records.config

The records.config file (by default, located in /usr/local/etc/trafficserver/) is a list of configurable variables used by the Traffic Server software. Many of the variables in the records.config file are set automatically when you set configuration options in Traffic Line. After you modify the records.config file, run the command traffic_line -x to apply the changes. When you apply changes to one node in a cluster, Traffic Server automatically applies the changes to all other nodes in the cluster.

フォーマット

それぞれの変数は次のフォーマットとなっています

SCOPE variable_name DATATYPE variable_value

この中の

SCOPE はクラスタリングに関係しており、CONFIG (クラスターの全メンバー) もしくは LOCAL (ローカルマシンのみ) のどちらかです。

DATATYPEINT (integer) 、STRING (string) 、FLOAT (floating point) のいずれかです。Deprecated と記された変数はまだ機能しますが、将来のリリースで予告なく削除されるかもしれないので避けるべきです。

Reloadable と記された変数は次のコマンドで更新可能です。

traffic_line -x

INT 型の設定はあらゆる整数で表現できます。例えば 32768 のように。これはまた標準的なプレフィックスを使用してより人間が読みやすい値でも表現できます。例えば 32K のように。INT 型の設定では次のプレフィックスがサポートされています。

  • K キロバイト (1024 バイト)

  • M メガバイト (1024^2 または 1,048,576 バイト)

  • G ギガバイト (1024^3 または 1,073,741,824 バイト)

  • T テラバイト (1024^4 または 1,099,511,627,776 バイト)

注釈

Traffic Server は定期的に設定をディスクに書き戻し、その際にはプレフィックスは保持されません。

次の例で、proxy.config.proxy_name 変数は my_server という値を持つ STRING データ型の変数です。これは Traffic Server プロキシーの名前が my_server であることを意味しています。:

CONFIG proxy.config.proxy_name STRING my_server

もしサーバー名が that_server であるべきなら行は次のようになります

CONFIG proxy.config.proxy_name STRING that_server

次の例で、proxy.config.arm.enabled 変数は yes/no フラグです。値 0 (ゼロ) はオプションを無効化し、値 1 はオプションを有効化します。

CONFIG proxy.config.arm.enabled INT 0

次の例で、変数はクラスターのスタートアップタイムアウトを 10 秒に設定します。

CONFIG proxy.config.cluster.startup_timeout INT 10

最後の例は、人間が読みやすいプレフィックスを使用して RAM キャッシュを 64GB に設定します。

CONFIG proxy.config.cache.ram_cache.size INT 64G

環境の再定義

records.config の各設定変数は対応する環境変数で再定義できます。これは静的な records.config が必要であるが 1、2 個の設定だけ調整したいという状況で便利です。再定義変数は records.config の変数名を大文字にし、ドットをアンダースコアに置換えたものになっています。

環境からの変数の再定義は恒久的であり、records.config の変更や traffic_line での適用による将来的な設定変更の影響を受けません。

例えば、proxy.config.product_company 変数はこのように再定義できるでしょう

$ PROXY_CONFIG_PRODUCT_COMPANY=example traffic_cop &
$ traffic_line -r proxy.config.product_company

設定変数

次の一覧では records.config ファイル内で利用可能な設定変数について説明します。

システム変数

proxy.config.product_company
Scope:CONFIG
Type:STRING
Default:Apache Software Foundation

Traffic Server を開発している組織の名称。

proxy.config.product_vendor
Scope:CONFIG
Type:STRING
Default:Apache

Traffic Server を提供しているベンダーの名称。

proxy.config.product_name
Scope:CONFIG
Type:STRING
Default:Traffic Server

プロダクトの名称。

proxy.config.proxy_name
Scope:CONFIG
Type:STRING
Default:``build_machine``
Reloadable:Yes

Traffic Server ノードの名称。

proxy.config.bin_path
Scope:CONFIG
Type:STRING
Default:bin

Traffic Server の bin ディレクトリの位置。

proxy.config.proxy_binary
Scope:CONFIG
Type:STRING
Default:traffic_server

traffic_server プロセスを実行する実行ファイルの名称。

proxy.config.proxy_binary_opts
Scope:CONFIG
Type:STRING
Default:-M

Traffic Server をスタートする際のコマンドラインオプション。

proxy.config.manager_binary
Scope:CONFIG
Type:STRING
Default:traffic_manager

traffic_manager プロセスを実行する実行ファイルの名称。

proxy.config.env_prep
Scope:CONFIG
Type:STRING
Default:*NONE*

traffic_manager プロセスが traffic_server プロセスを立ち上げる前に実行するスクリプト。

proxy.config.config_dir
Scope:CONFIG
Type:STRING
Default:etc/trafficserver

Traffic Server の設定ファイルを含むディレクトリ。これはビルド時に指定された SYSCONFDIR のインストールした場所のプレフィックスからの相対の値を含んだ読み取り専用の設定オプションです。$TS_ROOT 環境変数はインストールした場所のプレフィックスを実行時に切り替えるために使うことができます。

proxy.config.syslog_facility
Scope:CONFIG
Type:STRING
Default:LOG_DAEMON

システムログファイルを記録する機能です。 Understanding Traffic Server Log Files を参照してください。

proxy.config.cop.core_signal
Scope:CONFIG
Type:INT
Default:0

traffic_cop の管理しているプロセスを停止するために送信されるシグナルです。

0 はシグナルが送信されないことを意味します。

proxy.config.cop.linux_min_memfree_kb
Scope:CONFIG
Type:INT
Default:0

The minimum amount of free memory space allowed before Traffic Server stops the traffic_server and traffic_manager processes to prevent the system from hanging.

proxy.config.cop.linux_min_swapfree_kb
Scope:CONFIG
Type:INT
Default:0

Traffic Server がシステムのハングを防ぐために traffic_servertraffic_manager プロセスを停止させるまでに許されるスワップ領域の最小空き容量です。この設定変数は Linux 2.2 でスワップが有効化されている場合のみ適用されます。`

proxy.config.output.logfile
Scope:CONFIG
Type:STRING
Default:traffic.out

Traffic Server プロセスによって生成される警告、ステータスメッセージ、エラーメッセージを含むファイルの名前と場所。パスが指定されていない場合、Traffic Server はロギングディレクトリにファイルを作成します。

proxy.config.snapshot_dir
Scope:CONFIG
Type:STRING
Default:snapshots

Traffic Server が設定のスナップショットを保存するローカルシステム上のディレクトリ。絶対パスを指定しない限り、このディレクトリは Traffic Server の SYSCONFDIR ディレクトリに置かれます。

proxy.config.exec_thread.autoconfig
Scope:CONFIG
Type:INT
Default:1

有効化すると (デフォルトは 1) 、Traffic Server は CPU のコア数をもとにスレッドをスケールします。以下の設定オプションを見てください。

proxy.config.exec_thread.autoconfig.scale
Scope:CONFIG
Type:FLOAT
Default:1.5

Traffic Server がスレッド数をスケールする際の係数。乗数は通常利用可能な CPU のコア数です。デフォルトではスケーリング係数は 1.5 です。

proxy.config.exec_thread.limit
Scope:CONFIG
Type:INT
Default:2

XXX これ何するの? (訳注: 原文にそう書かれています。)

proxy.config.accept_threads
Scope:CONFIG
Type:INT
Default:1

有効化 (1) すると、accept 処理を別のスレッドで実行します。無効化 (0) すると、1 スレッドのみ作られます。

proxy.config.thread.default.stacksize
Scope:CONFIG
Type:INT
Default:1048576

全スレッドに適用される、スレッドスタックサイズの新しいデフォルト値です。元々のデフォルトは 1 MB に設定されています。

proxy.config.exec_thread.affinity
Scope:CONFIG
Type:INT
Default:0

Bind threads to specific processing units.

効果

0 assign threads to machine
1 assign threads to NUMA nodes
2

スレッドをソケットに割り当てます

3 assign threads to cores
4 assign threads to processing units

注釈

このオプションは Traffic Server が --enable-hwloc 付きでコンパイルされている場合のみ効果があります。

proxy.config.system.file_max_pct
Scope:CONFIG
Type:FLOAT
Default:0.9

Set the maximum number of file handles for the traffic_server process as a percentage of the the fs.file-max proc value in Linux. The default is 90%.

proxy.config.crash_log_helper
Scope:CONFIG
Type:STRING
Default:traffic_crashlog

This option directs traffic_server to spawn a crash log helper at startup. The value should be the path to an executable program. If the path is not absolute, it is located relative to configured bin directory. Any user-provided program specified here must behave in a fashion compatible with traffic_crashlog. Specifically, it must implement the traffic_crashlog --wait behavior.

This setting not reloadable because the helper must be spawned before traffic_server drops privilege. If this variable is set to NULL, no helper will be spawned.

proxy.config.restart.active_client_threshold
Scope:CONFIG
Type:INT
Default:0 :reloadable:

This setting specifies the number of active client connections for use by traffic_line --drain.

Network

proxy.config.net.connections_throttle
Scope:CONFIG
Type:INT
Default:30000

The total number of client and origin server connections that the server can handle simultaneously. This is in fact the max number of file descriptors that the traffic_server process can have open at any given time. Roughly 10% of these connections are reserved for origin server connections, i.e. from the default, only ~9,000 client connections can be handled. This should be tuned according to your memory size, and expected work load.

proxy.config.net.default_inactivity_timeout
Scope:CONFIG
Type:INT
Default:86400
Reloadable:Yes

The connection inactivity timeout (in seconds) to apply when Traffic Server detects that no inactivity timeout has been applied by the HTTP state machine. When this timeout is applied, the proxy.process.net.default_inactivity_timeout_applied metric is incremented.

proxy.local.incoming_ip_to_bind
Scope:LOCAL
Type:STRING
Default:0.0.0.0 [::]

Controls the global default IP addresses to which to bind proxy server ports. The value is a space separated list of IP addresses, one per supported IP address family (currently IPv4 and IPv6).

Unless explicitly specified in proxy.config.http.server_ports the server port will be bound to one of these addresses, selected by IP address family. The built in default is any address. This is used if no address for a family is specified. This setting is useful if most or all server ports should be bound to the same address.

注釈

This is ignored for inbound transparent server ports because they must be able to accept connections on arbitrary IP addresses.

Example

Set the global default for IPv4 to 192.168.101.18 and leave the global default for IPv6 as any address.:

LOCAL proxy.local.incoming_ip_to_bind STRING 192.168.101.18

Example

Set the global default for IPv4 to 191.68.101.18 and the global default for IPv6 to fc07:192:168:101::17.:

LOCAL proxy.local.incoming_ip_to_bind STRING 192.168.101.18 [fc07:192:168:101::17]
proxy.local.outgoing_ip_to_bind
Scope:LOCAL
Type:STRING
Default:0.0.0.0 [::]

This controls the global default for the local IP address for outbound connections to origin servers. The value is a list of space separated IP addresses, one per supported IP address family (currently IPv4 and IPv6).

Unless explicitly specified in proxy.config.http.server_ports one of these addresses, selected by IP address family, will be used as the local address for outbound connections. This setting is useful if most or all of the server ports should use the same outbound IP addresses.

注釈

This is ignored for outbound transparent ports as the local outbound address will be the same as the client local address.

Example

Set the default local outbound IP address for IPv4 connections to 192.168.101.18.:

LOCAL proxy.local.outgoing_ip_to_bind STRING 192.168.101.18

Example

Set the default local outbound IP address to 192.168.101.17 for IPv4 and fc07:192:168:101::17 for IPv6.:

LOCAL proxy.local.outgoing_ip_to_bind STRING 192.168.101.17 [fc07:192:168:101::17]

Cluster

proxy.local.cluster.type
Scope:LOCAL
Type:INT
Default:3

Sets the clustering mode:

効果

1 full-clustering mode
2 management-only mode
3 no clustering
proxy.config.cluster.ethernet_interface
Scope:CONFIG
Type:INT
Default:eth0

The network interface to be used for cluster communication. This has to be identical on all members of a clsuter. ToDo: Is that reasonable ?? Should this be local”

proxy.config.cluster.rsport
Scope:CONFIG
Type:INT
Default:8088

The reliable service port. The reliable service port is used to send configuration information between the nodes in a cluster. All nodes in a cluster must use the same reliable service port.

proxy.config.cluster.threads
Scope:CONFIG
Type:INT
Default:1

The number of threads for cluster communication. On heavy cluster, the number should be adjusted. It is recommend that take the thread CPU usage as a reference when adjusting.

proxy.config.clustger.ethernet_interface
Scope:CONFIG
Type:STRING
Default:*NONE*

Set the interface to use for cluster communications.

proxy.config.http.cache.cluster_cache_local
Scope:CONFIG
Type:INT
Default:0

This turns on the local caching of objects in cluster mode. The point of this is to allow for popular or hot content to be cached on all nodes in a cluster. Be aware that the primary way to configure this behavior is via the cache.config configuration file using action=cluster-cache-local directives.

This particular records.config configuration can be controlled per transaction or per remap rule. As such, it augments the cache.config directives, since you can turn on the local caching feature without complex regular expression matching.

This implies that turning this on in your global records.config is almost never what you want; instead, you want to use this either via e.g. conf_remap.so overrides for a certain remap rule, or through a custom plugin using the appropriate APIs.

Local Manager

proxy.config.lm.sem_id
Scope:CONFIG
Type:INT
Default:11452

The semaphore ID for the local manager.

proxy.config.admin.autoconf_port
Scope:CONFIG
Type:INT
Default:8083

The autoconfiguration port.

proxy.config.admin.number_config_bak
Scope:CONFIG
Type:INT
Default:3

The maximum number of copies of rolled configuration files to keep.

proxy.config.admin.user_id
Scope:CONFIG
Type:STRING
Default:nobody

Option used to specify who to run the traffic_server process as; also used to specify ownership of config and log files.

The nonprivileged user account designated to Traffic Server.

As of version 2.1.1 if the user_id is prefixed with pound character (#) the remaining of the string is considered to be a numeric user identifier. If the value is set to #-1 Traffic Server will not change the user during startup.

Setting user_id to root or #0 is now forbidden to increase security. Trying to do so, will cause the traffic_server fatal failure. However there are two ways to bypass that restriction

  • Specify -DBIG_SECURITY_HOLE in CXXFLAGS during compilation.
  • Set the user_id=#-1 and start trafficserver as root.
proxy.config.admin.api.restricted
Scope:CONFIG
Type:INT
Default:1

This setting specifies whether the management API should be restricted to root processes. If this is set to 0, then on platforms that support passing process credentials, non-root processes will be allowed to make read-only management API calls. Any management API calls that modify server state (eg. setting a configuration variable) will still be restricted to root processes.

This setting is not reloadable, since it is must be applied when program:traffic_manager initializes.

注釈

In Traffic Server 6.0, the default value of proxy.config.admin.api.restricted will be changed to 0.

Process Manager

proxy.config.process_manager.mgmt_port
Scope:CONFIG
Type:INT
Default:8084

The port used for internal communication between the traffic_manager and traffic_server processes.

Alarm Configuration

proxy.config.alarm_email
Scope:CONFIG
Type:STRING
Default:*NONE*
Reloadable:Yes

The address to which the alarm script should send email.

proxy.config.alarm.bin
Scope:CONFIG
Type:STRING
Default:example_alarm_bin.sh
Reloadable:Yes

Name of the script file that can execute certain actions when an alarm is signaled. The script is invoked with up to 4 arguments:

proxy.config.alarm.abs_path
Scope:CONFIG
Type:STRING
Default:NULL
Reloadable:Yes

The absolute path to the directory containing the alarm script. If this is not set, the script will be located relative to proxy.config.bin_path.

proxy.config.alarm.script_runtime
Scope:CONFIG
Type:INT
Default:5
Reloadable:Yes

The number of seconds that Traffic Server allows the alarm script to run before aborting it.

HTTP Engine

proxy.config.http.server_ports
Scope:CONFIG
Type:STRING
Default:8080

Ports used for proxying HTTP traffic.

This is a list, separated by space or comma, of port descriptors. Each descriptor is a sequence of keywords and values separated by colons. Not all keywords have values, those that do are specifically noted. Keywords with values can have an optional ‘=’ character separating the keyword and value. The case of keywords is ignored. The order of keywords is irrelevant but unspecified results may occur if incompatible options are used (noted below). Options without values are idempotent. Options with values use the last (right most) value specified, except for ip-out as detailed later.

Quick reference chart.

Name Note Definition
number Required The local port.
blind   Blind (CONNECT) port.
compress N/I Compressed. Not implemented.
ipv4 Default Bind to IPv4 address family.
ipv6   Bind to IPv6 address family.
ip-in Value Local inbound IP address.
ip-out Value Local outbound IP address.
ip-resolve Value IP address resolution style.
proto Value List of supported session protocols.
ssl   SSL terminated.
tr-full   Fully transparent (inbound and outbound)
tr-in   Inbound transparent.
tr-out   Outbound transparent.
tr-pass   Pass through enabled.
number
Local IP port to bind. This is the port to which ATS clients will connect.
blind

Accept only the CONNECT method on this port.

Not compatible with: tr-in, ssl.

compress
Compress the connection. Retained only by inertia, should be considered “not implemented”.
ipv4
Use IPv4. This is the default and is included primarily for completeness. This forced if the ip-in option is used with an IPv4 address.
ipv6
Use IPv6. This is forced if the ip-in option is used with an IPv6 address.
ssl

Require SSL termination for inbound connections. SSL must be configured for this option to provide a functional server port.

Not compatible with: blind.

proto
Specify the session level protocols supported. These should be separated by semi-colons. For TLS proxy ports the default value is all available protocols. For non-TLS proxy ports the default is HTTP only. SPDY can be enabled on non-TLS proxy ports but that must be done explicitly.
tr-full

Fully transparent. This is a convenience option and is identical to specifying both tr-in and tr-out.

Not compatible with: Any option not compatible with tr-in or tr-out.

tr-in

Inbound transparent. The proxy port will accept connections to any IP address on the port. To have IPv6 inbound transparent you must use this and the ipv6 option. This overrides proxy.local.incoming_ip_to_bind for this port.

Not compatible with: ip-in, blind

tr-out

Outbound transparent. If ATS connects to an origin server for a transaction on this port, it will use the client’s address as its local address. This overrides proxy.local.outgoing_ip_to_bind for this port.

Not compatible with: ip-out, ip-resolve

tr-pass
Transparent pass through. This option is useful only for inbound transparent proxy ports. If the parsing of the expected HTTP header fails, then the transaction is switched to a blind tunnel instead of generating an error response to the client. It effectively enables proxy.config.http.use_client_target_addr for the transaction as there is no other place to obtain the origin server address.
ip-in

Set the local IP address for the port. This is the address to which clients will connect. This forces the IP address family for the port. The ipv4 or ipv6 can be used but it is optional and is an error for it to disagree with the IP address family of this value. An IPv6 address must be enclosed in square brackets. If this option is omitted proxy.local.incoming_ip_to_bind is used.

Not compatible with: tr-in.

ip-out

Set the local IP address for outbound connections. This is the address used by ATS locally when it connects to an origin server for transactions on this port. If this is omitted proxy.local.outgoing_ip_to_bind is used.

This option can used multiple times, once for each IP address family. The address used is selected by the IP address family of the origin server address.

Not compatible with: tr-out.

ip-resolve

Set the host resolution style for transactions on this proxy port.

Not compatible with: tr-out - this option requires a value of client;none which is forced and should not be explicitly specified.

Example

Listen on port 80 on any address for IPv4 and IPv6.:

80 80:ipv6

Example

Listen transparently on any IPv4 address on port 8080, and transparently on port 8080 on local address fc01:10:10:1::1 (which implies ipv6).:

IPv4:tr-FULL:8080 TR-full:IP-in=[fc02:10:10:1::1]:8080

Example

Listen on port 8080 for IPv6, fully transparent. Set up an SSL port on 443. These ports will use the IP address from proxy.local.incoming_ip_to_bind. Listen on IP address 192.168.17.1, port 80, IPv4, and connect to origin servers using the local address 10.10.10.1 for IPv4 and fc01:10:10:1::1 for IPv6.:

8080:ipv6:tr-full 443:ssl ip-in=192.168.17.1:80:ip-out=[fc01:10:10:1::1]:ip-out=10.10.10.1

Example

Listen on port 9090 for TSL enabled SPDY or HTTP connections, accept no other session protocols.:

9090:proto=spdy;http:ssl
proxy.config.http.connect_ports
Scope:CONFIG
Type:STRING
Default:443 563

The range of origin server ports that can be used for tunneling via CONNECT.

Traffic Server allows tunnels only to the specified ports. Supports both wildcards (‘*’) and ranges (“0-1023”).

注釈

These are the ports on the origin server, not Traffic Server proxy ports.

proxy.config.http.insert_request_via_str
Scope:CONFIG
Type:INT
Default:1
Reloadable:Yes

Set how the Via field is handled on a request to the origin server.

効果

0 Do not modify / set this via header
1 Update the via, with normal verbosity
2 Update the via, with higher verbosity
3 Update the via, with highest verbosity

注釈

Via ヘッダーは Via Decoder Ring でデコードできます。

proxy.config.http.insert_response_via_str
Scope:CONFIG
Type:INT
Default:0
Reloadable:Yes

Set how the Via field is handled on the response to the client.

効果

0 Do not modify / set this via header
1 Update the via, with normal verbosity
2 Update the via, with higher verbosity
3 Update the via, with highest verbosity

注釈

Via ヘッダーは Via Decoder Ring でデコードできます。

proxy.config.http.send_100_continue_response
Scope:CONFIG
Type:INT
Default:0
Reloadable:Yes

You can specify one of the following:

  • 0 ATS buffer the request until the post body has been recieved and then send the request to origin.
  • 1 immediately return a 100 Continue from ATS without waiting for the post body
proxy.config.http.response_server_enabled
Scope:CONFIG
Type:INT
Default:1
Reloadable:Yes

You can specify one of the following:

  • 0 no Server: header is added to the response.
  • 1 the Server: header is added (see string below).
  • 2 the Server: header is added only if the response from origin does not have one already.
proxy.config.http.insert_age_in_response
Scope:CONFIG
Type:INT
Default:1
Reloadable:Yes

This option specifies whether Traffic Server should insert an Age header in the response. The Age field value is the cache’s estimate of the amount of time since the response was generated or revalidated by the origin server.

  • 0 no Age header is added
  • 1 the Age header is added
proxy.config.http.response_server_str
Scope:CONFIG
Type:STRING
Default:ATS/
Reloadable:Yes

The Server: string that ATS will insert in a response header (if requested, see above). Note that the current version number is always appended to this string.

proxy.config.http.enable_url_expandomatic
Scope:CONFIG
Type:INT
Default:0
Reloadable:Yes

Enables (1) or disables (0) .com domain expansion. This configures the Traffic Server to resolve unqualified hostnames by prepending with www. and appending with .com before redirecting to the expanded address. For example: if a client makes a request to host, then Traffic Server redirects the request to www.host.com.

proxy.config.http.chunking_enabled
Scope:CONFIG
Type:INT
Default:1
Reloadable:Yes

Specifies whether Traffic Sever can generate a chunked response:

  • 0 Never
  • 1 Always
  • 2 Generate a chunked response if the server has returned HTTP/1.1 before
  • 3 = Generate a chunked response if the client request is HTTP/1.1 and the origin server has returned HTTP/1.1 before

注釈

If HTTP/1.1 is used, then Traffic Server can use keep-alive connections with pipelining to origin servers. If HTTP/0.9 is used, then Traffic Server does not use keep-alive connections to origin servers. If HTTP/1.0 is used, then Traffic Server can use keep-alive connections without pipelining to origin servers.

proxy.config.http.send_http11_requests
Scope:CONFIG
Type:INT
Default:1
Reloadable:Yes

Specifies when and how Traffic Sever uses HTTP/1.1 to communicate with the origin server

  • 0 Never
  • 1 Always
  • 2 If the server has returned HTTP/1.1 before
  • 3 If the client request is HTTP/1.1 and the server has returned HTTP/1.1 before

注釈

If proxy.config.http.use_client_target_addr is set to 1, options 2 and 3 cause the proxy to use the client HTTP version for upstream requests.

proxy.config.http.share_server_sessions
Scope:CONFIG
Type:INT
Default:2
Deprecated:Yes

Enables (1) or disables (0) the reuse of server sessions. The default (2) is similar to enabled, except it creates a server session pool per network thread. This has the best performance characteristics. Note that setting this parameter to (2) will not work correctly unless the dedicated SSL threads are disabled (proxy.config.ssl.number.threads is set to (-1)).

proxy.config.http.auth_server_session_private
Scope:CONFIG
Type:INT
Default:1

If enabled (1) anytime a request contains a (Authorization), (Proxy-Authorization) or (Www-Authenticate) header the connection will be closed and not reused. This marks the connection as private. When disabled (0) the connection will be available for reuse.

proxy.config.http.server_session_sharing.match
Scope:CONFIG
Type:STRING
Default:both

Enable and set the ability to re-use server connections across client connections. The valid values are

none
Do not match, do not re-use server sessions.
ip
Re-use server sessions, check only that the IP address and port of the origin server matches.
host
Re-use server sessions, check only that the fully qualified domain name matches.
both
Re-use server sessions, but only if the IP address and fully qualified domain name match.

It is strongly recommended to use either none or both for this value unless you have a specific need to use ip or host. The most common reason is virtual hosts that share an IP address in which case performance can be enhanced if those sessions can be re-used. However, not all web servers support requests for different virtual hosts on the same connection so use with caution.

proxy.config.http.server_session_sharing.pool
Scope:CONFIG
Type:STRING
Default:thread

Control the scope of server session re-use if it is enabled by proxy.config.http.server_session_sharing.match. The valid values are

global
Re-use sessions from a global pool of all server sessions.
thread
Re-use sessions from a per-thread pool.
proxy.config.http.attach_server_session_to_client
Scope:CONFIG
Type:INT
Default:0

Control the re-use of an server session by a user agent (client) session.

If a user agent performs more than one HTTP transaction on its connection to Traffic Server a server session must be obtained for the second (and subsequent) transaction as for the first. This settings affects how that server session is selected.

If this setting is 0 then after the first transaction the server session for that transaction is released to the server pool (if any). When a server session is needed for subsequent transactions one is selected from the server pool or created if there is no suitable server session in the pool.

If this setting is not 0 then the current server session for the user agent session is “sticky”. It will be preferred to any other server session (either from the pool or newly created). The server session will be detached from the user agent session only if it cannot be used for the transaction. This is determined by the proxy.config.http.server_session_sharing.match value. If the server session matches the next transaction according to this setting then it will be used, otherwise it will be released to the pool and a different session selected or created.

proxy.config.http.record_heartbeat
Scope:CONFIG
Type:INT
Default:0
Reloadable:Yes

Enables (1) or disables (0) traffic_cop heartbeat logging.

proxy.config.http.use_client_target_addr
Scope:CONFIG
Type:INT
Default:0

For fully transparent ports use the same origin server address as the client.

This option causes Traffic Server to avoid where possible doing DNS lookups in forward transparent proxy mode. The option is only effective if the following three conditions are true -

  • Traffic Server is in forward proxy mode.
  • The proxy port is inbound transparent.
  • The target URL has not been modified by either remapping or a plugin.

If any of these conditions are not true, then normal DNS processing is done for the connection.

There are three valid values. * 0 - Disables the feature. * 1 - Enables the feature with address verification. The Proxy does the regular DNS processing. If the client-specified origin address is not in the set of addresses found by the Proxy, the request continues to the client specified address, but the result is not cached. * 2 - Enables the feature with no address verification. No DNS processing is performed. The result is cached (if allowed otherwise). This option is vulnerable to cache poisoning if an incorrect Host header is specified, so this option should be used with extreme caution. See bug TS-2954 for details.

If all of these conditions are met, then the origin server IP address is retrieved from the original client connection, rather than through HostDB or DNS lookup. In effect, client DNS resolution is used instead of Traffic Server DNS.

This can be used to be a little more efficient (looking up the target once by the client rather than by both the client and Traffic Server) but the primary use is when client DNS resolution can differ from that of Traffic Server. Two known uses cases are:

  1. Embedded IP addresses in a protocol with DNS load sharing. In this case, even though Traffic Server and the client both make the same request to the same DNS resolver chain, they may get different origin server addresses. If the address is embedded in the protocol then the overall exchange will fail. One current example is Microsoft Windows update, which presumably embeds the address as a security measure.
  2. The client has access to local DNS zone information which is not available to Traffic Server. There are corporate nets with local DNS information for internal servers which, by design, is not propagated outside the core corporate network. Depending a network topology it can be the case that Traffic Server can access the servers by IP address but cannot resolve such addresses by name. In such as case the client supplied target address must be used.

This solution must be considered interim. In the longer term, it should be possible to arrange for much finer grained control of DNS lookup so that wildcard domain can be set to use Traffic Server or client resolution. In both known use cases, marking specific domains as client determined (rather than a single global switch) would suffice. It is possible to do this crudely with this flag by enabling it and then use identity URL mappings to re-disable it for specific domains.

proxy.config.http.keep_alive_enabled_in
Scope:CONFIG
Type:INT
Default:1

入ってくる接続の keep-alive を有効化 (1) または無効化 (0) します。

proxy.config.http.keep_alive_enabled_out
Scope:CONFIG
Type:INT
Default:1

出て行く接続の keep-alive を有効化 (1) または無効化 (0) します。

注釈

Enabling keep-alive does not automatically enable purging of keep-alive requests when nearing the connection limit, that is controlled by proxy.config.http.server_max_connections.

proxy.config.http.keep_alive_post_out
Scope:CONFIG
Type:INT
Default:1

Controls wether new POST requests re-use keep-alive sessions (1) or create new connections per request (0).

proxy.config.http.send_408_post_timeout_response
Scope:CONFIG
Type:INT
Default:0

Controls wether POST timeout sends a HTTP status 408 response (1)

proxy.config.http.disallow_post_100_continue
Scope:CONFIG
Type:INT
Default:0

Allows you to return a 405 Method Not Supported with Posts also containing an Expect: 100-continue.

When a Post w/ Expect: 100-continue is blocked the stat proxy.process.http.disallowed_post_100_continue will be incremented.

Parent Proxy Configuration

proxy.config.http.parent_proxy_routing_enable
Scope:CONFIG
Type:INT
Default:0
Reloadable:Yes

Enables (1) or disables (0) the parent caching option. Refer to Hierarchical Caching.

proxy.config.http.parent_proxy.retry_time
Scope:CONFIG
Type:INT
Default:300
Reloadable:Yes

The amount of time allowed between connection retries to a parent cache that is unavailable.

proxy.config.http.parent_proxy.fail_threshold
Scope:CONFIG
Type:INT
Default:10
Reloadable:Yes

The number of times the connection to the parent cache can fail before Traffic Server considers the parent unavailable.

proxy.config.http.parent_proxy.total_connect_attempts
Scope:CONFIG
Type:INT
Default:4
Reloadable:Yes

The total number of connection attempts allowed to a parent cache before Traffic Server bypasses the parent or fails the request (depending on the go_direct option in the parent.config file).

proxy.config.http.parent_proxy.per_parent_connect_attempts
Scope:CONFIG
Type:INT
Default:2
Reloadable:Yes

The total number of connection attempts allowed per parent, if multiple parents are used.

proxy.config.http.parent_proxy.connect_attempts_timeout
Scope:CONFIG
Type:INT
Default:30
Reloadable:Yes

The timeout value (in seconds) for parent cache connection attempts.

proxy.config.http.forward.proxy_auth_to_parent
Scope:CONFIG
Type:INT
Default:0
Reloadable:Yes

Configures Traffic Server to send proxy authentication headers on to the parent cache.

proxy.config.http.no_dns_just_forward_to_parent
Scope:CONFIG
Type:INT
Default:0
Reloadable:Yes

Don’t try to resolve DNS, forward all DNS requests to the parent. This is off (0) by default.

HTTP 接続タイムアウト

proxy.config.http.keep_alive_no_activity_timeout_in
Scope:CONFIG
Type:INT
Default:115
Reloadable:Yes

Specifies how long Traffic Server keeps connections to clients open for a subsequent request after a transaction ends. A value of 0 will disable the no activity timeout.

proxy.config.http.keep_alive_no_activity_timeout_out
Scope:CONFIG
Type:INT
Default:120
Reloadable:Yes

Specifies how long Traffic Server keeps connections to origin servers open for a subsequent transfer of data after a transaction ends. A value of 0 will disable the no activity timeout.

proxy.config.http.transaction_no_activity_timeout_in
Scope:CONFIG
Type:INT
Default:30
Reloadable:Yes

トランザクションがストールした場合に Traffic Server がクライアントとの接続をどれだけ長く維持するかを指定します。

proxy.config.http.transaction_no_activity_timeout_out
Scope:CONFIG
Type:INT
Default:30
Reloadable:Yes

トランザクションがストールした場合に Traffic Server がオリジンサーバーとの接続をどれだけ長く維持するかを指定します。

proxy.config.http.transaction_active_timeout_in
Scope:CONFIG
Type:INT
Default:900
Reloadable:Yes

Traffic Server がクライアントと接続していられる最大時間です。クライアントへの転送がこのタイムアウトまでに完了しない場合、Traffic Server は接続を閉じます。

The value of 0 specifies that there is no timeout.

proxy.config.http.transaction_active_timeout_out
Scope:CONFIG
Type:INT
Default:0
Reloadable:Yes

Traffic Server がオリジンサーバーへの接続要求を完了するまでに待機できる最大時間です。Traffic Server がオリジンサーバーへの転送をタイムアウトまでに完了しない場合、Traffic Server は接続要求を終了します。

デフォルト値 0 はタイムアウト無しを指定しています。

proxy.config.http.accept_no_activity_timeout
Scope:CONFIG
Type:INT
Default:120
Reloadable:Yes

Traffic Server が活動のない接続をクローズするまでの秒数です。

proxy.config.http.background_fill_active_timeout
Scope:CONFIG
Type:INT
Default:0
Reloadable:Yes

オリジンサーバーとの接続を放棄する前に Traffic Server が background fill を継続する時間を指定します。

proxy.config.http.background_fill_completed_threshold
Scope:CONFIG
Type:FLOAT
Default:0.0
Reloadable:Yes

ドキュメントを取得してキャッシュに入れるためにプロキシーがオリジンサーバーからその取得を継続するクライアントが中断した時点ですでに転送済みのドキュメントの総サイズに対する割合 (background fill) 。

オリジンサーバーへの接続の試行

proxy.config.http.connect_attempts_max_retries
Scope:CONFIG
Type:INT
Default:6
Reloadable:Yes

The maximum number of connection retries Traffic Server can make when the origin server is not responding. Each retry attempt lasts for proxy.config.http.connect_attempts_timeout seconds. Once the maximum number of retries is reached, the origin is marked dead. After this, the setting proxy.config.http.connect_attempts_max_retries_dead_server is used to limit the number of retry attempts to the known dead origin.

proxy.config.http.connect_attempts_max_retries_dead_server
Scope:CONFIG
Type:INT
Default:3
Reloadable:Yes

Maximum number of connection retries Traffic Server can make while an origin is marked dead. Typically this value is smaller than proxy.config.http.connect_attempts_max_retries so an error is returned to the client faster and also to reduce the load on the dead origin. The timeout interval proxy.config.http.connect_attempts_timeout in seconds is used with this setting.

proxy.config.http.server_max_connections
Scope:CONFIG
Type:INT
Default:0
Reloadable:Yes

全オリジンサーバーにおけるソケットの接続数を指定した値に制限します。無効化するには、ゼロ (0) を設定してください。

注釈

This value is used in determining when and if to prune active origin sessions. Without this value set connections to origins can consume all the way up to ts:cv:proxy.config.net.connections_throttle connections, which in turn can starve incoming requests from available connections.

proxy.config.http.origin_max_connections
Scope:CONFIG
Type:INT
Default:0
Reloadable:Yes

オリジンサーバー毎のソケットの接続数を指定した値に制限します。有効化するには、イチ (1) を設定してください。

proxy.config.http.origin_min_keep_alive_connections
Scope:CONFIG
Type:INT
Default:0
Reloadable:Yes

接続済みのオリジンサーバーへの接続として、接続が長い期間使われていない場合でも少なくとも ‘n’ 個の接続を維持します。オリジンが keep-alive に対応している場合に便利であり、(不活発な) 接続の追加により次のリクエストから新しい接続の準備に必要となる時間を不要とします。有効化するには、イチ (1) を設定してください。

proxy.config.http.connect_attempts_rr_retries
Scope:CONFIG
Type:INT
Default:3
Reloadable:Yes

サーバーがラウンドロビンの DNS エントリーを持っている場合に、一つのラウンドロビンエントリーが ‘落ちてる’ とマークされるまでに許される接続失敗の最大数。

proxy.config.http.connect_attempts_timeout
Scope:CONFIG
Type:INT
Default:30
Reloadable:Yes

The timeout value (in seconds) for time to first byte for an origin server connection.

proxy.config.http.post_connect_attempts_timeout
Scope:CONFIG
Type:INT
Default:1800
Reloadable:Yes

クライアントのリクエストが POSTPUT リクエストのときのオリジンサーバーへの接続のタイムアウト値 ( 秒 ) 。

proxy.config.http.down_server.cache_time
Scope:CONFIG
Type:INT
Default:300
Reloadable:Yes

オリジンサーバーが到達不可能であったと Traffic Server が覚えている長さ ( 秒 ) を指定します。

proxy.config.http.down_server.abort_threshold
Scope:CONFIG
Type:INT
Default:10
Reloadable:Yes

オリジンサーバーがレスポンスヘッダーを返すのが遅すぎるためにクライアントがリクエストを断念した後で、Traffic Server がオリジンサーバーを到達不能とマークするまでの秒数。

proxy.config.http.uncacheable_requests_bypass_parent
Scope:CONFIG
Type:INT
Default:1

有効化 (1) すると、Traffic Server はキャッシュできないリクエストで親プロキシーをバイパスします。

輻輳制御

proxy.config.http.congestion_control.enabled
Scope:CONFIG
Type:INT
Default:0

輻輳制御オプションを有効化 (1) もしくは無効化 (0) し、オリジンサーバーが輻輳した際に Traffic Server が HTTP リクエストを転送するのを止めます。Traffic Server は後で輻輳しているオリジンサーバーに再試行するためにクライアントにメッセージを送信します。輻輳制御 を参照してください。

proxy.config.http.flow_control.enabled
Scope:CONFIG
Type:INT
Default:0

非ゼロ値を設定するとトランザクションのバッファリング / フロー制御が有効化されます。そうでない場合はフロー制御は行われません。

proxy.config.http.flow_control.high_water
Scope:CONFIG
Type:INT
Default:0
Metric:bytes

トランザクションのバッファー制御用の high water マークです。使用中の総バッファー領域がこの値に達すると外部ソース I/O が停止されます。

proxy.config.http.flow_control.low_water
Scope:CONFIG
Type:INT
Default:0
Metric:bytes

トランザクションのバッファー制御用の low water マークです。使用中の総バッファー領域がこの値より少なくなると外部ソース I/O が再開されます。

ネガティブレスポンスキャッシュ

proxy.config.http.negative_caching_enabled
Scope:CONFIG
Type:INT
Default:0
Reloadable:Yes

有効化 (1) された場合、Traffic Server はリクエストされたページが存在しない場合にネガティブレスポンス ( 404 Not Found のような ) をキャッシュします。次回クライアントが同じページをリクエストした際、Traffic Server はネガティブレスポンスをキャッシュから直接返します。無効化 (0) された場合、Traffic Server はレスポンスが Cache-Control ヘッダーをもって場合にのみキャッシュを行います。

注釈

次のネガティブレスポンスは Traffic Server にキャッシュされます。

204  No Content
305  Use Proxy
400  Bad Request
403  Forbidden
404  Not Found
405  Method Not Allowed
500  Internal Server Error
501  Not Implemented
502  Bad Gateway
503  Service Unavailable
504  Gateway Timeout

この設定によりキャッシュされたオブジェクトのキャッシュライフタイムは proxy.config.http.negative_caching_lifetime により制御されます。

proxy.config.http.negative_caching_lifetime
Scope:CONFIG
Type:INT
Default:1800

Traffic Server がネガティブレスポンスをキャッシュ内で有効とする時間 (秒) です。この値はサーバーによって設定された明示的な Expires: もしくは Cache-Control: の生存時間を持っているネガティブレスポンスのみに影響します。

Proxy User Variables

proxy.config.http.anonymize_remove_from
Scope:CONFIG
Type:INT
Default:0
Reloadable:Yes

When enabled (1), Traffic Server removes the From header to protect the privacy of your users.

proxy.config.http.anonymize_remove_referer
Scope:CONFIG
Type:INT
Default:0
Reloadable:Yes

When enabled (1), Traffic Server removes the Referrer header to protect the privacy of your site and users.

proxy.config.http.anonymize_remove_user_agent
Scope:CONFIG
Type:INT
Default:0
Reloadable:Yes

When enabled (1), Traffic Server removes the User-agent header to protect the privacy of your site and users.

Scope:CONFIG
Type:INT
Default:0
Reloadable:Yes

When enabled (1), Traffic Server removes the Cookie header to protect the privacy of your site and users.

proxy.config.http.anonymize_remove_client_ip
Scope:CONFIG
Type:INT
Default:0
Reloadable:Yes

When enabled (1), Traffic Server removes Client-IP headers for more privacy.

proxy.config.http.anonymize_insert_client_ip
Scope:CONFIG
Type:INT
Default:1
Reloadable:Yes

When enabled (1), Traffic Server inserts Client-IP headers to retain the client IP address.

proxy.config.http.anonymize_other_header_list
Scope:CONFIG
Type:STRING
Default:NULL
Reloadable:Yes

Comma separated list of headers Traffic Server should remove from outgoing requests.

proxy.config.http.insert_squid_x_forwarded_for
Scope:CONFIG
Type:INT
Default:1
Reloadable:Yes

When enabled (1), Traffic Server adds the client IP address to the X-Forwarded-For header.

proxy.config.http.normalize_ae_gzip
Scope:CONFIG
Type:INT
Default:1
Reloadable:Yes

Enable (1) to normalize all Accept-Encoding: headers to one of the following:

  • Accept-Encoding: gzip (if the header has gzip or x-gzip with any q) OR
  • blank (for any header that does not include gzip)

This is useful for minimizing cached alternates of documents (e.g. gzip, deflate vs. deflate, gzip). Enabling this option is recommended if your origin servers use no encodings other than gzip.

Security

proxy.config.http.push_method_enabled
Scope:CONFIG
Type:INT
Default:0
Reloadable:Yes

Enables (1) or disables (0) the HTTP PUSH option, which allows you to deliver content directly to the cache without a user request.

重要

If you enable this option, then you must also specify a filtering rule in the ip_allow.config file to allow only certain machines to push content into the cache.

Cache Control

proxy.config.cache.enable_read_while_writer
Scope:CONFIG
Type:INT
Default:1
Reloadable:Yes

Specifies when to enable the ability to read a cached object while another connection is completing the write to cache for that same object. The goal here is to avoid multiple origin connections for the same cacheable object upon a cache miss. The possible values of this config are:

  • 0 = never read while writing
  • 1 = always read while writing
  • 2 = always read while writing, but allow non-cached Range requests through to the origin

The 2 option is useful to avoid delaying requests which can not easily be satisfied by the partially written response.

Several other configuration values need to be set for this to be usable. See Reducing Origin Server Requests.

proxy.config.cache.force_sector_size
Scope:CONFIG
Type:INT
Default:0
Reloadable:Yes

Forces the use of a specific hardware sector size (512 - 8192 bytes).

proxy.config.http.cache.http
Scope:CONFIG
Type:INT
Default:1
Reloadable:Yes

Enables (1) or disables (0) caching of HTTP requests.

proxy.config.http.cache.allow_empty_doc
Scope:CONFIG
Type:INT
Default:1
Reloadable:Yes

Enables (1) or disables (0) caching objects that have an empty response body. This is particularly useful for caching 301 or 302 responses with a Location header but no document body. This only works if the origin response also has a Content-Length header.

proxy.config.http.cache.ignore_client_no_cache
Scope:CONFIG
Type:INT
Default:1
Reloadable:Yes

When enabled (1), Traffic Server ignores client requests to bypass the cache.

proxy.config.http.cache.ims_on_client_no_cache
Scope:CONFIG
Type:INT
Default:1
Reloadable:Yes

When enabled (1), Traffic Server issues a conditional request to the origin server if an incoming request has a No-Cache header.

proxy.config.http.cache.ignore_server_no_cache
Scope:CONFIG
Type:INT
Default:0
Reloadable:Yes

When enabled (1), Traffic Server ignores origin server requests to bypass the cache.

proxy.config.http.cache.cache_responses_to_cookies
Scope:CONFIG
Type:INT
Default:1
Reloadable:Yes

Specifies how cookies are cached:

  • 0 = do not cache any responses to cookies
  • 1 = cache for any content-type
  • 2 = cache only for image types
  • 3 = cache for all but text content-types
proxy.config.http.cache.ignore_authentication
Scope:CONFIG
Type:INT
Default:0

When enabled (1), Traffic Server ignores WWW-Authentication headers in responses WWW-Authentication headers are removed and not cached.

proxy.config.http.cache.cache_urls_that_look_dynamic
Scope:CONFIG
Type:INT
Default:1
Reloadable:Yes

Enables (1) or disables (0) caching of URLs that look dynamic, i.e.: URLs that end in ``.asp`` or contain a question mark (``?``), a semicolon (``;``), or ``cgi``. For a full list, please refer to HttpTransact::url_looks_dynamic

proxy.config.http.cache.enable_default_vary_headers
Scope:CONFIG
Type:INT
Default:0
Reloadable:Yes

Enables (1) or disables (0) caching of alternate versions of HTTP objects that do not contain the Vary header.

proxy.config.http.cache.when_to_revalidate
Scope:CONFIG
Type:INT
Default:0
Reloadable:Yes

Specifies when to revalidate content:

  • 0 = use cache directives or heuristic (the default value)

  • 1 = stale if heuristic

  • 2 = always stale (always revalidate)

  • 3 = never stale

  • 4 = use cache directives or heuristic (0) unless the request

    has an If-Modified-Since header

If the request contains the If-Modified-Since header, then Traffic Server always revalidates the cached content and uses the client’s If-Modified-Since header for the proxy request.

proxy.config.http.cache.required_headers
Scope:CONFIG
Type:INT
Default:2
Reloadable:Yes

The type of headers required in a request for the request to be cacheable.

  • 0 = no headers required to make document cacheable
  • 1 = either the Last-Modified header, or an explicit lifetime header, Expires or Cache-Control: max-age, is required
  • 2 = explicit lifetime is required, Expires or Cache-Control: max-age
proxy.config.http.cache.max_stale_age
Scope:CONFIG
Type:INT
Default:604800
Reloadable:Yes

The maximum age allowed for a stale response before it cannot be cached.

proxy.config.http.cache.range.lookup
Scope:CONFIG
Type:INT
Default:1

When enabled (1), Traffic Server looks up range requests in the cache.

proxy.config.http.cache.range.write
Scope:CONFIG
Type:INT
Default:0

When enabled (1), Traffic Server will attempt to write (lock) the URL to cache. This is rarely useful (at the moment), since it’ll only be able to write to cache if the origin has ignored the Range:` header. For a use case where you know the origin will respond with a full (``200) response, you can turn this on to allow it to be cached.

proxy.config.http.cache.ignore_accept_mismatch
Scope:CONFIG
Type:INT
Default:2
Reloadable:Yes

When enabled with a value of 1, Traffic Server serves documents from cache with a Content-Type: header even if it does not match the Accept: header of the request. If set to 2 (default), this logic only happens in the absence of a Vary header in the cached response (which is the recommended and safe use).

注釈

This option should only be enabled with 1 if you’re having problems with caching and you origin server doesn’t set the Vary header. Alternatively, if the origin is incorrectly setting Vary: Accept or doesn’t respond with 406 (Not Acceptable), you can also enable this configuration with a 1.

proxy.config.http.cache.ignore_accept_language_mismatch
Scope:CONFIG
Type:INT
Default:2
Reloadable:Yes

When enabled with a value of 1, Traffic Server serves documents from cache with a Content-Language: header even if it does not match the Accept-Language: header of the request. If set to 2 (default), this logic only happens in the absence of a Vary header in the cached response (which is the recommended and safe use).

注釈

This option should only be enabled with 1 if you’re having problems with caching and you origin server doesn’t set the Vary header. Alternatively, if the origin is incorrectly setting Vary: Accept-Language or doesn’t respond with 406 (Not Acceptable), you can also enable this configuration with a 1.

proxy.config.http.cache.ignore_accept_encoding_mismatch
Scope:CONFIG
Type:INT
Default:2
Reloadable:Yes

When enabled with a value of 1, Traffic Server serves documents from cache with a Content-Encoding: header even if it does not match the Accept-Encoding: header of the request. If set to 2 (default), this logic only happens in the absence of a Vary header in the cached response (which is the recommended and safe use).

注釈

This option should only be enabled with 1 if you’re having problems with caching and you origin server doesn’t set the Vary header. Alternatively, if the origin is incorrectly setting Vary: Accept-Encoding or doesn’t respond with 406 (Not Acceptable) you can also enable this configuration with a 1.

proxy.config.http.cache.ignore_accept_charset_mismatch
Scope:CONFIG
Type:INT
Default:2
Reloadable:Yes

When enabled with a value of 1, Traffic Server serves documents from cache with a Content-Type: header even if it does not match the Accept-Charset: header of the request. If set to 2 (default), this logic only happens in the absence of a Vary header in the cached response (which is the recommended and safe use).

注釈

This option should only be enabled with 1 if you’re having problems with caching and you origin server doesn’t set the Vary header. Alternatively, if the origin is incorrectly setting Vary: Accept-Charset or doesn’t respond with 406 (Not Acceptable), you can also enable this configuration with a 1.

proxy.config.http.cache.ignore_client_cc_max_age
Scope:CONFIG
Type:INT
Default:1
Reloadable:Yes

When enabled (1), Traffic Server ignores any Cache-Control: max-age headers from the client. This technically violates the HTTP RFC, but avoids a problem where a client can forcefully invalidate a cached object.

proxy.config.cache.max_doc_size
Scope:CONFIG
Type:INT
Default:0

Specifies the maximum object size that will be cached. 0 is unlimited.

proxy.config.cache.permit.pinning
Scope:CONFIG
Type:INT
Default:1
Reloadable:Yes

When enabled (1), Traffic Server will keep certain HTTP objects in the cache for a certain time as specified in cache.config.

proxy.config.cache.hit_evacuate_percent
Scope:CONFIG
Type:INT
Default:0

The size of the region (as a percentage of the total content storage in a cache stripe) in front of the write cursor that constitutes a recent access hit for evacutating the accessed object.

When an object is accessed it can be marked for evacuation, that is to be copied over the write cursor and thereby preserved from being overwritten. This is done if it is no more than a specific number of bytes in front of the write cursor. The number of bytes is a percentage of the total number of bytes of content storage in the cache stripe where the object is stored and that percentage is set by this variable.

By default, the feature is off (set to 0).

proxy.config.cache.hit_evacuate_size_limit
Scope:CONFIG
Type:INT
Default:0
Metric:bytes

Limit the size of objects that are hit evacuated.

Objects larger than the limit are not hit evacuated. A value of 0 disables the limit.

proxy.config.cache.limits.http.max_alts
Scope:CONFIG
Type:INT
Default:5

The maximum number of alternates that are allowed for any given URL. Disable by setting to 0.

proxy.config.cache.target_fragment_size
Scope:CONFIG
Type:INT
Default:1048576

Sets the target size of a contiguous fragment of a file in the disk cache. When setting this, consider that larger numbers could waste memory on slow connections, but smaller numbers could increase (waste) seeks.

RAM Cache

proxy.config.cache.ram_cache.size
Scope:CONFIG
Type:INT
Default:-1

By default the RAM cache size is automatically determined, based on disk cache size; approximately 10 MB of RAM cache per GB of disk cache. Alternatively, it can be set to a fixed value such as 20GB (21474836480)

proxy.config.cache.ram_cache_cutoff
Scope:CONFIG
Type:INT
Default:4194304

Objects greater than this size will not be kept in the RAM cache. This should be set high enough to keep objects accessed frequently in memory in order to improve performance. 4MB (4194304)

proxy.config.cache.ram_cache.algorithm
Scope:CONFIG
Type:INT
Default:0

Two distinct RAM caches are supported, the default (0) being the CLFUS (Clocked Least Frequently Used by Size). As an alternative, a simpler LRU (Least Recently Used) cache is also available, by changing this configuration to 1.

proxy.config.cache.ram_cache.use_seen_filter
Scope:CONFIG
Type:INT
Default:0

Enabling this option will filter inserts into the RAM cache to ensure that they have been seen at least once. For the LRU, this provides scan resistance. Note that CLFUS already requires that a document have history before it is inserted, so for CLFUS, setting this option means that a document must be seen three times before it is added to the RAM cache.

proxy.config.cache.ram_cache.compress
Scope:CONFIG
Type:INT
Default:0

The CLFUS RAM cache also supports an optional in-memory compression. This is not to be confused with Content-Encoding: gzip compression. The RAM cache compression is intended to try to save space in the RAM, and is not visible to the User-Agent (client).

Possible values are:

  • 0 = no compression
  • 1 = fastlz (extremely fast, relatively low compression)
  • 2 = libz (moderate speed, reasonable compression)
  • 3 = liblzma (very slow, high compression)

注釈

Compression runs on task threads. To use more cores for RAM cache compression, increase proxy.config.task_threads.

Heuristic Expiration

proxy.config.http.cache.heuristic_min_lifetime
Scope:CONFIG
Type:INT
Default:3600
Reloadable:Yes

The minimum amount of time an HTTP object without an expiration date can remain fresh in the cache before is considered to be stale.

proxy.config.http.cache.heuristic_max_lifetime
Scope:CONFIG
Type:INT
Default:86400
Reloadable:Yes

The maximum amount of time an HTTP object without an expiration date can remain fresh in the cache before is considered to be stale.

proxy.config.http.cache.heuristic_lm_factor
Scope:CONFIG
Type:FLOAT
Default:0.10
Reloadable:Yes

The aging factor for freshness computations. Traffic Server stores an object for this percentage of the time that elapsed since it last changed.

proxy.config.http.cache.fuzz.time
Scope:CONFIG
Type:INT
Default:240
Reloadable:Yes

How often Traffic Server checks for an early refresh, during the period before the document stale time. The interval specified must be in seconds. See Fuzzy Revalidation

proxy.config.http.cache.fuzz.probability
Scope:CONFIG
Type:FLOAT
Default:0.005
Reloadable:Yes

The probability that a refresh is made on a document during the specified fuzz time.

proxy.config.http.cache.fuzz.min_time
Scope:CONFIG
Type:INT
Default:0
Reloadable:Yes

Handles requests with a TTL less than fuzz.time – it allows for different times to evaluate the probability of revalidation for small TTLs and big TTLs. Objects with small TTLs will start “rolling the revalidation dice” near the fuzz.min_time, while objects with large TTLs would start at fuzz.time. A logarithmic like function between determines the revalidation evaluation start time (which will be between fuzz.min_time and fuzz.time). As the object gets closer to expiring, the window start becomes more likely. By default this setting is not enabled, but should be enabled anytime you have objects with small TTLs. The default value is 0.

Dynamic Content & Content Negotiation

proxy.config.http.cache.vary_default_text
Scope:CONFIG
Type:STRING
Default:NULL
Reloadable:Yes

The header on which Traffic Server varies for text documents.

For example: if you specify User-agent, then Traffic Server caches all the different user-agent versions of documents it encounters.

proxy.config.http.cache.vary_default_images
Scope:CONFIG
Type:STRING
Default:NULL
Reloadable:Yes

The header on which Traffic Server varies for images.

proxy.config.http.cache.vary_default_other
Scope:CONFIG
Type:STRING
Default:NULL
Reloadable:Yes

The header on which Traffic Server varies for anything other than text and images.

カスタマイズ可能なユーザーレスポンスページ

proxy.config.body_factory.enable_customizations
Scope:CONFIG
Type:INT
Default:1

カスタマイズ可能なレスポンスページが言語別どうかを指定します。

  • 1 = カスタマイズ可能なユーザーレスポンスページをデフォルトディレクトリで有効化します。

  • 2 = 言語別ユーザーレスポンスページを有効化します。

proxy.config.body_factory.enable_logging
Scope:CONFIG
Type:INT
Default:0

カスタマイズ可能なレスポンスページのロギングを有効化 (1) もしくは無効化 (0) します。有効化すると、Traffic Server はカスタマイズ可能なレスポンスページの使用もしくは変更のたびにメッセージをエラーログに記録します。

proxy.config.body_factory.template_sets_dir
Scope:CONFIG
Type:STRING
Default:etc/trafficserver/body_factory

カスタマイズ可能なレスポンスページのデフォルトディレクトリ。相対パスの場合、Traffic Server は PREFIX ディレクトリからの相対で解決します。

proxy.config.body_factory.response_suppression_mode
Scope:CONFIG
Type:INT
Default:0

Traffic Server が生成されたレスポンスページを使用するのを抑制させるときに指定します。

  • 0 = 生成されたレスポンスページの使用を抑制しません

  • 1 = 生成されたレスポンスページの使用を常に抑制します

  • 2 = 遮断された通信のレスポンスページのみを抑制します

proxy.config.http_ui_enabled
Scope:CONFIG
Type:INT
Default:0

Specifies which http UI endpoints to allow within remap.config:

  • 0 = disable all http UI endpoints
  • 1 = enable only cache endpoints
  • 2 = enable only stats endpoints
  • 3 = enable all http UI endpoints

To enable any enpoint there needs to be an entry in remap.config which specifically enables it. Such a line would look like:

map / http://{stat}

The following are the cache endpoints:

  • cache = UI to interact with the cache

The following are the stats endpoints:

  • cache-internal = statistics about cache evacuation and volumes
  • hostdb = lookups against the hostdb
  • http = HTTPSM details, this endpoint is also gated by proxy.config.http.enable_http_info
  • net = lookup and listing of open connections
  • stat = list of all records.config options and metrics
  • test = test callback page
proxy.config.http.enable_http_info
Scope:CONFIG
Type:INT
Default:0

Enables (1) or disables (0) access to an endpoint within proxy.config.http_ui_enabled which shows details about inflight transactions (HttpSM).

DNS

proxy.config.dns.search_default_domains
Scope:CONFIG
Type:INT
Default:0
Reloadable:Yes

Enables (1) or disables (0) local domain expansion.

Traffic Server can attempt to resolve unqualified hostnames by expanding to the local domain. For example if a client makes a request to an unqualified host (host_x) and the Traffic Server local domain is y.com , then Traffic Server will expand the hostname to host_x.y.com.

proxy.config.dns.splitDNS.enabled
Scope:CONFIG
Type:INT
Default:0
Reloadable:Yes

Enables (1) or disables (0) DNS server selection. When enabled, Traffic Server refers to the splitdns.config file for the selection specification. Refer to Configuring DNS Server Selection (Split DNS).

proxy.config.dns.url_expansions
Scope:CONFIG
Type:STRING
Default:NULL

Specifies a list of hostname extensions that are automatically added to the hostname after a failed lookup. For example: if you want Traffic Server to add the hostname extension .org, then specify org as the value for this variable (Traffic Server automatically adds the dot (.)).

注釈

If the variable proxy.config.http.enable_url_expandomatic is set to 1 (the default value), then you do not have to add ``www.`` and ``.com`` to this list because Traffic Server automatically tries www. and .com after trying the values you’ve specified.

proxy.config.dns.resolv_conf
Scope:CONFIG
Type:STRING
Default:/etc/resolv.conf

Allows to specify which resolv.conf file to use for finding resolvers. While the format of this file must be the same as the standard resolv.conf file, this option allows an administrator to manage the set of resolvers in an external configuration file, without affecting how the rest of the operating system uses DNS.

proxy.config.dns.round_robin_nameservers
Scope:CONFIG
Type:INT
Default:1
Reloadable:Yes

Enables (1) or disables (0) DNS server round-robin.

proxy.config.dns.nameservers
Scope:CONFIG
Type:STRING
Default:NULL
Reloadable:Yes

The DNS servers.

proxy.config.srv_enabled
Scope:CONFIG
Type:INT
Default:0
Reloadable:Yes

Indicates whether to use SRV records for orgin server lookup.

proxy.config.dns.dedicated_thread
Scope:CONFIG
Type:INT
Default:0

Create and dedicate a thread entirely for DNS processing. This is probably most useful on system which do a significant number of DNS lookups, typically forward proxies. But even on other systems, it can avoid some contention on the first worker thread (which otherwise takes on the burden of all DNS lookups).

proxy.config.dns.validate_query_name
Scope:CONFIG
Type:INT
Default:0

When enabled (1) provides additional resilience against DNS forgery (for instance in DNS Injection attacks), particularly in forward or transparent proxies, but requires that the resolver populates the queries section of the response properly.

HostDB

proxy.config.hostdb.lookup_timeout
Scope:CONFIG
Type:INT
Default:120
Metric:seconds
Reloadable:Yes

Time to wait for a DNS response in seconds.

proxy.config.hostdb.serve_stale_for
Scope:CONFIG
Type:INT
Default:*NONE*
Metric:seconds
Reloadable:Yes

The number of seconds for which to use a stale NS record while initiating a background fetch for the new data.

If not set then stale records are not served.

proxy.config.hostdb.storage_size
Scope:CONFIG
Type:INT
Default:33554432
Metric:bytes

The amount of space (in bytes) used to store hostdb. The value of this variable must be increased if you increase the size of the proxy.config.hostdb.size variable.

proxy.config.hostdb.size
Scope:CONFIG
Type:INT
Default:120000

The maximum number of entries that can be stored in the database.

注釈

For values above 200000, you must increase proxy.config.hostdb.storage_size by at least 44 bytes per entry.

proxy.config.hostdb.ttl_mode
Scope:CONFIG
Type:INT
Default:0
Reloadable:Yes

A host entry will eventually time out and be discarded. This variable controls how that time is calculated. A DNS request will return a TTL value and an internal value can be set with proxy.config.hostdb.timeout. This variable determines which value will be used.

TTL
0 The TTL from the DNS response.
1 The internal timeout value.
2 The smaller of the DNS and internal TTL values. The internal timeout value becomes a maximum TTL.
3 The larger of the DNS and internal TTL values. The internal timeout value become a minimum TTL.
proxy.config.hostdb.timeout
Scope:CONFIG
Type:INT
Default:1440
Metric:minutes
Reloadable:Yes

Internal time to live value for host DB entries, in minutes.

See proxy.config.hostdb.ttl_mode for when this value is used.

proxy.config.hostdb.strict_round_robin
Scope:CONFIG
Type:INT
Default:0
Reloadable:Yes

Set host resolution to use strict round robin.

When this and proxy.config.hostdb.timed_round_robin are both disabled (set to 0), Traffic Server always uses the same origin server for the same client, for as long as the origin server is available. Otherwise if this is set then IP address is rotated on every request. This setting takes precedence over proxy.config.hostdb.timed_round_robin.

proxy.config.hostdb.timed_round_robin
Scope:CONFIG
Type:INT
Default:0
Reloadable:Yes

Set host resolution to use timed round robin.

When this and proxy.config.hostdb.strict_round_robin are both disabled (set to 0), Traffic Server always uses the same origin server for the same client, for as long as the origin server is available. Otherwise if this is set to N the IP address is rotated if more than N seconds have past since the first time the current address was used.

proxy.config.hostdb.host_file.path
Scope:CONFIG
Type:STRING
Default:/etc/hosts

Set the file path for an external host file.

If this is set (non-empty) then the file is presumed to be a hosts file in the standard host file format. It is read and the entries there added to the HostDB. The file is periodically checked for a more recent modification date in which case it is reloaded. The interval is set by the value proxy.config.hostdb.host_file.interval.

While not technically reloadable, the value is read every time the file is to be checked so that if changed the new value will be used on the next check and the file will be treated as modified.

proxy.config.hostdb.host_file.interval
Scope:CONFIG
Type:INT
Default:86400
Metric:seconds
Reloadable:Yes

Set the file changed check timer for proxy.config.hostdb.host_file.path.

The file is checked every this many seconds to see if it has changed. If so the HostDB is updated with the new values in the file.

proxy.config.hostdb.ip_resolve
Scope:CONFIG
Type:STRING
Default:NULL

Set the host resolution style.

This is an ordered list of keywords separated by semicolons that specify how a host name is to be resolved to an IP address. The keywords are case insensitive.

Keyword Meaning
ipv4 Resolve to an IPv4 address.
ipv6 Resolve to an IPv6 address.
client Resolve to the same family as the client IP address.
none Stop resolving.

The order of the keywords is critical. When a host name needs to be resolved it is resolved in same order as the keywords. If a resolution fails, the next option in the list is tried. The keyword none means to give up resolution entirely. The keyword list has a maximum length of three keywords, more are never needed. By default there is an implicit ipv4;ipv6 attached to the end of the string unless the keyword none appears.

Example

Use the incoming client family, then try IPv4 and IPv6.

client;ipv4;ipv6

Because of the implicit resolution this can also be expressed as just

client

Example

Resolve only to IPv4.

ipv4;none

Example

Resolve only to the same family as the client (do not permit cross family transactions).

client;none

This value is a global default that can be overridden by proxy.config.http.server_ports.

注釈

This style is used as a convenience for the administrator. During a resolution the resolution order will be one family, then possibly the other. This is determined by changing client to ipv4 or ipv6 based on the client IP address and then removing duplicates.

重要

This option has no effect on outbound transparent connections The local IP address used in the connection to the origin server is determined by the client, which forces the IP address family of the address used for the origin server. In effect, outbound transparent connections always use a resolution style of “client”.

Logging Configuration

proxy.config.log.logging_enabled
Scope:CONFIG
Type:INT
Default:3
Reloadable:Yes

Enables and disables event logging:

  • 0 = logging disabled
  • 1 = log errors only
  • 2 = log transactions only
  • 3 = full logging (errors + transactions)

Refer to Working with Log Files.

proxy.config.log.max_secs_per_buffer
Scope:CONFIG
Type:INT
Default:5
Reloadable:Yes

The maximum amount of time before data in the buffer is flushed to disk.

proxy.config.log.max_space_mb_for_logs
Scope:CONFIG
Type:INT
Default:25000
Metric:megabytes
Reloadable:Yes

The amount of space allocated to the logging directory (in MB).

注釈

All files in the logging directory contribute to the space used, even if they are not log files. In collation client mode, if there is no local disk logging, or proxy.config.log.max_space_mb_for_orphan_logs is set to a higher value than proxy.config.log.max_space_mb_for_logs, TS will take proxy.config.log.max_space_mb_for_orphan_logs for maximum allowed log space.

proxy.config.log.max_space_mb_for_orphan_logs
Scope:CONFIG
Type:INT
Default:25
Metric:megabytes
Reloadable:Yes

The amount of space allocated to the logging directory (in MB) if this node is acting as a collation client.

注釈

When max_space_mb_for_orphan_logs is take as the maximum allowed log space in the logging system, the same rule apply to proxy.config.log.max_space_mb_for_logs also apply to proxy.config.log.max_space_mb_for_orphan_logs, ie: All files in the logging directory contribute to the space used, even if they are not log files. you may need to consider this when you enable full remote logging, and bump to the same size as proxy.config.log.max_space_mb_for_logs.

proxy.config.log.max_space_mb_headroom
Scope:CONFIG
Type:INT
Default:1000
Metric:megabytes
Reloadable:Yes

The tolerance for the log space limit (in megabytes). If the variable proxy.config.log.auto_delete_rolled_files is set to 1 (enabled), then autodeletion of log files is triggered when the amount of free space available in the logging directory is less than the value specified here.

proxy.config.log.hostname
Scope:CONFIG
Type:STRING
Default:localhost
Reloadable:Yes

The hostname of the machine running Traffic Server.

proxy.config.log.logfile_dir
Scope:CONFIG
Type:STRING
Default:var/log/trafficserver
Reloadable:Yes

The path to the logging directory. This can be an absolute path or a path relative to the PREFIX directory in which Traffic Server is installed.

注釈

The directory you specify must already exist.

proxy.config.log.logfile_perm
Scope:CONFIG
Type:STRING
Default:rw-r–r–
Reloadable:Yes

The log file permissions. The standard UNIX file permissions are used (owner, group, other). Permissible values are:

- no permission r read permission w write permission x execute permission

Permissions are subject to the umask settings for the Traffic Server process. This means that a umask setting of002 will not allow write permission for others, even if specified in the configuration file. Permissions for existing log files are not changed when the configuration is changed.

proxy.config.log.custom_logs_enabled
Scope:CONFIG
Type:INT
Default:1
Reloadable:Yes

Enables (1) or disables (0) custom logging.

proxy.config.log.squid_log_enabled
Scope:CONFIG
Type:INT
Default:1
Reloadable:Yes

Enables (1) or disables (0) the squid log file format.

proxy.config.log.squid_log_is_ascii
Scope:CONFIG
Type:INT
Default:0
Reloadable:Yes

The squid log file type:

  • 1 = ASCII
  • 0 = binary
proxy.config.log.squid_log_name
Scope:CONFIG
Type:STRING
Default:squid
Reloadable:Yes

The squid log filename.

proxy.config.log.squid_log_header
Scope:CONFIG
Type:STRING
Default:NULL

The squid log file header text.

proxy.config.log.common_log_enabled
Scope:CONFIG
Type:INT
Default:0
Reloadable:Yes

Enables (1) or disables (0) the Netscape common log file format.

proxy.config.log.common_log_is_ascii
Scope:CONFIG
Type:INT
Default:1
Reloadable:Yes

The Netscape common log file type:

  • 1 = ASCII
  • 0 = binary
proxy.config.log.common_log_name
Scope:CONFIG
Type:STRING
Default:common
Reloadable:Yes

The Netscape common log filename.

proxy.config.log.common_log_header
Scope:CONFIG
Type:STRING
Default:NULL
Reloadable:Yes

The Netscape common log file header text.

proxy.config.log.extended_log_enabled
Scope:CONFIG
Type:INT
Default:0
Reloadable:Yes

Enables (1) or disables (0) the Netscape extended log file format.

proxy.config.log.extended_log_is_ascii
Scope:CONFIG
Type:INT
Default:0

The Netscape extended log file type:

  • 1 = ASCII
  • 0 = binary
proxy.config.log.extended_log_name
Scope:CONFIG
Type:STRING
Default:extended

The Netscape extended log filename.

proxy.config.log.extended_log_header
Scope:CONFIG
Type:STRING
Default:NULL
Reloadable:Yes

The Netscape extended log file header text.

proxy.config.log.extended2_log_enabled
Scope:CONFIG
Type:INT
Default:0
Reloadable:Yes

Enables (1) or disables (0) the Netscape Extended-2 log file format.

proxy.config.log.extended2_log_is_ascii
Scope:CONFIG
Type:INT
Default:1
Reloadable:Yes

The Netscape Extended-2 log file type:

  • 1 = ASCII
  • 0 = binary
proxy.config.log.extended2_log_name
Scope:CONFIG
Type:STRING
Default:extended2
Reloadable:Yes

The Netscape Extended-2 log filename.

proxy.config.log.extended2_log_header
Scope:CONFIG
Type:STRING
Default:NULL
Reloadable:Yes

The Netscape Extended-2 log file header text.

proxy.config.log.separate_icp_logs
Scope:CONFIG
Type:INT
Default:0
Reloadable:Yes

When enabled (1), configures Traffic Server to store ICP transactions in a separate log file.

  • 0 = separation is disabled, all ICP transactions are recorded in the same file as HTTP transactions
  • 1 = all ICP transactions are recorded in a separate log file.
  • -1 = filter all ICP transactions from the default log files; ICP transactions are not logged anywhere.
proxy.config.log.separate_host_logs
Scope:CONFIG
Type:INT
Default:0
Reloadable:Yes

When enabled (1), configures Traffic Server to create a separate log file for HTTP transactions for each origin server listed in the log_hosts.config file. Refer to HTTP Host Log Splitting.

proxy.local.log.collation_mode
Scope:LOCAL
Type:INT
Default:0
Reloadable:Yes

Set the log collation mode.

効果

0 collation is disabled
1 this host is a log collation server
2 this host is a collation client and sends entries using standard formats to the collation server
3 this host is a collation client and sends entries using the traditional custom formats to the collation server
4 this host is a collation client and sends entries that use both the standard and traditional custom formats to the collation server

For information on sending XML-based custom formats to the collation server, refer to logs_xml.config.

注釈

Although Traffic Server supports traditional custom logging, you should use the more versatile XML-based custom formats.

proxy.config.log.collation_host
Scope:CONFIG
Type:STRING
Default:NULL

The hostname of the log collation server.

proxy.config.log.collation_port
Scope:CONFIG
Type:INT
Default:8085
Reloadable:Yes

The port used for communication between the collation server and client.

proxy.config.log.collation_secret
Scope:CONFIG
Type:STRING
Default:foobar
Reloadable:Yes

The password used to validate logging data and prevent the exchange of unauthorized information when a collation server is being used.

proxy.config.log.collation_host_tagged
Scope:CONFIG
Type:INT
Default:0
Reloadable:Yes

When enabled (1), configures Traffic Server to include the hostname of the collation client that generated the log entry in each entry.

proxy.config.log.collation_retry_sec
Scope:CONFIG
Type:INT
Default:5
Reloadable:Yes

The number of seconds between collation server connection retries.

proxy.config.log.rolling_enabled
Scope:CONFIG
Type:INT
Default:1
Reloadable:Yes

Specifies how log files are rolled. You can specify the following values:

  • 0 = disables log file rolling

  • 1 = enables log file rolling at specific intervals during the day (specified with the

    proxy.config.log.rolling_interval_sec and proxy.config.log.rolling_offset_hr variables)

  • 2 = enables log file rolling when log files reach a specific size (specified with the proxy.config.log.rolling_size_mb variable)

  • 3 = enables log file rolling at specific intervals during the day or when log files reach a specific size (whichever occurs first)

  • 4 = enables log file rolling at specific intervals during the day when log files reach a specific size (i.e., at a specified

    time if the file is of the specified size)

proxy.config.log.rolling_interval_sec
Scope:CONFIG
Type:INT
Default:86400
Reloadable:Yes

The log file rolling interval, in seconds. The minimum value is 60 (1 minute). The maximum, and default, value is 86400 seconds (one day).

注釈

If you start Traffic Server within a few minutes of the next rolling time, then rolling might not occur until the next rolling time.

proxy.config.log.rolling_offset_hr
Scope:CONFIG
Type:INT
Default:0
Reloadable:Yes

The file rolling offset hour. The hour of the day that starts the log rolling period.

proxy.config.log.rolling_size_mb
Scope:CONFIG
Type:INT
Default:10
Reloadable:Yes

The size that log files must reach before rolling takes place.

proxy.config.log.auto_delete_rolled_files
Scope:CONFIG
Type:INT
Default:1
Reloadable:Yes

Enables (1) or disables (0) automatic deletion of rolled files.

proxy.config.log.sampling_frequency
Scope:CONFIG
Type:INT
Default:1
Reloadable:Yes

Configures Traffic Server to log only a sample of transactions rather than every transaction. You can specify the following values:

  • 1 = log every transaction
  • 2 = log every second transaction
  • 3 = log every third transaction and so on...
proxy.config.http.slow.log.threshold
Scope:CONFIG
Type:INT
Default:0
Metric:milliseconds
Reloadable:Yes

If set to a non-zero value N then any connection that takes longer than N milliseconds from accept to completion will cause its timing stats to be written to the debugging log file. This is identifying data about the transaction and all of the transaction milestones.

Diagnostic Logging Configuration

proxy.config.diags.output.diag
Scope:CONFIG
Type:STRING
Default:E
proxy.config.diags.output.debug
Scope:CONFIG
Type:STRING
Default:E
proxy.config.diags.output.status
Scope:CONFIG
Type:STRING
Default:L
proxy.config.diags.output.note
Scope:CONFIG
Type:STRING
Default:L
proxy.config.diags.output.warning
Scope:CONFIG
Type:STRING
Default:L
proxy.config.diags.output.error
Scope:CONFIG
Type:STRING
Default:SL
proxy.config.diags.output.fatal
Scope:CONFIG
Type:STRING
Default:SL
proxy.config.diags.output.alert
Scope:CONFIG
Type:STRING
Default:L
proxy.config.diags.output.emergency
Scope:CONFIG
Type:STRING
Default:SL

The diagnosic output configuration variables control where Traffic Server should log diagnostic output. Messages at each diagnostic level can be directed to any combination of diagnostic destinations. Valid diagnostic message destinations are:

  • ‘O’ = Log to standard output
  • ‘E’ = Log to standard error
  • ‘S’ = Log to syslog
  • ‘L’ = Log to diags.log

Example

To log debug diagnostics to both syslog and diags.log:

CONFIG proxy.config.diags.output.debug STRING SL
proxy.config.diags.show_location
Scope:CONFIG
Type:INT
Default:1

Annotates diagnostic messages with the source code location.

proxy.config.diags.debug.enabled
Scope:CONFIG
Type:INT
Default:0

Enables logging for diagnostic messages whose log level is diag or debug.

proxy.config.diags.debug.tags
Scope:CONFIG
Type:STRING
Default:http.*|dns.*

Each Traffic Server diag and debug level message is annotated with a subsytem tag. This configuration contains a regular expression that filters the messages based on the tag. Some commonly used debug tags are:

Tag Subsytem usage
dns DNS query resolution
http_hdrs Logs the headers for HTTP requests and responses
privileges Privilege elevation
ssl TLS termination and certificate processing
Traffic Server plugins will typically log debug messages using the TSDebug() API, passing the plugin name as the debug tag.

リバースプロキシー

proxy.config.reverse_proxy.enabled
Scope:CONFIG
Type:INT
Default:1
Reloadable:Yes

HTTP リバースプロキシーを有効化 (1) もしくは無効化 (0) します。

proxy.config.header.parse.no_host_url_redirect
Scope:CONFIG
Type:STRING
Default:NULL
Reloadable:Yes

(リバースプロキシーで) host ヘッダーが無いリクエストのリダイレクト先となる URL です。

URL リマップルール

proxy.config.url_remap.filename
Scope:CONFIG
Type:STRING
Default:remap.config

remap.config ファイルの名前を設定します。

proxy.config.url_remap.default_to_server_pac
Scope:CONFIG
Type:INT
Default:0
Reloadable:Yes

プロキシーサービスポート ( デフォルトでは 8080) での PAC ファイルへのリクエストの PAC ポートへのリダイレクトを有効化 (1) もしくは無効化 (0) します。このタイプのリダイレクトを動作させるためには、変数 proxy.config.reverse_proxy.enabled1 に設定しなければなりません。

proxy.config.url_remap.default_to_server_pac_port
Scope:CONFIG
Type:INT
Default:-1
Reloadable:Yes

PAC ポートを Traffic Server プロキシーサービスポートへの PAC リクエストがこのポートにリダイレクトされるように PAC ポートを設定します。PAC ポートを自動設定ポート ( 自動設定ポートのデフォルト値は 8083 です ) にする -1 がデフォルト値です。この変数は PAC ファイルを違うポートから取得するために proxy.config.url_remap.default_to_server_pac 変数と一緒に使用することができます。PAC ファイルをこのポートで提供するプロセスを作成し実行しなければなりません。例えば、ポート 9000 で listen する Perl スクリプトを作成してあらゆるリクエストへのレスポンスに PAC ファイルを書き込む場合、この変数を 9000 に設定することができます。ポート 8080 のプロキシーサーバーに PAC ファイルをリクエストするブラウザーはその Perl スクリプトから提供される PAC ファイルを受け取るでしょう。

proxy.config.url_remap.remap_required
Scope:CONFIG
Type:INT
Default:1
Reloadable:Yes

Traffic Server が remap.config ファイルのマッピングルールに存在するオリジンサーバーからのみリクエストに応えるようにしたい場合にこの変数を 1 に設定してください。リクエストがマッチしなかった場合、ブラウザーはエラーを受け取ります。

proxy.config.url_remap.pristine_host_hdr
Scope:CONFIG
Type:INT
Default:0
Reloadable:Yes

クライアントが送信したリクエスト内の host ヘッダーをリマッピングの中で保持したい場合にこの変数を 1 に設定してください。

SSL ターミネーション

proxy.config.ssl.SSLv2
Scope:CONFIG
Type:INT
Default:0

SSLv2 を有効化 (1) もしくは無効化 (0) します。これを有効化しないでください。

proxy.config.ssl.SSLv3
Scope:CONFIG
Type:INT
Default:0

SSLv3 を有効化 (1) もしくは無効化 (0) します。

proxy.config.ssl.TLSv1
Scope:CONFIG
Type:INT
Default:1

TLSv1 を有効化 (1) もしくは無効化 (0) します。

proxy.config.ssl.TLSv1_1
Scope:CONFIG
Type:INT
Default:1

TLS v1.1 を有効化 (1) もしくは無効化 (0) します。指定しない場合、デフォルトで有効です。[OpenSSL v1.0.1 以上が必要 ]

proxy.config.ssl.TLSv1_2
Scope:CONFIG
Type:INT
Default:1

TLS v1.2 を有効化 (1) もしくは無効化 (0) します。指定しない場合、デフォルトで無効です。[OpenSSL v1.0.1 以上が必要 ]

proxy.config.ssl.client.certification_level
Scope:CONFIG
Type:INT
Default:0

クライアント証明レベルを設定します。

  • 0 = クライアント証明書を必要としません。

    Traffic Server は SSL ハンドシェイクの中でクライアント証明書の検証を行いません。Traffic Server へのアクセスは Traffic Server の ( アクセスコントロールリストなどの ) 設定オプションに依存します。

  • 1 = クライアント証明書は任意です。

    クライアントが証明書を持っている場合は証明書が検証されます。クライアントが証明書を持っていない場合でも、Traffic Server のその他の設定オプションでアクセスが拒否されない限りクライアントは Traffic Server へのアクセスを許可されます。

  • 2 = クライアント証明書が必要です。

    クライアントは SSL ハンドシェイクの中で認証されなければなりません。証明書を持たないクライアントは Traffic Server へのアクセスが許可されません。

proxy.config.ssl.number.threads
Scope:CONFIG
Type:INT
Default:0

Sets the number of SSL threads to use, this defaults to 0 (autoconfigure).

  • 0 = autoconfigure, this will allow Traffic Server to determine the appropriate number of threads
  • -1 = disable, this makes ET_NET threads behave like ET_SSL threads Note: this does not disable SSL, it simply allows another thread pool to assist in SSL tasks without dedicated SSL threads.
  • >0 = Use a non-zero number of SSL threads
proxy.config.ssl.server.multicert.filename
Scope:CONFIG
Type:STRING
Default:ssl_multicert.config

ssl_multicert.config ファイルの Traffic Server 設定ディレクトリからの相対での位置です。次の例では、Traffic Server 設定ディレクトリが /etc/trafficserver で、Traffic Server SSL 設定ファイルと対応する証明書が /etc/trafficserver/ssl にあります。:

CONFIG proxy.config.ssl.server.multicert.filename STRING ssl/ssl_multicert.config
CONFIG proxy.config.ssl.server.cert.path STRING etc/trafficserver/ssl
CONFIG proxy.config.ssl.server.private_key.path STRING etc/trafficserver/ssl
proxy.config.ssl.server.cert.path
Scope:CONFIG
Type:STRING
Default:/config

SSL 証明書と新しい SSL セッションの受け入れと検証に使用されるチェーンの場所です。相対パスの場合は Traffic Server のインストール PREFIX とつなげられます。ssl_multicert.config に書かれているすべての証明書と証明書チェーンはこのパスからの相対パスで読み込まれます。

proxy.config.ssl.server.private_key.path
Scope:CONFIG
Type:STRING
Default:NULL

SSL 証明書秘密鍵の場所です。この変数は秘密鍵が SSL 証明書ファイル内に無い場合のみ変更してください。ssl_multicert.config に書かれているすべての秘密鍵はこのパスからの相対パスで読み込まれます。

proxy.config.ssl.server.cert_chain.filename
Scope:CONFIG
Type:STRING
Default:NULL

全サーバー証明書で使用されるべきグローバル証明書チェーンを含んでいるファイルの名前です。このファイルは ssl_multicert.config に定義されている証明書がある場合にのみ使用されます。絶対パスが指定されない限り、proxy.config.ssl.server.cert.path で指定されたパスからの相対パスで読み込まれます。

proxy.config.ssl.server.dhparams_file
Scope:CONFIG
Type:STRING
Default:NULL

The name of a file containing a set of Diffie-Hellman key exchange parameters. If not specified, 2048-bit DH parameters from RFC 5114 are used. These parameters are only used if a DHE (or EDH) cipher suite has been selected.

proxy.config.ssl.CA.cert.path
Scope:CONFIG
Type:STRING
Default:NULL

クライアント証明書が検証される証明書認証局ファイルの場所です。

proxy.config.ssl.CA.cert.filename
Scope:CONFIG
Type:STRING
Default:NULL

クライアント証明書が検証される証明書認証局のファイル名です。

proxy.config.ssl.server.ticket_key.filename
Scope:CONFIG
Type:STRING
Default:ssl_ticket.key

The location of the ssl_ticket.key file, relative to the proxy.config.ssl.server.cert.path directory.

proxy.config.ssl.max_record_size
Scope:CONFIG
Type:INT
Default:0

This configuration specifies the maximum number of bytes to write into a SSL record when replying over a SSL session. In some circumstances this setting can improve response latency by reducing buffering at the SSL layer. This setting can have a value between 0 and 16383 (max TLS record size).

The default of 0 means to always write all available data into a single SSL record.

A value of -1 means TLS record size is dynamically determined. The strategy employed is to use small TLS records that fit into a single TCP segment for the first ~1 MB of data, but, increase the record size to 16 KB after that to optimize throughput. The record size is reset back to a single segment after ~1 second of inactivity and the record size ramping mechanism is repeated again.

proxy.config.ssl.session_cache
Scope:CONFIG
Type:INT
Default:2

Enables the SSL Session Cache: - 0 = Disables the session cache entirely

  • 1 = Enables the session cache using OpenSSLs implementation.

  • 2 = (default) Enables the session cache using Traffic Server’s implementation.

    This implentation should perform much better than the OpenSSL implementation.

proxy.config.ssl.session_cache.timeout
Scope:CONFIG
Type:INT
Default:0

This configuration specifies the lifetime of SSL session cache entries in seconds. If it is 0, then the SSL library will use a default value, typically 300 seconds. Note: This option has no affect when using the Traffic Server session cache (option 2 in proxy.config.ssl.session_cache)

proxy.config.ssl.session_cache.auto_clear
Scope:CONFIG
Type:INT
Default:1

This will set the OpenSSL auto clear flag. Auto clear is enabled by default with 1 it can be disabled by changing this setting to 0.

proxy.config.ssl.session_cache.size
Scope:CONFIG
Type:INT
Default:102400

This configuration specifies the maximum number of entries the SSL session cache may contain.

proxy.config.ssl.session_cache.num_buckets
Scope:CONFIG
Type:INT
Default:1024

This configuration specifies the number of buckets to use with the Traffic Server SSL session cache implementation. The TS implementation is a fixed size hash map where each bucket is protected by a mutex.

proxy.config.ssl.session_cache.skip_cache_on_bucket_contention
Scope:CONFIG
Type:INT
Default:0

This configuration specifies the behavior of the Traffic Server SSL session cache implementation during lock contention on each bucket:

  • 0 = (default) Don’t skip session caching when bucket lock is contented.
  • 1 = Don’t use the SSL session cache for this connection during lock contention.
proxy.config.ssl.hsts_max_age
Scope:CONFIG
Type:INT
Default:-1

この設定は Strict-Transport-Security ヘッダーを追加する際に使用される max-age の値を指定します。値は秒です。0 は max-age の値を 0 に設定しクライアントからの HSTS エントリーを削除するはずです。-1 はこの機能を無効化しヘッダーをセットしません。このオプションは HTTPS のリクエストでのみ使用され HTTP リクエストではヘッダーはセットされません。

proxy.config.ssl.hsts_include_subdomains
Scope:CONFIG
Type:INT
Default:0

Strict-Transport-Security ヘッダーへの includeSubdomain の値の追加を有効化 (1) もしくは無効化 (0) します。この設定の効果を得るためには proxy.config.ssl.hsts_max_age が -1 以外の値に設定されている必要があります。

proxy.config.ssl.allow_client_renegotiation
Scope:CONFIG
Type:INT
Default:0

この設定はクライアントが SSL 接続の再交渉を始めることができるかどうかを指定します。デフォルトは 0 で、クライアントが再交渉を始められないことを意味します。

proxy.config.ssl.cert.load_elevated
Scope:CONFIG
Type:INT
Default:0

SSL 証明書の読み込みの際に traffic_server の権限の昇格を有効化 (1) もしくは無効化 (0) します。これを有効化することで、証明書の脆弱性を低減するために SSL 証明書ファイルのアクセス権限を制限できるようになります。

This feature requires Traffic Server to be built with POSIX capabilities enabled.

ICP Configuration

proxy.config.icp.enabled
Scope:CONFIG
Type:INT
Default:0

Sets ICP mode for hierarchical caching:

  • 0 = disables ICP
  • 1 = allows Traffic Server to receive ICP queries only
  • 2 = allows Traffic Server to send and receive ICP queries

Refer to <admin-icp-peering>.

proxy.config.icp.icp_interface
Scope:CONFIG
Type:STRING
Default:your_interface

Specifies the network interface used for ICP traffic.

注釈

The Traffic Server installation script detects your network interface and sets this variable appropriately. If your system has multiple network interfaces, check that this variable specifies the correct interface.

proxy.config.icp.icp_port
Scope:CONFIG
Type:INT
Default:3130
Reloadable:Yes

Specifies the UDP port that you want to use for ICP messages.

proxy.config.icp.query_timeout
Scope:CONFIG
Type:INT
Default:2
Reloadable:Yes

Specifies the timeout used for ICP queries.

HTTP/2 Configuration

proxy.config.http2.enabled
Scope:CONFIG
Type:INT
Default:0

Enable the experimental HTTP/2 feature. This implements most of the specifications, with the one big exception being server PUSH.

注釈

This configuration will be eliminated for v6.0.0, where HTTP/2 is enabled by default and controlled via the ports configuration.

proxy.config.http2.max_concurrent_streams_in
Scope:CONFIG
Type:INT
Default:100
Reloadable:Yes

The maximum number of concurrent streams per inbound connection.

注釈

Reloading this value affects only new HTTP/2 connections, not the ones already established.

proxy.config.http2.initial_window_size_in
Scope:CONFIG
Type:INT
Default:65536
Reloadable:Yes

The initial window size for inbound connections.

proxy.config.http2.max_frame_size
Scope:CONFIG
Type:INT
Default:16384
Reloadable:Yes

Indicates the size of the largest frame payload that the sender is willing to receive.

proxy.config.http2.header_table_size
Scope:CONFIG
Type:INT
Default:4096
Reloadable:Yes

The maximum size of the header compression table used to decode header blocks.

proxy.config.http2.max_header_list_size
Scope:CONFIG
Type:INT
Default:4294967295
Reloadable:Yes

This advisory setting informs a peer of the maximum size of header list that the sender is prepared to accept blocks. The default value, which is the unsigned int maximum value in Traffic Server, implies unlimited size.

SPDY Configuration

proxy.config.spdy.accept_no_activity_timeout
Scope:CONFIG
Type:INT
Default:30
Reloadable:Yes

How long a SPDY connection will be kept open after an accept without any streams created.

proxy.config.spdy.no_activity_timeout_in
Scope:CONFIG
Type:INT
Default:30
Reloadable:Yes

How long a stream is kept open without activity.

proxy.config.spdy.initial_window_size_in
Scope:CONFIG
Type:INT
Default:65536
Reloadable:Yes

The initial window size for inbound connections.

proxy.config.spdy.max_concurrent_streams_in
Scope:CONFIG
Type:INT
Default:100
Reloadable:Yes

The maximum number of concurrent streams per inbound connection.

注釈

Reloading this value affects only new SPDY connections, not the ones already established..

Scheduled Update Configuration

proxy.config.update.enabled
Scope:CONFIG
Type:INT
Default:0

Enables (1) or disables (0) the Scheduled Update option.

proxy.config.update.force
Scope:CONFIG
Type:INT
Default:0
Reloadable:Yes

Enables (1) or disables (0) a force immediate update. When enabled, Traffic Server overrides the scheduling expiration time for all scheduled update entries and initiates updates until this option is disabled.

proxy.config.update.retry_count
Scope:CONFIG
Type:INT
Default:10
Reloadable:Yes

Specifies the number of times Traffic Server can retry the scheduled update of a URL in the event of failure.

proxy.config.update.retry_interval
Scope:CONFIG
Type:INT
Default:2
Reloadable:Yes

Specifies the delay (in seconds) between each scheduled update retry for a URL in the event of failure.

proxy.config.update.concurrent_updates
Scope:CONFIG
Type:INT
Default:100
Reloadable:Yes

Specifies the maximum simultaneous update requests allowed at any time. This option prevents the scheduled update process from overburdening the host.

Plug-in Configuration

proxy.config.plugin.plugin_dir
Scope:CONFIG
Type:STRING
Default:config/plugins

Specifies the location of Traffic Server plugins.

proxy.config.remap.num_remap_threads
Scope:CONFIG
Type:INT
Default:0

When this variable is set to 0, plugin remap callbacks are executed in line on network threads. If remap processing takes significant time, this can be cause additional request latency. Setting this variable to causes remap processing to take place on a dedicated thread pool, freeing the network threads to service additional requests.

Sockets

proxy.config.net.defer_accept
Scope:CONFIG
Type:INT
Default:1

default: 1 meaning on all Platforms except Linux: 45 seconds

This directive enables operating system specific optimizations for a listening socket. defer_accept holds a call to accept(2) back until data has arrived. In Linux’ special case this is up to a maximum of 45 seconds.

proxy.config.net.sock_send_buffer_size_in
Scope:CONFIG
Type:INT
Default:0

Sets the send buffer size for connections from the client to Traffic Server.

proxy.config.net.sock_recv_buffer_size_in
Scope:CONFIG
Type:INT
Default:0

Sets the receive buffer size for connections from the client to Traffic Server.

proxy.config.net.sock_option_flag_in
Scope:CONFIG
Type:INT
Default:0x0

Turns different options “on” for the socket handling client connections::

TCP_NODELAY  (1)
SO_KEEPALIVE (2)
SO_LINGER (4) - with a timeout of 0 seconds

注釈

This is a bitmask and you need to decide what bits to set. Therefore, you must set the value to 3 if you want to enable nodelay and keepalive options above.

proxy.config.net.sock_send_buffer_size_out
Scope:CONFIG
Type:INT
Default:0

Sets the send buffer size for connections from Traffic Server to the origin server.

proxy.config.net.sock_recv_buffer_size_out
Scope:CONFIG
Type:INT
Default:0

Sets the receive buffer size for connections from Traffic Server to the origin server.

proxy.config.net.sock_option_flag_out
Scope:CONFIG
Type:INT
Default:0x1

Turns different options “on” for the origin server socket::

TCP_NODELAY  (1)
SO_KEEPALIVE (2)
SO_LINGER (4) - with a timeout of 0 seconds

注釈

This is a bitmask and you need to decide what bits to set. Therefore, you must set the value to 3 if you want to enable nodelay and keepalive options above.

When SO_LINGER is enabled, the linger timeout time is set to 0. This is useful when ATS and origin server were installed This is useful when Traffic Server and the origin server are co-located and large numbers of sockets are retained in the TIME_WAIT state.
proxy.config.net.sock_mss_in
Scope:CONFIG
Type:INT
Default:0

Same as the command line option --accept_mss that sets the MSS for all incoming requests.

proxy.config.net.sock_packet_mark_in
Scope:CONFIG
Type:INT
Default:0x0

Set the packet mark on traffic destined for the client (the packets that make up a client response).

proxy.config.net.sock_packet_mark_out
Scope:CONFIG
Type:INT
Default:0x0

Set the packet mark on traffic destined for the origin (the packets that make up an origin request).

proxy.config.net.sock_packet_tos_in
Scope:CONFIG
Type:INT
Default:0x0

Set the ToS/DiffServ Field on packets sent to the client (the packets that make up a client response).

proxy.config.net.sock_packet_tos_out
Scope:CONFIG
Type:INT
Default:0x0

Set the ToS/DiffServ Field on packets sent to the origin (the packets that make up an origin request).

proxy.config.net.poll_timeout
Scope:CONFIG
Type:INT
Default:10 (or 30 on Solaris)

Same as the command line option --poll_timeout, or -t, which specifies the timeout used for the polling mechanism used. This timeout is always in milliseconds (ms). This is the timeout to epoll_wait() on Linux platforms, and to kevent() on BSD type OSs. The default value is 10 on all platforms.

Changing this configuration can reduce CPU usage on an idle system, since periodic tasks gets processed at these intervals. On busy servers, this overhead is diminished, since polled events triggers morefrequently. However, increasing the setting can also introduce additional latency for certain operations, and timed events. It’s recommended not to touch this setting unless your CPU usage is unacceptable at idle workload. Some alternatives to this could be:

Reduce the number of worker threads (net-threads)
Reduce the number of disk (AIO) threads
Make sure accept threads are enabled

The relevant configurations for this are:

CONFIG proxy.config.exec_thread.autoconfig INT 0
CONFIG proxy.config.exec_thread.limit INT 2
CONFIG proxy.config.accept_threads INT 1
CONFIG proxy.config.cache.threads_per_disk INT 8
proxy.config.task_threads
Scope:CONFIG
Type:INT
Default:2

Specifies the number of task threads to run. These threads are used for various tasks that should be off-loaded from the normal network threads.

proxy.config.allocator.thread_freelist_size
Scope:CONFIG
Type:INT
Default:512

Sets the maximum number of elements that can be contained in a ProxyAllocator (per-thread) before returning the objects to the global pool

proxy.config.allocator.thread_freelist_low_watermark
Scope:CONFIG
Type:INT
Default:32

Sets the minimum number of items a ProxyAllocator (per-thread) will guarantee to be holding at any one time.

proxy.config.http.enabled
Scope:CONFIG
Type:INT
Default:1

Turn on or off support for HTTP proxying. This is rarely used, the one exception being if you run Traffic Server with a protocol plugin, and would like for it to not support HTTP requests at all.