records.config¶
The records.config
file (by default, located in
/usr/local/etc/trafficserver/
) is a list of configurable variables used by
the Traffic Server software. Many of the variables in records.config
are set
automatically when you set configuration options with traffic_ctl config set
. After you
modify records.config
, run the command traffic_ctl config reload
to apply the changes. When you apply changes to one node in a cluster, Traffic Server
automatically applies the changes to all other nodes in the cluster.
フォーマット¶
それぞれの変数は次のフォーマットとなっています
SCOPE variable_name DATATYPE variable_value
Scope¶
All variables are defined within a scope, which is related to clustering, and
determines the level at which the variable is applied. The value for SCOPE
must be one of:
Scope | Description |
---|---|
CONFIG |
All members of the cluster. |
LOCAL |
Only the local machine. |
Data Type¶
A variable's type is defined by the DATATYPE
and must be one of:
Type | Description |
---|---|
FLOAT |
Floating point, expressed as a decimal number without units or exponents. |
INT |
Integers, expressed with or without unit prefixes (as described below). |
STRING |
String of characters up to the first newline. No quoting necessary. |
Values¶
The variable_value must conform to the variable's type. For STRING
, this
is simply any character data until the first newline.
For integer (INT
) variables, values are expressed as any normal integer,
e.g. 32768
. They can also be expressed using more human readable values
using standard unit prefixes, e.g. 32K
. The following prefixes are
supported for all INT
type configurations:
Prefix | Description | Equivalent in Bytes |
---|---|---|
K |
Kilobytes | 1,024 bytes |
M |
Megabytes | 1,048,576 bytes (10242) |
G |
Gigabytes | 1,073,741,824 bytes (10243) |
T |
Terabytes | 1,099,511,627,776 bytes (10244) |
重要
Unless proxy.config.disable_configuration_modification
is enabled,
Traffic Server writes configurations back to disk periodically. When doing so, the
unit prefixes are not preserved.
Floating point variables (FLOAT
) must be expressed as a regular decimal
number. Unit prefixes are not supported, nor are alternate notations (scientific,
exponent, etc.).
Additional Attributes¶
Deprecated¶
A variable marked as Deprecated is still functional but should be avoided as it may be removed in a future release without warning.
Reloadable¶
A variable marked as Reloadable can be updated via the command:
traffic_ctl config reload
This updates configuration parameters without restarting Traffic Server or interrupting the processing of requests.
Overridable¶
A variable marked as Overridable can be changed on a per-remap basis using plugins (like the Configuration Remap Plugin), affecting operations within the current transaction only.
例¶
次の例で、proxy.config.proxy_name 変数は my_server
という値を持つ STRING
データ型の変数です。これは Traffic Server プロキシーの名前が my_server
であることを意味しています。:
CONFIG proxy.config.proxy_name STRING my_server
もしサーバー名が that_server
であるべきなら行は次のようになります
CONFIG proxy.config.proxy_name STRING that_server
次の例で、proxy.config.arm.enabled
変数は yes/no フラグです。値 0
(ゼロ) はオプションを無効化し、値 1
はオプションを有効化します。
CONFIG proxy.config.arm.enabled INT 0
次の例で、変数はクラスターのスタートアップタイムアウトを 10 秒に設定します。
CONFIG proxy.config.cluster.startup_timeout INT 10
最後の例は、人間が読みやすいプレフィックスを使用して RAM キャッシュを 64GB に設定します。
CONFIG proxy.config.cache.ram_cache.size INT 64G
環境の再定義¶
records.config
の各設定変数は対応する環境変数で再定義できます。これは静的な records.config
が必要であるが 1、2 個の設定だけ調整したいという状況で便利です。再定義変数は records.config
の変数名を大文字にし、ドットをアンダースコアに置換えたものになっています。
環境からの変数の再定義は恒久的であり、records.config
の変更や :program:`traffic_ctl ` での適用による将来的な設定変更の影響を受けません。
例えば、proxy.config.product_company 変数はこのように再定義できるでしょう
$ PROXY_CONFIG_PRODUCT_COMPANY=example traffic_cop &
$ traffic_ctl config get proxy.config.product_company
設定変数¶
次の一覧では records.config
ファイル内で利用可能な設定変数について説明します。
システム変数¶
-
proxy.config.product_company
¶
Scope: | CONFIG |
---|---|
Type: | STRING |
Default: | Apache Software Foundation |
Traffic Server を開発している組織の名称。
-
proxy.config.product_vendor
¶
Scope: | CONFIG |
---|---|
Type: | STRING |
Default: | Apache |
Traffic Server を提供しているベンダーの名称。
-
proxy.config.product_name
¶
Scope: | CONFIG |
---|---|
Type: | STRING |
Default: | Traffic Server |
プロダクトの名称。
-
proxy.config.proxy_name
¶
Scope: | CONFIG |
---|---|
Type: | STRING |
Default: | build_machine |
Reloadable: | Yes |
Traffic Server ノードの名称。
-
proxy.config.bin_path
¶
Scope: | CONFIG |
---|---|
Type: | STRING |
Default: | bin |
Traffic Server の bin
ディレクトリの位置。
-
proxy.config.proxy_binary
¶
Scope: | CONFIG |
---|---|
Type: | STRING |
Default: | traffic_server |
traffic_server プロセスを実行する実行ファイルの名称。
-
proxy.config.proxy_binary_opts
¶
Scope: | CONFIG |
---|---|
Type: | STRING |
Default: | -M |
Traffic Server をスタートする際のコマンドラインオプション。
-
proxy.config.manager_binary
¶
Scope: | CONFIG |
---|---|
Type: | STRING |
Default: | traffic_manager |
traffic_manager プロセスを実行する実行ファイルの名称。
-
proxy.config.env_prep
¶
Scope: | CONFIG |
---|---|
Type: | STRING |
Default: | *NONE* |
traffic_manager プロセスが traffic_server プロセスを立ち上げる前に実行するスクリプト。
-
proxy.config.config_dir
¶
Scope: | CONFIG |
---|---|
Type: | STRING |
Default: | etc/trafficserver |
Traffic Server の設定ファイルを含むディレクトリ。これはビルド時に指定された SYSCONFDIR
のインストールした場所のプレフィックスからの相対の値を含んだ読み取り専用の設定オプションです。$TS_ROOT
環境変数はインストールした場所のプレフィックスを実行時に切り替えるために使うことができます。
-
proxy.config.syslog_facility
¶
Scope: | CONFIG |
---|---|
Type: | STRING |
Default: | LOG_DAEMON |
The facility used to record system log files. Refer to Understanding Traffic Server Logs for more in-depth discussion of the contents and interpretations of log files.
-
proxy.config.cop.core_signal
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 0 |
traffic_cop の管理しているプロセスを停止するために送信されるシグナルです。
値 0
はシグナルが送信されないことを意味します。
-
proxy.config.cop.linux_min_memfree_kb
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 0 |
The minimum amount of free memory space allowed before Traffic Server stops the traffic_server and traffic_manager processes to prevent the system from hanging.
-
proxy.config.cop.linux_min_swapfree_kb
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 0 |
Traffic Server がシステムのハングを防ぐために traffic_server と traffic_manager プロセスを停止させるまでに許されるスワップ領域の最小空き容量です。この設定変数は Linux 2.2 でスワップが有効化されている場合のみ適用されます。`
-
proxy.config.cop.init_sleep_time
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 0 |
The minimum amount of addtional duration allowed before Traffic Server detects that the traffic_server is not responsive and attempts a restart during startup. This configuration variable allows Traffic Server a longer init time to load potentially large configuration files such as remap config. Note that this applies only during startup of Traffic Server and does not apply to the run time heartbeat checking.
-
proxy.config.cop.active_health_checks
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 3 |
Specifies which, if any, of traffic_server and traffic_manager that traffic_cop is allowed to kill in the event of failed health checks. The possible values are:
値 | Description |
---|---|
0 |
traffic_cop is not allowed to kill any processes. |
1 |
Only traffic_manager can be killed on failed health checks. |
2 |
Only traffic_server can be killed on failed health checks. |
3 |
traffic_server and traffic_manager can be killed on failures (default). |
-
proxy.config.output.logfile
¶
Scope: | CONFIG |
---|---|
Type: | STRING |
Default: | traffic.out |
Traffic Server プロセスによって生成される警告、ステータスメッセージ、エラーメッセージを含むファイルの名前と場所。パスが指定されていない場合、Traffic Server はロギングディレクトリにファイルを作成します。
-
proxy.config.output.logfile.rolling_enabled
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 0 |
Reloadable: | Yes |
Specifies how the output log is rolled. You can specify the following values:
値 | Description |
---|---|
0 |
Disables output log rolling. |
1 |
Enables output log rolling at specific intervals (specified with the
proxy.config.output.logfile.rolling_interval_sec variable).
The clock starts ticking on Traffic Server boot. |
2 |
Enables output log rolling when the output log reaches a specific size
(specified with proxy.config.output.logfile.rolling_size_mb ). |
3 |
Enables output log rolling at specific intervals or when the output log reaches a specific size (whichever occurs first). |
-
proxy.config.output.logfile.rolling_interval_sec
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 3600 |
Units: | seconds |
Reloadable: | Yes |
Specifies how often the output log is rolled, in seconds. The timer starts on Traffic Server bootup.
-
proxy.config.output.logfile.rolling_size_mb
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 100 |
Units: | megabytes |
Reloadable: | Yes |
Specifies at what size to roll the output log at.
-
proxy.config.snapshot_dir
¶
Scope: | CONFIG |
---|---|
Type: | STRING |
Default: | snapshots |
Traffic Server が設定のスナップショットを保存するローカルシステム上のディレクトリ。絶対パスを指定しない限り、このディレクトリは Traffic Server の SYSCONFDIR
ディレクトリに置かれます。
Thread Variables¶
-
proxy.config.exec_thread.autoconfig
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 1 |
When enabled (the default, 1
), Traffic Server scales threads according to the
available CPU cores. See the config option below.
-
proxy.config.exec_thread.autoconfig.scale
¶
Scope: | CONFIG |
---|---|
Type: | FLOAT |
Default: | 1.5 |
Factor by which Traffic Server scales the number of threads. The multiplier is usually
the number of available CPU cores. By default this is scaling factor is
1.5
.
-
proxy.config.exec_thread.limit
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 2 |
The number of threads Traffic Server will create if proxy.config.exec_thread.autoconfig
is set to 0
, otherwise this option is ignored.
-
proxy.config.accept_threads
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 1 |
The number of accept threads. If disabled (0
), then accepts will be done
in each of the worker threads.
-
proxy.config.thread.default.stacksize
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 1048576 |
Default thread stack size, in bytes, for all threads (default is 1 MB).
-
proxy.config.exec_thread.affinity
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 1 |
Bind threads to specific processing units.
値 | 効果 |
---|---|
0 |
Assign threads to machine. |
1 |
Assign threads to NUMA nodes [default]. |
2 |
Assign threads to sockets. |
3 |
Assign threads to cores. |
4 |
Assign threads to processing units. |
注釈
このオプションは Traffic Server が --enable-hwloc
付きでコンパイルされている場合のみ効果があります。
-
proxy.config.system.file_max_pct
¶
Scope: | CONFIG |
---|---|
Type: | FLOAT |
Default: | 0.9 |
Set the maximum number of file handles for the traffic_server process as a percentage of the the fs.file-max proc value in Linux. The default is 90%.
-
proxy.config.crash_log_helper
¶
Scope: | CONFIG |
---|---|
Type: | STRING |
Default: | traffic_crashlog |
This option directs traffic_server to spawn a crash
log helper at startup. The value should be the path to an
executable program. If the path is not absolute, it is located
relative to configured bin
directory. Any user-provided
program specified here must behave in a fashion compatible with
traffic_crashlog. Specifically, it must implement
the traffic_crashlog --wait
behavior.
This setting not reloadable because the helper must be spawned
before traffic_server drops privilege. If this variable
is set to NULL
, no helper will be spawned.
-
proxy.config.restart.active_client_threshold
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 0 |
Reloadable: | Yes |
This setting specifies the number of active client connections
for use by traffic_ctl server restart --drain
.
Network¶
-
proxy.config.net.connections_throttle
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 30000 |
The total number of client and origin server connections that the server can handle simultaneously. This is in fact the max number of file descriptors that the traffic_server process can have open at any given time. Roughly 10% of these connections are reserved for origin server connections, i.e. from the default, only ~9,000 client connections can be handled. This should be tuned according to your memory size, and expected work load. If this is set to 0, the throttling logic is disabled.
-
proxy.config.net.default_inactivity_timeout
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 86400 |
Reloadable: | Yes |
The connection inactivity timeout (in seconds) to apply when Traffic Server detects that no inactivity timeout has been applied by the HTTP state machine. When this timeout is applied, the proxy.process.net.default_inactivity_timeout_applied metric is incremented.
See Timeout Settings for more discussion on Traffic Server timeouts.
-
proxy.config.net.inactivity_check_frequency
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 1 |
How frequent (in seconds) to check for inactive connections. If you deal with a lot of concurrent connections, increasing this setting can reduce pressure on the system.
-
proxy.local.incoming_ip_to_bind
¶
Scope: | LOCAL |
---|---|
Type: | STRING |
Default: | 0.0.0.0 [::] |
Controls the global default IP addresses to which to bind proxy server ports. The value is a space separated list of IP addresses, one per supported IP address family (currently IPv4 and IPv6).
Unless explicitly specified in proxy.config.http.server_ports
, the
server port will be bound to one of these addresses, selected by IP address
family. The built in default is any address. This is used if no address for
a family is specified. This setting is useful if most or all server ports
should be bound to the same address.
注釈
This is ignored for inbound transparent server ports because they must be able to accept connections on arbitrary IP addresses.
例
Set the global default for IPv4 to 192.168.101.18
and leave the global
default for IPv6 as any address:
LOCAL proxy.local.incoming_ip_to_bind STRING 192.168.101.18
例
Set the global default for IPv4 to 191.68.101.18
and the global default
for IPv6 to fc07:192:168:101::17
:
LOCAL proxy.local.incoming_ip_to_bind STRING 192.168.101.18 [fc07:192:168:101::17]
-
proxy.local.outgoing_ip_to_bind
¶
Scope: | LOCAL |
---|---|
Type: | STRING |
Default: | 0.0.0.0 [::] |
This controls the global default for the local IP address for outbound connections to origin servers. The value is a list of space separated IP addresses, one per supported IP address family (currently IPv4 and IPv6).
Unless explicitly specified in proxy.config.http.server_ports
, one
of these addresses, selected by IP address family, will be used as the local
address for outbound connections. This setting is useful if most or all of
the server ports should use the same outbound IP addresses.
注釈
This is ignored for outbound transparent ports as the local outbound address will be the same as the client local address.
例
Set the default local outbound IP address for IPv4 connections to 192.168.101.18
.:
LOCAL proxy.local.outgoing_ip_to_bind STRING 192.168.101.18
例
Set the default local outbound IP address to 192.168.101.17
for IPv4 and fc07:192:168:101::17
for IPv6.:
LOCAL proxy.local.outgoing_ip_to_bind STRING 192.168.101.17 [fc07:192:168:101::17]
-
proxy.config.net.event_period
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 10 |
How often, in milli-seconds, to schedule IO event processing. This is unlikely to be necessary to tune, and we discourage setting it to a value smaller than 10ms (on Linux).
-
proxy.config.net.accept_period
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 10 |
How often, in milli-seconds, to schedule accept() processing. This is unlikely to be necessary to tune, and we discourage setting it to a value smaller than 10ms (on Linux).
-
proxy.config.net.retry_delay
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 10 |
Reloadable: | Yes |
How long to wait until we retry various events that would otherwise block the network processing threads (e.g. locks). We discourage setting this to a value smaller than 10ms (on Linux).
-
proxy.config.net.throttle_delay
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 50 |
Reloadable: | Yes |
When we trigger a throttling scenario, this how long our accept() are delayed.
Cluster¶
-
proxy.local.cluster.type
¶
Scope: | LOCAL |
---|---|
Type: | INT |
Default: | 3 |
Sets the clustering mode:
値 | 効果 |
---|---|
1 |
Full-clustering mode. |
2 |
Management-only mode. |
3 |
No clustering. |
-
proxy.config.cluster.ethernet_interface
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | eth0 |
The network interface to be used for cluster communication. This has to be identical on all members of a clsuter. ToDo: Is that reasonable ?? Should this be local"
-
proxy.config.cluster.rsport
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 8088 |
The reliable service port. The reliable service port is used to send configuration information between the nodes in a cluster. All nodes in a cluster must use the same reliable service port.
-
proxy.config.cluster.threads
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 1 |
The number of threads for cluster communication. On heavy clusters, the number should be adjusted. It is recommend to use the thread CPU usage as a reference when adjusting.
-
proxy.config.clustger.ethernet_interface
¶
Scope: | CONFIG |
---|---|
Type: | STRING |
Default: | *NONE* |
Set the interface to use for cluster communications.
-
proxy.config.http.cache.cluster_cache_local
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 0 |
Overridable: | Yes |
This turns on the local caching of objects in cluster mode. The point of
this is to allow for popular or hot content to be cached on all nodes
in a cluster. Be aware that the primary way to configure this behavior is
via the cache.config
configuration file using
action=cluster-cache-local
directives.
This particular records.config
configuration can be controlled per
transaction or per remap rule. As such, it augments the
cache.config
directives, since you can turn on the local caching
feature without complex regular expression matching.
This implies that turning this on in your global records.config
is
almost never what you want; instead, you want to use this either via
e.g. conf_remap.so
overrides for a certain remap rule, or through a
custom plugin using the appropriate APIs.
Local Manager¶
-
proxy.config.admin.synthetic_port
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 8083 |
The synthetic healthcheck port.
-
proxy.config.admin.number_config_bak
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 3 |
The maximum number of copies of rolled configuration files to keep.
-
proxy.config.admin.user_id
¶
Scope: | CONFIG |
---|---|
Type: | STRING |
Default: | nobody |
Designates the non-privileged account to run the traffic_server process as, which also has the effect of setting ownership of configuration and log files.
As of version 2.1.1 if the user_id is prefixed with pound character (#
)
the remainder of the string is considered to be a
numeric user identifier.
If the value is set to #-1
Traffic Server will not change the user during startup.
重要
Attempting to set this option to root
or #0
is now forbidden, as
a measure to increase security. Doing so will cause a fatal failure upon
startup in traffic_server. However, there are two ways to
bypass this restriction:
- Specify
-DBIG_SECURITY_HOLE
inCXXFLAGS
during compilation. - Set the
user_id=#-1
and start trafficserver as root.
-
proxy.config.admin.api.restricted
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 0 |
This setting specifies whether the management API should be restricted to
root processes. If this is set to 0
, then on platforms that support
passing process credentials, non-root processes will be allowed to make
read-only management API calls. Any management API calls that modify server
state (eg. setting a configuration variable) will still be restricted to
root processes.
This setting is not reloadable, since it is must be applied when program:traffic_manager initializes.
-
proxy.config.disable_configuration_modification
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 0 |
Reloadable: | Yes |
This setting prevents Traffic Server from rewriting the records.config
configuration file. Dynamic configuration changes can still be made using
traffic_ctl config set, but these changes will not be persisted
on service restarts or when traffic_ctl config reload
is run.
Process Manager¶
-
proxy.config.process_manager.mgmt_port
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 8084 |
The port used for internal communication between traffic_manager and traffic_server processes.
Alarm Configuration¶
-
proxy.config.alarm_email
¶
Scope: | CONFIG |
---|---|
Type: | STRING |
Default: | *NONE* |
Reloadable: | Yes |
The address to which the alarm script should send email.
-
proxy.config.alarm.bin
¶
Scope: | CONFIG |
---|---|
Type: | STRING |
Default: | example_alarm_bin.sh |
Reloadable: | Yes |
Name of the script file that can execute certain actions when an alarm is signaled. The script is invoked with up to 4 arguments:
- The alarm message.
- The value of
proxy.config.product_name
. - The value of
proxy.config.admin.user_id
. - The value of
proxy.config.alarm_email
.
-
proxy.config.alarm.abs_path
¶
Scope: | CONFIG |
---|---|
Type: | STRING |
Default: | NULL |
Reloadable: | Yes |
The absolute path to the directory containing the alarm script.
If this is not set, the script will be located relative to
proxy.config.bin_path
.
-
proxy.config.alarm.script_runtime
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 5 |
Reloadable: | Yes |
The number of seconds that Traffic Server allows the alarm script to run before aborting it.
HTTP エンジン¶
-
proxy.config.http.server_ports
¶
Scope: | CONFIG |
---|---|
Type: | STRING |
Default: | 8080 8080:ipv6 |
HTTP トラフィックをプロキシーするために使用されるポート。
This is a list, separated by space or comma, of port descriptors.
Each descriptor is a sequence of keywords and values separated by colons.
Not all keywords have values, those that do are specifically noted. Keywords
with values can have an optional =
character separating the keyword and
value. The case of keywords is ignored. The order of keywords is irrelevant
but unspecified results may occur if incompatible options are used (noted
below). Options without values are idempotent. Options with values use the
last (right most) value specified, except for ip-out
as detailed later.
Quick reference chart:
名前 | 注釈 | 定義 |
---|---|---|
number | Required | ローカルポート |
blind | Blind (CONNECT ) ポート。 |
|
compress | Not Implemented | Compressed. |
ipv4 | Default | IPv4 アドレスファミリーにバインド。 |
ipv6 | IPv6 アドレスファミリーにバインド。 | |
ip-in | 値 | ローカルインバウンド IP アドレス。 |
ip-out | 値 | ローカルアウトバウンド IP アドレス。 |
ip-resolve | 値 | IP アドレス解決スタイル。 |
proto | 値 | List of supported session protocols. |
ssl | SSL 終端 | |
tr-full | 完全な透過。 ( インバウンドとアウトバウンド ) | |
tr-in | インバウンド透過。 | |
tr-out | アウトバウンド透過。 | |
tr-pass | パススルー有効化。 |
- number
- バインドするローカル IP ポート。これは ATS クライアントが接続するポートです。
- blind
Accept only the
CONNECT
method on this port.非互換 :
tr-in
、ssl
.- compress
- コネクションの圧縮。惰性により残されています。これは "実装されていない" と考えられるべきです。
- ipv4
- IPv4 の使用。これはデフォルトであり、完全性のために最初にインクルードされています。
ip-in
オプションが IPv4 アドレスで使用されている場合、これは強制されます。 - ipv6
- IPv6 の使用。これは
ip-in
オプションが IPv6 アドレスで使用されている場合、強制されます。 - ssl
インバウンドコネクション用の SSL ターミネーションの要求。このオプションを使って機能するサーバーポートを提供するには SSL が 設定されていなければなりません 。
Not compatible with:
blind
.- proto
- Specify the session level protocols supported. These should be separated by semi-colons. For TLS proxy ports the default value is all available protocols. For non-TLS proxy ports the default is HTTP only.
- tr-full
完全な透過。これは便利なオプションであり
tr-in
とtr-out
の両方を記述することと同じです。非互換 :
tr-in
もしくはtr-out
と非互換なオプション全て。- tr-in
Inbound transparent. The proxy port will accept connections to any IP address on the port. To have IPv6 inbound transparent you must use this and the
ipv6
option. This overridesproxy.local.incoming_ip_to_bind
for this port.Not compatible with:
ip-in
,blind
- tr-out
Outbound transparent. If ATS connects to an origin server for a transaction on this port, it will use the client's address as its local address. This overrides
proxy.local.outgoing_ip_to_bind
for this port.Not compatible with:
ip-out
,ip-resolve
- tr-pass
- 透過的なパススルー。このオプションはインバウンド透過プロキシーポートにのみ便利です。期待した HTTP ヘッダーのパースに失敗した場合、トランザクションはクライアントへのエラーレスポンスを生成する代わりにブラインドトンネルにスイッチされます。それはオリジンサーバーアドレスを取得する他の場所がないトランザクションと同様に
proxy.config.http.use_client_target_addr
を事実上有効化します。 - ip-in
Set the local IP address for the port. This is the address to which clients will connect. This forces the IP address family for the port. The
ipv4
oripv6
can be used but it is optional and is an error for it to disagree with the IP address family of this value. An IPv6 address must be enclosed in square brackets. If this option is omittedproxy.local.incoming_ip_to_bind
is used.非互換 :
tr-in
- ip-out
アウトバウンドコネクション用のローカル IP アドレスの設定。このポート上のトランザクションのために ATS がオリジンサーバーへアクセスする際にローカルに使用されるアドレスです。これが設定されなかった場合、
proxy.local.outgoing_ip_to_bind
が使用されます。このオプションは各 IP アドレスファミリー毎に 1 回づつ、複数回使うことができます。使用されるアドレスはオリジンサーバーアドレスの IP アドレスファミリーから選択されます。
非互換 :
tr-out
- ip-resolve
このプロキシーポートのトランザクション用の
ホスト解決方法
の設定。Not compatible with:
tr-out
- this option requires a value ofclient;none
which is forced and should not be explicitly specified.
例
IPv4 と IPv6 のどのアドレスでもポート 80 でリッスンします。
80 80:ipv6
例
どの IPv4 アドレスでもポート 8080 を、さらにローカルアドレス fc01:10:10:1::1
( これは IPv6
を意味します。) のポート 8080 を透過的にリッスンします。
IPv4:tr-FULL:8080 TR-full:IP-in=[fc02:10:10:1::1]:8080
例
IPv6 ではポート 8080 で完全に透過的にリッスンします。SSL ポートを 443 で設定します。これらのポートは proxy.local.incoming_ip_to_bind
で指定された IP アドレスを使います。 IP アドレス 192.168.17.1
、 ポート 80、 IPv4 でリッスンして、オリジンサーバーへはローカルアドレス 10.10.10.1
を IPv4 で fc01:10:10:1::1
を IPv6 で使用して接続します。
8080:ipv6:tr-full 443:ssl ip-in=192.168.17.1:80:ip-out=[fc01:10:10:1::1]:ip-out=10.10.10.1
例
Listen on port 9090 for TSL enabled HTTP/2 or HTTP connections, accept no other session protocols.:
9090:proto=http2;http:ssl
例
Listen on port 9090 for TSL disabled HTTP/2 and enabled HTTP connections, accept no other session protocols.:
9090:proto=http:ssl
-
proxy.config.http.connect_ports
¶
Scope: | CONFIG |
---|---|
Type: | STRING |
Default: | 443 563 |
CONNECT
によるトンネリングに使用可能なオリジンサーバーポートの幅。
Traffic Server allows tunnels only to the specified ports. Supports both wildcards
(*
) and ranges (e.g. 0-1023
).
注釈
These are the ports on the origin server, not Traffic Server proxy ports
.
-
proxy.config.http.forward_connect_method
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 0 |
Reloadable: | Yes |
Overridable: | Yes |
The default, Traffic Server behavior for handling a CONNECT method request
is to establish a tunnel to the requested destination. This
configuration alters the behavior so that Traffic Server forwards the
CONNECT method to the next hop, and establishes the tunnel after
receiving a positive response. This behavior is useful in a proxy
hierarchy, and is equivalent to setting
proxy.local.http.parent_proxy.disable_connect_tunneling
to
0 when parent proxying is enabled.
-
proxy.config.http.insert_request_via_str
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 1 |
Reloadable: | Yes |
Overridable: | Yes |
オリジンサーバーへのリクエストで Via
フィールドがどのように処理されるかの設定。
値 | 効果 |
---|---|
0 |
Do not modify or set this Via header. |
1 |
Add the basic protocol and proxy identifier. |
2 |
And basic transaction codes. |
3 |
And detailed transaction codes. |
4 |
And full user agent connection protocol tags. |
注釈
The Via
transaction codes can be decoded with the Via Decoder Ring.
-
proxy.config.http.request_via_str
¶
Scope: | CONFIG |
---|---|
Type: | STRING |
Default: | ApacheTrafficServer/${PACKAGE_VERSION} |
Reloadable: | Yes |
Overridable: | Yes |
Set the server and version string in the Via
request header to the origin server which is inserted when the value of proxy.config.http.insert_request_via_str
is not 0
. Note that the actual default value is defined with "ApacheTrafficServer/" PACKAGE_VERSION
in a C++ source code, and you must write such as ApacheTrafficServer/6.0.0
if you really set a value with the version in records.config
file. If you want to hide the version, you can set this value to ApacheTrafficServer
.
-
proxy.config.http.insert_response_via_str
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 0 |
Reloadable: | Yes |
Overridable: | Yes |
クライアントへのレスポンスで Via
フィールドがどのように処理されるかの設定。
値 | 効果 |
---|---|
0 |
Do not modify or set this Via header. |
1 |
Add the basic protocol and proxy identifier. |
2 |
And basic transaction codes. |
3 |
And detailed transaction codes. |
4 |
And full upstream connection protocol tags. |
注釈
The Via
transaction codes can be decoded with the Via Decoder Ring.
-
proxy.config.http.response_via_str
¶
Scope: | CONFIG |
---|---|
Type: | STRING |
Default: | ApacheTrafficServer/${PACKAGE_VERSION} |
Reloadable: | Yes |
Overridable: | Yes |
Set the server and version string in the Via
response header to the client which is inserted when the value of proxy.config.http.insert_response_via_str
is not 0
. Note that the actual default value is defined with "ApacheTrafficServer/" PACKAGE_VERSION
in a C++ source code, and you must write such as ApacheTrafficServer/6.0.0
if you really set a value with the version in records.config
file. If you want to hide the version, you can set this value to ApacheTrafficServer
.
-
proxy.config.http.send_100_continue_response
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 0 |
Reloadable: | Yes |
次のうち 1 つを指定できます。
値 | Description |
---|---|
0 |
Traffic Server will buffer the request until the post body has been recieved and then send the request to the origin server. |
1 |
Immediately return a 100 Continue from Traffic Server without waiting for
the post body. |
-
proxy.config.http.response_server_enabled
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 1 |
Reloadable: | Yes |
Overridable: | Yes |
次のうち 1 つを指定できます。
値 | Description |
---|---|
0 |
No Server header is added to the response. |
1 |
The Server header is added according to
proxy.config.http.response_server_str . |
2 |
The Server header is added only if the response from origin does
not have one already. |
-
proxy.config.http.response_server_str
¶
Scope: | CONFIG |
---|---|
Type: | STRING |
Default: | ATS/${PACKAGE_VERSION} |
Reloadable: | Yes |
Overridable: | Yes |
The Server
string that Traffic Server will insert in a response header (if
requested, see above). Note that the actual default value is defined with
"ATS/" PACKAGE_VERSION
in the C++ source, and you must write such as
ATS/6.0.0
if you really set a value with the version in
records.config
. If you want to hide the version, you can set this
value to ATS
.
-
proxy.config.http.insert_age_in_response
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 1 |
Reloadable: | Yes |
Overridable: | Yes |
This option specifies whether Traffic Server should insert an Age
header in the
response. The value is the cache's estimate of the amount of time since the
response was generated or revalidated by the origin server.
値 | Description |
---|---|
0 |
No Age header is added. |
1 |
Age header is added. |
-
proxy.config.http.chunking_enabled
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 1 |
Reloadable: | Yes |
Overridable: | Yes |
Specifies whether Traffic Server can generate a chunked response:
値 | Description |
---|---|
0 |
Never respond with chunked encoding. |
1 |
Always respond with chunked encoding. |
2 |
Generate a chunked response if the origin server has previously returned HTTP/1.1. |
3 |
Generate a chunked response if the client request is HTTP/1.1 and the origin server has previously returned HTTP/1.1. |
注釈
If HTTP/1.1 is used, then Traffic Server can use keep-alive connections to origin servers.
If HTTP/1.0 is used, then Traffic Server can use keep-alive connections to origin servers.
-
proxy.config.http.chunking.size
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 4096 |
Overridable: | Yes |
If chunked transfer encoding is enabled with proxy.config.http.chunking_enabled
,
and the conditions specified by that option's setting are met by the current
request, this option determines the size of the chunks, in bytes, to use
when sending content to an HTTP/1.1 client.
-
proxy.config.http.send_http11_requests
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 1 |
Reloadable: | Yes |
Overridable: | Yes |
Specifies when and how Traffic Server uses HTTP/1.1 to communicate with the origin server.
値 | Description |
---|---|
0 |
Never use HTTP/1.1. |
1 |
Always use HTTP/1.1. |
2 |
Use HTTP/1.1 with origin connections only if the server has previously returned HTTP/1.1. |
3 |
If the client request is HTTP/1.1 and the origin server has previously returned HTTP/1.1, then use HTTP/1.1 for origin server connections. |
注釈
If proxy.config.http.use_client_target_addr
is set to 1
, then
options 2
and 3
for this configuration variable cause the proxy
to use the client HTTP version for upstream requests.
-
proxy.config.http.server_tcp_init_cwnd
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 0 |
Overridable: | Yes |
Configures the size, in packets, of the initial TCP congestion window on
sockets used by the HTTP engine. This option may only be used on operating
systems which support the TCP_INIT_CWND
option on TCP sockets.
-
proxy.config.http.auth_server_session_private
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 1 |
Overridable: | Yes |
If enabled (1
) anytime a request contains a Authorization
,
Proxy-Authorization
, or Www-Authenticate
header the connection will
be closed and not reused. This marks the connection as private. When disabled
(0
) the connection will be available for reuse.
-
proxy.config.http.server_session_sharing.match
¶
Scope: | CONFIG |
---|---|
Type: | STRING |
Default: | both |
Overridable: | Yes |
Enable and set the ability to re-use server connections across client connections. The valid values are:
値 | Description |
---|---|
none |
Do not match and do not re-use server sessions. If using this in
TSHttpOverridableConfig (like the Configuration Remap Plugin),
use the integer 0 instead. |
both |
Re-use server sessions, if both the IP address and fully qualified
domain name match. If using this in TSHttpOverridableConfig (like
the Configuration Remap Plugin), use the integer 1 instead. |
ip |
Re-use server sessions, checking only that the IP address and port
of the origin server matches. If using this in
TSHttpOverridableConfig (like the Configuration Remap Plugin),
use the integer 2 instead. |
host |
Re-use server sessions, checking only that the fully qualified
domain name matches. If using this in TSHttpOverridableConfig
(like the Configuration Remap Plugin), use the integer 3 instead. |
It is strongly recommended to use either none
or both
for this value
unless you have a specific need for the other settings. The most common
reason is virtual hosts that share an IP address in which case performance
can be enhanced if those sessions can be re-used. However, not all web
servers support requests for different virtual hosts on the same connection
so use with caution.
注釈
Server sessions to different ports never match even if the FQDN and IP address match.
-
proxy.config.http.server_session_sharing.pool
¶
Scope: | CONFIG |
---|---|
Type: | STRING |
Default: | thread |
Control the scope of server session re-use if it is enabled by
proxy.config.http.server_session_sharing.match
. Valid values are:
値 | Description |
---|---|
global |
Re-use sessions from a global pool of all server sessions. |
thread |
Re-use sessions from a per-thread pool. |
-
proxy.config.http.attach_server_session_to_client
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 0 |
Overridable: | Yes |
Control the re-use of an server session by a user agent (client) session.
If a user agent performs more than one HTTP transaction on its connection to Traffic Server a server session must be obtained for the second (and subsequent) transaction as for the first. This settings affects how that server session is selected.
If this setting is 0
then after the first transaction the server session for that transaction is released to the
server pool (if any). When a server session is needed for subsequent transactions one is selected from the server
pool or created if there is no suitable server session in the pool.
If this setting is not 0
then the current server session for the user agent session is "sticky". It will be
preferred to any other server session (either from the pool or newly created). The server session will be detached
from the user agent session only if it cannot be used for the transaction. This is determined by the
proxy.config.http.server_session_sharing.match
value. If the server session matches the next transaction
according to this setting then it will be used, otherwise it will be released to the pool and a different session
selected or created.
-
proxy.config.http.safe_requests_retryable
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 1 |
Overridable: | Yes |
This setting, on by default, allows requests which are considered safe to be retried on an error. See https://tools.ietf.org/html/rfc7231#section-4.2.1 to RFC for details on which request methods are considered safe.
If this setting is 0
then ATS retries a failed origin server request only if the bytes sent by ATS
are not acknowledged by the origin server.
If this setting is 1
then ATS retries all the safe methods to a failed origin server irrespective of
previous connection failure status.
-
proxy.config.http.record_heartbeat
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 0 |
Reloadable: | Yes |
Enables (1
) or disables (0
) traffic_cop heartbeat logging.
-
proxy.config.http.use_client_target_addr
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 0 |
For fully transparent ports use the same origin server address as the client.
This option causes Traffic Server to avoid where possible doing DNS lookups in forward transparent proxy mode. The option is only effective if the following three conditions are true:
- Traffic Server is in forward proxy mode.
- The proxy port is inbound transparent.
- The target URL has not been modified by either remapping or a plugin.
If any of these conditions are not true, then normal DNS processing is done for the connection.
There are three valid values.
値 | Description |
---|---|
0 |
Disables the feature. |
1 |
Enables the feature with address verification. The proxy does the regular DNS processing. If the client-specified origin address is not in the set of addresses found by the proxy, the request continues to the client specified address, but the result is not cached. |
2 |
Enables the feature with no address verification. No DNS processing is
performed. The result is cached (if allowed otherwise). This option is
vulnerable to cache poisoning if an incorrect Host header is
specified, so this option should be used with extreme caution. See
bug TS-2954 for details. |
If all of these conditions are met, then the origin server IP address is retrieved from the original client connection, rather than through HostDB or DNS lookup. In effect, client DNS resolution is used instead of Traffic Server DNS.
This can be used to be a little more efficient (looking up the target once by the client rather than by both the client and Traffic Server) but the primary use is when client DNS resolution can differ from that of Traffic Server. Two known uses cases are:
- Embedded IP addresses in a protocol with DNS load sharing. In this case, even though Traffic Server and the client both make the same request to the same DNS resolver chain, they may get different origin server addresses. If the address is embedded in the protocol then the overall exchange will fail. One current example is Microsoft Windows update, which presumably embeds the address as a security measure.
- The client has access to local DNS zone information which is not available to Traffic Server. There are corporate nets with local DNS information for internal servers which, by design, is not propagated outside the core corporate network. Depending a network topology it can be the case that Traffic Server can access the servers by IP address but cannot resolve such addresses by name. In such as case the client supplied target address must be used.
This solution must be considered interim. In the longer term, it should be possible to arrange for much finer grained control of DNS lookup so that wildcard domain can be set to use Traffic Server or client resolution. In both known use cases, marking specific domains as client determined (rather than a single global switch) would suffice. It is possible to do this crudely with this flag by enabling it and then use identity URL mappings to re-disable it for specific domains.
-
proxy.config.http.keep_alive_enabled_in
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 1 |
Overridable: | Yes |
入ってくる接続の keep-alive を有効化 (1
) または無効化 (0
) します。
-
proxy.config.http.keep_alive_enabled_out
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 1 |
Overridable: | Yes |
出て行く接続の keep-alive を有効化 (1
) または無効化 (0
) します。
注釈
Enabling keep-alive does not automatically enable purging of keep-alive
requests when nearing the connection limit, that is controlled by
proxy.config.http.server_max_connections
.
-
proxy.config.http.keep_alive_post_out
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 1 |
Overridable: | Yes |
Controls whether new POST requests re-use keep-alive sessions (1
) or
create new connections per request (0
).
-
proxy.config.http.disallow_post_100_continue
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 0 |
Allows you to return a 405 Method Not Supported with Posts also containing an Expect: 100-continue.
When a Post w/ Expect: 100-continue is blocked the stat proxy.process.http.disallowed_post_100_continue will be incremented.
-
proxy.config.http.default_buffer_size
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 8 |
Configures the default buffer size, in bytes, to allocate for incoming
request bodies which lack a Content-length
header.
-
proxy.config.http.default_buffer_water_mark
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 32768 |
-
proxy.config.http.request_header_max_size
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 131072 |
Controls the maximum size, in bytes, of an HTTP header in requests. Headers in a request which exceed this size will cause the entire request to be treated as invalid and rejected by the proxy.
-
proxy.config.http.response_header_max_size
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 131072 |
Controls the maximum size, in bytes, of headers in HTTP responses from the proxy. Any responses with a header exceeding this limit will be treated as invalid and a client error will be returned instead.
-
proxy.config.http.global_user_agent_header
¶
Scope: | CONFIG |
---|---|
Type: | STRING |
Default: | null |
Overridable: | Yes |
An arbitrary string value that, if set, will be used to replace any request
User-Agent
header.
-
proxy.config.http.strict_uri_parsing
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 0 |
Enables (1
) or disables (0
) Traffic Server to return a 400 Bad Request
if client's request URI includes character which is not RFC 3986 compliant
-
proxy.config.http.errors.log_error_pages
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 1 |
Reloadable: | Yes |
Enables (1
) or disables (0
) the logging of responses to bad requests
to the error logging destination. Disabling this option prevents error
responses (such as 403
s) from appearing in the error logs. Any HTTP
response status codes equal to, or higher, than the minimum code defined by
TS_HTTP_STATUS_BAD_REQUEST
are affected by this setting.
Parent Proxy Configuration¶
-
proxy.config.http.parent_proxy_routing_enable
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 0 |
Reloadable: | Yes |
Enables (1
) or disables (0
) the parent caching option. Refer to Hierarchical Caching.
-
proxy.config.http.parent_proxy.retry_time
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 300 |
Reloadable: | Yes |
Overridable: | Yes |
The amount of time allowed between connection retries to a parent cache that is unavailable.
-
proxy.config.http.parent_proxy.fail_threshold
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 10 |
Reloadable: | Yes |
Overridable: | Yes |
The number of times the connection to the parent cache can fail before Traffic Server considers the parent unavailable.
-
proxy.config.http.parent_proxy.total_connect_attempts
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 4 |
Reloadable: | Yes |
Overridable: | Yes |
The total number of connection attempts for a specific transaction allowed to
a parent cache before Traffic Server bypasses the parent or fails the request
(depending on the go_direct
option in the parent.config
file). The
number of parents tried is
proxy.config.http.parent_proxy.fail_threshold / proxy.config.http.parent_proxy.total_connect_attempts
-
proxy.config.http.parent_proxy.per_parent_connect_attempts
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 2 |
Reloadable: | Yes |
Overridable: | Yes |
The total number of connection attempts allowed per parent for a specific transaction, if multiple parents are used.
-
proxy.config.http.parent_proxy.connect_attempts_timeout
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 30 |
Reloadable: | Yes |
Overridable: | Yes |
The timeout value (in seconds) for parent cache connection attempts.
See Timeout Settings for more discussion on Traffic Server timeouts.
-
proxy.config.http.parent_proxy.mark_down_hostdb
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 0 |
Reloadable: | Yes |
Overridable: | Yes |
Enables (1
) or disables (0
) marking parent proxies down in hostdb when a connection
error is detected. Normally parent selection manages parent proxies and will mark them as unavailable
as needed. But when parents are defined in dns with multiple ip addresses, it may be useful to mark the
failing ip down in hostdb. In this case you would enable these updates.
-
proxy.config.http.forward.proxy_auth_to_parent
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 0 |
Reloadable: | Yes |
Overridable: | Yes |
Configures Traffic Server to send proxy authentication headers on to the parent cache.
-
proxy.config.http.no_dns_just_forward_to_parent
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 0 |
Reloadable: | Yes |
Don't try to resolve DNS, forward all DNS requests to the parent. This is off (0
) by default.
-
proxy.local.http.parent_proxy.disable_connect_tunneling
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 0 |
HTTP 接続タイムアウト¶
-
proxy.config.http.keep_alive_no_activity_timeout_in
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 120 |
Reloadable: | Yes |
Overridable: | Yes |
Specifies how long Traffic Server keeps connections to clients open for a
subsequent request after a transaction ends. A value of 0
will disable
the no activity timeout.
See Timeout Settings for more discussion on Traffic Server timeouts.
-
proxy.config.http.keep_alive_no_activity_timeout_out
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 120 |
Reloadable: | Yes |
Overridable: | Yes |
Specifies how long Traffic Server keeps connections to origin servers open
for a subsequent transfer of data after a transaction ends. A value of
0
will disable the no activity timeout.
See Timeout Settings for more discussion on Traffic Server timeouts.
-
proxy.config.http.transaction_no_activity_timeout_in
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 30 |
Reloadable: | Yes |
Overridable: | Yes |
トランザクションがストールした場合に Traffic Server がクライアントとの接続をどれだけ長く維持するかを指定します。
See Timeout Settings for more discussion on Traffic Server timeouts.
-
proxy.config.http.transaction_no_activity_timeout_out
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 30 |
Reloadable: | Yes |
Overridable: | Yes |
トランザクションがストールした場合に Traffic Server がオリジンサーバーとの接続をどれだけ長く維持するかを指定します。
See Timeout Settings for more discussion on Traffic Server timeouts.
-
proxy.config.websocket.no_activity_timeout
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 600 |
Reloadable: | Yes |
Overridable: | Yes |
Specifies how long Traffic Server keeps connections open if a websocket stalls.
See Timeout Settings for more discussion on Traffic Server timeouts.
-
proxy.config.websocket.active_timeout
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 3600 |
Reloadable: | Yes |
Overridable: | Yes |
The maximum amount of time Traffic Server keeps websocket connections open.
See Timeout Settings for more discussion on Traffic Server timeouts.
-
proxy.config.http.transaction_active_timeout_in
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 900 |
Reloadable: | Yes |
Overridable: | Yes |
Traffic Server がクライアントと接続していられる最大時間です。クライアントへの転送がこのタイムアウトまでに完了しない場合、Traffic Server は接続を閉じます。
The value of 0
specifies that there is no timeout.
See Timeout Settings for more discussion on Traffic Server timeouts.
-
proxy.config.http.transaction_active_timeout_out
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 0 |
Reloadable: | Yes |
Overridable: | Yes |
Traffic Server がオリジンサーバーへの接続要求を完了するまでに待機できる最大時間です。Traffic Server がオリジンサーバーへの転送をタイムアウトまでに完了しない場合、Traffic Server は接続要求を終了します。
デフォルト値 0
はタイムアウト無しを指定しています。
See Timeout Settings for more discussion on Traffic Server timeouts.
-
proxy.config.http.accept_no_activity_timeout
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 120 |
Reloadable: | Yes |
Traffic Server が活動のない接続をクローズするまでの秒数です。
See Timeout Settings for more discussion on Traffic Server timeouts.
-
proxy.config.http.background_fill_active_timeout
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 0 |
Reloadable: | Yes |
Overridable: | Yes |
オリジンサーバーとの接続を放棄する前に Traffic Server が background fill を継続する時間を指定します。
See Timeout Settings for more discussion on Traffic Server timeouts.
-
proxy.config.http.background_fill_completed_threshold
¶
Scope: | CONFIG |
---|---|
Type: | FLOAT |
Default: | 0.0 |
Reloadable: | Yes |
Overridable: | Yes |
ドキュメントを取得してキャッシュに入れるためにプロキシーがオリジンサーバーからその取得を継続するクライアントが中断した時点ですでに転送済みのドキュメントの総サイズに対する割合 (background fill) 。
HTTP Redirection¶
-
proxy.config.http.redirection_enabled
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 0 |
Reloadable: | Yes |
Overridable: | Yes |
This setting indicates whether Trafficserver does a redirect follow location on receiving a 3XX Redirect response from the Origin server. The redirection attempt is transparent to the client and the client is served the final response from the redirected-to location.
-
proxy.config.http.number_of_redirections
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 1 |
Reloadable: | Yes |
Overridable: | Yes |
This setting determines the maximum number of times Trafficserver does a redirect follow location on receiving a 3XX Redirect response for a given client request.
-
proxy.config.http.redirect_host_no_port
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 1 |
This setting enables Trafficserver to not include the port in the Host header in the redirect follow request for default/standard ports (e.g. 80 for HTTP and 443 for HTTPS). Note that the port is still included in the Host header if it's non-default.
-
proxy.config.http.redirect_use_orig_cache_key
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 0 |
Reloadable: | Yes |
Overridable: | Yes |
This setting enables Trafficserver to allow using original request cache key (for example, set using a TS API) during a 3xx redirect follow. The default behavior (0) is to use the URL specified by Location header in the 3xx response as the cache key.
オリジンサーバーへの接続の試行¶
-
proxy.config.http.connect_attempts_max_retries
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 3 |
Reloadable: | Yes |
Overridable: | Yes |
The maximum number of connection retries Traffic Server can make when the origin server is not responding. Each retry attempt lasts for proxy.config.http.connect_attempts_timeout seconds. Once the maximum number of retries is reached, the origin is marked dead. After this, the setting proxy.config.http.connect_attempts_max_retries_dead_server is used to limit the number of retry attempts to the known dead origin.
-
proxy.config.http.connect_attempts_max_retries_dead_server
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 1 |
Reloadable: | Yes |
Overridable: | Yes |
Maximum number of connection retries Traffic Server can make while an origin is marked dead. Typically this value is smaller than proxy.config.http.connect_attempts_max_retries so an error is returned to the client faster and also to reduce the load on the dead origin. The timeout interval proxy.config.http.connect_attempts_timeout in seconds is used with this setting.
-
proxy.config.http.server_max_connections
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 0 |
Reloadable: | Yes |
全オリジンサーバーにおけるソケットの接続数を指定した値に制限します。無効化するには、ゼロ (0
) を設定してください。
This value is used in determining when and if to prune active origin sessions. Without this value set, connections to origins can consume all the way up to ts:cv:proxy.config.net.connections_throttle connections, which in turn can starve incoming requests from available connections.
-
proxy.config.http.origin_max_connections
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 0 |
Reloadable: | Yes |
Overridable: | Yes |
オリジンサーバー毎のソケットの接続数を指定した値に制限します。有効化するには、イチ (1
) を設定してください。
-
proxy.config.http.origin_max_connections_queue
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | -1 |
Reloadable: | Yes |
Overridable: | Yes |
Limits the number of requests to be queued when the proxy.config.http.origin_max_connections
is reached.
When disabled (-1
) requests are will wait indefinitely for an available connection. When set to 0
all
requests past the proxy.config.http.origin_max_connections
will immediately fail. When set to >0
ATS will queue that many requests to go to the origin, any additional requests past the limit will immediately fail.
-
proxy.config.http.origin_min_keep_alive_connections
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 0 |
Reloadable: | Yes |
接続済みのオリジンサーバーへの接続として、接続が長い期間使われていない場合でも少なくとも 'n' 個の接続を維持します。オリジンが keep-alive に対応している場合に便利であり、(不活発な) 接続の追加により次のリクエストから新しい接続の準備に必要となる時間を不要とします。有効化するには、イチ (1
) を設定してください。
-
proxy.config.http.connect_attempts_rr_retries
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 3 |
Reloadable: | Yes |
Overridable: | Yes |
サーバーがラウンドロビンの DNS エントリーを持っている場合に、一つのラウンドロビンエントリーが '落ちてる' とマークされるまでに許される接続失敗の最大数。
-
proxy.config.http.connect_attempts_timeout
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 30 |
Reloadable: | Yes |
Overridable: | Yes |
The timeout value (in seconds) for time to first byte for an origin server connection.
See Timeout Settings for more discussion on Traffic Server timeouts.
-
proxy.config.http.post_connect_attempts_timeout
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 1800 |
Reloadable: | Yes |
Overridable: | Yes |
クライアントのリクエストが POST
か PUT
リクエストのときのオリジンサーバーへの接続のタイムアウト値 ( 秒 ) 。
See Timeout Settings for more discussion on Traffic Server timeouts.
-
proxy.config.http.post.check.content_length.enabled
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 1 |
Enables (1
) or disables (0
) checking the Content-Length: Header for a POST request.
-
proxy.config.http.down_server.cache_time
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 60 |
Reloadable: | Yes |
Overridable: | Yes |
オリジンサーバーが到達不可能であったと Traffic Server が覚えている長さ ( 秒 ) を指定します。
-
proxy.config.http.down_server.abort_threshold
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 10 |
Reloadable: | Yes |
Overridable: | Yes |
オリジンサーバーがレスポンスヘッダーを返すのが遅すぎるためにクライアントがリクエストを断念した後で、Traffic Server がオリジンサーバーを到達不能とマークするまでの秒数。
-
proxy.config.http.uncacheable_requests_bypass_parent
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 1 |
Reloadable: | Yes |
Overridable: | Yes |
有効化 (1) すると、Traffic Server はキャッシュできないリクエストで親プロキシーをバイパスします。
輻輳制御¶
-
proxy.config.http.congestion_control.enabled
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 0 |
輻輳制御オプションを有効化 (1
) もしくは無効化 (0
) し、オリジンサーバーが輻輳した際に Traffic Server が HTTP リクエストを転送するのを止めます。Traffic Server は後で輻輳しているオリジンサーバーに再試行するためにクライアントにメッセージを送信します。輻輳制御 を参照してください。
-
proxy.config.http.flow_control.enabled
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 0 |
Overridable: | Yes |
非ゼロ値を設定するとトランザクションのバッファリング / フロー制御が有効化されます。そうでない場合はフロー制御は行われません。
-
proxy.config.http.flow_control.high_water
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 0 |
Units: | bytes |
Overridable: | Yes |
トランザクションのバッファー制御用の high water マークです。使用中の総バッファー領域がこの値に達すると外部ソース I/O が停止されます。
-
proxy.config.http.flow_control.low_water
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 0 |
Units: | bytes |
Overridable: | Yes |
トランザクションのバッファー制御用の low water マークです。使用中の総バッファー領域がこの値より少なくなると外部ソース I/O が再開されます。
-
proxy.config.http.websocket.max_number_of_connections
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | -1 |
Reloadable: | Yes |
When enabled >= (0
), Traffic Server will enforce a maximum number of simultaneous websocket connections.
ネガティブレスポンスキャッシュ¶
-
proxy.config.http.negative_caching_enabled
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 0 |
Reloadable: | Yes |
Overridable: | Yes |
When enabled (1
), Traffic Server caches negative responses (such as 404 Not Found
)
when a requested page does not exist. The next time a client requests the
same page, Traffic Server serves the negative response directly from cache.
When disabled (0
), Traffic Server will only cache the response if the response has
Cache-Control
headers.
The following negative responses are cached by Traffic Server:
HTTP Response Code | Description |
---|---|
204 |
No Content |
305 |
Use Proxy |
403 |
Forbidden |
404 |
Not Found |
414 |
URI Too Long |
500 |
Internal Server Error |
501 |
Not Implemented |
502 |
Bad Gateway |
503 |
Service Unavailable |
504 |
Gateway Timeout |
この設定によりキャッシュされたオブジェクトのキャッシュライフタイムは proxy.config.http.negative_caching_lifetime
により制御されます。
-
proxy.config.http.negative_caching_lifetime
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 1800 |
Overridable: | Yes |
How long (in seconds) Traffic Server keeps the negative responses valid in cache. This value only affects negative
responses that do NOT have explicit Expires:
or Cache-Control:
lifetimes set by the server.
-
proxy.config.http.negative_revalidating_enabled
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 0 |
Enables (1
) or disables (0
) forcing revalidation of cached documents
when Traffic Server receives a negative (5xx
only) response from the origin server.
-
proxy.config.http.negative_revalidating_lifetime
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 1800 |
How long, in seconds, to consider a stale cached document valid if during the
revalidation attempt Traffic Server receives a negative (5xx
only) response from
the origin server.
Proxy User Variables¶
-
proxy.config.http.anonymize_remove_from
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 0 |
Reloadable: | Yes |
Overridable: | Yes |
When enabled (1
), Traffic Server removes the From
header to protect the privacy of your users.
-
proxy.config.http.anonymize_remove_referer
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 0 |
Reloadable: | Yes |
When enabled (1
), Traffic Server removes the Referrer
header to protect the privacy of your site and users.
-
proxy.config.http.anonymize_remove_user_agent
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 0 |
Reloadable: | Yes |
Overridable: | Yes |
When enabled (1
), Traffic Server removes the User-agent
header to protect the privacy of your site and users.
-
proxy.config.http.anonymize_remove_cookie
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 0 |
Reloadable: | Yes |
Overridable: | Yes |
When enabled (1
), Traffic Server removes the Cookie
header to protect the privacy of your site and users.
-
proxy.config.http.anonymize_remove_client_ip
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 0 |
Reloadable: | Yes |
Overridable: | Yes |
When enabled (1
), Traffic Server removes Client-IP
headers for more privacy.
-
proxy.config.http.insert_client_ip
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 1 |
Reloadable: | Yes |
Overridable: | Yes |
When enabled (1
), Traffic Server inserts Client-IP
headers to retain the client IP address.
-
proxy.config.http.anonymize_other_header_list
¶
Scope: | CONFIG |
---|---|
Type: | STRING |
Default: | NULL |
Reloadable: | Yes |
Comma separated list of headers Traffic Server should remove from outgoing requests.
-
proxy.config.http.insert_squid_x_forwarded_for
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 1 |
Reloadable: | Yes |
Overridable: | Yes |
When enabled (1
), Traffic Server adds the client IP address to the X-Forwarded-For
header.
-
proxy.config.http.normalize_ae_gzip
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 1 |
Reloadable: | Yes |
Overridable: | Yes |
Enable (1
) to normalize all Accept-Encoding:
headers to one of the following:
Accept-Encoding: gzip
(if the header hasgzip
orx-gzip
with anyq
) OR- blank (for any header that does not include
gzip
)
This is useful for minimizing cached alternates of documents (e.g. gzip, deflate
vs. deflate, gzip
). Enabling this option is
recommended if your origin servers use no encodings other than gzip
.
Security¶
-
proxy.config.http.push_method_enabled
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 0 |
Reloadable: | Yes |
Enables (1
) or disables (0
) the HTTP PUSH
option, which allows you to deliver content directly to the cache without a user
request.
重要
If you enable this option, then you must also specify a filtering rule in the ip_allow.config file to allow only certain machines to push content into the cache.
-
proxy.config.http.max_post_size
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 0 |
Reloadable: | Yes |
This feature is disabled by default with a value of (0
), any positive
value will limit the size of post bodies. If a request is received with a
post body larger than this limit the response will be terminated with
413 - Request Entity Too Large and logged accordingly.
-
proxy.config.http.allow_multi_range
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 0 |
Reloadable: | Yes |
Overridable: | Yes |
This option allows the administrator to configure different behavior and
handling of requests with multiple ranges in the Range
header.
値 | Description |
---|---|
0 |
Do not allow multiple ranges, effectively ignoring the Range header |
1 |
Allows multiple ranges. This can be potentially dangerous since well formed requests can cause excessive resource consumption on the server. |
2 |
Similar to 0, except return a 416 error code and no response body. |
Cache Control¶
-
proxy.config.cache.enable_read_while_writer
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 1 |
Reloadable: | Yes |
Specifies when to enable the ability to read a cached object while another connection is completing the write to cache for that same object. The goal here is to avoid multiple origin connections for the same cacheable object upon a cache miss. The possible values of this config are:
値 | Description |
---|---|
0 |
Never read while writing. |
1 |
Always read while writing. |
2 |
Always read while writing, but allow non-cached Range requests
through to the origin server. |
The 2
option is useful to avoid delaying requests which can not easily
be satisfied by the partially written response.
Several other configuration values need to be set for this to be usable. See オリジンサーバーへのリクエストの削減(Thundering Herd 問題を避ける).
-
proxy.config.cache.read_while_writer.max_retries
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 10 |
Reloadable: | Yes |
Specifies how many retries trafficserver attempts to trigger read_while_writer on failing
to obtain the write VC mutex or until the first fragment is downloaded for the
object being downloaded. The retry duration is specified using the setting
proxy.config.cache.read_while_writer_retry.delay
-
proxy.config.cache.read_while_writer_retry.delay
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 50 |
Reloadable: | Yes |
Specifies the delay in msec, trafficserver waits to reattempt read_while_writer on failing to obtain the write VC mutex or until the first fragment is downloaded for the object being downloaded. Note that trafficserver implements a progressive delay in reattempting, by doubling the configured duration from the third reattempt onwards.
-
proxy.config.cache.force_sector_size
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 0 |
Reloadable: | Yes |
Forces the use of a specific hardware sector size, e.g. 4096, for all disks.
SSDs and "advanced format” drives claim a sector size of 512; however, it is safe to force a higher size than the hardware supports natively as we count atomicity in 512 byte increments.
4096-sized drives formatted for Windows will have partitions aligned on 63 512-byte sector boundaries, so they will be unaligned. There are workarounds, but you need to do some research on your particular drive. Some drives have a one-time option to switch the partition boundary, while others might require reformatting or repartitioning.
To be safe in Linux, you could just use the entire drive: /dev/sdb
instead of /dev/sdb1
and
Traffic Server will do the right thing. Misaligned partitions on Linux are auto-detected.
For example: If /sys/block/sda/sda1/alignment_offset
is non-zero, ATS will offset reads/writes to
that disk by that alignment. If Linux knows about any existing partition misalignments, ATS will compensate.
Partitions formatted to support hardware sector size of more than 512 (e.g. 4096) will result in all objects stored in the cache to be integral multiples of 4096 bytes, which will result in some waste for small files.
-
proxy.config.http.cache.http
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 1 |
Reloadable: | Yes |
Overridable: | Yes |
Enables (1
) or disables (0
) caching of HTTP requests.
-
proxy.config.http.cache.generation
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | -1 |
Reloadable: | Yes |
Overridable: | Yes |
If set to a value other than -1
, the value if this configuration
option is combined with the cache key at cache lookup time.
Changing this value has the effect of an instantaneous, zero-cost
cache purge since it will cause all subsequent cache keys to
change. Since this is an overrideable configuration, it can be
used to purge the entire cache, or just a specific remap.config
rule.
-
proxy.config.http.cache.allow_empty_doc
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 1 |
Reloadable: | Yes |
Deprecated: | Yes |
Enables (1
) or disables (0
) caching objects that have an empty
response body. This is particularly useful for caching 301 or 302 responses
with a Location
header but no document body. This only works if the
origin response also has a Content-Length
header.
-
proxy.config.http.doc_in_cache_skip_dns
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 1 |
Reloadable: | Yes |
Overridable: | Yes |
When enabled (1
), do not perform origin server DNS resolution if a fresh
copy of the requested document is available in the cache. This setting has
no effect if HTTP caching is disabled or if there are IP based ACLs
configured.
Note that plugins, particularly authorization plugins, which use the
TS_HTTP_OS_DNS_HOOK
hook may require this configuration variable
to be disabled (0
) in order to function properly. This will ensure that
the hook will be evaluated and plugin execution will occur even when there
is a fresh copy of the requested object in the cache (which would normally
allow the DNS lookup to be skipped, thus eliminating the hook evaluation).
The downside is that the performance gain by skipping otherwise unnecessary
DNS lookups is lost. Because the variable is overridable, you may retain
this performance benefit for portions of your cache which do not require the
use of TS_HTTP_OS_DNS_HOOK
plugins, by ensuring that the setting
is first disabled within only the relevant transactions. Refer to the
documentation on Configuration Remap Plugin for more information.
-
proxy.config.http.cache.ignore_client_no_cache
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 1 |
Reloadable: | Yes |
Overridable: | Yes |
When enabled (1
), Traffic Server ignores client requests to bypass the cache.
-
proxy.config.http.cache.ims_on_client_no_cache
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 1 |
Reloadable: | Yes |
Overridable: | Yes |
When enabled (1
), Traffic Server issues a conditional request to the origin server if an incoming request has a No-Cache
header.
-
proxy.config.http.cache.ignore_server_no_cache
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 0 |
Reloadable: | Yes |
Overridable: | Yes |
When enabled (1
), Traffic Server ignores origin server requests to bypass the cache.
-
proxy.config.http.cache.cache_responses_to_cookies
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 1 |
Reloadable: | Yes |
Overridable: | Yes |
Specifies how cookies are cached:
値 | Description |
---|---|
0 |
Do not cache any responses to cookies. |
1 |
Cache for any content-type. |
2 |
Cache only for image types. |
3 |
Cache for all but text content-types. |
4 |
Cache for all but text content-types; except origin server response
without Set-Cookie or with Cache-Control: public . |
-
proxy.config.http.cache.ignore_authentication
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 0 |
Overridable: | Yes |
When enabled (1
), Traffic Server ignores WWW-Authentication
headers in responses WWW-Authentication
headers are removed and
not cached.
-
proxy.config.http.cache.cache_urls_that_look_dynamic
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 1 |
Reloadable: | Yes |
Overridable: | Yes |
Enables (1
) or disables (0
) caching of URLs that look dynamic, i.e.: URLs that end in .asp
or contain a question
mark (?
), a semicolon (;
), or cgi
. For a full list, please refer to
HttpTransact::url_looks_dynamic
-
proxy.config.http.cache.enable_default_vary_headers
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 0 |
Reloadable: | Yes |
Enables (1
) or disables (0
) caching of alternate versions of HTTP objects that do not contain the Vary
header.
-
proxy.config.http.cache.when_to_revalidate
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 0 |
Reloadable: | Yes |
Overridable: | Yes |
Specifies when to revalidate content:
値 | Description |
---|---|
0 |
Use cache directives or heuristic (the default value). |
1 |
Stale if heuristic. |
2 |
Always stale (always revalidate). |
3 |
Never stale. |
4 |
Use cache directives or heuristic (0) unless the request has an
If-Modified-Since header. |
If the request contains the If-Modified-Since
header, then Traffic Server always
revalidates the cached content and uses the client's If-Modified-Since
header for the proxy request.
-
proxy.config.http.cache.required_headers
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 2 |
Reloadable: | Yes |
Overridable: | Yes |
The type of headers required in a request for the request to be cacheable.
値 | Description |
---|---|
0 |
No headers required to make document cacheable. |
1 |
Either the Last-Modified header, or an explicit lifetime header
(Expires or Cache-Control: max-age ) is required. |
2 |
Explicit lifetime is required, from either Expires or
Cache-Control: max-age . |
-
proxy.config.http.cache.max_stale_age
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 604800 |
Reloadable: | Yes |
Overridable: | Yes |
The maximum age allowed for a stale response before it cannot be cached.
-
proxy.config.http.cache.range.lookup
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 1 |
Overridable: | Yes |
When enabled (1
), Traffic Server looks up range requests in the cache.
-
proxy.config.http.cache.range.write
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 0 |
Overridable: | Yes |
When enabled (1
), Traffic Server will attempt to write (lock) the URL
to cache. This is rarely useful (at the moment), since it'll only be able
to write to cache if the origin has ignored the Range:
header. For a use
case where you know the origin will respond with a full (200
) response,
you can turn this on to allow it to be cached.
-
proxy.config.http.cache.ignore_accept_mismatch
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 2 |
Reloadable: | Yes |
When enabled with a value of 1
, Traffic Server serves documents from cache with a
Content-Type:
header even if it does not match the Accept:
header of the
request. If set to 2
(default), this logic only happens in the absence of a
Vary
header in the cached response (which is the recommended and safe use).
注釈
This option should only be enabled with 1
if you're having
problems with caching and you origin server doesn't set the Vary
header. Alternatively, if the origin is incorrectly setting
Vary: Accept
or doesn't respond with 406 (Not Acceptable)
,
you can also enable this configuration with a 1
.
-
proxy.config.http.cache.ignore_accept_language_mismatch
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 2 |
Reloadable: | Yes |
When enabled with a value of 1
, Traffic Server serves documents from cache with a
Content-Language:
header even if it does not match the Accept-Language:
header of the request. If set to 2
(default), this logic only happens in the absence of a
Vary
header in the cached response (which is the recommended and safe use).
注釈
This option should only be enabled with 1
if you're having
problems with caching and you origin server doesn't set the Vary
header. Alternatively, if the origin is incorrectly setting
Vary: Accept-Language
or doesn't respond with 406 (Not Acceptable)
,
you can also enable this configuration with a 1
.
-
proxy.config.http.cache.ignore_accept_encoding_mismatch
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 2 |
Reloadable: | Yes |
When enabled with a value of 1
, Traffic Server serves documents from cache with a
Content-Encoding:
header even if it does not match the Accept-Encoding:
header of the request. If set to 2
(default), this logic only happens in the absence of a
Vary
header in the cached response (which is the recommended and safe use).
注釈
This option should only be enabled with 1
if you're having
problems with caching and you origin server doesn't set the Vary
header. Alternatively, if the origin is incorrectly setting
Vary: Accept-Encoding
or doesn't respond with 406 (Not Acceptable)
you can also enable this configuration with a 1
.
-
proxy.config.http.cache.ignore_accept_charset_mismatch
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 2 |
Reloadable: | Yes |
When enabled with a value of 1
, Traffic Server serves documents from cache with a
Content-Type:
header even if it does not match the Accept-Charset:
header
of the request. If set to 2
(default), this logic only happens in the absence of a
Vary
header in the cached response (which is the recommended and safe use).
注釈
This option should only be enabled with 1
if you're having
problems with caching and you origin server doesn't set the Vary
header. Alternatively, if the origin is incorrectly setting
Vary: Accept-Charset
or doesn't respond with 406 (Not Acceptable)
,
you can also enable this configuration with a 1
.
-
proxy.config.http.cache.ignore_client_cc_max_age
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 1 |
Reloadable: | Yes |
Overridable: | Yes |
When enabled (1
), Traffic Server ignores any Cache-Control:
max-age
headers from the client. This technically violates the HTTP RFC,
but avoids a problem where a client can forcefully invalidate a cached object.
-
proxy.config.cache.max_doc_size
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 0 |
Specifies the maximum object size that will be cached. 0
is unlimited.
-
proxy.config.cache.min_average_object_size
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 8000 |
Specifies the lower boundary of average object sizes in the cache and is used in determining the number of directory buckets to allocate for the in-memory cache directory.
-
proxy.config.cache.permit.pinning
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 0 |
Reloadable: | Yes |
When enabled (1
), Traffic Server will keep certain HTTP objects in the cache for a certain time as specified in cache.config.
-
proxy.config.cache.hit_evacuate_percent
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 0 |
The size of the region (as a percentage of the total content storage in a cache stripe) in front of the write cursor that constitutes a recent access hit for evacutating the accessed object.
When an object is accessed it can be marked for evacuation, that is to be copied over the write cursor and thereby preserved from being overwritten. This is done if it is no more than a specific number of bytes in front of the write cursor. The number of bytes is a percentage of the total number of bytes of content storage in the cache stripe where the object is stored and that percentage is set by this variable.
By default, the feature is off (set to 0).
-
proxy.config.cache.hit_evacuate_size_limit
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 0 |
Units: | bytes |
Limit the size of objects that are hit evacuated.
Objects larger than the limit are not hit evacuated. A value of 0 disables the limit.
-
proxy.config.cache.limits.http.max_alts
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 5 |
The maximum number of alternates that are allowed for any given URL. Disable by setting to 0.
-
proxy.config.cache.target_fragment_size
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 1048576 |
Sets the target size of a contiguous fragment of a file in the disk cache. When setting this, consider that larger numbers could waste memory on slow connections, but smaller numbers could increase (waste) seeks.
-
proxy.config.cache.alt_rewrite_max_size
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 4096 |
Configures the size, in bytes, of an alternate that will be considered
small enough to trigger a rewrite of the resident alt fragment within a
write vector. For further details on cache write vectors, refer to the
developer documentation for CacheVC
.
RAM Cache¶
-
proxy.config.cache.ram_cache.size
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | -1 |
By default the RAM cache size is automatically determined, based on disk cache size; approximately 10 MB of RAM cache per GB of disk cache. Alternatively, it can be set to a fixed value such as 20GB (21474836480)
-
proxy.config.cache.ram_cache_cutoff
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 4194304 |
Objects greater than this size will not be kept in the RAM cache. This should be set high enough to keep objects accessed frequently in memory in order to improve performance. 4MB (4194304)
-
proxy.config.cache.ram_cache.algorithm
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 1 |
Two distinct RAM caches are supported, the default (0) being the CLFUS (Clocked Least Frequently Used by Size). As an alternative, a simpler LRU (Least Recently Used) cache is also available, by changing this configuration to 1.
-
proxy.config.cache.ram_cache.use_seen_filter
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 1 |
Enabling this option will filter inserts into the RAM cache to ensure that they have been seen at least once. For the LRU, this provides scan resistance. Note that CLFUS already requires that a document have history before it is inserted, so for CLFUS, setting this option means that a document must be seen three times before it is added to the RAM cache.
-
proxy.config.cache.ram_cache.compress
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 0 |
The CLFUS RAM cache also supports an optional in-memory compression.
This is not to be confused with Content-Encoding: gzip
compression.
The RAM cache compression is intended to try to save space in the RAM,
and is not visible to the User-Agent (client).
Possible values are:
値 | Description |
---|---|
0 |
No compression |
1 |
Fastlz (extremely fast, relatively low compression) |
2 |
Libz (moderate speed, reasonable compression) |
3 |
Liblzma (very slow, high compression) |
Compression runs on task threads. To use more cores for RAM cache
compression, increase proxy.config.task_threads
.
Heuristic Expiration¶
-
proxy.config.http.cache.heuristic_min_lifetime
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 3600 |
Reloadable: | Yes |
Overridable: | Yes |
The minimum amount of time, in seconds, an HTTP object without an expiration date can remain fresh in the cache before is considered to be stale.
-
proxy.config.http.cache.heuristic_max_lifetime
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 86400 |
Reloadable: | Yes |
Overridable: | Yes |
The maximum amount of time, in seconds, an HTTP object without an expiration date can remain fresh in the cache before is considered to be stale.
-
proxy.config.http.cache.heuristic_lm_factor
¶
Scope: | CONFIG |
---|---|
Type: | FLOAT |
Default: | 0.10 |
Reloadable: | Yes |
Overridable: | Yes |
The aging factor for freshness computations. Traffic Server stores an object for this percentage of the time that elapsed since it last changed.
-
proxy.config.http.cache.guaranteed_min_lifetime
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 0 |
Reloadable: | Yes |
Overridable: | Yes |
Establishes a guaranteed minimum lifetime boundary for freshness heuristics.
When heuristics are used, and the proxy.config.http.cache.heuristic_lm_factor
aging factor is applied, the final minimum age calculated will never be
lower than the value in this variable.
-
proxy.config.http.cache.guaranteed_max_lifetime
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 31536000 |
Reloadable: | Yes |
Overridable: | Yes |
Establishes a guaranteed maximum lifetime boundary for freshness heuristics.
When heuristics are used, and the proxy.config.http.cache.heuristic_lm_factor
aging factor is applied, the final maximum age calculated will never be
higher than the value in this variable.
-
proxy.config.http.cache.fuzz.time
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 0 |
Reloadable: | Yes |
Overridable: | Yes |
Deprecated: | Yes |
How often Traffic Server checks for an early refresh, during the period before the document stale time. The interval specified must be in seconds.
注釈
Previous versions of Apache Traffic Server defaulted this to 240s. This feature is deprecated as of ATS v6.2.0.
-
proxy.config.http.cache.fuzz.probability
¶
Scope: | CONFIG |
---|---|
Type: | FLOAT |
Default: | 0.0 |
Reloadable: | Yes |
Overridable: | Yes |
Deprecated: | Yes |
The probability that a refresh is made on a document during the fuzz time
specified in proxy.config.http.cache.fuzz.time
.
注釈
Previous versions of Apache Traffic Server defaulted this to 0.005 (0.5%). This feature is deprecated as of ATS v6.2.0
-
proxy.config.http.cache.fuzz.min_time
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 0 |
Reloadable: | Yes |
Overridable: | Yes |
Deprecated: | Yes |
Handles requests with a TTL less than proxy.config.http.cache.fuzz.time
.
It allows for different times to evaluate the probability of revalidation
for small TTLs and big TTLs. Objects with small TTLs will start "rolling the
revalidation dice" near the fuzz.min_time
, while objects with large TTLs
would start at fuzz.time
. A logarithmic-like function between determines
the revalidation evaluation start time (which will be between
fuzz.min_time
and fuzz.time
). As the object gets closer to expiring,
the window start becomes more likely. By default this setting is not enabled,
but should be enabled any time you have objects with small TTLs.
注釈
These fuzzing options are marked as deprecated as of v6.2.0, and will be
removed for v7.0.0. Instead, we recommend looking at the new
proxy.config.http.cache.open_write_fail_action
configuration and
the features around thundering heard avoidance (see
HTTP プロキシーキャッシュ for details).
Dynamic Content & Content Negotiation¶
-
proxy.config.http.cache.vary_default_text
¶
Scope: | CONFIG |
---|---|
Type: | STRING |
Default: | NULL |
Reloadable: | Yes |
The header on which Traffic Server varies for text documents.
For example: if you specify User-agent
, then Traffic Server caches
all the different user-agent versions of documents it encounters.
-
proxy.config.http.cache.vary_default_images
¶
Scope: | CONFIG |
---|---|
Type: | STRING |
Default: | NULL |
Reloadable: | Yes |
The header on which Traffic Server varies for images.
-
proxy.config.http.cache.vary_default_other
¶
Scope: | CONFIG |
---|---|
Type: | STRING |
Default: | NULL |
Reloadable: | Yes |
The header on which Traffic Server varies for anything other than text and images.
-
proxy.config.http.cache.open_read_retry_time
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 10 |
Reloadable: | Yes |
The number of milliseconds a cacheable request will wait before requesting the object from cache if an equivalent request is in flight.
-
proxy.config.http.cache.max_open_read_retries
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | -1 |
Reloadable: | Yes |
Overridable: | Yes |
The number of times to attempt fetching an object from cache if there was an equivalent request in flight.
-
proxy.config.http.cache.max_open_write_retries
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 1 |
Reloadable: | Yes |
Overridable: | Yes |
The number of times to attempt a cache open write upon failure to get a write lock.
-
proxy.config.http.cache.open_write_fail_action
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 0 |
Reloadable: | Yes |
Overridable: | Yes |
This setting indicates the action taken on failing to obtain the cache open write lock on either a cache miss or a cache hit stale. This typically happens when there is more than one request to the same cache object simultaneously. During such a scenario, all but one (which goes to the origin) request is served either a stale copy or an error depending on this setting.
値 | Description |
---|---|
0 |
Default. Disable cache and go to origin server. |
1 |
Return a 502 error on a cache miss. |
2 |
Serve stale if object's age is under
proxy.config.http.cache.max_stale_age . Otherwise, go to
origin server. |
3 |
Return a 502 error on a cache miss or serve stale on a cache
revalidate if object's age is under
proxy.config.http.cache.max_stale_age . Otherwise, go to
origin server. |
4 |
Return a 502 error on either a cache miss or on a revalidation. |
カスタマイズ可能なユーザーレスポンスページ¶
-
proxy.config.body_factory.enable_customizations
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 1 |
カスタマイズ可能なレスポンスページが言語別どうかを指定します。
値 | Description |
---|---|
1 |
Enable customizable user response pages in the default directory only. |
2 |
Enable language-targeted user response pages. |
3 |
Enable host-targeted user response pages. |
-
proxy.config.body_factory.enable_logging
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 0 |
カスタマイズ可能なレスポンスページのロギングを有効化 (1
) もしくは無効化 (0
) します。有効化すると、Traffic Server はカスタマイズ可能なレスポンスページの使用もしくは変更のたびにメッセージをエラーログに記録します。
-
proxy.config.body_factory.template_sets_dir
¶
Scope: | CONFIG |
---|---|
Type: | STRING |
Default: | etc/trafficserver/body_factory |
カスタマイズ可能なレスポンスページのデフォルトディレクトリ。相対パスの場合、Traffic Server は PREFIX
ディレクトリからの相対で解決します。
-
proxy.config.body_factory.template_base
¶
Scope: | CONFIG |
---|---|
Type: | STRING |
Default: | "" |
Reloadable: | Yes |
Overridable: | Yes |
A prefix for the file name to use to find an error template file. If set (not the empty string) this value and an underscore are predended to the file name to find in the template sets directory. See クライアントに送信される HTML メッセージ.
-
proxy.config.body_factory.response_suppression_mode
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 0 |
Traffic Server が生成されたレスポンスページを使用するのを抑制させるときに指定します。
値 | Description |
---|---|
0 |
Never suppress generated response pages. |
1 |
Always suppress generated response pages. |
2 |
Suppress response pages only for intercepted traffic. |
-
proxy.config.http_ui_enabled
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 0 |
Specifies which http Inspector UI endpoints to allow within remap.config
:
値 | Description |
---|---|
0 |
Disable all http UI endpoints. |
1 |
Enable only Cache Inspector endpoints. |
2 |
Enable only stats endpoints. |
3 |
Enable all http UI endpoints. |
To enable any enpoint there needs to be an entry in remap.config
which
specifically enables it. Such a line would look like:
map / http://{cache}
The following are the cache endpoints:
名前 | Description |
---|---|
cache |
UI to interact with the cache. |
The following are the stats endpoints:
名前 | Description |
---|---|
cache-internal |
Statistics about cache evacuation and volumes. |
hostdb |
Lookups against the hostdb. |
http |
HTTPSM details, this endpoint is also gated by
proxy.config.http.enable_http_info . |
net |
Lookup and listing of open connections. |
-
proxy.config.http.enable_http_info
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 0 |
Enables (1
) or disables (0
) access to an endpoint within
proxy.config.http_ui_enabled
which shows details about inflight
transactions (HttpSM).
DNS¶
-
proxy.config.dns.search_default_domains
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 0 |
Reloadable: | Yes |
Traffic Server can attempt to resolve unqualified hostnames by expanding to the local
domain. For example if a client makes a request to an unqualified host (e.g.
host_x
) and the Traffic Server local domain is y.com
, then Traffic Server will expand
the hostname to host_x.y.com
.
値 | Description |
---|---|
0 |
Disable local domain expansion. |
1 |
Enable local domain expansion. |
2 |
Enable local domain expansion, but do not split local domain name. |
-
proxy.config.dns.splitDNS.enabled
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 0 |
Reloadable: | Yes |
Enables (1
) or disables (0
) DNS server selection. When enabled, Traffic Server refers to the splitdns.config
file for
the selection specification. Refer to Configuring DNS Server Selection.
-
proxy.config.dns.resolv_conf
¶
Scope: | CONFIG |
---|---|
Type: | STRING |
Default: | /etc/resolv.conf |
Allows to specify which resolv.conf
file to use for finding resolvers. While the format of this file must be the same as the
standard resolv.conf
file, this option allows an administrator to manage the set of resolvers in an external configuration file,
without affecting how the rest of the operating system uses DNS.
-
proxy.config.dns.round_robin_nameservers
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 1 |
Reloadable: | Yes |
Enables (1
) or disables (0
) DNS server round-robin.
-
proxy.config.dns.nameservers
¶
Scope: | CONFIG |
---|---|
Type: | STRING |
Default: | NULL |
Reloadable: | Yes |
The DNS servers.
-
proxy.config.srv_enabled
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 0 |
Reloadable: | Yes |
Overridable: | Yes |
Indicates whether to use SRV records for orgin server lookup.
-
proxy.config.dns.dedicated_thread
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 0 |
Create and dedicate a thread entirely for DNS processing. This is probably most useful on system which do a significant number of DNS lookups, typically forward proxies. But even on other systems, it can avoid some contention on the first worker thread (which otherwise takes on the burden of all DNS lookups).
-
proxy.config.dns.validate_query_name
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 0 |
When enabled (1) provides additional resilience against DNS forgery (for instance in DNS Injection attacks), particularly in forward or transparent proxies, but requires that the resolver populates the queries section of the response properly.
HostDB¶
-
proxy.config.hostdb.lookup_timeout
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 30 |
Units: | seconds |
Reloadable: | Yes |
Time to wait for a DNS response in seconds.
See Timeout Settings for more discussion on Traffic Server timeouts.
-
proxy.config.hostdb.serve_stale_for
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | *NONE* |
Units: | seconds |
Reloadable: | Yes |
The number of seconds for which to use a stale NS record while initiating a background fetch for the new data.
If not set then stale records are not served.
-
proxy.config.hostdb.max_size
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 10737418240 |
Units: | bytes |
The maximum amount of space (in bytes) allocated to hostdb
.
Setting this value to -1
will disable size limit enforcement.
-
proxy.config.hostdb.max_count
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | -1 |
The maximum number of entries that can be stored in hostdb. A value of -1
disables item count limit enforcement.
注釈
For values above 200000
, you must increase proxy.config.hostdb.max_size
by at least 44 bytes per entry.
-
proxy.config.hostdb.ttl_mode
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 0 |
Reloadable: | Yes |
A host entry will eventually time out and be discarded. This variable
controls how that time is calculated. A DNS request will return a TTL value
and an internal value can be set with proxy.config.hostdb.timeout
.
This variable determines which value will be used.
値 | TTL |
---|---|
0 |
The TTL from the DNS response. |
1 |
The internal timeout value. |
2 |
The smaller of the DNS and internal TTL values. The internal timeout value becomes a maximum TTL. |
3 |
The larger of the DNS and internal TTL values. The internal timeout value become a minimum TTL. |
-
proxy.config.hostdb.timeout
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 1440 |
Units: | seconds |
Reloadable: | Yes |
Internal time to live value for host DB entries in seconds.
See proxy.config.hostdb.ttl_mode
for when this value
is used. See Timeout Settings for more discussion
on Traffic Server timeouts.
-
proxy.config.hostdb.fail.timeout
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 0 |
Time to live value for "failed" hostdb lookups.
注釈
HostDB considers any response that does not contain a response to the query a failure. This means "failure" responses (such as SOA) are subject to this timeout
-
proxy.config.hostdb.strict_round_robin
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 0 |
Reloadable: | Yes |
Set host resolution to use strict round robin.
When this and proxy.config.hostdb.timed_round_robin
are both
disabled (set to 0
), Traffic Server always uses the same origin server for the
same client, for as long as the origin server is available. Otherwise if
this is set then IP address is rotated on every request. This setting takes
precedence over proxy.config.hostdb.timed_round_robin
.
-
proxy.config.hostdb.timed_round_robin
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 0 |
Reloadable: | Yes |
Set host resolution to use timed round robin.
When this and proxy.config.hostdb.strict_round_robin
are both
disabled (set to 0
), Traffic Server always uses the same origin server for the
same client, for as long as the origin server is available. Otherwise if
this is set to N the IP address is rotated if more than N seconds have
passed since the first time the current address was used.
-
proxy.config.hostdb.host_file.path
¶
Scope: | CONFIG |
---|---|
Type: | STRING |
Default: | NULL |
Set the file path for an external host file.
If this is set (non-empty) then the file is presumed to be a hosts file in
the standard host file format.
It is read and the entries there added to the HostDB. The file is
periodically checked for a more recent modification date in which case it is
reloaded. The interval is set with proxy.config.hostdb.host_file.interval
.
While not technically reloadable, the value is read every time the file is to be checked so that if changed the new value will be used on the next check and the file will be treated as modified.
-
proxy.config.hostdb.host_file.interval
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 86400 |
Units: | seconds |
Reloadable: | Yes |
Set the file changed check timer for proxy.config.hostdb.host_file.path
.
The file is checked every this many seconds to see if it has changed. If so the HostDB is updated with the new values in the file.
-
proxy.config.hostdb.partitions
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 64 |
The number of partitions for hostdb. If you are seeing lock contention within hostdb's cache (due to a large number of records) you can increase the number of partitions
-
proxy.config.hostdb.ip_resolve
¶
Scope: | CONFIG |
---|---|
Type: | STRING |
Default: | NULL |
Set the host resolution style.
This is an ordered list of keywords separated by semicolons that specify how a host name is to be resolved to an IP address. The keywords are case insensitive.
Keyword | Description |
---|---|
ipv4 |
Resolve to an IPv4 address. |
ipv6 |
Resolve to an IPv6 address. |
client |
Resolve to the same family as the client IP address. |
only |
Stop resolving. |
The order of the keywords is critical. When a host name needs to be resolved
it is resolved in same order as the keywords. If a resolution fails, the
next option in the list is tried. The keyword only
means to give up
resolution entirely. The keyword list has a maximum length of three
keywords, more are never needed. By default there is an implicit
ipv4;ipv6
attached to the end of the string unless the keyword
only
appears.
例
Use the incoming client family, then try IPv4 and IPv6.
client;ipv4;ipv6
Because of the implicit resolution this can also be expressed as just
client
例
Resolve only to IPv4.
ipv4;only
例
Resolve only to the same family as the client (do not permit cross family transactions).
client;only
This value is a global default that can be overridden by proxy.config.http.server_ports
.
注釈
This style is used as a convenience for the administrator. During a resolution the resolution order will be
one family, then possibly the other. This is determined by changing client
to ipv4
or ipv6
based on the
client IP address and then removing duplicates.
重要
This option has no effect on outbound transparent connections The local IP address used in the connection to the
origin server is determined by the client, which forces the IP address family of the address used for the origin
server. In effect, outbound transparent connections always use a resolution style of "client
".
-
proxy.config.hostdb.verify_after
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 720 |
Set the interval (in seconds) in which to re-query DNS regardless of TTL status.
-
proxy.config.hostdb.filename
¶
Scope: | CONFIG |
---|---|
Type: | STRING |
Default: | "host.db" |
The filename to persist hostdb to on disk.
-
proxy.config.cache.hostdb.sync_frequency
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 120 |
Set the frequency (in seconds) to sync hostdb to disk.
Note: hostdb is syncd to disk on a per-partition basis (of which there are 64).
This means that the minumum time to sync all data to disk is proxy.config.cache.hostdb.sync_frequency
* 64
Logging Configuration¶
-
proxy.config.log.logging_enabled
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 3 |
Reloadable: | Yes |
Enables and disables event logging:
値 | 効果 |
---|---|
0 |
Logging disabled. |
1 |
Log errors only. |
2 |
Log transactions only. |
3 |
Dull logging (errors and transactions). |
Refer to Logging for more information on event logging.
-
proxy.config.log.max_secs_per_buffer
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 5 |
Reloadable: | Yes |
The maximum amount of time before data in the buffer is flushed to disk.
-
proxy.config.log.max_space_mb_for_logs
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 25000 |
Units: | megabytes |
Reloadable: | Yes |
The amount of space allocated to the logging directory (in MB).
The headroom amount specified by
proxy.config.log.max_space_mb_headroom
is taken from
this space allocation.
注釈
All files in the logging directory contribute to the space used,
even if they are not log files. In collation client mode, if
there is no local disk logging, or
proxy.config.log.max_space_mb_for_orphan_logs
is set
to a higher value than proxy.config.log.max_space_mb_for_logs
,
Traffic Server will take proxy.config.log.max_space_mb_for_orphan_logs
for maximum allowed log space.
-
proxy.config.log.max_space_mb_for_orphan_logs
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 25 |
Units: | megabytes |
Reloadable: | Yes |
The amount of space allocated to the logging directory (in MB) if this node is acting as a collation client.
注釈
When max_space_mb_for_orphan_logs is take as the maximum allowed log space in the logging system, the same rule apply to proxy.config.log.max_space_mb_for_logs also apply to proxy.config.log.max_space_mb_for_orphan_logs, ie: All files in the logging directory contribute to the space used, even if they are not log files. you may need to consider this when you enable full remote logging, and bump to the same size as proxy.config.log.max_space_mb_for_logs.
-
proxy.config.log.max_space_mb_headroom
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 1000 |
Units: | megabytes |
Reloadable: | Yes |
The tolerance for the log space limit (in megabytes). If the variable proxy.config.log.auto_delete_rolled_files
is set to 1
(enabled), then autodeletion of log files is triggered when the amount of free space available in the logging directory is less than
the value specified here.
-
proxy.config.log.hostname
¶
Scope: | CONFIG |
---|---|
Type: | STRING |
Default: | localhost |
Reloadable: | Yes |
The hostname of the machine running Traffic Server.
-
proxy.config.log.logfile_dir
¶
Scope: | CONFIG |
---|---|
Type: | STRING |
Default: | var/log/trafficserver |
Reloadable: | Yes |
The path to the logging directory. This can be an absolute path
or a path relative to the PREFIX
directory in which Traffic
Server is installed.
注釈
The directory you specify must already exist.
-
proxy.config.log.logfile_perm
¶
Scope: | CONFIG |
---|---|
Type: | STRING |
Default: | rw-r--r-- |
Reloadable: | Yes |
The log file permissions. The standard UNIX file permissions are used (owner, group, other). Permissible values are:
値 | Description |
---|---|
- |
No permissions. |
r |
Read permission. |
w |
Write permission. |
x |
Execute permission. |
Permissions are subject to the umask settings for the Traffic Server process. This
means that a umask setting of 002
will not allow write permission for
others, even if specified in the configuration file. Permissions for
existing log files are not changed when the configuration is modified.
-
proxy.local.log.collation_mode
¶
Scope: | LOCAL |
---|---|
Type: | INT |
Default: | 0 |
Reloadable: | Yes |
Set the log collation mode.
値 | 効果 |
---|---|
0 |
Log collation is disabled. |
1 |
This host is a log collation server. |
2 |
This host is a collation client and sends entries using standard formats to the collation server. |
3 |
This host is a collation client and sends entries using the traditional custom formats to the collation server. |
4 |
This host is a collation client and sends entries that use both the standard and traditional custom formats to the collation server. |
For information on sending custom formats to the collation server,
refer to Collating Custom Logs and
logging.config
.
注釈
Although Traffic Server supports traditional custom logging, you should use the more versatile XML-based custom formats.
-
proxy.config.log.collation_host
¶
Scope: | CONFIG |
---|---|
Type: | STRING |
Default: | NULL |
The hostname of the log collation server.
-
proxy.config.log.collation_port
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 8085 |
Reloadable: | Yes |
The port used for communication between the collation server and client.
-
proxy.config.log.collation_secret
¶
Scope: | CONFIG |
---|---|
Type: | STRING |
Default: | foobar |
Reloadable: | Yes |
The password used to validate logging data and prevent the exchange of unauthorized information when a collation server is being used.
-
proxy.config.log.collation_host_tagged
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 0 |
Reloadable: | Yes |
When enabled (1
), configures Traffic Server to include the hostname of the collation client that generated the log entry in each entry.
-
proxy.config.log.collation_retry_sec
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 5 |
Reloadable: | Yes |
The number of seconds between collation server connection retries.
-
proxy.config.log.collation_host_timeout
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 86390 |
The number of seconds before inactivity time-out events for the host side. This setting over-rides the default set with proxy.config.net.default_inactivity_timeout for log collation connections.
The default is set for 10s less on the host side to help prevent any possible race conditions. If the host disconnects first, the client will see the disconnect before its own time-out and re-connect automatically. If the client does not see the disconnect, i.e., connection is "locked-up" for some reason, it will disconnect when it reaches its own time-out and then re-connect automatically.
-
proxy.config.log.collation_client_timeout
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 86400 |
The number of seconds before inactivity time-out events for the client side. This setting over-rides the default set with proxy.config.net.default_inactivity_timeout for log collation connections.
-
proxy.config.log.rolling_enabled
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 1 |
Reloadable: | Yes |
Specifies how log files are rolled. You can specify the following values:
値 | Description |
---|---|
0 |
Disables log file rolling. |
1 |
Enables log file rolling at specific intervals during the day
(specified with the proxy.config.log.rolling_interval_sec and
proxy.config.log.rolling_offset_hr variables). |
2 |
Enables log file rolling when log files reach a specific size
(specified with proxy.config.log.rolling_size_mb ). |
3 |
Enables log file rolling at specific intervals during the day or when log files reach a specific size (whichever occurs first). |
4 |
Enables log file rolling at specific intervals during the day when log files reach a specific size (i.e. at a specified time if the file is of the specified size). |
-
proxy.config.log.rolling_interval_sec
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 86400 |
Reloadable: | Yes |
The log file rolling interval, in seconds. The minimum value is 60
(1 minute). The maximum, and default, value is 86400 seconds (one day).
注釈
If you start Traffic Server within a few minutes of the next rolling time, then rolling might not occur until the next rolling time.
-
proxy.config.log.rolling_offset_hr
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 0 |
Reloadable: | Yes |
The file rolling offset hour. The hour of the day that starts the log rolling period.
-
proxy.config.log.rolling_size_mb
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 10 |
Reloadable: | Yes |
The size, in megabytes, that log files must reach before rolling takes place.
The minimum value for this setting is 10
.
-
proxy.config.log.auto_delete_rolled_files
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 1 |
Reloadable: | Yes |
Enables (1
) or disables (0
) automatic deletion of rolled files.
-
proxy.config.log.sampling_frequency
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 1 |
Reloadable: | Yes |
Configures Traffic Server to log only a sample of transactions rather than every transaction. You can specify the following values:
値 | Description |
---|---|
1 |
Log every transaction. |
2 |
Log every second transaction. |
3 |
Log every third transaction. |
n | ... and so on... |
-
proxy.config.log.periodic_tasks_interval
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 5 |
Units: | seconds |
Reloadable: | Yes |
How often Traffic Server executes log related periodic tasks, in seconds
-
proxy.config.http.slow.log.threshold
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 0 |
Units: | milliseconds |
Reloadable: | Yes |
If set to a non-zero value N then any connection that takes longer than N milliseconds from accept to
completion will cause its timing stats to be written to the debugging log file
. This is identifying data about the transaction and all of the transaction milestones
.
-
proxy.config.log.config.filename
¶
Scope: | CONFIG |
---|---|
Type: | STRING |
Default: | logging.config |
Reloadable: | Yes |
This configuration value specifies the path to the
logging.config
configuration file. If this is a relative
path, Traffic Server loads it relative to the SYSCONFDIR
directory.
Diagnostic Logging Configuration¶
-
proxy.config.diags.output.diag
¶
Scope: | CONFIG |
---|---|
Type: | STRING |
Default: | E |
-
proxy.config.diags.output.debug
¶
Scope: | CONFIG |
---|---|
Type: | STRING |
Default: | E |
-
proxy.config.diags.output.status
¶
Scope: | CONFIG |
---|---|
Type: | STRING |
Default: | L |
-
proxy.config.diags.output.note
¶
Scope: | CONFIG |
---|---|
Type: | STRING |
Default: | L |
-
proxy.config.diags.output.warning
¶
Scope: | CONFIG |
---|---|
Type: | STRING |
Default: | L |
-
proxy.config.diags.output.error
¶
Scope: | CONFIG |
---|---|
Type: | STRING |
Default: | SL |
-
proxy.config.diags.output.fatal
¶
Scope: | CONFIG |
---|---|
Type: | STRING |
Default: | SL |
-
proxy.config.diags.output.alert
¶
Scope: | CONFIG |
---|---|
Type: | STRING |
Default: | L |
-
proxy.config.diags.output.emergency
¶
Scope: | CONFIG |
---|---|
Type: | STRING |
Default: | SL |
The diagnosic output configuration variables control where Traffic Server should log diagnostic output. Messages at each diagnostic level can be directed to any combination of diagnostic destinations. Valid diagnostic message destinations are:
値 | Description |
---|---|
O |
Log to standard output. |
E |
Log to standard error. |
S |
Log to syslog. |
L |
Log to diags.log . |
例
To log debug diagnostics to both syslog and diags.log:
CONFIG proxy.config.diags.output.debug STRING SL
-
proxy.config.diags.show_location
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 1 |
Annotates diagnostic messages with the source code location. Set to 1 to enable for Debug() messages only. Set to 2 to enable for all messages.
-
proxy.config.diags.debug.enabled
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 0 |
Enables logging for diagnostic messages whose log level is diag or debug.
-
proxy.config.diags.debug.tags
¶
Scope: | CONFIG |
---|---|
Type: | STRING |
Default: | http.*|dns.* |
Each Traffic Server diag and debug level message is annotated with a subsytem tag. This configuration contains a regular expression that filters the messages based on the tag. Some commonly used debug tags are:
Tag | Subsytem usage |
---|---|
dns | DNS query resolution |
http_hdrs | Logs the headers for HTTP requests and responses |
privileges | Privilege elevation |
ssl | TLS termination and certificate processing |
Traffic Server plugins will typically log debug messages using the TSDebug()
API, passing the plugin name as the debug tag.
-
proxy.config.diags.logfile.rolling_enabled
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 0 |
Reloadable: | Yes |
Specifies how the diagnostics log is rolled. You can specify the following values:
値 | Description |
---|---|
0 |
Disables diagnostics log rolling. |
1 |
Enables diagnostics log rolling at specific intervals (specified with
proxy.config.diags.logfile.rolling_interval_sec ). The "clock"
starts ticking on Traffic Server startup. |
2 |
Enables diagnostics log rolling when the diagnostics log reaches a
specific size (specified with
proxy.config.diags.logfile.rolling_size_mb ). |
3 |
Enables diagnostics log rolling at specific intervals or when the diagnostics log reaches a specific size (whichever occurs first). |
-
proxy.config.diags.logfile.rolling_interval_sec
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 3600 |
Units: | seconds |
Reloadable: | Yes |
Specifies how often the diagnostics log is rolled, in seconds. The timer starts on Traffic Server bootup.
-
proxy.config.diags.logfile.rolling_size_mb
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 100 |
Units: | megabytes |
Reloadable: | Yes |
Specifies at what size to roll the diagnostics log at.
リバースプロキシー¶
-
proxy.config.reverse_proxy.enabled
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 1 |
Reloadable: | Yes |
HTTP リバースプロキシーを有効化 (1
) もしくは無効化 (0
) します。
-
proxy.config.header.parse.no_host_url_redirect
¶
Scope: | CONFIG |
---|---|
Type: | STRING |
Default: | NULL |
Reloadable: | Yes |
(リバースプロキシーで) host ヘッダーが無いリクエストのリダイレクト先となる URL です。
URL リマップルール¶
-
proxy.config.url_remap.filename
¶
Scope: | CONFIG |
---|---|
Type: | STRING |
Default: | remap.config |
remap.config
ファイルの名前を設定します。
-
proxy.config.url_remap.remap_required
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 1 |
Reloadable: | Yes |
Traffic Server が remap.config
ファイルのマッピングルールに存在するオリジンサーバーからのみリクエストに応えるようにしたい場合にこの変数を 1
に設定してください。リクエストがマッチしなかった場合、ブラウザーはエラーを受け取ります。
-
proxy.config.url_remap.pristine_host_hdr
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 0 |
Reloadable: | Yes |
Overridable: | Yes |
クライアントが送信したリクエスト内の host ヘッダーをリマッピングの中で保持したい場合にこの変数を 1
に設定してください。
SSL ターミネーション¶
-
proxy.config.ssl.server.cipher_suite
¶
Scope: | CONFIG |
---|---|
Type: | STRING |
Default: | <see notes> |
Configures the set of encryption, digest, authentication, and key exchange algorithms provided by OpenSSL which Traffic Server will use for SSL connections. For the list of algorithms and instructions on constructing an appropriately formatting cipher_suite string, see OpenSSL Ciphers.
The current default, included in the records.config.default
example
configuration is:
ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-DSS-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
-
proxy.config.ssl.client.cipher_suite
¶
Scope: | CONFIG |
---|---|
Type: | STRING |
Default: | <See notes under proxy.config.ssl.server.cipher_suite.> |
Configures the cipher_suite which Traffic Server will use for SSL connections to origin or next hop.
-
proxy.config.ssl.TLSv1
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 1 |
TLSv1 を有効化 (1
) もしくは無効化 (0
) します。
-
proxy.config.ssl.TLSv1_1
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 1 |
TLS v1.1 を有効化 (1
) もしくは無効化 (0
) します。指定しない場合、デフォルトで有効です。[OpenSSL v1.0.1 以上が必要 ]
-
proxy.config.ssl.TLSv1_2
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 1 |
Enables (1
) or disables (0
) TLS v1.2. If not specified, enabled by default. [Requires OpenSSL v1.0.1 and higher]
-
proxy.config.ssl.client.certification_level
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 0 |
クライアント証明レベルを設定します。
値 | Description |
---|---|
0 |
Client certificates are ignored. Traffic Server does not verify client certificates during the SSL handshake. Access to Traffic Server depends on Traffic Server configuration options (such as access control lists). |
1 |
Client certificates are optional. If a client has a certificate, then the certificate is validated. If the client does not have a certificate, then the client is still allowed access to Traffic Server unless access is denied through other Traffic Server configuration options. |
2 |
Client certificates are required. The client must be authenticated during the SSL handshake. Clients without a certificate are not allowed to access Traffic Server. |
-
proxy.config.ssl.server.multicert.filename
¶
Scope: | CONFIG |
---|---|
Type: | STRING |
Default: | ssl_multicert.config |
ssl_multicert.config
ファイルの Traffic Server 設定ディレクトリからの相対での位置です。次の例では、Traffic Server 設定ディレクトリが /etc/trafficserver で、Traffic Server SSL 設定ファイルと対応する証明書が /etc/trafficserver/ssl にあります。:
CONFIG proxy.config.ssl.server.multicert.filename STRING ssl/ssl_multicert.config
CONFIG proxy.config.ssl.server.cert.path STRING etc/trafficserver/ssl
CONFIG proxy.config.ssl.server.private_key.path STRING etc/trafficserver/ssl
-
proxy.config.ssl.server.cert.path
¶
Scope: | CONFIG |
---|---|
Type: | STRING |
Default: | /config |
SSL 証明書と新しい SSL セッションの受け入れと検証に使用されるチェーンの場所です。相対パスの場合は Traffic Server のインストール PREFIX とつなげられます。ssl_multicert.config
に書かれているすべての証明書と証明書チェーンはこのパスからの相対パスで読み込まれます。
-
proxy.config.ssl.server.private_key.path
¶
Scope: | CONFIG |
---|---|
Type: | STRING |
Default: | NULL |
SSL 証明書秘密鍵の場所です。この変数は秘密鍵が SSL 証明書ファイル内に無い場合のみ変更してください。ssl_multicert.config
に書かれているすべての秘密鍵はこのパスからの相対パスで読み込まれます。
-
proxy.config.ssl.server.cert_chain.filename
¶
Scope: | CONFIG |
---|---|
Type: | STRING |
Default: | NULL |
全サーバー証明書で使用されるべきグローバル証明書チェーンを含んでいるファイルの名前です。このファイルは ssl_multicert.config
に定義されている証明書がある場合にのみ使用されます。絶対パスが指定されない限り、proxy.config.ssl.server.cert.path
で指定されたパスからの相対パスで読み込まれます。
-
proxy.config.ssl.server.dhparams_file
¶
Scope: | CONFIG |
---|---|
Type: | STRING |
Default: | NULL |
The name of a file containing a set of Diffie-Hellman key exchange parameters. If not specified, 2048-bit DH parameters from RFC 5114 are used. These parameters are only used if a DHE (or EDH) cipher suite has been selected.
-
proxy.config.ssl.CA.cert.path
¶
Scope: | CONFIG |
---|---|
Type: | STRING |
Default: | NULL |
クライアント証明書が検証される証明書認証局ファイルの場所です。
-
proxy.config.ssl.CA.cert.filename
¶
Scope: | CONFIG |
---|---|
Type: | STRING |
Default: | NULL |
クライアント証明書が検証される証明書認証局のファイル名です。
-
proxy.config.ssl.server.ticket_key.filename
¶
Scope: | CONFIG |
---|---|
Type: | STRING |
Default: | ssl_ticket.key |
The filename of the default and global ticket key for SSL sessions. The location is relative to the
proxy.config.ssl.server.cert.path
directory. One way to generate this would be to run
head -c48 /dev/urandom | openssl enc -base64 | head -c48 > file.ticket
. Also
note that OpenSSL session tickets are sensitive to the version of the ca-certificates.
-
proxy.config.ssl.max_record_size
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 0 |
This configuration specifies the maximum number of bytes to write into a SSL record when replying over a SSL session. In some circumstances this setting can improve response latency by reducing buffering at the SSL layer. This setting can have a value between 0 and 16383 (max TLS record size).
The default of 0
means to always write all available data into
a single SSL record.
A value of -1
means TLS record size is dynamically determined. The
strategy employed is to use small TLS records that fit into a single
TCP segment for the first ~1 MB of data, but, increase the record size to
16 KB after that to optimize throughput. The record size is reset back to
a single segment after ~1 second of inactivity and the record size ramping
mechanism is repeated again.
-
proxy.config.ssl.session_cache
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 2 |
Enables the SSL session cache:
値 | Description |
---|---|
0 |
Disables the session cache entirely. |
1 |
Enables the session cache using OpenSSL's implementation. |
2 |
Default. Enables the session cache using Traffic Server's implementation. This implentation should perform much better than the OpenSSL implementation. |
-
proxy.config.ssl.session_cache.timeout
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 0 |
This configuration specifies the lifetime of SSL session cache
entries in seconds. If it is 0
, then the SSL library will use
a default value, typically 300 seconds. Note: This option has no affect
when using the Traffic Server session cache (option 2
in
proxy.config.ssl.session_cache
)
See Timeout Settings for more discussion on Traffic Server timeouts.
-
proxy.config.ssl.session_cache.auto_clear
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 1 |
This will set the OpenSSL auto clear flag. Auto clear is enabled by
default with 1
it can be disabled by changing this setting to 0
.
-
proxy.config.ssl.session_cache.size
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 102400 |
This configuration specifies the maximum number of entries the SSL session cache may contain.
-
proxy.config.ssl.session_cache.num_buckets
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 256 |
This configuration specifies the number of buckets to use with the Traffic Server SSL session cache implementation. The TS implementation is a fixed size hash map where each bucket is protected by a mutex.
-
proxy.config.ssl.session_cache.skip_cache_on_bucket_contention
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 0 |
This configuration specifies the behavior of the Traffic Server SSL session cache implementation during lock contention on each bucket:
値 | Description |
---|---|
0 |
Default. Don't skip session caching when bucket lock is contented. |
1 |
Disable the SSL session cache for a connection during lock contention. |
-
proxy.config.ssl.hsts_max_age
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | -1 |
Overridable: | Yes |
この設定は Strict-Transport-Security ヘッダーを追加する際に使用される max-age の値を指定します。値は秒です。0
は max-age の値を 0
に設定しクライアントからの HSTS エントリーを削除するはずです。-1
はこの機能を無効化しヘッダーをセットしません。このオプションは HTTPS のリクエストでのみ使用され HTTP リクエストではヘッダーはセットされません。
-
proxy.config.ssl.hsts_include_subdomains
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 0 |
Overridable: | Yes |
Strict-Transport-Security ヘッダーへの includeSubdomain の値の追加を有効化 (1
) もしくは無効化 (0
) します。この設定の効果を得るためには proxy.config.ssl.hsts_max_age が -1
以外の値に設定されている必要があります。
-
proxy.config.ssl.allow_client_renegotiation
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 0 |
この設定はクライアントが SSL 接続の再交渉を始めることができるかどうかを指定します。デフォルトは 0
で、クライアントが再交渉を始められないことを意味します。
-
proxy.config.ssl.cert.load_elevated
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 0 |
SSL 証明書の読み込みの際に traffic_server の権限の昇格を有効化 (1
) もしくは無効化 (0
) します。これを有効化することで、証明書の脆弱性を低減するために SSL 証明書ファイルのアクセス権限を制限できるようになります。
This feature requires Traffic Server to be built with POSIX capabilities enabled.
-
proxy.config.ssl.handshake_timeout_in
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 0 |
When enabled this limits the total duration for the server side SSL handshake.
See Timeout Settings for more discussion on Traffic Server timeouts.
-
proxy.config.ssl.wire_trace_enabled
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 0 |
When enabled this turns on wire tracing of SSL connections that meet the conditions specified by wire_trace_percentage, wire_trace_addr and wire_trace_server_name.
-
proxy.config.ssl.wire_trace_percentage
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 0 |
This specifies the percentage of traffic meeting the other wire_trace conditions to be traced.
-
proxy.config.ssl.wire_trace_addr
¶
Scope: | CONFIG |
---|---|
Type: | STRING |
Default: | NULL |
This specifies the client IP for which wire_traces should be printed.
-
proxy.config.ssl.wire_trace_server_name
¶
Scope: | CONFIG |
---|---|
Type: | STRING |
Default: | NULL |
This specifies the server name for which wire_traces should be printed. This only works if traffic_server is built with TS_USE_TLS_SNI flag set to true.
OCSP Stapling Configuration¶
-
proxy.config.ssl.ocsp.enabled
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 0 |
Enable OCSP stapling.
値 | Description |
---|---|
0 |
Disables OCSP Stapling. |
1 |
Allows Traffic Server to request SSL certificate revocation status from an OCSP responder. |
-
proxy.config.ssl.ocsp.cache_timeout
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 3600 |
Number of seconds before an OCSP response expires in the stapling cache.
See Timeout Settings for more discussion on Traffic Server timeouts.
-
proxy.config.ssl.ocsp.request_timeout
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 10 |
Timeout (in seconds) for queries to OCSP responders.
See Timeout Settings for more discussion on Traffic Server timeouts.
-
proxy.config.ssl.ocsp.update_period
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 60 |
Update period (in seconds) for stapling caches.
HTTP/2 の設定¶
-
proxy.config.http2.max_concurrent_streams_in
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 100 |
Reloadable: | Yes |
The maximum number of concurrent streams per inbound connection.
注釈
この値の再読み込みは新しい HTTP/2 のコネクションでのみ適用され、 すでに確率したコネクションには適用されません。
-
proxy.config.http2.min_concurrent_streams_in
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 10 |
Reloadable: | Yes |
The minimum number of concurrent streams per inbound connection.
This is used when proxy.config.http2.max_active_streams_in
is set
larger than 0
.
-
proxy.config.http2.max_active_streams_in
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 0 |
Reloadable: | Yes |
Limits the maximum number of connection wide active streams.
When connection wide active streams are larger than this value,
SETTINGS_MAX_CONCURRENT_STREAMS will be reduced to
proxy.config.http2.min_concurrent_streams_in
.
To disable, set to zero (0
).
-
proxy.config.http2.initial_window_size_in
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 65535 |
Reloadable: | Yes |
The initial window size for inbound connections.
-
proxy.config.http2.max_frame_size
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 16384 |
Reloadable: | Yes |
Traffic Server が受け取るフレームに含まれるペイロードの最大許容サイズです。
-
proxy.config.http2.header_table_size
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 4096 |
Reloadable: | Yes |
ヘッダーブロックのデコードに使用されるヘッダー圧縮テーブルの最大サイズです。
-
proxy.config.http2.max_header_list_size
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 4294967295 |
Reloadable: | Yes |
許容するヘッダーリストの最大数です。デフォルト値は暗黙的に無制限を意味し、Traffic Server では unsigned int の最大値になっています。
-
proxy.config.http2.stream_priority_enabled
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 0 |
Reloadable: | Yes |
Enable the experimental HTTP/2 Stream Priority feature.
-
proxy.config.http2.push_diary_size
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 256 |
Reloadable: | Yes |
Indicates the maximum number of HTTP/2 server pushes that are remembered per HTTP/2 connection to avoid duplicate pushes on the same connection. If the maximum number is reached, new entries are not remembered.
-
proxy.config.http2.stream_error_rate_threshold
¶
Scope: | CONFIG |
---|---|
Type: | FLOAT |
Default: | 0.1 |
Reloadable: | Yes |
This is the maximum stream error rate Traffic Server allows on an HTTP/2 connection. Traffic Server gracefully closes connections that have stream error rates above this setting by sending GOAWAY frames.
-
proxy.config.http2.max_settings_per_frame
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 7 |
Reloadable: | Yes |
Specifies how many settings in an HTTP/2 SETTINGS frame Traffic Server accepts. Clients exceeded this limit will be immediately disconnected with an error code of ENHANCE_YOUR_CALM.
-
proxy.config.http2.max_settings_per_minute
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 14 |
Reloadable: | Yes |
Specifies how many settings in HTTP/2 SETTINGS frames Traffic Server accept for a minute. Clients exceeded this limit will be immediately disconnected with an error code of ENHANCE_YOUR_CALM.
-
proxy.config.http2.max_settings_frames_per_minute
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 14 |
Reloadable: | Yes |
Specifies how many SETTINGS frames Traffic Server receives for a minute at maximum. Clients exceeded this limit will be immediately disconnected with an error code of ENHANCE_YOUR_CALM.
-
proxy.config.http2.max_ping_frames_per_minute
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 60 |
Reloadable: | Yes |
Specifies how many number of PING frames Traffic Server receives for a minute at maximum. Clients exceeded this limit will be immediately disconnected with an error code of ENHANCE_YOUR_CALM.
-
proxy.config.http2.max_priority_frames_per_minute
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 120 |
Reloadable: | Yes |
Specifies how many number of PRIORITY frames Traffic Server receives for a minute at maximum. Clients exceeded this limit will be immediately disconnected with an error code of ENHANCE_YOUR_CALM.
-
proxy.config.http2.min_avg_window_update
¶
Scope: | CONFIG |
---|---|
Type: | FLOAT |
Default: | 2560.0 |
Reloadable: | Yes |
Specifies the minimum average window increment Traffic Server allows. The average will be calculated based on the last 5 WINDOW_UPDATE frames. Clients that send smaller window increments lower than this limit will be immediately disconnected with an error code of ENHANCE_YOUR_CALM.
Plug-in Configuration¶
-
proxy.config.plugin.plugin_dir
¶
Scope: | CONFIG |
---|---|
Type: | STRING |
Default: | config/plugins |
Specifies the location of Traffic Server plugins.
-
proxy.config.remap.num_remap_threads
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 0 |
When this variable is set to 0
, plugin remap callbacks are
executed in line on network threads. If remap processing takes
significant time, this can be cause additional request latency.
Setting this variable to causes remap processing to take place
on a dedicated thread pool, freeing the network threads to service
additional requests.
SOCKS Processor¶
-
proxy.config.socks.socks_needed
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 0 |
Enables (1
) or disables (0
) the SOCKS processor
-
proxy.config.socks.socks_version
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 4 |
Specifies the SOCKS version (4
) or (5
)
-
proxy.config.socks.socks_config_file
¶
Scope: | CONFIG |
---|---|
Type: | STRING |
Default: | socks.config |
The socks_onfig file allows you to specify ranges of IP addresses that will not be relayed to the SOCKS server. It can also be used to configure AUTH information for SOCKSv5 servers.
-
proxy.config.socks.socks_timeout
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 100 |
The activity timeout value (in seconds) for SOCKS server connections.
See Timeout Settings for more discussion on Traffic Server timeouts.
-
proxy.config.socks.server_connect_timeout
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 10 |
The timeout value (in seconds) for SOCKS server connection attempts.
See Timeout Settings for more discussion on Traffic Server timeouts.
-
proxy.config.socks.per_server_connection_attempts
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 1 |
The total number of connection attempts allowed per SOCKS server, if multiple servers are used.
-
proxy.config.socks.connection_attempts
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 4 |
The total number of connection attempts allowed to a SOCKS server Traffic Server bypasses the server or fails the request
-
proxy.config.socks.server_retry_timeout
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 300 |
The timeout value (in seconds) for SOCKS server connection retry attempts.
See Timeout Settings for more discussion on Traffic Server timeouts.
-
proxy.config.socks.default_servers
¶
Scope: | CONFIG |
---|---|
Type: | STRING |
Default: | *NONE* |
Default list of SOCKS servers and their ports.
-
proxy.config.socks.server_retry_time
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 300 |
The amount of time allowed between connection retries to a SOCKS server that is unavailable.
-
proxy.config.socks.server_fail_threshold
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 2 |
The number of times the connection to the SOCKS server can fail before Traffic Server considers the server unavailable.
-
proxy.config.socks.accept_enabled
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 0 |
Enables (1) or disables (0) the SOCKS proxy option. As a SOCKS proxy, Traffic Server receives SOCKS traffic (usually on port 1080) and forwards all requests directly to the SOCKS server.
-
proxy.config.socks.accept_port
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 1080 |
Specifies the port on which Traffic Server accepts SOCKS traffic.
-
proxy.config.socks.http_port
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 80 |
Specifies the port on which Traffic Server accepts HTTP proxy requests over SOCKS connections..
Sockets¶
-
proxy.config.net.defer_accept
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 1 |
default: 1
meaning on
all Platforms except Linux: 45
seconds
This directive enables operating system specific optimizations for a listening socket. defer_accept
holds a call to accept(2)
back until data has arrived. In Linux' special case this is up to a maximum of 45 seconds.
-
proxy.config.net.listen_backlog
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | -1 :reloadable: |
This directive sets the maximum number of pending connections. If it is set to -1, Traffic Server will automatically set this to a platform-specific maximum.
-
proxy.config.net.tcp_congestion_control_in
¶
Scope: | CONFIG |
---|---|
Type: | STRING |
Default: | "" |
This directive will override the congestion control algorithm for incoming connections (accept sockets). On linux the allowed values are typically specified in a space separated list in /proc/sys/net/ipv4/tcp_allowed_congestion_control
-
proxy.config.net.tcp_congestion_control_out
¶
Scope: | CONFIG |
---|---|
Type: | STRING |
Default: | "" |
This directive will override the congestion control algorithm for outgoing connections (connect sockets). On linux the allowed values are typically specified in a space separated list in /proc/sys/net/ipv4/tcp_allowed_congestion_control
-
proxy.config.net.sock_send_buffer_size_in
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 0 |
Sets the send buffer size for connections from the client to Traffic Server.
-
proxy.config.net.sock_recv_buffer_size_in
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 0 |
Sets the receive buffer size for connections from the client to Traffic Server.
-
proxy.config.net.sock_option_flag_in
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 0x5 |
Turns different options "on" for the socket handling client connections::
TCP_NODELAY (1)
SO_KEEPALIVE (2)
SO_LINGER (4) - with a timeout of 0 seconds
TCP_FASTOPEN (8)
注釈
This is a bitmask and you need to decide what bits to set. Therefore,
you must set the value to 3
if you want to enable nodelay and
keepalive options above.
注釈
To allow TCP Fast Open for client sockets on Linux, bit 2 of
the net.ipv4.tcp_fastopen
sysctl must be set.
-
proxy.config.net.sock_send_buffer_size_out
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 0 |
Overridable: | Yes |
Sets the send buffer size for connections from Traffic Server to the origin server.
-
proxy.config.net.sock_recv_buffer_size_out
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 0 |
Overridable: | Yes |
Sets the receive buffer size for connections from Traffic Server to the origin server.
-
proxy.config.net.sock_option_flag_out
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 0x1 |
Overridable: | Yes |
Turns different options "on" for the origin server socket::
TCP_NODELAY (1)
SO_KEEPALIVE (2)
SO_LINGER (4) - with a timeout of 0 seconds
TCP_FASTOPEN (8)
注釈
This is a bitmask and you need to decide what bits to set. Therefore,
you must set the value to 3
if you want to enable nodelay and
keepalive options above.
When SO_LINGER is enabled, the linger timeout time is set to 0. This is useful when Traffic Server and the origin server are co-located and large numbers of sockets are retained in the TIME_WAIT state.
注釈
To allow TCP Fast Open for server sockets on Linux, bit 1 of
the net.ipv4.tcp_fastopen
sysctl must be set.
-
proxy.config.net.sock_mss_in
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 0 |
Same as the command line option --accept_mss
that sets the MSS for all incoming requests.
-
proxy.config.net.sock_packet_mark_in
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 0x0 |
Set the packet mark on traffic destined for the client (the packets that make up a client response).
-
proxy.config.net.sock_packet_mark_out
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 0x0 |
Overridable: | Yes |
Set the packet mark on traffic destined for the origin (the packets that make up an origin request).
-
proxy.config.net.sock_packet_tos_in
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 0x0 |
Set the ToS/DiffServ Field on packets sent to the client (the packets that make up a client response).
-
proxy.config.net.sock_packet_tos_out
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 0x0 |
Overridable: | Yes |
Set the ToS/DiffServ Field on packets sent to the origin (the packets that make up an origin request).
-
proxy.config.net.poll_timeout
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 10 (or 30 on Solaris) |
Same as the command line option --poll_timeout
, or -t
, which
specifies the timeout used for the polling mechanism used. This timeout is
always in milliseconds (ms). This is the timeout to epoll_wait()
on
Linux platforms, and to kevent()
on BSD type OSs. The default value is
10
on all platforms.
Changing this configuration can reduce CPU usage on an idle system, since periodic tasks gets processed at these intervals. On busy servers, this overhead is diminished, since polled events triggers morefrequently. However, increasing the setting can also introduce additional latency for certain operations, and timed events. It's recommended not to touch this setting unless your CPU usage is unacceptable at idle workload. Some alternatives to this could be:
Reduce the number of worker threads (net-threads)
Reduce the number of disk (AIO) threads
Make sure accept threads are enabled
The relevant configurations for this are:
CONFIG proxy.config.exec_thread.autoconfig INT 0
CONFIG proxy.config.exec_thread.limit INT 2
CONFIG proxy.config.accept_threads INT 1
CONFIG proxy.config.cache.threads_per_disk INT 8
See Timeout Settings for more discussion on Traffic Server timeouts.
-
proxy.config.task_threads
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 2 |
Specifies the number of task threads to run. These threads are used for various tasks that should be off-loaded from the normal network threads.
-
proxy.config.allocator.thread_freelist_size
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 512 |
Sets the maximum number of elements that can be contained in a ProxyAllocator (per-thread) before returning the objects to the global pool
-
proxy.config.allocator.thread_freelist_low_watermark
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 32 |
Sets the minimum number of items a ProxyAllocator (per-thread) will guarantee to be holding at any one time.
-
proxy.config.allocator.hugepages
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 0 |
Enable (1) the use of huge pages on supported platforms. (Currently only Linux)
You must also enable hugepages at the OS level. In a modern linux Kernel
this can be done by setting /proc/sys/vm/nr_overcommit_hugepages
to a
sufficiently large value. It is reasonable to use (system
memory/hugepage size) because these pages are only created on demand.
For more information on the implications of enabling huge pages, see Wikipedia <http://en.wikipedia.org/wiki/Page_%28computer_memory%29#Page_size_trade-off>_.
-
proxy.config.allocator.dontdump_iobuffers
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 1 |
Enable (1) the exclusion of IO buffers from core files when ATS crashes on supported platforms. (Currently only linux). IO buffers are allocated with the MADV_DONTDUMP with madvise() on linux platforms that support MADV_DONTDUMP. Enabled by default.
-
proxy.config.http.enabled
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 1 |
Turn on or off support for HTTP proxying. This is rarely used, the one exception being if you run Traffic Server with a protocol plugin, and would like for it to not support HTTP requests at all.
-
proxy.config.http.wait_for_cache
¶
Scope: | CONFIG |
---|---|
Type: | INT |
Default: | 0 |
Accepting inbound connections and starting the cache are independent
operations in Traffic Server. This variable controls the relative timing of these
operations and Traffic Server dependency on cache because if cache is required then
inbound connection accepts should be deferred until the validity of the
cache requirement is determined. Cache initialization failure will be logged
in diags.log
.
値 | Description |
---|---|
0 |
Decouple inbound connections and cache initialization. Connections will be accepted as soon as possible and Traffic Server will run regardless of the results of cache initialization. |
1 |
Do not accept inbound connections until cache initialization has finished. Traffic Server will run regardless of the results of cache initialization. |
2 |
Do not accept inbound connections until cache initialization has
finished and been sufficiently successful that cache is enabled. This
means at least one cache span is usable. If there are no spans in
storage.config or none of the spans can be successfully parsed
and initialized then Traffic Server will shut down. |
3 |
Do not accept inbound connections until cache initialization has
finished and been completely successful. This requires at least one
cache span in storage.config and that every span specified is
valid and successfully initialized. Any error will cause Traffic Server to shut
down. |