[ { "module": "ngx_http_core_module", "vars": { "$arg_name": "var_arg_", "$args": "var_args", "$binary_remote_addr": "var_binary_remote_addr", "$body_bytes_sent": "var_body_bytes_sent", "$bytes_sent": "var_bytes_sent", "$connection": "var_connection", "$connection_requests": "var_connection_requests", "$content_length": "var_content_length", "$content_type": "var_content_type", "$cookie_name": "var_cookie_", "$document_root": "var_document_root", "$document_uri": "var_document_uri", "$host": "var_host", "$hostname": "var_hostname", "$http_name": "var_http_", "$https": "var_https", "$is_args": "var_is_args", "$limit_rate": "var_limit_rate", "$msec": "var_msec", "$nginx_version": "var_nginx_version", "$pid": "var_pid", "$pipe": "var_pipe", "$proxy_protocol_addr": "var_proxy_protocol_addr", "$proxy_protocol_port": "var_proxy_protocol_port", "$query_string": "var_query_string", "$realpath_root": "var_realpath_root", "$remote_addr": "var_remote_addr", "$remote_port": "var_remote_port", "$remote_user": "var_remote_user", "$request": "var_request", "$request_body": "var_request_body", "$request_body_file": "var_request_body_file", "$request_completion": "var_request_completion", "$request_filename": "var_request_filename", "$request_id": "var_request_id", "$request_length": "var_request_length", "$request_method": "var_request_method", "$request_time": "var_request_time", "$request_uri": "var_request_uri", "$scheme": "var_scheme", "$sent_http_name": "var_sent_http_", "$sent_trailer_name": "var_sent_trailer_", "$server_addr": "var_server_addr", "$server_name": "var_server_name", "$server_port": "var_server_port", "$server_protocol": "var_server_protocol", "$status": "var_status", "$tcpinfo_rtt,\n$tcpinfo_rttvar,\n$tcpinfo_snd_cwnd,\n$tcpinfo_rcv_space": "var_tcpinfo_", "$time_iso8601": "var_time_iso8601", "$time_local": "var_time_local", "$uri": "var_uri" }, "doc": "

The ngx_http_core_module module supports embedded variables with names matching the Apache Server variables. First of all, these are variables representing client request header fields, such as $http_user_agent, $http_cookie, and so on. Also there are other variables:

$arg_name
argument name in the request line
$args
arguments in the request line
$binary_remote_addr
client address in a binary form, value’s length is always 4 bytes for IPv4 addresses or 16 bytes for IPv6 addresses
$body_bytes_sent
number of bytes sent to a client, not counting the response header; this variable is compatible with the “%B” parameter of the mod_log_config Apache module
$bytes_sent
number of bytes sent to a client (1.3.8, 1.2.5)
$connection
connection serial number (1.3.8, 1.2.5)
$connection_requests
current number of requests made through a connection (1.3.8, 1.2.5)
$content_length
“Content-Length” request header field
$content_type
“Content-Type” request header field
the name cookie
$document_root
root or alias directive’s value for the current request
$document_uri
same as $uri
$host
in this order of precedence: host name from the request line, or host name from the “Host” request header field, or the server name matching a request
$hostname
host name
$http_name
arbitrary request header field; the last part of a variable name is the field name converted to lower case with dashes replaced by underscores
$https
on” if connection operates in SSL mode, or an empty string otherwise
$is_args
?” if a request line has arguments, or an empty string otherwise
$limit_rate
setting this variable enables response rate limiting; see limit_rate
$msec
current time in seconds with the milliseconds resolution (1.3.9, 1.2.6)
$nginx_version
nginx version
$pid
PID of the worker process
$pipe
p” if request was pipelined, “.” otherwise (1.3.12, 1.2.7)
$proxy_protocol_addr
client address from the PROXY protocol header, or an empty string otherwise (1.5.12)

The PROXY protocol must be previously enabled by setting the proxy_protocol parameter in the listen directive.

$proxy_protocol_port
client port from the PROXY protocol header, or an empty string otherwise (1.11.0)

The PROXY protocol must be previously enabled by setting the proxy_protocol parameter in the listen directive.

$query_string
same as $args
$realpath_root
an absolute pathname corresponding to the root or alias directive’s value for the current request, with all symbolic links resolved to real paths
$remote_addr
client address
$remote_port
client port
$remote_user
user name supplied with the Basic authentication
$request
full original request line
$request_body
request body

The variable’s value is made available in locations processed by the proxy_pass, fastcgi_pass, uwsgi_pass, and scgi_pass directives when the request body was read to a memory buffer.

$request_body_file
name of a temporary file with the request body

At the end of processing, the file needs to be removed. To always write the request body to a file, client_body_in_file_only needs to be enabled. When the name of a temporary file is passed in a proxied request or in a request to a FastCGI/uwsgi/SCGI server, passing the request body should be disabled by the proxy_pass_request_body off, fastcgi_pass_request_body off, uwsgi_pass_request_body off, or scgi_pass_request_body off directives, respectively.

$request_completion
OK” if a request has completed, or an empty string otherwise
$request_filename
file path for the current request, based on the root or alias directives, and the request URI
$request_id
unique request identifier generated from 16 random bytes, in hexadecimal (1.11.0)
$request_length
request length (including request line, header, and request body) (1.3.12, 1.2.7)
$request_method
request method, usually “GET” or “POST
$request_time
request processing time in seconds with a milliseconds resolution (1.3.9, 1.2.6); time elapsed since the first bytes were read from the client
$request_uri
full original request URI (with arguments)
$scheme
request scheme, “http” or “https
$sent_http_name
arbitrary response header field; the last part of a variable name is the field name converted to lower case with dashes replaced by underscores
$sent_trailer_name
arbitrary field sent at the end of the response (1.13.2); the last part of a variable name is the field name converted to lower case with dashes replaced by underscores
$server_addr
an address of the server which accepted a request

Computing a value of this variable usually requires one system call. To avoid a system call, the listen directives must specify addresses and use the bind parameter.

$server_name
name of the server which accepted a request
$server_port
port of the server which accepted a request
$server_protocol
request protocol, usually “HTTP/1.0”, “HTTP/1.1”, or “HTTP/2.0
$status
response status (1.3.2, 1.2.2)
$tcpinfo_rtt, $tcpinfo_rttvar, $tcpinfo_snd_cwnd, $tcpinfo_rcv_space
information about the client TCP connection; available on systems that support the TCP_INFO socket option
$time_iso8601
local time in the ISO 8601 standard format (1.3.12, 1.2.7)
$time_local
local time in the Common Log Format (1.3.12, 1.2.7)
$uri
current URI in request, normalized

The value of $uri may change during request processing, e.g. when doing internal redirects, or when using index files.

" }, { "module": "ngx_http_auth_jwt_module", "vars": { "$jwt_header_name": "var_jwt_header_", "$jwt_claim_name": "var_jwt_claim_" }, "doc": "

The ngx_http_auth_jwt_module module supports embedded variables:

$jwt_header_name
returns the value of a specified JOSE header
$jwt_claim_name
returns the value of a specified JWT claim
" }, { "module": "ngx_http_fastcgi_module", "vars": { "$fastcgi_script_name": "var_fastcgi_script_name", "$fastcgi_path_info": "var_fastcgi_path_info" }, "doc": "

The ngx_http_fastcgi_module module supports embedded variables that can be used to set parameters using the fastcgi_param directive:

$fastcgi_script_name
request URI or, if a URI ends with a slash, request URI with an index file name configured by the fastcgi_index directive appended to it. This variable can be used to set the SCRIPT_FILENAME and PATH_TRANSLATED parameters that determine the script name in PHP. For example, for the “/info/” request with the following directives
\nfastcgi_index index.php;\nfastcgi_param SCRIPT_FILENAME /home/www/scripts/php$fastcgi_script_name;\n
the SCRIPT_FILENAME parameter will be equal to “/home/www/scripts/php/info/index.php”.

When using the fastcgi_split_path_info directive, the $fastcgi_script_name variable equals the value of the first capture set by the directive.

$fastcgi_path_info
the value of the second capture set by the fastcgi_split_path_info directive. This variable can be used to set the PATH_INFO parameter.
" }, { "module": "ngx_http_gzip_module", "vars": { "$gzip_ratio": "var_gzip_ratio" }, "doc": "

$gzip_ratio
achieved compression ratio, computed as the ratio between the original and compressed response sizes.
" }, { "module": "ngx_http_memcached_module", "vars": { "$memcached_key": "var_memcached_key" }, "doc": "

$memcached_key
Defines a key for obtaining response from a memcached server.
" }, { "module": "ngx_http_proxy_module", "vars": { "$proxy_host": "var_proxy_host", "$proxy_port": "var_proxy_port", "$proxy_add_x_forwarded_for": "var_proxy_add_x_forwarded_for" }, "doc": "

The ngx_http_proxy_module module supports embedded variables that can be used to compose headers using the proxy_set_header directive:

$proxy_host
name and port of a proxied server as specified in the proxy_pass directive;
$proxy_port
port of a proxied server as specified in the proxy_pass directive, or the protocol’s default port;
$proxy_add_x_forwarded_for
the “X-Forwarded-For” client request header field with the $remote_addr variable appended to it, separated by a comma. If the “X-Forwarded-For” field is not present in the client request header, the $proxy_add_x_forwarded_for variable is equal to the $remote_addr variable.
" }, { "module": "ngx_http_realip_module", "vars": { "$realip_remote_addr": "var_realip_remote_addr", "$realip_remote_port": "var_realip_remote_port" }, "doc": "

$realip_remote_addr
keeps the original client address (1.9.7)
$realip_remote_port
keeps the original client port (1.11.0)
" }, { "module": "ngx_http_referer_module", "vars": { "$invalid_referer": "var_invalid_referer" }, "doc": "

$invalid_referer
Empty string, if the “Referer” request header field value is considered valid, otherwise “1”.
" }, { "module": "ngx_http_secure_link_module", "vars": { "$secure_link": "var_secure_link", "$secure_link_expires": "var_secure_link_expires" }, "doc": "

$secure_link
The status of a link check. The specific value depends on the selected operation mode.
The lifetime of a link passed in a request; intended to be used only in the secure_link_md5 directive.
" }, { "module": "ngx_http_session_log_module", "vars": { "$session_log_id": "var_session_log_id", "$session_log_binary_id": "var_session_log_binary_id" }, "doc": "

The ngx_http_session_log_module module supports two embedded variables:

$session_log_id
current session ID;
$session_log_binary_id
current session ID in binary form (16 bytes).
" }, { "module": "ngx_http_slice_module", "vars": { "$slice_range": "var_slice_range" }, "doc": "

The ngx_http_slice_module module supports the following embedded variables:

$slice_range
the current slice range in HTTP byte range format, for example, bytes=0-1048575.
" }, { "module": "ngx_http_spdy_module", "vars": { "$spdy": "var_spdy", "$spdy_request_priority": "var_spdy_request_priority" }, "doc": "

The ngx_http_spdy_module module supports the following embedded variables:

$spdy
SPDY protocol version for SPDY connections, or an empty string otherwise;
$spdy_request_priority
request priority for SPDY connections, or an empty string otherwise.
" }, { "module": "ngx_http_ssi_module", "vars": { "$date_local": "var_date_local", "$date_gmt": "var_date_gmt" }, "doc": "

The ngx_http_ssi_module module supports two embedded variables:

$date_local
current time in the local time zone. The format is set by the config command with the timefmt parameter.
$date_gmt
current time in GMT. The format is set by the config command with the timefmt parameter.
" }, { "module": "ngx_http_ssl_module", "vars": { "$ssl_cipher": "var_ssl_cipher", "$ssl_ciphers": "var_ssl_ciphers", "$ssl_client_escaped_cert": "var_ssl_client_escaped_cert", "$ssl_client_cert": "var_ssl_client_cert", "$ssl_client_fingerprint": "var_ssl_client_fingerprint", "$ssl_client_i_dn": "var_ssl_client_i_dn", "$ssl_client_i_dn_legacy": "var_ssl_client_i_dn_legacy", "$ssl_client_raw_cert": "var_ssl_client_raw_cert", "$ssl_client_s_dn": "var_ssl_client_s_dn", "$ssl_client_s_dn_legacy": "var_ssl_client_s_dn_legacy", "$ssl_client_serial": "var_ssl_client_serial", "$ssl_client_v_end": "var_ssl_client_v_end", "$ssl_client_v_remain": "var_ssl_client_v_remain", "$ssl_client_v_start": "var_ssl_client_v_start", "$ssl_client_verify": "var_ssl_client_verify", "$ssl_curves": "var_ssl_curves", "$ssl_protocol": "var_ssl_protocol", "$ssl_server_name": "var_ssl_server_name", "$ssl_session_id": "var_ssl_session_id", "$ssl_session_reused": "var_ssl_session_reused" }, "doc": "

The ngx_http_ssl_module module supports several embedded variables:

$ssl_cipher
returns the string of ciphers used for an established SSL connection;
$ssl_ciphers
returns the list of ciphers supported by the client (1.11.7). Known ciphers are listed by names, unknown are shown in hexadecimal, for example:
\nAES128-SHA:AES256-SHA:0x00ff\n
The variable is fully supported only when using OpenSSL version 1.0.2 or higher. With older versions, the variable is available only for new sessions and lists only known ciphers.
$ssl_client_escaped_cert
returns the client certificate in the PEM format (urlencoded) for an established SSL connection (1.13.5);
$ssl_client_cert
returns the client certificate in the PEM format for an established SSL connection, with each line except the first prepended with the tab character; this is intended for the use in the proxy_set_header directive;
The variable is deprecated, the $ssl_client_escaped_cert variable should be used instead.
$ssl_client_fingerprint
returns the SHA1 fingerprint of the client certificate for an established SSL connection (1.7.1);
$ssl_client_i_dn
returns the “issuer DN” string of the client certificate for an established SSL connection according to RFC 2253 (1.11.6);
$ssl_client_i_dn_legacy
returns the “issuer DN” string of the client certificate for an established SSL connection;
Prior to version 1.11.6, the variable name was $ssl_client_i_dn.
$ssl_client_raw_cert
returns the client certificate in the PEM format for an established SSL connection;
$ssl_client_s_dn
returns the “subject DN” string of the client certificate for an established SSL connection according to RFC 2253 (1.11.6);
$ssl_client_s_dn_legacy
returns the “subject DN” string of the client certificate for an established SSL connection;
Prior to version 1.11.6, the variable name was $ssl_client_s_dn.
$ssl_client_serial
returns the serial number of the client certificate for an established SSL connection;
$ssl_client_v_end
returns the end date of the client certificate (1.11.7);
$ssl_client_v_remain
returns the number of days until the client certificate expires (1.11.7);
$ssl_client_v_start
returns the start date of the client certificate (1.11.7);
$ssl_client_verify
returns the result of client certificate verification: “SUCCESS”, “FAILED:reason”, and “NONE” if a certificate was not present;
Prior to version 1.11.7, the “FAILED” result did not contain the reason string.
$ssl_curves
returns the list of curves supported by the client (1.11.7). Known curves are listed by names, unknown are shown in hexadecimal, for example:
\n0x001d:prime256v1:secp521r1:secp384r1\n
The variable is supported only when using OpenSSL version 1.0.2 or higher. With older versions, the variable value will be an empty string.
The variable is available only for new sessions.
$ssl_protocol
returns the protocol of an established SSL connection;
$ssl_server_name
returns the server name requested through SNI (1.7.0);
$ssl_session_id
returns the session identifier of an established SSL connection;
$ssl_session_reused
returns “r” if an SSL session was reused, or “.” otherwise (1.5.11).
" }, { "module": "ngx_http_stub_status_module", "vars": { "$connections_active": "var_connections_active", "$connections_reading": "var_connections_reading", "$connections_writing": "var_connections_writing", "$connections_waiting": "var_connections_waiting" }, "doc": "

The ngx_http_stub_status_module module supports the following embedded variables (1.3.14):

$connections_active
same as the Active connections value;
$connections_reading
same as the Reading value;
$connections_writing
same as the Writing value;
$connections_waiting
same as the Waiting value.
" }, { "module": "ngx_http_upstream_module", "vars": { "$upstream_addr": "var_upstream_addr", "$upstream_bytes_received": "var_upstream_bytes_received", "$upstream_cache_status": "var_upstream_cache_status", "$upstream_connect_time": "var_upstream_connect_time", "$upstream_cookie_name": "var_upstream_cookie_", "$upstream_header_time": "var_upstream_header_time", "$upstream_http_name": "var_upstream_http_", "$upstream_queue_time": "var_upstream_queue_time", "$upstream_response_length": "var_upstream_response_length", "$upstream_response_time": "var_upstream_response_time", "$upstream_status": "var_upstream_status", "$upstream_trailer_name": "var_upstream_trailer_" }, "doc": "

The ngx_http_upstream_module module supports the following embedded variables:

$upstream_addr
keeps the IP address and port, or the path to the UNIX-domain socket of the upstream server. If several servers were contacted during request processing, their addresses are separated by commas, e.g. “192.168.1.1:80, 192.168.1.2:80, unix:/tmp/sock”. If an internal redirect from one server group to another happens, initiated by “X-Accel-Redirect” or error_page, then the server addresses from different groups are separated by colons, e.g. “192.168.1.1:80, 192.168.1.2:80, unix:/tmp/sock : 192.168.10.1:80, 192.168.10.2:80”. If a server cannot be selected, the variable keeps the name of the server group.
$upstream_bytes_received
number of bytes received from an upstream server (1.11.4). Values from several connections are separated by commas and colons like addresses in the $upstream_addr variable.
$upstream_cache_status
keeps the status of accessing a response cache (0.8.3). The status can be either “MISS”, “BYPASS”, “EXPIRED”, “STALE”, “UPDATING”, “REVALIDATED”, or “HIT”.
$upstream_connect_time
keeps time spent on establishing a connection with the upstream server (1.9.1); the time is kept in seconds with millisecond resolution. In case of SSL, includes time spent on handshake. Times of several connections are separated by commas and colons like addresses in the $upstream_addr variable.
cookie with the specified name sent by the upstream server in the “Set-Cookie” response header field (1.7.1). Only the cookies from the response of the last server are saved.
$upstream_header_time
keeps time spent on receiving the response header from the upstream server (1.7.10); the time is kept in seconds with millisecond resolution. Times of several responses are separated by commas and colons like addresses in the $upstream_addr variable.
$upstream_http_name
keep server response header fields. For example, the “Server” response header field is available through the $upstream_http_server variable. The rules of converting header field names to variable names are the same as for the variables that start with the “$http_” prefix. Only the header fields from the response of the last server are saved.
$upstream_queue_time
keeps time the request spent in the upstream queue (1.13.9); the time is kept in seconds with millisecond resolution. Times of several responses are separated by commas and colons like addresses in the $upstream_addr variable.
$upstream_response_length
keeps the length of the response obtained from the upstream server (0.7.27); the length is kept in bytes. Lengths of several responses are separated by commas and colons like addresses in the $upstream_addr variable.
$upstream_response_time
keeps time spent on receiving the response from the upstream server; the time is kept in seconds with millisecond resolution. Times of several responses are separated by commas and colons like addresses in the $upstream_addr variable.
$upstream_status
keeps status code of the response obtained from the upstream server. Status codes of several responses are separated by commas and colons like addresses in the $upstream_addr variable. If a server cannot be selected, the variable keeps the 502 (Bad Gateway) status code.
$upstream_trailer_name
keeps fields from the end of the response obtained from the upstream server (1.13.10).
" }, { "module": "ngx_http_userid_module", "vars": { "$uid_got": "var_uid_got", "$uid_reset": "var_uid_reset", "$uid_set": "var_uid_set" }, "doc": "

The ngx_http_userid_module module supports the following embedded variables:

$uid_got
The cookie name and received client identifier.
$uid_reset
If the variable is set to a non-empty string that is not “0”, the client identifiers are reset. The special value “log” additionally leads to the output of messages about the reset identifiers to the error_log.
$uid_set
The cookie name and sent client identifier.
" }, { "module": "ngx_http_v2_module", "vars": { "$http2": "var_http2" }, "doc": "

The ngx_http_v2_module module supports the following embedded variables:

$http2
negotiated protocol identifier: “h2” for HTTP/2 over TLS, “h2c” for HTTP/2 over cleartext TCP, or an empty string otherwise.
" }, { "module": "ngx_stream_core_module", "vars": { "$binary_remote_addr": "var_binary_remote_addr", "$bytes_received": "var_bytes_received", "$bytes_sent": "var_bytes_sent", "$connection": "var_connection", "$hostname": "var_hostname", "$msec": "var_msec", "$nginx_version": "var_nginx_version", "$pid": "var_pid", "$protocol": "var_protocol", "$proxy_protocol_addr": "var_proxy_protocol_addr", "$proxy_protocol_port": "var_proxy_protocol_port", "$remote_addr": "var_remote_addr", "$remote_port": "var_remote_port", "$server_addr": "var_server_addr", "$server_port": "var_server_port", "$session_time": "var_session_time", "$status": "var_status", "$time_iso8601": "var_time_iso8601", "$time_local": "var_time_local" }, "doc": "

The ngx_stream_core_module module supports variables since 1.11.2.

$binary_remote_addr
client address in a binary form, value’s length is always 4 bytes for IPv4 addresses or 16 bytes for IPv6 addresses
$bytes_received
number of bytes received from a client (1.11.4)
$bytes_sent
number of bytes sent to a client
$connection
connection serial number
$hostname
host name
$msec
current time in seconds with the milliseconds resolution
$nginx_version
nginx version
$pid
PID of the worker process
$protocol
protocol used to communicate with the client: TCP or UDP (1.11.4)
$proxy_protocol_addr
client address from the PROXY protocol header, or an empty string otherwise (1.11.4)

The PROXY protocol must be previously enabled by setting the proxy_protocol parameter in the listen directive.

$proxy_protocol_port
client port from the PROXY protocol header, or an empty string otherwise (1.11.4)

The PROXY protocol must be previously enabled by setting the proxy_protocol parameter in the listen directive.

$remote_addr
client address
$remote_port
client port
$server_addr
an address of the server which accepted a connection

Computing a value of this variable usually requires one system call. To avoid a system call, the listen directives must specify addresses and use the bind parameter.

$server_port
port of the server which accepted a connection
$session_time
session duration in seconds with a milliseconds resolution (1.11.4);
$status
session status (1.11.4), can be one of the following:
200
session completed successfully
400
client data could not be parsed, for example, the PROXY protocol header
403
access forbidden, for example, when access is limited for certain client addresses
500
internal server error
502
bad gateway, for example, if an upstream server could not be selected or reached.
503
service unavailable, for example, when access is limited by the number of connections
$time_iso8601
local time in the ISO 8601 standard format
$time_local
local time in the Common Log Format
" }, { "module": "ngx_stream_realip_module", "vars": { "$realip_remote_addr": "var_realip_remote_addr", "$realip_remote_port": "var_realip_remote_port" }, "doc": "

$realip_remote_addr
keeps the original client address
$realip_remote_port
keeps the original client port
" }, { "module": "ngx_stream_ssl_module", "vars": { "$ssl_cipher": "var_ssl_cipher", "$ssl_ciphers": "var_ssl_ciphers", "$ssl_client_cert": "var_ssl_client_cert", "$ssl_client_fingerprint": "var_ssl_client_fingerprint", "$ssl_client_i_dn": "var_ssl_client_i_dn", "$ssl_client_raw_cert": "var_ssl_client_raw_cert", "$ssl_client_s_dn": "var_ssl_client_s_dn", "$ssl_client_serial": "var_ssl_client_serial", "$ssl_client_v_end": "var_ssl_client_v_end", "$ssl_client_v_remain": "var_ssl_client_v_remain", "$ssl_client_v_start": "var_ssl_client_v_start", "$ssl_client_verify": "var_ssl_client_verify", "$ssl_curves": "var_ssl_curves", "$ssl_protocol": "var_ssl_protocol", "$ssl_server_name": "var_ssl_server_name", "$ssl_session_id": "var_ssl_session_id", "$ssl_session_reused": "var_ssl_session_reused" }, "doc": "

The ngx_stream_ssl_module module supports variables since 1.11.2.

$ssl_cipher
returns the string of ciphers used for an established SSL connection;
$ssl_ciphers
returns the list of ciphers supported by the client (1.11.7). Known ciphers are listed by names, unknown are shown in hexadecimal, for example:
\nAES128-SHA:AES256-SHA:0x00ff\n
The variable is fully supported only when using OpenSSL version 1.0.2 or higher. With older versions, the variable is available only for new sessions and lists only known ciphers.
$ssl_client_cert
returns the client certificate in the PEM format for an established SSL connection, with each line except the first prepended with the tab character (1.11.8);
$ssl_client_fingerprint
returns the SHA1 fingerprint of the client certificate for an established SSL connection (1.11.8);
$ssl_client_i_dn
returns the “issuer DN” string of the client certificate for an established SSL connection according to RFC 2253 (1.11.8);
$ssl_client_raw_cert
returns the client certificate in the PEM format for an established SSL connection (1.11.8);
$ssl_client_s_dn
returns the “subject DN” string of the client certificate for an established SSL connection according to RFC 2253 (1.11.8);
$ssl_client_serial
returns the serial number of the client certificate for an established SSL connection (1.11.8);
$ssl_client_v_end
returns the end date of the client certificate (1.11.8);
$ssl_client_v_remain
returns the number of days until the client certificate expires (1.11.8);
$ssl_client_v_start
returns the start date of the client certificate (1.11.8);
$ssl_client_verify
returns the result of client certificate verification (1.11.8): “SUCCESS”, “FAILED:reason”, and “NONE” if a certificate was not present;
$ssl_curves
returns the list of curves supported by the client (1.11.7). Known curves are listed by names, unknown are shown in hexadecimal, for example:
\n0x001d:prime256v1:secp521r1:secp384r1\n
The variable is supported only when using OpenSSL version 1.0.2 or higher. With older versions, the variable value will be an empty string.
The variable is available only for new sessions.
$ssl_protocol
returns the protocol of an established SSL connection;
$ssl_server_name
returns the server name requested through SNI;
$ssl_session_id
returns the session identifier of an established SSL connection;
$ssl_session_reused
returns “r” if an SSL session was reused, or “.” otherwise.
" }, { "module": "ngx_stream_ssl_preread_module", "vars": { "$ssl_preread_server_name": "var_ssl_preread_server_name", "$ssl_preread_alpn_protocols": "var_ssl_preread_alpn_protocols" }, "doc": "

$ssl_preread_server_name
server name requested through SNI
$ssl_preread_alpn_protocols
list of protocols advertised by the client through ALPN (1.13.10). The values are separated by commas.
" }, { "module": "ngx_stream_upstream_module", "vars": { "$upstream_addr": "var_upstream_addr", "$upstream_bytes_sent": "var_upstream_bytes_sent", "$upstream_bytes_received": "var_upstream_bytes_received", "$upstream_connect_time": "var_upstream_connect_time", "$upstream_first_byte_time": "var_upstream_first_byte_time", "$upstream_session_time": "var_upstream_session_time" }, "doc": "

The ngx_stream_upstream_module module supports the following embedded variables:

$upstream_addr
keeps the IP address and port, or the path to the UNIX-domain socket of the upstream server (1.11.4). If several servers were contacted during proxying, their addresses are separated by commas, e.g. “192.168.1.1:12345, 192.168.1.2:12345, unix:/tmp/sock”. If a server cannot be selected, the variable keeps the name of the server group.
$upstream_bytes_sent
number of bytes sent to an upstream server (1.11.4). Values from several connections are separated by commas like addresses in the $upstream_addr variable.
$upstream_bytes_received
number of bytes received from an upstream server (1.11.4). Values from several connections are separated by commas like addresses in the $upstream_addr variable.
$upstream_connect_time
time to connect to the upstream server (1.11.4); the time is kept in seconds with millisecond resolution. Times of several connections are separated by commas like addresses in the $upstream_addr variable.
$upstream_first_byte_time
time to receive the first byte of data (1.11.4); the time is kept in seconds with millisecond resolution. Times of several connections are separated by commas like addresses in the $upstream_addr variable.
$upstream_session_time
session duration in seconds with millisecond resolution (1.11.4). Times of several connections are separated by commas like addresses in the $upstream_addr variable.
" } ]