "name": "fastcgi_cache_bypass", "syntax": [ "fastcgi_cache_bypass string ...;" ], "def": null, "contexts": [ "http", "server", "location" ], "desc": "Defines conditions under which the response will not be taken from a cache.If at least one value of the string parameters is not empty and is notequal to “0” then the response will not be taken from the cache:", "notes": [], "since": null, "module": "ngx_http_fastcgi_module" }, { "name": "fastcgi_cache_key", "syntax": [ "fastcgi_cache_key string;" ], "def": null, "contexts": [ "http", "server", "location" ], "desc": "Defines a key for caching, for example", "notes": [], "since": null, "module": "ngx_http_fastcgi_module" }, { "name": "fastcgi_cache_lock", "syntax": [ "fastcgi_cache_lock on | off;" ], "def": "fastcgi_cache_lock off;", "contexts": [ "http", "server", "location" ], "desc": "When enabled, only one request at a time will be allowed to populatea new cache element identified according to the fastcgi_cache_keydirective by passing a request to a FastCGI server.Other requests of the same cache element will either waitfor a response to appear in the cache or the cache lock forthis element to be released, up to the time set by thefastcgi_cache_lock_timeout directive.", "notes": [], "since": "1.1.12", "module": "ngx_http_fastcgi_module" }, { "name": "fastcgi_cache_lock_age", "syntax": [ "fastcgi_cache_lock_age time;" ], "def": "fastcgi_cache_lock_age 5s;", "contexts": [ "http", "server", "location" ], "desc": "If the last request passed to the FastCGI serverfor populating a new cache elementhas not completed for the specified time,one more request may be passed to the FastCGI server.", "notes": [], "since": "1.7.8", "module": "ngx_http_fastcgi_module" }, { "name": "fastcgi_cache_lock_timeout", "syntax": [ "fastcgi_cache_lock_timeout time;" ], "def": "fastcgi_cache_lock_timeout 5s;", "contexts": [ "http", "server", "location" ], "desc": "Sets a timeout for fastcgi_cache_lock.When the time expires,the request will be passed to the FastCGI server,however, the response will not be cached.", "notes": [ "\nBefore 1.7.8, the response could be cached.\n" ], "since": "1.1.12", "module": "ngx_http_fastcgi_module" }, { "name": "fastcgi_cache_max_range_offset", "syntax": [ "fastcgi_cache_max_range_offset number;" ], "def": null, "contexts": [ "http", "server", "location" ], "desc": "Sets an offset in bytes for byte-range requests.If the range is beyond the offset,the range request will be passed to the FastCGI serverand the response will not be cached.", "notes": [], "since": "1.11.6", "module": "ngx_http_fastcgi_module" }, { "name": "fastcgi_cache_methods", "syntax": [ "fastcgi_cache_methods \n GET |\n HEAD |\n POST\n ...;" ], "def": "fastcgi_cache_methods GET HEAD;", "contexts": [ "http", "server", "location" ], "desc": "If the client request method is listed in this directive thenthe response will be cached.“GET” and “HEAD” methods are alwaysadded to the list, though it is recommended to specify them explicitly.See also the fastcgi_no_cache directive.", "notes": [], "since": "0.7.59", "module": "ngx_http_fastcgi_module" }, { "name": "fastcgi_cache_min_uses", "syntax": [ "fastcgi_cache_min_uses number;" ], "def": "fastcgi_cache_min_uses 1;", "contexts": [ "http", "server", "location" ], "desc": "Sets the number of requests after which the responsewill be cached.", "notes": [], "since": null, "module": "ngx_http_fastcgi_module" }, { "name": "fastcgi_cache_path", "syntax": [ "fastcgi_cache_path \n path\n [levels=levels]\n [use_temp_path=on|off]\n keys_zone=name:size\n [inactive=time]\n [max_size=size]\n [manager_files=number]\n [manager_sleep=time]\n [manager_threshold=time]\n [loader_files=number]\n [loader_sleep=time]\n [loader_threshold=time]\n [purger=on|off]\n [purger_files=number]\n [purger_sleep=time]\n [purger_threshold=time];" ], "def": null, "contexts": [ "http" ], "desc": "Sets the path and other parameters of a cache.Cache data are stored in files.Both the key and file name in a cache are a result ofapplying the MD5 function to the proxied URL.The levels parameter defines hierarchy levels of a cache:from 1 to 3, each level accepts values 1 or 2.For example, in the following configuration", "notes": [ "\nAs part of\ncommercial subscription,\nthe shared memory zone also stores extended\ncache information,\nthus, it is required to specify a larger zone size for the same number of keys.\nFor example,\none megabyte zone can store about 4 thousand keys.\n", "\nIn versions 1.7.3, 1.7.7, and 1.11.10 cache header format has been changed.\nPreviously cached responses will be considered invalid\nafter upgrading to a newer nginx version.\n" ], "since": null, "module": "ngx_http_fastcgi_module" }, { "name": "fastcgi_cache_purge", "syntax": [ "fastcgi_cache_purge string ...;" ], "def": null, "contexts": [ "http", "server", "location" ], "desc": "Defines conditions under which the request will be considered a cachepurge request.If at least one value of the string parameters is not empty and is not equalto “0” then the cache entry with a correspondingcache key is removed.The result of successful operation is indicated by returningthe 204 (No Content) response.", "notes": [ "\nThis functionality is available as part of our\ncommercial subscription.\n" ], "since": "1.5.7", "module": "ngx_http_fastcgi_module" }, { "name": "fastcgi_cache_revalidate", "syntax": [ "fastcgi_cache_revalidate on | off;" ], "def": "fastcgi_cache_revalidate off;", "contexts": [ "http", "server", "location" ], "desc": "Enables revalidation of expired cache items using conditional requests withthe “If-Modified-Since” and “If-None-Match”header fields.", "notes": [], "since": "1.5.7", "module": "ngx_http_fastcgi_module" }, { "name": "fastcgi_cache_use_stale", "syntax": [ "fastcgi_cache_use_stale \n error |\n timeout |\n invalid_header |\n updating |\n http_500 |\n http_503 |\n http_403 |\n http_404 |\n http_429 |\n off\n ...;" ], "def": "fastcgi_cache_use_stale off;", "contexts": [ "http", "server", "location" ], "desc": "Determines in which cases a stale cached response can be usedwhen an error occurs during communication with the FastCGI server.The directive’s parameters match the parameters of thefastcgi_next_upstream directive.", "notes": [], "since": null, "module": "ngx_http_fastcgi_module" }, { "name": "fastcgi_cache_valid", "syntax": [ "fastcgi_cache_valid [code ...] time;" ], "def": null, "contexts": [ "http", "server", "location" ], "desc": "Sets caching time for different response codes.For example, the following directives", "notes": [], "since": null, "module": "ngx_http_fastcgi_module" }, { "name": "fastcgi_catch_stderr", "syntax": [ "fastcgi_catch_stderr string;" ], "def": null, "contexts": [ "http", "server", "location" ], "desc": "Sets a string to search for in the error stream of a responsereceived from a FastCGI server.If the string is found then it is considered that the FastCGIserver has returned an invalid response.This allows handling application errors in nginx, for example:", "notes": [], "since": null, "module": "ngx_http_fastcgi_module" }, { "name": "fastcgi_connect_timeout", "syntax": [ "fastcgi_connect_timeout time;" ], "def": "fastcgi_connect_timeout 60s;", "contexts": [ "http", "server", "location" ], "desc": "Defines a timeout for establishing a connection with a FastCGI server.It should be noted that this timeout cannot usually exceed 75 seconds.", "notes": [], "since": null, "module": "ngx_http_fastcgi_module" }, { "name": "fastcgi_force_ranges", "syntax": [ "fastcgi_force_ranges on | off;" ], "def": "fastcgi_force_ranges off;", "contexts": [ "http", "server", "location" ], "desc": "Enables byte-range supportfor both cached and uncached responses from the FastCGI serverregardless of the “Accept-Ranges” field in these responses.", "notes": [], "since": "1.7.7", "module": "ngx_http_fastcgi_module" }, { "name": "fastcgi_hide_header", "syntax": [ "fastcgi_hide_header field;" ], "def": null, "contexts": [ "http", "server", "location" ], "desc": "By default,nginx does not pass the header fields “Status” and“X-Accel-...” from the response of a FastCGIserver to a client.The fastcgi_hide_header directive sets additional fieldsthat will not be passed.If, on the contrary, the passing of fields needs to be permitted,the fastcgi_pass_header directive can be used.", "notes": [], "since": null, "module": "ngx_http_fastcgi_module" }, { "name": "fastcgi_ignore_client_abort", "syntax": [ "fastcgi_ignore_client_abort on | off;" ], "def": "fastcgi_ignore_client_abort off;", "contexts": [ "http", "server", "location" ], "desc": "Determines whether the connection with a FastCGI server should beclosed when a client closes the connection without waitingfor a response.", "notes": [], "since": null, "module": "ngx_http_fastcgi_module" }, { "name": "fastcgi_ignore_headers", "syntax": [ "fastcgi_ignore_headers field ...;" ], "def": null, "contexts": [ "http", "server", "location" ], "desc": "Disables processing of certain response header fields from the FastCGI server.The following fields can be ignored: “X-Accel-Redirect”,“X-Accel-Expires”, “X-Accel-Limit-Rate” (1.1.6),“X-Accel-Buffering” (1.1.6),“X-Accel-Charset” (1.1.6), “Expires”,“Cache-Control”, “Set-Cookie” (0.8.44),and “Vary” (1.7.7).", "notes": [], "since": null, "module": "ngx_http_fastcgi_module" }, { "name": "fastcgi_index", "syntax": [ "fastcgi_index name;" ], "def": null, "contexts": [ "http", "server", "location" ], "desc": "Sets a file name that will be appended after a URI that ends witha slash, in the value of the $fastcgi_script_name variable.For example, with these settings", "notes": [], "since": null, "module": "ngx_http_fastcgi_module" }, { "name": "fastcgi_intercept_errors", "syntax": [ "fastcgi_intercept_errors on | off;" ], "def": "fastcgi_intercept_errors off;", "contexts": [ "http", "server", "location" ], "desc": "Determines whether FastCGI server responses with codes greater than or equalto 300 should be passed to a clientor be intercepted and redirected to nginx for processingwith the error_page directive.", "notes": [], "since": null, "module": "ngx_http_fastcgi_module" }, { "name": "fastcgi_keep_conn", "syntax": [ "fastcgi_keep_conn on | off;" ], "def": "fastcgi_keep_conn off;", "contexts": [ "http", "server", "location" ], "desc": "By default, a FastCGI server will close a connection right aftersending the response.However, when this directive is set to the value on,nginx will instruct a FastCGI server to keep connections open.This is necessary, in particular, forkeepaliveconnections to FastCGI servers to function.", "notes": [], "since": "1.1.4", "module": "ngx_http_fastcgi_module" }, { "name": "fastcgi_limit_rate", "syntax": [ "fastcgi_limit_rate rate;" ], "def": "fastcgi_limit_rate 0;", "contexts": [ "http", "server", "location" ], "desc": "Limits the speed of reading the response from the FastCGI server.The rate is specified in bytes per second.The zero value disables rate limiting.The limit is set per a request, and so if nginx simultaneously openstwo connections to the FastCFI server,the overall rate will be twice as much as the specified limit.The limitation works only ifbuffering of responses from the FastCGIserver is enabled.", "notes": [], "since": "1.7.7", "module": "ngx_http_fastcgi_module" }, { "name": "fastcgi_max_temp_file_size", "syntax": [ "fastcgi_max_temp_file_size size;" ], "def": "fastcgi_max_temp_file_size 1024m;", "contexts": [ "http", "server", "location" ], "desc": "When buffering of responses from the FastCGIserver is enabled, and the whole response does not fit into the buffersset by the fastcgi_buffer_size and fastcgi_buffersdirectives, a part of the response can be saved to a temporary file.This directive sets the maximum size of the temporary file.The size of data written to the temporary file at a time is setby the fastcgi_temp_file_write_size directive.", "notes": [ "\nThis restriction does not apply to responses\nthat will be cached\nor stored on disk.\n" ], "since": null, "module": "ngx_http_fastcgi_module" }, { "name": "fastcgi_next_upstream", "syntax": [ "fastcgi_next_upstream \n error |\n timeout |\n invalid_header |\n http_500 |\n http_503 |\n http_403 |\n http_404 |\n http_429 |\n non_idempotent |\n off\n ...;" ], "def": "fastcgi_next_upstream error timeout;", "contexts": [ "http", "server", "location" ], "desc": "Specifies in which cases a request should be passed to the next server:", "notes": [], "since": null, "module": "ngx_http_fastcgi_module" }, { "name": "fastcgi_next_upstream_timeout", "syntax": [ "fastcgi_next_upstream_timeout time;" ], "def": "fastcgi_next_upstream_timeout 0;", "contexts": [ "http", "server", "location" ], "desc": "Limits the time during which a request can be passed to thenext server.The 0 value turns off this limitation.", "notes": [], "since": "1.7.5", "module": "ngx_http_fastcgi_module" }, { "name": "fastcgi_next_upstream_tries", "syntax": [ "fastcgi_next_upstream_tries number;" ], "def": "fastcgi_next_upstream_tries 0;", "contexts": [ "http", "server", "location" ], "desc": "Limits the number of possible tries for passing a request to thenext server.The 0 value turns off this limitation.", "notes": [], "since": "1.7.5", "module": "ngx_http_fastcgi_module" }, { "name": "fastcgi_no_cache", "syntax": [ "fastcgi_no_cache string ...;" ], "def": null, "contexts": [ "http", "server", "location" ], "desc": "Defines conditions under which the response will not be saved to a cache.If at least one value of the string parameters is not empty and is notequal to “0” then the response will not be saved:", "notes": [], "since": null, "module": "ngx_http_fastcgi_module" }, { "name": "fastcgi_param", "syntax": [ "fastcgi_param \n parameter value\n [if_not_empty];" ], "def": null, "contexts": [ "http", "server", "location" ], "desc": "Sets a parameter that should be passed to the FastCGI server.The value can contain text, variables, and their combination.These directives are inherited from the previous level if andonly if there are nofastcgi_paramdirectives defined on the current level.", "notes": [], "since": null, "module": "ngx_http_fastcgi_module" }, { "name": "fastcgi_pass", "syntax": [ "fastcgi_pass address;" ], "def": null, "contexts": [ "location", "ifinlocation" ], "desc": "Sets the address of a FastCGI server.The address can be specified as a domain name or IP address,and a port:", "notes": [], "since": null, "module": "ngx_http_fastcgi_module" }, { "name": "fastcgi_pass_header", "syntax": [ "fastcgi_pass_header field;" ], "def": null, "contexts": [ "http", "server", "location" ], "desc": "Permits passing otherwise disabled headerfields from a FastCGI server to a client.", "notes": [], "since": null, "module": "ngx_http_fastcgi_module" }, { "name": "fastcgi_pass_request_body", "syntax": [ "fastcgi_pass_request_body on | off;" ], "def": "fastcgi_pass_request_body on;", "contexts": [ "http", "server", "location" ], "desc": "Indicates whether the original request body is passedto the FastCGI server.See also the fastcgi_pass_request_headers directive.", "notes": [], "since": null, "module": "ngx_http_fastcgi_module" }, { "name": "fastcgi_pass_request_headers", "syntax": [ "fastcgi_pass_request_headers on | off;" ], "def": "fastcgi_pass_request_headers on;", "contexts": [ "http", "server", "location" ], "desc": "Indicates whether the header fields of the original request are passedto the FastCGI server.See also the fastcgi_pass_request_body directive.", "notes": [], "since": null, "module": "ngx_http_fastcgi_module" }, { "name": "fastcgi_read_timeout", "syntax": [ "fastcgi_read_timeout time;" ], "def": "fastcgi_read_timeout 60s;", "contexts": [ "http", "server", "location" ], "desc": "Defines a timeout for reading a response from the FastCGI server.The timeout is set only between two successive read operations,not for the transmission of the whole response.If the FastCGI server does not transmit anything within this time,the connection is closed.", "notes": [], "since": null, "module": "ngx_http_fastcgi_module" }, { "name": "fastcgi_request_buffering", "syntax": [ "fastcgi_request_buffering on | off;" ], "def": "fastcgi_request_buffering on;", "contexts": [ "http", "server", "location" ], "desc": "Enables or disables buffering of a client request body.", "notes": [], "since": "1.7.11", "module": "ngx_http_fastcgi_module" }, { "name": "fastcgi_send_lowat", "syntax": [ "fastcgi_send_lowat size;" ], "def": "fastcgi_send_lowat 0;", "contexts": [ "http", "server", "location" ], "desc": "If the directive is set to a non-zero value, nginx will try tominimize the numberof send operations on outgoing connections to a FastCGI server by using eitherNOTE_LOWAT flag of thekqueue method,or the SO_SNDLOWAT socket option,with the specified size.", "notes": [], "since": null, "module": "ngx_http_fastcgi_module" }, { "name": "fastcgi_send_timeout", "syntax": [ "fastcgi_send_timeout time;" ], "def": "fastcgi_send_timeout 60s;", "contexts": [ "http", "server", "location" ], "desc": "Sets a timeout for transmitting a request to the FastCGI server.The timeout is set only between two successive write operations,not for the transmission of the whole request.If the FastCGI server does not receive anything within this time,the connection is closed.", "notes": [], "since": null, "module": "ngx_http_fastcgi_module" }, { "name": "fastcgi_split_path_info", "syntax": [ "fastcgi_split_path_info regex;" ], "def": null, "contexts": [ "location" ], "desc": "Defines a regular expression that captures a value for the$fastcgi_path_info variable.The regular expression should have two captures: the first becomesa value of the $fastcgi_script_name variable, the secondbecomes a value of the $fastcgi_path_info variable.For example, with these settings", "notes": [], "since": null, "module": "ngx_http_fastcgi_module" }, { "name": "fastcgi_store", "syntax": [ "fastcgi_store \n on |\n off |\n string;" ], "def": "fastcgi_store off;", "contexts": [ "http", "server", "location" ], "desc": "Enables saving of files to a disk.The on parameter saves files with pathscorresponding to the directivesalias orroot.The off parameter disables saving of files.In addition, the file name can be set explicitly using thestring with variables:", "notes": [], "since": null, "module": "ngx_http_fastcgi_module" }, { "name": "fastcgi_store_access", "syntax": [ "fastcgi_store_access users:permissions ...;" ], "def": "fastcgi_store_access user:rw;", "contexts": [ "http", "server", "location" ], "desc": "Sets access permissions for newly created files and directories, e.g.:", "notes": [], "since": null, "module": "ngx_http_fastcgi_module" }, { "name": "fastcgi_temp_file_write_size", "syntax": [ "fastcgi_temp_file_write_size size;" ], "def": "fastcgi_temp_file_write_size 8k|16k;", "contexts": [ "http", "server", "location" ], "desc": "Limits the size of data written to a temporary fileat a time, when buffering of responses from the FastCGI serverto temporary files is enabled.By default, size is limited by two buffers set by thefastcgi_buffer_size and fastcgi_buffers directives.The maximum size of a temporary file is set by thefastcgi_max_temp_file_size directive.", "notes": [], "since": null, "module": "ngx_http_fastcgi_module" }, { "name": "fastcgi_temp_path", "syntax": [ "fastcgi_temp_path \n path\n [level1\n [level2\n [level3]]];" ], "def": "fastcgi_temp_path fastcgi_temp;", "contexts": [ "http", "server", "location" ], "desc": "Defines a directory for storing temporary fileswith data received from FastCGI servers.Up to three-level subdirectory hierarchy can be used underneath the specifieddirectory.For example, in the following configuration", "notes": [], "since": null, "module": "ngx_http_fastcgi_module" }, { "name": "flv", "syntax": [ "flv;" ], "def": null, "contexts": [ "location" ], "desc": "Turns on module processing in a surrounding location.", "notes": [], "since": null, "module": "ngx_http_flv_module" }, { "name": "geo", "syntax": [ "geo [$address] $variable { ... }" ], "def": null, "contexts": [ "http" ], "desc": "Describes the dependency of values of the specified variableon the client IP address.By default, the address is taken from the $remote_addr variable,but it can also be taken from another variable (0.7.27), for example:", "notes": [ "\nSince variables are evaluated only when used, the mere existence\nof even a large number of declared “geo” variables\ndoes not cause any extra costs for request processing.\n", "\nIPv6 prefixes are supported starting from versions 1.3.10 and 1.2.7.\n" ], "since": null, "module": "ngx_http_geo_module" }, { "name": "geoip_country", "syntax": [ "geoip_country file;" ], "def": null, "contexts": [ "http" ], "desc": "Specifies a database used to determine the countrydepending on the client IP address.The following variables are available when using this database:", "notes": [], "since": null, "module": "ngx_http_geoip_module" }, { "name": "geoip_city", "syntax": [ "geoip_city file;" ], "def": null, "contexts": [ "http" ], "desc": "Specifies a database used to determine the country, region, and citydepending on the client IP address.The following variables are available when using this database:", "notes": [], "since": null, "module": "ngx_http_geoip_module" }, { "name": "geoip_org", "syntax": [ "geoip_org file;" ], "def": null, "contexts": [ "http" ], "desc": "Specifies a database used to determine the organizationdepending on the client IP address.The following variable is available when using this database:", "notes": [], "since": "1.0.3", "module": "ngx_http_geoip_module" }, { "name": "geoip_proxy", "syntax": [ "geoip_proxy address | CIDR;" ], "def": null, "contexts": [ "http" ], "desc": "Defines trusted addresses.When a request comes from a trusted address,an address from the “X-Forwarded-For” requestheader field will be used instead.", "notes": [], "since": "1.3.0", "module": "ngx_http_geoip_module" }, { "name": "geoip_proxy_recursive", "syntax": [ "geoip_proxy_recursive on | off;" ], "def": "geoip_proxy_recursive off;", "contexts": [ "http" ], "desc": "If recursive search is disabled then instead of the original clientaddress that matches one of the trusted addresses, the lastaddress sent in “X-Forwarded-For” will be used.If recursive search is enabled then instead of the original clientaddress that matches one of the trusted addresses, the lastnon-trusted address sent in “X-Forwarded-For” will be used.", "notes": [], "since": "1.3.0", "module": "ngx_http_geoip_module" }, { "name": "grpc_bind", "syntax": [ "grpc_bind \n address\n [transparent ] |\n off;" ], "def": null, "contexts": [ "http", "server", "location" ], "desc": "Makes outgoing connections to a gRPC server originatefrom the specified local IP address with an optional port.Parameter value can contain variables.The special value off cancels the effectof the grpc_bind directiveinherited from the previous configuration level, which allows thesystem to auto-assign the local IP address and port.", "notes": [], "since": null, "module": "ngx_http_grpc_module" }, { "name": "grpc_buffer_size", "syntax": [ "grpc_buffer_size size;" ], "def": "grpc_buffer_size 4k|8k;", "contexts": [ "http", "server", "location" ], "desc": "Sets the size of the buffer used for reading the responsereceived from the gRPC server.The response is passed to the client synchronously, as soon as it is received.", "notes": [], "since": null, "module": "ngx_http_grpc_module" }, { "name": "grpc_connect_timeout", "syntax": [ "grpc_connect_timeout time;" ], "def": "grpc_connect_timeout 60s;", "contexts": [ "http", "server", "location" ], "desc": "Defines a timeout for establishing a connection with a gRPC server.It should be noted that this timeout cannot usually exceed 75 seconds.", "notes": [], "since": null, "module": "ngx_http_grpc_module" }, { "name": "grpc_hide_header", "syntax": [ "grpc_hide_header field;" ], "def": null, "contexts": [ "http", "server", "location" ], "desc": "By default,nginx does not pass the header fields “Date”,“Server”, and“X-Accel-...” from the response of a gRPCserver to a client.The grpc_hide_header directive sets additional fieldsthat will not be passed.If, on the contrary, the passing of fields needs to be permitted,the grpc_pass_header directive can be used.", "notes": [], "since": null, "module": "ngx_http_grpc_module" }, { "name": "grpc_ignore_headers", "syntax": [ "grpc_ignore_headers field ...;" ], "def": null, "contexts": [ "http", "server", "location" ], "desc": "Disables processing of certain response header fields from the gRPC server.The following fields can be ignored: “X-Accel-Redirect”and “X-Accel-Charset”.", "notes": [], "since": null, "module": "ngx_http_grpc_module" }, { "name": "grpc_intercept_errors", "syntax": [ "grpc_intercept_errors on | off;" ], "def": "grpc_intercept_errors off;", "contexts": [ "http", "server", "location" ], "desc": "Determines whether gRPC server responses with codes greater than or equalto 300 should be passed to a clientor be intercepted and redirected to nginx for processingwith the error_page directive.", "notes": [], "since": null, "module": "ngx_http_grpc_module" }, { "name": "grpc_next_upstream", "syntax": [ "grpc_next_upstream \n error |\n timeout |\n invalid_header |\n http_500 |\n http_502 |\n http_503 |\n http_504 |\n http_403 |\n http_404 |\n http_429 |\n non_idempotent |\n off\n ...;" ], "def": "grpc_next_upstream error timeout;", "contexts": [ "http", "server", "location" ], "desc": "Specifies in which cases a request should be passed to the next server:", "notes": [], "since": null, "module": "ngx_http_grpc_module" }, { "name": "grpc_next_upstream_timeout", "syntax": [ "grpc_next_upstream_timeout time;" ], "def": "grpc_next_upstream_timeout 0;", "contexts": [ "http", "server", "location" ], "desc": "Limits the time during which a request can be passed to thenext server.The 0 value turns off this limitation.", "notes": [], "since": null, "module": "ngx_http_grpc_module" }, { "name": "grpc_next_upstream_tries", "syntax": [ "grpc_next_upstream_tries number;" ], "def": "grpc_next_upstream_tries 0;", "contexts": [ "http", "server", "location" ], "desc": "Limits the number of possible tries for passing a request to thenext server.The 0 value turns off this limitation.", "notes": [], "since": null, "module": "ngx_http_grpc_module" }, { "name": "grpc_pass", "syntax": [ "grpc_pass address;" ], "def": null, "contexts": [ "location", "ifinlocation" ], "desc": "Sets the gRPC server address.The address can be specified as a domain name or IP address,and a port:", "notes": [], "since": null, "module": "ngx_http_grpc_module" }, { "name": "grpc_pass_header", "syntax": [ "grpc_pass_header field;" ], "def": null, "contexts": [ "http", "server", "location" ], "desc": "Permits passing otherwise disabled headerfields from a gRPC server to a client.", "notes": [], "since": null, "module": "ngx_http_grpc_module" }, { "name": "grpc_read_timeout", "syntax": [ "grpc_read_timeout time;" ], "def": "grpc_read_timeout 60s;", "contexts": [ "http", "server", "location" ], "desc": "Defines a timeout for reading a response from the gRPC server.The timeout is set only between two successive read operations,not for the transmission of the whole response.If the gRPC server does not transmit anything within this time,the connection is closed.", "notes": [], "since": null, "module": "ngx_http_grpc_module" }, { "name": "grpc_send_timeout", "syntax": [ "grpc_send_timeout time;" ], "def": "grpc_send_timeout 60s;", "contexts": [ "http", "server", "location" ], "desc": "Sets a timeout for transmitting a request to the gRPC server.The timeout is set only between two successive write operations,not for the transmission of the whole request.If the gRPC server does not receive anything within this time,the connection is closed.", "notes": [], "since": null, "module": "ngx_http_grpc_module" }, { "name": "grpc_set_header", "syntax": [ "grpc_set_header field value;" ], "def": "grpc_set_header Content-Length $content_length;", "contexts": [ "http", "server", "location" ], "desc": "Allows redefining or appending fields to the request headerpassed to the gRPC server.The value can contain text, variables, and their combinations.These directives are inherited from the previous level if andonly if there are nogrpc_set_headerdirectives defined on the current level.", "notes": [], "since": null, "module": "ngx_http_grpc_module" }, { "name": "grpc_ssl_certificate", "syntax": [ "grpc_ssl_certificate file;" ], "def": null, "contexts": [ "http", "server", "location" ], "desc": "Specifies a file with the certificate in the PEM formatused for authentication to a gRPC SSL server.", "notes": [], "since": null, "module": "ngx_http_grpc_module" }, { "name": "grpc_ssl_certificate_key", "syntax": [ "grpc_ssl_certificate_key file;" ], "def": null, "contexts": [ "http", "server", "location" ], "desc": "Specifies a file with the secret key in the PEM formatused for authentication to a gRPC SSL server.", "notes": [], "since": null, "module": "ngx_http_grpc_module" }, { "name": "grpc_ssl_ciphers", "syntax": [ "grpc_ssl_ciphers ciphers;" ], "def": "grpc_ssl_ciphers DEFAULT;", "contexts": [ "http", "server", "location" ], "desc": "Specifies the enabled ciphers for requests to a gRPC SSL server.The ciphers are specified in the format understood by the OpenSSL library.", "notes": [], "since": null, "module": "ngx_http_grpc_module" }, { "name": "grpc_ssl_crl", "syntax": [ "grpc_ssl_crl file;" ], "def": null, "contexts": [ "http", "server", "location" ], "desc": "Specifies a file with revoked certificates (CRL)in the PEM format used to verifythe certificate of the gRPC SSL server.", "notes": [], "since": null, "module": "ngx_http_grpc_module" }, { "name": "grpc_ssl_name", "syntax": [ "grpc_ssl_name name;" ], "def": "grpc_ssl_name host from grpc_pass;", "contexts": [ "http", "server", "location" ], "desc": "Allows overriding the server name used toverifythe certificate of the gRPC SSL server and to bepassed through SNIwhen establishing a connection with the gRPC SSL server.", "notes": [], "since": null, "module": "ngx_http_grpc_module" }, { "name": "grpc_ssl_password_file", "syntax": [ "grpc_ssl_password_file file;" ], "def": null, "contexts": [ "http", "server", "location" ], "desc": "Specifies a file with passphrases forsecret keyswhere each passphrase is specified on a separate line.Passphrases are tried in turn when loading the key.", "notes": [], "since": null, "module": "ngx_http_grpc_module" }, { "name": "grpc_ssl_protocols", "syntax": [ "grpc_ssl_protocols \n [SSLv2]\n [SSLv3]\n [TLSv1]\n [TLSv1.1]\n [TLSv1.2]\n [TLSv1.3];" ], "def": "grpc_ssl_protocols TLSv1 TLSv1.1 TLSv1.2;", "contexts": [ "http", "server", "location" ], "desc": "Enables the specified protocols for requests to a gRPC SSL server.", "notes": [], "since": null, "module": "ngx_http_grpc_module" }, { "name": "grpc_ssl_server_name", "syntax": [ "grpc_ssl_server_name on | off;" ], "def": "grpc_ssl_server_name off;", "contexts": [ "http", "server", "location" ], "desc": "Enables or disables passing of the server name throughTLSServer Name Indication extension (SNI, RFC 6066)when establishing a connection with the gRPC SSL server.", "notes": [], "since": null, "module": "ngx_http_grpc_module" }, { "name": "grpc_ssl_session_reuse", "syntax": [ "grpc_ssl_session_reuse on | off;" ], "def": "grpc_ssl_session_reuse on;", "contexts": [ "http", "server", "location" ], "desc": "Determines whether SSL sessions can be reused when working withthe gRPC server.If the errors“SSL3_GET_FINISHED:digest check failed”appear in the logs, try disabling session reuse.", "notes": [], "since": null, "module": "ngx_http_grpc_module" }, { "name": "grpc_ssl_trusted_certificate", "syntax": [ "grpc_ssl_trusted_certificate file;" ], "def": null, "contexts": [ "http", "server", "location" ], "desc": "Specifies a file with trusted CA certificates in the PEM formatused to verifythe certificate of the gRPC SSL server.", "notes": [], "since": null, "module": "ngx_http_grpc_module" }, { "name": "grpc_ssl_verify", "syntax": [ "grpc_ssl_verify on | off;" ], "def": "grpc_ssl_verify off;", "contexts": [ "http", "server", "location" ], "desc": "Enables or disables verification of the gRPC SSL server certificate.", "notes": [], "since": null, "module": "ngx_http_grpc_module" }, { "name": "grpc_ssl_verify_depth", "syntax": [ "grpc_ssl_verify_depth number;" ], "def": "grpc_ssl_verify_depth 1;", "contexts": [ "http", "server", "location" ], "desc": "Sets the verification depth in the gRPC SSL server certificates chain.", "notes": [], "since": null, "module": "ngx_http_grpc_module" }, { "name": "gunzip", "syntax": [ "gunzip on | off;" ], "def": "gunzip off;", "contexts": [ "http", "server", "location" ], "desc": "Enables or disables decompression of gzipped responsesfor clients that lack gzip support.If enabled, the following directives are also taken into accountwhen determining if clients support gzip:gzip_http_version,gzip_proxied, andgzip_disable.See also the gzip_vary directive.", "notes": [], "since": null, "module": "ngx_http_gunzip_module" }, { "name": "gunzip_buffers", "syntax": [ "gunzip_buffers number size;" ], "def": "gunzip_buffers 32 4k|16 8k;", "contexts": [ "http", "server", "location" ], "desc": "Sets the number and size of buffersused to decompress a response.By default, the buffer size is equal to one memory page.This is either 4K or 8K, depending on a platform.", "notes": [], "since": null, "module": "ngx_http_gunzip_module" }, { "name": "gzip", "syntax": [ "gzip on | off;" ], "def": "gzip off;", "contexts": [ "http", "server", "location", "ifinlocation" ], "desc": "Enables or disables gzipping of responses.", "notes": [], "since": null, "module": "ngx_http_gzip_module" }, { "name": "gzip_buffers", "syntax": [ "gzip_buffers number size;" ], "def": "gzip_buffers 32 4k|16 8k;", "contexts": [ "http", "server", "location" ], "desc": "Sets the number and size of buffersused to compress a response.By default, the buffer size is equal to one memory page.This is either 4K or 8K, depending on a platform.", "notes": [ "\nUntil version 0.7.28, four 4K or 8K buffers were used by default.\n" ], "since": null, "module": "ngx_http_gzip_module" }, { "name": "gzip_comp_level", "syntax": [ "gzip_comp_level level;" ], "def": "gzip_comp_level 1;", "contexts": [ "http", "server", "location" ], "desc": "Sets a gzip compression level of a response.Acceptable values are in the range from 1 to 9.", "notes": [], "since": null, "module": "ngx_http_gzip_module" }, { "name": "gzip_disable", "syntax": [ "gzip_disable regex ...;" ], "def": null, "contexts": [ "http", "server", "location" ], "desc": "Disables gzipping of responses for requests with“User-Agent” header fields matchingany of the specified regular expressions.", "notes": [], "since": "0.6.23", "module": "ngx_http_gzip_module" }, { "name": "gzip_http_version", "syntax": [ "gzip_http_version 1.0 | 1.1;" ], "def": "gzip_http_version 1.1;", "contexts": [ "http", "server", "location" ], "desc": "Sets the minimum HTTP version of a request required to compress a response.", "notes": [], "since": null, "module": "ngx_http_gzip_module" }, { "name": "gzip_min_length", "syntax": [ "gzip_min_length length;" ], "def": "gzip_min_length 20;", "contexts": [ "http", "server", "location" ], "desc": "Sets the minimum length of a response that will be gzipped.The length is determined only from the “Content-Length”response header field.", "notes": [], "since": null, "module": "ngx_http_gzip_module" }, { "name": "gzip_proxied", "syntax": [ "gzip_proxied \n off |\n expired |\n no-cache |\n no-store |\n private |\n no_last_modified |\n no_etag |\n auth |\n any\n ...;" ], "def": "gzip_proxied off;", "contexts": [ "http", "server", "location" ], "desc": "Enables or disables gzipping of responses for proxiedrequests depending on the request and response.The fact that the request is proxied is determined bythe presence of the “Via” request header field.The directive accepts multiple parameters:", "notes": [], "since": null, "module": "ngx_http_gzip_module" }, { "name": "gzip_types", "syntax": [ "gzip_types mime-type ...;" ], "def": "gzip_types text/html;", "contexts": [ "http", "server", "location" ], "desc": "Enables gzipping of responses for the specified MIME types in additionto “text/html”.The special value “*” matches any MIME type (0.8.29).Responses with the “text/html” type are always compressed.", "notes": [], "since": null, "module": "ngx_http_gzip_module" }, { "name": "gzip_vary", "syntax": [ "gzip_vary on | off;" ], "def": "gzip_vary off;", "contexts": [ "http", "server", "location" ], "desc": "Enables or disables inserting the “Vary: Accept-Encoding”response header field if the directivesgzip,gzip_static, orgunzipare active.", "notes": [], "since": null, "module": "ngx_http_gzip_module" }, { "name": "gzip_static", "syntax": [ "gzip_static \n on |\n off |\n always;" ], "def": "gzip_static off;", "contexts": [ "http", "server", "location" ], "desc": "Enables (“on”) or disables (“off”)checking the existence of precompressed files.The following directives are also taken into account:gzip_http_version,gzip_proxied,gzip_disable,and gzip_vary.", "notes": [], "since": null, "module": "ngx_http_gzip_static_module" }, { "name": "add_header", "syntax": [ "add_header \nname value\n[always];" ], "def": null, "contexts": [ "http", "server", "location", "ifinlocation" ], "desc": "Adds the specified field to a response header provided thatthe response code equals 200, 201 (1.3.10), 204, 206, 301, 302, 303, 304,307 (1.1.16, 1.0.13), or 308 (1.13.0).The value can contain variables.", "notes": [], "since": null, "module": "ngx_http_headers_module" }, { "name": "add_trailer", "syntax": [ "add_trailer \nname value\n[always];" ], "def": null, "contexts": [ "http", "server", "location", "ifinlocation" ], "desc": "Adds the specified field to the end of a response provided thatthe response code equals 200, 201, 206, 301, 302, 303, 307, or 308.The value can contain variables.", "notes": [], "since": "1.13.2", "module": "ngx_http_headers_module" }, { "name": "expires", "syntax": [ "expires [modified] time;", "expires \n epoch |\n max |\n off;" ], "def": "expires off;", "contexts": [ "http", "server", "location", "ifinlocation" ], "desc": "Enables or disables adding or modifying the “Expires”and “Cache-Control” response header fields provided thatthe response code equals 200, 201 (1.3.10), 204, 206, 301, 302, 303, 304,307 (1.1.16, 1.0.13), or 308 (1.13.0).The parameter can be a positive or negativetime.", "notes": [], "since": null, "module": "ngx_http_headers_module" }, { "name": "hls", "syntax": [ "hls;" ], "def": null, "contexts": [ "location" ], "desc": "Turns on HLS streaming in the surrounding location.", "notes": [], "since": null, "module": "ngx_http_hls_module" }, { "name": "hls_buffers", "syntax": [ "hls_buffers number size;" ], "def": "hls_buffers 8 2m;", "contexts": [ "http", "server", "location" ], "desc": "Sets the maximum number and size of buffersthat are used for reading and writing data frames.", "notes": [], "since": null, "module": "ngx_http_hls_module" }, { "name": "hls_forward_args", "syntax": [ "hls_forward_args on | off;" ], "def": "hls_forward_args off;", "contexts": [ "http", "server", "location" ], "desc": "Adds arguments from a playlist request to URIs of fragments.This may be useful for performing client authorization at the moment ofrequesting a fragment, or when protecting an HLS stream with thengx_http_secure_link_modulemodule.", "notes": [], "since": "1.5.12", "module": "ngx_http_hls_module" }, { "name": "hls_fragment", "syntax": [ "hls_fragment time;" ], "def": "hls_fragment 5s;", "contexts": [ "http", "server", "location" ], "desc": "Defines the default fragment length for playlist URIs requested without the“len” argument.", "notes": [], "since": null, "module": "ngx_http_hls_module" }, { "name": "hls_mp4_buffer_size", "syntax": [ "hls_mp4_buffer_size size;" ], "def": "hls_mp4_buffer_size 512k;", "contexts": [ "http", "server", "location" ], "desc": "Sets the initial size of the buffer used forprocessing MP4 and MOV files.", "notes": [], "since": null, "module": "ngx_http_hls_module" }, { "name": "hls_mp4_max_buffer_size", "syntax": [ "hls_mp4_max_buffer_size size;" ], "def": "hls_mp4_max_buffer_size 10m;", "contexts": [ "http", "server", "location" ], "desc": "During metadata processing, a larger buffer may become necessary.Its size cannot exceed the specified size,or else nginx will return the server error500 (Internal Server Error),and log the following message:", "notes": [], "since": null, "module": "ngx_http_hls_module" }, { "name": "image_filter", "syntax": [ "image_filter off;", "image_filter test;", "image_filter size;", "image_filter \n rotate\n 90 | 180 |\n 270;", "image_filter \n resize\n width\n height;", "image_filter \n crop\n width\n height;" ], "def": "image_filter off;", "contexts": [ "location" ], "desc": "Sets the type of transformation to perform on images:", "notes": [], "since": null, "module": "ngx_http_image_filter_module" }, { "name": "image_filter_buffer", "syntax": [ "image_filter_buffer size;" ], "def": "image_filter_buffer 1M;", "contexts": [ "http", "server", "location" ], "desc": "Sets the maximum size of the buffer used for reading images.When the size is exceeded the server returns error415 (Unsupported Media Type).", "notes": [], "since": null, "module": "ngx_http_image_filter_module" }, { "name": "image_filter_interlace", "syntax": [ "image_filter_interlace on | off;" ], "def": "image_filter_interlace off;", "contexts": [ "http", "server", "location" ], "desc": "If enabled, final images will be interlaced.For JPEG, final images will be in “progressive JPEG” format.", "notes": [], "since": "1.3.15", "module": "ngx_http_image_filter_module" }, { "name": "image_filter_jpeg_quality", "syntax": [ "image_filter_jpeg_quality quality;" ], "def": "image_filter_jpeg_quality 75;", "contexts": [ "http", "server", "location" ], "desc": "Sets the desired quality of the transformed JPEG images.Acceptable values are in the range from 1 to 100.Lesser values usually imply both lower image quality and less data to transfer.The maximum recommended value is 95.Parameter value can contain variables.", "notes": [], "since": null, "module": "ngx_http_image_filter_module" }, { "name": "image_filter_sharpen", "syntax": [ "image_filter_sharpen percent;" ], "def": "image_filter_sharpen 0;", "contexts": [ "http", "server", "location" ], "desc": "Increases sharpness of the final image.The sharpness percentage can exceed 100.The zero value disables sharpening.Parameter value can contain variables.", "notes": [], "since": null, "module": "ngx_http_image_filter_module" }, { "name": "image_filter_transparency", "syntax": [ "image_filter_transparency on|off;" ], "def": "image_filter_transparency on;", "contexts": [ "http", "server", "location" ], "desc": "Defines whether transparency should be preserved when transformingGIF images or PNG images with colors specified by a palette.The loss of transparency results in images of a better quality.The alpha channel transparency in PNG is always preserved.", "notes": [], "since": null, "module": "ngx_http_image_filter_module" }, { "name": "image_filter_webp_quality", "syntax": [ "image_filter_webp_quality quality;" ], "def": "image_filter_webp_quality 80;", "contexts": [ "http", "server", "location" ], "desc": "Sets the desired quality of the transformed WebP images.Acceptable values are in the range from 1 to 100.Lesser values usually imply both lower image quality and less data to transfer.Parameter value can contain variables.", "notes": [], "since": "1.11.6", "module": "ngx_http_image_filter_module" }, { "name": "index", "syntax": [ "index file ...;" ], "def": "index index.html;", "contexts": [ "http", "server", "location" ], "desc": "Defines files that will be used as an index.The file name can contain variables.Files are checked in the specified order.The last element of the list can be a file with an absolute path.Example:", "notes": [], "since": null, "module": "ngx_http_index_module" }, { "name": "js_content", "syntax": [ "js_content function;" ], "def": null, "contexts": [ "location", "limit_except" ], "desc": "Sets an njs function as a location content handler.", "notes": [], "since": null, "module": "ngx_http_js_module" }, { "name": "js_include", "syntax": [ "js_include file;" ], "def": null, "contexts": [ "http" ], "desc": "Specifies a file that implements location and variable handlers in njs.", "notes": [], "since": null, "module": "ngx_http_js_module" }, { "name": "js_set", "syntax": [ "js_set \n$variable function;" ], "def": null, "contexts": [ "http" ], "desc": "Sets an njs function for the specified variable.", "notes": [], "since": null, "module": "ngx_http_js_module" }, { "name": "keyval", "syntax": [ "keyval \n key\n $variable\n zone=name;" ], "def": null, "contexts": [ "http" ], "desc": "Creates a new $variable whose valueis looked up by the key in the key-value database.Strings are matched ignoring the case.The database is stored in a shared memory zonespecified by the zone parameter.", "notes": [], "since": null, "module": "ngx_http_keyval_module" }, { "name": "keyval_zone", "syntax": [ "keyval_zone \n zone=name:size\n [state=file];" ], "def": null, "contexts": [ "http" ], "desc": "Sets the name and size of the shared memory zonethat keeps the key-value database.Key-value pairs are managed by theAPI.", "notes": [], "since": null, "module": "ngx_http_keyval_module" }, { "name": "limit_conn", "syntax": [ "limit_conn zone number;" ], "def": null, "contexts": [ "http", "server", "location" ], "desc": "Sets the shared memory zoneand the maximum allowed number of connections for a given key value.When this limit is exceeded, the server will return theerrorin reply to a request.For example, the directives", "notes": [ "\nIn HTTP/2 and SPDY, each concurrent request is considered a separate connection.\n" ], "since": null, "module": "ngx_http_limit_conn_module" }, { "name": "limit_conn_log_level", "syntax": [ "limit_conn_log_level \ninfo |\nnotice |\nwarn |\nerror;" ], "def": "limit_conn_log_level error;", "contexts": [ "http", "server", "location" ], "desc": "Sets the desired logging level for cases when the serverlimits the number of connections.", "notes": [], "since": "0.8.18", "module": "ngx_http_limit_conn_module" }, { "name": "limit_conn_status", "syntax": [ "limit_conn_status code;" ], "def": "limit_conn_status 503;", "contexts": [ "http", "server", "location" ], "desc": "Sets the status code to return in response to rejected requests.", "notes": [], "since": "1.3.15", "module": "ngx_http_limit_conn_module" }, { "name": "limit_conn_zone", "syntax": [ "limit_conn_zone \n key\n zone=name:size;" ], "def": null, "contexts": [ "http" ], "desc": "Sets parameters for a shared memory zonethat will keep states for various keys.In particular, the state includes the current number of connections.The key can contain text, variables, and their combination.Requests with an empty key value are not accounted.", "notes": [ "\nPrior to version 1.7.6, a key could contain exactly one variable.\n" ], "since": null, "module": "ngx_http_limit_conn_module" }, { "name": "limit_zone", "syntax": [ "limit_zone \n name\n $variable\n size;" ], "def": null, "contexts": [ "http" ], "desc": "This directive was made obsolete in version 1.1.8and was removed in version 1.7.6.An equivalent limit_conn_zone directivewith a changed syntax should be used instead:", "notes": [ "\nlimit_conn_zone\n$variable\nzone=name:size;\n" ], "since": null, "module": "ngx_http_limit_conn_module" }, { "name": "limit_req", "syntax": [ "limit_req \n zone=name\n [burst=number]\n [nodelay];" ], "def": null, "contexts": [ "http", "server", "location" ], "desc": "Sets the shared memory zoneand the maximum burst size of requests.If the requests rate exceeds the rate configured for a zone,their processing is delayed such that requests are processedat a defined rate.Excessive requests are delayed until their number exceeds themaximum burst sizein which case the request is terminated with anerror.By default, the maximum burst size is equal to zero.For example, the directives", "notes": [], "since": null, "module": "ngx_http_limit_req_module" }, { "name": "limit_req_log_level", "syntax": [ "limit_req_log_level \ninfo |\nnotice |\nwarn |\nerror;" ], "def": "limit_req_log_level error;", "contexts": [ "http", "server", "location" ], "desc": "Sets the desired logging levelfor cases when the server refuses to process requestsdue to rate exceeding,or delays request processing.Logging level for delays is one point less than for refusals; for example,if “limit_req_log_level notice” is specified,delays are logged with the info level.", "notes": [], "since": "0.8.18", "module": "ngx_http_limit_req_module" }, { "name": "limit_req_status", "syntax": [ "limit_req_status code;" ], "def": "limit_req_status 503;", "contexts": [ "http", "server", "location" ], "desc": "Sets the status code to return in response to rejected requests.", "notes": [], "since": "1.3.15", "module": "ngx_http_limit_req_module" }, { "name": "limit_req_zone", "syntax": [ "limit_req_zone \n key\n zone=name:size\n rate=rate;" ], "def": null, "contexts": [ "http" ], "desc": "Sets parameters for a shared memory zonethat will keep states for various keys.In particular, the state stores the current number of excessive requests.The key can contain text, variables, and their combination.Requests with an empty key value are not accounted.", "notes": [ "\nPrior to version 1.7.6, a key could contain exactly one variable.\n" ], "since": null, "module": "ngx_http_limit_req_module" }, { "name": "access_log", "syntax": [ "access_log \n path\n [format\n [buffer=size]\n [gzip[=level]]\n [flush=time]\n [if=condition]];", "access_log off;" ], "def": "access_log logs/access.log combined;", "contexts": [ "http", "server", "location", "ifinlocation", "limit_except" ], "desc": "Sets the path, format, and configuration for a buffered log write.Several logs can be specified on the same level.Logging to syslogcan be configured by specifyingthe “syslog:” prefix in the first parameter.The special value off cancels allaccess_log directives on the current level.If the format is not specified then the predefined“combined” format is used.", "notes": [ "\nThe buffer size must not exceed the size of an atomic write to a disk file.\nFor FreeBSD this size is unlimited.\n" ], "since": null, "module": "ngx_http_log_module" }, { "name": "log_format", "syntax": [ "log_format \n name\n [escape=default|json|none]\n string ...;" ], "def": "log_format combined \"...\";", "contexts": [ "http" ], "desc": "Specifies log format.", "notes": [], "since": null, "module": "ngx_http_log_module" }, { "name": "open_log_file_cache", "syntax": [ "open_log_file_cache \nmax=N\n[inactive=time]\n[min_uses=N]\n[valid=time];", "open_log_file_cache off;" ], "def": "open_log_file_cache off;", "contexts": [ "http", "server", "location" ], "desc": "Defines a cache that stores the file descriptors of frequently used logswhose names contain variables.The directive has the following parameters:", "notes": [], "since": null, "module": "ngx_http_log_module" }, { "name": "map", "syntax": [ "map \n string\n $variable { ... }" ], "def": null, "contexts": [ "http" ], "desc": "Creates a new variable whose valuedepends on values of one or more of the source variablesspecified in the first parameter.", "notes": [ "\nBefore version 0.9.0 only a single variable could be\nspecified in the first parameter.\n", "\nSince variables are evaluated only when they are used, the mere declaration\neven of a large number of “map” variables\ndoes not add any extra costs to request processing.\n" ], "since": null, "module": "ngx_http_map_module" }, { "name": "map_hash_bucket_size", "syntax": [ "map_hash_bucket_size size;" ], "def": "map_hash_bucket_size 32|64|128;", "contexts": [ "http" ], "desc": "Sets the bucket size for the map variables hash tables.Default value depends on the processor’s cache line size.The details of setting up hash tables are provided in a separatedocument.", "notes": [], "since": null, "module": "ngx_http_map_module" }, { "name": "map_hash_max_size", "syntax": [ "map_hash_max_size size;" ], "def": "map_hash_max_size 2048;", "contexts": [ "http" ], "desc": "Sets the maximum size of the map variableshash tables.The details of setting up hash tables are provided in a separatedocument.", "notes": [], "since": null, "module": "ngx_http_map_module" }, { "name": "memcached_bind", "syntax": [ "memcached_bind \n address\n [transparent ] |\n off;" ], "def": null, "contexts": [ "http", "server", "location" ], "desc": "Makes outgoing connections to a memcached server originatefrom the specified local IP address with an optional port (1.11.2).Parameter value can contain variables (1.3.12).The special value off (1.3.12) cancels the effectof the memcached_bind directiveinherited from the previous configuration level, which allows thesystem to auto-assign the local IP address and port.", "notes": [], "since": "0.8.22", "module": "ngx_http_memcached_module" }, { "name": "memcached_buffer_size", "syntax": [ "memcached_buffer_size size;" ], "def": "memcached_buffer_size 4k|8k;", "contexts": [ "http", "server", "location" ], "desc": "Sets the size of the buffer used for reading the responsereceived from the memcached server.The response is passed to the client synchronously, as soon as it is received.", "notes": [], "since": null, "module": "ngx_http_memcached_module" }, { "name": "memcached_connect_timeout", "syntax": [ "memcached_connect_timeout time;" ], "def": "memcached_connect_timeout 60s;", "contexts": [ "http", "server", "location" ], "desc": "Defines a timeout for establishing a connection with a memcached server.It should be noted that this timeout cannot usually exceed 75 seconds.", "notes": [], "since": null, "module": "ngx_http_memcached_module" }, { "name": "memcached_force_ranges", "syntax": [ "memcached_force_ranges on | off;" ], "def": "memcached_force_ranges off;", "contexts": [ "http", "server", "location" ], "desc": "Enables byte-range supportfor both cached and uncached responses from the memcached serverregardless of the “Accept-Ranges” field in these responses.", "notes": [], "since": "1.7.7", "module": "ngx_http_memcached_module" }, { "name": "memcached_gzip_flag", "syntax": [ "memcached_gzip_flag flag;" ], "def": null, "contexts": [ "http", "server", "location" ], "desc": "Enables the test for the flag presence in the memcachedserver response and sets the “Content-Encoding”response header field to “gzip”if the flag is set.", "notes": [], "since": "1.3.6", "module": "ngx_http_memcached_module" }, { "name": "memcached_next_upstream", "syntax": [ "memcached_next_upstream \n error |\n timeout |\n invalid_response |\n not_found |\n off\n ...;" ], "def": "memcached_next_upstream error timeout;", "contexts": [ "http", "server", "location" ], "desc": "Specifies in which cases a request should be passed to the next server:", "notes": [], "since": null, "module": "ngx_http_memcached_module" }, { "name": "memcached_next_upstream_timeout", "syntax": [ "memcached_next_upstream_timeout time;" ], "def": "memcached_next_upstream_timeout 0;", "contexts": [ "http", "server", "location" ], "desc": "Limits the time during which a request can be passed to thenext server.The 0 value turns off this limitation.", "notes": [], "since": "1.7.5", "module": "ngx_http_memcached_module" }, { "name": "memcached_next_upstream_tries", "syntax": [ "memcached_next_upstream_tries number;" ], "def": "memcached_next_upstream_tries 0;", "contexts": [ "http", "server", "location" ], "desc": "Limits the number of possible tries for passing a request to thenext server.The 0 value turns off this limitation.", "notes": [], "since": "1.7.5", "module": "ngx_http_memcached_module" }, { "name": "memcached_pass", "syntax": [ "memcached_pass address;" ], "def": null, "contexts": [ "location", "ifinlocation" ], "desc": "Sets the memcached server address.The address can be specified as a domain name or IP address,and a port:", "notes": [], "since": null, "module": "ngx_http_memcached_module" }, { "name": "memcached_read_timeout", "syntax": [ "memcached_read_timeout time;" ], "def": "memcached_read_timeout 60s;", "contexts": [ "http", "server", "location" ], "desc": "Defines a timeout for reading a response from the memcached server.The timeout is set only between two successive read operations,not for the transmission of the whole response.If the memcached server does not transmit anything within this time,the connection is closed.", "notes": [], "since": null, "module": "ngx_http_memcached_module" }, { "name": "memcached_send_timeout", "syntax": [ "memcached_send_timeout time;" ], "def": "memcached_send_timeout 60s;", "contexts": [ "http", "server", "location" ], "desc": "Sets a timeout for transmitting a request to the memcached server.The timeout is set only between two successive write operations,not for the transmission of the whole request.If the memcached server does not receive anything within this time,the connection is closed.", "notes": [], "since": null, "module": "ngx_http_memcached_module" }, { "name": "mirror", "syntax": [ "mirror uri | off;" ], "def": "mirror off;", "contexts": [ "http", "server", "location" ], "desc": "Sets the URI to which an original request will be mirrored.Several mirrors can be specified on the same level.", "notes": [], "since": null, "module": "ngx_http_mirror_module" }, { "name": "mirror_request_body", "syntax": [ "mirror_request_body on | off;" ], "def": "mirror_request_body on;", "contexts": [ "http", "server", "location" ], "desc": "Indicates whether the client request body is mirrored.When enabled, the client request body will be readprior to creating mirror subrequests.In this case, unbuffered client request body proxyingset by theproxy_request_buffering,fastcgi_request_buffering,scgi_request_buffering,anduwsgi_request_bufferingdirectives will be disabled.", "notes": [], "since": null, "module": "ngx_http_mirror_module" }, { "name": "mp4", "syntax": [ "mp4;" ], "def": null, "contexts": [ "location" ], "desc": "Turns on module processing in a surrounding location.", "notes": [], "since": null, "module": "ngx_http_mp4_module" }, { "name": "mp4_buffer_size", "syntax": [ "mp4_buffer_size size;" ], "def": "mp4_buffer_size 512K;", "contexts": [ "http", "server", "location" ], "desc": "Sets the initial size of the buffer used forprocessing MP4 files.", "notes": [], "since": null, "module": "ngx_http_mp4_module" }, { "name": "mp4_max_buffer_size", "syntax": [ "mp4_max_buffer_size size;" ], "def": "mp4_max_buffer_size 10M;", "contexts": [ "http", "server", "location" ], "desc": "During metadata processing, a larger buffer may become necessary.Its size cannot exceed the specified size,or else nginx will return the500 (Internal Server Error) server error,and log the following message:", "notes": [], "since": null, "module": "ngx_http_mp4_module" }, { "name": "mp4_limit_rate", "syntax": [ "mp4_limit_rate \n on |\n off |\n factor;" ], "def": "mp4_limit_rate off;", "contexts": [ "http", "server", "location" ], "desc": "Limits the rate of response transmission to a client.The rate is limited based on the average bitrate of theMP4 file served.To calculate the rate, the bitrate is multiplied by the specifiedfactor.The special value “on” corresponds to the factor of 1.1.The special value “off” disables rate limiting.The limit is set per a request, and so if a client simultaneously openstwo connections, the overall rate will be twice as muchas the specified limit.", "notes": [ "\nThis directive is available as part of our\ncommercial subscription.\n" ], "since": null, "module": "ngx_http_mp4_module" }, { "name": "mp4_limit_rate_after", "syntax": [ "mp4_limit_rate_after time;" ], "def": "mp4_limit_rate_after 60s;", "contexts": [ "http", "server", "location" ], "desc": "Sets the initial amount of media data (measured in playback time)after which the further transmission of the response to a clientwill be rate limited.", "notes": [ "\nThis directive is available as part of our\ncommercial subscription.\n" ], "since": null, "module": "ngx_http_mp4_module" }, { "name": "perl", "syntax": [ "perl module::function|'sub { ... }';" ], "def": null, "contexts": [ "location", "limit_except" ], "desc": "Sets a Perl handler for the given location.", "notes": [], "since": null, "module": "ngx_http_perl_module" }, { "name": "perl_modules", "syntax": [ "perl_modules path;" ], "def": null, "contexts": [ "http" ], "desc": "Sets an additional path for Perl modules.", "notes": [], "since": null, "module": "ngx_http_perl_module" }, { "name": "perl_require", "syntax": [ "perl_require module;" ], "def": null, "contexts": [ "http" ], "desc": "Defines the name of a module that will be loaded during eachreconfiguration.Several perl_require directives can be present.", "notes": [], "since": null, "module": "ngx_http_perl_module" }, { "name": "perl_set", "syntax": [ "perl_set \n $variable\n module::function|'sub { ... }';" ], "def": null, "contexts": [ "http" ], "desc": "Installs a Perl handler for the specified variable.", "notes": [], "since": null, "module": "ngx_http_perl_module" }, { "name": "proxy_bind", "syntax": [ "proxy_bind \n address\n [transparent] |\n off;" ], "def": null, "contexts": [ "http", "server", "location" ], "desc": "Makes outgoing connections to a proxied server originatefrom the specified local IP address with an optional port (1.11.2).Parameter value can contain variables (1.3.12).The special value off (1.3.12) cancels the effectof the proxy_bind directiveinherited from the previous configuration level, which allows thesystem to auto-assign the local IP address and port.", "notes": [], "since": "0.8.22", "module": "ngx_http_proxy_module" }, { "name": "proxy_buffer_size", "syntax": [ "proxy_buffer_size size;" ], "def": "proxy_buffer_size 4k|8k;", "contexts": [ "http", "server", "location" ], "desc": "Sets the size of the buffer used for reading the first partof the response received from the proxied server.This part usually contains a small response header.By default, the buffer size is equal to one memory page.This is either 4K or 8K, depending on a platform.It can be made smaller, however.", "notes": [], "since": null, "module": "ngx_http_proxy_module" }, { "name": "proxy_buffering", "syntax": [ "proxy_buffering on | off;" ], "def": "proxy_buffering on;", "contexts": [ "http", "server", "location" ], "desc": "Enables or disables buffering of responses from the proxied server.", "notes": [], "since": null, "module": "ngx_http_proxy_module" }, { "name": "proxy_buffers", "syntax": [ "proxy_buffers number size;" ], "def": "proxy_buffers 8 4k|8k;", "contexts": [ "http", "server", "location" ], "desc": "Sets the number and size of thebuffers used for reading a response from the proxied server,for a single connection.By default, the buffer size is equal to one memory page.This is either 4K or 8K, depending on a platform.", "notes": [], "since": null, "module": "ngx_http_proxy_module" }, { "name": "proxy_busy_buffers_size", "syntax": [ "proxy_busy_buffers_size size;" ], "def": "proxy_busy_buffers_size 8k|16k;", "contexts": [ "http", "server", "location" ], "desc": "When buffering of responses from the proxiedserver is enabled, limits the total size of buffers thatcan be busy sending a response to the client while the response is notyet fully read.In the meantime, the rest of the buffers can be used for reading the responseand, if needed, buffering part of the response to a temporary file.By default, size is limited by the size of two buffers set by theproxy_buffer_size and proxy_buffers directives.", "notes": [], "since": null, "module": "ngx_http_proxy_module" }, { "name": "proxy_cache", "syntax": [ "proxy_cache zone | off;" ], "def": "proxy_cache off;", "contexts": [ "http", "server", "location" ], "desc": "Defines a shared memory zone used for caching.The same zone can be used in several places.Parameter value can contain variables (1.7.9).The off parameter disables caching inheritedfrom the previous configuration level.", "notes": [], "since": null, "module": "ngx_http_proxy_module" }, { "name": "proxy_cache_background_update", "syntax": [ "proxy_cache_background_update on | off;" ], "def": "proxy_cache_background_update off;", "contexts": [ "http", "server", "location" ], "desc": "Allows starting a background subrequestto update an expired cache item,while a stale cached response is returned to the client.Note that it is necessary toallowthe usage of a stale cached response when it is being updated.", "notes": [], "since": "1.11.10", "module": "ngx_http_proxy_module" }, { "name": "proxy_cache_bypass", "syntax": [ "proxy_cache_bypass string ...;" ], "def": null, "contexts": [ "http", "server", "location" ], "desc": "Defines conditions under which the response will not be taken from a cache.If at least one value of the string parameters is not empty and is notequal to “0” then the response will not be taken from the cache:", "notes": [], "since": null, "module": "ngx_http_proxy_module" }, { "name": "proxy_cache_convert_head", "syntax": [ "proxy_cache_convert_head on | off;" ], "def": "proxy_cache_convert_head on;", "contexts": [ "http", "server", "location" ], "desc": "Enables or disables the conversion of the “HEAD” methodto “GET” for caching.When the conversion is disabled, thecache key should be configuredto include the $request_method.", "notes": [], "since": "1.9.7", "module": "ngx_http_proxy_module" }, { "name": "proxy_cache_key", "syntax": [ "proxy_cache_key string;" ], "def": "proxy_cache_key $scheme$proxy_host$request_uri;", "contexts": [ "http", "server", "location" ], "desc": "Defines a key for caching, for example", "notes": [], "since": null, "module": "ngx_http_proxy_module" }, { "name": "proxy_cache_lock", "syntax": [ "proxy_cache_lock on | off;" ], "def": "proxy_cache_lock off;", "contexts": [ "http", "server", "location" ], "desc": "When enabled, only one request at a time will be allowed to populatea new cache element identified according to the proxy_cache_keydirective by passing a request to a proxied server.Other requests of the same cache element will either waitfor a response to appear in the cache or the cache lock forthis element to be released, up to the time set by theproxy_cache_lock_timeout directive.", "notes": [], "since": "1.1.12", "module": "ngx_http_proxy_module" }, { "name": "proxy_cache_lock_age", "syntax": [ "proxy_cache_lock_age time;" ], "def": "proxy_cache_lock_age 5s;", "contexts": [ "http", "server", "location" ], "desc": "If the last request passed to the proxied serverfor populating a new cache elementhas not completed for the specified time,one more request may be passed to the proxied server.", "notes": [], "since": "1.7.8", "module": "ngx_http_proxy_module" }, { "name": "proxy_cache_lock_timeout", "syntax": [ "proxy_cache_lock_timeout time;" ], "def": "proxy_cache_lock_timeout 5s;", "contexts": [ "http", "server", "location" ], "desc": "Sets a timeout for proxy_cache_lock.When the time expires,the request will be passed to the proxied server,however, the response will not be cached.", "notes": [ "\nBefore 1.7.8, the response could be cached.\n" ], "since": "1.1.12", "module": "ngx_http_proxy_module" }, { "name": "proxy_cache_max_range_offset", "syntax": [ "proxy_cache_max_range_offset number;" ], "def": null, "contexts": [ "http", "server", "location" ], "desc": "Sets an offset in bytes for byte-range requests.If the range is beyond the offset,the range request will be passed to the proxied serverand the response will not be cached.", "notes": [], "since": "1.11.6", "module": "ngx_http_proxy_module" }, { "name": "proxy_cache_methods", "syntax": [ "proxy_cache_methods \n GET |\n HEAD |\n POST\n ...;" ], "def": "proxy_cache_methods GET HEAD;", "contexts": [ "http", "server", "location" ], "desc": "If the client request method is listed in this directive thenthe response will be cached.“GET” and “HEAD” methods are alwaysadded to the list, though it is recommended to specify them explicitly.See also the proxy_no_cache directive.", "notes": [], "since": "0.7.59", "module": "ngx_http_proxy_module" }, { "name": "proxy_cache_min_uses", "syntax": [ "proxy_cache_min_uses number;" ], "def": "proxy_cache_min_uses 1;", "contexts": [ "http", "server", "location" ], "desc": "Sets the number of requests after which the responsewill be cached.", "notes": [], "since": null, "module": "ngx_http_proxy_module" }, { "name": "proxy_cache_path", "syntax": [ "proxy_cache_path \n path\n [levels=levels]\n [use_temp_path=on|off]\n keys_zone=name:size\n [inactive=time]\n [max_size=size]\n [manager_files=number]\n [manager_sleep=time]\n [manager_threshold=time]\n [loader_files=number]\n [loader_sleep=time]\n [loader_threshold=time]\n [purger=on|off]\n [purger_files=number]\n [purger_sleep=time]\n [purger_threshold=time];" ], "def": null, "contexts": [ "http" ], "desc": "Sets the path and other parameters of a cache.Cache data are stored in files.The file name in a cache is a result ofapplying the MD5 function to thecache key.The levels parameter defines hierarchy levels of a cache:from 1 to 3, each level accepts values 1 or 2.For example, in the following configuration", "notes": [ "\nAs part of\ncommercial subscription,\nthe shared memory zone also stores extended\ncache information,\nthus, it is required to specify a larger zone size for the same number of keys.\nFor example,\none megabyte zone can store about 4 thousand keys.\n", "\nIn versions 1.7.3, 1.7.7, and 1.11.10 cache header format has been changed.\nPreviously cached responses will be considered invalid\nafter upgrading to a newer nginx version.\n" ], "since": null, "module": "ngx_http_proxy_module" }, { "name": "proxy_cache_purge", "syntax": [ "proxy_cache_purge string ...;" ], "def": null, "contexts": [ "http", "server", "location" ], "desc": "Defines conditions under which the request will be considered a cachepurge request.If at least one value of the string parameters is not empty and is not equalto “0” then the cache entry with a correspondingcache key is removed.The result of successful operation is indicated by returningthe 204 (No Content) response.", "notes": [ "\nThis functionality is available as part of our\ncommercial subscription.\n" ], "since": "1.5.7", "module": "ngx_http_proxy_module" }, { "name": "proxy_cache_revalidate", "syntax": [ "proxy_cache_revalidate on | off;" ], "def": "proxy_cache_revalidate off;", "contexts": [ "http", "server", "location" ], "desc": "Enables revalidation of expired cache items using conditional requests withthe “If-Modified-Since” and “If-None-Match”header fields.", "notes": [], "since": "1.5.7", "module": "ngx_http_proxy_module" }, { "name": "proxy_cache_use_stale", "syntax": [ "proxy_cache_use_stale \n error |\n timeout |\n invalid_header |\n updating |\n http_500 |\n http_502 |\n http_503 |\n http_504 |\n http_403 |\n http_404 |\n http_429 |\n off\n ...;" ], "def": "proxy_cache_use_stale off;", "contexts": [ "http", "server", "location" ], "desc": "Determines in which cases a stale cached response can be usedduring communication with the proxied server.The directive’s parameters match the parameters of theproxy_next_upstream directive.", "notes": [], "since": null, "module": "ngx_http_proxy_module" }, { "name": "proxy_cache_valid", "syntax": [ "proxy_cache_valid [code ...] time;" ], "def": null, "contexts": [ "http", "server", "location" ], "desc": "Sets caching time for different response codes.For example, the following directives", "notes": [], "since": null, "module": "ngx_http_proxy_module" }, { "name": "proxy_connect_timeout", "syntax": [ "proxy_connect_timeout time;" ], "def": "proxy_connect_timeout 60s;", "contexts": [ "http", "server", "location" ], "desc": "Defines a timeout for establishing a connection with a proxied server.It should be noted that this timeout cannot usually exceed 75 seconds.", "notes": [], "since": null, "module": "ngx_http_proxy_module" }, { "name": "proxy_cookie_domain", "syntax": [ "proxy_cookie_domain off;", "proxy_cookie_domain domain replacement;" ], "def": "proxy_cookie_domain off;", "contexts": [ "http", "server", "location" ], "desc": "Sets a text that should be changed in the domainattribute of the “Set-Cookie” header fields of aproxied server response.Suppose a proxied server returned the “Set-Cookie”header field with the attribute“domain=localhost”.The directive", "notes": [], "since": "1.1.15", "module": "ngx_http_proxy_module" }, { "name": "proxy_cookie_path", "syntax": [ "proxy_cookie_path off;", "proxy_cookie_path path replacement;" ], "def": "proxy_cookie_path off;", "contexts": [ "http", "server", "location" ], "desc": "Sets a text that should be changed in the pathattribute of the “Set-Cookie” header fields of aproxied server response.Suppose a proxied server returned the “Set-Cookie”header field with the attribute“path=/two/some/uri/”.The directive", "notes": [], "since": "1.1.15", "module": "ngx_http_proxy_module" }, { "name": "proxy_force_ranges", "syntax": [ "proxy_force_ranges on | off;" ], "def": "proxy_force_ranges off;", "contexts": [ "http", "server", "location" ], "desc": "Enables byte-range supportfor both cached and uncached responses from the proxied serverregardless of the “Accept-Ranges” field in these responses.", "notes": [], "since": "1.7.7", "module": "ngx_http_proxy_module" }, { "name": "proxy_headers_hash_bucket_size", "syntax": [ "proxy_headers_hash_bucket_size size;" ], "def": "proxy_headers_hash_bucket_size 64;", "contexts": [ "http", "server", "location" ], "desc": "Sets the bucket size for hash tablesused by the proxy_hide_header and proxy_set_headerdirectives.The details of setting up hash tables are provided in a separatedocument.", "notes": [], "since": null, "module": "ngx_http_proxy_module" }, { "name": "proxy_headers_hash_max_size", "syntax": [ "proxy_headers_hash_max_size size;" ], "def": "proxy_headers_hash_max_size 512;", "contexts": [ "http", "server", "location" ], "desc": "Sets the maximum size of hash tablesused by the proxy_hide_header and proxy_set_headerdirectives.The details of setting up hash tables are provided in a separatedocument.", "notes": [], "since": null, "module": "ngx_http_proxy_module" }, { "name": "proxy_hide_header", "syntax": [ "proxy_hide_header field;" ], "def": null, "contexts": [ "http", "server", "location" ], "desc": "By default,nginx does not pass the header fields “Date”,“Server”, “X-Pad”, and“X-Accel-...” from the response of a proxiedserver to a client.The proxy_hide_header directive sets additional fieldsthat will not be passed.If, on the contrary, the passing of fields needs to be permitted,the proxy_pass_header directive can be used.", "notes": [], "since": null, "module": "ngx_http_proxy_module" }, { "name": "proxy_http_version", "syntax": [ "proxy_http_version 1.0 | 1.1;" ], "def": "proxy_http_version 1.0;", "contexts": [ "http", "server", "location" ], "desc": "Sets the HTTP protocol version for proxying.By default, version 1.0 is used.Version 1.1 is recommended for use withkeepaliveconnections andNTLM authentication.", "notes": [], "since": "1.1.4", "module": "ngx_http_proxy_module" }, { "name": "proxy_ignore_client_abort", "syntax": [ "proxy_ignore_client_abort on | off;" ], "def": "proxy_ignore_client_abort off;", "contexts": [ "http", "server", "location" ], "desc": "Determines whether the connection with a proxied server should beclosed when a client closes the connection without waitingfor a response.", "notes": [], "since": null, "module": "ngx_http_proxy_module" }, { "name": "proxy_ignore_headers", "syntax": [ "proxy_ignore_headers field ...;" ], "def": null, "contexts": [ "http", "server", "location" ], "desc": "Disables processing of certain response header fields from the proxied server.The following fields can be ignored: “X-Accel-Redirect”,“X-Accel-Expires”, “X-Accel-Limit-Rate” (1.1.6),“X-Accel-Buffering” (1.1.6),“X-Accel-Charset” (1.1.6), “Expires”,“Cache-Control”, “Set-Cookie” (0.8.44),and “Vary” (1.7.7).", "notes": [], "since": null, "module": "ngx_http_proxy_module" }, { "name": "proxy_intercept_errors", "syntax": [ "proxy_intercept_errors on | off;" ], "def": "proxy_intercept_errors off;", "contexts": [ "http", "server", "location" ], "desc": "Determines whether proxied responses with codes greater than or equalto 300 should be passed to a clientor be intercepted and redirected to nginx for processingwith the error_page directive.", "notes": [], "since": null, "module": "ngx_http_proxy_module" }, { "name": "proxy_limit_rate", "syntax": [ "proxy_limit_rate rate;" ], "def": "proxy_limit_rate 0;", "contexts": [ "http", "server", "location" ], "desc": "Limits the speed of reading the response from the proxied server.The rate is specified in bytes per second.The zero value disables rate limiting.The limit is set per a request, and so if nginx simultaneously openstwo connections to the proxied server,the overall rate will be twice as much as the specified limit.The limitation works only ifbuffering of responses from the proxiedserver is enabled.", "notes": [], "since": "1.7.7", "module": "ngx_http_proxy_module" }, { "name": "proxy_max_temp_file_size", "syntax": [ "proxy_max_temp_file_size size;" ], "def": "proxy_max_temp_file_size 1024m;", "contexts": [ "http", "server", "location" ], "desc": "When buffering of responses from the proxiedserver is enabled, and the whole response does not fit into the buffersset by the proxy_buffer_size and proxy_buffersdirectives, a part of the response can be saved to a temporary file.This directive sets the maximum size of the temporary file.The size of data written to the temporary file at a time is setby the proxy_temp_file_write_size directive.", "notes": [ "\nThis restriction does not apply to responses\nthat will be cached\nor stored on disk.\n" ], "since": null, "module": "ngx_http_proxy_module" }, { "name": "proxy_method", "syntax": [ "proxy_method method;" ], "def": null, "contexts": [ "http", "server", "location" ], "desc": "Specifies the HTTP method to use in requests forwardedto the proxied server instead of the method from the client request.Parameter value can contain variables (1.11.6).", "notes": [], "since": null, "module": "ngx_http_proxy_module" }, { "name": "proxy_next_upstream", "syntax": [ "proxy_next_upstream \n error |\n timeout |\n invalid_header |\n http_500 |\n http_502 |\n http_503 |\n http_504 |\n http_403 |\n http_404 |\n http_429 |\n non_idempotent |\n off\n ...;" ], "def": "proxy_next_upstream error timeout;", "contexts": [ "http", "server", "location" ], "desc": "Specifies in which cases a request should be passed to the next server:", "notes": [], "since": null, "module": "ngx_http_proxy_module" }, { "name": "proxy_next_upstream_timeout", "syntax": [ "proxy_next_upstream_timeout time;" ], "def": "proxy_next_upstream_timeout 0;", "contexts": [ "http", "server", "location" ], "desc": "Limits the time during which a request can be passed to thenext server.The 0 value turns off this limitation.", "notes": [], "since": "1.7.5", "module": "ngx_http_proxy_module" }, { "name": "proxy_next_upstream_tries", "syntax": [ "proxy_next_upstream_tries number;" ], "def": "proxy_next_upstream_tries 0;", "contexts": [ "http", "server", "location" ], "desc": "Limits the number of possible tries for passing a request to thenext server.The 0 value turns off this limitation.", "notes": [], "since": "1.7.5", "module": "ngx_http_proxy_module" }, { "name": "proxy_no_cache", "syntax": [ "proxy_no_cache string ...;" ], "def": null, "contexts": [ "http", "server", "location" ], "desc": "Defines conditions under which the response will not be saved to a cache.If at least one value of the string parameters is not empty and is notequal to “0” then the response will not be saved:", "notes": [], "since": null, "module": "ngx_http_proxy_module" }, { "name": "proxy_pass", "syntax": [ "proxy_pass URL;" ], "def": null, "contexts": [ "location", "ifinlocation", "limit_except" ], "desc": "Sets the protocol and address of a proxied server and an optional URIto which a location should be mapped.As a protocol, “http” or “https”can be specified.The address can be specified as a domain name or IP address,and an optional port:", "notes": [], "since": null, "module": "ngx_http_proxy_module" }, { "name": "proxy_pass_header", "syntax": [ "proxy_pass_header field;" ], "def": null, "contexts": [ "http", "server", "location" ], "desc": "Permits passing otherwise disabled headerfields from a proxied server to a client.", "notes": [], "since": null, "module": "ngx_http_proxy_module" }, { "name": "proxy_pass_request_body", "syntax": [ "proxy_pass_request_body on | off;" ], "def": "proxy_pass_request_body on;", "contexts": [ "http", "server", "location" ], "desc": "Indicates whether the original request body is passedto the proxied server.", "notes": [], "since": null, "module": "ngx_http_proxy_module" }, { "name": "proxy_pass_request_headers", "syntax": [ "proxy_pass_request_headers on | off;" ], "def": "proxy_pass_request_headers on;", "contexts": [ "http", "server", "location" ], "desc": "Indicates whether the header fields of the original request are passedto the proxied server.", "notes": [], "since": null, "module": "ngx_http_proxy_module" }, { "name": "proxy_read_timeout", "syntax": [ "proxy_read_timeout time;" ], "def": "proxy_read_timeout 60s;", "contexts": [ "http", "server", "location" ], "desc": "Defines a timeout for reading a response from the proxied server.The timeout is set only between two successive read operations,not for the transmission of the whole response.If the proxied server does not transmit anything within this time,the connection is closed.", "notes": [], "since": null, "module": "ngx_http_proxy_module" }, { "name": "proxy_redirect", "syntax": [ "proxy_redirect default;", "proxy_redirect off;", "proxy_redirect redirect replacement;" ], "def": "proxy_redirect default;", "contexts": [ "http", "server", "location" ], "desc": "Sets the text that should be changed in the “Location”and “Refresh” header fields of a proxied server response.Suppose a proxied server returned the header field“Location: http://localhost:8000/two/some/uri/”.The directive", "notes": [], "since": null, "module": "ngx_http_proxy_module" }, { "name": "proxy_request_buffering", "syntax": [ "proxy_request_buffering on | off;" ], "def": "proxy_request_buffering on;", "contexts": [ "http", "server", "location" ], "desc": "Enables or disables buffering of a client request body.", "notes": [], "since": "1.7.11", "module": "ngx_http_proxy_module" }, { "name": "proxy_send_lowat", "syntax": [ "proxy_send_lowat size;" ], "def": "proxy_send_lowat 0;", "contexts": [ "http", "server", "location" ], "desc": "If the directive is set to a non-zero value, nginx will try tominimize the numberof send operations on outgoing connections to a proxied server by using eitherNOTE_LOWAT flag of thekqueue method,or the SO_SNDLOWAT socket option,with the specified size.", "notes": [], "since": null, "module": "ngx_http_proxy_module" }, { "name": "proxy_send_timeout", "syntax": [ "proxy_send_timeout time;" ], "def": "proxy_send_timeout 60s;", "contexts": [ "http", "server", "location" ], "desc": "Sets a timeout for transmitting a request to the proxied server.The timeout is set only between two successive write operations,not for the transmission of the whole request.If the proxied server does not receive anything within this time,the connection is closed.", "notes": [], "since": null, "module": "ngx_http_proxy_module" }, { "name": "proxy_set_body", "syntax": [ "proxy_set_body value;" ], "def": null, "contexts": [ "http", "server", "location" ], "desc": "Allows redefining the request body passed to the proxied server.The value can contain text, variables, and their combination.", "notes": [], "since": null, "module": "ngx_http_proxy_module" }, { "name": "proxy_set_header", "syntax": [ "proxy_set_header field value;" ], "def": "proxy_set_header Host $proxy_host;proxy_set_header Connection close;", "contexts": [ "http", "server", "location" ], "desc": "Allows redefining or appending fields to the request headerpassed to the proxied server.The value can contain text, variables, and their combinations.These directives are inherited from the previous level if andonly if there are noproxy_set_headerdirectives defined on the current level.By default, only two fields are redefined:", "notes": [], "since": null, "module": "ngx_http_proxy_module" }, { "name": "proxy_ssl_certificate", "syntax": [ "proxy_ssl_certificate file;" ], "def": null, "contexts": [ "http", "server", "location" ], "desc": "Specifies a file with the certificate in the PEM formatused for authentication to a proxied HTTPS server.", "notes": [], "since": "1.7.8", "module": "ngx_http_proxy_module" }, { "name": "proxy_ssl_certificate_key", "syntax": [ "proxy_ssl_certificate_key file;" ], "def": null, "contexts": [ "http", "server", "location" ], "desc": "Specifies a file with the secret key in the PEM formatused for authentication to a proxied HTTPS server.", "notes": [], "since": "1.7.8", "module": "ngx_http_proxy_module" }, { "name": "proxy_ssl_ciphers", "syntax": [ "proxy_ssl_ciphers ciphers;" ], "def": "proxy_ssl_ciphers DEFAULT;", "contexts": [ "http", "server", "location" ], "desc": "Specifies the enabled ciphers for requests to a proxied HTTPS server.The ciphers are specified in the format understood by the OpenSSL library.", "notes": [], "since": "1.5.6", "module": "ngx_http_proxy_module" }, { "name": "proxy_ssl_crl", "syntax": [ "proxy_ssl_crl file;" ], "def": null, "contexts": [ "http", "server", "location" ], "desc": "Specifies a file with revoked certificates (CRL)in the PEM format used to verifythe certificate of the proxied HTTPS server.", "notes": [], "since": "1.7.0", "module": "ngx_http_proxy_module" }, { "name": "proxy_ssl_name", "syntax": [ "proxy_ssl_name name;" ], "def": "proxy_ssl_name $proxy_host;", "contexts": [ "http", "server", "location" ], "desc": "Allows overriding the server name used toverifythe certificate of the proxied HTTPS server and to bepassed through SNIwhen establishing a connection with the proxied HTTPS server.", "notes": [], "since": "1.7.0", "module": "ngx_http_proxy_module" }, { "name": "proxy_ssl_password_file", "syntax": [ "proxy_ssl_password_file file;" ], "def": null, "contexts": [ "http", "server", "location" ], "desc": "Specifies a file with passphrases forsecret keyswhere each passphrase is specified on a separate line.Passphrases are tried in turn when loading the key.", "notes": [], "since": "1.7.8", "module": "ngx_http_proxy_module" }, { "name": "proxy_ssl_protocols", "syntax": [ "proxy_ssl_protocols \n [SSLv2]\n [SSLv3]\n [TLSv1]\n [TLSv1.1]\n [TLSv1.2]\n [TLSv1.3];" ], "def": "proxy_ssl_protocols TLSv1 TLSv1.1 TLSv1.2;", "contexts": [ "http", "server", "location" ], "desc": "Enables the specified protocols for requests to a proxied HTTPS server.", "notes": [], "since": "1.5.6", "module": "ngx_http_proxy_module" }, { "name": "proxy_ssl_server_name", "syntax": [ "proxy_ssl_server_name on | off;" ], "def": "proxy_ssl_server_name off;", "contexts": [ "http", "server", "location" ], "desc": "Enables or disables passing of the server name throughTLSServer Name Indication extension (SNI, RFC 6066)when establishing a connection with the proxied HTTPS server.", "notes": [], "since": "1.7.0", "module": "ngx_http_proxy_module" }, { "name": "proxy_ssl_session_reuse", "syntax": [ "proxy_ssl_session_reuse on | off;" ], "def": "proxy_ssl_session_reuse on;", "contexts": [ "http", "server", "location" ], "desc": "Determines whether SSL sessions can be reused when working withthe proxied server.If the errors“SSL3_GET_FINISHED:digest check failed”appear in the logs, try disabling session reuse.", "notes": [], "since": null, "module": "ngx_http_proxy_module" }, { "name": "proxy_ssl_trusted_certificate", "syntax": [ "proxy_ssl_trusted_certificate file;" ], "def": null, "contexts": [ "http", "server", "location" ], "desc": "Specifies a file with trusted CA certificates in the PEM formatused to verifythe certificate of the proxied HTTPS server.", "notes": [], "since": "1.7.0", "module": "ngx_http_proxy_module" }, { "name": "proxy_ssl_verify", "syntax": [ "proxy_ssl_verify on | off;" ], "def": "proxy_ssl_verify off;", "contexts": [ "http", "server", "location" ], "desc": "Enables or disables verification of the proxied HTTPS server certificate.", "notes": [], "since": "1.7.0", "module": "ngx_http_proxy_module" }, { "name": "proxy_ssl_verify_depth", "syntax": [ "proxy_ssl_verify_depth number;" ], "def": "proxy_ssl_verify_depth 1;", "contexts": [ "http", "server", "location" ], "desc": "Sets the verification depth in the proxied HTTPS server certificates chain.", "notes": [], "since": "1.7.0", "module": "ngx_http_proxy_module" }, { "name": "proxy_store", "syntax": [ "proxy_store \n on |\n off |\n string;" ], "def": "proxy_store off;", "contexts": [ "http", "server", "location" ], "desc": "Enables saving of files to a disk.The on parameter saves files with pathscorresponding to the directivesalias orroot.The off parameter disables saving of files.In addition, the file name can be set explicitly using thestring with variables:", "notes": [], "since": null, "module": "ngx_http_proxy_module" }, { "name": "proxy_store_access", "syntax": [ "proxy_store_access users:permissions ...;" ], "def": "proxy_store_access user:rw;", "contexts": [ "http", "server", "location" ], "desc": "Sets access permissions for newly created files and directories, e.g.:", "notes": [], "since": null, "module": "ngx_http_proxy_module" }, { "name": "proxy_temp_file_write_size", "syntax": [ "proxy_temp_file_write_size size;" ], "def": "proxy_temp_file_write_size 8k|16k;", "contexts": [ "http", "server", "location" ], "desc": "Limits the size of data written to a temporary fileat a time, when buffering of responses from the proxied serverto temporary files is enabled.By default, size is limited by two buffers set by theproxy_buffer_size and proxy_buffers directives.The maximum size of a temporary file is set by theproxy_max_temp_file_size directive.", "notes": [], "since": null, "module": "ngx_http_proxy_module" }, { "name": "proxy_temp_path", "syntax": [ "proxy_temp_path \n path\n [level1\n [level2\n [level3]]];" ], "def": "proxy_temp_path proxy_temp;", "contexts": [ "http", "server", "location" ], "desc": "Defines a directory for storing temporary fileswith data received from proxied servers.Up to three-level subdirectory hierarchy can be used underneath the specifieddirectory.For example, in the following configuration", "notes": [], "since": null, "module": "ngx_http_proxy_module" }, { "name": "random_index", "syntax": [ "random_index on | off;" ], "def": "random_index off;", "contexts": [ "location" ], "desc": "Enables or disables module processing in a surrounding location.", "notes": [], "since": null, "module": "ngx_http_random_index_module" }, { "name": "set_real_ip_from", "syntax": [ "set_real_ip_from \n address |\n CIDR |\n unix:;" ], "def": null, "contexts": [ "http", "server", "location" ], "desc": "Defines trusted addresses that are known to send correctreplacement addresses.If the special value unix: is specified,all UNIX-domain sockets will be trusted.Trusted addresses may also be specified using a hostname (1.13.1).", "notes": [ "\nIPv6 addresses are supported starting from versions 1.3.0 and 1.2.1.\n" ], "since": null, "module": "ngx_http_realip_module" }, { "name": "real_ip_header", "syntax": [ "real_ip_header \n field |\n X-Real-IP |\n X-Forwarded-For |\n proxy_protocol;" ], "def": "real_ip_header X-Real-IP;", "contexts": [ "http", "server", "location" ], "desc": "Defines the request header fieldwhose value will be used to replace the client address.", "notes": [], "since": null, "module": "ngx_http_realip_module" }, { "name": "real_ip_recursive", "syntax": [ "real_ip_recursive on | off;" ], "def": "real_ip_recursive off;", "contexts": [ "http", "server", "location" ], "desc": "If recursive search is disabled, the original client address thatmatches one of the trusted addresses is replaced by the lastaddress sent in the request header field defined by thereal_ip_header directive.If recursive search is enabled, the original client address thatmatches one of the trusted addresses is replaced by the lastnon-trusted address sent in the request header field.", "notes": [], "since": "1.3.0", "module": "ngx_http_realip_module" }, { "name": "referer_hash_bucket_size", "syntax": [ "referer_hash_bucket_size size;" ], "def": "referer_hash_bucket_size 64;", "contexts": [ "server", "location" ], "desc": "Sets the bucket size for the valid referers hash tables.The details of setting up hash tables are provided in a separatedocument.", "notes": [], "since": "1.0.5", "module": "ngx_http_referer_module" }, { "name": "referer_hash_max_size", "syntax": [ "referer_hash_max_size size;" ], "def": "referer_hash_max_size 2048;", "contexts": [ "server", "location" ], "desc": "Sets the maximum size of the valid referers hash tables.The details of setting up hash tables are provided in a separatedocument.", "notes": [], "since": "1.0.5", "module": "ngx_http_referer_module" }, { "name": "valid_referers", "syntax": [ "valid_referers \n none |\n blocked |\n server_names |\n string\n ...;" ], "def": null, "contexts": [ "server", "location" ], "desc": "Specifies the “Referer” request header field valuesthat will cause the embedded $invalid_referer variable tobe set to an empty string.Otherwise, the variable will be set to “1”.Search for a match is case-insensitive.", "notes": [], "since": null, "module": "ngx_http_referer_module" }, { "name": "break", "syntax": [ "break;" ], "def": null, "contexts": [ "server", "location", "if" ], "desc": "Stops processing the current set ofngx_http_rewrite_module directives.", "notes": [], "since": null, "module": "ngx_http_rewrite_module" }, { "name": "if", "syntax": [ "if (condition) { ... }" ], "def": null, "contexts": [ "server", "location" ], "desc": "The specified condition is evaluated.If true, this module directives specified inside the braces areexecuted, and the request is assigned the configuration inside theif directive.Configurations inside the if directives areinherited from the previous configuration level.", "notes": [], "since": null, "module": "ngx_http_rewrite_module" }, { "name": "return", "syntax": [ "return code [text];", "return code URL;", "return URL;" ], "def": null, "contexts": [ "server", "location", "if" ], "desc": "Stops processing and returns the specified code to a client.The non-standard code 444 closes a connection without sendinga response header.", "notes": [ "\nOnly the following codes could be returned before version 0.7.51:\n204, 400, 402 — 406, 408, 410, 411, 413, 416, and 500 — 504.\n", "\nThe code 307 was not treated as a redirect until versions 1.1.16 and 1.0.13.\n", "\nThe code 308 was not treated as a redirect until version 1.13.0.\n" ], "since": null, "module": "ngx_http_rewrite_module" }, { "name": "rewrite", "syntax": [ "rewrite \n regex\n replacement\n [flag];" ], "def": null, "contexts": [ "server", "location", "if" ], "desc": "If the specified regular expression matches a request URI, URI is changedas specified in the replacement string.The rewrite directives are executed sequentiallyin order of their appearance in the configuration file.It is possible to terminate further processing of the directives using flags.If a replacement string starts with “http://”,“https://”, or “$scheme”,the processing stops and the redirect is returned to a client.", "notes": [], "since": null, "module": "ngx_http_rewrite_module" }, { "name": "rewrite_log", "syntax": [ "rewrite_log on | off;" ], "def": "rewrite_log off;", "contexts": [ "http", "server", "location", "if" ], "desc": "Enables or disables logging of ngx_http_rewrite_modulemodule directives processing resultsinto the error_log atthe notice level.", "notes": [], "since": null, "module": "ngx_http_rewrite_module" }, { "name": "set", "syntax": [ "set $variable value;" ], "def": null, "contexts": [ "server", "location", "if" ], "desc": "Sets a value for the specified variable.The value can contain text, variables, and their combination.", "notes": [], "since": null, "module": "ngx_http_rewrite_module" }, { "name": "uninitialized_variable_warn", "syntax": [ "uninitialized_variable_warn on | off;" ], "def": "uninitialized_variable_warn on;", "contexts": [ "http", "server", "location", "if" ], "desc": "Controls whether warnings about uninitialized variables are logged.", "notes": [], "since": null, "module": "ngx_http_rewrite_module" }, { "name": "scgi_bind", "syntax": [ "scgi_bind \n address\n [transparent] |\n off;" ], "def": null, "contexts": [ "http", "server", "location" ], "desc": "Makes outgoing connections to an SCGI server originatefrom the specified local IP address with an optional port (1.11.2).Parameter value can contain variables (1.3.12).The special value off (1.3.12) cancels the effectof the scgi_bind directiveinherited from the previous configuration level, which allows thesystem to auto-assign the local IP address and port.", "notes": [], "since": null, "module": "ngx_http_scgi_module" }, { "name": "scgi_buffer_size", "syntax": [ "scgi_buffer_size size;" ], "def": "scgi_buffer_size 4k|8k;", "contexts": [ "http", "server", "location" ], "desc": "Sets the size of the buffer used for reading the first partof the response received from the SCGI server.This part usually contains a small response header.By default, the buffer size is equal to one memory page.This is either 4K or 8K, depending on a platform.It can be made smaller, however.", "notes": [], "since": null, "module": "ngx_http_scgi_module" }, { "name": "scgi_buffering", "syntax": [ "scgi_buffering on | off;" ], "def": "scgi_buffering on;", "contexts": [ "http", "server", "location" ], "desc": "Enables or disables buffering of responses from the SCGI server.", "notes": [], "since": null, "module": "ngx_http_scgi_module" }, { "name": "scgi_buffers", "syntax": [ "scgi_buffers number size;" ], "def": "scgi_buffers 8 4k|8k;", "contexts": [ "http", "server", "location" ], "desc": "Sets the number and size of thebuffers used for reading a response from the SCGI server,for a single connection.By default, the buffer size is equal to one memory page.This is either 4K or 8K, depending on a platform.", "notes": [], "since": null, "module": "ngx_http_scgi_module" }, { "name": "scgi_busy_buffers_size", "syntax": [ "scgi_busy_buffers_size size;" ], "def": "scgi_busy_buffers_size 8k|16k;", "contexts": [ "http", "server", "location" ], "desc": "When buffering of responses from the SCGIserver is enabled, limits the total size of buffers thatcan be busy sending a response to the client while the response is notyet fully read.In the meantime, the rest of the buffers can be used for reading the responseand, if needed, buffering part of the response to a temporary file.By default, size is limited by the size of two buffers set by thescgi_buffer_size and scgi_buffers directives.", "notes": [], "since": null, "module": "ngx_http_scgi_module" }, { "name": "scgi_cache", "syntax": [ "scgi_cache zone | off;" ], "def": "scgi_cache off;", "contexts": [ "http", "server", "location" ], "desc": "Defines a shared memory zone used for caching.The same zone can be used in several places.Parameter value can contain variables (1.7.9).The off parameter disables caching inheritedfrom the previous configuration level.", "notes": [], "since": null, "module": "ngx_http_scgi_module" }, { "name": "scgi_cache_background_update", "syntax": [ "scgi_cache_background_update on | off;" ], "def": "scgi_cache_background_update off;", "contexts": [ "http", "server", "location" ], "desc": "Allows starting a background subrequestto update an expired cache item,while a stale cached response is returned to the client.Note that it is necessary toallowthe usage of a stale cached response when it is being updated.", "notes": [], "since": "1.11.10", "module": "ngx_http_scgi_module" }, { "name": "scgi_cache_bypass", "syntax": [ "scgi_cache_bypass string ...;" ], "def": null, "contexts": [ "http", "server", "location" ], "desc": "Defines conditions under which the response will not be taken from a cache.If at least one value of the string parameters is not empty and is notequal to “0” then the response will not be taken from the cache:", "notes": [], "since": null, "module": "ngx_http_scgi_module" }, { "name": "scgi_cache_key", "syntax": [ "scgi_cache_key string;" ], "def": null, "contexts": [ "http", "server", "location" ], "desc": "Defines a key for caching, for example", "notes": [], "since": null, "module": "ngx_http_scgi_module" }, { "name": "scgi_cache_lock", "syntax": [ "scgi_cache_lock on | off;" ], "def": "scgi_cache_lock off;", "contexts": [ "http", "server", "location" ], "desc": "When enabled, only one request at a time will be allowed to populatea new cache element identified according to the scgi_cache_keydirective by passing a request to an SCGI server.Other requests of the same cache element will either waitfor a response to appear in the cache or the cache lock forthis element to be released, up to the time set by thescgi_cache_lock_timeout directive.", "notes": [], "since": "1.1.12", "module": "ngx_http_scgi_module" }, { "name": "scgi_cache_lock_age", "syntax": [ "scgi_cache_lock_age time;" ], "def": "scgi_cache_lock_age 5s;", "contexts": [ "http", "server", "location" ], "desc": "If the last request passed to the SCGI serverfor populating a new cache elementhas not completed for the specified time,one more request may be passed to the SCGI server.", "notes": [], "since": "1.7.8", "module": "ngx_http_scgi_module" }, { "name": "scgi_cache_lock_timeout", "syntax": [ "scgi_cache_lock_timeout time;" ], "def": "scgi_cache_lock_timeout 5s;", "contexts": [ "http", "server", "location" ], "desc": "Sets a timeout for scgi_cache_lock.When the time expires,the request will be passed to the SCGI server,however, the response will not be cached.", "notes": [ "\nBefore 1.7.8, the response could be cached.\n" ], "since": "1.1.12", "module": "ngx_http_scgi_module" }, { "name": "scgi_cache_max_range_offset", "syntax": [ "scgi_cache_max_range_offset number;" ], "def": null, "contexts": [ "http", "server", "location" ], "desc": "Sets an offset in bytes for byte-range requests.If the range is beyond the offset,the range request will be passed to the SCGI serverand the response will not be cached.", "notes": [], "since": "1.11.6", "module": "ngx_http_scgi_module" }, { "name": "scgi_cache_methods", "syntax": [ "scgi_cache_methods \n GET |\n HEAD |\n POST\n ...;" ], "def": "scgi_cache_methods GET HEAD;", "contexts": [ "http", "server", "location" ], "desc": "If the client request method is listed in this directive thenthe response will be cached.“GET” and “HEAD” methods are alwaysadded to the list, though it is recommended to specify them explicitly.See also the scgi_no_cache directive.", "notes": [], "since": null, "module": "ngx_http_scgi_module" }, { "name": "scgi_cache_min_uses", "syntax": [ "scgi_cache_min_uses number;" ], "def": "scgi_cache_min_uses 1;", "contexts": [ "http", "server", "location" ], "desc": "Sets the number of requests after which the responsewill be cached.", "notes": [], "since": null, "module": "ngx_http_scgi_module" }, { "name": "scgi_cache_path", "syntax": [ "scgi_cache_path \n path\n [levels=levels]\n [use_temp_path=on|off]\n keys_zone=name:size\n [inactive=time]\n [max_size=size]\n [manager_files=number]\n [manager_sleep=time]\n [manager_threshold=time]\n [loader_files=number]\n [loader_sleep=time]\n [loader_threshold=time]\n [purger=on|off]\n [purger_files=number]\n [purger_sleep=time]\n [purger_threshold=time];" ], "def": null, "contexts": [ "http" ], "desc": "Sets the path and other parameters of a cache.Cache data are stored in files.The file name in a cache is a result ofapplying the MD5 function to thecache key.The levels parameter defines hierarchy levels of a cache:from 1 to 3, each level accepts values 1 or 2.For example, in the following configuration", "notes": [ "\nAs part of\ncommercial subscription,\nthe shared memory zone also stores extended\ncache information,\nthus, it is required to specify a larger zone size for the same number of keys.\nFor example,\none megabyte zone can store about 4 thousand keys.\n", "\nIn versions 1.7.3, 1.7.7, and 1.11.10 cache header format has been changed.\nPreviously cached responses will be considered invalid\nafter upgrading to a newer nginx version.\n" ], "since": null, "module": "ngx_http_scgi_module" }, { "name": "scgi_cache_purge", "syntax": [ "scgi_cache_purge string ...;" ], "def": null, "contexts": [ "http", "server", "location" ], "desc": "Defines conditions under which the request will be considered a cachepurge request.If at least one value of the string parameters is not empty and is not equalto “0” then the cache entry with a correspondingcache key is removed.The result of successful operation is indicated by returningthe 204 (No Content) response.", "notes": [ "\nThis functionality is available as part of our\ncommercial subscription.\n" ], "since": "1.5.7", "module": "ngx_http_scgi_module" }, { "name": "scgi_cache_revalidate", "syntax": [ "scgi_cache_revalidate on | off;" ], "def": "scgi_cache_revalidate off;", "contexts": [ "http", "server", "location" ], "desc": "Enables revalidation of expired cache items using conditional requests withthe “If-Modified-Since” and “If-None-Match”header fields.", "notes": [], "since": "1.5.7", "module": "ngx_http_scgi_module" }, { "name": "scgi_cache_use_stale", "syntax": [ "scgi_cache_use_stale \n error |\n timeout |\n invalid_header |\n updating |\n http_500 |\n http_503 |\n http_403 |\n http_404 |\n http_429 |\n off\n ...;" ], "def": "scgi_cache_use_stale off;", "contexts": [ "http", "server", "location" ], "desc": "Determines in which cases a stale cached response can be usedwhen an error occurs during communication with the SCGI server.The directive’s parameters match the parameters of thescgi_next_upstream directive.", "notes": [], "since": null, "module": "ngx_http_scgi_module" }, { "name": "scgi_cache_valid", "syntax": [ "scgi_cache_valid [code ...] time;" ], "def": null, "contexts": [ "http", "server", "location" ], "desc": "Sets caching time for different response codes.For example, the following directives", "notes": [], "since": null, "module": "ngx_http_scgi_module" }, { "name": "scgi_connect_timeout", "syntax": [ "scgi_connect_timeout time;" ], "def": "scgi_connect_timeout 60s;", "contexts": [ "http", "server", "location" ], "desc": "Defines a timeout for establishing a connection with an SCGI server.It should be noted that this timeout cannot usually exceed 75 seconds.", "notes": [], "since": null, "module": "ngx_http_scgi_module" }, { "name": "scgi_force_ranges", "syntax": [ "scgi_force_ranges on | off;" ], "def": "scgi_force_ranges off;", "contexts": [ "http", "server", "location" ], "desc": "Enables byte-range supportfor both cached and uncached responses from the SCGI serverregardless of the “Accept-Ranges” field in these responses.", "notes": [], "since": "1.7.7", "module": "ngx_http_scgi_module" }, { "name": "scgi_hide_header", "syntax": [ "scgi_hide_header field;" ], "def": null, "contexts": [ "http", "server", "location" ], "desc": "By default,nginx does not pass the header fields “Status” and“X-Accel-...” from the response of an SCGIserver to a client.The scgi_hide_header directive sets additional fieldsthat will not be passed.If, on the contrary, the passing of fields needs to be permitted,the scgi_pass_header directive can be used.", "notes": [], "since": null, "module": "ngx_http_scgi_module" }, { "name": "scgi_ignore_client_abort", "syntax": [ "scgi_ignore_client_abort on | off;" ], "def": "scgi_ignore_client_abort off;", "contexts": [ "http", "server", "location" ], "desc": "Determines whether the connection with an SCGI server should beclosed when a client closes the connection without waitingfor a response.", "notes": [], "since": null, "module": "ngx_http_scgi_module" }, { "name": "scgi_ignore_headers", "syntax": [ "scgi_ignore_headers field ...;" ], "def": null, "contexts": [ "http", "server", "location" ], "desc": "Disables processing of certain response header fields from the SCGI server.The following fields can be ignored: “X-Accel-Redirect”,“X-Accel-Expires”, “X-Accel-Limit-Rate” (1.1.6),“X-Accel-Buffering” (1.1.6),“X-Accel-Charset” (1.1.6), “Expires”,“Cache-Control”, “Set-Cookie” (0.8.44),and “Vary” (1.7.7).", "notes": [], "since": null, "module": "ngx_http_scgi_module" }, { "name": "scgi_intercept_errors", "syntax": [ "scgi_intercept_errors on | off;" ], "def": "scgi_intercept_errors off;", "contexts": [ "http", "server", "location" ], "desc": "Determines whether an SCGI server responses with codes greater than or equalto 300 should be passed to a clientor be intercepted and redirected to nginx for processingwith the error_page directive.", "notes": [], "since": null, "module": "ngx_http_scgi_module" }, { "name": "scgi_limit_rate", "syntax": [ "scgi_limit_rate rate;" ], "def": "scgi_limit_rate 0;", "contexts": [ "http", "server", "location" ], "desc": "Limits the speed of reading the response from the SCGI server.The rate is specified in bytes per second.The zero value disables rate limiting.The limit is set per a request, and so if nginx simultaneously openstwo connections to the SCGI server,the overall rate will be twice as much as the specified limit.The limitation works only ifbuffering of responses from the SCGIserver is enabled.", "notes": [], "since": "1.7.7", "module": "ngx_http_scgi_module" }, { "name": "scgi_max_temp_file_size", "syntax": [ "scgi_max_temp_file_size size;" ], "def": "scgi_max_temp_file_size 1024m;", "contexts": [ "http", "server", "location" ], "desc": "When buffering of responses from the SCGIserver is enabled, and the whole response does not fit into the buffersset by the scgi_buffer_size and scgi_buffersdirectives, a part of the response can be saved to a temporary file.This directive sets the maximum size of the temporary file.The size of data written to the temporary file at a time is setby the scgi_temp_file_write_size directive.", "notes": [ "\nThis restriction does not apply to responses\nthat will be cached\nor stored on disk.\n" ], "since": null, "module": "ngx_http_scgi_module" }, { "name": "scgi_next_upstream", "syntax": [ "scgi_next_upstream \n error |\n timeout |\n invalid_header |\n http_500 |\n http_503 |\n http_403 |\n http_404 |\n http_429 |\n non_idempotent |\n off\n ...;" ], "def": "scgi_next_upstream error timeout;", "contexts": [ "http", "server", "location" ], "desc": "Specifies in which cases a request should be passed to the next server:", "notes": [], "since": null, "module": "ngx_http_scgi_module" }, { "name": "scgi_next_upstream_timeout", "syntax": [ "scgi_next_upstream_timeout time;" ], "def": "scgi_next_upstream_timeout 0;", "contexts": [ "http", "server", "location" ], "desc": "Limits the time during which a request can be passed to thenext server.The 0 value turns off this limitation.", "notes": [], "since": "1.7.5", "module": "ngx_http_scgi_module" }, { "name": "scgi_next_upstream_tries", "syntax": [ "scgi_next_upstream_tries number;" ], "def": "scgi_next_upstream_tries 0;", "contexts": [ "http", "server", "location" ], "desc": "Limits the number of possible tries for passing a request to thenext server.The 0 value turns off this limitation.", "notes": [], "since": "1.7.5", "module": "ngx_http_scgi_module" }, { "name": "scgi_no_cache", "syntax": [ "scgi_no_cache string ...;" ], "def": null, "contexts": [ "http", "server", "location" ], "desc": "Defines conditions under which the response will not be saved to a cache.If at least one value of the string parameters is not empty and is notequal to “0” then the response will not be saved:", "notes": [], "since": null, "module": "ngx_http_scgi_module" }, { "name": "scgi_param", "syntax": [ "scgi_param \n parameter value\n [if_not_empty];" ], "def": null, "contexts": [ "http", "server", "location" ], "desc": "Sets a parameter that should be passed to the SCGI server.The value can contain text, variables, and their combination.These directives are inherited from the previous level if andonly if there are noscgi_paramdirectives defined on the current level.", "notes": [], "since": null, "module": "ngx_http_scgi_module" }, { "name": "scgi_pass", "syntax": [ "scgi_pass address;" ], "def": null, "contexts": [ "location", "ifinlocation" ], "desc": "Sets the address of an SCGI server.The address can be specified as a domain name or IP address,and a port:", "notes": [], "since": null, "module": "ngx_http_scgi_module" }, { "name": "scgi_pass_header", "syntax": [ "scgi_pass_header field;" ], "def": null, "contexts": [ "http", "server", "location" ], "desc": "Permits passing otherwise disabled headerfields from an SCGI server to a client.", "notes": [], "since": null, "module": "ngx_http_scgi_module" }, { "name": "scgi_pass_request_body", "syntax": [ "scgi_pass_request_body on | off;" ], "def": "scgi_pass_request_body on;", "contexts": [ "http", "server", "location" ], "desc": "Indicates whether the original request body is passedto the SCGI server.See also the scgi_pass_request_headers directive.", "notes": [], "since": null, "module": "ngx_http_scgi_module" }, { "name": "scgi_pass_request_headers", "syntax": [ "scgi_pass_request_headers on | off;" ], "def": "scgi_pass_request_headers on;", "contexts": [ "http", "server", "location" ], "desc": "Indicates whether the header fields of the original request are passedto the SCGI server.See also the scgi_pass_request_body directive.", "notes": [], "since": null, "module": "ngx_http_scgi_module" }, { "name": "scgi_read_timeout", "syntax": [ "scgi_read_timeout time;" ], "def": "scgi_read_timeout 60s;", "contexts": [ "http", "server", "location" ], "desc": "Defines a timeout for reading a response from the SCGI server.The timeout is set only between two successive read operations,not for the transmission of the whole response.If the SCGI server does not transmit anything within this time,the connection is closed.", "notes": [], "since": null, "module": "ngx_http_scgi_module" }, { "name": "scgi_request_buffering", "syntax": [ "scgi_request_buffering on | off;" ], "def": "scgi_request_buffering on;", "contexts": [ "http", "server", "location" ], "desc": "Enables or disables buffering of a client request body.", "notes": [], "since": "1.7.11", "module": "ngx_http_scgi_module" }, { "name": "scgi_send_timeout", "syntax": [ "scgi_send_timeout time;" ], "def": "scgi_send_timeout 60s;", "contexts": [ "http", "server", "location" ], "desc": "Sets a timeout for transmitting a request to the SCGI server.The timeout is set only between two successive write operations,not for the transmission of the whole request.If the SCGI server does not receive anything within this time,the connection is closed.", "notes": [], "since": null, "module": "ngx_http_scgi_module" }, { "name": "scgi_store", "syntax": [ "scgi_store \n on |\n off |\n string;" ], "def": "scgi_store off;", "contexts": [ "http", "server", "location" ], "desc": "Enables saving of files to a disk.The on parameter saves files with pathscorresponding to the directivesalias orroot.The off parameter disables saving of files.In addition, the file name can be set explicitly using thestring with variables:", "notes": [], "since": null, "module": "ngx_http_scgi_module" }, { "name": "scgi_store_access", "syntax": [ "scgi_store_access users:permissions ...;" ], "def": "scgi_store_access user:rw;", "contexts": [ "http", "server", "location" ], "desc": "Sets access permissions for newly created files and directories, e.g.:", "notes": [], "since": null, "module": "ngx_http_scgi_module" }, { "name": "scgi_temp_file_write_size", "syntax": [ "scgi_temp_file_write_size size;" ], "def": "scgi_temp_file_write_size 8k|16k;", "contexts": [ "http", "server", "location" ], "desc": "Limits the size of data written to a temporary fileat a time, when buffering of responses from the SCGI serverto temporary files is enabled.By default, size is limited by two buffers set by thescgi_buffer_size and scgi_buffers directives.The maximum size of a temporary file is set by thescgi_max_temp_file_size directive.", "notes": [], "since": null, "module": "ngx_http_scgi_module" }, { "name": "scgi_temp_path", "syntax": [ "scgi_temp_path \n path\n [level1\n [level2\n [level3]]];" ], "def": "scgi_temp_path scgi_temp;", "contexts": [ "http", "server", "location" ], "desc": "Defines a directory for storing temporary fileswith data received from SCGI servers.Up to three-level subdirectory hierarchy can be used underneath the specifieddirectory.For example, in the following configuration", "notes": [], "since": null, "module": "ngx_http_scgi_module" }, { "name": "secure_link", "syntax": [ "secure_link expression;" ], "def": null, "contexts": [ "http", "server", "location" ], "desc": "Defines a string with variables from which thechecksum value and lifetime of a link will be extracted.", "notes": [], "since": null, "module": "ngx_http_secure_link_module" }, { "name": "secure_link_md5", "syntax": [ "secure_link_md5 expression;" ], "def": null, "contexts": [ "http", "server", "location" ], "desc": "Defines an expression for which the MD5 hash value willbe computed and compared with the value passed in a request.", "notes": [], "since": null, "module": "ngx_http_secure_link_module" }, { "name": "secure_link_secret", "syntax": [ "secure_link_secret word;" ], "def": null, "contexts": [ "location" ], "desc": "Defines a secret word used to check authenticityof requested links.", "notes": [], "since": null, "module": "ngx_http_secure_link_module" }, { "name": "session_log", "syntax": [ "session_log name | off;" ], "def": "session_log off;", "contexts": [ "http", "server", "location" ], "desc": "Enables the use of the specified session log.The special value off cancels allsession_log directives inherited from the previousconfiguration level.", "notes": [], "since": null, "module": "ngx_http_session_log_module" }, { "name": "session_log_format", "syntax": [ "session_log_format \n name\n string ...;" ], "def": "session_log_format combined \"...\";", "contexts": [ "http" ], "desc": "Specifies the output format of a log.The value of the $body_bytes_sent variable is aggregated acrossall requests in a session.The values of all other variables available for logging correspond to thefirst request in a session.", "notes": [], "since": null, "module": "ngx_http_session_log_module" }, { "name": "session_log_zone", "syntax": [ "session_log_zone \n path\n zone=name:size\n [format=format]\n [timeout=time]\n [id=id]\n [md5=md5]\n;" ], "def": null, "contexts": [ "http" ], "desc": "Sets the path to a log file and configures the shared memory zone that is usedto store currently active sessions.", "notes": [], "since": null, "module": "ngx_http_session_log_module" }, { "name": "slice", "syntax": [ "slice size;" ], "def": "slice 0;", "contexts": [ "http", "server", "location" ], "desc": "Sets the size of the slice.The zero value disables splitting responses into slices.Note that a too low value may result in excessive memory usageand opening a large number of files.", "notes": [], "since": null, "module": "ngx_http_slice_module" }, { "name": "spdy_chunk_size", "syntax": [ "spdy_chunk_size size;" ], "def": "spdy_chunk_size 8k;", "contexts": [ "http", "server", "location" ], "desc": "Sets the maximum size of chunksinto which the response body issliced.A too low value results in higher overhead.A too high value impairs prioritization due toHOL blocking.", "notes": [], "since": "1.5.9", "module": "ngx_http_spdy_module" }, { "name": "spdy_headers_comp", "syntax": [ "spdy_headers_comp level;" ], "def": "spdy_headers_comp 0;", "contexts": [ "http", "server" ], "desc": "Sets the header compression level of a response in a range from1 (fastest, less compression) to 9 (slowest, best compression).The special value 0 turns off the header compression.", "notes": [], "since": null, "module": "ngx_http_spdy_module" }, { "name": "split_clients", "syntax": [ "split_clients \n string\n $variable { ... }" ], "def": null, "contexts": [ "http" ], "desc": "Creates a variable for A/B testing, for example:", "notes": [], "since": null, "module": "ngx_http_split_clients_module" }, { "name": "ssi", "syntax": [ "ssi on | off;" ], "def": "ssi off;", "contexts": [ "http", "server", "location", "ifinlocation" ], "desc": "Enables or disables processing of SSI commands in responses.", "notes": [], "since": null, "module": "ngx_http_ssi_module" }, { "name": "ssi_last_modified", "syntax": [ "ssi_last_modified on | off;" ], "def": "ssi_last_modified off;", "contexts": [ "http", "server", "location" ], "desc": "Allows preserving the “Last-Modified” header fieldfrom the original response during SSI processingto facilitate response caching.", "notes": [], "since": "1.5.1", "module": "ngx_http_ssi_module" }, { "name": "ssi_min_file_chunk", "syntax": [ "ssi_min_file_chunk size;" ], "def": "ssi_min_file_chunk 1k;", "contexts": [ "http", "server", "location" ], "desc": "Sets the minimum size for parts of a response stored on disk,starting from which it makes sense to send them usingsendfile.", "notes": [], "since": null, "module": "ngx_http_ssi_module" }, { "name": "ssi_silent_errors", "syntax": [ "ssi_silent_errors on | off;" ], "def": "ssi_silent_errors off;", "contexts": [ "http", "server", "location" ], "desc": "If enabled, suppresses the output of the“[an error occurred while processing the directive]”string if an error occurred during SSI processing.", "notes": [], "since": null, "module": "ngx_http_ssi_module" }, { "name": "ssi_types", "syntax": [ "ssi_types mime-type ...;" ], "def": "ssi_types text/html;", "contexts": [ "http", "server", "location" ], "desc": "Enables processing of SSI commands in responses with the specified MIME typesin addition to “text/html”.The special value “*” matches any MIME type (0.8.29).", "notes": [], "since": null, "module": "ngx_http_ssi_module" }, { "name": "ssi_value_length", "syntax": [ "ssi_value_length length;" ], "def": "ssi_value_length 256;", "contexts": [ "http", "server", "location" ], "desc": "Sets the maximum length of parameter values in SSI commands.", "notes": [], "since": null, "module": "ngx_http_ssi_module" }, { "name": "ssl", "syntax": [ "ssl on | off;" ], "def": "ssl off;", "contexts": [ "http", "server" ], "desc": "This directive was made obsolete in version 1.15.0.The ssl parameterof the listen directiveshould be used instead.", "notes": [], "since": null, "module": "ngx_http_ssl_module" }, { "name": "ssl_buffer_size", "syntax": [ "ssl_buffer_size size;" ], "def": "ssl_buffer_size 16k;", "contexts": [ "http", "server" ], "desc": "Sets the size of the buffer used for sending data.", "notes": [], "since": "1.5.9", "module": "ngx_http_ssl_module" }, { "name": "ssl_certificate", "syntax": [ "ssl_certificate file;" ], "def": null, "contexts": [ "http", "server" ], "desc": "Specifies a file with the certificate in the PEM formatfor the given virtual server.If intermediate certificates should be specified in addition to a primarycertificate, they should be specified in the same file in the followingorder: the primary certificate comes first, then the intermediate certificates.A secret key in the PEM format may be placed in the same file.", "notes": [ "\nOnly OpenSSL 1.0.2 or higher supports separate\ncertificate chains\nfor different certificates.\nWith older versions, only one certificate chain can be used.\n" ], "since": null, "module": "ngx_http_ssl_module" }, { "name": "ssl_certificate_key", "syntax": [ "ssl_certificate_key file;" ], "def": null, "contexts": [ "http", "server" ], "desc": "Specifies a file with the secret key in the PEM formatfor the given virtual server.", "notes": [], "since": null, "module": "ngx_http_ssl_module" }, { "name": "ssl_ciphers", "syntax": [ "ssl_ciphers ciphers;" ], "def": "ssl_ciphers HIGH:!aNULL:!MD5;", "contexts": [ "http", "server" ], "desc": "Specifies the enabled ciphers.The ciphers are specified in the format understood by theOpenSSL library, for example:", "notes": [ "\nThe previous versions of nginx used\ndifferent\nciphers by default.\n" ], "since": null, "module": "ngx_http_ssl_module" }, { "name": "ssl_client_certificate", "syntax": [ "ssl_client_certificate file;" ], "def": null, "contexts": [ "http", "server" ], "desc": "Specifies a file with trusted CA certificates in the PEM formatused to verify client certificates andOCSP responses if ssl_stapling is enabled.", "notes": [], "since": null, "module": "ngx_http_ssl_module" }, { "name": "ssl_crl", "syntax": [ "ssl_crl file;" ], "def": null, "contexts": [ "http", "server" ], "desc": "Specifies a file with revoked certificates (CRL)in the PEM format used to verifyclient certificates.", "notes": [], "since": "0.8.7", "module": "ngx_http_ssl_module" }, { "name": "ssl_dhparam", "syntax": [ "ssl_dhparam file;" ], "def": null, "contexts": [ "http", "server" ], "desc": "Specifies a file with DH parameters for DHE ciphers.", "notes": [], "since": "0.7.2", "module": "ngx_http_ssl_module" }, { "name": "ssl_ecdh_curve", "syntax": [ "ssl_ecdh_curve curve;" ], "def": "ssl_ecdh_curve auto;", "contexts": [ "http", "server" ], "desc": "Specifies a curve for ECDHE ciphers.", "notes": [ "\nPrior to version 1.11.0,\nthe prime256v1 curve was used by default.\n" ], "since": "1.1.0", "module": "ngx_http_ssl_module" }, { "name": "ssl_password_file", "syntax": [ "ssl_password_file file;" ], "def": null, "contexts": [ "http", "server" ], "desc": "Specifies a file with passphrases forsecret keyswhere each passphrase is specified on a separate line.Passphrases are tried in turn when loading the key.", "notes": [], "since": "1.7.3", "module": "ngx_http_ssl_module" }, { "name": "ssl_prefer_server_ciphers", "syntax": [ "ssl_prefer_server_ciphers on | off;" ], "def": "ssl_prefer_server_ciphers off;", "contexts": [ "http", "server" ], "desc": "Specifies that server ciphers should be preferred over clientciphers when using the SSLv3 and TLS protocols.", "notes": [], "since": null, "module": "ngx_http_ssl_module" }, { "name": "ssl_protocols", "syntax": [ "ssl_protocols \n [SSLv2]\n [SSLv3]\n [TLSv1]\n [TLSv1.1]\n [TLSv1.2]\n [TLSv1.3];" ], "def": "ssl_protocols TLSv1 TLSv1.1 TLSv1.2;", "contexts": [ "http", "server" ], "desc": "Enables the specified protocols.", "notes": [ "\nThe TLSv1.1 and TLSv1.2 parameters\n(1.1.13, 1.0.12) work only when OpenSSL 1.0.1 or higher is used.\n", "\nThe TLSv1.3 parameter (1.13.0) works only when\nOpenSSL 1.1.1 built with TLSv1.3 support is used.\n" ], "since": null, "module": "ngx_http_ssl_module" }, { "name": "ssl_session_cache", "syntax": [ "ssl_session_cache \n off |\n none |\n [builtin[:size]]\n [shared:name:size];" ], "def": "ssl_session_cache none;", "contexts": [ "http", "server" ], "desc": "Sets the types and sizes of caches that store session parameters.A cache can be of any of the following types:", "notes": [], "since": null, "module": "ngx_http_ssl_module" }, { "name": "ssl_session_ticket_key", "syntax": [ "ssl_session_ticket_key file;" ], "def": null, "contexts": [ "http", "server" ], "desc": "Sets a file with the secret key used to encryptand decrypt TLS session tickets.The directive is necessary if the same key has to be shared betweenmultiple servers.By default, a randomly generated key is used.", "notes": [], "since": "1.5.7", "module": "ngx_http_ssl_module" }, { "name": "ssl_session_tickets", "syntax": [ "ssl_session_tickets on | off;" ], "def": "ssl_session_tickets on;", "contexts": [ "http", "server" ], "desc": "Enables or disables session resumption throughTLS session tickets.", "notes": [], "since": "1.5.9", "module": "ngx_http_ssl_module" }, { "name": "ssl_session_timeout", "syntax": [ "ssl_session_timeout time;" ], "def": "ssl_session_timeout 5m;", "contexts": [ "http", "server" ], "desc": "Specifies a time during which a client may reuse thesession parameters.", "notes": [], "since": null, "module": "ngx_http_ssl_module" }, { "name": "ssl_stapling", "syntax": [ "ssl_stapling on | off;" ], "def": "ssl_stapling off;", "contexts": [ "http", "server" ], "desc": "Enables or disablesstaplingof OCSP responses by the server.Example:", "notes": [], "since": "1.3.7", "module": "ngx_http_ssl_module" }, { "name": "ssl_stapling_file", "syntax": [ "ssl_stapling_file file;" ], "def": null, "contexts": [ "http", "server" ], "desc": "When set, the stapled OCSP response will be taken from thespecified file instead of queryingthe OCSP responder specified in the server certificate.", "notes": [], "since": "1.3.7", "module": "ngx_http_ssl_module" }, { "name": "ssl_stapling_responder", "syntax": [ "ssl_stapling_responder url;" ], "def": null, "contexts": [ "http", "server" ], "desc": "Overrides the URL of the OCSP responder specified in the“AuthorityInformation Access” certificate extension.", "notes": [], "since": "1.3.7", "module": "ngx_http_ssl_module" }, { "name": "ssl_stapling_verify", "syntax": [ "ssl_stapling_verify on | off;" ], "def": "ssl_stapling_verify off;", "contexts": [ "http", "server" ], "desc": "Enables or disables verification of OCSP responses by the server.", "notes": [], "since": "1.3.7", "module": "ngx_http_ssl_module" }, { "name": "ssl_trusted_certificate", "syntax": [ "ssl_trusted_certificate file;" ], "def": null, "contexts": [ "http", "server" ], "desc": "Specifies a file with trusted CA certificates in the PEM formatused to verify client certificates andOCSP responses if ssl_stapling is enabled.", "notes": [], "since": "1.3.7", "module": "ngx_http_ssl_module" }, { "name": "ssl_verify_client", "syntax": [ "ssl_verify_client \n on | off |\n optional | optional_no_ca;" ], "def": "ssl_verify_client off;", "contexts": [ "http", "server" ], "desc": "Enables verification of client certificates.The verification result is stored in the$ssl_client_verify variable.", "notes": [], "since": null, "module": "ngx_http_ssl_module" }, { "name": "ssl_verify_depth", "syntax": [ "ssl_verify_depth number;" ], "def": "ssl_verify_depth 1;", "contexts": [ "http", "server" ], "desc": "Sets the verification depth in the client certificates chain.", "notes": [], "since": null, "module": "ngx_http_ssl_module" }, { "name": "status", "syntax": [ "status;" ], "def": null, "contexts": [ "location" ], "desc": "The status information will be accessible from the surrounding location.Access to this location should belimited.", "notes": [], "since": null, "module": "ngx_http_status_module" }, { "name": "status_format", "syntax": [ "status_format json;", "status_format jsonp [callback];" ], "def": "status_format json;", "contexts": [ "http", "server", "location" ], "desc": "By default, status information is output in the JSON format.", "notes": [], "since": null, "module": "ngx_http_status_module" }, { "name": "status_zone", "syntax": [ "status_zone zone;" ], "def": null, "contexts": [ "server" ], "desc": "Enables collection of virtualhttporstream(1.7.11) server status information in the specified zone.Several servers may share the same zone.", "notes": [], "since": null, "module": "ngx_http_status_module" }, { "name": "stub_status", "syntax": [ "stub_status;" ], "def": null, "contexts": [ "server", "location" ], "desc": "The basic status information will be accessible from the surrounding location.", "notes": [ "\nIn versions prior to 1.7.5,\nthe directive syntax required an arbitrary argument, for example,\n“stub_status on”.\n" ], "since": null, "module": "ngx_http_stub_status_module" }, { "name": "sub_filter", "syntax": [ "sub_filter string replacement;" ], "def": null, "contexts": [ "http", "server", "location" ], "desc": "Sets a string to replace and a replacement string.The string to replace is matched ignoring the case.The string to replace (1.9.4) and replacement string can contain variables.Several sub_filter directivescan be specified on one configuration level (1.9.4).These directives are inherited from the previous level if and only if there areno sub_filter directives defined on the current level.", "notes": [], "since": null, "module": "ngx_http_sub_module" }, { "name": "sub_filter_last_modified", "syntax": [ "sub_filter_last_modified on | off;" ], "def": "sub_filter_last_modified off;", "contexts": [ "http", "server", "location" ], "desc": "Allows preserving the “Last-Modified” header fieldfrom the original response during replacementto facilitate response caching.", "notes": [], "since": "1.5.1", "module": "ngx_http_sub_module" }, { "name": "sub_filter_once", "syntax": [ "sub_filter_once on | off;" ], "def": "sub_filter_once on;", "contexts": [ "http", "server", "location" ], "desc": "Indicates whether to look for each string to replaceonce or repeatedly.", "notes": [], "since": null, "module": "ngx_http_sub_module" }, { "name": "sub_filter_types", "syntax": [ "sub_filter_types mime-type ...;" ], "def": "sub_filter_types text/html;", "contexts": [ "http", "server", "location" ], "desc": "Enables string replacement in responses with the specified MIME typesin addition to “text/html”.The special value “*” matches any MIME type (0.8.29).", "notes": [], "since": null, "module": "ngx_http_sub_module" }, { "name": "upstream", "syntax": [ "upstream name { ... }" ], "def": null, "contexts": [ "http" ], "desc": "Defines a group of servers.Servers can listen on different ports.In addition, servers listening on TCP and UNIX-domain socketscan be mixed.", "notes": [], "since": null, "module": "ngx_http_upstream_module" }, { "name": "server", "syntax": [ "server address [parameters];" ], "def": null, "contexts": [ "upstream" ], "desc": "Defines the address and other parametersof a server.The address can be specified as a domain name or IP address,with an optional port, or as a UNIX-domain socket pathspecified after the “unix:” prefix.If a port is not specified, the port 80 is used.A domain name that resolves to several IP addresses definesmultiple servers at once.", "notes": [ "\nIf there is only a single server in a group, max_fails,\nfail_timeout and slow_start parameters\nare ignored, and such a server will never be considered unavailable.\n" ], "since": null, "module": "ngx_http_upstream_module" }, { "name": "zone", "syntax": [ "zone name [size];" ], "def": null, "contexts": [ "upstream" ], "desc": "Defines the name and size of the sharedmemory zone that keeps the group’s configuration and run-time state that areshared between worker processes.Several groups may share the same zone.In this case, it is enough to specify the size only once.", "notes": [ "\nPrior to version 1.13.3,\nthe configuration was accessible only via a special location\nhandled by\nupstream_conf.\n" ], "since": "1.9.0", "module": "ngx_http_upstream_module" }, { "name": "state", "syntax": [ "state file;" ], "def": null, "contexts": [ "upstream" ], "desc": "Specifies a file that keeps the stateof the dynamically configurable group.", "notes": [ "\nChanges made during\nconfiguration reload\nor binary upgrade\ncan be lost.\n", "\nThis directive is available as part of our\ncommercial subscription.\n" ], "since": "1.9.7", "module": "ngx_http_upstream_module" }, { "name": "hash", "syntax": [ "hash key [consistent];" ], "def": null, "contexts": [ "upstream" ], "desc": "Specifies a load balancing method for a server groupwhere the client-server mapping is based on the hashed key value.The key can contain text, variables, and their combinations.Note that adding or removing a server from the groupmay result in remapping most of the keys to different servers.The method is compatible with theCache::MemcachedPerl library.", "notes": [], "since": "1.7.2", "module": "ngx_http_upstream_module" }, { "name": "ip_hash", "syntax": [ "ip_hash;" ], "def": null, "contexts": [ "upstream" ], "desc": "Specifies that a group should use a load balancing method where requestsare distributed between servers based on client IP addresses.The first three octets of the client IPv4 address, or the entire IPv6 address,are used as a hashing key.The method ensures that requests from the same client will always bepassed to the same server except when this server is unavailable.In the latter case client requests will be passed to another server.Most probably, it will always be the same server as well.", "notes": [ "\nIPv6 addresses are supported starting from versions 1.3.2 and 1.2.2.\n", "\nUntil versions 1.3.1 and 1.2.2, it was not possible to specify a weight for\nservers using the ip_hash load balancing method.\n" ], "since": null, "module": "ngx_http_upstream_module" }, { "name": "keepalive", "syntax": [ "keepalive connections;" ], "def": null, "contexts": [ "upstream" ], "desc": "Activates the cache for connections to upstream servers.", "notes": [ "\nIt should be particularly noted that the keepalive directive\ndoes not limit the total number of connections to upstream servers\nthat an nginx worker process can open.\nThe connections parameter should be set to a number small enough\nto let upstream servers process new incoming connections as well.\n", "\nAlternatively, HTTP/1.0 persistent connections can be used by passing the\n“Connection: Keep-Alive” header field to an upstream server,\nthough this method is not recommended.\n", "\nWhen using load balancer methods other than the default\nround-robin method, it is necessary to activate them before\nthe keepalive directive.\n", "\nSCGI and uwsgi protocols do not have a notion of keepalive connections.\n" ], "since": "1.1.4", "module": "ngx_http_upstream_module" }, { "name": "ntlm", "syntax": [ "ntlm;" ], "def": null, "contexts": [ "upstream" ], "desc": "Allows proxying requests withNTLMAuthentication.The upstream connection is bound to the client connectiononce the client sends a request with the “Authorization”header field valuestarting with “Negotiate” or “NTLM”.Further client requests will be proxied through the same upstream connection,keeping the authentication context.", "notes": [ "\nWhen using load balancer methods other than the default\nround-robin method, it is necessary to activate them before\nthe ntlm directive.\n", "\nThis directive is available as part of our\ncommercial subscription.\n" ], "since": "1.9.2", "module": "ngx_http_upstream_module" }, { "name": "least_conn", "syntax": [ "least_conn;" ], "def": null, "contexts": [ "upstream" ], "desc": "Specifies that a group should use a load balancing method where a requestis passed to the server with the least number of active connections,taking into account weights of servers.If there are several such servers, they are tried in turn using aweighted round-robin balancing method.", "notes": [], "since": "1.3.1", "module": "ngx_http_upstream_module" }, { "name": "least_time", "syntax": [ "least_time \n header |\n last_byte\n [inflight];" ], "def": null, "contexts": [ "upstream" ], "desc": "Specifies that a group should use a load balancing method where a requestis passed to the server with the least average response time andleast number of active connections, taking into account weights of servers.If there are several such servers, they are tried in turn using aweighted round-robin balancing method.", "notes": [ "\nPrior to version 1.11.6, incomplete requests were taken into account by default.\n", "\nThis directive is available as part of our\ncommercial subscription.\n" ], "since": "1.7.10", "module": "ngx_http_upstream_module" }, { "name": "queue", "syntax": [ "queue \nnumber\n[timeout=time];" ], "def": null, "contexts": [ "upstream" ], "desc": "If an upstream server cannot be selected immediatelywhile processing a request,the request will be placed into the queue.The directive specifies the maximum number of requeststhat can be in the queue at the same time.If the queue is filled up,or the server to pass the request to cannot be selected withinthe time period specified in the timeout parameter,the 502 (Bad Gateway)error will be returned to the client.", "notes": [ "\nWhen using load balancer methods other than the default\nround-robin method, it is necessary to activate them before\nthe queue directive.\n", "\nThis directive is available as part of our\ncommercial subscription.\n" ], "since": "1.5.12", "module": "ngx_http_upstream_module" }, { "name": "random", "syntax": [ "random [two [method]];" ], "def": null, "contexts": [ "upstream" ], "desc": "Specifies that a group should use a load balancing method where a requestis passed to a randomly selected server, taking into account weightsof servers.", "notes": [], "since": "1.15.1", "module": "ngx_http_upstream_module" }, { "name": "sticky", "syntax": [ "sticky \n cookie name\n [expires=time]\n [domain=domain]\n [httponly]\n [secure]\n [path=path];", "sticky \n route $variable ...;", "sticky \n learn\n create=$variable\n lookup=$variable\n zone=name:size\n [timeout=time]\n [header]\n [sync];" ], "def": null, "contexts": [ "upstream" ], "desc": "Enables session affinity, which causes requests from the same client to bepassed to the same server in a group of servers.Three methods are available:", "notes": [ "\nThis directive is available as part of our\ncommercial subscription.\n" ], "since": "1.5.7", "module": "ngx_http_upstream_module" }, { "name": "sticky_cookie_insert", "syntax": [ "sticky_cookie_insert name\n[expires=time]\n[domain=domain]\n[path=path];" ], "def": null, "contexts": [ "upstream" ], "desc": "This directive is obsolete since version 1.5.7.An equivalentsticky directive with a new syntax should be used instead:", "notes": [ "\nsticky cookie name\n[expires=time]\n[domain=domain]\n[path=path];\n" ], "since": null, "module": "ngx_http_upstream_module" }, { "name": "upstream_conf", "syntax": [ "upstream_conf;" ], "def": null, "contexts": [ "location" ], "desc": "Turns on the HTTP interface of upstream configuration in the surroundinglocation.Access to this location should belimited.", "notes": [], "since": null, "module": "ngx_http_upstream_conf_module" }, { "name": "health_check", "syntax": [ "health_check [parameters];" ], "def": null, "contexts": [ "location" ], "desc": "Enables periodic health checks of the servers in agroupreferenced in the surrounding location.", "notes": [], "since": null, "module": "ngx_http_upstream_hc_module" }, { "name": "match", "syntax": [ "match name { ... }" ], "def": null, "contexts": [ "http" ], "desc": "Defines the named test set used to verify responses to health check requests.", "notes": [ "\nOnly the first 256k of the response body are examined.\n" ], "since": null, "module": "ngx_http_upstream_hc_module" }, { "name": "userid", "syntax": [ "userid \n on |\n v1 |\n log |\n off;" ], "def": "userid off;", "contexts": [ "http", "server", "location" ], "desc": "Enables or disables setting cookies and logging the received cookies:", "notes": [], "since": null, "module": "ngx_http_userid_module" }, { "name": "userid_domain", "syntax": [ "userid_domain name | none;" ], "def": "userid_domain none;", "contexts": [ "http", "server", "location" ], "desc": "Defines a domain for which the cookie is set.The none parameter disables setting of a domain for thecookie.", "notes": [], "since": null, "module": "ngx_http_userid_module" }, { "name": "userid_expires", "syntax": [ "userid_expires time | max |\n off;" ], "def": "userid_expires off;", "contexts": [ "http", "server", "location" ], "desc": "Sets a time during which a browser should keep the cookie.The parameter max will cause the cookie to expire on“31 Dec 2037 23:55:55 GMT”.The parameter off will cause the cookie to expire atthe end of a browser session.", "notes": [], "since": null, "module": "ngx_http_userid_module" }, { "name": "userid_mark", "syntax": [ "userid_mark \n letter | digit |\n = |\n off;" ], "def": "userid_mark off;", "contexts": [ "http", "server", "location" ], "desc": "If the parameter is not off, enables the cookie markingmechanism and sets the character used as a mark.This mechanism is used to add or changeuserid_p3p and/or a cookie expiration time whilepreserving the client identifier.A mark can be any letter of the English alphabet (case-sensitive),digit, or the “=” character.", "notes": [], "since": null, "module": "ngx_http_userid_module" }, { "name": "userid_name", "syntax": [ "userid_name name;" ], "def": "userid_name uid;", "contexts": [ "http", "server", "location" ], "desc": "Sets the cookie name.", "notes": [], "since": null, "module": "ngx_http_userid_module" }, { "name": "userid_p3p", "syntax": [ "userid_p3p string | none;" ], "def": "userid_p3p none;", "contexts": [ "http", "server", "location" ], "desc": "Sets a value for the “P3P” header field that will besent along with the cookie.If the directive is set to the special value none,the “P3P” header will not be sent in a response.", "notes": [], "since": null, "module": "ngx_http_userid_module" }, { "name": "userid_path", "syntax": [ "userid_path path;" ], "def": "userid_path /;", "contexts": [ "http", "server", "location" ], "desc": "Defines a path for which the cookie is set.", "notes": [], "since": null, "module": "ngx_http_userid_module" }, { "name": "userid_service", "syntax": [ "userid_service number;" ], "def": "userid_service IP address of the server;", "contexts": [ "http", "server", "location" ], "desc": "If identifiers are issued by multiple servers (services),each service should be assigned its own numberto ensure that client identifiers are unique.For version 1 cookies, the default value is zero.For version 2 cookies, the default value is the number composed from the lastfour octets of the server’s IP address.", "notes": [], "since": null, "module": "ngx_http_userid_module" }, { "name": "uwsgi_bind", "syntax": [ "uwsgi_bind \n address\n [transparent] |\n off;" ], "def": null, "contexts": [ "http", "server", "location" ], "desc": "Makes outgoing connections to a uwsgi server originatefrom the specified local IP address with an optional port (1.11.2).Parameter value can contain variables (1.3.12).The special value off (1.3.12) cancels the effectof the uwsgi_bind directiveinherited from the previous configuration level, which allows thesystem to auto-assign the local IP address and port.", "notes": [], "since": null, "module": "ngx_http_uwsgi_module" }, { "name": "uwsgi_buffer_size", "syntax": [ "uwsgi_buffer_size size;" ], "def": "uwsgi_buffer_size 4k|8k;", "contexts": [ "http", "server", "location" ], "desc": "Sets the size of the buffer used for reading the first partof the response received from the uwsgi server.This part usually contains a small response header.By default, the buffer size is equal to one memory page.This is either 4K or 8K, depending on a platform.It can be made smaller, however.", "notes": [], "since": null, "module": "ngx_http_uwsgi_module" }, { "name": "uwsgi_buffering", "syntax": [ "uwsgi_buffering on | off;" ], "def": "uwsgi_buffering on;", "contexts": [ "http", "server", "location" ], "desc": "Enables or disables buffering of responses from the uwsgi server.", "notes": [], "since": null, "module": "ngx_http_uwsgi_module" }, { "name": "uwsgi_buffers", "syntax": [ "uwsgi_buffers number size;" ], "def": "uwsgi_buffers 8 4k|8k;", "contexts": [ "http", "server", "location" ], "desc": "Sets the number and size of thebuffers used for reading a response from the uwsgi server,for a single connection.By default, the buffer size is equal to one memory page.This is either 4K or 8K, depending on a platform.", "notes": [], "since": null, "module": "ngx_http_uwsgi_module" }, { "name": "uwsgi_busy_buffers_size", "syntax": [ "uwsgi_busy_buffers_size size;" ], "def": "uwsgi_busy_buffers_size 8k|16k;", "contexts": [ "http", "server", "location" ], "desc": "When buffering of responses from the uwsgiserver is enabled, limits the total size of buffers thatcan be busy sending a response to the client while the response is notyet fully read.In the meantime, the rest of the buffers can be used for reading the responseand, if needed, buffering part of the response to a temporary file.By default, size is limited by the size of two buffers set by theuwsgi_buffer_size and uwsgi_buffers directives.", "notes": [], "since": null, "module": "ngx_http_uwsgi_module" }, { "name": "uwsgi_cache", "syntax": [ "uwsgi_cache zone | off;" ], "def": "uwsgi_cache off;", "contexts": [ "http", "server", "location" ], "desc": "Defines a shared memory zone used for caching.The same zone can be used in several places.Parameter value can contain variables (1.7.9).The off parameter disables caching inheritedfrom the previous configuration level.", "notes": [], "since": null, "module": "ngx_http_uwsgi_module" }, { "name": "uwsgi_cache_background_update", "syntax": [ "uwsgi_cache_background_update on | off;" ], "def": "uwsgi_cache_background_update off;", "contexts": [ "http", "server", "location" ], "desc": "Allows starting a background subrequestto update an expired cache item,while a stale cached response is returned to the client.Note that it is necessary toallowthe usage of a stale cached response when it is being updated.", "notes": [], "since": "1.11.10", "module": "ngx_http_uwsgi_module" }, { "name": "uwsgi_cache_bypass", "syntax": [ "uwsgi_cache_bypass string ...;" ], "def": null, "contexts": [ "http", "server", "location" ], "desc": "Defines conditions under which the response will not be taken from a cache.If at least one value of the string parameters is not empty and is notequal to “0” then the response will not be taken from the cache:", "notes": [], "since": null, "module": "ngx_http_uwsgi_module" }, { "name": "uwsgi_cache_key", "syntax": [ "uwsgi_cache_key string;" ], "def": null, "contexts": [ "http", "server", "location" ], "desc": "Defines a key for caching, for example", "notes": [], "since": null, "module": "ngx_http_uwsgi_module" }, { "name": "uwsgi_cache_lock", "syntax": [ "uwsgi_cache_lock on | off;" ], "def": "uwsgi_cache_lock off;", "contexts": [ "http", "server", "location" ], "desc": "When enabled, only one request at a time will be allowed to populatea new cache element identified according to the uwsgi_cache_keydirective by passing a request to a uwsgi server.Other requests of the same cache element will either waitfor a response to appear in the cache or the cache lock forthis element to be released, up to the time set by theuwsgi_cache_lock_timeout directive.", "notes": [], "since": "1.1.12", "module": "ngx_http_uwsgi_module" }, { "name": "uwsgi_cache_lock_age", "syntax": [ "uwsgi_cache_lock_age time;" ], "def": "uwsgi_cache_lock_age 5s;", "contexts": [ "http", "server", "location" ], "desc": "If the last request passed to the uwsgi serverfor populating a new cache elementhas not completed for the specified time,one more request may be passed to the uwsgi server.", "notes": [], "since": "1.7.8", "module": "ngx_http_uwsgi_module" }, { "name": "uwsgi_cache_lock_timeout", "syntax": [ "uwsgi_cache_lock_timeout time;" ], "def": "uwsgi_cache_lock_timeout 5s;", "contexts": [ "http", "server", "location" ], "desc": "Sets a timeout for uwsgi_cache_lock.When the time expires,the request will be passed to the uwsgi server,however, the response will not be cached.", "notes": [ "\nBefore 1.7.8, the response could be cached.\n" ], "since": "1.1.12", "module": "ngx_http_uwsgi_module" }, { "name": "uwsgi_cache_max_range_offset", "syntax": [ "uwsgi_cache_max_range_offset number;" ], "def": null, "contexts": [ "http", "server", "location" ], "desc": "Sets an offset in bytes for byte-range requests.If the range is beyond the offset,the range request will be passed to the uwsgi serverand the response will not be cached.", "notes": [], "since": "1.11.6", "module": "ngx_http_uwsgi_module" }, { "name": "uwsgi_cache_methods", "syntax": [ "uwsgi_cache_methods \n GET |\n HEAD |\n POST\n ...;" ], "def": "uwsgi_cache_methods GET HEAD;", "contexts": [ "http", "server", "location" ], "desc": "If the client request method is listed in this directive thenthe response will be cached.“GET” and “HEAD” methods are alwaysadded to the list, though it is recommended to specify them explicitly.See also the uwsgi_no_cache directive.", "notes": [], "since": null, "module": "ngx_http_uwsgi_module" }, { "name": "uwsgi_cache_min_uses", "syntax": [ "uwsgi_cache_min_uses number;" ], "def": "uwsgi_cache_min_uses 1;", "contexts": [ "http", "server", "location" ], "desc": "Sets the number of requests after which the responsewill be cached.", "notes": [], "since": null, "module": "ngx_http_uwsgi_module" }, { "name": "uwsgi_cache_path", "syntax": [ "uwsgi_cache_path \n path\n [levels=levels]\n [use_temp_path=on|off]\n keys_zone=name:size\n [inactive=time]\n [max_size=size]\n [manager_files=number]\n [manager_sleep=time]\n [manager_threshold=time]\n [loader_files=number]\n [loader_sleep=time]\n [loader_threshold=time]\n [purger=on|off]\n [purger_files=number]\n [purger_sleep=time]\n [purger_threshold=time];" ], "def": null, "contexts": [ "http" ], "desc": "Sets the path and other parameters of a cache.Cache data are stored in files.The file name in a cache is a result ofapplying the MD5 function to thecache key.The levels parameter defines hierarchy levels of a cache:from 1 to 3, each level accepts values 1 or 2.For example, in the following configuration", "notes": [ "\nAs part of\ncommercial subscription,\nthe shared memory zone also stores extended\ncache information,\nthus, it is required to specify a larger zone size for the same number of keys.\nFor example,\none megabyte zone can store about 4 thousand keys.\n", "\nIn versions 1.7.3, 1.7.7, and 1.11.10 cache header format has been changed.\nPreviously cached responses will be considered invalid\nafter upgrading to a newer nginx version.\n" ], "since": null, "module": "ngx_http_uwsgi_module" }, { "name": "uwsgi_cache_purge", "syntax": [ "uwsgi_cache_purge string ...;" ], "def": null, "contexts": [ "http", "server", "location" ], "desc": "Defines conditions under which the request will be considered a cachepurge request.If at least one value of the string parameters is not empty and is not equalto “0” then the cache entry with a correspondingcache key is removed.The result of successful operation is indicated by returningthe 204 (No Content) response.", "notes": [ "\nThis functionality is available as part of our\ncommercial subscription.\n" ], "since": "1.5.7", "module": "ngx_http_uwsgi_module" }, { "name": "uwsgi_cache_revalidate", "syntax": [ "uwsgi_cache_revalidate on | off;" ], "def": "uwsgi_cache_revalidate off;", "contexts": [ "http", "server", "location" ], "desc": "Enables revalidation of expired cache items using conditional requests withthe “If-Modified-Since” and “If-None-Match”header fields.", "notes": [], "since": "1.5.7", "module": "ngx_http_uwsgi_module" }, { "name": "uwsgi_cache_use_stale", "syntax": [ "uwsgi_cache_use_stale \n error |\n timeout |\n invalid_header |\n updating |\n http_500 |\n http_503 |\n http_403 |\n http_404 |\n http_429 |\n off\n ...;" ], "def": "uwsgi_cache_use_stale off;", "contexts": [ "http", "server", "location" ], "desc": "Determines in which cases a stale cached response can be usedwhen an error occurs during communication with the uwsgi server.The directive’s parameters match the parameters of theuwsgi_next_upstream directive.", "notes": [], "since": null, "module": "ngx_http_uwsgi_module" }, { "name": "uwsgi_cache_valid", "syntax": [ "uwsgi_cache_valid [code ...] time;" ], "def": null, "contexts": [ "http", "server", "location" ], "desc": "Sets caching time for different response codes.For example, the following directives", "notes": [], "since": null, "module": "ngx_http_uwsgi_module" }, { "name": "uwsgi_connect_timeout", "syntax": [ "uwsgi_connect_timeout time;" ], "def": "uwsgi_connect_timeout 60s;", "contexts": [ "http", "server", "location" ], "desc": "Defines a timeout for establishing a connection with a uwsgi server.It should be noted that this timeout cannot usually exceed 75 seconds.", "notes": [], "since": null, "module": "ngx_http_uwsgi_module" }, { "name": "uwsgi_force_ranges", "syntax": [ "uwsgi_force_ranges on | off;" ], "def": "uwsgi_force_ranges off;", "contexts": [ "http", "server", "location" ], "desc": "Enables byte-range supportfor both cached and uncached responses from the uwsgi serverregardless of the “Accept-Ranges” field in these responses.", "notes": [], "since": "1.7.7", "module": "ngx_http_uwsgi_module" }, { "name": "uwsgi_hide_header", "syntax": [ "uwsgi_hide_header field;" ], "def": null, "contexts": [ "http", "server", "location" ], "desc": "By default,nginx does not pass the header fields “Status” and“X-Accel-...” from the response of a uwsgiserver to a client.The uwsgi_hide_header directive sets additional fieldsthat will not be passed.If, on the contrary, the passing of fields needs to be permitted,the uwsgi_pass_header directive can be used.", "notes": [], "since": null, "module": "ngx_http_uwsgi_module" }, { "name": "uwsgi_ignore_client_abort", "syntax": [ "uwsgi_ignore_client_abort on | off;" ], "def": "uwsgi_ignore_client_abort off;", "contexts": [ "http", "server", "location" ], "desc": "Determines whether the connection with a uwsgi server should beclosed when a client closes the connection without waitingfor a response.", "notes": [], "since": null, "module": "ngx_http_uwsgi_module" }, { "name": "uwsgi_ignore_headers", "syntax": [ "uwsgi_ignore_headers field ...;" ], "def": null, "contexts": [ "http", "server", "location" ], "desc": "Disables processing of certain response header fields from the uwsgi server.The following fields can be ignored: “X-Accel-Redirect”,“X-Accel-Expires”, “X-Accel-Limit-Rate” (1.1.6),“X-Accel-Buffering” (1.1.6),“X-Accel-Charset” (1.1.6), “Expires”,“Cache-Control”, “Set-Cookie” (0.8.44),and “Vary” (1.7.7).", "notes": [], "since": null, "module": "ngx_http_uwsgi_module" }, { "name": "uwsgi_intercept_errors", "syntax": [ "uwsgi_intercept_errors on | off;" ], "def": "uwsgi_intercept_errors off;", "contexts": [ "http", "server", "location" ], "desc": "Determines whether a uwsgi server responses with codes greater than or equalto 300 should be passed to a clientor be intercepted and redirected to nginx for processingwith the error_page directive.", "notes": [], "since": null, "module": "ngx_http_uwsgi_module" }, { "name": "uwsgi_limit_rate", "syntax": [ "uwsgi_limit_rate rate;" ], "def": "uwsgi_limit_rate 0;", "contexts": [ "http", "server", "location" ], "desc": "Limits the speed of reading the response from the uwsgi server.The rate is specified in bytes per second.The zero value disables rate limiting.The limit is set per a request, and so if nginx simultaneously openstwo connections to the uwsgi server,the overall rate will be twice as much as the specified limit.The limitation works only ifbuffering of responses from the uwsgiserver is enabled.", "notes": [], "since": "1.7.7", "module": "ngx_http_uwsgi_module" }, { "name": "uwsgi_max_temp_file_size", "syntax": [ "uwsgi_max_temp_file_size size;" ], "def": "uwsgi_max_temp_file_size 1024m;", "contexts": [ "http", "server", "location" ], "desc": "When buffering of responses from the uwsgiserver is enabled, and the whole response does not fit into the buffersset by the uwsgi_buffer_size and uwsgi_buffersdirectives, a part of the response can be saved to a temporary file.This directive sets the maximum size of the temporary file.The size of data written to the temporary file at a time is setby the uwsgi_temp_file_write_size directive.", "notes": [ "\nThis restriction does not apply to responses\nthat will be cached\nor stored on disk.\n" ], "since": null, "module": "ngx_http_uwsgi_module" }, { "name": "uwsgi_modifier1", "syntax": [ "uwsgi_modifier1 number;" ], "def": "uwsgi_modifier1 0;", "contexts": [ "http", "server", "location" ], "desc": "Sets the value of the modifier1 field in theuwsgipacket header.", "notes": [], "since": null, "module": "ngx_http_uwsgi_module" }, { "name": "uwsgi_modifier2", "syntax": [ "uwsgi_modifier2 number;" ], "def": "uwsgi_modifier2 0;", "contexts": [ "http", "server", "location" ], "desc": "Sets the value of the modifier2 field in theuwsgipacket header.", "notes": [], "since": null, "module": "ngx_http_uwsgi_module" }, { "name": "uwsgi_next_upstream", "syntax": [ "uwsgi_next_upstream \n error |\n timeout |\n invalid_header |\n http_500 |\n http_503 |\n http_403 |\n http_404 |\n http_429 |\n non_idempotent |\n off\n ...;" ], "def": "uwsgi_next_upstream error timeout;", "contexts": [ "http", "server", "location" ], "desc": "Specifies in which cases a request should be passed to the next server:", "notes": [], "since": null, "module": "ngx_http_uwsgi_module" }, { "name": "uwsgi_next_upstream_timeout", "syntax": [ "uwsgi_next_upstream_timeout time;" ], "def": "uwsgi_next_upstream_timeout 0;", "contexts": [ "http", "server", "location" ], "desc": "Limits the time during which a request can be passed to thenext server.The 0 value turns off this limitation.", "notes": [], "since": "1.7.5", "module": "ngx_http_uwsgi_module" }, { "name": "uwsgi_next_upstream_tries", "syntax": [ "uwsgi_next_upstream_tries number;" ], "def": "uwsgi_next_upstream_tries 0;", "contexts": [ "http", "server", "location" ], "desc": "Limits the number of possible tries for passing a request to thenext server.The 0 value turns off this limitation.", "notes": [], "since": "1.7.5", "module": "ngx_http_uwsgi_module" }, { "name": "uwsgi_no_cache", "syntax": [ "uwsgi_no_cache string ...;" ], "def": null, "contexts": [ "http", "server", "location" ], "desc": "Defines conditions under which the response will not be saved to a cache.If at least one value of the string parameters is not empty and is notequal to “0” then the response will not be saved:", "notes": [], "since": null, "module": "ngx_http_uwsgi_module" }, { "name": "uwsgi_param", "syntax": [ "uwsgi_param \n parameter value\n [if_not_empty];" ], "def": null, "contexts": [ "http", "server", "location" ], "desc": "Sets a parameter that should be passed to the uwsgi server.The value can contain text, variables, and their combination.These directives are inherited from the previous level if andonly if there are nouwsgi_paramdirectives defined on the current level.", "notes": [], "since": null, "module": "ngx_http_uwsgi_module" }, { "name": "uwsgi_pass", "syntax": [ "uwsgi_pass [protocol://]address;" ], "def": null, "contexts": [ "location", "ifinlocation" ], "desc": "Sets the protocol and address of a uwsgi server.As a protocol,“uwsgi” or “suwsgi”(secured uwsgi, uwsgi over SSL) can be specified.The address can be specified as a domain name or IP address,and a port:", "notes": [ "\nSecured uwsgi protocol is supported since version 1.5.8.\n" ], "since": null, "module": "ngx_http_uwsgi_module" }, { "name": "uwsgi_pass_header", "syntax": [ "uwsgi_pass_header field;" ], "def": null, "contexts": [ "http", "server", "location" ], "desc": "Permits passing otherwise disabled headerfields from a uwsgi server to a client.", "notes": [], "since": null, "module": "ngx_http_uwsgi_module" }, { "name": "uwsgi_pass_request_body", "syntax": [ "uwsgi_pass_request_body on | off;" ], "def": "uwsgi_pass_request_body on;", "contexts": [ "http", "server", "location" ], "desc": "Indicates whether the original request body is passedto the uwsgi server.See also the uwsgi_pass_request_headers directive.", "notes": [], "since": null, "module": "ngx_http_uwsgi_module" }, { "name": "uwsgi_pass_request_headers", "syntax": [ "uwsgi_pass_request_headers on | off;" ], "def": "uwsgi_pass_request_headers on;", "contexts": [ "http", "server", "location" ], "desc": "Indicates whether the header fields of the original request are passedto the uwsgi server.See also the uwsgi_pass_request_body directive.", "notes": [], "since": null, "module": "ngx_http_uwsgi_module" }, { "name": "uwsgi_read_timeout", "syntax": [ "uwsgi_read_timeout time;" ], "def": "uwsgi_read_timeout 60s;", "contexts": [ "http", "server", "location" ], "desc": "Defines a timeout for reading a response from the uwsgi server.The timeout is set only between two successive read operations,not for the transmission of the whole response.If the uwsgi server does not transmit anything within this time,the connection is closed.", "notes": [], "since": null, "module": "ngx_http_uwsgi_module" }, { "name": "uwsgi_request_buffering", "syntax": [ "uwsgi_request_buffering on | off;" ], "def": "uwsgi_request_buffering on;", "contexts": [ "http", "server", "location" ], "desc": "Enables or disables buffering of a client request body.", "notes": [], "since": "1.7.11", "module": "ngx_http_uwsgi_module" }, { "name": "uwsgi_send_timeout", "syntax": [ "uwsgi_send_timeout time;" ], "def": "uwsgi_send_timeout 60s;", "contexts": [ "http", "server", "location" ], "desc": "Sets a timeout for transmitting a request to the uwsgi server.The timeout is set only between two successive write operations,not for the transmission of the whole request.If the uwsgi server does not receive anything within this time,the connection is closed.", "notes": [], "since": null, "module": "ngx_http_uwsgi_module" }, { "name": "uwsgi_ssl_certificate", "syntax": [ "uwsgi_ssl_certificate file;" ], "def": null, "contexts": [ "http", "server", "location" ], "desc": "Specifies a file with the certificate in the PEM formatused for authentication to a secured uwsgi server.", "notes": [], "since": "1.7.8", "module": "ngx_http_uwsgi_module" }, { "name": "uwsgi_ssl_certificate_key", "syntax": [ "uwsgi_ssl_certificate_key file;" ], "def": null, "contexts": [ "http", "server", "location" ], "desc": "Specifies a file with the secret key in the PEM formatused for authentication to a secured uwsgi server.", "notes": [], "since": "1.7.8", "module": "ngx_http_uwsgi_module" }, { "name": "uwsgi_ssl_ciphers", "syntax": [ "uwsgi_ssl_ciphers ciphers;" ], "def": "uwsgi_ssl_ciphers DEFAULT;", "contexts": [ "http", "server", "location" ], "desc": "Specifies the enabled ciphers for requests to a secured uwsgi server.The ciphers are specified in the format understood by the OpenSSL library.", "notes": [], "since": "1.5.8", "module": "ngx_http_uwsgi_module" }, { "name": "uwsgi_ssl_crl", "syntax": [ "uwsgi_ssl_crl file;" ], "def": null, "contexts": [ "http", "server", "location" ], "desc": "Specifies a file with revoked certificates (CRL)in the PEM format used to verifythe certificate of the secured uwsgi server.", "notes": [], "since": "1.7.0", "module": "ngx_http_uwsgi_module" }, { "name": "uwsgi_ssl_name", "syntax": [ "uwsgi_ssl_name name;" ], "def": "uwsgi_ssl_name host from uwsgi_pass;", "contexts": [ "http", "server", "location" ], "desc": "Allows overriding the server name used toverifythe certificate of the secured uwsgi server and to bepassed through SNIwhen establishing a connection with the secured uwsgi server.", "notes": [], "since": "1.7.0", "module": "ngx_http_uwsgi_module" }, { "name": "uwsgi_ssl_password_file", "syntax": [ "uwsgi_ssl_password_file file;" ], "def": null, "contexts": [ "http", "server", "location" ], "desc": "Specifies a file with passphrases forsecret keyswhere each passphrase is specified on a separate line.Passphrases are tried in turn when loading the key.", "notes": [], "since": "1.7.8", "module": "ngx_http_uwsgi_module" }, { "name": "uwsgi_ssl_protocols", "syntax": [ "uwsgi_ssl_protocols \n [SSLv2]\n [SSLv3]\n [TLSv1]\n [TLSv1.1]\n [TLSv1.2]\n [TLSv1.3];" ], "def": "uwsgi_ssl_protocols TLSv1 TLSv1.1 TLSv1.2;", "contexts": [ "http", "server", "location" ], "desc": "Enables the specified protocols for requests to a secured uwsgi server.", "notes": [], "since": "1.5.8", "module": "ngx_http_uwsgi_module" }, { "name": "uwsgi_ssl_server_name", "syntax": [ "uwsgi_ssl_server_name on | off;" ], "def": "uwsgi_ssl_server_name off;", "contexts": [ "http", "server", "location" ], "desc": "Enables or disables passing of the server name throughTLSServer Name Indication extension (SNI, RFC 6066)when establishing a connection with the secured uwsgi server.", "notes": [], "since": "1.7.0", "module": "ngx_http_uwsgi_module" }, { "name": "uwsgi_ssl_session_reuse", "syntax": [ "uwsgi_ssl_session_reuse on | off;" ], "def": "uwsgi_ssl_session_reuse on;", "contexts": [ "http", "server", "location" ], "desc": "Determines whether SSL sessions can be reused when working witha secured uwsgi server.If the errors“SSL3_GET_FINISHED:digest check failed”appear in the logs, try disabling session reuse.", "notes": [], "since": "1.5.8", "module": "ngx_http_uwsgi_module" }, { "name": "uwsgi_ssl_trusted_certificate", "syntax": [ "uwsgi_ssl_trusted_certificate file;" ], "def": null, "contexts": [ "http", "server", "location" ], "desc": "Specifies a file with trusted CA certificates in the PEM formatused to verifythe certificate of the secured uwsgi server.", "notes": [], "since": "1.7.0", "module": "ngx_http_uwsgi_module" }, { "name": "uwsgi_ssl_verify", "syntax": [ "uwsgi_ssl_verify on | off;" ], "def": "uwsgi_ssl_verify off;", "contexts": [ "http", "server", "location" ], "desc": "Enables or disables verification of the secured uwsgi server certificate.", "notes": [], "since": "1.7.0", "module": "ngx_http_uwsgi_module" }, { "name": "uwsgi_ssl_verify_depth", "syntax": [ "uwsgi_ssl_verify_depth number;" ], "def": "uwsgi_ssl_verify_depth 1;", "contexts": [ "http", "server", "location" ], "desc": "Sets the verification depth in the secured uwsgi server certificates chain.", "notes": [], "since": "1.7.0", "module": "ngx_http_uwsgi_module" }, { "name": "uwsgi_store", "syntax": [ "uwsgi_store \n on |\n off |\n string;" ], "def": "uwsgi_store off;", "contexts": [ "http", "server", "location" ], "desc": "Enables saving of files to a disk.The on parameter saves files with pathscorresponding to the directivesalias orroot.The off parameter disables saving of files.In addition, the file name can be set explicitly using thestring with variables:", "notes": [], "since": null, "module": "ngx_http_uwsgi_module" }, { "name": "uwsgi_store_access", "syntax": [ "uwsgi_store_access users:permissions ...;" ], "def": "uwsgi_store_access user:rw;", "contexts": [ "http", "server", "location" ], "desc": "Sets access permissions for newly created files and directories, e.g.:", "notes": [], "since": null, "module": "ngx_http_uwsgi_module" }, { "name": "uwsgi_temp_file_write_size", "syntax": [ "uwsgi_temp_file_write_size size;" ], "def": "uwsgi_temp_file_write_size 8k|16k;", "contexts": [ "http", "server", "location" ], "desc": "Limits the size of data written to a temporary fileat a time, when buffering of responses from the uwsgi serverto temporary files is enabled.By default, size is limited by two buffers set by theuwsgi_buffer_size and uwsgi_buffers directives.The maximum size of a temporary file is set by theuwsgi_max_temp_file_size directive.", "notes": [], "since": null, "module": "ngx_http_uwsgi_module" }, { "name": "uwsgi_temp_path", "syntax": [ "uwsgi_temp_path \n path\n [level1\n [level2\n [level3]]];" ], "def": "uwsgi_temp_path uwsgi_temp;", "contexts": [ "http", "server", "location" ], "desc": "Defines a directory for storing temporary fileswith data received from uwsgi servers.Up to three-level subdirectory hierarchy can be used underneath the specifieddirectory.For example, in the following configuration", "notes": [], "since": null, "module": "ngx_http_uwsgi_module" }, { "name": "http2_body_preread_size", "syntax": [ "http2_body_preread_size size;" ], "def": "http2_body_preread_size 64k;", "contexts": [ "http", "server" ], "desc": "Sets the size of the buffer per each requestin which the request body may be savedbefore it is started to be processed.", "notes": [], "since": "1.11.0", "module": "ngx_http_v2_module" }, { "name": "http2_chunk_size", "syntax": [ "http2_chunk_size size;" ], "def": "http2_chunk_size 8k;", "contexts": [ "http", "server", "location" ], "desc": "Sets the maximum size of chunksinto which the response body is sliced.A too low value results in higher overhead.A too high value impairs prioritization due toHOL blocking.", "notes": [], "since": null, "module": "ngx_http_v2_module" }, { "name": "http2_idle_timeout", "syntax": [ "http2_idle_timeout time;" ], "def": "http2_idle_timeout 3m;", "contexts": [ "http", "server" ], "desc": "Sets the timeout of inactivity after which the connection is closed.", "notes": [], "since": null, "module": "ngx_http_v2_module" }, { "name": "http2_max_concurrent_pushes", "syntax": [ "http2_max_concurrent_pushes number;" ], "def": "http2_max_concurrent_pushes 10;", "contexts": [ "http", "server" ], "desc": "Limits the maximum number of concurrentpush requests in a connection.", "notes": [], "since": "1.13.9", "module": "ngx_http_v2_module" }, { "name": "http2_max_concurrent_streams", "syntax": [ "http2_max_concurrent_streams number;" ], "def": "http2_max_concurrent_streams 128;", "contexts": [ "http", "server" ], "desc": "Sets the maximum number of concurrent HTTP/2 streamsin a connection.", "notes": [], "since": null, "module": "ngx_http_v2_module" }, { "name": "http2_max_field_size", "syntax": [ "http2_max_field_size size;" ], "def": "http2_max_field_size 4k;", "contexts": [ "http", "server" ], "desc": "Limits the maximum size ofan HPACK-compressedrequest header field.The limit applies equally to both name and value.Note that if Huffman encoding is applied,the actual size of decompressed name and value strings may be larger.For most requests, the default limit should be enough.", "notes": [], "since": null, "module": "ngx_http_v2_module" }, { "name": "http2_max_header_size", "syntax": [ "http2_max_header_size size;" ], "def": "http2_max_header_size 16k;", "contexts": [ "http", "server" ], "desc": "Limits the maximum size of the entire request header list afterHPACK decompression.For most requests, the default limit should be enough.", "notes": [], "since": null, "module": "ngx_http_v2_module" }, { "name": "http2_max_requests", "syntax": [ "http2_max_requests number;" ], "def": "http2_max_requests 1000;", "contexts": [ "http", "server" ], "desc": "Sets the maximum number of requests (includingpush requests) that can be servedthrough one HTTP/2 connection,after which the next client request will lead to connection closingand the need of establishing a new connection.", "notes": [], "since": "1.11.6", "module": "ngx_http_v2_module" }, { "name": "http2_push", "syntax": [ "http2_push uri | off;" ], "def": "http2_push off;", "contexts": [ "http", "server", "location" ], "desc": "Pre-emptively sends(pushes)a request to the specified urialong with the response to the original request.Only relative URIs with absolute path will be processed,for example:", "notes": [], "since": "1.13.9", "module": "ngx_http_v2_module" }, { "name": "http2_push_preload", "syntax": [ "http2_push_preload on | off;" ], "def": "http2_push_preload off;", "contexts": [ "http", "server", "location" ], "desc": "Enables automatic conversion ofpreloadlinksspecified in the “Link” response header fields intopushrequests.", "notes": [], "since": "1.13.9", "module": "ngx_http_v2_module" }, { "name": "http2_recv_buffer_size", "syntax": [ "http2_recv_buffer_size size;" ], "def": "http2_recv_buffer_size 256k;", "contexts": [ "http" ], "desc": "Sets the size of the perworkerinput buffer.", "notes": [], "since": null, "module": "ngx_http_v2_module" }, { "name": "http2_recv_timeout", "syntax": [ "http2_recv_timeout time;" ], "def": "http2_recv_timeout 30s;", "contexts": [ "http", "server" ], "desc": "Sets the timeout for expecting more data from the client,after which the connection is closed.", "notes": [], "since": null, "module": "ngx_http_v2_module" }, { "name": "xml_entities", "syntax": [ "xml_entities path;" ], "def": null, "contexts": [ "http", "server", "location" ], "desc": "Specifies the DTD file that declares character entities.This file is compiled at the configuration stage.For technical reasons, the module is unable to use theexternal subset declared in the processed XML, so it isignored and a specially defined file is used instead.This file should not describe the XML structure.It is enough to declare just the required character entities, for example:", "notes": [], "since": null, "module": "ngx_http_xslt_module" }, { "name": "xslt_last_modified", "syntax": [ "xslt_last_modified on | off;" ], "def": "xslt_last_modified off;", "contexts": [ "http", "server", "location" ], "desc": "Allows preserving the “Last-Modified” header fieldfrom the original response during XSLT transformationsto facilitate response caching.", "notes": [], "since": "1.5.1", "module": "ngx_http_xslt_module" }, { "name": "xslt_param", "syntax": [ "xslt_param parameter value;" ], "def": null, "contexts": [ "http", "server", "location" ], "desc": "Defines the parameters for XSLT stylesheets.The value is treated as an XPath expression.The value can contain variables.To pass a string value to a stylesheet,the xslt_string_param directive can be used.", "notes": [], "since": "1.1.18", "module": "ngx_http_xslt_module" }, { "name": "xslt_string_param", "syntax": [ "xslt_string_param parameter value;" ], "def": null, "contexts": [ "http", "server", "location" ], "desc": "Defines the string parameters for XSLT stylesheets.XPath expressions in the value are not interpreted.The value can contain variables.", "notes": [], "since": "1.1.18", "module": "ngx_http_xslt_module" }, { "name": "xslt_stylesheet", "syntax": [ "xslt_stylesheet \n stylesheet\n [parameter=value ...];" ], "def": null, "contexts": [ "location" ], "desc": "Defines the XSLT stylesheet and its optional parameters.A stylesheet is compiled at the configuration stage.", "notes": [], "since": null, "module": "ngx_http_xslt_module" }, { "name": "xslt_types", "syntax": [ "xslt_types mime-type ...;" ], "def": "xslt_types text/xml;", "contexts": [ "http", "server", "location" ], "desc": "Enables transformations in responses with the specified MIME typesin addition to “text/xml”.The special value “*” matches any MIME type (0.8.29).If the transformation result is an HTML response, its MIME typeis changed to “text/html”.", "notes": [], "since": null, "module": "ngx_http_xslt_module" }, { "name": "listen", "syntax": [ "listen \n address:port\n [ssl]\n [backlog=number]\n [rcvbuf=size]\n [sndbuf=size]\n [bind]\n [ipv6only=on|off]\n [so_keepalive=on|off|[keepidle]:[keepintvl]:[keepcnt]];" ], "def": null, "contexts": [ "server" ], "desc": "Sets the address and port for the socketon which the server will accept requests.It is possible to specify just the port.The address can also be a hostname, for example:", "notes": [], "since": null, "module": "ngx_mail_core_module" }, { "name": "mail", "syntax": [ "mail { ... }" ], "def": null, "contexts": [ "main" ], "desc": "Provides the configuration file context in which the mail server directivesare specified.", "notes": [], "since": null, "module": "ngx_mail_core_module" }, { "name": "protocol", "syntax": [ "protocol \n imap |\n pop3 |\n smtp;" ], "def": null, "contexts": [ "server" ], "desc": "Sets the protocol for a proxied server.Supported protocols areIMAP,POP3, andSMTP.", "notes": [], "since": null, "module": "ngx_mail_core_module" }, { "name": "resolver", "syntax": [ "resolver \naddress ...\n[valid=time];", "resolver off;" ], "def": "resolver off;", "contexts": [ "mail", "server" ], "desc": "Configures name servers used to find the client’s hostnameto pass it to theauthentication server,and in theXCLIENTcommand when proxying SMTP.For example:", "notes": [ "\nBefore version 1.1.7, only a single name server could be configured.\nSpecifying name servers using IPv6 addresses is supported\nstarting from versions 1.3.1 and 1.2.2.\n", "\nBefore version 1.1.9, tuning of caching time was not possible,\nand nginx always cached answers for the duration of 5 minutes.\n" ], "since": null, "module": "ngx_mail_core_module" }, { "name": "resolver_timeout", "syntax": [ "resolver_timeout time;" ], "def": "resolver_timeout 30s;", "contexts": [ "mail", "server" ], "desc": "Sets a timeout for DNS operations, for example:", "notes": [], "since": null, "module": "ngx_mail_core_module" }, { "name": "server", "syntax": [ "server { ... }" ], "def": null, "contexts": [ "mail" ], "desc": "Sets the configuration for a server.", "notes": [], "since": null, "module": "ngx_mail_core_module" }, { "name": "server_name", "syntax": [ "server_name name;" ], "def": "server_name hostname;", "contexts": [ "mail", "server" ], "desc": "Sets the server name that is used:", "notes": [], "since": null, "module": "ngx_mail_core_module" }, { "name": "timeout", "syntax": [ "timeout time;" ], "def": "timeout 60s;", "contexts": [ "mail", "server" ], "desc": "Sets the timeout that is used before proxying to the backend starts.", "notes": [], "since": null, "module": "ngx_mail_core_module" }, { "name": "auth_http", "syntax": [ "auth_http URL;" ], "def": null, "contexts": [ "mail", "server" ], "desc": "Sets the URL of the HTTP authentication server.The protocol is described below.", "notes": [], "since": null, "module": "ngx_mail_auth_http_module" }, { "name": "auth_http_header", "syntax": [ "auth_http_header header value;" ], "def": null, "contexts": [ "mail", "server" ], "desc": "Appends the specified header to requests sent to the authentication server.This header can be used as the shared secret to verifythat the request comes from nginx.For example:", "notes": [], "since": null, "module": "ngx_mail_auth_http_module" }, { "name": "auth_http_pass_client_cert", "syntax": [ "auth_http_pass_client_cert on | off;" ], "def": "auth_http_pass_client_cert off;", "contexts": [ "mail", "server" ], "desc": "Appends the “Auth-SSL-Cert” header with theclientcertificate in the PEM format (urlencoded)to requests sent to the authentication server.", "notes": [], "since": "1.7.11", "module": "ngx_mail_auth_http_module" }, { "name": "auth_http_timeout", "syntax": [ "auth_http_timeout time;" ], "def": "auth_http_timeout 60s;", "contexts": [ "mail", "server" ], "desc": "Sets the timeout for communication with the authentication server.", "notes": [], "since": null, "module": "ngx_mail_auth_http_module" }, { "name": "proxy_buffer", "syntax": [ "proxy_buffer size;" ], "def": "proxy_buffer 4k|8k;", "contexts": [ "mail", "server" ], "desc": "Sets the size of the buffer used for proxying.By default, the buffer size is equal to one memory page.Depending on a platform, it is either 4K or 8K.", "notes": [], "since": null, "module": "ngx_mail_proxy_module" }, { "name": "proxy_pass_error_message", "syntax": [ "proxy_pass_error_message on | off;" ], "def": "proxy_pass_error_message off;", "contexts": [ "mail", "server" ], "desc": "Indicates whether to pass the error message obtained duringthe authentication on the backend to the client.", "notes": [], "since": null, "module": "ngx_mail_proxy_module" }, { "name": "proxy_timeout", "syntax": [ "proxy_timeout timeout;" ], "def": "proxy_timeout 24h;", "contexts": [ "mail", "server" ], "desc": "Sets the timeout between two successiveread or write operations on client or proxied server connections.If no data is transmitted within this time, the connection is closed.", "notes": [], "since": null, "module": "ngx_mail_proxy_module" }, { "name": "xclient", "syntax": [ "xclient on | off;" ], "def": "xclient on;", "contexts": [ "mail", "server" ], "desc": "Enables or disables the passing of theXCLIENTcommand with client parameters when connecting to the SMTP backend.", "notes": [], "since": null, "module": "ngx_mail_proxy_module" }, { "name": "ssl", "syntax": [ "ssl on | off;" ], "def": "ssl off;", "contexts": [ "mail", "server" ], "desc": "This directive was made obsolete in version 1.15.0.The ssl parameterof the listen directiveshould be used instead.", "notes": [], "since": null, "module": "ngx_mail_ssl_module" }, { "name": "ssl_certificate", "syntax": [ "ssl_certificate file;" ], "def": null, "contexts": [ "mail", "server" ], "desc": "Specifies a file with the certificate in the PEM formatfor the given server.If intermediate certificates should be specified in addition to a primarycertificate, they should be specified in the same file in the followingorder: the primary certificate comes first, then the intermediate certificates.A secret key in the PEM format may be placed in the same file.", "notes": [ "\nOnly OpenSSL 1.0.2 or higher supports separate certificate chains\nfor different certificates.\nWith older versions, only one certificate chain can be used.\n" ], "since": null, "module": "ngx_mail_ssl_module" }, { "name": "ssl_certificate_key", "syntax": [ "ssl_certificate_key file;" ], "def": null, "contexts": [ "mail", "server" ], "desc": "Specifies a file with the secret key in the PEM formatfor the given server.", "notes": [], "since": null, "module": "ngx_mail_ssl_module" }, { "name": "ssl_ciphers", "syntax": [ "ssl_ciphers ciphers;" ], "def": "ssl_ciphers HIGH:!aNULL:!MD5;", "contexts": [ "mail", "server" ], "desc": "Specifies the enabled ciphers.The ciphers are specified in the format understood by theOpenSSL library, for example:", "notes": [ "\nThe previous versions of nginx used\ndifferent\nciphers by default.\n" ], "since": null, "module": "ngx_mail_ssl_module" }, { "name": "ssl_client_certificate", "syntax": [ "ssl_client_certificate file;" ], "def": null, "contexts": [ "mail", "server" ], "desc": "Specifies a file with trusted CA certificates in the PEM formatused to verify client certificates.", "notes": [], "since": "1.7.11", "module": "ngx_mail_ssl_module" }, { "name": "ssl_crl", "syntax": [ "ssl_crl file;" ], "def": null, "contexts": [ "mail", "server" ], "desc": "Specifies a file with revoked certificates (CRL)in the PEM format used to verifyclient certificates.", "notes": [], "since": "1.7.11", "module": "ngx_mail_ssl_module" }, { "name": "ssl_dhparam", "syntax": [ "ssl_dhparam file;" ], "def": null, "contexts": [ "mail", "server" ], "desc": "Specifies a file with DH parameters for DHE ciphers.", "notes": [], "since": "0.7.2", "module": "ngx_mail_ssl_module" }, { "name": "ssl_ecdh_curve", "syntax": [ "ssl_ecdh_curve curve;" ], "def": "ssl_ecdh_curve auto;", "contexts": [ "mail", "server" ], "desc": "Specifies a curve for ECDHE ciphers.", "notes": [ "\nPrior to version 1.11.0,\nthe prime256v1 curve was used by default.\n" ], "since": "1.1.0", "module": "ngx_mail_ssl_module" }, { "name": "ssl_password_file", "syntax": [ "ssl_password_file file;" ], "def": null, "contexts": [ "mail", "server" ], "desc": "Specifies a file with passphrases forsecret keyswhere each passphrase is specified on a separate line.Passphrases are tried in turn when loading the key.", "notes": [], "since": "1.7.3", "module": "ngx_mail_ssl_module" }, { "name": "ssl_prefer_server_ciphers", "syntax": [ "ssl_prefer_server_ciphers on | off;" ], "def": "ssl_prefer_server_ciphers off;", "contexts": [ "mail", "server" ], "desc": "Specifies that server ciphers should be preferred over client cipherswhen the SSLv3 and TLS protocols are used.", "notes": [], "since": null, "module": "ngx_mail_ssl_module" }, { "name": "ssl_protocols", "syntax": [ "ssl_protocols \n [SSLv2]\n [SSLv3]\n [TLSv1]\n [TLSv1.1]\n [TLSv1.2]\n [TLSv1.3];" ], "def": "ssl_protocols TLSv1 TLSv1.1 TLSv1.2;", "contexts": [ "mail", "server" ], "desc": "Enables the specified protocols.", "notes": [ "\nThe TLSv1.1 and TLSv1.2 parameters\n(1.1.13, 1.0.12) work only when OpenSSL 1.0.1 or higher is used.\n", "\nThe TLSv1.3 parameter (1.13.0) works only when\nOpenSSL 1.1.1 built with TLSv1.3 support is used.\n" ], "since": null, "module": "ngx_mail_ssl_module" }, { "name": "ssl_session_cache", "syntax": [ "ssl_session_cache \n off |\n none |\n [builtin[:size]]\n [shared:name:size];" ], "def": "ssl_session_cache none;", "contexts": [ "mail", "server" ], "desc": "Sets the types and sizes of caches that store session parameters.A cache can be of any of the following types:", "notes": [], "since": null, "module": "ngx_mail_ssl_module" }, { "name": "ssl_session_ticket_key", "syntax": [ "ssl_session_ticket_key file;" ], "def": null, "contexts": [ "mail", "server" ], "desc": "Sets a file with the secret key used to encryptand decrypt TLS session tickets.The directive is necessary if the same key has to be shared betweenmultiple servers.By default, a randomly generated key is used.", "notes": [], "since": "1.5.7", "module": "ngx_mail_ssl_module" }, { "name": "ssl_session_tickets", "syntax": [ "ssl_session_tickets on | off;" ], "def": "ssl_session_tickets on;", "contexts": [ "mail", "server" ], "desc": "Enables or disables session resumption throughTLS session tickets.", "notes": [], "since": "1.5.9", "module": "ngx_mail_ssl_module" }, { "name": "ssl_session_timeout", "syntax": [ "ssl_session_timeout time;" ], "def": "ssl_session_timeout 5m;", "contexts": [ "mail", "server" ], "desc": "Specifies a time during which a client may reuse thesession parameters.", "notes": [], "since": null, "module": "ngx_mail_ssl_module" }, { "name": "ssl_trusted_certificate", "syntax": [ "ssl_trusted_certificate file;" ], "def": null, "contexts": [ "mail", "server" ], "desc": "Specifies a file with trusted CA certificates in the PEM formatused to verify client certificates.", "notes": [], "since": "1.7.11", "module": "ngx_mail_ssl_module" }, { "name": "ssl_verify_client", "syntax": [ "ssl_verify_client \n on | off |\n optional | optional_no_ca;" ], "def": "ssl_verify_client off;", "contexts": [ "mail", "server" ], "desc": "Enables verification of client certificates.The verification result is passed in the“Auth-SSL-Verify” header of theauthenticationrequest.", "notes": [], "since": "1.7.11", "module": "ngx_mail_ssl_module" }, { "name": "ssl_verify_depth", "syntax": [ "ssl_verify_depth number;" ], "def": "ssl_verify_depth 1;", "contexts": [ "mail", "server" ], "desc": "Sets the verification depth in the client certificates chain.", "notes": [], "since": "1.7.11", "module": "ngx_mail_ssl_module" }, { "name": "starttls", "syntax": [ "starttls \n on |\n off |\n only;" ], "def": "starttls off;", "contexts": [ "mail", "server" ], "desc": "", "notes": [], "since": null, "module": "ngx_mail_ssl_module" }, { "name": "imap_auth", "syntax": [ "imap_auth method ...;" ], "def": "imap_auth plain;", "contexts": [ "mail", "server" ], "desc": "Sets permitted methods of authentication for IMAP clients.Supported methods are:", "notes": [], "since": null, "module": "ngx_mail_imap_module" }, { "name": "imap_capabilities", "syntax": [ "imap_capabilities extension ...;" ], "def": "imap_capabilities IMAP4 IMAP4rev1 UIDPLUS;", "contexts": [ "mail", "server" ], "desc": "Sets theIMAP protocolextensions list that is passed to the client in response tothe CAPABILITY command.The authentication methods specified in the imap_auth directive andSTARTTLSare automatically added to this list depending on thestarttls directive value.", "notes": [], "since": null, "module": "ngx_mail_imap_module" }, { "name": "imap_client_buffer", "syntax": [ "imap_client_buffer size;" ], "def": "imap_client_buffer 4k|8k;", "contexts": [ "mail", "server" ], "desc": "Sets the size of the buffer used for reading IMAP commands.By default, the buffer size is equal to one memory page.This is either 4K or 8K, depending on a platform.", "notes": [], "since": null, "module": "ngx_mail_imap_module" }, { "name": "pop3_auth", "syntax": [ "pop3_auth method ...;" ], "def": "pop3_auth plain;", "contexts": [ "mail", "server" ], "desc": "Sets permitted methods of authentication for POP3 clients.Supported methods are:", "notes": [], "since": null, "module": "ngx_mail_pop3_module" }, { "name": "pop3_capabilities", "syntax": [ "pop3_capabilities extension ...;" ], "def": "pop3_capabilities TOP USER UIDL;", "contexts": [ "mail", "server" ], "desc": "Sets thePOP3 protocolextensions list that is passed to the client in response tothe CAPA command.The authentication methods specified in the pop3_auth directive(SASL extension) andSTLSare automatically added to this list depending on thestarttls directive value.", "notes": [], "since": null, "module": "ngx_mail_pop3_module" }, { "name": "smtp_auth", "syntax": [ "smtp_auth method ...;" ], "def": "smtp_auth login plain;", "contexts": [ "mail", "server" ], "desc": "Sets permitted methods ofSASL authenticationfor SMTP clients.Supported methods are:", "notes": [], "since": null, "module": "ngx_mail_smtp_module" }, { "name": "smtp_capabilities", "syntax": [ "smtp_capabilities extension ...;" ], "def": null, "contexts": [ "mail", "server" ], "desc": "Sets the SMTP protocol extensions listthat is passed to the client in response to theEHLO command.The authentication methods specified in the smtp_auth directive andSTARTTLSare automatically added to this list depending on thestarttls directive value.", "notes": [], "since": null, "module": "ngx_mail_smtp_module" }, { "name": "smtp_client_buffer", "syntax": [ "smtp_client_buffer size;" ], "def": "smtp_client_buffer 4k|8k;", "contexts": [ "mail", "server" ], "desc": "Sets the size of the buffer used for reading SMTP commands.By default, the buffer size is equal to one memory page.This is either 4K or 8K, depending on a platform.", "notes": [], "since": null, "module": "ngx_mail_smtp_module" }, { "name": "smtp_greeting_delay", "syntax": [ "smtp_greeting_delay time;" ], "def": "smtp_greeting_delay 0;", "contexts": [ "mail", "server" ], "desc": "Allows setting a delay before sending an SMTP greetingin order to reject clients who fail to wait for the greeting beforesending SMTP commands.", "notes": [], "since": null, "module": "ngx_mail_smtp_module" }, { "name": "listen", "syntax": [ "listen \n address:port\n [ssl]\n [udp]\n [proxy_protocol]\n [backlog=number]\n [rcvbuf=size]\n [sndbuf=size]\n [bind]\n [ipv6only=on|off]\n [reuseport]\n [so_keepalive=on|off|[keepidle]:[keepintvl]:[keepcnt]];" ], "def": null, "contexts": [ "server" ], "desc": "Sets the address and port for the socketon which the server will accept connections.It is possible to specify just the port.The address can also be a hostname, for example:", "notes": [], "since": null, "module": "ngx_stream_core_module" }, { "name": "preread_buffer_size", "syntax": [ "preread_buffer_size size;" ], "def": "preread_buffer_size 16k;", "contexts": [ "stream", "server" ], "desc": "Specifies a size of thepreread buffer.", "notes": [], "since": "1.11.5", "module": "ngx_stream_core_module" }, { "name": "preread_timeout", "syntax": [ "preread_timeout timeout;" ], "def": "preread_timeout 30s;", "contexts": [ "stream", "server" ], "desc": "Specifies a timeout of thepreread phase.", "notes": [], "since": "1.11.5", "module": "ngx_stream_core_module" }, { "name": "proxy_protocol_timeout", "syntax": [ "proxy_protocol_timeout timeout;" ], "def": "proxy_protocol_timeout 30s;", "contexts": [ "stream", "server" ], "desc": "Specifies a timeout forreading the PROXY protocol header to complete.If no entire header is transmitted within this time,the connection is closed.", "notes": [], "since": "1.11.4", "module": "ngx_stream_core_module" }, { "name": "resolver", "syntax": [ "resolver \n address ...\n [valid=time]\n [ipv6=on|off];" ], "def": null, "contexts": [ "stream", "server" ], "desc": "Configures name servers used to resolve names of upstream serversinto addresses, for example:", "notes": [ "\nBefore version 1.11.3, this directive was available as part of our\ncommercial subscription.\n" ], "since": "1.11.3", "module": "ngx_stream_core_module" }, { "name": "resolver_timeout", "syntax": [ "resolver_timeout time;" ], "def": "resolver_timeout 30s;", "contexts": [ "stream", "server" ], "desc": "Sets a timeout for name resolution, for example:", "notes": [ "\nBefore version 1.11.3, this directive was available as part of our\ncommercial subscription.\n" ], "since": "1.11.3", "module": "ngx_stream_core_module" }, { "name": "server", "syntax": [ "server { ... }" ], "def": null, "contexts": [ "stream" ], "desc": "Sets the configuration for a server.", "notes": [], "since": null, "module": "ngx_stream_core_module" }, { "name": "stream", "syntax": [ "stream { ... }" ], "def": null, "contexts": [ "main" ], "desc": "Provides the configuration file context in which the stream server directivesare specified.", "notes": [], "since": null, "module": "ngx_stream_core_module" }, { "name": "tcp_nodelay", "syntax": [ "tcp_nodelay on | off;" ], "def": "tcp_nodelay on;", "contexts": [ "stream", "server" ], "desc": "Enables or disables the use of the TCP_NODELAY option.The option is enabled for both client and proxied server connections.", "notes": [], "since": "1.9.4", "module": "ngx_stream_core_module" }, { "name": "variables_hash_bucket_size", "syntax": [ "variables_hash_bucket_size size;" ], "def": "variables_hash_bucket_size 64;", "contexts": [ "stream" ], "desc": "Sets the bucket size for the variables hash table.The details of setting up hash tables are provided in a separatedocument.", "notes": [], "since": "1.11.2", "module": "ngx_stream_core_module" }, { "name": "variables_hash_max_size", "syntax": [ "variables_hash_max_size size;" ], "def": "variables_hash_max_size 1024;", "contexts": [ "stream" ], "desc": "Sets the maximum size of the variables hash table.The details of setting up hash tables are provided in a separatedocument.", "notes": [], "since": "1.11.2", "module": "ngx_stream_core_module" }, { "name": "allow", "syntax": [ "allow \n address |\n CIDR |\n unix: |\n all;" ], "def": null, "contexts": [ "stream", "server" ], "desc": "Allows access for the specified network or address.If the special value unix: is specified,allows access for all UNIX-domain sockets.", "notes": [], "since": null, "module": "ngx_stream_access_module" }, { "name": "deny", "syntax": [ "deny \n address |\n CIDR |\n unix: |\n all;" ], "def": null, "contexts": [ "stream", "server" ], "desc": "Denies access for the specified network or address.If the special value unix: is specified,denies access for all UNIX-domain sockets.", "notes": [], "since": null, "module": "ngx_stream_access_module" }, { "name": "geo", "syntax": [ "geo [$address] $variable { ... }" ], "def": null, "contexts": [ "stream" ], "desc": "Describes the dependency of values of the specified variableon the client IP address.By default, the address is taken from the $remote_addr variable,but it can also be taken from another variable, for example:", "notes": [ "\nSince variables are evaluated only when used, the mere existence\nof even a large number of declared “geo” variables\ndoes not cause any extra costs for connection processing.\n" ], "since": null, "module": "ngx_stream_geo_module" }, { "name": "geoip_country", "syntax": [ "geoip_country file;" ], "def": null, "contexts": [ "stream" ], "desc": "Specifies a database used to determine the countrydepending on the client IP address.The following variables are available when using this database:", "notes": [], "since": null, "module": "ngx_stream_geoip_module" }, { "name": "geoip_city", "syntax": [ "geoip_city file;" ], "def": null, "contexts": [ "stream" ], "desc": "Specifies a database used to determine the country, region, and citydepending on the client IP address.The following variables are available when using this database:", "notes": [], "since": null, "module": "ngx_stream_geoip_module" }, { "name": "geoip_org", "syntax": [ "geoip_org file;" ], "def": null, "contexts": [ "stream" ], "desc": "Specifies a database used to determine the organizationdepending on the client IP address.The following variable is available when using this database:", "notes": [], "since": null, "module": "ngx_stream_geoip_module" }, { "name": "js_access", "syntax": [ "js_access function;" ], "def": null, "contexts": [ "stream", "server" ], "desc": "Sets an njs function which will be called at theaccess phase.", "notes": [], "since": null, "module": "ngx_stream_js_module" }, { "name": "js_filter", "syntax": [ "js_filter function;" ], "def": null, "contexts": [ "stream", "server" ], "desc": "Sets a data filter.", "notes": [], "since": null, "module": "ngx_stream_js_module" }, { "name": "js_include", "syntax": [ "js_include file;" ], "def": null, "contexts": [ "stream" ], "desc": "Specifies a file that implements server and variable handlers in njs.", "notes": [], "since": null, "module": "ngx_stream_js_module" }, { "name": "js_preread", "syntax": [ "js_preread function;" ], "def": null, "contexts": [ "stream", "server" ], "desc": "Sets an njs function which will be called at thepreread phase.", "notes": [], "since": null, "module": "ngx_stream_js_module" }, { "name": "js_set", "syntax": [ "js_set \n$variable function;" ], "def": null, "contexts": [ "stream" ], "desc": "Sets an njs function for the specified variable.", "notes": [], "since": null, "module": "ngx_stream_js_module" }, { "name": "keyval", "syntax": [ "keyval \n key\n $variable\n zone=name;" ], "def": null, "contexts": [ "stream" ], "desc": "Creates a new $variable whose valueis looked up by the key in the key-value database.Strings are matched ignoring the case.The database is stored in a shared memory zonespecified by the zone parameter.", "notes": [], "since": null, "module": "ngx_stream_keyval_module" }, { "name": "keyval_zone", "syntax": [ "keyval_zone \n zone=name:size\n [state=file];" ], "def": null, "contexts": [ "stream" ], "desc": "Sets the name and size of the shared memory zonethat keeps the key-value database.Key-value pairs are managed by theAPI.", "notes": [], "since": null, "module": "ngx_stream_keyval_module" }, { "name": "limit_conn", "syntax": [ "limit_conn zone number;" ], "def": null, "contexts": [ "stream", "server" ], "desc": "Sets the shared memory zoneand the maximum allowed number of connections for a given key value.When this limit is exceeded, the server will close the connection.For example, the directives", "notes": [], "since": null, "module": "ngx_stream_limit_conn_module" }, { "name": "limit_conn_log_level", "syntax": [ "limit_conn_log_level \ninfo |\nnotice |\nwarn |\nerror;" ], "def": "limit_conn_log_level error;", "contexts": [ "stream", "server" ], "desc": "Sets the desired logging level for cases when the serverlimits the number of connections.", "notes": [], "since": null, "module": "ngx_stream_limit_conn_module" }, { "name": "limit_conn_zone", "syntax": [ "limit_conn_zone \n key\n zone=name:size;" ], "def": null, "contexts": [ "stream" ], "desc": "Sets parameters for a shared memory zonethat will keep states for various keys.In particular, the state includes the current number of connections.The key can contain text, variables,and their combinations (1.11.2).Connections with an empty key value are not accounted.Usage example:", "notes": [], "since": null, "module": "ngx_stream_limit_conn_module" }, { "name": "access_log", "syntax": [ "access_log \n path\n format\n [buffer=size]\n [gzip[=level]]\n [flush=time]\n [if=condition];", "access_log off;" ], "def": "access_log off;", "contexts": [ "stream", "server" ], "desc": "Sets the path, format,and configuration for a buffered log write.Several logs can be specified on the same level.Logging to syslogcan be configured by specifyingthe “syslog:” prefix in the first parameter.The special value off cancels allaccess_log directives on the current level.", "notes": [ "\nThe buffer size must not exceed the size of an atomic write to a disk file.\nFor FreeBSD this size is unlimited.\n" ], "since": null, "module": "ngx_stream_log_module" }, { "name": "log_format", "syntax": [ "log_format \n name\n [escape=default|json|none]\n string ...;" ], "def": null, "contexts": [ "stream" ], "desc": "Specifies the log format, for example:", "notes": [], "since": null, "module": "ngx_stream_log_module" }, { "name": "open_log_file_cache", "syntax": [ "open_log_file_cache \nmax=N\n[inactive=time]\n[min_uses=N]\n[valid=time];", "open_log_file_cache off;" ], "def": "open_log_file_cache off;", "contexts": [ "stream", "server" ], "desc": "Defines a cache that stores the file descriptors of frequently used logswhose names contain variables.The directive has the following parameters:", "notes": [], "since": null, "module": "ngx_stream_log_module" }, { "name": "map", "syntax": [ "map \n string\n $variable { ... }" ], "def": null, "contexts": [ "stream" ], "desc": "Creates a new variable whose valuedepends on values of one or more of the source variablesspecified in the first parameter.", "notes": [ "\nSince variables are evaluated only when they are used, the mere declaration\neven of a large number of “map” variables\ndoes not add any extra costs to connection processing.\n" ], "since": null, "module": "ngx_stream_map_module" }, { "name": "map_hash_bucket_size", "syntax": [ "map_hash_bucket_size size;" ], "def": "map_hash_bucket_size 32|64|128;", "contexts": [ "stream" ], "desc": "Sets the bucket size for the map variables hash tables.Default value depends on the processor’s cache line size.The details of setting up hash tables are provided in a separatedocument.", "notes": [], "since": null, "module": "ngx_stream_map_module" }, { "name": "map_hash_max_size", "syntax": [ "map_hash_max_size size;" ], "def": "map_hash_max_size 2048;", "contexts": [ "stream" ], "desc": "Sets the maximum size of the map variableshash tables.The details of setting up hash tables are provided in a separatedocument.", "notes": [], "since": null, "module": "ngx_stream_map_module" }, { "name": "proxy_bind", "syntax": [ "proxy_bind \n address\n [transparent] |\n off;" ], "def": null, "contexts": [ "stream", "server" ], "desc": "Makes outgoing connections to a proxied server originatefrom the specified local IP address.Parameter value can contain variables (1.11.2).The special value off cancels the effectof the proxy_bind directiveinherited from the previous configuration level, which allows thesystem to auto-assign the local IP address.", "notes": [], "since": "1.9.2", "module": "ngx_stream_proxy_module" }, { "name": "proxy_buffer_size", "syntax": [ "proxy_buffer_size size;" ], "def": "proxy_buffer_size 16k;", "contexts": [ "stream", "server" ], "desc": "Sets the size of the buffer used for reading datafrom the proxied server.Also sets the size of the buffer used for reading datafrom the client.", "notes": [], "since": "1.9.4", "module": "ngx_stream_proxy_module" }, { "name": "proxy_connect_timeout", "syntax": [ "proxy_connect_timeout time;" ], "def": "proxy_connect_timeout 60s;", "contexts": [ "stream", "server" ], "desc": "Defines a timeout for establishing a connection with a proxied server.", "notes": [], "since": null, "module": "ngx_stream_proxy_module" }, { "name": "proxy_download_rate", "syntax": [ "proxy_download_rate rate;" ], "def": "proxy_download_rate 0;", "contexts": [ "stream", "server" ], "desc": "Limits the speed of reading the data from the proxied server.The rate is specified in bytes per second.The zero value disables rate limiting.The limit is set per a connection, so if nginx simultaneously openstwo connections to the proxied server,the overall rate will be twice as much as the specified limit.", "notes": [], "since": "1.9.3", "module": "ngx_stream_proxy_module" }, { "name": "proxy_next_upstream", "syntax": [ "proxy_next_upstream on | off;" ], "def": "proxy_next_upstream on;", "contexts": [ "stream", "server" ], "desc": "When a connection to the proxied server cannot be established, determineswhether a client connection will be passed to the next server.", "notes": [], "since": null, "module": "ngx_stream_proxy_module" }, { "name": "proxy_next_upstream_timeout", "syntax": [ "proxy_next_upstream_timeout time;" ], "def": "proxy_next_upstream_timeout 0;", "contexts": [ "stream", "server" ], "desc": "Limits the time allowed to pass a connection to thenext server.The 0 value turns off this limitation.", "notes": [], "since": null, "module": "ngx_stream_proxy_module" }, { "name": "proxy_next_upstream_tries", "syntax": [ "proxy_next_upstream_tries number;" ], "def": "proxy_next_upstream_tries 0;", "contexts": [ "stream", "server" ], "desc": "Limits the number of possible tries for passing a connection to thenext server.The 0 value turns off this limitation.", "notes": [], "since": null, "module": "ngx_stream_proxy_module" }, { "name": "proxy_pass", "syntax": [ "proxy_pass address;" ], "def": null, "contexts": [ "server" ], "desc": "Sets the address of a proxied server.The address can be specified as a domain name or IP address,and a port:", "notes": [], "since": null, "module": "ngx_stream_proxy_module" }, { "name": "proxy_protocol", "syntax": [ "proxy_protocol on | off;" ], "def": "proxy_protocol off;", "contexts": [ "stream", "server" ], "desc": "Enables thePROXYprotocol for connections to a proxied server.", "notes": [], "since": "1.9.2", "module": "ngx_stream_proxy_module" }, { "name": "proxy_responses", "syntax": [ "proxy_responses number;" ], "def": null, "contexts": [ "stream", "server" ], "desc": "Sets the number of datagrams expected from the proxied serverin response to a client datagramif the UDPprotocol is used.The number serves as a hint for session termination.By default, the number of datagrams is not limited.", "notes": [], "since": "1.9.13", "module": "ngx_stream_proxy_module" }, { "name": "proxy_ssl", "syntax": [ "proxy_ssl on | off;" ], "def": "proxy_ssl off;", "contexts": [ "stream", "server" ], "desc": "Enables the SSL/TLS protocol for connections to a proxied server.", "notes": [], "since": null, "module": "ngx_stream_proxy_module" }, { "name": "proxy_ssl_certificate", "syntax": [ "proxy_ssl_certificate file;" ], "def": null, "contexts": [ "stream", "server" ], "desc": "Specifies a file with the certificate in the PEM formatused for authentication to a proxied server.", "notes": [], "since": null, "module": "ngx_stream_proxy_module" }, { "name": "proxy_ssl_certificate_key", "syntax": [ "proxy_ssl_certificate_key file;" ], "def": null, "contexts": [ "stream", "server" ], "desc": "Specifies a file with the secret key in the PEM formatused for authentication to a proxied server.", "notes": [], "since": null, "module": "ngx_stream_proxy_module" }, { "name": "proxy_ssl_ciphers", "syntax": [ "proxy_ssl_ciphers ciphers;" ], "def": "proxy_ssl_ciphers DEFAULT;", "contexts": [ "stream", "server" ], "desc": "Specifies the enabled ciphers for connections to a proxied server.The ciphers are specified in the format understood by the OpenSSL library.", "notes": [], "since": null, "module": "ngx_stream_proxy_module" }, { "name": "proxy_ssl_crl", "syntax": [ "proxy_ssl_crl file;" ], "def": null, "contexts": [ "stream", "server" ], "desc": "Specifies a file with revoked certificates (CRL)in the PEM format used to verifythe certificate of the proxied server.", "notes": [], "since": null, "module": "ngx_stream_proxy_module" }, { "name": "proxy_ssl_name", "syntax": [ "proxy_ssl_name name;" ], "def": "proxy_ssl_name host from proxy_pass;", "contexts": [ "stream", "server" ], "desc": "Allows overriding the server name used toverifythe certificate of the proxied server and to bepassed through SNIwhen establishing a connection with the proxied server.The server name can also be specified using variables (1.11.3).", "notes": [], "since": null, "module": "ngx_stream_proxy_module" }, { "name": "proxy_ssl_password_file", "syntax": [ "proxy_ssl_password_file file;" ], "def": null, "contexts": [ "stream", "server" ], "desc": "Specifies a file with passphrases forsecret keyswhere each passphrase is specified on a separate line.Passphrases are tried in turn when loading the key.", "notes": [], "since": null, "module": "ngx_stream_proxy_module" }, { "name": "proxy_ssl_protocols", "syntax": [ "proxy_ssl_protocols \n [SSLv2]\n [SSLv3]\n [TLSv1]\n [TLSv1.1]\n [TLSv1.2]\n [TLSv1.3];" ], "def": "proxy_ssl_protocols TLSv1 TLSv1.1 TLSv1.2;", "contexts": [ "stream", "server" ], "desc": "Enables the specified protocols for connections to a proxied server.", "notes": [], "since": null, "module": "ngx_stream_proxy_module" }, { "name": "proxy_ssl_server_name", "syntax": [ "proxy_ssl_server_name on | off;" ], "def": "proxy_ssl_server_name off;", "contexts": [ "stream", "server" ], "desc": "Enables or disables passing of the server name throughTLSServer Name Indication extension (SNI, RFC 6066)when establishing a connection with the proxied server.", "notes": [], "since": null, "module": "ngx_stream_proxy_module" }, { "name": "proxy_ssl_session_reuse", "syntax": [ "proxy_ssl_session_reuse on | off;" ], "def": "proxy_ssl_session_reuse on;", "contexts": [ "stream", "server" ], "desc": "Determines whether SSL sessions can be reused when working withthe proxied server.If the errors“SSL3_GET_FINISHED:digest check failed”appear in the logs, try disabling session reuse.", "notes": [], "since": null, "module": "ngx_stream_proxy_module" }, { "name": "proxy_ssl_trusted_certificate", "syntax": [ "proxy_ssl_trusted_certificate file;" ], "def": null, "contexts": [ "stream", "server" ], "desc": "Specifies a file with trusted CA certificates in the PEM formatused to verifythe certificate of the proxied server.", "notes": [], "since": null, "module": "ngx_stream_proxy_module" }, { "name": "proxy_ssl_verify", "syntax": [ "proxy_ssl_verify on | off;" ], "def": "proxy_ssl_verify off;", "contexts": [ "stream", "server" ], "desc": "Enables or disables verification of the proxied server certificate.", "notes": [], "since": null, "module": "ngx_stream_proxy_module" }, { "name": "proxy_ssl_verify_depth", "syntax": [ "proxy_ssl_verify_depth number;" ], "def": "proxy_ssl_verify_depth 1;", "contexts": [ "stream", "server" ], "desc": "Sets the verification depth in the proxied server certificates chain.", "notes": [], "since": null, "module": "ngx_stream_proxy_module" }, { "name": "proxy_timeout", "syntax": [ "proxy_timeout timeout;" ], "def": "proxy_timeout 10m;", "contexts": [ "stream", "server" ], "desc": "Sets the timeout between two successiveread or write operations on client or proxied server connections.If no data is transmitted within this time, the connection is closed.", "notes": [], "since": null, "module": "ngx_stream_proxy_module" }, { "name": "proxy_upload_rate", "syntax": [ "proxy_upload_rate rate;" ], "def": "proxy_upload_rate 0;", "contexts": [ "stream", "server" ], "desc": "Limits the speed of reading the data from the client.The rate is specified in bytes per second.The zero value disables rate limiting.The limit is set per a connection, so if the client simultaneously openstwo connections,the overall rate will be twice as much as the specified limit.", "notes": [], "since": "1.9.3", "module": "ngx_stream_proxy_module" }, { "name": "set_real_ip_from", "syntax": [ "set_real_ip_from \n address |\n CIDR |\n unix:;" ], "def": null, "contexts": [ "stream", "server" ], "desc": "Defines trusted addresses that are known to send correctreplacement addresses.If the special value unix: is specified,all UNIX-domain sockets will be trusted.", "notes": [], "since": null, "module": "ngx_stream_realip_module" }, { "name": "return", "syntax": [ "return value;" ], "def": null, "contexts": [ "server" ], "desc": "Specifies a value to send to the client.The value can contain text, variables, and their combination.", "notes": [], "since": null, "module": "ngx_stream_return_module" }, { "name": "split_clients", "syntax": [ "split_clients \n string\n $variable { ... }" ], "def": null, "contexts": [ "stream" ], "desc": "Creates a variable for A/B testing, for example:", "notes": [], "since": null, "module": "ngx_stream_split_clients_module" }, { "name": "ssl_certificate", "syntax": [ "ssl_certificate file;" ], "def": null, "contexts": [ "stream", "server" ], "desc": "Specifies a file with the certificate in the PEM formatfor the given server.If intermediate certificates should be specified in addition to a primarycertificate, they should be specified in the same file in the followingorder: the primary certificate comes first, then the intermediate certificates.A secret key in the PEM format may be placed in the same file.", "notes": [ "\nOnly OpenSSL 1.0.2 or higher supports separate certificate chains\nfor different certificates.\nWith older versions, only one certificate chain can be used.\n" ], "since": null, "module": "ngx_stream_ssl_module" }, { "name": "ssl_certificate_key", "syntax": [ "ssl_certificate_key file;" ], "def": null, "contexts": [ "stream", "server" ], "desc": "Specifies a file with the secret key in the PEM formatfor the given server.", "notes": [], "since": null, "module": "ngx_stream_ssl_module" }, { "name": "ssl_ciphers", "syntax": [ "ssl_ciphers ciphers;" ], "def": "ssl_ciphers HIGH:!aNULL:!MD5;", "contexts": [ "stream", "server" ], "desc": "Specifies the enabled ciphers.The ciphers are specified in the format understood by theOpenSSL library, for example:", "notes": [], "since": null, "module": "ngx_stream_ssl_module" }, { "name": "ssl_client_certificate", "syntax": [ "ssl_client_certificate file;" ], "def": null, "contexts": [ "stream", "server" ], "desc": "Specifies a file with trusted CA certificates in the PEM formatused to verify client certificates.", "notes": [], "since": "1.11.8", "module": "ngx_stream_ssl_module" }, { "name": "ssl_crl", "syntax": [ "ssl_crl file;" ], "def": null, "contexts": [ "stream", "server" ], "desc": "Specifies a file with revoked certificates (CRL)in the PEM format used to verifyclient certificates.", "notes": [], "since": "1.11.8", "module": "ngx_stream_ssl_module" }, { "name": "ssl_dhparam", "syntax": [ "ssl_dhparam file;" ], "def": null, "contexts": [ "stream", "server" ], "desc": "Specifies a file with DH parameters for DHE ciphers.", "notes": [], "since": null, "module": "ngx_stream_ssl_module" }, { "name": "ssl_ecdh_curve", "syntax": [ "ssl_ecdh_curve curve;" ], "def": "ssl_ecdh_curve auto;", "contexts": [ "stream", "server" ], "desc": "Specifies a curve for ECDHE ciphers.", "notes": [ "\nPrior to version 1.11.0,\nthe prime256v1 curve was used by default.\n" ], "since": null, "module": "ngx_stream_ssl_module" }, { "name": "ssl_handshake_timeout", "syntax": [ "ssl_handshake_timeout time;" ], "def": "ssl_handshake_timeout 60s;", "contexts": [ "stream", "server" ], "desc": "Specifies a timeout for the SSL handshake to complete.", "notes": [], "since": null, "module": "ngx_stream_ssl_module" }, { "name": "ssl_password_file", "syntax": [ "ssl_password_file file;" ], "def": null, "contexts": [ "stream", "server" ], "desc": "Specifies a file with passphrases forsecret keyswhere each passphrase is specified on a separate line.Passphrases are tried in turn when loading the key.", "notes": [], "since": null, "module": "ngx_stream_ssl_module" }, { "name": "ssl_prefer_server_ciphers", "syntax": [ "ssl_prefer_server_ciphers on | off;" ], "def": "ssl_prefer_server_ciphers off;", "contexts": [ "stream", "server" ], "desc": "Specifies that server ciphers should be preferred over client cipherswhen the SSLv3 and TLS protocols are used.", "notes": [], "since": null, "module": "ngx_stream_ssl_module" }, { "name": "ssl_protocols", "syntax": [ "ssl_protocols \n [SSLv2]\n [SSLv3]\n [TLSv1]\n [TLSv1.1]\n [TLSv1.2]\n [TLSv1.3];" ], "def": "ssl_protocols TLSv1 TLSv1.1 TLSv1.2;", "contexts": [ "stream", "server" ], "desc": "Enables the specified protocols.", "notes": [ "\nThe TLSv1.1 and TLSv1.2 parameters work\nonly when OpenSSL 1.0.1 or higher is used.\n", "\nThe TLSv1.3 parameter (1.13.0) works only when\nOpenSSL 1.1.1 built with TLSv1.3 support is used.\n" ], "since": null, "module": "ngx_stream_ssl_module" }, { "name": "ssl_session_cache", "syntax": [ "ssl_session_cache \n off |\n none |\n [builtin[:size]]\n [shared:name:size];" ], "def": "ssl_session_cache none;", "contexts": [ "stream", "server" ], "desc": "Sets the types and sizes of caches that store session parameters.A cache can be of any of the following types:", "notes": [], "since": null, "module": "ngx_stream_ssl_module" }, { "name": "ssl_session_ticket_key", "syntax": [ "ssl_session_ticket_key file;" ], "def": null, "contexts": [ "stream", "server" ], "desc": "Sets a file with the secret key used to encryptand decrypt TLS session tickets.The directive is necessary if the same key has to be shared betweenmultiple servers.By default, a randomly generated key is used.", "notes": [], "since": null, "module": "ngx_stream_ssl_module" }, { "name": "ssl_session_tickets", "syntax": [ "ssl_session_tickets on | off;" ], "def": "ssl_session_tickets on;", "contexts": [ "stream", "server" ], "desc": "Enables or disables session resumption throughTLS session tickets.", "notes": [], "since": null, "module": "ngx_stream_ssl_module" }, { "name": "ssl_session_timeout", "syntax": [ "ssl_session_timeout time;" ], "def": "ssl_session_timeout 5m;", "contexts": [ "stream", "server" ], "desc": "Specifies a time during which a client may reuse thesession parameters.", "notes": [], "since": null, "module": "ngx_stream_ssl_module" }, { "name": "ssl_trusted_certificate", "syntax": [ "ssl_trusted_certificate file;" ], "def": null, "contexts": [ "stream", "server" ], "desc": "Specifies a file with trusted CA certificates in the PEM formatused to verify client certificates.", "notes": [], "since": "1.11.8", "module": "ngx_stream_ssl_module" }, { "name": "ssl_verify_client", "syntax": [ "ssl_verify_client \n on | off |\n optional | optional_no_ca;" ], "def": "ssl_verify_client off;", "contexts": [ "stream", "server" ], "desc": "Enables verification of client certificates.The verification result is stored in the$ssl_client_verify variable.If an error has occurred during the client certificate verificationor a client has not presented the required certificate,the connection is closed.", "notes": [], "since": "1.11.8", "module": "ngx_stream_ssl_module" }, { "name": "ssl_verify_depth", "syntax": [ "ssl_verify_depth number;" ], "def": "ssl_verify_depth 1;", "contexts": [ "stream", "server" ], "desc": "Sets the verification depth in the client certificates chain.", "notes": [], "since": "1.11.8", "module": "ngx_stream_ssl_module" }, { "name": "ssl_preread", "syntax": [ "ssl_preread on | off;" ], "def": "ssl_preread off;", "contexts": [ "stream", "server" ], "desc": "Enables extracting information from the ClientHello message atthe preread phase.", "notes": [], "since": null, "module": "ngx_stream_ssl_preread_module" }, { "name": "upstream", "syntax": [ "upstream name { ... }" ], "def": null, "contexts": [ "stream" ], "desc": "Defines a group of servers.Servers can listen on different ports.In addition, servers listening on TCP and UNIX-domain socketscan be mixed.", "notes": [], "since": null, "module": "ngx_stream_upstream_module" }, { "name": "server", "syntax": [ "server address [parameters];" ], "def": null, "contexts": [ "upstream" ], "desc": "Defines the address and other parametersof a server.The address can be specified as a domain name or IP addresswith an obligatory port, or as a UNIX-domain socket pathspecified after the “unix:” prefix.A domain name that resolves to several IP addresses definesmultiple servers at once.", "notes": [ "\nIf there is only a single server in a group, max_fails,\nfail_timeout and slow_start parameters\nare ignored, and such a server will never be considered unavailable.\n" ], "since": null, "module": "ngx_stream_upstream_module" }, { "name": "zone", "syntax": [ "zone name [size];" ], "def": null, "contexts": [ "upstream" ], "desc": "Defines the name and size of the sharedmemory zone that keeps the group’s configuration and run-time state that areshared between worker processes.Several groups may share the same zone.In this case, it is enough to specify the zone size only once.", "notes": [ "\nPrior to version 1.13.3,\nthe configuration was accessible only via a special location\nhandled by\nupstream_conf.\n" ], "since": null, "module": "ngx_stream_upstream_module" }, { "name": "state", "syntax": [ "state file;" ], "def": null, "contexts": [ "upstream" ], "desc": "Specifies a file that keeps the stateof the dynamically configurable group.", "notes": [ "\nChanges made during\nconfiguration reload\nor binary upgrade\ncan be lost.\n", "\nThis directive is available as part of our\ncommercial subscription.\n" ], "since": "1.9.7", "module": "ngx_stream_upstream_module" }, { "name": "hash", "syntax": [ "hash key [consistent];" ], "def": null, "contexts": [ "upstream" ], "desc": "Specifies a load balancing method for a server groupwhere client-server mapping is based on the hashed key value.The key can contain text, variables,and their combinations (1.11.2).Usage example:", "notes": [], "since": null, "module": "ngx_stream_upstream_module" }, { "name": "least_conn", "syntax": [ "least_conn;" ], "def": null, "contexts": [ "upstream" ], "desc": "Specifies that a server group should use a load balancing methodwhere a connectionis passed to the server with the least number of active connections,taking into account weights of servers.If there are several such servers, they are tried in turn using aweighted round-robin balancing method.", "notes": [], "since": null, "module": "ngx_stream_upstream_module" }, { "name": "least_time", "syntax": [ "least_time \n connect |\n first_byte |\n last_byte\n [inflight];" ], "def": null, "contexts": [ "upstream" ], "desc": "Specifies that a group should use a load balancing method where a connectionis passed to the server with the least average time andleast number of active connections, taking into account weights of servers.If there are several such servers, they are tried in turn using aweighted round-robin balancing method.", "notes": [ "\nPrior to version 1.11.6,\nincomplete connections were taken into account by default.\n", "\nThis directive is available as part of our\ncommercial subscription.\n" ], "since": null, "module": "ngx_stream_upstream_module" }, { "name": "random", "syntax": [ "random [two [method]];" ], "def": null, "contexts": [ "upstream" ], "desc": "Specifies that a group should use a load balancing method where a connectionis passed to a randomly selected server, taking into account weightsof servers.", "notes": [], "since": "1.15.1", "module": "ngx_stream_upstream_module" }, { "name": "health_check", "syntax": [ "health_check [parameters];" ], "def": null, "contexts": [ "server" ], "desc": "Enables periodic health checks of the servers in agroup.", "notes": [], "since": null, "module": "ngx_stream_upstream_hc_module" }, { "name": "health_check_timeout", "syntax": [ "health_check_timeout timeout;" ], "def": "health_check_timeout 5s;", "contexts": [ "stream", "server" ], "desc": "Overrides theproxy_timeoutvalue for health checks.", "notes": [], "since": null, "module": "ngx_stream_upstream_hc_module" }, { "name": "match", "syntax": [ "match name { ... }" ], "def": null, "contexts": [ "stream" ], "desc": "Defines the named test set used to verify server responses to health checks.", "notes": [], "since": null, "module": "ngx_stream_upstream_hc_module" }, { "name": "zone_sync", "syntax": [ "zone_sync;" ], "def": null, "contexts": [ "server" ], "desc": "Enables the synchronization of shared memory zones between cluster nodes.Cluster nodes are defined using zone_sync_server directives.", "notes": [], "since": null, "module": "ngx_stream_zone_sync_module" }, { "name": "zone_sync_buffers", "syntax": [ "zone_sync_buffers number size;" ], "def": "zone_sync_buffers 256 4k|8k;", "contexts": [ "stream", "server" ], "desc": "Sets the number and size of theper-zone buffers used for pushing zone contents.By default, the buffer size is equal to one memory page.This is either 4K or 8K, depending on a platform.", "notes": [], "since": null, "module": "ngx_stream_zone_sync_module" }, { "name": "zone_sync_connect_retry_interval", "syntax": [ "zone_sync_connect_retry_interval time;" ], "def": "zone_sync_connect_retry_interval 1s;", "contexts": [ "stream", "server" ], "desc": "Defines an interval between connection attempts to another cluster node.", "notes": [], "since": null, "module": "ngx_stream_zone_sync_module" }, { "name": "zone_sync_connect_timeout", "syntax": [ "zone_sync_connect_timeout time;" ], "def": "zone_sync_connect_timeout 5s;", "contexts": [ "stream", "server" ], "desc": "Defines a timeout for establishing a connection with another cluster node.", "notes": [], "since": null, "module": "ngx_stream_zone_sync_module" }, { "name": "zone_sync_interval", "syntax": [ "zone_sync_interval time;" ], "def": "zone_sync_interval 1s;", "contexts": [ "stream", "server" ], "desc": "Defines an interval for polling updates in a shared memory zone.", "notes": [], "since": null, "module": "ngx_stream_zone_sync_module" }, { "name": "zone_sync_recv_buffer_size", "syntax": [ "zone_sync_recv_buffer_size size;" ], "def": "zone_sync_recv_buffer_size 4k|8k;", "contexts": [ "stream", "server" ], "desc": "Sets size of a per-connection receive buffer used to parseincoming stream of synchronization messages.By default, the buffer size is equal to one memory page.This is either 4K or 8K, depending on a platform.", "notes": [], "since": null, "module": "ngx_stream_zone_sync_module" }, { "name": "zone_sync_server", "syntax": [ "zone_sync_server address [resolve];" ], "def": null, "contexts": [ "server" ], "desc": "Defines the address of a cluster node.The address can be specified as a domain name or IP addresswith a mandatory port, or as a UNIX-domain socket pathspecified after the “unix:” prefix.A domain name that resolves to several IP addresses definesmultiple nodes at once.", "notes": [ "\nEach cluster node should be specified only once.\n", "\nAll cluster nodes should use the same configuration.\n" ], "since": null, "module": "ngx_stream_zone_sync_module" }, { "name": "zone_sync_ssl", "syntax": [ "zone_sync_ssl on | off;" ], "def": "zone_sync_ssl off;", "contexts": [ "stream", "server" ], "desc": "Enables the SSL/TLS protocol for connections to another cluster server.", "notes": [], "since": null, "module": "ngx_stream_zone_sync_module" }, { "name": "zone_sync_ssl_certificate", "syntax": [ "zone_sync_ssl_certificate file;" ], "def": null, "contexts": [ "stream", "server" ], "desc": "Specifies a file with the certificate in the PEM formatused for authentication to another cluster server.", "notes": [], "since": null, "module": "ngx_stream_zone_sync_module" }, { "name": "zone_sync_ssl_certificate_key", "syntax": [ "zone_sync_ssl_certificate_key file;" ], "def": null, "contexts": [ "stream", "server" ], "desc": "Specifies a file with the secret key in the PEM formatused for authentication to another cluster server.", "notes": [], "since": null, "module": "ngx_stream_zone_sync_module" }, { "name": "zone_sync_ssl_ciphers", "syntax": [ "zone_sync_ssl_ciphers ciphers;" ], "def": "zone_sync_ssl_ciphers DEFAULT;", "contexts": [ "stream", "server" ], "desc": "Specifies the enabled ciphers for connections to another cluster server.The ciphers are specified in the format understood by the OpenSSL library.", "notes": [], "since": null, "module": "ngx_stream_zone_sync_module" }, { "name": "zone_sync_ssl_crl", "syntax": [ "zone_sync_ssl_crl file;" ], "def": null, "contexts": [ "stream", "server" ], "desc": "Specifies a file with revoked certificates (CRL)in the PEM format used to verifythe certificate of another cluster server.", "notes": [], "since": null, "module": "ngx_stream_zone_sync_module" }, { "name": "zone_sync_ssl_password_file", "syntax": [ "zone_sync_ssl_password_file file;" ], "def": null, "contexts": [ "stream", "server" ], "desc": "Specifies a file with passphrases forsecret keyswhere each passphrase is specified on a separate line.Passphrases are tried in turn when loading the key.", "notes": [], "since": null, "module": "ngx_stream_zone_sync_module" }, { "name": "zone_sync_ssl_protocols", "syntax": [ "zone_sync_ssl_protocols \n [SSLv2]\n [SSLv3]\n [TLSv1]\n [TLSv1.1]\n [TLSv1.2]\n [TLSv1.3];" ], "def": "zone_sync_ssl_protocols TLSv1 TLSv1.1 TLSv1.2;", "contexts": [ "stream", "server" ], "desc": "Enables the specified protocols for connections to another cluster server.", "notes": [], "since": null, "module": "ngx_stream_zone_sync_module" }, { "name": "zone_sync_ssl_trusted_certificate", "syntax": [ "zone_sync_ssl_trusted_certificate file;" ], "def": null, "contexts": [ "stream", "server" ], "desc": "Specifies a file with trusted CA certificates in the PEM formatused to verifythe certificate of another cluster server.", "notes": [], "since": null, "module": "ngx_stream_zone_sync_module" }, { "name": "zone_sync_ssl_verify", "syntax": [ "zone_sync_ssl_verify on | off;" ], "def": "zone_sync_ssl_verify off;", "contexts": [ "stream", "server" ], "desc": "Enables or disables verification of another cluster server certificate.", "notes": [], "since": null, "module": "ngx_stream_zone_sync_module" }, { "name": "zone_sync_ssl_verify_depth", "syntax": [ "zone_sync_ssl_verify_depth number;" ], "def": "zone_sync_ssl_verify_depth 1;", "contexts": [ "stream", "server" ], "desc": "Sets the verification depth in another cluster server certificates chain.", "notes": [], "since": null, "module": "ngx_stream_zone_sync_module" }, { "name": "zone_sync_timeout", "syntax": [ "zone_sync_timeout timeout;" ], "def": "zone_sync_timeout 5s;", "contexts": [ "stream", "server" ], "desc": "Sets the timeout between two successiveread or write operations on connection to another cluster node.If no data is transmitted within this time, the connection is closed.", "notes": [], "since": null, "module": "ngx_stream_zone_sync_module" }, { "name": "google_perftools_profiles", "syntax": [ "google_perftools_profiles file;" ], "def": null, "contexts": [ "main" ], "desc": "Sets a file name that keeps profiling information ofnginx worker process.The ID of the worker process is always a part of the file nameand is appended to the end of the file name, after a dot.", "notes": [], "since": null, "module": "ngx_google_perftools_module" } ]