From d5910a04de68cf35e55de6560a070655bb1af95f Mon Sep 17 00:00:00 2001 From: Dani De Leo Date: Sat, 8 Jun 2024 13:55:07 -0400 Subject: [PATCH] feat: Use @nginx/reference-lib (#323) Switch to using official NGINX libraries for reference material. --- package.json | 14 +- scripts/directives.ts | 372 -- scripts/tsconfig.json | 20 - src/directives.json | 7736 ----------------------------------------- src/directives.ts | 36 + src/index.tsx | 2 +- src/suggestions.ts | 2 +- 7 files changed, 45 insertions(+), 8137 deletions(-) delete mode 100644 scripts/directives.ts delete mode 100644 scripts/tsconfig.json delete mode 100644 src/directives.json create mode 100644 src/directives.ts diff --git a/package.json b/package.json index b79523b..3902647 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "monaco-editor-nginx", - "version": "1.0.16", + "version": "1.1.0", "description": "Nginx language for Monaco Editor.", "main": "cjs/index.js", "module": "esm/index.js", @@ -12,7 +12,6 @@ "start": "kkt start --app-src ./website", "watch": "tsbb watch src/*.{tsx,ts} --use-babel --cjs cjs", "build": "tsbb build src/*.{tsx,ts} --use-babel --cjs cjs --bail", - "get:nginx": "ts-node --project scripts/tsconfig.json scripts/directives.ts", "prettier": "prettier --write \"**/*.{js,jsx,tsx,ts,less,md,json}\"", "map": "source-map-explorer build/static/js/*.js --html build/website-result.html" }, @@ -46,10 +45,11 @@ "@kkt/less-modules": "^7.4.9", "@kkt/raw-modules": "^7.4.9", "@kkt/scope-plugin-options": "^7.4.9", - "@uiw/react-monacoeditor": "^3.5.8", - "@types/turndown": "~5.0.1", + "@nginx/reference-lib": "^1.0.14", "@types/react": "^18.0.31", "@types/react-dom": "^18.0.11", + "@types/turndown": "~5.0.1", + "@uiw/react-monacoeditor": "^3.5.8", "@wcj/dark-mode": "^1.0.13", "cheerio": "~1.0.0-rc.10", "compile-less-cli": "~1.9.0", @@ -62,10 +62,10 @@ "react": "^18.2.0", "react-dom": "^18.2.0", "source-map-explorer": "^2.5.3", - "turndown": "^7.1.2", "ts-node": "^10.9.1", - "typescript": "^5.1.3", - "tsbb": "^4.1.11" + "tsbb": "^4.1.11", + "turndown": "^7.1.2", + "typescript": "^5.1.3" }, "overrides": { "typescript": "^5.1.3" diff --git a/scripts/directives.ts b/scripts/directives.ts deleted file mode 100644 index 5c7546a..0000000 --- a/scripts/directives.ts +++ /dev/null @@ -1,372 +0,0 @@ -import { load, CheerioAPI, Cheerio, Element } from 'cheerio'; -import fs from 'fs'; -import https from 'https'; -import { parse } from 'url'; -import path from 'path'; -import TurndownService from 'turndown'; - -type ResultDataItem = Omit & { d: string }; -type DataItem = { - /** directive name */ - n: string; - /** module name */ - m: string; - /** directive detail */ - d: string[]; - /** default value */ - v?: string; - /** context */ - c?: string; - /** syntax */ - s?: string; -}; - -const turndownService = new TurndownService({ - // codeBlockStyle: 'fenced' -}); - -async function request(url: string): Promise { - let responseData = ''; - return new Promise((resolve, reject) => { - const myURL = parse(url); - const req = https.request( - { - hostname: myURL.hostname, - path: myURL.path, - method: 'GET', - }, - (res) => { - res.on('data', (data) => (responseData += data.toString())); - res.on('end', () => resolve(responseData)); - res.on('error', (error) => reject(error)); - }, - ); - req.on('error', (error) => reject(error)); - req.end(); - }); -} - -function nextSibling(child: Element, opt: { tagName: string; class?: string }) { - let nextNode = child; - let result = undefined; - do { - nextNode = nextNode.nextSibling as Element; - if ( - nextNode && - nextNode.name && - (opt.tagName ? nextNode.tagName === opt.tagName : false) && - (opt.class ? nextNode.attribs.class === opt.class : true) - ) { - result = nextNode; - } - } while (!!nextNode); - return result; -} - -function getVariablesCompactElement(child: Element, $: CheerioAPI): Element { - let nextNode = child; - let result = null; - do { - nextNode = nextNode?.next as Element; - if (nextNode?.tagName === 'dl' && nextNode?.attribs?.class === 'compact') { - result = nextNode; - nextNode = null; - } - } while (!!nextNode); - return result; -} - -function getSyntaxElement(child: Element, $: CheerioAPI) { - let nextNode = child; - let syntax = ''; - let defaultValue = ''; - let context = ''; - const detail: string[] = []; - do { - nextNode = nextNode?.nextSibling as Element; - if (nextNode?.tagName === 'a') { - nextNode = null; - } - if (nextNode && nextNode.attribs?.class === 'directive') { - const tr = $(nextNode).find('table tr'); - syntax = turndownService.turndown($('td', tr[0]).html()); - defaultValue = turndownService.turndown($('td', tr[1]).html()); - context = turndownService.turndown($('td', tr[2]).html()); - } else if (nextNode) { - const html = $(nextNode).html(); - if (html && nextNode.attribs?.class === 'example') { - detail.push(`\`\`\`\n${$(nextNode).text() || ''}\n\`\`\``); - } else if (html) { - detail.push(turndownService.turndown(html || '')); - } - } - } while (!!nextNode); - return { syntax, defaultValue, context, detail }; -} - -async function getData(url: string) { - console.log(`\x1b[1;35m Request URL:\x1b[0m =>\x1b[34m ${url} \x1b[0m`); - try { - const data = await request(url); - if (data) { - const $ = load(data); - const children = $('#content').children(); - const module = children - .first() - .text() - .replace(/^Module /g, ''); - const result: DataItem[] = []; - let resultItem: DataItem = { - m: module, - n: '', - d: [], - }; - let variables: Cheerio; - children.each((_, child) => { - const data: DataItem = { ...resultItem }; - if ( - child.attribs?.name && - child.tagName === 'a' && - !/^(directives|example|variables|summary)/.test(child.attribs?.name) - ) { - data.n = child.attribs.name; - const { syntax, defaultValue, context, detail } = getSyntaxElement(child, $); - data.s = syntax; - data.v = defaultValue; - data.c = context; - data.d = detail.filter(Boolean); - result.push(data); - } else if (child.attribs?.name === 'variables' && child.tagName === 'a') { - const compact = getVariablesCompactElement(child, $); - variables = $(compact).children(); - variables.each((_, compactChild) => { - if (compactChild.tagName === 'dt' && compactChild.attribs.id) { - result.push({ - m: module, - n: $(compactChild).text(), - d: [turndownService.turndown($(nextSibling(compactChild, { tagName: 'dd' })).html())], - }); - } - }); - } - }); - const directivesData: ResultDataItem[] = [...result] - .map((item) => { - const data: ResultDataItem = { m: item.m, n: item.n, d: item.d.join('\n') }; - if (item.v && item.v.replace(/^—+/g, '')) { - data.v = item.v.replace(/^—+/g, ''); - } - if (item.c) { - data.c = item.c; - } - if (item.s && item.s.replace(/(^`+)|(`+$)/g, '')) { - data.s = item.s.replace(/(^`+)|(`+$)/g, ''); - } - data.d = data.d.replace(/\[(.[^\]]+)\]\((.[^)]+)\)/g, (str, $1, $2) => { - if (/^#/.test($2)) { - return `[${$1}](${url}${$2})`; - } else if (/^\./.test($2) || !/^http(s)?:/.test($2)) { - return `[${$1}](https:/${path.resolve(path.dirname(url.replace(/^https:\//, '')), $2)})`; - } - return str; - }); - return { ...data }; - }) - .filter((m) => m.n && !/^(directives|example|summary)/.test(m.n)); - console.log(`\x1b[35m ->\x1b[0m Data Length:\x1b[32m ${directivesData.length} \x1b[0m`); - console.log(`\x1b[35m ->\x1b[0m Find Variables Node:\x1b[36m ${variables ? $(variables).length : 0} \x1b[0m`); - return directivesData; - } - return []; - } catch (error) { - console.log('ERR:GETDATA:', error); - process.exit(); - } -} - -(async () => { - let resultData: ResultDataItem[] = []; - - const core = await getData('https://nginx.org/en/docs/ngx_core_module.html'); - - const http_core = await getData('https://nginx.org/en/docs/http/ngx_http_core_module.html'); - const http_access = await getData('https://nginx.org/en/docs/http/ngx_http_access_module.html'); - const http_addition = await getData('https://nginx.org/en/docs/http/ngx_http_addition_module.html'); - const http_api = await getData('https://nginx.org/en/docs/http/ngx_http_api_module.html'); - const http_auth_basic = await getData('https://nginx.org/en/docs/http/ngx_http_auth_basic_module.html'); - const http_auth_jwt = await getData('https://nginx.org/en/docs/http/ngx_http_auth_jwt_module.html'); - const http_auth_request = await getData('https://nginx.org/en/docs/http/ngx_http_auth_request_module.html'); - const http_autoindex = await getData('https://nginx.org/en/docs/http/ngx_http_autoindex_module.html'); - const http_browser = await getData('https://nginx.org/en/docs/http/ngx_http_browser_module.html'); - const http_charset = await getData('https://nginx.org/en/docs/http/ngx_http_charset_module.html'); - const http_dav = await getData('https://nginx.org/en/docs/http/ngx_http_dav_module.html'); - const http_empty_gif = await getData('https://nginx.org/en/docs/http/ngx_http_empty_gif_module.html'); - const http_f4f = await getData('https://nginx.org/en/docs/http/ngx_http_f4f_module.html'); - const http_fastcgi = await getData('https://nginx.org/en/docs/http/ngx_http_fastcgi_module.html'); - const http_flv = await getData('https://nginx.org/en/docs/http/ngx_http_flv_module.html'); - const http_geo = await getData('https://nginx.org/en/docs/http/ngx_http_geo_module.html'); - const http_geoip = await getData('https://nginx.org/en/docs/http/ngx_http_geoip_module.html'); - const http_grpc = await getData('https://nginx.org/en/docs/http/ngx_http_grpc_module.html'); - const http_gunzip = await getData('https://nginx.org/en/docs/http/ngx_http_gunzip_module.html'); - const http_gzip = await getData('https://nginx.org/en/docs/http/ngx_http_gzip_module.html'); - const http_gzip_static = await getData('https://nginx.org/en/docs/http/ngx_http_gzip_static_module.html'); - const http_headers = await getData('https://nginx.org/en/docs/http/ngx_http_headers_module.html'); - const http_hls = await getData('https://nginx.org/en/docs/http/ngx_http_hls_module.html'); - const http_image_filter = await getData('https://nginx.org/en/docs/http/ngx_http_image_filter_module.html'); - const http_index = await getData('https://nginx.org/en/docs/http/ngx_http_index_module.html'); - const http_js = await getData('https://nginx.org/en/docs/http/ngx_http_js_module.html'); - const http_keyval = await getData('https://nginx.org/en/docs/http/ngx_http_keyval_module.html'); - const http_limit_conn = await getData('https://nginx.org/en/docs/http/ngx_http_limit_conn_module.html'); - const http_limit_req = await getData('https://nginx.org/en/docs/http/ngx_http_limit_req_module.html'); - const http_log = await getData('https://nginx.org/en/docs/http/ngx_http_log_module.html'); - const http_map = await getData('https://nginx.org/en/docs/http/ngx_http_map_module.html'); - const http_memcached = await getData('https://nginx.org/en/docs/http/ngx_http_memcached_module.html'); - const http_mirror = await getData('https://nginx.org/en/docs/http/ngx_http_mirror_module.html'); - const http_mp4 = await getData('https://nginx.org/en/docs/http/ngx_http_mp4_module.html'); - const http_perl = await getData('https://nginx.org/en/docs/http/ngx_http_perl_module.html'); - const http_proxy = await getData('https://nginx.org/en/docs/http/ngx_http_proxy_module.html'); - const http_random_index = await getData('https://nginx.org/en/docs/http/ngx_http_random_index_module.html'); - const http_realip = await getData('https://nginx.org/en/docs/http/ngx_http_realip_module.html'); - const http_referer = await getData('https://nginx.org/en/docs/http/ngx_http_referer_module.html'); - const http_rewrite = await getData('https://nginx.org/en/docs/http/ngx_http_rewrite_module.html'); - const http_scgi = await getData('https://nginx.org/en/docs/http/ngx_http_scgi_module.html'); - const http_secure_link = await getData('https://nginx.org/en/docs/http/ngx_http_secure_link_module.html'); - const http_session_log = await getData('https://nginx.org/en/docs/http/ngx_http_session_log_module.html'); - const http_slice = await getData('https://nginx.org/en/docs/http/ngx_http_slice_module.html'); - const http_spdy = await getData('https://nginx.org/en/docs/http/ngx_http_spdy_module.html'); - const http_split_clients = await getData('https://nginx.org/en/docs/http/ngx_http_split_clients_module.html'); - const http_ssi = await getData('https://nginx.org/en/docs/http/ngx_http_ssi_module.html'); - const http_ssl = await getData('https://nginx.org/en/docs/http/ngx_http_ssl_module.html'); - const http_status = await getData('https://nginx.org/en/docs/http/ngx_http_status_module.html'); - const http_stub_status = await getData('https://nginx.org/en/docs/http/ngx_http_stub_status_module.html'); - const http_sub = await getData('https://nginx.org/en/docs/http/ngx_http_sub_module.html'); - const http_upstream = await getData('https://nginx.org/en/docs/http/ngx_http_upstream_module.html'); - const http_upstream_conf = await getData('https://nginx.org/en/docs/http/ngx_http_upstream_conf_module.html'); - const http_upstream_hc = await getData('https://nginx.org/en/docs/http/ngx_http_upstream_hc_module.html'); - const http_userid = await getData('https://nginx.org/en/docs/http/ngx_http_userid_module.html'); - const http_uwsgi = await getData('https://nginx.org/en/docs/http/ngx_http_uwsgi_module.html'); - const http_v2 = await getData('https://nginx.org/en/docs/http/ngx_http_v2_module.html'); - const http_xslt = await getData('https://nginx.org/en/docs/http/ngx_http_xslt_module.html'); - - const mail_core = await getData('https://nginx.org/en/docs/mail/ngx_mail_core_module.html'); - const mail_auth_http = await getData('https://nginx.org/en/docs/mail/ngx_mail_auth_http_module.html'); - const mail_proxy = await getData('https://nginx.org/en/docs/mail/ngx_mail_proxy_module.html'); - const mail_ssl = await getData('https://nginx.org/en/docs/mail/ngx_mail_ssl_module.html'); - const mail_imap = await getData('https://nginx.org/en/docs/mail/ngx_mail_imap_module.html'); - const mail_pop3 = await getData('https://nginx.org/en/docs/mail/ngx_mail_pop3_module.html'); - const mail_smtp = await getData('https://nginx.org/en/docs/mail/ngx_mail_smtp_module.html'); - - const stream_core = await getData('https://nginx.org/en/docs/stream/ngx_stream_core_module.html'); - const stream_access = await getData('https://nginx.org/en/docs/stream/ngx_stream_access_module.html'); - const stream_geo = await getData('https://nginx.org/en/docs/stream/ngx_stream_geo_module.html'); - const stream_geoip = await getData('https://nginx.org/en/docs/stream/ngx_stream_geoip_module.html'); - const stream_js = await getData('https://nginx.org/en/docs/stream/ngx_stream_js_module.html'); - const stream_keyval = await getData('https://nginx.org/en/docs/stream/ngx_stream_keyval_module.html'); - const stream_limit_conn = await getData('https://nginx.org/en/docs/stream/ngx_stream_limit_conn_module.html'); - const stream_log = await getData('https://nginx.org/en/docs/stream/ngx_stream_log_module.html'); - const stream_map = await getData('https://nginx.org/en/docs/stream/ngx_stream_map_module.html'); - const stream_proxy = await getData('https://nginx.org/en/docs/stream/ngx_stream_proxy_module.html'); - const stream_realip = await getData('https://nginx.org/en/docs/stream/ngx_stream_realip_module.html'); - const stream_return = await getData('https://nginx.org/en/docs/stream/ngx_stream_return_module.html'); - const stream_set = await getData('https://nginx.org/en/docs/stream/ngx_stream_set_module.html'); - const stream_split_clients = await getData('https://nginx.org/en/docs/stream/ngx_stream_split_clients_module.html'); - const stream_ssl = await getData('https://nginx.org/en/docs/stream/ngx_stream_ssl_module.html'); - const stream_ssl_preread = await getData('https://nginx.org/en/docs/stream/ngx_stream_ssl_preread_module.html'); - const stream_upstream = await getData('https://nginx.org/en/docs/stream/ngx_stream_upstream_module.html'); - const stream_upstream_hc = await getData('https://nginx.org/en/docs/stream/ngx_stream_upstream_hc_module.html'); - const stream_zone_sync = await getData('https://nginx.org/en/docs/stream/ngx_stream_zone_sync_module.html'); - - const google_perftools = await getData('https://nginx.org/en/docs/ngx_google_perftools_module.html'); - - resultData = resultData.concat( - core, - http_core, - http_access, - http_addition, - http_api, - http_auth_basic, - http_auth_jwt, - http_auth_request, - http_autoindex, - http_browser, - http_charset, - http_dav, - http_empty_gif, - http_f4f, - http_fastcgi, - http_flv, - http_geo, - http_geoip, - http_grpc, - http_gunzip, - http_gzip, - http_gzip_static, - http_headers, - http_hls, - http_image_filter, - http_index, - http_js, - http_keyval, - http_limit_conn, - http_limit_req, - http_log, - http_map, - http_memcached, - http_mirror, - http_mp4, - http_perl, - http_proxy, - http_random_index, - http_realip, - http_referer, - http_rewrite, - http_scgi, - http_secure_link, - http_session_log, - http_slice, - http_spdy, - http_split_clients, - http_ssi, - http_ssl, - http_status, - http_stub_status, - http_sub, - http_upstream, - http_upstream_conf, - http_upstream_hc, - http_userid, - http_uwsgi, - http_v2, - http_xslt, - mail_core, - mail_auth_http, - mail_proxy, - mail_ssl, - mail_imap, - mail_pop3, - mail_smtp, - stream_core, - stream_access, - stream_geo, - stream_geoip, - stream_js, - stream_keyval, - stream_limit_conn, - stream_log, - stream_map, - stream_proxy, - stream_realip, - stream_return, - stream_set, - stream_split_clients, - stream_ssl, - stream_ssl_preread, - stream_upstream, - stream_upstream_hc, - stream_zone_sync, - google_perftools, - ); - await fs.promises.writeFile(path.resolve(process.cwd(), 'src/directives.json'), JSON.stringify(resultData, null, 2)); - console.log(`\x1b[1;35m Done:\x1b[0m\x1b[32m ${path.resolve(process.cwd(), 'src/directives.json')} \x1b[0m`); - console.log(`\x1b[1;35m -> DataSource Length:\x1b[0m\x1b[32m ${resultData.length} \x1b[0m`); -})(); diff --git a/scripts/tsconfig.json b/scripts/tsconfig.json deleted file mode 100644 index 15fe32c..0000000 --- a/scripts/tsconfig.json +++ /dev/null @@ -1,20 +0,0 @@ -{ - "compilerOptions": { - "module": "CommonJS", - "target": "ESNext", - "esModuleInterop": true, - "declaration": true, - "noImplicitAny": true, - "resolveJsonModule": true, - "moduleResolution": "node", - "strict": false, - "composite": true, - "emitDecoratorMetadata": true, - "experimentalDecorators": true, - "sourceMap": true, - "outDir": "libs", - "skipLibCheck": true, - "forceConsistentCasingInFileNames": true, - "baseUrl": "." - } -} diff --git a/src/directives.json b/src/directives.json deleted file mode 100644 index 9b924b7..0000000 --- a/src/directives.json +++ /dev/null @@ -1,7736 +0,0 @@ -[ - { - "m": "Core functionality", - "n": "accept_mutex", - "d": "If `accept_mutex` is enabled, worker processes will accept new connections by turn. Otherwise, all worker processes will be notified about new connections, and if volume of new connections is low, some of the worker processes may just waste system resources.\nThere is no need to enable `accept_mutex` on systems that support the [EPOLLEXCLUSIVE](https://nginx.org/en/docs/events.html#epoll) flag (1.11.3) or when using [reuseport](https://nginx.org/en/docs/http/ngx_http_core_module.html#reuseport).\n\nPrior to version 1.11.3, the default value was `on`.\n", - "v": "accept\\_mutex off;", - "c": "`events`", - "s": "**accept_mutex** `on` | `off`;" - }, - { - "m": "Core functionality", - "n": "accept_mutex_delay", - "d": "If [accept\\_mutex](https://nginx.org/en/docs/ngx_core_module.html#accept_mutex) is enabled, specifies the maximum time during which a worker process will try to restart accepting new connections if another worker process is currently accepting new connections.", - "v": "accept\\_mutex\\_delay 500ms;", - "c": "`events`", - "s": "**accept_mutex_delay** `_time_`;" - }, - { - "m": "Core functionality", - "n": "daemon", - "d": "Determines whether nginx should become a daemon. Mainly used during development.", - "v": "daemon on;", - "c": "`main`", - "s": "**daemon** `on` | `off`;" - }, - { - "m": "Core functionality", - "n": "debug_connection", - "d": "Enables debugging log for selected client connections. Other connections will use logging level set by the [error\\_log](https://nginx.org/en/docs/ngx_core_module.html#error_log) directive. Debugged connections are specified by IPv4 or IPv6 (1.3.0, 1.2.1) address or network. A connection may also be specified using a hostname. For connections using UNIX-domain sockets (1.3.0, 1.2.1), debugging log is enabled by the “`unix:`” parameter.\n```\nevents {\n debug_connection 127.0.0.1;\n debug_connection localhost;\n debug_connection 192.0.2.0/24;\n debug_connection ::1;\n debug_connection 2001:0db8::/32;\n debug_connection unix:;\n ...\n}\n\n```\n\nFor this directive to work, nginx needs to be built with `--with-debug`, see “[A debugging log](https://nginx.org/en/docs/debugging_log.html)”.\n", - "c": "`events`", - "s": "**debug_connection** `_address_` | `_CIDR_` | `unix:`;" - }, - { - "m": "Core functionality", - "n": "debug_points", - "d": "This directive is used for debugging.\nWhen internal error is detected, e.g. the leak of sockets on restart of working processes, enabling `debug_points` leads to a core file creation (`abort`) or to stopping of a process (`stop`) for further analysis using a system debugger.", - "c": "`main`", - "s": "**debug_points** `abort` | `stop`;" - }, - { - "m": "Core functionality", - "n": "env", - "d": "By default, nginx removes all environment variables inherited from its parent process except the TZ variable. This directive allows preserving some of the inherited variables, changing their values, or creating new environment variables. These variables are then:\n* inherited during a [live upgrade](https://nginx.org/en/docs/control.html#upgrade) of an executable file;\n* used by the [ngx\\_http\\_perl\\_module](https://nginx.org/en/docs/http/ngx_http_perl_module.html) module;\n* used by worker processes. One should bear in mind that controlling system libraries in this way is not always possible as it is common for libraries to check variables only during initialization, well before they can be set using this directive. An exception from this is an above mentioned [live upgrade](https://nginx.org/en/docs/control.html#upgrade) of an executable file.\n\nThe TZ variable is always inherited and available to the [ngx\\_http\\_perl\\_module](https://nginx.org/en/docs/http/ngx_http_perl_module.html) module, unless it is configured explicitly.\nUsage example:\n```\nenv MALLOC_OPTIONS;\nenv PERL5LIB=/data/site/modules;\nenv OPENSSL_ALLOW_PROXY_CERTS=1;\n\n```\n\n\nThe NGINX environment variable is used internally by nginx and should not be set directly by the user.\n", - "v": "env TZ;", - "c": "`main`", - "s": "**env** `_variable_`[=`_value_`];" - }, - { - "m": "Core functionality", - "n": "error_log", - "d": "Configures logging. Several logs can be specified on the same configuration level (1.5.2). If on the `main` configuration level writing a log to a file is not explicitly defined, the default file will be used.\nThe first parameter defines a `_file_` that will store the log. The special value `stderr` selects the standard error file. Logging to [syslog](https://nginx.org/en/docs/syslog.html) can be configured by specifying the “`syslog:`” prefix. Logging to a [cyclic memory buffer](https://nginx.org/en/docs/debugging_log.html#memory) can be configured by specifying the “`memory:`” prefix and buffer `_size_`, and is generally used for debugging (1.7.11).\nThe second parameter determines the `_level_` of logging, and can be one of the following: `debug`, `info`, `notice`, `warn`, `error`, `crit`, `alert`, or `emerg`. Log levels above are listed in the order of increasing severity. Setting a certain log level will cause all messages of the specified and more severe log levels to be logged. For example, the default level `error` will cause `error`, `crit`, `alert`, and `emerg` messages to be logged. If this parameter is omitted then `error` is used.\nFor `debug` logging to work, nginx needs to be built with `--with-debug`, see “[A debugging log](https://nginx.org/en/docs/debugging_log.html)”.\n\nThe directive can be specified on the `stream` level starting from version 1.7.11, and on the `mail` level starting from version 1.9.0.\n", - "v": "error\\_log logs/error.log error;", - "c": "`main`, `http`, `mail`, `stream`, `server`, `location`", - "s": "**error_log** `_file_` [`_level_`];" - }, - { - "m": "Core functionality", - "n": "events", - "d": "Provides the configuration file context in which the directives that affect connection processing are specified.", - "c": "`main`", - "s": "**events** { ... }" - }, - { - "m": "Core functionality", - "n": "include", - "d": "Includes another `_file_`, or files matching the specified `_mask_`, into configuration. Included files should consist of syntactically correct directives and blocks.\nUsage example:\n```\ninclude mime.types;\ninclude vhosts/*.conf;\n\n```\n", - "c": "`any`", - "s": "**include** `_file_` | `_mask_`;" - }, - { - "m": "Core functionality", - "n": "load_module", - "d": "Loads a dynamic module.\nExample:\n```\nload_module modules/ngx_mail_module.so;\n\n```\n", - "c": "`main`", - "s": "**load_module** `_file_`;" - }, - { - "m": "Core functionality", - "n": "lock_file", - "d": "nginx uses the locking mechanism to implement [accept\\_mutex](https://nginx.org/en/docs/ngx_core_module.html#accept_mutex) and serialize access to shared memory. On most systems the locks are implemented using atomic operations, and this directive is ignored. On other systems the “lock file” mechanism is used. This directive specifies a prefix for the names of lock files.", - "v": "lock\\_file logs/nginx.lock;", - "c": "`main`", - "s": "**lock_file** `_file_`;" - }, - { - "m": "Core functionality", - "n": "master_process", - "d": "Determines whether worker processes are started. This directive is intended for nginx developers.", - "v": "master\\_process on;", - "c": "`main`", - "s": "**master_process** `on` | `off`;" - }, - { - "m": "Core functionality", - "n": "multi_accept", - "d": "If `multi_accept` is disabled, a worker process will accept one new connection at a time. Otherwise, a worker process will accept all new connections at a time.\nThe directive is ignored if [kqueue](https://nginx.org/en/docs/events.html#kqueue) connection processing method is used, because it reports the number of new connections waiting to be accepted.\n", - "v": "multi\\_accept off;", - "c": "`events`", - "s": "**multi_accept** `on` | `off`;" - }, - { - "m": "Core functionality", - "n": "pcre_jit", - "d": "Enables or disables the use of “just-in-time compilation” (PCRE JIT) for the regular expressions known by the time of configuration parsing.\nPCRE JIT can speed up processing of regular expressions significantly.\nThe JIT is available in PCRE libraries starting from version 8.20 built with the `--enable-jit` configuration parameter. When the PCRE library is built with nginx (`--with-pcre=`), the JIT support is enabled via the `--with-pcre-jit` configuration parameter.\n", - "v": "pcre\\_jit off;", - "c": "`main`", - "s": "**pcre_jit** `on` | `off`;" - }, - { - "m": "Core functionality", - "n": "pid", - "d": "Defines a `_file_` that will store the process ID of the main process.", - "v": "pid logs/nginx.pid;", - "c": "`main`", - "s": "**pid** `_file_`;" - }, - { - "m": "Core functionality", - "n": "ssl_engine", - "d": "Defines the name of the hardware SSL accelerator.", - "c": "`main`", - "s": "**ssl_engine** `_device_`;" - }, - { - "m": "Core functionality", - "n": "thread_pool", - "d": "Defines the `_name_` and parameters of a thread pool used for multi-threaded reading and sending of files [without blocking](https://nginx.org/en/docs/http/ngx_http_core_module.html#aio) worker processes.\nThe `threads` parameter defines the number of threads in the pool.\nIn the event that all threads in the pool are busy, a new task will wait in the queue. The `max_queue` parameter limits the number of tasks allowed to be waiting in the queue. By default, up to 65536 tasks can wait in the queue. When the queue overflows, the task is completed with an error.", - "v": "thread\\_pool default threads=32 max\\_queue=65536;", - "c": "`main`", - "s": "**thread_pool** `_name_` `threads`=`_number_` [`max_queue`=`_number_`];" - }, - { - "m": "Core functionality", - "n": "timer_resolution", - "d": "Reduces timer resolution in worker processes, thus reducing the number of `gettimeofday()` system calls made. By default, `gettimeofday()` is called each time a kernel event is received. With reduced resolution, `gettimeofday()` is only called once per specified `_interval_`.\nExample:\n```\ntimer_resolution 100ms;\n\n```\n\nInternal implementation of the interval depends on the method used:\n* the `EVFILT_TIMER` filter if `kqueue` is used;\n* `timer_create()` if `eventport` is used;\n* `setitimer()` otherwise.\n", - "c": "`main`", - "s": "**timer_resolution** `_interval_`;" - }, - { - "m": "Core functionality", - "n": "use", - "d": "Specifies the [connection processing](https://nginx.org/en/docs/events.html) `_method_` to use. There is normally no need to specify it explicitly, because nginx will by default use the most efficient method.", - "c": "`events`", - "s": "**use** `_method_`;" - }, - { - "m": "Core functionality", - "n": "user", - "d": "Defines `_user_` and `_group_` credentials used by worker processes. If `_group_` is omitted, a group whose name equals that of `_user_` is used.", - "v": "user nobody nobody;", - "c": "`main`", - "s": "**user** `_user_` [`_group_`];" - }, - { - "m": "Core functionality", - "n": "worker_aio_requests", - "d": "When using [aio](https://nginx.org/en/docs/http/ngx_http_core_module.html#aio) with the [epoll](https://nginx.org/en/docs/events.html#epoll) connection processing method, sets the maximum `_number_` of outstanding asynchronous I/O operations for a single worker process.", - "v": "worker\\_aio\\_requests 32;", - "c": "`events`", - "s": "**worker_aio_requests** `_number_`;" - }, - { - "m": "Core functionality", - "n": "worker_connections", - "d": "Sets the maximum number of simultaneous connections that can be opened by a worker process.\nIt should be kept in mind that this number includes all connections (e.g. connections with proxied servers, among others), not only connections with clients. Another consideration is that the actual number of simultaneous connections cannot exceed the current limit on the maximum number of open files, which can be changed by [worker\\_rlimit\\_nofile](https://nginx.org/en/docs/ngx_core_module.html#worker_rlimit_nofile).", - "v": "worker\\_connections 512;", - "c": "`events`", - "s": "**worker_connections** `_number_`;" - }, - { - "m": "Core functionality", - "n": "worker_cpu_affinity", - "d": "Binds worker processes to the sets of CPUs. Each CPU set is represented by a bitmask of allowed CPUs. There should be a separate set defined for each of the worker processes. By default, worker processes are not bound to any specific CPUs.\nFor example,\n```\nworker_processes 4;\nworker_cpu_affinity 0001 0010 0100 1000;\n\n```\nbinds each worker process to a separate CPU, while\n```\nworker_processes 2;\nworker_cpu_affinity 0101 1010;\n\n```\nbinds the first worker process to CPU0/CPU2, and the second worker process to CPU1/CPU3. The second example is suitable for hyper-threading.\nThe special value `auto` (1.9.10) allows binding worker processes automatically to available CPUs:\n```\nworker_processes auto;\nworker_cpu_affinity auto;\n\n```\nThe optional mask parameter can be used to limit the CPUs available for automatic binding:\n```\nworker_cpu_affinity auto 01010101;\n\n```\n\n\nThe directive is only available on FreeBSD and Linux.\n", - "c": "`main`", - "s": "**worker_cpu_affinity** `_cpumask_` ...;`` \n``**worker_cpu_affinity** `auto` [`_cpumask_`];" - }, - { - "m": "Core functionality", - "n": "worker_priority", - "d": "Defines the scheduling priority for worker processes like it is done by the `nice` command: a negative `_number_` means higher priority. Allowed range normally varies from -20 to 20.\nExample:\n```\nworker_priority -10;\n\n```\n", - "v": "worker\\_priority 0;", - "c": "`main`", - "s": "**worker_priority** `_number_`;" - }, - { - "m": "Core functionality", - "n": "worker_processes", - "d": "Defines the number of worker processes.\nThe optimal value depends on many factors including (but not limited to) the number of CPU cores, the number of hard disk drives that store data, and load pattern. When one is in doubt, setting it to the number of available CPU cores would be a good start (the value “`auto`” will try to autodetect it).\nThe `auto` parameter is supported starting from versions 1.3.8 and 1.2.5.\n", - "v": "worker\\_processes 1;", - "c": "`main`", - "s": "**worker_processes** `_number_` | `auto`;" - }, - { - "m": "Core functionality", - "n": "worker_rlimit_core", - "d": "Changes the limit on the largest size of a core file (`RLIMIT_CORE`) for worker processes. Used to increase the limit without restarting the main process.", - "c": "`main`", - "s": "**worker_rlimit_core** `_size_`;" - }, - { - "m": "Core functionality", - "n": "worker_rlimit_nofile", - "d": "Changes the limit on the maximum number of open files (`RLIMIT_NOFILE`) for worker processes. Used to increase the limit without restarting the main process.", - "c": "`main`", - "s": "**worker_rlimit_nofile** `_number_`;" - }, - { - "m": "Core functionality", - "n": "worker_shutdown_timeout", - "d": "Configures a timeout for a graceful shutdown of worker processes. When the `_time_` expires, nginx will try to close all the connections currently open to facilitate shutdown.", - "c": "`main`", - "s": "**worker_shutdown_timeout** `_time_`;" - }, - { - "m": "Core functionality", - "n": "working_directory", - "d": "Defines the current working directory for a worker process. It is primarily used when writing a core-file, in which case a worker process should have write permission for the specified directory.", - "c": "`main`", - "s": "**working_directory** `_directory_`;" - }, - { - "m": "ngx_http_core_module", - "n": "absolute_redirect", - "d": "If disabled, redirects issued by nginx will be relative.\nSee also [server\\_name\\_in\\_redirect](https://nginx.org/en/docs/http/ngx_http_core_module.html#server_name_in_redirect) and [port\\_in\\_redirect](https://nginx.org/en/docs/http/ngx_http_core_module.html#port_in_redirect) directives.", - "v": "absolute\\_redirect on;", - "c": "`http`, `server`, `location`", - "s": "**absolute_redirect** `on` | `off`;" - }, - { - "m": "ngx_http_core_module", - "n": "aio", - "d": "Enables or disables the use of asynchronous file I/O (AIO) on FreeBSD and Linux:\n```\nlocation /video/ {\n aio on;\n output_buffers 1 64k;\n}\n\n```\n\nOn FreeBSD, AIO can be used starting from FreeBSD 4.3. Prior to FreeBSD 11.0, AIO can either be linked statically into a kernel:\n```\noptions VFS_AIO\n\n```\nor loaded dynamically as a kernel loadable module:\n```\nkldload aio\n\n```\n\nOn Linux, AIO can be used starting from kernel version 2.6.22. Also, it is necessary to enable [directio](https://nginx.org/en/docs/http/ngx_http_core_module.html#directio), or otherwise reading will be blocking:\n```\nlocation /video/ {\n aio on;\n directio 512;\n output_buffers 1 128k;\n}\n\n```\n\nOn Linux, [directio](https://nginx.org/en/docs/http/ngx_http_core_module.html#directio) can only be used for reading blocks that are aligned on 512-byte boundaries (or 4K for XFS). File’s unaligned end is read in blocking mode. The same holds true for byte range requests and for FLV requests not from the beginning of a file: reading of unaligned data at the beginning and end of a file will be blocking.\nWhen both AIO and [sendfile](https://nginx.org/en/docs/http/ngx_http_core_module.html#sendfile) are enabled on Linux, AIO is used for files that are larger than or equal to the size specified in the [directio](https://nginx.org/en/docs/http/ngx_http_core_module.html#directio) directive, while [sendfile](https://nginx.org/en/docs/http/ngx_http_core_module.html#sendfile) is used for files of smaller sizes or when [directio](https://nginx.org/en/docs/http/ngx_http_core_module.html#directio) is disabled.\n```\nlocation /video/ {\n sendfile on;\n aio on;\n directio 8m;\n}\n\n```\n\nFinally, files can be read and [sent](https://nginx.org/en/docs/http/ngx_http_core_module.html#sendfile) using multi-threading (1.7.11), without blocking a worker process:\n```\nlocation /video/ {\n sendfile on;\n aio threads;\n}\n\n```\nRead and send file operations are offloaded to threads of the specified [pool](https://nginx.org/en/docs/ngx_core_module.html#thread_pool). If the pool name is omitted, the pool with the name “`default`” is used. The pool name can also be set with variables:\n```\naio threads=pool$disk;\n\n```\nBy default, multi-threading is disabled, it should be enabled with the `--with-threads` configuration parameter. Currently, multi-threading is compatible only with the [epoll](https://nginx.org/en/docs/events.html#epoll), [kqueue](https://nginx.org/en/docs/events.html#kqueue), and [eventport](https://nginx.org/en/docs/events.html#eventport) methods. Multi-threaded sending of files is only supported on Linux.\nSee also the [sendfile](https://nginx.org/en/docs/http/ngx_http_core_module.html#sendfile) directive.", - "v": "aio off;", - "c": "`http`, `server`, `location`", - "s": "**aio** `on` | `off` | `threads`[`=``_pool_`];" - }, - { - "m": "ngx_http_core_module", - "n": "aio_write", - "d": "If [aio](https://nginx.org/en/docs/http/ngx_http_core_module.html#aio) is enabled, specifies whether it is used for writing files. Currently, this only works when using `aio threads` and is limited to writing temporary files with data received from proxied servers.", - "v": "aio\\_write off;", - "c": "`http`, `server`, `location`", - "s": "**aio_write** `on` | `off`;" - }, - { - "m": "ngx_http_core_module", - "n": "alias", - "d": "Defines a replacement for the specified location. For example, with the following configuration\n```\nlocation /i/ {\n alias /data/w3/images/;\n}\n\n```\non request of “`/i/top.gif`”, the file `/data/w3/images/top.gif` will be sent.\nThe `_path_` value can contain variables, except `$document_root` and `$realpath_root`.\nIf `alias` is used inside a location defined with a regular expression then such regular expression should contain captures and `alias` should refer to these captures (0.7.40), for example:\n```\nlocation ~ ^/users/(.+\\.(?:gif|jpe?g|png))$ {\n alias /data/w3/images/$1;\n}\n\n```\n\nWhen location matches the last part of the directive’s value:\n```\nlocation /images/ {\n alias /data/w3/images/;\n}\n\n```\nit is better to use the [root](https://nginx.org/en/docs/http/ngx_http_core_module.html#root) directive instead:\n```\nlocation /images/ {\n root /data/w3;\n}\n\n```\n", - "c": "`location`", - "s": "**alias** `_path_`;" - }, - { - "m": "ngx_http_core_module", - "n": "auth_delay", - "d": "Delays processing of unauthorized requests with 401 response code to prevent timing attacks when access is limited by [password](https://nginx.org/en/docs/http/ngx_http_auth_basic_module.html), by the [result of subrequest](https://nginx.org/en/docs/http/ngx_http_auth_request_module.html), or by [JWT](https://nginx.org/en/docs/http/ngx_http_auth_jwt_module.html).", - "v": "auth\\_delay 0s;", - "c": "`http`, `server`, `location`", - "s": "**auth_delay** `_time_`;" - }, - { - "m": "ngx_http_core_module", - "n": "chunked_transfer_encoding", - "d": "Allows disabling chunked transfer encoding in HTTP/1.1. It may come in handy when using a software failing to support chunked encoding despite the standard’s requirement.", - "v": "chunked\\_transfer\\_encoding on;", - "c": "`http`, `server`, `location`", - "s": "**chunked_transfer_encoding** `on` | `off`;" - }, - { - "m": "ngx_http_core_module", - "n": "client_body_buffer_size", - "d": "Sets buffer size for reading client request body. In case the request body is larger than the buffer, the whole body or only its part is written to a [temporary file](https://nginx.org/en/docs/http/ngx_http_core_module.html#client_body_temp_path). By default, buffer size is equal to two memory pages. This is 8K on x86, other 32-bit platforms, and x86-64. It is usually 16K on other 64-bit platforms.", - "v": "client\\_body\\_buffer\\_size 8k|16k;", - "c": "`http`, `server`, `location`", - "s": "**client_body_buffer_size** `_size_`;" - }, - { - "m": "ngx_http_core_module", - "n": "client_body_in_file_only", - "d": "Determines whether nginx should save the entire client request body into a file. This directive can be used during debugging, or when using the `$request_body_file` variable, or the [$r->request\\_body\\_file](https://nginx.org/en/docs/http/ngx_http_perl_module.html#methods) method of the module [ngx\\_http\\_perl\\_module](https://nginx.org/en/docs/http/ngx_http_perl_module.html).\nWhen set to the value `on`, temporary files are not removed after request processing.\nThe value `clean` will cause the temporary files left after request processing to be removed.", - "v": "client\\_body\\_in\\_file\\_only off;", - "c": "`http`, `server`, `location`", - "s": "**client_body_in_file_only** `on` | `clean` | `off`;" - }, - { - "m": "ngx_http_core_module", - "n": "client_body_in_single_buffer", - "d": "Determines whether nginx should save the entire client request body in a single buffer. The directive is recommended when using the `$request_body` variable, to save the number of copy operations involved.", - "v": "client\\_body\\_in\\_single\\_buffer off;", - "c": "`http`, `server`, `location`", - "s": "**client_body_in_single_buffer** `on` | `off`;" - }, - { - "m": "ngx_http_core_module", - "n": "client_body_temp_path", - "d": "Defines a directory for storing temporary files holding client request bodies. Up to three-level subdirectory hierarchy can be used under the specified directory. For example, in the following configuration\n```\nclient_body_temp_path /spool/nginx/client_temp 1 2;\n\n```\na path to a temporary file might look like this:\n```\n/spool/nginx/client_temp/7/45/00000123457\n\n```\n", - "v": "client\\_body\\_temp\\_path client\\_body\\_temp;", - "c": "`http`, `server`, `location`", - "s": "**client_body_temp_path** `_path_` [`_level1_` [`_level2_` [`_level3_`]]];" - }, - { - "m": "ngx_http_core_module", - "n": "client_body_timeout", - "d": "Defines a timeout for reading client request body. The timeout is set only for a period between two successive read operations, not for the transmission of the whole request body. If a client does not transmit anything within this time, the request is terminated with the 408 (Request Time-out) error.", - "v": "client\\_body\\_timeout 60s;", - "c": "`http`, `server`, `location`", - "s": "**client_body_timeout** `_time_`;" - }, - { - "m": "ngx_http_core_module", - "n": "client_header_buffer_size", - "d": "Sets buffer size for reading client request header. For most requests, a buffer of 1K bytes is enough. However, if a request includes long cookies, or comes from a WAP client, it may not fit into 1K. If a request line or a request header field does not fit into this buffer then larger buffers, configured by the [large\\_client\\_header\\_buffers](https://nginx.org/en/docs/http/ngx_http_core_module.html#large_client_header_buffers) directive, are allocated.\nIf the directive is specified on the [server](https://nginx.org/en/docs/http/ngx_http_core_module.html#server) level, the value from the default server can be used. Details are provided in the “[Virtual server selection](https://nginx.org/en/docs/http/server_names.html#virtual_server_selection)” section.", - "v": "client\\_header\\_buffer\\_size 1k;", - "c": "`http`, `server`", - "s": "**client_header_buffer_size** `_size_`;" - }, - { - "m": "ngx_http_core_module", - "n": "client_header_timeout", - "d": "Defines a timeout for reading client request header. If a client does not transmit the entire header within this time, the request is terminated with the 408 (Request Time-out) error.", - "v": "client\\_header\\_timeout 60s;", - "c": "`http`, `server`", - "s": "**client_header_timeout** `_time_`;" - }, - { - "m": "ngx_http_core_module", - "n": "client_max_body_size", - "d": "Sets the maximum allowed size of the client request body. If the size in a request exceeds the configured value, the 413 (Request Entity Too Large) error is returned to the client. Please be aware that browsers cannot correctly display this error. Setting `_size_` to 0 disables checking of client request body size.", - "v": "client\\_max\\_body\\_size 1m;", - "c": "`http`, `server`, `location`", - "s": "**client_max_body_size** `_size_`;" - }, - { - "m": "ngx_http_core_module", - "n": "connection_pool_size", - "d": "Allows accurate tuning of per-connection memory allocations. This directive has minimal impact on performance and should not generally be used. By default, the size is equal to 256 bytes on 32-bit platforms and 512 bytes on 64-bit platforms.\nPrior to version 1.9.8, the default value was 256 on all platforms.\n", - "v": "connection\\_pool\\_size 256|512;", - "c": "`http`, `server`", - "s": "**connection_pool_size** `_size_`;" - }, - { - "m": "ngx_http_core_module", - "n": "default_type", - "d": "Defines the default MIME type of a response. Mapping of file name extensions to MIME types can be set with the [types](https://nginx.org/en/docs/http/ngx_http_core_module.html#types) directive.", - "v": "default\\_type text/plain;", - "c": "`http`, `server`, `location`", - "s": "**default_type** `_mime-type_`;" - }, - { - "m": "ngx_http_core_module", - "n": "directio", - "d": "Enables the use of the `O_DIRECT` flag (FreeBSD, Linux), the `F_NOCACHE` flag (macOS), or the `directio()` function (Solaris), when reading files that are larger than or equal to the specified `_size_`. The directive automatically disables (0.7.15) the use of [sendfile](https://nginx.org/en/docs/http/ngx_http_core_module.html#sendfile) for a given request. It can be useful for serving large files:\n```\ndirectio 4m;\n\n```\nor when using [aio](https://nginx.org/en/docs/http/ngx_http_core_module.html#aio) on Linux.", - "v": "directio off;", - "c": "`http`, `server`, `location`", - "s": "**directio** `_size_` | `off`;" - }, - { - "m": "ngx_http_core_module", - "n": "directio_alignment", - "d": "Sets the alignment for [directio](https://nginx.org/en/docs/http/ngx_http_core_module.html#directio). In most cases, a 512-byte alignment is enough. However, when using XFS under Linux, it needs to be increased to 4K.", - "v": "directio\\_alignment 512;", - "c": "`http`, `server`, `location`", - "s": "**directio_alignment** `_size_`;" - }, - { - "m": "ngx_http_core_module", - "n": "disable_symlinks", - "d": "Determines how symbolic links should be treated when opening files:\n`off`\n\nSymbolic links in the pathname are allowed and not checked. This is the default behavior.\n\n`on`\n\nIf any component of the pathname is a symbolic link, access to a file is denied.\n\n`if_not_owner`\n\nAccess to a file is denied if any component of the pathname is a symbolic link, and the link and object that the link points to have different owners.\n\n`from`\\=`_part_`\n\nWhen checking symbolic links (parameters `on` and `if_not_owner`), all components of the pathname are normally checked. Checking of symbolic links in the initial part of the pathname may be avoided by specifying additionally the `from`\\=`_part_` parameter. In this case, symbolic links are checked only from the pathname component that follows the specified initial part. If the value is not an initial part of the pathname checked, the whole pathname is checked as if this parameter was not specified at all. If the value matches the whole file name, symbolic links are not checked. The parameter value can contain variables.\n\nExample:\n```\ndisable_symlinks on from=$document_root;\n\n```\n\nThis directive is only available on systems that have the `openat()` and `fstatat()` interfaces. Such systems include modern versions of FreeBSD, Linux, and Solaris.\nParameters `on` and `if_not_owner` add a processing overhead.\nOn systems that do not support opening of directories only for search, to use these parameters it is required that worker processes have read permissions for all directories being checked.\n\n\nThe [ngx\\_http\\_autoindex\\_module](https://nginx.org/en/docs/http/ngx_http_autoindex_module.html), [ngx\\_http\\_random\\_index\\_module](https://nginx.org/en/docs/http/ngx_http_random_index_module.html), and [ngx\\_http\\_dav\\_module](https://nginx.org/en/docs/http/ngx_http_dav_module.html) modules currently ignore this directive.\n", - "v": "disable\\_symlinks off;", - "c": "`http`, `server`, `location`", - "s": "**disable_symlinks** `off`;`` \n``**disable_symlinks** `on` | `if_not_owner` [`from`=`_part_`];" - }, - { - "m": "ngx_http_core_module", - "n": "error_page", - "d": "Defines the URI that will be shown for the specified errors. A `_uri_` value can contain variables.\nExample:\n```\nerror_page 404 /404.html;\nerror_page 500 502 503 504 /50x.html;\n\n```\n\nThis causes an internal redirect to the specified `_uri_` with the client request method changed to “`GET`” (for all methods other than “`GET`” and “`HEAD`”).\nFurthermore, it is possible to change the response code to another using the “`=``_response_`” syntax, for example:\n```\nerror_page 404 =200 /empty.gif;\n\n```\n\nIf an error response is processed by a proxied server or a FastCGI/uwsgi/SCGI/gRPC server, and the server may return different response codes (e.g., 200, 302, 401 or 404), it is possible to respond with the code it returns:\n```\nerror_page 404 = /404.php;\n\n```\n\nIf there is no need to change URI and method during internal redirection it is possible to pass error processing into a named location:\n```\nlocation / {\n error_page 404 = @fallback;\n}\n\nlocation @fallback {\n proxy_pass http://backend;\n}\n\n```\n\n\nIf `_uri_` processing leads to an error, the status code of the last occurred error is returned to the client.\n\nIt is also possible to use URL redirects for error processing:\n```\nerror_page 403 http://example.com/forbidden.html;\nerror_page 404 =301 http://example.com/notfound.html;\n\n```\nIn this case, by default, the response code 302 is returned to the client. It can only be changed to one of the redirect status codes (301, 302, 303, 307, and 308).\nThe code 307 was not treated as a redirect until versions 1.1.16 and 1.0.13.\n\nThe code 308 was not treated as a redirect until version 1.13.0.\n\nThese directives are inherited from the previous configuration level if and only if there are no `error_page` directives defined on the current level.", - "c": "`http`, `server`, `location`, `if in location`", - "s": "**error_page** `_code_` ... [`=`[`_response_`]] `_uri_`;" - }, - { - "m": "ngx_http_core_module", - "n": "etag", - "d": "Enables or disables automatic generation of the “ETag” response header field for static resources.", - "v": "etag on;", - "c": "`http`, `server`, `location`", - "s": "**etag** `on` | `off`;" - }, - { - "m": "ngx_http_core_module", - "n": "http", - "d": "Provides the configuration file context in which the HTTP server directives are specified.", - "c": "`main`", - "s": "**http** { ... }" - }, - { - "m": "ngx_http_core_module", - "n": "if_modified_since", - "d": "Specifies how to compare modification time of a response with the time in the “If-Modified-Since” request header field:\n`off`\n\nthe “If-Modified-Since” request header field is ignored (0.7.34);\n\n`exact`\n\nexact match;\n\n`before`\n\nmodification time of a response is less than or equal to the time in the “If-Modified-Since” request header field.\n", - "v": "if\\_modified\\_since exact;", - "c": "`http`, `server`, `location`", - "s": "**if_modified_since** `off` | `exact` | `before`;" - }, - { - "m": "ngx_http_core_module", - "n": "ignore_invalid_headers", - "d": "Controls whether header fields with invalid names should be ignored. Valid names are composed of English letters, digits, hyphens, and possibly underscores (as controlled by the [underscores\\_in\\_headers](https://nginx.org/en/docs/http/ngx_http_core_module.html#underscores_in_headers) directive).\nIf the directive is specified on the [server](https://nginx.org/en/docs/http/ngx_http_core_module.html#server) level, the value from the default server can be used. Details are provided in the “[Virtual server selection](https://nginx.org/en/docs/http/server_names.html#virtual_server_selection)” section.", - "v": "ignore\\_invalid\\_headers on;", - "c": "`http`, `server`", - "s": "**ignore_invalid_headers** `on` | `off`;" - }, - { - "m": "ngx_http_core_module", - "n": "internal", - "d": "Specifies that a given location can only be used for internal requests. For external requests, the client error 404 (Not Found) is returned. Internal requests are the following:\n* requests redirected by the [error\\_page](https://nginx.org/en/docs/http/ngx_http_core_module.html#error_page), [index](https://nginx.org/en/docs/http/ngx_http_index_module.html#index), [random\\_index](https://nginx.org/en/docs/http/ngx_http_random_index_module.html#random_index), and [try\\_files](https://nginx.org/en/docs/http/ngx_http_core_module.html#try_files) directives;\n* requests redirected by the “X-Accel-Redirect” response header field from an upstream server;\n* subrequests formed by the “`include virtual`” command of the [ngx\\_http\\_ssi\\_module](https://nginx.org/en/docs/http/ngx_http_ssi_module.html) module, by the [ngx\\_http\\_addition\\_module](https://nginx.org/en/docs/http/ngx_http_addition_module.html) module directives, and by [auth\\_request](https://nginx.org/en/docs/http/ngx_http_auth_request_module.html#auth_request) and [mirror](https://nginx.org/en/docs/http/ngx_http_mirror_module.html#mirror) directives;\n* requests changed by the [rewrite](https://nginx.org/en/docs/http/ngx_http_rewrite_module.html#rewrite) directive.\n\nExample:\n```\nerror_page 404 /404.html;\n\nlocation = /404.html {\n internal;\n}\n\n```\n\nThere is a limit of 10 internal redirects per request to prevent request processing cycles that can occur in incorrect configurations. If this limit is reached, the error 500 (Internal Server Error) is returned. In such cases, the “rewrite or internal redirection cycle” message can be seen in the error log.\n", - "c": "`location`", - "s": "**internal**;" - }, - { - "m": "ngx_http_core_module", - "n": "keepalive_disable", - "d": "Disables keep-alive connections with misbehaving browsers. The `_browser_` parameters specify which browsers will be affected. The value `msie6` disables keep-alive connections with old versions of MSIE, once a POST request is received. The value `safari` disables keep-alive connections with Safari and Safari-like browsers on macOS and macOS-like operating systems. The value `none` enables keep-alive connections with all browsers.\nPrior to version 1.1.18, the value `safari` matched all Safari and Safari-like browsers on all operating systems, and keep-alive connections with them were disabled by default.\n", - "v": "keepalive\\_disable msie6;", - "c": "`http`, `server`, `location`", - "s": "**keepalive_disable** `none` | `_browser_` ...;" - }, - { - "m": "ngx_http_core_module", - "n": "keepalive_requests", - "d": "Sets the maximum number of requests that can be served through one keep-alive connection. After the maximum number of requests are made, the connection is closed.\nClosing connections periodically is necessary to free per-connection memory allocations. Therefore, using too high maximum number of requests could result in excessive memory usage and not recommended.\n\nPrior to version 1.19.10, the default value was 100.\n", - "v": "keepalive\\_requests 1000;", - "c": "`http`, `server`, `location`", - "s": "**keepalive_requests** `_number_`;" - }, - { - "m": "ngx_http_core_module", - "n": "keepalive_time", - "d": "Limits the maximum time during which requests can be processed through one keep-alive connection. After this time is reached, the connection is closed following the subsequent request processing.", - "v": "keepalive\\_time 1h;", - "c": "`http`, `server`, `location`", - "s": "**keepalive_time** `_time_`;" - }, - { - "m": "ngx_http_core_module", - "n": "keepalive_timeout", - "d": "The first parameter sets a timeout during which a keep-alive client connection will stay open on the server side. The zero value disables keep-alive client connections. The optional second parameter sets a value in the “Keep-Alive: timeout=`_time_`” response header field. Two parameters may differ.\nThe “Keep-Alive: timeout=`_time_`” header field is recognized by Mozilla and Konqueror. MSIE closes keep-alive connections by itself in about 60 seconds.", - "v": "keepalive\\_timeout 75s;", - "c": "`http`, `server`, `location`", - "s": "**keepalive_timeout** `_timeout_` [`_header_timeout_`];" - }, - { - "m": "ngx_http_core_module", - "n": "large_client_header_buffers", - "d": "Sets the maximum `_number_` and `_size_` of buffers used for reading large client request header. A request line cannot exceed the size of one buffer, or the 414 (Request-URI Too Large) error is returned to the client. A request header field cannot exceed the size of one buffer as well, or the 400 (Bad Request) error is returned to the client. Buffers are allocated only on demand. By default, the buffer size is equal to 8K bytes. If after the end of request processing a connection is transitioned into the keep-alive state, these buffers are released.\nIf the directive is specified on the [server](https://nginx.org/en/docs/http/ngx_http_core_module.html#server) level, the value from the default server can be used. Details are provided in the “[Virtual server selection](https://nginx.org/en/docs/http/server_names.html#virtual_server_selection)” section.", - "v": "large\\_client\\_header\\_buffers 4 8k;", - "c": "`http`, `server`", - "s": "**large_client_header_buffers** `_number_` `_size_`;" - }, - { - "m": "ngx_http_core_module", - "n": "limit_except", - "d": "Limits allowed HTTP methods inside a location. The `_method_` parameter can be one of the following: `GET`, `HEAD`, `POST`, `PUT`, `DELETE`, `MKCOL`, `COPY`, `MOVE`, `OPTIONS`, `PROPFIND`, `PROPPATCH`, `LOCK`, `UNLOCK`, or `PATCH`. Allowing the `GET` method makes the `HEAD` method also allowed. Access to other methods can be limited using the [ngx\\_http\\_access\\_module](https://nginx.org/en/docs/http/ngx_http_access_module.html), [ngx\\_http\\_auth\\_basic\\_module](https://nginx.org/en/docs/http/ngx_http_auth_basic_module.html), and [ngx\\_http\\_auth\\_jwt\\_module](https://nginx.org/en/docs/http/ngx_http_auth_jwt_module.html) (1.13.10) modules directives:\n```\nlimit_except GET {\n allow 192.168.1.0/32;\n deny all;\n}\n\n```\nPlease note that this will limit access to all methods **except** GET and HEAD.", - "c": "`location`", - "s": "**limit_except** `_method_` ... { ... }" - }, - { - "m": "ngx_http_core_module", - "n": "limit_rate", - "d": "Limits the rate of response transmission to a client. The `_rate_` is specified in bytes per second. The zero value disables rate limiting. The limit is set per a request, and so if a client simultaneously opens two connections, the overall rate will be twice as much as the specified limit.\nParameter value can contain variables (1.17.0). It may be useful in cases where rate should be limited depending on a certain condition:\n```\nmap $slow $rate {\n 1 4k;\n 2 8k;\n}\n\nlimit_rate $rate;\n\n```\n\nRate limit can also be set in the [`$limit_rate`](https://nginx.org/en/docs/http/ngx_http_core_module.html#var_limit_rate) variable, however, since version 1.17.0, this method is not recommended:\n```\nserver {\n\n if ($slow) {\n set $limit_rate 4k;\n }\n\n ...\n}\n\n```\n\nRate limit can also be set in the “X-Accel-Limit-Rate” header field of a proxied server response. This capability can be disabled using the [proxy\\_ignore\\_headers](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_ignore_headers), [fastcgi\\_ignore\\_headers](https://nginx.org/en/docs/http/ngx_http_fastcgi_module.html#fastcgi_ignore_headers), [uwsgi\\_ignore\\_headers](https://nginx.org/en/docs/http/ngx_http_uwsgi_module.html#uwsgi_ignore_headers), and [scgi\\_ignore\\_headers](https://nginx.org/en/docs/http/ngx_http_scgi_module.html#scgi_ignore_headers) directives.", - "v": "limit\\_rate 0;", - "c": "`http`, `server`, `location`, `if in location`", - "s": "**limit_rate** `_rate_`;" - }, - { - "m": "ngx_http_core_module", - "n": "limit_rate_after", - "d": "Sets the initial amount after which the further transmission of a response to a client will be rate limited. Parameter value can contain variables (1.17.0).\nExample:\n```\nlocation /flv/ {\n flv;\n limit_rate_after 500k;\n limit_rate 50k;\n}\n\n```\n", - "v": "limit\\_rate\\_after 0;", - "c": "`http`, `server`, `location`, `if in location`", - "s": "**limit_rate_after** `_size_`;" - }, - { - "m": "ngx_http_core_module", - "n": "lingering_close", - "d": "Controls how nginx closes client connections.\nThe default value “`on`” instructs nginx to [wait for](https://nginx.org/en/docs/http/ngx_http_core_module.html#lingering_timeout) and [process](https://nginx.org/en/docs/http/ngx_http_core_module.html#lingering_time) additional data from a client before fully closing a connection, but only if heuristics suggests that a client may be sending more data.\nThe value “`always`” will cause nginx to unconditionally wait for and process additional client data.\nThe value “`off`” tells nginx to never wait for more data and close the connection immediately. This behavior breaks the protocol and should not be used under normal circumstances.\nTo control closing [HTTP/2](https://nginx.org/en/docs/http/ngx_http_v2_module.html) connections, the directive must be specified on the [server](https://nginx.org/en/docs/http/ngx_http_core_module.html#server) level (1.19.1).", - "v": "lingering\\_close on;", - "c": "`http`, `server`, `location`", - "s": "**lingering_close** `off` | `on` | `always`;" - }, - { - "m": "ngx_http_core_module", - "n": "lingering_time", - "d": "When [lingering\\_close](https://nginx.org/en/docs/http/ngx_http_core_module.html#lingering_close) is in effect, this directive specifies the maximum time during which nginx will process (read and ignore) additional data coming from a client. After that, the connection will be closed, even if there will be more data.", - "v": "lingering\\_time 30s;", - "c": "`http`, `server`, `location`", - "s": "**lingering_time** `_time_`;" - }, - { - "m": "ngx_http_core_module", - "n": "lingering_timeout", - "d": "When [lingering\\_close](https://nginx.org/en/docs/http/ngx_http_core_module.html#lingering_close) is in effect, this directive specifies the maximum waiting time for more client data to arrive. If data are not received during this time, the connection is closed. Otherwise, the data are read and ignored, and nginx starts waiting for more data again. The “wait-read-ignore” cycle is repeated, but no longer than specified by the [lingering\\_time](https://nginx.org/en/docs/http/ngx_http_core_module.html#lingering_time) directive.", - "v": "lingering\\_timeout 5s;", - "c": "`http`, `server`, `location`", - "s": "**lingering_timeout** `_time_`;" - }, - { - "m": "ngx_http_core_module", - "n": "listen", - "d": "Sets the `_address_` and `_port_` for IP, or the `_path_` for a UNIX-domain socket on which the server will accept requests. Both `_address_` and `_port_`, or only `_address_` or only `_port_` can be specified. An `_address_` may also be a hostname, for example:\n```\nlisten 127.0.0.1:8000;\nlisten 127.0.0.1;\nlisten 8000;\nlisten *:8000;\nlisten localhost:8000;\n\n```\nIPv6 addresses (0.7.36) are specified in square brackets:\n```\nlisten [::]:8000;\nlisten [::1];\n\n```\nUNIX-domain sockets (0.8.21) are specified with the “`unix:`” prefix:\n```\nlisten unix:/var/run/nginx.sock;\n\n```\n\nIf only `_address_` is given, the port 80 is used.\nIf the directive is not present then either `*:80` is used if nginx runs with the superuser privileges, or `*:8000` otherwise.\nThe `default_server` parameter, if present, will cause the server to become the default server for the specified `_address_`:`_port_` pair. If none of the directives have the `default_server` parameter then the first server with the `_address_`:`_port_` pair will be the default server for this pair.\nIn versions prior to 0.8.21 this parameter is named simply `default`.\n\nThe `ssl` parameter (0.7.14) allows specifying that all connections accepted on this port should work in SSL mode. This allows for a more compact [configuration](https://nginx.org/en/docs/http/configuring_https_servers.html#single_http_https_server) for the server that handles both HTTP and HTTPS requests.\nThe `http2` parameter (1.9.5) configures the port to accept [HTTP/2](https://nginx.org/en/docs/http/ngx_http_v2_module.html) connections. Normally, for this to work the `ssl` parameter should be specified as well, but nginx can also be configured to accept HTTP/2 connections without SSL.\nThe `spdy` parameter (1.3.15-1.9.4) allows accepting [SPDY](https://nginx.org/en/docs/http/ngx_http_spdy_module.html) connections on this port. Normally, for this to work the `ssl` parameter should be specified as well, but nginx can also be configured to accept SPDY connections without SSL.\nThe `proxy_protocol` parameter (1.5.12) allows specifying that all connections accepted on this port should use the [PROXY protocol](http://www.haproxy.org/download/1.8/doc/proxy-protocol.txt).\nThe PROXY protocol version 2 is supported since version 1.13.11.\n\nThe `listen` directive can have several additional parameters specific to socket-related system calls. These parameters can be specified in any `listen` directive, but only once for a given `_address_`:`_port_` pair.\nIn versions prior to 0.8.21, they could only be specified in the `listen` directive together with the `default` parameter.\n\n`setfib`\\=`_number_`\n\nthis parameter (0.8.44) sets the associated routing table, FIB (the `SO_SETFIB` option) for the listening socket. This currently works only on FreeBSD.\n\n`fastopen`\\=`_number_`\n\nenables “[TCP Fast Open](http://en.wikipedia.org/wiki/TCP_Fast_Open)” for the listening socket (1.5.8) and [limits](https://datatracker.ietf.org/doc/html/rfc7413#section-5.1) the maximum length for the queue of connections that have not yet completed the three-way handshake.\n\n> Do not enable this feature unless the server can handle receiving the [same SYN packet with data](https://datatracker.ietf.org/doc/html/rfc7413#section-6.1) more than once.\n\n`backlog`\\=`_number_`\n\nsets the `backlog` parameter in the `listen()` call that limits the maximum length for the queue of pending connections. By default, `backlog` is set to -1 on FreeBSD, DragonFly BSD, and macOS, and to 511 on other platforms.\n\n`rcvbuf`\\=`_size_`\n\nsets the receive buffer size (the `SO_RCVBUF` option) for the listening socket.\n\n`sndbuf`\\=`_size_`\n\nsets the send buffer size (the `SO_SNDBUF` option) for the listening socket.\n\n`accept_filter`\\=`_filter_`\n\nsets the name of accept filter (the `SO_ACCEPTFILTER` option) for the listening socket that filters incoming connections before passing them to `accept()`. This works only on FreeBSD and NetBSD 5.0+. Possible values are [dataready](http://man.freebsd.org/accf_data) and [httpready](http://man.freebsd.org/accf_http).\n\n`deferred`\n\ninstructs to use a deferred `accept()` (the `TCP_DEFER_ACCEPT` socket option) on Linux.\n\n`bind`\n\ninstructs to make a separate `bind()` call for a given `_address_`:`_port_` pair. This is useful because if there are several `listen` directives with the same port but different addresses, and one of the `listen` directives listens on all addresses for the given port (`*:``_port_`), nginx will `bind()` only to `*:``_port_`. It should be noted that the `getsockname()` system call will be made in this case to determine the address that accepted the connection. If the `setfib`, `fastopen`, `backlog`, `rcvbuf`, `sndbuf`, `accept_filter`, `deferred`, `ipv6only`, `reuseport`, or `so_keepalive` parameters are used then for a given `_address_`:`_port_` pair a separate `bind()` call will always be made.\n\n`ipv6only`\\=`on`|`off`\n\nthis parameter (0.7.42) determines (via the `IPV6_V6ONLY` socket option) whether an IPv6 socket listening on a wildcard address `[::]` will accept only IPv6 connections or both IPv6 and IPv4 connections. This parameter is turned on by default. It can only be set once on start.\n\n> Prior to version 1.3.4, if this parameter was omitted then the operating system’s settings were in effect for the socket.\n\n`reuseport`\n\nthis parameter (1.9.1) instructs to create an individual listening socket for each worker process (using the `SO_REUSEPORT` socket option on Linux 3.9+ and DragonFly BSD, or `SO_REUSEPORT_LB` on FreeBSD 12+), allowing a kernel to distribute incoming connections between worker processes. This currently works only on Linux 3.9+, DragonFly BSD, and FreeBSD 12+ (1.15.1).\n\n> Inappropriate use of this option may have its security [implications](http://man7.org/linux/man-pages/man7/socket.7.html).\n\n`so_keepalive`\\=`on`|`off`|\\[`_keepidle_`\\]:\\[`_keepintvl_`\\]:\\[`_keepcnt_`\\]\n\nthis parameter (1.1.11) configures the “TCP keepalive” behavior for the listening socket. If this parameter is omitted then the operating system’s settings will be in effect for the socket. If it is set to the value “`on`”, the `SO_KEEPALIVE` option is turned on for the socket. If it is set to the value “`off`”, the `SO_KEEPALIVE` option is turned off for the socket. Some operating systems support setting of TCP keepalive parameters on a per-socket basis using the `TCP_KEEPIDLE`, `TCP_KEEPINTVL`, and `TCP_KEEPCNT` socket options. On such systems (currently, Linux 2.4+, NetBSD 5+, and FreeBSD 9.0-STABLE), they can be configured using the `_keepidle_`, `_keepintvl_`, and `_keepcnt_` parameters. One or two parameters may be omitted, in which case the system default setting for the corresponding socket option will be in effect. For example,\n\n> so\\_keepalive=30m::10\n\nwill set the idle timeout (`TCP_KEEPIDLE`) to 30 minutes, leave the probe interval (`TCP_KEEPINTVL`) at its system default, and set the probes count (`TCP_KEEPCNT`) to 10 probes.\n\nExample:\n```\nlisten 127.0.0.1 default_server accept_filter=dataready backlog=1024;\n\n```\n", - "v": "listen \\*:80 | \\*:8000;", - "c": "`server`", - "s": "**listen** `_address_`[:`_port_`] [`default_server`] [`ssl`] [`http2` | `spdy`] [`proxy_protocol`] [`setfib`=`_number_`] [`fastopen`=`_number_`] [`backlog`=`_number_`] [`rcvbuf`=`_size_`] [`sndbuf`=`_size_`] [`accept_filter`=`_filter_`] [`deferred`] [`bind`] [`ipv6only`=`on`|`off`] [`reuseport`] [`so_keepalive`=`on`|`off`|[`_keepidle_`]:[`_keepintvl_`]:[`_keepcnt_`]];`` \n``**listen** `_port_` [`default_server`] [`ssl`] [`http2` | `spdy`] [`proxy_protocol`] [`setfib`=`_number_`] [`fastopen`=`_number_`] [`backlog`=`_number_`] [`rcvbuf`=`_size_`] [`sndbuf`=`_size_`] [`accept_filter`=`_filter_`] [`deferred`] [`bind`] [`ipv6only`=`on`|`off`] [`reuseport`] [`so_keepalive`=`on`|`off`|[`_keepidle_`]:[`_keepintvl_`]:[`_keepcnt_`]];`` \n```**listen** `unix:``_path_` [`default_server`] [`ssl`] [`http2` | `spdy`] [`proxy_protocol`] [`backlog`=`_number_`] [`rcvbuf`=`_size_`] [`sndbuf`=`_size_`] [`accept_filter`=`_filter_`] [`deferred`] [`bind`] [`so_keepalive`=`on`|`off`|[`_keepidle_`]:[`_keepintvl_`]:[`_keepcnt_`]];" - }, - { - "m": "ngx_http_core_module", - "n": "location", - "d": "Sets configuration depending on a request URI.\nThe matching is performed against a normalized URI, after decoding the text encoded in the “`%XX`” form, resolving references to relative path components “`.`” and “`..`”, and possible [compression](https://nginx.org/en/docs/http/ngx_http_core_module.html#merge_slashes) of two or more adjacent slashes into a single slash.\nA location can either be defined by a prefix string, or by a regular expression. Regular expressions are specified with the preceding “`~*`” modifier (for case-insensitive matching), or the “`~`” modifier (for case-sensitive matching). To find location matching a given request, nginx first checks locations defined using the prefix strings (prefix locations). Among them, the location with the longest matching prefix is selected and remembered. Then regular expressions are checked, in the order of their appearance in the configuration file. The search of regular expressions terminates on the first match, and the corresponding configuration is used. If no match with a regular expression is found then the configuration of the prefix location remembered earlier is used.\n`location` blocks can be nested, with some exceptions mentioned below.\nFor case-insensitive operating systems such as macOS and Cygwin, matching with prefix strings ignores a case (0.7.7). However, comparison is limited to one-byte locales.\nRegular expressions can contain captures (0.7.40) that can later be used in other directives.\nIf the longest matching prefix location has the “`^~`” modifier then regular expressions are not checked.\nAlso, using the “`=`” modifier it is possible to define an exact match of URI and location. If an exact match is found, the search terminates. For example, if a “`/`” request happens frequently, defining “`location = /`” will speed up the processing of these requests, as search terminates right after the first comparison. Such a location cannot obviously contain nested locations.\n\nIn versions from 0.7.1 to 0.8.41, if a request matched the prefix location without the “`=`” and “`^~`” modifiers, the search also terminated and regular expressions were not checked.\n\nLet’s illustrate the above by an example:\n```\nlocation = / {\n [ configuration A ]\n}\n\nlocation / {\n [ configuration B ]\n}\n\nlocation /documents/ {\n [ configuration C ]\n}\n\nlocation ^~ /images/ {\n [ configuration D ]\n}\n\nlocation ~* \\.(gif|jpg|jpeg)$ {\n [ configuration E ]\n}\n\n```\nThe “`/`” request will match configuration A, the “`/index.html`” request will match configuration B, the “`/documents/document.html`” request will match configuration C, the “`/images/1.gif`” request will match configuration D, and the “`/documents/1.jpg`” request will match configuration E.\nThe “`@`” prefix defines a named location. Such a location is not used for a regular request processing, but instead used for request redirection. They cannot be nested, and cannot contain nested locations.\nIf a location is defined by a prefix string that ends with the slash character, and requests are processed by one of [proxy\\_pass](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_pass), [fastcgi\\_pass](https://nginx.org/en/docs/http/ngx_http_fastcgi_module.html#fastcgi_pass), [uwsgi\\_pass](https://nginx.org/en/docs/http/ngx_http_uwsgi_module.html#uwsgi_pass), [scgi\\_pass](https://nginx.org/en/docs/http/ngx_http_scgi_module.html#scgi_pass), [memcached\\_pass](https://nginx.org/en/docs/http/ngx_http_memcached_module.html#memcached_pass), or [grpc\\_pass](https://nginx.org/en/docs/http/ngx_http_grpc_module.html#grpc_pass), then the special processing is performed. In response to a request with URI equal to this string, but without the trailing slash, a permanent redirect with the code 301 will be returned to the requested URI with the slash appended. If this is not desired, an exact match of the URI and location could be defined like this:\n```\nlocation /user/ {\n proxy_pass http://user.example.com;\n}\n\nlocation = /user {\n proxy_pass http://login.example.com;\n}\n\n```\n", - "c": "`server`, `location`", - "s": "**location** [ `=` | `~` | `~*` | `^~` ] `_uri_` { ... }`` \n```**location** `@``_name_` { ... }" - }, - { - "m": "ngx_http_core_module", - "n": "log_not_found", - "d": "Enables or disables logging of errors about not found files into [error\\_log](https://nginx.org/en/docs/ngx_core_module.html#error_log).", - "v": "log\\_not\\_found on;", - "c": "`http`, `server`, `location`", - "s": "**log_not_found** `on` | `off`;" - }, - { - "m": "ngx_http_core_module", - "n": "log_subrequest", - "d": "Enables or disables logging of subrequests into [access\\_log](https://nginx.org/en/docs/http/ngx_http_log_module.html#access_log).", - "v": "log\\_subrequest off;", - "c": "`http`, `server`, `location`", - "s": "**log_subrequest** `on` | `off`;" - }, - { - "m": "ngx_http_core_module", - "n": "max_ranges", - "d": "Limits the maximum allowed number of ranges in byte-range requests. Requests that exceed the limit are processed as if there were no byte ranges specified. By default, the number of ranges is not limited. The zero value disables the byte-range support completely.", - "c": "`http`, `server`, `location`", - "s": "**max_ranges** `_number_`;" - }, - { - "m": "ngx_http_core_module", - "n": "merge_slashes", - "d": "Enables or disables compression of two or more adjacent slashes in a URI into a single slash.\nNote that compression is essential for the correct matching of prefix string and regular expression locations. Without it, the “`//scripts/one.php`” request would not match\n```\nlocation /scripts/ {\n ...\n}\n\n```\nand might be processed as a static file. So it gets converted to “`/scripts/one.php`”.\nTurning the compression `off` can become necessary if a URI contains base64-encoded names, since base64 uses the “`/`” character internally. However, for security considerations, it is better to avoid turning the compression off.\nIf the directive is specified on the [server](https://nginx.org/en/docs/http/ngx_http_core_module.html#server) level, the value from the default server can be used. Details are provided in the “[Virtual server selection](https://nginx.org/en/docs/http/server_names.html#virtual_server_selection)” section.", - "v": "merge\\_slashes on;", - "c": "`http`, `server`", - "s": "**merge_slashes** `on` | `off`;" - }, - { - "m": "ngx_http_core_module", - "n": "msie_padding", - "d": "Enables or disables adding comments to responses for MSIE clients with status greater than 400 to increase the response size to 512 bytes.", - "v": "msie\\_padding on;", - "c": "`http`, `server`, `location`", - "s": "**msie_padding** `on` | `off`;" - }, - { - "m": "ngx_http_core_module", - "n": "msie_refresh", - "d": "Enables or disables issuing refreshes instead of redirects for MSIE clients.", - "v": "msie\\_refresh off;", - "c": "`http`, `server`, `location`", - "s": "**msie_refresh** `on` | `off`;" - }, - { - "m": "ngx_http_core_module", - "n": "open_file_cache", - "d": "Configures a cache that can store:\n* open file descriptors, their sizes and modification times;\n* information on existence of directories;\n* file lookup errors, such as “file not found”, “no read permission”, and so on.\n \n > Caching of errors should be enabled separately by the [open\\_file\\_cache\\_errors](https://nginx.org/en/docs/http/ngx_http_core_module.html#open_file_cache_errors) directive.\n\nThe directive has the following parameters:\n`max`\n\nsets the maximum number of elements in the cache; on cache overflow the least recently used (LRU) elements are removed;\n\n`inactive`\n\ndefines a time after which an element is removed from the cache if it has not been accessed during this time; by default, it is 60 seconds;\n\n`off`\n\ndisables the cache.\n\nExample:\n```\nopen_file_cache max=1000 inactive=20s;\nopen_file_cache_valid 30s;\nopen_file_cache_min_uses 2;\nopen_file_cache_errors on;\n\n```\n", - "v": "open\\_file\\_cache off;", - "c": "`http`, `server`, `location`", - "s": "**open_file_cache** `off`;`` \n``**open_file_cache** `max`=`_N_` [`inactive`=`_time_`];" - }, - { - "m": "ngx_http_core_module", - "n": "open_file_cache_errors", - "d": "Enables or disables caching of file lookup errors by [open\\_file\\_cache](https://nginx.org/en/docs/http/ngx_http_core_module.html#open_file_cache).", - "v": "open\\_file\\_cache\\_errors off;", - "c": "`http`, `server`, `location`", - "s": "**open_file_cache_errors** `on` | `off`;" - }, - { - "m": "ngx_http_core_module", - "n": "open_file_cache_min_uses", - "d": "Sets the minimum `_number_` of file accesses during the period configured by the `inactive` parameter of the [open\\_file\\_cache](https://nginx.org/en/docs/http/ngx_http_core_module.html#open_file_cache) directive, required for a file descriptor to remain open in the cache.", - "v": "open\\_file\\_cache\\_min\\_uses 1;", - "c": "`http`, `server`, `location`", - "s": "**open_file_cache_min_uses** `_number_`;" - }, - { - "m": "ngx_http_core_module", - "n": "open_file_cache_valid", - "d": "Sets a time after which [open\\_file\\_cache](https://nginx.org/en/docs/http/ngx_http_core_module.html#open_file_cache) elements should be validated.", - "v": "open\\_file\\_cache\\_valid 60s;", - "c": "`http`, `server`, `location`", - "s": "**open_file_cache_valid** `_time_`;" - }, - { - "m": "ngx_http_core_module", - "n": "output_buffers", - "d": "Sets the `_number_` and `_size_` of the buffers used for reading a response from a disk.\nPrior to version 1.9.5, the default value was 1 32k.\n", - "v": "output\\_buffers 2 32k;", - "c": "`http`, `server`, `location`", - "s": "**output_buffers** `_number_` `_size_`;" - }, - { - "m": "ngx_http_core_module", - "n": "port_in_redirect", - "d": "Enables or disables specifying the port in [absolute](https://nginx.org/en/docs/http/ngx_http_core_module.html#absolute_redirect) redirects issued by nginx.\nThe use of the primary server name in redirects is controlled by the [server\\_name\\_in\\_redirect](https://nginx.org/en/docs/http/ngx_http_core_module.html#server_name_in_redirect) directive.", - "v": "port\\_in\\_redirect on;", - "c": "`http`, `server`, `location`", - "s": "**port_in_redirect** `on` | `off`;" - }, - { - "m": "ngx_http_core_module", - "n": "postpone_output", - "d": "If possible, the transmission of client data will be postponed until nginx has at least `_size_` bytes of data to send. The zero value disables postponing data transmission.", - "v": "postpone\\_output 1460;", - "c": "`http`, `server`, `location`", - "s": "**postpone_output** `_size_`;" - }, - { - "m": "ngx_http_core_module", - "n": "read_ahead", - "d": "Sets the amount of pre-reading for the kernel when working with file.\nOn Linux, the `posix_fadvise(0, 0, 0, POSIX_FADV_SEQUENTIAL)` system call is used, and so the `_size_` parameter is ignored.\nOn FreeBSD, the `fcntl(O_READAHEAD,` `_size_``)` system call, supported since FreeBSD 9.0-CURRENT, is used. FreeBSD 7 has to be [patched](http://sysoev.ru/freebsd/patch.readahead.txt).", - "v": "read\\_ahead 0;", - "c": "`http`, `server`, `location`", - "s": "**read_ahead** `_size_`;" - }, - { - "m": "ngx_http_core_module", - "n": "recursive_error_pages", - "d": "Enables or disables doing several redirects using the [error\\_page](https://nginx.org/en/docs/http/ngx_http_core_module.html#error_page) directive. The number of such redirects is [limited](https://nginx.org/en/docs/http/ngx_http_core_module.html#internal).", - "v": "recursive\\_error\\_pages off;", - "c": "`http`, `server`, `location`", - "s": "**recursive_error_pages** `on` | `off`;" - }, - { - "m": "ngx_http_core_module", - "n": "request_pool_size", - "d": "Allows accurate tuning of per-request memory allocations. This directive has minimal impact on performance and should not generally be used.", - "v": "request\\_pool\\_size 4k;", - "c": "`http`, `server`", - "s": "**request_pool_size** `_size_`;" - }, - { - "m": "ngx_http_core_module", - "n": "reset_timedout_connection", - "d": "Enables or disables resetting timed out connections and connections [closed](https://nginx.org/en/docs/http/ngx_http_rewrite_module.html#return) with the non-standard code 444 (1.15.2). The reset is performed as follows. Before closing a socket, the `SO_LINGER` option is set on it with a timeout value of 0. When the socket is closed, TCP RST is sent to the client, and all memory occupied by this socket is released. This helps avoid keeping an already closed socket with filled buffers in a FIN\\_WAIT1 state for a long time.\nIt should be noted that timed out keep-alive connections are closed normally.", - "v": "reset\\_timedout\\_connection off;", - "c": "`http`, `server`, `location`", - "s": "**reset_timedout_connection** `on` | `off`;" - }, - { - "m": "ngx_http_core_module", - "n": "resolver", - "d": "Configures name servers used to resolve names of upstream servers into addresses, for example:\n```\nresolver 127.0.0.1 [::1]:5353;\n\n```\nThe address can be specified as a domain name or IP address, with an optional port (1.3.1, 1.2.2). If port is not specified, the port 53 is used. Name servers are queried in a round-robin fashion.\nBefore version 1.1.7, only a single name server could be configured. Specifying name servers using IPv6 addresses is supported starting from versions 1.3.1 and 1.2.2.\n", - "c": "`http`, `server`, `location`", - "s": "**resolver** `_address_` ... [`valid`=`_time_`] [`ipv4`=`on`|`off`] [`ipv6`=`on`|`off`] [`status_zone`=`_zone_`];" - }, - { - "m": "ngx_http_core_module", - "n": "resolver_ipv6", - "d": "By default, nginx will look up both IPv4 and IPv6 addresses while resolving. If looking up of IPv4 or IPv6 addresses is not desired, the `ipv4=off` (1.23.1) or the `ipv6=off` parameter can be specified.\nResolving of names into IPv6 addresses is supported starting from version 1.5.8.\n", - "c": "`http`, `server`, `location`", - "s": "**resolver** `_address_` ... [`valid`=`_time_`] [`ipv4`=`on`|`off`] [`ipv6`=`on`|`off`] [`status_zone`=`_zone_`];" - }, - { - "m": "ngx_http_core_module", - "n": "resolver_valid", - "d": "By default, nginx caches answers using the TTL value of a response. An optional `valid` parameter allows overriding it:\n```\nresolver 127.0.0.1 [::1]:5353 valid=30s;\n\n```\n\nBefore version 1.1.9, tuning of caching time was not possible, and nginx always cached answers for the duration of 5 minutes.\n\nTo prevent DNS spoofing, it is recommended configuring DNS servers in a properly secured trusted local network.\n", - "c": "`http`, `server`, `location`", - "s": "**resolver** `_address_` ... [`valid`=`_time_`] [`ipv4`=`on`|`off`] [`ipv6`=`on`|`off`] [`status_zone`=`_zone_`];" - }, - { - "m": "ngx_http_core_module", - "n": "resolver_status_zone", - "d": "The optional `status_zone` parameter (1.17.1) enables [collection](https://nginx.org/en/docs/http/ngx_http_api_module.html#resolvers_) of DNS server statistics of requests and responses in the specified `_zone_`. The parameter is available as part of our [commercial subscription](http://nginx.com/products/).", - "c": "`http`, `server`, `location`", - "s": "**resolver** `_address_` ... [`valid`=`_time_`] [`ipv4`=`on`|`off`] [`ipv6`=`on`|`off`] [`status_zone`=`_zone_`];" - }, - { - "m": "ngx_http_core_module", - "n": "resolver_timeout", - "d": "Sets a timeout for name resolution, for example:\n```\nresolver_timeout 5s;\n\n```\n", - "v": "resolver\\_timeout 30s;", - "c": "`http`, `server`, `location`", - "s": "**resolver_timeout** `_time_`;" - }, - { - "m": "ngx_http_core_module", - "n": "root", - "d": "Sets the root directory for requests. For example, with the following configuration\n```\nlocation /i/ {\n root /data/w3;\n}\n\n```\nThe `/data/w3/i/top.gif` file will be sent in response to the “`/i/top.gif`” request.\nThe `_path_` value can contain variables, except `$document_root` and `$realpath_root`.\nA path to the file is constructed by merely adding a URI to the value of the `root` directive. If a URI has to be modified, the [alias](https://nginx.org/en/docs/http/ngx_http_core_module.html#alias) directive should be used.", - "v": "root html;", - "c": "`http`, `server`, `location`, `if in location`", - "s": "**root** `_path_`;" - }, - { - "m": "ngx_http_core_module", - "n": "satisfy", - "d": "Allows access if all (`all`) or at least one (`any`) of the [ngx\\_http\\_access\\_module](https://nginx.org/en/docs/http/ngx_http_access_module.html), [ngx\\_http\\_auth\\_basic\\_module](https://nginx.org/en/docs/http/ngx_http_auth_basic_module.html), [ngx\\_http\\_auth\\_request\\_module](https://nginx.org/en/docs/http/ngx_http_auth_request_module.html), or [ngx\\_http\\_auth\\_jwt\\_module](https://nginx.org/en/docs/http/ngx_http_auth_jwt_module.html) modules allow access.\nExample:\n```\nlocation / {\n satisfy any;\n\n allow 192.168.1.0/32;\n deny all;\n\n auth_basic \"closed site\";\n auth_basic_user_file conf/htpasswd;\n}\n\n```\n", - "v": "satisfy all;", - "c": "`http`, `server`, `location`", - "s": "**satisfy** `all` | `any`;" - }, - { - "m": "ngx_http_core_module", - "n": "send_lowat", - "d": "If the directive is set to a non-zero value, nginx will try to minimize the number of send operations on client sockets by using either `NOTE_LOWAT` flag of the [kqueue](https://nginx.org/en/docs/events.html#kqueue) method or the `SO_SNDLOWAT` socket option. In both cases the specified `_size_` is used.\nThis directive is ignored on Linux, Solaris, and Windows.", - "v": "send\\_lowat 0;", - "c": "`http`, `server`, `location`", - "s": "**send_lowat** `_size_`;" - }, - { - "m": "ngx_http_core_module", - "n": "send_timeout", - "d": "Sets a timeout for transmitting a response to the client. The timeout is set only between two successive write operations, not for the transmission of the whole response. If the client does not receive anything within this time, the connection is closed.", - "v": "send\\_timeout 60s;", - "c": "`http`, `server`, `location`", - "s": "**send_timeout** `_time_`;" - }, - { - "m": "ngx_http_core_module", - "n": "sendfile", - "d": "Enables or disables the use of `sendfile()`.\nStarting from nginx 0.8.12 and FreeBSD 5.2.1, [aio](https://nginx.org/en/docs/http/ngx_http_core_module.html#aio) can be used to pre-load data for `sendfile()`:\n```\nlocation /video/ {\n sendfile on;\n tcp_nopush on;\n aio on;\n}\n\n```\nIn this configuration, `sendfile()` is called with the `SF_NODISKIO` flag which causes it not to block on disk I/O, but, instead, report back that the data are not in memory. nginx then initiates an asynchronous data load by reading one byte. On the first read, the FreeBSD kernel loads the first 128K bytes of a file into memory, although next reads will only load data in 16K chunks. This can be changed using the [read\\_ahead](https://nginx.org/en/docs/http/ngx_http_core_module.html#read_ahead) directive.\nBefore version 1.7.11, pre-loading could be enabled with `aio sendfile;`.\n", - "v": "sendfile off;", - "c": "`http`, `server`, `location`, `if in location`", - "s": "**sendfile** `on` | `off`;" - }, - { - "m": "ngx_http_core_module", - "n": "sendfile_max_chunk", - "d": "Limits the amount of data that can be transferred in a single `sendfile()` call. Without the limit, one fast connection may seize the worker process entirely.\nPrior to version 1.21.4, by default there was no limit.\n", - "v": "sendfile\\_max\\_chunk 2m;", - "c": "`http`, `server`, `location`", - "s": "**sendfile_max_chunk** `_size_`;" - }, - { - "m": "ngx_http_core_module", - "n": "server", - "d": "Sets configuration for a virtual server. There is no clear separation between IP-based (based on the IP address) and name-based (based on the “Host” request header field) virtual servers. Instead, the [listen](https://nginx.org/en/docs/http/ngx_http_core_module.html#listen) directives describe all addresses and ports that should accept connections for the server, and the [server\\_name](https://nginx.org/en/docs/http/ngx_http_core_module.html#server_name) directive lists all server names. Example configurations are provided in the “[How nginx processes a request](https://nginx.org/en/docs/http/request_processing.html)” document.", - "c": "`http`", - "s": "**server** { ... }" - }, - { - "m": "ngx_http_core_module", - "n": "server_name", - "d": "Sets names of a virtual server, for example:\n```\nserver {\n server_name example.com www.example.com;\n}\n\n```\n\nThe first name becomes the primary server name.\nServer names can include an asterisk (“`*`”) replacing the first or last part of a name:\n```\nserver {\n server_name example.com *.example.com www.example.*;\n}\n\n```\nSuch names are called wildcard names.\nThe first two of the names mentioned above can be combined in one:\n```\nserver {\n server_name .example.com;\n}\n\n```\n\nIt is also possible to use regular expressions in server names, preceding the name with a tilde (“`~`”):\n```\nserver {\n server_name www.example.com ~^www\\d+\\.example\\.com$;\n}\n\n```\n\nRegular expressions can contain captures (0.7.40) that can later be used in other directives:\n```\nserver {\n server_name ~^(www\\.)?(.+)$;\n\n location / {\n root /sites/$2;\n }\n}\n\nserver {\n server_name _;\n\n location / {\n root /sites/default;\n }\n}\n\n```\n\nNamed captures in regular expressions create variables (0.8.25) that can later be used in other directives:\n```\nserver {\n server_name ~^(www\\.)?(?.+)$;\n\n location / {\n root /sites/$domain;\n }\n}\n\nserver {\n server_name _;\n\n location / {\n root /sites/default;\n }\n}\n\n```\n\nIf the directive’s parameter is set to “`$hostname`” (0.9.4), the machine’s hostname is inserted.\nIt is also possible to specify an empty server name (0.7.11):\n```\nserver {\n server_name www.example.com \"\";\n}\n\n```\nIt allows this server to process requests without the “Host” header field — instead of the default server — for the given address:port pair. This is the default setting.\nBefore 0.8.48, the machine’s hostname was used by default.\n\nDuring searching for a virtual server by name, if the name matches more than one of the specified variants, (e.g. both a wildcard name and regular expression match), the first matching variant will be chosen, in the following order of priority:\n* the exact name\n* the longest wildcard name starting with an asterisk, e.g. “`*.example.com`”\n* the longest wildcard name ending with an asterisk, e.g. “`mail.*`”\n* the first matching regular expression (in order of appearance in the configuration file)\n\nDetailed description of server names is provided in a separate [Server names](https://nginx.org/en/docs/http/server_names.html) document.", - "v": "server\\_name \"\";", - "c": "`server`", - "s": "**server_name** `_name_` ...;" - }, - { - "m": "ngx_http_core_module", - "n": "server_name_in_redirect", - "d": "Enables or disables the use of the primary server name, specified by the [server\\_name](https://nginx.org/en/docs/http/ngx_http_core_module.html#server_name) directive, in [absolute](https://nginx.org/en/docs/http/ngx_http_core_module.html#absolute_redirect) redirects issued by nginx. When the use of the primary server name is disabled, the name from the “Host” request header field is used. If this field is not present, the IP address of the server is used.\nThe use of a port in redirects is controlled by the [port\\_in\\_redirect](https://nginx.org/en/docs/http/ngx_http_core_module.html#port_in_redirect) directive.", - "v": "server\\_name\\_in\\_redirect off;", - "c": "`http`, `server`, `location`", - "s": "**server_name_in_redirect** `on` | `off`;" - }, - { - "m": "ngx_http_core_module", - "n": "server_names_hash_bucket_size", - "d": "Sets the bucket size for the server names hash tables. The default value depends on the size of the processor’s cache line. The details of setting up hash tables are provided in a separate [document](https://nginx.org/en/docs/hash.html).", - "v": "server\\_names\\_hash\\_bucket\\_size 32|64|128;", - "c": "`http`", - "s": "**server_names_hash_bucket_size** `_size_`;" - }, - { - "m": "ngx_http_core_module", - "n": "server_names_hash_max_size", - "d": "Sets the maximum `_size_` of the server names hash tables. The details of setting up hash tables are provided in a separate [document](https://nginx.org/en/docs/hash.html).", - "v": "server\\_names\\_hash\\_max\\_size 512;", - "c": "`http`", - "s": "**server_names_hash_max_size** `_size_`;" - }, - { - "m": "ngx_http_core_module", - "n": "server_tokens", - "d": "Enables or disables emitting nginx version on error pages and in the “Server” response header field.", - "v": "server\\_tokens on;", - "c": "`http`, `server`, `location`", - "s": "**server_tokens** `on` | `off` | `build` | `_string_`;" - }, - { - "m": "ngx_http_core_module", - "n": "server_tokens_build", - "d": "The `build` parameter (1.11.10) enables emitting a [build name](https://nginx.org/en/docs/configure.html#build) along with nginx version.\nAdditionally, as part of our [commercial subscription](http://nginx.com/products/), starting from version 1.9.13 the signature on error pages and the “Server” response header field value can be set explicitly using the `_string_` with variables. An empty string disables the emission of the “Server” field.", - "v": "server\\_tokens on;", - "c": "`http`, `server`, `location`", - "s": "**server_tokens** `on` | `off` | `build` | `_string_`;" - }, - { - "m": "ngx_http_core_module", - "n": "subrequest_output_buffer_size", - "d": "Sets the `_size_` of the buffer used for storing the response body of a subrequest. By default, the buffer size is equal to one memory page. This is either 4K or 8K, depending on a platform. It can be made smaller, however.\nThe directive is applicable only for subrequests with response bodies saved into memory. For example, such subrequests are created by [SSI](https://nginx.org/en/docs/http/ngx_http_ssi_module.html#ssi_include_set).", - "v": "subrequest\\_output\\_buffer\\_size 4k|8k;", - "c": "`http`, `server`, `location`", - "s": "**subrequest_output_buffer_size** `_size_`;" - }, - { - "m": "ngx_http_core_module", - "n": "tcp_nodelay", - "d": "Enables or disables the use of the `TCP_NODELAY` option. The option is enabled when a connection is transitioned into the keep-alive state. Additionally, it is enabled on SSL connections, for unbuffered proxying, and for [WebSocket](https://nginx.org/en/docs/http/websocket.html) proxying.", - "v": "tcp\\_nodelay on;", - "c": "`http`, `server`, `location`", - "s": "**tcp_nodelay** `on` | `off`;" - }, - { - "m": "ngx_http_core_module", - "n": "tcp_nopush", - "d": "Enables or disables the use of the `TCP_NOPUSH` socket option on FreeBSD or the `TCP_CORK` socket option on Linux. The options are enabled only when [sendfile](https://nginx.org/en/docs/http/ngx_http_core_module.html#sendfile) is used. Enabling the option allows\n* sending the response header and the beginning of a file in one packet, on Linux and FreeBSD 4.\\*;\n* sending a file in full packets.\n", - "v": "tcp\\_nopush off;", - "c": "`http`, `server`, `location`", - "s": "**tcp_nopush** `on` | `off`;" - }, - { - "m": "ngx_http_core_module", - "n": "try_files", - "d": "Checks the existence of files in the specified order and uses the first found file for request processing; the processing is performed in the current context. The path to a file is constructed from the `_file_` parameter according to the [root](https://nginx.org/en/docs/http/ngx_http_core_module.html#root) and [alias](https://nginx.org/en/docs/http/ngx_http_core_module.html#alias) directives. It is possible to check directory’s existence by specifying a slash at the end of a name, e.g. “`$uri/`”. If none of the files were found, an internal redirect to the `_uri_` specified in the last parameter is made. For example:\n```\nlocation /images/ {\n try_files $uri /images/default.gif;\n}\n\nlocation = /images/default.gif {\n expires 30s;\n}\n\n```\nThe last parameter can also point to a named location, as shown in examples below. Starting from version 0.7.51, the last parameter can also be a `_code_`:\n```\nlocation / {\n try_files $uri $uri/index.html $uri.html =404;\n}\n\n```\n\nExample in proxying Mongrel:\n```\nlocation / {\n try_files /system/maintenance.html\n $uri $uri/index.html $uri.html\n @mongrel;\n}\n\nlocation @mongrel {\n proxy_pass http://mongrel;\n}\n\n```\n\nExample for Drupal/FastCGI:\n```\nlocation / {\n try_files $uri $uri/ @drupal;\n}\n\nlocation ~ \\.php$ {\n try_files $uri @drupal;\n\n fastcgi_pass ...;\n\n fastcgi_param SCRIPT_FILENAME /path/to$fastcgi_script_name;\n fastcgi_param SCRIPT_NAME $fastcgi_script_name;\n fastcgi_param QUERY_STRING $args;\n\n ... other fastcgi_param's\n}\n\nlocation @drupal {\n fastcgi_pass ...;\n\n fastcgi_param SCRIPT_FILENAME /path/to/index.php;\n fastcgi_param SCRIPT_NAME /index.php;\n fastcgi_param QUERY_STRING q=$uri&$args;\n\n ... other fastcgi_param's\n}\n\n```\nIn the following example,\n```\nlocation / {\n try_files $uri $uri/ @drupal;\n}\n\n```\nthe `try_files` directive is equivalent to\n```\nlocation / {\n error_page 404 = @drupal;\n log_not_found off;\n}\n\n```\nAnd here,\n```\nlocation ~ \\.php$ {\n try_files $uri @drupal;\n\n fastcgi_pass ...;\n\n fastcgi_param SCRIPT_FILENAME /path/to$fastcgi_script_name;\n\n ...\n}\n\n```\n`try_files` checks the existence of the PHP file before passing the request to the FastCGI server.\nExample for Wordpress and Joomla:\n```\nlocation / {\n try_files $uri $uri/ @wordpress;\n}\n\nlocation ~ \\.php$ {\n try_files $uri @wordpress;\n\n fastcgi_pass ...;\n\n fastcgi_param SCRIPT_FILENAME /path/to$fastcgi_script_name;\n ... other fastcgi_param's\n}\n\nlocation @wordpress {\n fastcgi_pass ...;\n\n fastcgi_param SCRIPT_FILENAME /path/to/index.php;\n ... other fastcgi_param's\n}\n\n```\n", - "c": "`server`, `location`", - "s": "**try_files** `_file_` ... `_uri_`;`` \n``**try_files** `_file_` ... =`_code_`;" - }, - { - "m": "ngx_http_core_module", - "n": "types", - "d": "Maps file name extensions to MIME types of responses. Extensions are case-insensitive. Several extensions can be mapped to one type, for example:\n```\ntypes {\n application/octet-stream bin exe dll;\n application/octet-stream deb;\n application/octet-stream dmg;\n}\n\n```\n\nA sufficiently full mapping table is distributed with nginx in the `conf/mime.types` file.\nTo make a particular location emit the “`application/octet-stream`” MIME type for all requests, the following configuration can be used:\n```\nlocation /download/ {\n types { }\n default_type application/octet-stream;\n}\n\n```\n", - "v": "types {\n text/html html;\n image/gif gif;\n image/jpeg jpg;\n}", - "c": "`http`, `server`, `location`", - "s": "**types** { ... }" - }, - { - "m": "ngx_http_core_module", - "n": "types_hash_bucket_size", - "d": "Sets the bucket size for the types hash tables. The details of setting up hash tables are provided in a separate [document](https://nginx.org/en/docs/hash.html).\nPrior to version 1.5.13, the default value depended on the size of the processor’s cache line.\n", - "v": "types\\_hash\\_bucket\\_size 64;", - "c": "`http`, `server`, `location`", - "s": "**types_hash_bucket_size** `_size_`;" - }, - { - "m": "ngx_http_core_module", - "n": "types_hash_max_size", - "d": "Sets the maximum `_size_` of the types hash tables. The details of setting up hash tables are provided in a separate [document](https://nginx.org/en/docs/hash.html).", - "v": "types\\_hash\\_max\\_size 1024;", - "c": "`http`, `server`, `location`", - "s": "**types_hash_max_size** `_size_`;" - }, - { - "m": "ngx_http_core_module", - "n": "underscores_in_headers", - "d": "Enables or disables the use of underscores in client request header fields. When the use of underscores is disabled, request header fields whose names contain underscores are marked as invalid and become subject to the [ignore\\_invalid\\_headers](https://nginx.org/en/docs/http/ngx_http_core_module.html#ignore_invalid_headers) directive.\nIf the directive is specified on the [server](https://nginx.org/en/docs/http/ngx_http_core_module.html#server) level, the value from the default server can be used. Details are provided in the “[Virtual server selection](https://nginx.org/en/docs/http/server_names.html#virtual_server_selection)” section.", - "v": "underscores\\_in\\_headers off;", - "c": "`http`, `server`", - "s": "**underscores_in_headers** `on` | `off`;" - }, - { - "m": "ngx_http_core_module", - "n": "variables_hash_bucket_size", - "d": "Sets the bucket size for the variables hash table. The details of setting up hash tables are provided in a separate [document](https://nginx.org/en/docs/hash.html).", - "v": "variables\\_hash\\_bucket\\_size 64;", - "c": "`http`", - "s": "**variables_hash_bucket_size** `_size_`;" - }, - { - "m": "ngx_http_core_module", - "n": "variables_hash_max_size", - "d": "Sets the maximum `_size_` of the variables hash table. The details of setting up hash tables are provided in a separate [document](https://nginx.org/en/docs/hash.html).\nPrior to version 1.5.13, the default value was 512.\n", - "v": "variables\\_hash\\_max\\_size 1024;", - "c": "`http`", - "s": "**variables_hash_max_size** `_size_`;" - }, - { - "m": "ngx_http_core_module", - "n": "variables", - "d": "#### Embedded Variables\nThe `ngx_http_core_module` module supports embedded variables with names matching the Apache Server variables. First of all, these are variables representing client request header fields, such as `$http_user_agent`, `$http_cookie`, and so on. Also there are other variables:\n`$arg_``_name_`\n\nargument `_name_` in the request line\n\n`$args`\n\narguments in the request line\n\n`$binary_remote_addr`\n\nclient address in a binary form, value’s length is always 4 bytes for IPv4 addresses or 16 bytes for IPv6 addresses\n\n`$body_bytes_sent`\n\nnumber of bytes sent to a client, not counting the response header; this variable is compatible with the “`%B`” parameter of the `mod_log_config` Apache module\n\n`$bytes_sent`\n\nnumber of bytes sent to a client (1.3.8, 1.2.5)\n\n`$connection`\n\nconnection serial number (1.3.8, 1.2.5)\n\n`$connection_requests`\n\ncurrent number of requests made through a connection (1.3.8, 1.2.5)\n\n`$connection_time`\n\nconnection time in seconds with a milliseconds resolution (1.19.10)\n\n`$content_length`\n\n“Content-Length” request header field\n\n`$content_type`\n\n“Content-Type” request header field\n\n`$cookie_``_name_`\n\nthe `_name_` cookie\n\n`$document_root`\n\n[root](https://nginx.org/en/docs/http/ngx_http_core_module.html#root) or [alias](https://nginx.org/en/docs/http/ngx_http_core_module.html#alias) directive’s value for the current request\n\n`$document_uri`\n\nsame as `$uri`\n\n`$host`\n\nin this order of precedence: host name from the request line, or host name from the “Host” request header field, or the server name matching a request\n\n`$hostname`\n\nhost name\n\n`$http_``_name_`\n\narbitrary request header field; the last part of a variable name is the field name converted to lower case with dashes replaced by underscores\n\n`$https`\n\n“`on`” if connection operates in SSL mode, or an empty string otherwise\n\n`$is_args`\n\n“`?`” if a request line has arguments, or an empty string otherwise\n\n`$limit_rate`\n\nsetting this variable enables response rate limiting; see [limit\\_rate](https://nginx.org/en/docs/http/ngx_http_core_module.html#limit_rate)\n\n`$msec`\n\ncurrent time in seconds with the milliseconds resolution (1.3.9, 1.2.6)\n\n`$nginx_version`\n\nnginx version\n\n`$pid`\n\nPID of the worker process\n\n`$pipe`\n\n“`p`” if request was pipelined, “`.`” otherwise (1.3.12, 1.2.7)\n\n`$proxy_protocol_addr`\n\nclient address from the PROXY protocol header (1.5.12)\n\nThe PROXY protocol must be previously enabled by setting the `proxy_protocol` parameter in the [listen](https://nginx.org/en/docs/http/ngx_http_core_module.html#listen) directive.\n\n`$proxy_protocol_port`\n\nclient port from the PROXY protocol header (1.11.0)\n\nThe PROXY protocol must be previously enabled by setting the `proxy_protocol` parameter in the [listen](https://nginx.org/en/docs/http/ngx_http_core_module.html#listen) directive.\n\n`$proxy_protocol_server_addr`\n\nserver address from the PROXY protocol header (1.17.6)\n\nThe PROXY protocol must be previously enabled by setting the `proxy_protocol` parameter in the [listen](https://nginx.org/en/docs/http/ngx_http_core_module.html#listen) directive.\n\n`$proxy_protocol_server_port`\n\nserver port from the PROXY protocol header (1.17.6)\n\nThe PROXY protocol must be previously enabled by setting the `proxy_protocol` parameter in the [listen](https://nginx.org/en/docs/http/ngx_http_core_module.html#listen) directive.\n\n`$proxy_protocol_tlv_``_name_`\n\nTLV from the PROXY Protocol header (1.23.2). The `name` can be a TLV type name or its numeric value. In the latter case, the value is hexadecimal and should be prefixed with `0x`:\n\n> $proxy\\_protocol\\_tlv\\_alpn\n> $proxy\\_protocol\\_tlv\\_0x01\n\nSSL TLVs can also be accessed by TLV type name or its numeric value, both prefixed by `ssl_`:\n\n> $proxy\\_protocol\\_tlv\\_ssl\\_version\n> $proxy\\_protocol\\_tlv\\_ssl\\_0x21\n\nThe following TLV type names are supported:\n\n* `alpn` (`0x01`) - upper layer protocol used over the connection\n* `authority` (`0x02`) - host name value passed by the client\n* `unique_id` (`0x05`) - unique connection id\n* `netns` (`0x30`) - name of the namespace\n* `ssl` (`0x20`) - binary SSL TLV structure\n\nThe following SSL TLV type names are supported:\n\n* `ssl_version` (`0x21`) - SSL version used in client connection\n* `ssl_cn` (`0x22`) - SSL certificate Common Name\n* `ssl_cipher` (`0x23`) - name of the used cipher\n* `ssl_sig_alg` (`0x24`) - algorithm used to sign the certificate\n* `ssl_key_alg` (`0x25`) - public-key algorithm\n\nAlso, the following special SSL TLV type name is supported:\n\n* `ssl_verify` - client SSL certificate verification result, `0` if the client presented a certificate and it was successfully verified, non-zero otherwise.\n\nThe PROXY protocol must be previously enabled by setting the `proxy_protocol` parameter in the [listen](https://nginx.org/en/docs/http/ngx_http_core_module.html#listen) directive.\n\n`$query_string`\n\nsame as `$args`\n\n`$realpath_root`\n\nan absolute pathname corresponding to the [root](https://nginx.org/en/docs/http/ngx_http_core_module.html#root) or [alias](https://nginx.org/en/docs/http/ngx_http_core_module.html#alias) directive’s value for the current request, with all symbolic links resolved to real paths\n\n`$remote_addr`\n\nclient address\n\n`$remote_port`\n\nclient port\n\n`$remote_user`\n\nuser name supplied with the Basic authentication\n\n`$request`\n\nfull original request line\n\n`$request_body`\n\nrequest body\n\nThe variable’s value is made available in locations processed by the [proxy\\_pass](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_pass), [fastcgi\\_pass](https://nginx.org/en/docs/http/ngx_http_fastcgi_module.html#fastcgi_pass), [uwsgi\\_pass](https://nginx.org/en/docs/http/ngx_http_uwsgi_module.html#uwsgi_pass), and [scgi\\_pass](https://nginx.org/en/docs/http/ngx_http_scgi_module.html#scgi_pass) directives when the request body was read to a [memory buffer](https://nginx.org/en/docs/http/ngx_http_core_module.html#client_body_buffer_size).\n\n`$request_body_file`\n\nname of a temporary file with the request body\n\nAt the end of processing, the file needs to be removed. To always write the request body to a file, [client\\_body\\_in\\_file\\_only](https://nginx.org/en/docs/http/ngx_http_core_module.html#client_body_in_file_only) needs to be enabled. When the name of a temporary file is passed in a proxied request or in a request to a FastCGI/uwsgi/SCGI server, passing the request body should be disabled by the [proxy\\_pass\\_request\\_body off](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_pass_request_body), [fastcgi\\_pass\\_request\\_body off](https://nginx.org/en/docs/http/ngx_http_fastcgi_module.html#fastcgi_pass_request_body), [uwsgi\\_pass\\_request\\_body off](https://nginx.org/en/docs/http/ngx_http_uwsgi_module.html#uwsgi_pass_request_body), or [scgi\\_pass\\_request\\_body off](https://nginx.org/en/docs/http/ngx_http_scgi_module.html#scgi_pass_request_body) directives, respectively.\n\n`$request_completion`\n\n“`OK`” if a request has completed, or an empty string otherwise\n\n`$request_filename`\n\nfile path for the current request, based on the [root](https://nginx.org/en/docs/http/ngx_http_core_module.html#root) or [alias](https://nginx.org/en/docs/http/ngx_http_core_module.html#alias) directives, and the request URI\n\n`$request_id`\n\nunique request identifier generated from 16 random bytes, in hexadecimal (1.11.0)\n\n`$request_length`\n\nrequest length (including request line, header, and request body) (1.3.12, 1.2.7)\n\n`$request_method`\n\nrequest method, usually “`GET`” or “`POST`”\n\n`$request_time`\n\nrequest processing time in seconds with a milliseconds resolution (1.3.9, 1.2.6); time elapsed since the first bytes were read from the client\n\n`$request_uri`\n\nfull original request URI (with arguments)\n\n`$scheme`\n\nrequest scheme, “`http`” or “`https`”\n\n`$sent_http_``_name_`\n\narbitrary response header field; the last part of a variable name is the field name converted to lower case with dashes replaced by underscores\n\n`$sent_trailer_``_name_`\n\narbitrary field sent at the end of the response (1.13.2); the last part of a variable name is the field name converted to lower case with dashes replaced by underscores\n\n`$server_addr`\n\nan address of the server which accepted a request\n\nComputing a value of this variable usually requires one system call. To avoid a system call, the [listen](https://nginx.org/en/docs/http/ngx_http_core_module.html#listen) directives must specify addresses and use the `bind` parameter.\n\n`$server_name`\n\nname of the server which accepted a request\n\n`$server_port`\n\nport of the server which accepted a request\n\n`$server_protocol`\n\nrequest protocol, usually “`HTTP/1.0`”, “`HTTP/1.1`”, or “[HTTP/2.0](https://nginx.org/en/docs/http/ngx_http_v2_module.html)”\n\n`$status`\n\nresponse status (1.3.2, 1.2.2)\n\n`$tcpinfo_rtt`, `$tcpinfo_rttvar`, `$tcpinfo_snd_cwnd`, `$tcpinfo_rcv_space`\n\ninformation about the client TCP connection; available on systems that support the `TCP_INFO` socket option\n\n`$time_iso8601`\n\nlocal time in the ISO 8601 standard format (1.3.12, 1.2.7)\n\n`$time_local`\n\nlocal time in the Common Log Format (1.3.12, 1.2.7)\n\n`$uri`\n\ncurrent URI in request, [normalized](https://nginx.org/en/docs/http/ngx_http_core_module.html#location)\n\nThe value of `$uri` may change during request processing, e.g. when doing internal redirects, or when using index files.\n", - "v": "variables\\_hash\\_max\\_size 1024;", - "c": "`http`", - "s": "**variables_hash_max_size** `_size_`;" - }, - { - "m": "ngx_http_core_module", - "n": "$arg_name", - "d": "current URI in request, [normalized](https://nginx.org/en/docs/http/ngx_http_core_module.html#location)\n\nThe value of `$uri` may change during request processing, e.g. when doing internal redirects, or when using index files." - }, - { - "m": "ngx_http_core_module", - "n": "$args", - "d": "current URI in request, [normalized](https://nginx.org/en/docs/http/ngx_http_core_module.html#location)\n\nThe value of `$uri` may change during request processing, e.g. when doing internal redirects, or when using index files." - }, - { - "m": "ngx_http_core_module", - "n": "$binary_remote_addr", - "d": "current URI in request, [normalized](https://nginx.org/en/docs/http/ngx_http_core_module.html#location)\n\nThe value of `$uri` may change during request processing, e.g. when doing internal redirects, or when using index files." - }, - { - "m": "ngx_http_core_module", - "n": "$body_bytes_sent", - "d": "current URI in request, [normalized](https://nginx.org/en/docs/http/ngx_http_core_module.html#location)\n\nThe value of `$uri` may change during request processing, e.g. when doing internal redirects, or when using index files." - }, - { - "m": "ngx_http_core_module", - "n": "$bytes_sent", - "d": "current URI in request, [normalized](https://nginx.org/en/docs/http/ngx_http_core_module.html#location)\n\nThe value of `$uri` may change during request processing, e.g. when doing internal redirects, or when using index files." - }, - { - "m": "ngx_http_core_module", - "n": "$connection", - "d": "current URI in request, [normalized](https://nginx.org/en/docs/http/ngx_http_core_module.html#location)\n\nThe value of `$uri` may change during request processing, e.g. when doing internal redirects, or when using index files." - }, - { - "m": "ngx_http_core_module", - "n": "$connection_requests", - "d": "current URI in request, [normalized](https://nginx.org/en/docs/http/ngx_http_core_module.html#location)\n\nThe value of `$uri` may change during request processing, e.g. when doing internal redirects, or when using index files." - }, - { - "m": "ngx_http_core_module", - "n": "$connection_time", - "d": "current URI in request, [normalized](https://nginx.org/en/docs/http/ngx_http_core_module.html#location)\n\nThe value of `$uri` may change during request processing, e.g. when doing internal redirects, or when using index files." - }, - { - "m": "ngx_http_core_module", - "n": "$content_length", - "d": "current URI in request, [normalized](https://nginx.org/en/docs/http/ngx_http_core_module.html#location)\n\nThe value of `$uri` may change during request processing, e.g. when doing internal redirects, or when using index files." - }, - { - "m": "ngx_http_core_module", - "n": "$content_type", - "d": "current URI in request, [normalized](https://nginx.org/en/docs/http/ngx_http_core_module.html#location)\n\nThe value of `$uri` may change during request processing, e.g. when doing internal redirects, or when using index files." - }, - { - "m": "ngx_http_core_module", - "n": "$cookie_name", - "d": "current URI in request, [normalized](https://nginx.org/en/docs/http/ngx_http_core_module.html#location)\n\nThe value of `$uri` may change during request processing, e.g. when doing internal redirects, or when using index files." - }, - { - "m": "ngx_http_core_module", - "n": "$document_root", - "d": "current URI in request, [normalized](https://nginx.org/en/docs/http/ngx_http_core_module.html#location)\n\nThe value of `$uri` may change during request processing, e.g. when doing internal redirects, or when using index files." - }, - { - "m": "ngx_http_core_module", - "n": "$document_uri", - "d": "current URI in request, [normalized](https://nginx.org/en/docs/http/ngx_http_core_module.html#location)\n\nThe value of `$uri` may change during request processing, e.g. when doing internal redirects, or when using index files." - }, - { - "m": "ngx_http_core_module", - "n": "$host", - "d": "current URI in request, [normalized](https://nginx.org/en/docs/http/ngx_http_core_module.html#location)\n\nThe value of `$uri` may change during request processing, e.g. when doing internal redirects, or when using index files." - }, - { - "m": "ngx_http_core_module", - "n": "$hostname", - "d": "current URI in request, [normalized](https://nginx.org/en/docs/http/ngx_http_core_module.html#location)\n\nThe value of `$uri` may change during request processing, e.g. when doing internal redirects, or when using index files." - }, - { - "m": "ngx_http_core_module", - "n": "$http_name", - "d": "current URI in request, [normalized](https://nginx.org/en/docs/http/ngx_http_core_module.html#location)\n\nThe value of `$uri` may change during request processing, e.g. when doing internal redirects, or when using index files." - }, - { - "m": "ngx_http_core_module", - "n": "$https", - "d": "current URI in request, [normalized](https://nginx.org/en/docs/http/ngx_http_core_module.html#location)\n\nThe value of `$uri` may change during request processing, e.g. when doing internal redirects, or when using index files." - }, - { - "m": "ngx_http_core_module", - "n": "$is_args", - "d": "current URI in request, [normalized](https://nginx.org/en/docs/http/ngx_http_core_module.html#location)\n\nThe value of `$uri` may change during request processing, e.g. when doing internal redirects, or when using index files." - }, - { - "m": "ngx_http_core_module", - "n": "$limit_rate", - "d": "current URI in request, [normalized](https://nginx.org/en/docs/http/ngx_http_core_module.html#location)\n\nThe value of `$uri` may change during request processing, e.g. when doing internal redirects, or when using index files." - }, - { - "m": "ngx_http_core_module", - "n": "$msec", - "d": "current URI in request, [normalized](https://nginx.org/en/docs/http/ngx_http_core_module.html#location)\n\nThe value of `$uri` may change during request processing, e.g. when doing internal redirects, or when using index files." - }, - { - "m": "ngx_http_core_module", - "n": "$nginx_version", - "d": "current URI in request, [normalized](https://nginx.org/en/docs/http/ngx_http_core_module.html#location)\n\nThe value of `$uri` may change during request processing, e.g. when doing internal redirects, or when using index files." - }, - { - "m": "ngx_http_core_module", - "n": "$pid", - "d": "current URI in request, [normalized](https://nginx.org/en/docs/http/ngx_http_core_module.html#location)\n\nThe value of `$uri` may change during request processing, e.g. when doing internal redirects, or when using index files." - }, - { - "m": "ngx_http_core_module", - "n": "$pipe", - "d": "current URI in request, [normalized](https://nginx.org/en/docs/http/ngx_http_core_module.html#location)\n\nThe value of `$uri` may change during request processing, e.g. when doing internal redirects, or when using index files." - }, - { - "m": "ngx_http_core_module", - "n": "$proxy_protocol_addr", - "d": "current URI in request, [normalized](https://nginx.org/en/docs/http/ngx_http_core_module.html#location)\n\nThe value of `$uri` may change during request processing, e.g. when doing internal redirects, or when using index files." - }, - { - "m": "ngx_http_core_module", - "n": "$proxy_protocol_port", - "d": "current URI in request, [normalized](https://nginx.org/en/docs/http/ngx_http_core_module.html#location)\n\nThe value of `$uri` may change during request processing, e.g. when doing internal redirects, or when using index files." - }, - { - "m": "ngx_http_core_module", - "n": "$proxy_protocol_server_addr", - "d": "current URI in request, [normalized](https://nginx.org/en/docs/http/ngx_http_core_module.html#location)\n\nThe value of `$uri` may change during request processing, e.g. when doing internal redirects, or when using index files." - }, - { - "m": "ngx_http_core_module", - "n": "$proxy_protocol_server_port", - "d": "current URI in request, [normalized](https://nginx.org/en/docs/http/ngx_http_core_module.html#location)\n\nThe value of `$uri` may change during request processing, e.g. when doing internal redirects, or when using index files." - }, - { - "m": "ngx_http_core_module", - "n": "$proxy_protocol_tlv_name", - "d": "current URI in request, [normalized](https://nginx.org/en/docs/http/ngx_http_core_module.html#location)\n\nThe value of `$uri` may change during request processing, e.g. when doing internal redirects, or when using index files." - }, - { - "m": "ngx_http_core_module", - "n": "$query_string", - "d": "current URI in request, [normalized](https://nginx.org/en/docs/http/ngx_http_core_module.html#location)\n\nThe value of `$uri` may change during request processing, e.g. when doing internal redirects, or when using index files." - }, - { - "m": "ngx_http_core_module", - "n": "$realpath_root", - "d": "current URI in request, [normalized](https://nginx.org/en/docs/http/ngx_http_core_module.html#location)\n\nThe value of `$uri` may change during request processing, e.g. when doing internal redirects, or when using index files." - }, - { - "m": "ngx_http_core_module", - "n": "$remote_addr", - "d": "current URI in request, [normalized](https://nginx.org/en/docs/http/ngx_http_core_module.html#location)\n\nThe value of `$uri` may change during request processing, e.g. when doing internal redirects, or when using index files." - }, - { - "m": "ngx_http_core_module", - "n": "$remote_port", - "d": "current URI in request, [normalized](https://nginx.org/en/docs/http/ngx_http_core_module.html#location)\n\nThe value of `$uri` may change during request processing, e.g. when doing internal redirects, or when using index files." - }, - { - "m": "ngx_http_core_module", - "n": "$remote_user", - "d": "current URI in request, [normalized](https://nginx.org/en/docs/http/ngx_http_core_module.html#location)\n\nThe value of `$uri` may change during request processing, e.g. when doing internal redirects, or when using index files." - }, - { - "m": "ngx_http_core_module", - "n": "$request", - "d": "current URI in request, [normalized](https://nginx.org/en/docs/http/ngx_http_core_module.html#location)\n\nThe value of `$uri` may change during request processing, e.g. when doing internal redirects, or when using index files." - }, - { - "m": "ngx_http_core_module", - "n": "$request_body", - "d": "current URI in request, [normalized](https://nginx.org/en/docs/http/ngx_http_core_module.html#location)\n\nThe value of `$uri` may change during request processing, e.g. when doing internal redirects, or when using index files." - }, - { - "m": "ngx_http_core_module", - "n": "$request_body_file", - "d": "current URI in request, [normalized](https://nginx.org/en/docs/http/ngx_http_core_module.html#location)\n\nThe value of `$uri` may change during request processing, e.g. when doing internal redirects, or when using index files." - }, - { - "m": "ngx_http_core_module", - "n": "$request_completion", - "d": "current URI in request, [normalized](https://nginx.org/en/docs/http/ngx_http_core_module.html#location)\n\nThe value of `$uri` may change during request processing, e.g. when doing internal redirects, or when using index files." - }, - { - "m": "ngx_http_core_module", - "n": "$request_filename", - "d": "current URI in request, [normalized](https://nginx.org/en/docs/http/ngx_http_core_module.html#location)\n\nThe value of `$uri` may change during request processing, e.g. when doing internal redirects, or when using index files." - }, - { - "m": "ngx_http_core_module", - "n": "$request_id", - "d": "current URI in request, [normalized](https://nginx.org/en/docs/http/ngx_http_core_module.html#location)\n\nThe value of `$uri` may change during request processing, e.g. when doing internal redirects, or when using index files." - }, - { - "m": "ngx_http_core_module", - "n": "$request_length", - "d": "current URI in request, [normalized](https://nginx.org/en/docs/http/ngx_http_core_module.html#location)\n\nThe value of `$uri` may change during request processing, e.g. when doing internal redirects, or when using index files." - }, - { - "m": "ngx_http_core_module", - "n": "$request_method", - "d": "current URI in request, [normalized](https://nginx.org/en/docs/http/ngx_http_core_module.html#location)\n\nThe value of `$uri` may change during request processing, e.g. when doing internal redirects, or when using index files." - }, - { - "m": "ngx_http_core_module", - "n": "$request_time", - "d": "current URI in request, [normalized](https://nginx.org/en/docs/http/ngx_http_core_module.html#location)\n\nThe value of `$uri` may change during request processing, e.g. when doing internal redirects, or when using index files." - }, - { - "m": "ngx_http_core_module", - "n": "$request_uri", - "d": "current URI in request, [normalized](https://nginx.org/en/docs/http/ngx_http_core_module.html#location)\n\nThe value of `$uri` may change during request processing, e.g. when doing internal redirects, or when using index files." - }, - { - "m": "ngx_http_core_module", - "n": "$scheme", - "d": "current URI in request, [normalized](https://nginx.org/en/docs/http/ngx_http_core_module.html#location)\n\nThe value of `$uri` may change during request processing, e.g. when doing internal redirects, or when using index files." - }, - { - "m": "ngx_http_core_module", - "n": "$sent_http_name", - "d": "current URI in request, [normalized](https://nginx.org/en/docs/http/ngx_http_core_module.html#location)\n\nThe value of `$uri` may change during request processing, e.g. when doing internal redirects, or when using index files." - }, - { - "m": "ngx_http_core_module", - "n": "$sent_trailer_name", - "d": "current URI in request, [normalized](https://nginx.org/en/docs/http/ngx_http_core_module.html#location)\n\nThe value of `$uri` may change during request processing, e.g. when doing internal redirects, or when using index files." - }, - { - "m": "ngx_http_core_module", - "n": "$server_addr", - "d": "current URI in request, [normalized](https://nginx.org/en/docs/http/ngx_http_core_module.html#location)\n\nThe value of `$uri` may change during request processing, e.g. when doing internal redirects, or when using index files." - }, - { - "m": "ngx_http_core_module", - "n": "$server_name", - "d": "current URI in request, [normalized](https://nginx.org/en/docs/http/ngx_http_core_module.html#location)\n\nThe value of `$uri` may change during request processing, e.g. when doing internal redirects, or when using index files." - }, - { - "m": "ngx_http_core_module", - "n": "$server_port", - "d": "current URI in request, [normalized](https://nginx.org/en/docs/http/ngx_http_core_module.html#location)\n\nThe value of `$uri` may change during request processing, e.g. when doing internal redirects, or when using index files." - }, - { - "m": "ngx_http_core_module", - "n": "$server_protocol", - "d": "current URI in request, [normalized](https://nginx.org/en/docs/http/ngx_http_core_module.html#location)\n\nThe value of `$uri` may change during request processing, e.g. when doing internal redirects, or when using index files." - }, - { - "m": "ngx_http_core_module", - "n": "$status", - "d": "current URI in request, [normalized](https://nginx.org/en/docs/http/ngx_http_core_module.html#location)\n\nThe value of `$uri` may change during request processing, e.g. when doing internal redirects, or when using index files." - }, - { - "m": "ngx_http_core_module", - "n": "\n$tcpinfo_rtt,\n$tcpinfo_rttvar,\n$tcpinfo_snd_cwnd,\n$tcpinfo_rcv_space\n", - "d": "current URI in request, [normalized](https://nginx.org/en/docs/http/ngx_http_core_module.html#location)\n\nThe value of `$uri` may change during request processing, e.g. when doing internal redirects, or when using index files." - }, - { - "m": "ngx_http_core_module", - "n": "$time_iso8601", - "d": "current URI in request, [normalized](https://nginx.org/en/docs/http/ngx_http_core_module.html#location)\n\nThe value of `$uri` may change during request processing, e.g. when doing internal redirects, or when using index files." - }, - { - "m": "ngx_http_core_module", - "n": "$time_local", - "d": "current URI in request, [normalized](https://nginx.org/en/docs/http/ngx_http_core_module.html#location)\n\nThe value of `$uri` may change during request processing, e.g. when doing internal redirects, or when using index files." - }, - { - "m": "ngx_http_core_module", - "n": "$uri", - "d": "current URI in request, [normalized](https://nginx.org/en/docs/http/ngx_http_core_module.html#location)\n\nThe value of `$uri` may change during request processing, e.g. when doing internal redirects, or when using index files." - }, - { - "m": "ngx_http_access_module", - "n": "allow", - "d": "Allows access for the specified network or address. If the special value `unix:` is specified (1.5.1), allows access for all UNIX-domain sockets.", - "c": "`http`, `server`, `location`, `limit_except`", - "s": "**allow** `_address_` | `_CIDR_` | `unix:` | `all`;" - }, - { - "m": "ngx_http_access_module", - "n": "deny", - "d": "Denies access for the specified network or address. If the special value `unix:` is specified (1.5.1), denies access for all UNIX-domain sockets.", - "c": "`http`, `server`, `location`, `limit_except`", - "s": "**deny** `_address_` | `_CIDR_` | `unix:` | `all`;" - }, - { - "m": "ngx_http_addition_module", - "n": "add_before_body", - "d": "Adds the text returned as a result of processing a given subrequest before the response body. An empty string (`\"\"`) as a parameter cancels addition inherited from the previous configuration level.", - "c": "`http`, `server`, `location`", - "s": "**add_before_body** `_uri_`;" - }, - { - "m": "ngx_http_addition_module", - "n": "add_after_body", - "d": "Adds the text returned as a result of processing a given subrequest after the response body. An empty string (`\"\"`) as a parameter cancels addition inherited from the previous configuration level.", - "c": "`http`, `server`, `location`", - "s": "**add_after_body** `_uri_`;" - }, - { - "m": "ngx_http_addition_module", - "n": "addition_types", - "d": "Allows adding text in responses with the specified MIME types, in addition to “`text/html`”. The special value “`*`” matches any MIME type (0.8.29).", - "v": "addition\\_types text/html;", - "c": "`http`, `server`, `location`", - "s": "**addition_types** `_mime-type_` ...;" - }, - { - "m": "ngx_http_api_module", - "n": "api", - "d": "Turns on the REST API interface in the surrounding location. Access to this location should be [limited](https://nginx.org/en/docs/http/ngx_http_core_module.html#satisfy).\nThe `write` parameter determines whether the API is read-only or read-write. By default, the API is read-only.", - "c": "`location`", - "s": "**api** [`write`=`on`|`off`];" - }, - { - "m": "ngx_http_api_module", - "n": "api_version", - "d": "All API requests should contain a supported API version in the URI. If the request URI equals the location prefix, the list of supported API versions is returned. The current API version is “`8`”.\nThe optional “`fields`” argument in the request line specifies which fields of the requested objects will be output:\n```\nhttp://127.0.0.1/api/8/nginx?fields=version,build\n\n```\n", - "c": "`location`", - "s": "**api** [`write`=`on`|`off`];" - }, - { - "m": "ngx_http_api_module", - "n": "status_zone", - "d": "Enables collection of virtual [http](https://nginx.org/en/docs/http/ngx_http_core_module.html#server) or [stream](https://nginx.org/en/docs/stream/ngx_stream_core_module.html#server) server status information in the specified `_zone_`. Several servers may share the same zone.", - "c": "`server`, `location`, `if in location`", - "s": "**status_zone** `_zone_`;" - }, - { - "m": "ngx_http_api_module", - "n": "status_zone_location", - "d": "Starting from 1.17.0, status information can be collected per [location](https://nginx.org/en/docs/http/ngx_http_core_module.html#location). The special value `off` disables statistics collection in nested location blocks. Note that the statistics is collected in the context of a location where processing ends. It may be different from the original location, if an [internal redirect](https://nginx.org/en/docs/http/ngx_http_core_module.html#internal) happens during request processing.", - "c": "`server`, `location`, `if in location`", - "s": "**status_zone** `_zone_`;" - }, - { - "m": "ngx_http_api_module", - "n": "compatibility", - "d": "#### Compatibility\n\n* The `ssl` data for each HTTP [upstream](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_http_upstream), [server zone](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_http_server_zone), and stream [upstream](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_stream_upstream), [server zone](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_stream_server_zone), were added in [version](https://nginx.org/en/docs/http/ngx_http_api_module.html#api_version) 8.\n* The `codes` data in `responses` for each HTTP [upstream](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_http_upstream), [server zone](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_http_server_zone), and [location zone](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_http_location_zone) were added in [version](https://nginx.org/en/docs/http/ngx_http_api_module.html#api_version) 7.\n* The [/stream/limit\\_conns/](https://nginx.org/en/docs/http/ngx_http_api_module.html#stream_limit_conns_) data were added in [version](https://nginx.org/en/docs/http/ngx_http_api_module.html#api_version) 6.\n* The [/http/limit\\_conns/](https://nginx.org/en/docs/http/ngx_http_api_module.html#http_limit_conns_) data were added in [version](https://nginx.org/en/docs/http/ngx_http_api_module.html#api_version) 6.\n* The [/http/limit\\_reqs/](https://nginx.org/en/docs/http/ngx_http_api_module.html#http_limit_reqs_) data were added in [version](https://nginx.org/en/docs/http/ngx_http_api_module.html#api_version) 6.\n* The “`expire`” parameter of a [key-value](https://nginx.org/en/docs/http/ngx_http_keyval_module.html) pair can be [set](https://nginx.org/en/docs/http/ngx_http_api_module.html#postHttpKeyvalZoneData) or [changed](https://nginx.org/en/docs/http/ngx_http_api_module.html#patchHttpKeyvalZoneKeyValue) since [version](https://nginx.org/en/docs/http/ngx_http_api_module.html#api_version) 5.\n* The [/resolvers/](https://nginx.org/en/docs/http/ngx_http_api_module.html#resolvers_) data were added in [version](https://nginx.org/en/docs/http/ngx_http_api_module.html#api_version) 5.\n* The [/http/location\\_zones/](https://nginx.org/en/docs/http/ngx_http_api_module.html#http_location_zones_) data were added in [version](https://nginx.org/en/docs/http/ngx_http_api_module.html#api_version) 5.\n* The `path` and `method` fields of [nginx error object](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_error) were removed in [version](https://nginx.org/en/docs/http/ngx_http_api_module.html#api_version) 4. These fields continue to exist in earlier api versions, but show an empty value.\n* The [/stream/zone\\_sync/](https://nginx.org/en/docs/http/ngx_http_api_module.html#stream_zone_sync_) data were added in [version](https://nginx.org/en/docs/http/ngx_http_api_module.html#api_version) 3.\n* The [drain](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_http_upstream_conf_server) parameter was added in [version](https://nginx.org/en/docs/http/ngx_http_api_module.html#api_version) 2.\n* The [/stream/keyvals/](https://nginx.org/en/docs/http/ngx_http_api_module.html#stream_keyvals_) data were added in [version](https://nginx.org/en/docs/http/ngx_http_api_module.html#api_version) 2.\n", - "c": "`server`, `location`, `if in location`", - "s": "**status_zone** `_zone_`;" - }, - { - "m": "ngx_http_api_module", - "n": "endpoints", - "d": "#### Endpoints\n\n`/`\n\nSupported methods:\n\n* `GET` - Return list of root endpoints\n \n Returns a list of root endpoints.\n \n Possible responses:\n \n * 200 - Success, returns an array of strings\n * 404 - Unknown version (`UnknownVersion`), returns [Error](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_error)\n\n`/nginx`\n\nSupported methods:\n\n* `GET` - Return status of nginx running instance\n \n Returns nginx version, build name, address, number of configuration reloads, IDs of master and worker processes.\n \n Request parameters:\n \n `fields` (`string`, optional)\n \n Limits which fields of nginx running instance will be output.\n \n Possible responses:\n \n * 200 - Success, returns [nginx](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_object)\n * 404 - Unknown version (`UnknownVersion`), returns [Error](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_error)\n\n`/processes`\n\nSupported methods:\n\n* `GET` - Return nginx processes status\n \n Returns the number of abnormally terminated and respawned child processes.\n \n Possible responses:\n \n * 200 - Success, returns [Processes](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_processes)\n * 404 - Unknown version (`UnknownVersion`), returns [Error](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_error)\n* `DELETE` - Reset nginx processes statistics\n \n Resets counters of abnormally terminated and respawned child processes.\n \n Possible responses:\n \n * 204 - Success\n * 404 - Unknown version (`UnknownVersion`), returns [Error](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_error)\n * 405 - Method disabled (`MethodDisabled`), returns [Error](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_error)\n\n`/connections`\n\nSupported methods:\n\n* `GET` - Return client connections statistics\n \n Returns statistics of client connections.\n \n Request parameters:\n \n `fields` (`string`, optional)\n \n Limits which fields of the connections statistics will be output.\n \n Possible responses:\n \n * 200 - Success, returns [Connections](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_connections)\n * 404 - Unknown version (`UnknownVersion`), returns [Error](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_error)\n* `DELETE` - Reset client connections statistics\n \n Resets statistics of accepted and dropped client connections.\n \n Possible responses:\n \n * 204 - Success\n * 404 - Unknown version (`UnknownVersion`), returns [Error](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_error)\n * 405 - Method disabled (`MethodDisabled`), returns [Error](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_error)\n\n`/slabs/`\n\nSupported methods:\n\n* `GET` - Return status of all slabs\n \n Returns status of slabs for each shared memory zone with slab allocator.\n \n Request parameters:\n \n `fields` (`string`, optional)\n \n Limits which fields of slab zones will be output. If the “`fields`” value is empty, then only zone names will be output.\n \n Possible responses:\n \n * 200 - Success, returns a collection of \"[Shared memory zone with slab allocator](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_slab_zone)\" objects for all slabs\n * 404 - Unknown version (`UnknownVersion`), returns [Error](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_error)\n\n`/slabs/{slabZoneName}`\n\nParameters common for all methods:\n\n`slabZoneName` (`string`, required)\n\nThe name of the shared memory zone with slab allocator.\n\nSupported methods:\n\n* `GET` - Return status of a slab\n \n Returns status of slabs for a particular shared memory zone with slab allocator.\n \n Request parameters:\n \n `fields` (`string`, optional)\n \n Limits which fields of the slab zone will be output.\n \n Possible responses:\n \n * 200 - Success, returns [Shared memory zone with slab allocator](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_slab_zone)\n * 404 - Slab not found (`SlabNotFound`), unknown version (`UnknownVersion`), returns [Error](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_error)\n* `DELETE` - Reset slab statistics\n \n Resets the “`reqs`” and “`fails`” metrics for each memory slot.\n \n Possible responses:\n \n * 204 - Success\n * 404 - Slab not found (`SlabNotFound`), unknown version (`UnknownVersion`), returns [Error](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_error)\n * 405 - Method disabled (`MethodDisabled`), returns [Error](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_error)\n\n`/http/`\n\nSupported methods:\n\n* `GET` - Return list of HTTP-related endpoints\n \n Returns a list of first level HTTP endpoints.\n \n Possible responses:\n \n * 200 - Success, returns an array of strings\n * 404 - Unknown version (`UnknownVersion`), returns [Error](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_error)\n\n`/http/requests`\n\nSupported methods:\n\n* `GET` - Return HTTP requests statistics\n \n Returns status of client HTTP requests.\n \n Request parameters:\n \n `fields` (`string`, optional)\n \n Limits which fields of client HTTP requests statistics will be output.\n \n Possible responses:\n \n * 200 - Success, returns [HTTP Requests](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_http_requests)\n * 404 - Unknown version (`UnknownVersion`), returns [Error](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_error)\n* `DELETE` - Reset HTTP requests statistics\n \n Resets the number of total client HTTP requests.\n \n Possible responses:\n \n * 204 - Success\n * 404 - Unknown version (`UnknownVersion`), returns [Error](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_error)\n * 405 - Method disabled (`MethodDisabled`), returns [Error](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_error)\n\n`/http/server_zones/`\n\nSupported methods:\n\n* `GET` - Return status of all HTTP server zones\n \n Returns status information for each HTTP [server zone](https://nginx.org/en/docs/http/ngx_http_api_module.html#status_zone).\n \n Request parameters:\n \n `fields` (`string`, optional)\n \n Limits which fields of server zones will be output. If the “`fields`” value is empty, then only server zone names will be output.\n \n Possible responses:\n \n * 200 - Success, returns a collection of \"[HTTP Server Zone](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_http_server_zone)\" objects for all HTTP server zones\n * 404 - Unknown version (`UnknownVersion`), returns [Error](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_error)\n\n`/http/server_zones/{httpServerZoneName}`\n\nParameters common for all methods:\n\n`httpServerZoneName` (`string`, required)\n\nThe name of an HTTP server zone.\n\nSupported methods:\n\n* `GET` - Return status of an HTTP server zone\n \n Returns status of a particular HTTP server zone.\n \n Request parameters:\n \n `fields` (`string`, optional)\n \n Limits which fields of the server zone will be output.\n \n Possible responses:\n \n * 200 - Success, returns [HTTP Server Zone](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_http_server_zone)\n * 404 - Server zone not found (`ServerZoneNotFound`), unknown version (`UnknownVersion`), returns [Error](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_error)\n* `DELETE` - Reset statistics for an HTTP server zone\n \n Resets statistics of accepted and discarded requests, responses, received and sent bytes, counters of SSL handshakes and session reuses in a particular HTTP server zone.\n \n Possible responses:\n \n * 204 - Success\n * 404 - Server zone not found (`ServerZoneNotFound`), unknown version (`UnknownVersion`), returns [Error](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_error)\n * 405 - Method disabled (`MethodDisabled`), returns [Error](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_error)\n\n`/http/location_zones/`\n\nSupported methods:\n\n* `GET` - Return status of all HTTP location zones\n \n Returns status information for each HTTP [location zone](https://nginx.org/en/docs/http/ngx_http_api_module.html#status_zone_location).\n \n Request parameters:\n \n `fields` (`string`, optional)\n \n Limits which fields of location zones will be output. If the “`fields`” value is empty, then only zone names will be output.\n \n Possible responses:\n \n * 200 - Success, returns a collection of \"[HTTP Location Zone](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_http_location_zone)\" objects for all HTTP location zones\n * 404 - Unknown version (`UnknownVersion`), returns [Error](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_error)\n\n`/http/location_zones/{httpLocationZoneName}`\n\nParameters common for all methods:\n\n`httpLocationZoneName` (`string`, required)\n\nThe name of an HTTP [location zone](https://nginx.org/en/docs/http/ngx_http_api_module.html#status_zone_location).\n\nSupported methods:\n\n* `GET` - Return status of an HTTP location zone\n \n Returns status of a particular HTTP [location zone](https://nginx.org/en/docs/http/ngx_http_api_module.html#status_zone_location).\n \n Request parameters:\n \n `fields` (`string`, optional)\n \n Limits which fields of the location zone will be output.\n \n Possible responses:\n \n * 200 - Success, returns [HTTP Location Zone](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_http_location_zone)\n * 404 - Location zone not found (`LocationZoneNotFound`), unknown version (`UnknownVersion`), returns [Error](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_error)\n* `DELETE` - Reset statistics for a location zone.\n \n Resets statistics of accepted and discarded requests, responses, received and sent bytes in a particular location zone.\n \n Possible responses:\n \n * 204 - Success\n * 404 - Location zone not found (`LocationZoneNotFound`), unknown version (`UnknownVersion`), returns [Error](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_error)\n * 405 - Method disabled (`MethodDisabled`), returns [Error](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_error)\n\n`/http/caches/`\n\nSupported methods:\n\n* `GET` - Return status of all caches\n \n Returns status of each cache configured by [proxy\\_cache\\_path](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_cache_path) and other “`*_cache_path`” directives.\n \n Request parameters:\n \n `fields` (`string`, optional)\n \n Limits which fields of cache zones will be output. If the “`fields`” value is empty, then only names of cache zones will be output.\n \n Possible responses:\n \n * 200 - Success, returns a collection of \"[HTTP Cache](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_http_cache)\" objects for all HTTP caches\n * 404 - Unknown version (`UnknownVersion`), returns [Error](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_error)\n\n`/http/caches/{httpCacheZoneName}`\n\nParameters common for all methods:\n\n`httpCacheZoneName` (`string`, required)\n\nThe name of the cache zone.\n\nSupported methods:\n\n* `GET` - Return status of a cache\n \n Returns status of a particular cache.\n \n Request parameters:\n \n `fields` (`string`, optional)\n \n Limits which fields of the cache zone will be output.\n \n Possible responses:\n \n * 200 - Success, returns [HTTP Cache](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_http_cache)\n * 404 - Cache not found (`CacheNotFound`), unknown version (`UnknownVersion`), returns [Error](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_error)\n* `DELETE` - Reset cache statistics\n \n Resets statistics of cache hits/misses in a particular cache zone.\n \n Possible responses:\n \n * 204 - Success\n * 404 - Cache not found (`CacheNotFound`), unknown version (`UnknownVersion`), returns [Error](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_error)\n * 405 - Method disabled (`MethodDisabled`), returns [Error](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_error)\n\n`/http/limit_conns/`\n\nSupported methods:\n\n* `GET` - Return status of all HTTP limit\\_conn zones\n \n Returns status information for each HTTP [limit\\_conn zone](https://nginx.org/en/docs/http/ngx_http_limit_conn_module.html#limit_conn_zone).\n \n Request parameters:\n \n `fields` (`string`, optional)\n \n Limits which fields of limit\\_conn zones will be output. If the “`fields`” value is empty, then only zone names will be output.\n \n Possible responses:\n \n * 200 - Success, returns a collection of \"[HTTP Connections Limiting](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_http_limit_conn_zone)\" objects for all HTTP limit conns\n * 404 - Unknown version (`UnknownVersion`), returns [Error](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_error)\n\n`/http/limit_conns/{httpLimitConnZoneName}`\n\nParameters common for all methods:\n\n`httpLimitConnZoneName` (`string`, required)\n\nThe name of a [limit\\_conn zone](https://nginx.org/en/docs/http/ngx_http_limit_conn_module.html#limit_conn_zone).\n\nSupported methods:\n\n* `GET` - Return status of an HTTP limit\\_conn zone\n \n Returns status of a particular HTTP [limit\\_conn zone](https://nginx.org/en/docs/http/ngx_http_limit_conn_module.html#limit_conn_zone).\n \n Request parameters:\n \n `fields` (`string`, optional)\n \n Limits which fields of the [limit\\_conn zone](https://nginx.org/en/docs/http/ngx_http_limit_conn_module.html#limit_conn_zone) will be output.\n \n Possible responses:\n \n * 200 - Success, returns [HTTP Connections Limiting](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_http_limit_conn_zone)\n * 404 - limit\\_conn not found (`LimitConnNotFound`), unknown version (`UnknownVersion`), returns [Error](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_error)\n* `DELETE` - Reset statistics for an HTTP limit\\_conn zone\n \n Resets the connection limiting statistics.\n \n Possible responses:\n \n * 204 - Success\n * 404 - limit\\_conn not found (`LimitConnNotFound`), unknown version (`UnknownVersion`), returns [Error](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_error)\n * 405 - Method disabled (`MethodDisabled`), returns [Error](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_error)\n\n`/http/limit_reqs/`\n\nSupported methods:\n\n* `GET` - Return status of all HTTP limit\\_req zones\n \n Returns status information for each HTTP [limit\\_req zone](https://nginx.org/en/docs/http/ngx_http_limit_req_module.html#limit_req_zone).\n \n Request parameters:\n \n `fields` (`string`, optional)\n \n Limits which fields of limit\\_req zones will be output. If the “`fields`” value is empty, then only zone names will be output.\n \n Possible responses:\n \n * 200 - Success, returns a collection of \"[HTTP Requests Rate Limiting](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_http_limit_req_zone)\" objects for all HTTP limit reqs\n * 404 - Unknown version (`UnknownVersion`), returns [Error](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_error)\n\n`/http/limit_reqs/{httpLimitReqZoneName}`\n\nParameters common for all methods:\n\n`httpLimitReqZoneName` (`string`, required)\n\nThe name of a [limit\\_req zone](https://nginx.org/en/docs/http/ngx_http_limit_req_module.html#limit_req_zone).\n\nSupported methods:\n\n* `GET` - Return status of an HTTP limit\\_req zone\n \n Returns status of a particular HTTP [limit\\_req zone](https://nginx.org/en/docs/http/ngx_http_limit_req_module.html#limit_req_zone).\n \n Request parameters:\n \n `fields` (`string`, optional)\n \n Limits which fields of the [limit\\_req zone](https://nginx.org/en/docs/http/ngx_http_limit_req_module.html#limit_req_zone) will be output.\n \n Possible responses:\n \n * 200 - Success, returns [HTTP Requests Rate Limiting](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_http_limit_req_zone)\n * 404 - limit\\_req not found (`LimitReqNotFound`), unknown version (`UnknownVersion`), returns [Error](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_error)\n* `DELETE` - Reset statistics for an HTTP limit\\_req zone\n \n Resets the requests limiting statistics.\n \n Possible responses:\n \n * 204 - Success\n * 404 - limit\\_req not found (`LimitReqNotFound`), unknown version (`UnknownVersion`), returns [Error](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_error)\n * 405 - Method disabled (`MethodDisabled`), returns [Error](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_error)\n\n`/http/upstreams/`\n\nSupported methods:\n\n* `GET` - Return status of all HTTP upstream server groups\n \n Returns status of each HTTP upstream server group and its servers.\n \n Request parameters:\n \n `fields` (`string`, optional)\n \n Limits which fields of upstream server groups will be output. If the “`fields`” value is empty, only names of upstreams will be output.\n \n Possible responses:\n \n * 200 - Success, returns a collection of \"[HTTP Upstream](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_http_upstream)\" objects for all HTTP upstreams\n * 404 - Unknown version (`UnknownVersion`), returns [Error](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_error)\n\n`/http/upstreams/{httpUpstreamName}/`\n\nParameters common for all methods:\n\n`httpUpstreamName` (`string`, required)\n\nThe name of an HTTP upstream server group.\n\nSupported methods:\n\n* `GET` - Return status of an HTTP upstream server group\n \n Returns status of a particular HTTP upstream server group and its servers.\n \n Request parameters:\n \n `fields` (`string`, optional)\n \n Limits which fields of the upstream server group will be output.\n \n Possible responses:\n \n * 200 - Success, returns [HTTP Upstream](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_http_upstream)\n * 400 - Upstream is static (`UpstreamStatic`), returns [Error](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_error)\n * 404 - Unknown version (`UnknownVersion`), upstream not found (`UpstreamNotFound`), returns [Error](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_error)\n* `DELETE` - Reset statistics of an HTTP upstream server group\n \n Resets the statistics for each upstream server in an upstream server group and queue statistics.\n \n Possible responses:\n \n * 204 - Success\n * 400 - Upstream is static (`UpstreamStatic`), returns [Error](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_error)\n * 404 - Unknown version (`UnknownVersion`), upstream not found (`UpstreamNotFound`), returns [Error](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_error)\n * 405 - Method disabled (`MethodDisabled`), returns [Error](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_error)\n\n`/http/upstreams/{httpUpstreamName}/servers/`\n\nParameters common for all methods:\n\n`httpUpstreamName` (`string`, required)\n\nThe name of an upstream server group.\n\nSupported methods:\n\n* `GET` - Return configuration of all servers in an HTTP upstream server group\n \n Returns configuration of each server in a particular HTTP upstream server group.\n \n Possible responses:\n \n * 200 - Success, returns an array of [HTTP Upstream Servers](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_http_upstream_conf_server)\n * 400 - Upstream is static (`UpstreamStatic`), returns [Error](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_error)\n * 404 - Unknown version (`UnknownVersion`), upstream not found (`UpstreamNotFound`), returns [Error](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_error)\n* `POST` - Add a server to an HTTP upstream server group\n \n Adds a new server to an HTTP upstream server group. Server parameters are specified in the JSON format.\n \n Request parameters:\n \n `postHttpUpstreamServer` ([HTTP Upstream Server](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_http_upstream_conf_server), required)\n \n Address of a new server and other optional parameters in the JSON format. The “`ID`”, “`backup`”, and “`service`” parameters cannot be changed.\n \n Possible responses:\n \n * 201 - Created, returns [HTTP Upstream Server](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_http_upstream_conf_server)\n * 400 - Upstream is static (`UpstreamStatic`), invalid “`_parameter_`” value (`UpstreamConfFormatError`), missing “`server`” argument (`UpstreamConfFormatError`), unknown parameter “`_name_`” (`UpstreamConfFormatError`), nested object or list (`UpstreamConfFormatError`), “`error`” while parsing (`UpstreamBadAddress`), service upstream “`host`” may not have port (`UpstreamBadAddress`), service upstream “`host`” requires domain name (`UpstreamBadAddress`), invalid “`weight`” (`UpstreamBadWeight`), invalid “`max_conns`” (`UpstreamBadMaxConns`), invalid “`max_fails`” (`UpstreamBadMaxFails`), invalid “`fail_timeout`” (`UpstreamBadFailTimeout`), invalid “`slow_start`” (`UpstreamBadSlowStart`), reading request body failed `BodyReadError`), route is too long (`UpstreamBadRoute`), “`service`” is empty (`UpstreamBadService`), no resolver defined to resolve (`UpstreamConfNoResolver`), upstream “`_name_`” has no backup (`UpstreamNoBackup`), upstream “`_name_`” memory exhausted (`UpstreamOutOfMemory`), returns [Error](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_error)\n * 404 - Unknown version (`UnknownVersion`), upstream not found (`UpstreamNotFound`), returns [Error](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_error)\n * 405 - Method disabled (`MethodDisabled`), returns [Error](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_error)\n * 409 - Entry exists (`EntryExists`), returns [Error](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_error)\n * 415 - JSON error (`JsonError`), returns [Error](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_error)\n\n`/http/upstreams/{httpUpstreamName}/servers/{httpUpstreamServerId}`\n\nParameters common for all methods:\n\n`httpUpstreamName` (`string`, required)\n\nThe name of the upstream server group.\n\n`httpUpstreamServerId` (`string`, required)\n\nThe ID of the server.\n\nSupported methods:\n\n* `GET` - Return configuration of a server in an HTTP upstream server group\n \n Returns configuration of a particular server in the HTTP upstream server group.\n \n Possible responses:\n \n * 200 - Success, returns [HTTP Upstream Server](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_http_upstream_conf_server)\n * 400 - Upstream is static (`UpstreamStatic`), invalid server ID (`UpstreamBadServerId`), returns [Error](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_error)\n * 404 - Server with ID “`_id_`” does not exist (`UpstreamServerNotFound`), unknown version (`UnknownVersion`), upstream not found (`UpstreamNotFound`), returns [Error](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_error)\n* `PATCH` - Modify a server in an HTTP upstream server group\n \n Modifies settings of a particular server in an HTTP upstream server group. Server parameters are specified in the JSON format.\n \n Request parameters:\n \n `patchHttpUpstreamServer` ([HTTP Upstream Server](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_http_upstream_conf_server), required)\n \n Server parameters, specified in the JSON format. The “`ID`”, “`backup`”, and “`service`” parameters cannot be changed.\n \n Possible responses:\n \n * 200 - Success, returns [HTTP Upstream Server](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_http_upstream_conf_server)\n * 400 - Upstream is static (`UpstreamStatic`), invalid “`_parameter_`” value (`UpstreamConfFormatError`), unknown parameter “`_name_`” (`UpstreamConfFormatError`), nested object or list (`UpstreamConfFormatError`), “`error`” while parsing (`UpstreamBadAddress`), invalid “`server`” argument (`UpstreamBadAddress`), invalid server ID (`UpstreamBadServerId`), invalid “`weight`” (`UpstreamBadWeight`), invalid “`max_conns`” (`UpstreamBadMaxConns`), invalid “`max_fails`” (`UpstreamBadMaxFails`), invalid “`fail_timeout`” (`UpstreamBadFailTimeout`), invalid “`slow_start`” (`UpstreamBadSlowStart`), reading request body failed `BodyReadError`), route is too long (`UpstreamBadRoute`), “`service`” is empty (`UpstreamBadService`), server “`_ID_`” address is immutable (`UpstreamServerImmutable`), server “`ID`” weight is immutable (`UpstreamServerWeightImmutable`), upstream “`name`” memory exhausted (`UpstreamOutOfMemory`), returns [Error](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_error)\n * 404 - Server with ID “`_id_`” does not exist (`UpstreamServerNotFound`), unknown version (`UnknownVersion`), upstream not found (`UpstreamNotFound`), returns [Error](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_error)\n * 405 - Method disabled (`MethodDisabled`), returns [Error](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_error)\n * 415 - JSON error (`JsonError`), returns [Error](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_error)\n* `DELETE` - Remove a server from an HTTP upstream server group\n \n Removes a server from an HTTP upstream server group.\n \n Possible responses:\n \n * 200 - Success, returns an array of [HTTP Upstream Servers](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_http_upstream_conf_server)\n * 400 - Upstream is static (`UpstreamStatic`), invalid server ID (`UpstreamBadServerId`), server “`_id_`” not removable (`UpstreamServerImmutable`), returns [Error](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_error)\n * 404 - Server with ID “`_id_`” does not exist (`UpstreamServerNotFound`), unknown version (`UnknownVersion`), upstream not found (`UpstreamNotFound`), returns [Error](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_error)\n * 405 - Method disabled (`MethodDisabled`), returns [Error](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_error)\n\n`/http/keyvals/`\n\nSupported methods:\n\n* `GET` - Return key-value pairs from all HTTP keyval zones\n \n Returns key-value pairs for each HTTP keyval shared memory [zone](https://nginx.org/en/docs/http/ngx_http_keyval_module.html#keyval_zone).\n \n Request parameters:\n \n `fields` (`string`, optional)\n \n If the “`fields`” value is empty, then only HTTP keyval zone names will be output.\n \n Possible responses:\n \n * 200 - Success, returns a collection of \"[HTTP Keyval Shared Memory Zone](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_http_keyval_zone)\" objects for all HTTP keyvals\n * 404 - Unknown version (`UnknownVersion`), returns [Error](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_error)\n\n`/http/keyvals/{httpKeyvalZoneName}`\n\nParameters common for all methods:\n\n`httpKeyvalZoneName` (`string`, required)\n\nThe name of an HTTP keyval shared memory zone.\n\nSupported methods:\n\n* `GET` - Return key-value pairs from an HTTP keyval zone\n \n Returns key-value pairs stored in a particular HTTP keyval shared memory [zone](https://nginx.org/en/docs/http/ngx_http_keyval_module.html#keyval_zone).\n \n Request parameters:\n \n `key` (`string`, optional)\n \n Get a particular key-value pair from the HTTP keyval zone.\n \n Possible responses:\n \n * 200 - Success, returns [HTTP Keyval Shared Memory Zone](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_http_keyval_zone)\n * 404 - Keyval not found (`KeyvalNotFound`), keyval key not found (`KeyvalKeyNotFound`), unknown version (`UnknownVersion`), returns [Error](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_error)\n* `POST` - Add a key-value pair to the HTTP keyval zone\n \n Adds a new key-value pair to the HTTP keyval shared memory [zone](https://nginx.org/en/docs/http/ngx_http_keyval_module.html#keyval_zone). Several key-value pairs can be entered if the HTTP keyval shared memory zone is empty.\n \n Request parameters:\n \n `Key-value` ([HTTP Keyval Shared Memory Zone](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_http_keyval_zone_post_patch), required)\n \n A key-value pair is specified in the JSON format. Several key-value pairs can be entered if the HTTP keyval shared memory zone is empty. Expiration time in milliseconds can be specified for a key-value pair with the `expire` parameter which overrides the [`timeout`](https://nginx.org/en/docs/http/ngx_http_keyval_module.html#keyval_timeout) parameter of the [keyval\\_zone](https://nginx.org/en/docs/http/ngx_http_keyval_module.html#keyval_zone) directive.\n \n Possible responses:\n \n * 201 - Created\n * 400 - Invalid JSON (`KeyvalFormatError`), invalid key format (`KeyvalFormatError`), key required (`KeyvalFormatError`), keyval timeout is not enabled (`KeyvalFormatError`), only one key can be added (`KeyvalFormatError`), reading request body failed `BodyReadError`), returns [Error](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_error)\n * 404 - Keyval not found (`KeyvalNotFound`), unknown version (`UnknownVersion`), returns [Error](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_error)\n * 405 - Method disabled (`MethodDisabled`), returns [Error](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_error)\n * 409 - Entry exists (`EntryExists`), key already exists (`KeyvalKeyExists`), returns [Error](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_error)\n * 413 - Request Entity Too Large, returns [Error](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_error)\n * 415 - JSON error (`JsonError`), returns [Error](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_error)\n* `PATCH` - Modify a key-value or delete a key\n \n Changes the value of the selected key in the key-value pair, deletes a key by setting the key value to `null`, changes expiration time of a key-value pair. If [synchronization](https://nginx.org/en/docs/stream/ngx_stream_zone_sync_module.html#zone_sync) of keyval zones in a cluster is enabled, deletes a key only on a target cluster node. Expiration time in milliseconds can be specified for a key-value pair with the `expire` parameter which overrides the [`timeout`](https://nginx.org/en/docs/http/ngx_http_keyval_module.html#keyval_timeout) parameter of the [keyval\\_zone](https://nginx.org/en/docs/http/ngx_http_keyval_module.html#keyval_zone) directive.\n \n Request parameters:\n \n `httpKeyvalZoneKeyValue` ([HTTP Keyval Shared Memory Zone](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_http_keyval_zone_post_patch), required)\n \n A new value for the key is specified in the JSON format.\n \n Possible responses:\n \n * 204 - Success\n * 400 - Invalid JSON (`KeyvalFormatError`), key required (`KeyvalFormatError`), keyval timeout is not enabled (`KeyvalFormatError`), only one key can be updated (`KeyvalFormatError`), reading request body failed `BodyReadError`), returns [Error](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_error)\n * 404 - Keyval not found (`KeyvalNotFound`), keyval key not found (`KeyvalKeyNotFound`), unknown version (`UnknownVersion`), returns [Error](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_error)\n * 405 - Method disabled (`MethodDisabled`), returns [Error](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_error)\n * 413 - Request Entity Too Large, returns [Error](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_error)\n * 415 - JSON error (`JsonError`), returns [Error](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_error)\n* `DELETE` - Empty the HTTP keyval zone\n \n Deletes all key-value pairs from the HTTP keyval shared memory [zone](https://nginx.org/en/docs/http/ngx_http_keyval_module.html#keyval_zone). If [synchronization](https://nginx.org/en/docs/stream/ngx_stream_zone_sync_module.html#zone_sync) of keyval zones in a cluster is enabled, empties the keyval zone only on a target cluster node.\n \n Possible responses:\n \n * 204 - Success\n * 404 - Keyval not found (`KeyvalNotFound`), unknown version (`UnknownVersion`), returns [Error](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_error)\n * 405 - Method disabled (`MethodDisabled`), returns [Error](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_error)\n\n`/stream/`\n\nSupported methods:\n\n* `GET` - Return list of stream-related endpoints\n \n Returns a list of first level stream endpoints.\n \n Possible responses:\n \n * 200 - Success, returns an array of strings\n * 404 - Unknown version (`UnknownVersion`), returns [Error](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_error)\n\n`/stream/server_zones/`\n\nSupported methods:\n\n* `GET` - Return status of all stream server zones\n \n Returns status information for each stream [server zone](https://nginx.org/en/docs/http/ngx_http_api_module.html#status_zone).\n \n Request parameters:\n \n `fields` (`string`, optional)\n \n Limits which fields of server zones will be output. If the “`fields`” value is empty, then only server zone names will be output.\n \n Possible responses:\n \n * 200 - Success, returns a collection of \"[Stream Server Zone](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_stream_server_zone)\" objects for all stream server zones\n * 404 - Unknown version (`UnknownVersion`), returns [Error](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_error)\n\n`/stream/server_zones/{streamServerZoneName}`\n\nParameters common for all methods:\n\n`streamServerZoneName` (`string`, required)\n\nThe name of a stream server zone.\n\nSupported methods:\n\n* `GET` - Return status of a stream server zone\n \n Returns status of a particular stream server zone.\n \n Request parameters:\n \n `fields` (`string`, optional)\n \n Limits which fields of the server zone will be output.\n \n Possible responses:\n \n * 200 - Success, returns [Stream Server Zone](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_stream_server_zone)\n * 404 - Server zone not found (`ServerZoneNotFound`), unknown version (`UnknownVersion`), returns [Error](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_error)\n* `DELETE` - Reset statistics for a stream server zone\n \n Resets statistics of accepted and discarded connections, sessions, received and sent bytes, counters of SSL handshakes and session reuses in a particular stream server zone.\n \n Possible responses:\n \n * 204 - Success\n * 404 - Server zone not found (`ServerZoneNotFound`), unknown version (`UnknownVersion`), returns [Error](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_error)\n * 405 - Method disabled (`MethodDisabled`), returns [Error](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_error)\n\n`/stream/limit_conns/`\n\nSupported methods:\n\n* `GET` - Return status of all stream limit\\_conn zones\n \n Returns status information for each stream [limit\\_conn zone](https://nginx.org/en/docs/stream/ngx_stream_limit_conn_module.html#limit_conn_zone).\n \n Request parameters:\n \n `fields` (`string`, optional)\n \n Limits which fields of limit\\_conn zones will be output. If the “`fields`” value is empty, then only zone names will be output.\n \n Possible responses:\n \n * 200 - Success, returns a collection of \"[Stream Connections Limiting](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_stream_limit_conn_zone)\" objects for all stream limit conns\n * 404 - Unknown version (`UnknownVersion`), returns [Error](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_error)\n\n`/stream/limit_conns/{streamLimitConnZoneName}`\n\nParameters common for all methods:\n\n`streamLimitConnZoneName` (`string`, required)\n\nThe name of a [limit\\_conn zone](https://nginx.org/en/docs/stream/ngx_stream_limit_conn_module.html#limit_conn_zone).\n\nSupported methods:\n\n* `GET` - Return status of an stream limit\\_conn zone\n \n Returns status of a particular stream [limit\\_conn zone](https://nginx.org/en/docs/stream/ngx_stream_limit_conn_module.html#limit_conn_zone).\n \n Request parameters:\n \n `fields` (`string`, optional)\n \n Limits which fields of the [limit\\_conn zone](https://nginx.org/en/docs/stream/ngx_stream_limit_conn_module.html#limit_conn_zone) will be output.\n \n Possible responses:\n \n * 200 - Success, returns [Stream Connections Limiting](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_stream_limit_conn_zone)\n * 404 - limit\\_conn not found (`LimitConnNotFound`), unknown version (`UnknownVersion`), returns [Error](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_error)\n* `DELETE` - Reset statistics for a stream limit\\_conn zone\n \n Resets the connection limiting statistics.\n \n Possible responses:\n \n * 204 - Success\n * 404 - limit\\_conn not found (`LimitConnNotFound`), unknown version (`UnknownVersion`), returns [Error](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_error)\n * 405 - Method disabled (`MethodDisabled`), returns [Error](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_error)\n\n`/stream/upstreams/`\n\nSupported methods:\n\n* `GET` - Return status of all stream upstream server groups\n \n Returns status of each stream upstream server group and its servers.\n \n Request parameters:\n \n `fields` (`string`, optional)\n \n Limits which fields of upstream server groups will be output. If the “`fields`” value is empty, only names of upstreams will be output.\n \n Possible responses:\n \n * 200 - Success, returns a collection of \"[Stream Upstream](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_stream_upstream)\" objects for all stream upstreams\n * 404 - Unknown version (`UnknownVersion`), returns [Error](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_error)\n\n`/stream/upstreams/{streamUpstreamName}/`\n\nParameters common for all methods:\n\n`streamUpstreamName` (`string`, required)\n\nThe name of a stream upstream server group.\n\nSupported methods:\n\n* `GET` - Return status of a stream upstream server group\n \n Returns status of a particular stream upstream server group and its servers.\n \n Request parameters:\n \n `fields` (`string`, optional)\n \n Limits which fields of the upstream server group will be output.\n \n Possible responses:\n \n * 200 - Success, returns [Stream Upstream](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_stream_upstream)\n * 400 - Upstream is static (`UpstreamStatic`), returns [Error](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_error)\n * 404 - Unknown version (`UnknownVersion`), upstream not found (`UpstreamNotFound`), returns [Error](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_error)\n* `DELETE` - Reset statistics of a stream upstream server group\n \n Resets the statistics for each upstream server in an upstream server group.\n \n Possible responses:\n \n * 204 - Success\n * 400 - Upstream is static (`UpstreamStatic`), returns [Error](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_error)\n * 404 - Unknown version (`UnknownVersion`), upstream not found (`UpstreamNotFound`), returns [Error](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_error)\n * 405 - Method disabled (`MethodDisabled`), returns [Error](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_error)\n\n`/stream/upstreams/{streamUpstreamName}/servers/`\n\nParameters common for all methods:\n\n`streamUpstreamName` (`string`, required)\n\nThe name of an upstream server group.\n\nSupported methods:\n\n* `GET` - Return configuration of all servers in a stream upstream server group\n \n Returns configuration of each server in a particular stream upstream server group.\n \n Possible responses:\n \n * 200 - Success, returns an array of [Stream Upstream Servers](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_stream_upstream_conf_server)\n * 400 - Upstream is static (`UpstreamStatic`), returns [Error](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_error)\n * 404 - Unknown version (`UnknownVersion`), upstream not found (`UpstreamNotFound`), returns [Error](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_error)\n* `POST` - Add a server to a stream upstream server group\n \n Adds a new server to a stream upstream server group. Server parameters are specified in the JSON format.\n \n Request parameters:\n \n `postStreamUpstreamServer` ([Stream Upstream Server](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_stream_upstream_conf_server), required)\n \n Address of a new server and other optional parameters in the JSON format. The “`ID`”, “`backup`”, and “`service`” parameters cannot be changed.\n \n Possible responses:\n \n * 201 - Created, returns [Stream Upstream Server](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_stream_upstream_conf_server)\n * 400 - Upstream is static (`UpstreamStatic`), invalid “`_parameter_`” value (`UpstreamConfFormatError`), missing “`server`” argument (`UpstreamConfFormatError`), unknown parameter “`_name_`” (`UpstreamConfFormatError`), nested object or list (`UpstreamConfFormatError`), “`error`” while parsing (`UpstreamBadAddress`), no port in server “`host`” (`UpstreamBadAddress`), service upstream “`host`” may not have port (`UpstreamBadAddress`), service upstream “`host`” requires domain name (`UpstreamBadAddress`), invalid “`weight`” (`UpstreamBadWeight`), invalid “`max_conns`” (`UpstreamBadMaxConns`), invalid “`max_fails`” (`UpstreamBadMaxFails`), invalid “`fail_timeout`” (`UpstreamBadFailTimeout`), invalid “`slow_start`” (`UpstreamBadSlowStart`), “`service`” is empty (`UpstreamBadService`), no resolver defined to resolve (`UpstreamConfNoResolver`), upstream “`_name_`” has no backup (`UpstreamNoBackup`), upstream “`_name_`” memory exhausted (`UpstreamOutOfMemory`), reading request body failed `BodyReadError`), returns [Error](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_error)\n * 404 - Unknown version (`UnknownVersion`), upstream not found (`UpstreamNotFound`), returns [Error](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_error)\n * 405 - Method disabled (`MethodDisabled`), returns [Error](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_error)\n * 409 - Entry exists (`EntryExists`), returns [Error](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_error)\n * 415 - JSON error (`JsonError`), returns [Error](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_error)\n\n`/stream/upstreams/{streamUpstreamName}/servers/{streamUpstreamServerId}`\n\nParameters common for all methods:\n\n`streamUpstreamName` (`string`, required)\n\nThe name of the upstream server group.\n\n`streamUpstreamServerId` (`string`, required)\n\nThe ID of the server.\n\nSupported methods:\n\n* `GET` - Return configuration of a server in a stream upstream server group\n \n Returns configuration of a particular server in the stream upstream server group.\n \n Possible responses:\n \n * 200 - Success, returns [Stream Upstream Server](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_stream_upstream_conf_server)\n * 400 - Upstream is static (`UpstreamStatic`), invalid server ID (`UpstreamBadServerId`), returns [Error](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_error)\n * 404 - Unknown version (`UnknownVersion`), upstream not found (`UpstreamNotFound`), server with ID “`_id_`” does not exist (`UpstreamServerNotFound`), returns [Error](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_error)\n* `PATCH` - Modify a server in a stream upstream server group\n \n Modifies settings of a particular server in a stream upstream server group. Server parameters are specified in the JSON format.\n \n Request parameters:\n \n `patchStreamUpstreamServer` ([Stream Upstream Server](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_stream_upstream_conf_server), required)\n \n Server parameters, specified in the JSON format. The “`ID`”, “`backup`”, and “`service`” parameters cannot be changed.\n \n Possible responses:\n \n * 200 - Success, returns [Stream Upstream Server](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_stream_upstream_conf_server)\n * 400 - Upstream is static (`UpstreamStatic`), invalid “`_parameter_`” value (`UpstreamConfFormatError`), unknown parameter “`_name_`” (`UpstreamConfFormatError`), nested object or list (`UpstreamConfFormatError`), “`error`” while parsing (`UpstreamBadAddress`), invalid “`server`” argument (`UpstreamBadAddress`), no port in server “`host`” (`UpstreamBadAddress`), invalid server ID (`UpstreamBadServerId`), invalid “`weight`” (`UpstreamBadWeight`), invalid “`max_conns`” (`UpstreamBadMaxConns`), invalid “`max_fails`” (`UpstreamBadMaxFails`), invalid “`fail_timeout`” (`UpstreamBadFailTimeout`), invalid “`slow_start`” (`UpstreamBadSlowStart`), reading request body failed `BodyReadError`), “`service`” is empty (`UpstreamBadService`), server “`_ID_`” address is immutable (`UpstreamServerImmutable`), server “`_ID_`” weight is immutable (`UpstreamServerWeightImmutable`), upstream “`name`” memory exhausted (`UpstreamOutOfMemory`), returns [Error](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_error)\n * 404 - Server with ID “`_id_`” does not exist (`UpstreamServerNotFound`), unknown version (`UnknownVersion`), upstream not found (`UpstreamNotFound`), returns [Error](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_error)\n * 405 - Method disabled (`MethodDisabled`), returns [Error](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_error)\n * 415 - JSON error (`JsonError`), returns [Error](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_error)\n* `DELETE` - Remove a server from a stream upstream server group\n \n Removes a server from a stream server group.\n \n Possible responses:\n \n * 200 - Success, returns an array of [Stream Upstream Servers](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_stream_upstream_conf_server)\n * 400 - Upstream is static (`UpstreamStatic`), invalid server ID (`UpstreamBadServerId`), server “`_id_`” not removable (`UpstreamServerImmutable`), returns [Error](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_error)\n * 404 - Server with ID “`_id_`” does not exist (`UpstreamServerNotFound`), unknown version (`UnknownVersion`), upstream not found (`UpstreamNotFound`), returns [Error](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_error)\n * 405 - Method disabled (`MethodDisabled`), returns [Error](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_error)\n\n`/stream/keyvals/`\n\nSupported methods:\n\n* `GET` - Return key-value pairs from all stream keyval zones\n \n Returns key-value pairs for each stream keyval shared memory [zone](https://nginx.org/en/docs/stream/ngx_stream_keyval_module.html#keyval_zone).\n \n Request parameters:\n \n `fields` (`string`, optional)\n \n If the “`fields`” value is empty, then only stream keyval zone names will be output.\n \n Possible responses:\n \n * 200 - Success, returns a collection of \"[Stream Keyval Shared Memory Zone](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_stream_keyval_zone)\" objects for all stream keyvals\n * 404 - Unknown version (`UnknownVersion`), returns [Error](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_error)\n\n`/stream/keyvals/{streamKeyvalZoneName}`\n\nParameters common for all methods:\n\n`streamKeyvalZoneName` (`string`, required)\n\nThe name of a stream keyval shared memory zone.\n\nSupported methods:\n\n* `GET` - Return key-value pairs from a stream keyval zone\n \n Returns key-value pairs stored in a particular stream keyval shared memory [zone](https://nginx.org/en/docs/stream/ngx_stream_keyval_module.html#keyval_zone).\n \n Request parameters:\n \n `key` (`string`, optional)\n \n Get a particular key-value pair from the stream keyval zone.\n \n Possible responses:\n \n * 200 - Success, returns [Stream Keyval Shared Memory Zone](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_stream_keyval_zone)\n * 404 - Keyval not found (`KeyvalNotFound`), keyval key not found (`KeyvalKeyNotFound`), unknown version (`UnknownVersion`), returns [Error](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_error)\n* `POST` - Add a key-value pair to the stream keyval zone\n \n Adds a new key-value pair to the stream keyval shared memory [zone](https://nginx.org/en/docs/stream/ngx_stream_keyval_module.html#keyval_zone). Several key-value pairs can be entered if the stream keyval shared memory zone is empty.\n \n Request parameters:\n \n `Key-value` ([Stream Keyval Shared Memory Zone](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_stream_keyval_zone_post_patch), required)\n \n A key-value pair is specified in the JSON format. Several key-value pairs can be entered if the stream keyval shared memory zone is empty. Expiration time in milliseconds can be specified for a key-value pair with the `expire` parameter which overrides the [`timeout`](https://nginx.org/en/docs/stream/ngx_stream_keyval_module.html#keyval_timeout) parameter of the [keyval\\_zone](https://nginx.org/en/docs/stream/ngx_stream_keyval_module.html#keyval_zone) directive.\n \n Possible responses:\n \n * 201 - Created\n * 400 - Invalid JSON (`KeyvalFormatError`), invalid key format (`KeyvalFormatError`), key required (`KeyvalFormatError`), keyval timeout is not enabled (`KeyvalFormatError`), only one key can be added (`KeyvalFormatError`), reading request body failed `BodyReadError`), returns [Error](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_error)\n * 404 - Keyval not found (`KeyvalNotFound`), unknown version (`UnknownVersion`), returns [Error](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_error)\n * 405 - Method disabled (`MethodDisabled`), returns [Error](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_error)\n * 409 - Entry exists (`EntryExists`), key already exists (`KeyvalKeyExists`), returns [Error](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_error)\n * 413 - Request Entity Too Large, returns [Error](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_error)\n * 415 - JSON error (`JsonError`), returns [Error](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_error)\n* `PATCH` - Modify a key-value or delete a key\n \n Changes the value of the selected key in the key-value pair, deletes a key by setting the key value to `null`, changes expiration time of a key-value pair. If [synchronization](https://nginx.org/en/docs/stream/ngx_stream_zone_sync_module.html#zone_sync) of keyval zones in a cluster is enabled, deletes a key only on a target cluster node. Expiration time is specified in milliseconds with the `expire` parameter which overrides the [`timeout`](https://nginx.org/en/docs/stream/ngx_stream_keyval_module.html#keyval_timeout) parameter of the [keyval\\_zone](https://nginx.org/en/docs/stream/ngx_stream_keyval_module.html#keyval_zone) directive.\n \n Request parameters:\n \n `streamKeyvalZoneKeyValue` ([Stream Keyval Shared Memory Zone](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_stream_keyval_zone_post_patch), required)\n \n A new value for the key is specified in the JSON format.\n \n Possible responses:\n \n * 204 - Success\n * 400 - Invalid JSON (`KeyvalFormatError`), key required (`KeyvalFormatError`), keyval timeout is not enabled (`KeyvalFormatError`), only one key can be updated (`KeyvalFormatError`), reading request body failed `BodyReadError`), returns [Error](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_error)\n * 404 - Keyval not found (`KeyvalNotFound`), keyval key not found (`KeyvalKeyNotFound`), unknown version (`UnknownVersion`), returns [Error](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_error)\n * 405 - Method disabled (`MethodDisabled`), returns [Error](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_error)\n * 413 - Request Entity Too Large, returns [Error](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_error)\n * 415 - JSON error (`JsonError`), returns [Error](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_error)\n* `DELETE` - Empty the stream keyval zone\n \n Deletes all key-value pairs from the stream keyval shared memory [zone](https://nginx.org/en/docs/stream/ngx_stream_keyval_module.html#keyval_zone). If [synchronization](https://nginx.org/en/docs/stream/ngx_stream_zone_sync_module.html#zone_sync) of keyval zones in a cluster is enabled, empties the keyval zone only on a target cluster node.\n \n Possible responses:\n \n * 204 - Success\n * 404 - Keyval not found (`KeyvalNotFound`), unknown version (`UnknownVersion`), returns [Error](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_error)\n * 405 - Method disabled (`MethodDisabled`), returns [Error](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_error)\n\n`/stream/zone_sync/`\n\nSupported methods:\n\n* `GET` - Return sync status of a node\n \n Returns synchronization status of a cluster node.\n \n Possible responses:\n \n * 200 - Success, returns [Stream Zone Sync Node](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_stream_zone_sync)\n * 404 - Unknown version (`UnknownVersion`), returns [Error](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_error)\n\n`/resolvers/`\n\nSupported methods:\n\n* `GET` - Return status for all resolver zones\n \n Returns status information for each [resolver zone](https://nginx.org/en/docs/http/ngx_http_core_module.html#resolver_status_zone).\n \n Request parameters:\n \n `fields` (`string`, optional)\n \n Limits which fields of resolvers statistics will be output.\n \n Possible responses:\n \n * 200 - Success, returns a collection of \"[Resolver Zone](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_resolver_zone)\" objects for all resolvers\n * 404 - Unknown version (`UnknownVersion`), returns [Error](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_error)\n\n`/resolvers/{resolverZoneName}`\n\nParameters common for all methods:\n\n`resolverZoneName` (`string`, required)\n\nThe name of a resolver zone.\n\nSupported methods:\n\n* `GET` - Return statistics of a resolver zone\n \n Returns statistics stored in a particular resolver [zone](https://nginx.org/en/docs/http/ngx_http_core_module.html#resolver_status_zone).\n \n Request parameters:\n \n `fields` (`string`, optional)\n \n Limits which fields of the resolver zone will be output (requests, responses, or both).\n \n Possible responses:\n \n * 200 - Success, returns [Resolver Zone](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_resolver_zone)\n * 404 - Resolver zone not found (`ResolverZoneNotFound`), unknown version (`UnknownVersion`), returns [Error](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_error)\n* `DELETE` - Reset statistics for a resolver zone.\n \n Resets statistics in a particular resolver zone.\n \n Possible responses:\n \n * 204 - Success\n * 404 - Resolver zone not found (`ResolverZoneNotFound`), unknown version (`UnknownVersion`), returns [Error](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_error)\n * 405 - Method disabled (`MethodDisabled`), returns [Error](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_error)\n\n`/ssl`\n\nSupported methods:\n\n* `GET` - Return SSL statistics\n \n Returns SSL statistics.\n \n Request parameters:\n \n `fields` (`string`, optional)\n \n Limits which fields of SSL statistics will be output.\n \n Possible responses:\n \n * 200 - Success, returns [SSL](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_ssl_object)\n * 404 - Unknown version (`UnknownVersion`), returns [Error](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_error)\n* `DELETE` - Reset SSL statistics\n \n Resets counters of SSL handshakes and session reuses.\n \n Possible responses:\n \n * 204 - Success\n * 404 - Unknown version (`UnknownVersion`), returns [Error](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_error)\n * 405 - Method disabled (`MethodDisabled`), returns [Error](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_error)\n", - "c": "`server`, `location`, `if in location`", - "s": "**status_zone** `_zone_`;" - }, - { - "m": "ngx_http_api_module", - "n": "definitions", - "d": "#### Response Objects\n\n* nginx:\n \n General information about nginx:\n \n `version` (`string`)\n \n Version of nginx.\n \n `build` (`string`)\n \n Name of nginx build.\n \n `address` (`string`)\n \n The address of the server that accepted status request.\n \n `generation` (`integer`)\n \n The total number of configuration [reloads](https://nginx.org/en/docs/control.html#reconfiguration).\n \n `load_timestamp` (`string`)\n \n Time of the last reload of configuration, in the ISO 8601 format with millisecond resolution.\n \n `timestamp` (`string`)\n \n Current time in the ISO 8601 format with millisecond resolution.\n \n `pid` (`integer`)\n \n The ID of the worker process that handled status request.\n \n `ppid` (`integer`)\n \n The ID of the master process that started the [worker process](https://nginx.org/en/docs/http/ngx_http_status_module.html#pid).\n \n Example:\n \n > {\n > \"nginx\" : {\n > \"version\" : \"1.21.6\",\n > \"build\" : \"nginx-plus-r27\",\n > \"address\" : \"206.251.255.64\",\n > \"generation\" : 6,\n > \"load\\_timestamp\" : \"2022-06-28T11:15:44.467Z\",\n > \"timestamp\" : \"2022-06-28T09:26:07.305Z\",\n > \"pid\" : 32212,\n > \"ppid\" : 32210\n > }\n > }\n \n* Processes:\n \n `respawned` (`integer`)\n \n The total number of abnormally terminated and respawned child processes.\n \n Example:\n \n > {\n > \"respawned\" : 0\n > }\n \n* Connections:\n \n The number of accepted, dropped, active, and idle connections.\n \n `accepted` (`integer`)\n \n The total number of accepted client connections.\n \n `dropped` (`integer`)\n \n The total number of dropped client connections.\n \n `active` (`integer`)\n \n The current number of active client connections.\n \n `idle` (`integer`)\n \n The current number of idle client connections.\n \n Example:\n \n > {\n > \"accepted\" : 4968119,\n > \"dropped\" : 0,\n > \"active\" : 5,\n > \"idle\" : 117\n > }\n \n* SSL:\n \n `handshakes` (`integer`)\n \n The total number of successful SSL handshakes.\n \n `handshakes_failed` (`integer`)\n \n The total number of failed SSL handshakes.\n \n `session_reuses` (`integer`)\n \n The total number of session reuses during SSL handshake.\n \n `no_common_protocol` (`integer`)\n \n The number of SSL handshakes failed because of no common protocol.\n \n `no_common_cipher` (`integer`)\n \n The number of SSL handshakes failed because of no shared cipher.\n \n `handshake_timeout` (`integer`)\n \n The number of SSL handshakes failed because of a timeout.\n \n `peer_rejected_cert` (`integer`)\n \n The number of failed SSL handshakes when nginx presented the certificate to the client but it was rejected with a corresponding alert message.\n \n `verify_failures`\n \n SSL certificate verification errors\n \n `no_cert` (`integer`)\n \n A client did not provide the required certificate.\n \n `expired_cert` (`integer`)\n \n An expired or not yet valid certificate was presented by a client.\n \n `revoked_cert` (`integer`)\n \n A revoked certificate was presented by a client.\n \n `hostname_mismatch` (`integer`)\n \n Server's certificate doesn't match the hostname.\n \n `other` (`integer`)\n \n Other SSL certificate verification errors.\n \n Example:\n \n > {\n > \"handshakes\" : 79572,\n > \"handshakes\\_failed\" : 21025,\n > \"session\\_reuses\" : 15762,\n > \"no\\_common\\_protocol\" : 4,\n > \"no\\_common\\_cipher\" : 2,\n > \"handshake\\_timeout\" : 0,\n > \"peer\\_rejected\\_cert\" : 0,\n > \"verify\\_failures\" : {\n > \"no\\_cert\" : 0,\n > \"expired\\_cert\" : 2,\n > \"revoked\\_cert\" : 1,\n > \"hostname\\_mismatch\" : 2,\n > \"other\" : 1\n > }\n > }\n \n* Shared memory zone with slab allocator:\n \n Shared memory zone with slab allocator\n \n `pages`\n \n The number of free and used memory pages.\n \n `used` (`integer`)\n \n The current number of used memory pages.\n \n `free` (`integer`)\n \n The current number of free memory pages.\n \n `slots`\n \n Status data for memory slots (8, 16, 32, 64, 128, etc.)\n \n A collection of \"[Memory Slot](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_slab_zone_slot)\" objects\n \n Example:\n \n > {\n > \"pages\" : {\n > \"used\" : 1143,\n > \"free\" : 2928\n > },\n > \"slots\" : {\n > \"8\" : {\n > \"used\" : 0,\n > \"free\" : 0,\n > \"reqs\" : 0,\n > \"fails\" : 0\n > },\n > \"16\" : {\n > \"used\" : 0,\n > \"free\" : 0,\n > \"reqs\" : 0,\n > \"fails\" : 0\n > },\n > \"32\" : {\n > \"used\" : 0,\n > \"free\" : 0,\n > \"reqs\" : 0,\n > \"fails\" : 0\n > },\n > \"64\" : {\n > \"used\" : 1,\n > \"free\" : 63,\n > \"reqs\" : 1,\n > \"fails\" : 0\n > },\n > \"128\" : {\n > \"used\" : 0,\n > \"free\" : 0,\n > \"reqs\" : 0,\n > \"fails\" : 0\n > },\n > \"256\" : {\n > \"used\" : 18078,\n > \"free\" : 178,\n > \"reqs\" : 1635736,\n > \"fails\" : 0\n > }\n > }\n > }\n \n* Memory Slot:\n \n `used` (`integer`)\n \n The current number of used memory slots.\n \n `free` (`integer`)\n \n The current number of free memory slots.\n \n `reqs` (`integer`)\n \n The total number of attempts to allocate memory of specified size.\n \n `fails` (`integer`)\n \n The number of unsuccessful attempts to allocate memory of specified size.\n \n* HTTP Requests:\n \n `total` (`integer`)\n \n The total number of client requests.\n \n `current` (`integer`)\n \n The current number of client requests.\n \n Example:\n \n > {\n > \"total\" : 10624511,\n > \"current\" : 4\n > }\n \n* HTTP Server Zone:\n \n `processing` (`integer`)\n \n The number of client requests that are currently being processed.\n \n `requests` (`integer`)\n \n The total number of client requests received from clients.\n \n `responses`\n \n The total number of responses sent to clients, the number of responses with status codes “`1xx`”, “`2xx`”, “`3xx`”, “`4xx`”, and “`5xx`”, and the number of responses per each status code.\n \n `1xx` (`integer`)\n \n The number of responses with “`1xx`” status codes.\n \n `2xx` (`integer`)\n \n The number of responses with “`2xx`” status codes.\n \n `3xx` (`integer`)\n \n The number of responses with “`3xx`” status codes.\n \n `4xx` (`integer`)\n \n The number of responses with “`4xx`” status codes.\n \n `5xx` (`integer`)\n \n The number of responses with “`5xx`” status codes.\n \n `codes`\n \n The number of responses per each status code.\n \n `codeNumber` (`integer`)\n \n The number of responses with this particular status code.\n \n `total` (`integer`)\n \n The total number of responses sent to clients.\n \n `discarded` (`integer`)\n \n The total number of requests completed without sending a response.\n \n `received` (`integer`)\n \n The total number of bytes received from clients.\n \n `sent` (`integer`)\n \n The total number of bytes sent to clients.\n \n `ssl`\n \n `handshakes` (`integer`)\n \n The total number of successful SSL handshakes.\n \n `handshakes_failed` (`integer`)\n \n The total number of failed SSL handshakes.\n \n `session_reuses` (`integer`)\n \n The total number of session reuses during SSL handshake.\n \n `no_common_protocol` (`integer`)\n \n The number of SSL handshakes failed because of no common protocol.\n \n `no_common_cipher` (`integer`)\n \n The number of SSL handshakes failed because of no shared cipher.\n \n `handshake_timeout` (`integer`)\n \n The number of SSL handshakes failed because of a timeout.\n \n `peer_rejected_cert` (`integer`)\n \n The number of failed SSL handshakes when nginx presented the certificate to the client but it was rejected with a corresponding alert message.\n \n `verify_failures`\n \n SSL certificate verification errors\n \n `no_cert` (`integer`)\n \n A client did not provide the required certificate.\n \n `expired_cert` (`integer`)\n \n An expired or not yet valid certificate was presented by a client.\n \n `revoked_cert` (`integer`)\n \n A revoked certificate was presented by a client.\n \n `other` (`integer`)\n \n Other SSL certificate verification errors.\n \n Example:\n \n > {\n > \"processing\" : 1,\n > \"requests\" : 706690,\n > \"responses\" : {\n > \"1xx\" : 0,\n > \"2xx\" : 699482,\n > \"3xx\" : 4522,\n > \"4xx\" : 907,\n > \"5xx\" : 266,\n > \"codes\" : {\n > \"200\" : 699482,\n > \"301\" : 4522,\n > \"404\" : 907,\n > \"503\" : 266\n > },\n > \"total\" : 705177\n > },\n > \"discarded\" : 1513,\n > \"received\" : 172711587,\n > \"sent\" : 19415530115,\n > \"ssl\" : {\n > \"handshakes\" : 104303,\n > \"handshakes\\_failed\" : 1421,\n > \"session\\_reuses\" : 54645,\n > \"no\\_common\\_protocol\" : 4,\n > \"no\\_common\\_cipher\" : 2,\n > \"handshake\\_timeout\" : 0,\n > \"peer\\_rejected\\_cert\" : 0,\n > \"verify\\_failures\" : {\n > \"no\\_cert\" : 0,\n > \"expired\\_cert\" : 2,\n > \"revoked\\_cert\" : 1,\n > \"other\" : 1\n > }\n > }\n > }\n \n* HTTP Location Zone:\n \n `requests` (`integer`)\n \n The total number of client requests received from clients.\n \n `responses`\n \n The total number of responses sent to clients, the number of responses with status codes “`1xx`”, “`2xx`”, “`3xx`”, “`4xx`”, and “`5xx`”, and the number of responses per each status code.\n \n `1xx` (`integer`)\n \n The number of responses with “`1xx`” status codes.\n \n `2xx` (`integer`)\n \n The number of responses with “`2xx`” status codes.\n \n `3xx` (`integer`)\n \n The number of responses with “`3xx`” status codes.\n \n `4xx` (`integer`)\n \n The number of responses with “`4xx`” status codes.\n \n `5xx` (`integer`)\n \n The number of responses with “`5xx`” status codes.\n \n `codes`\n \n The number of responses per each status code.\n \n `codeNumber` (`integer`)\n \n The number of responses with this particular status code.\n \n `total` (`integer`)\n \n The total number of responses sent to clients.\n \n `discarded` (`integer`)\n \n The total number of requests completed without sending a response.\n \n `received` (`integer`)\n \n The total number of bytes received from clients.\n \n `sent` (`integer`)\n \n The total number of bytes sent to clients.\n \n Example:\n \n > {\n > \"requests\" : 706690,\n > \"responses\" : {\n > \"1xx\" : 0,\n > \"2xx\" : 699482,\n > \"3xx\" : 4522,\n > \"4xx\" : 907,\n > \"5xx\" : 266,\n > \"codes\" : {\n > \"200\" : 112674,\n > \"301\" : 4522,\n > \"404\" : 2504,\n > \"503\" : 266\n > },\n > \"total\" : 705177\n > },\n > \"discarded\" : 1513,\n > \"received\" : 172711587,\n > \"sent\" : 19415530115\n > }\n \n* HTTP Cache:\n \n `size` (`integer`)\n \n The current size of the cache.\n \n `max_size` (`integer`)\n \n The limit on the maximum size of the cache specified in the configuration.\n \n `cold` (`boolean`)\n \n A boolean value indicating whether the “cache loader” process is still loading data from disk into the cache.\n \n `hit`\n \n `responses` (`integer`)\n \n The total number of [valid](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_cache_valid) responses read from the cache.\n \n `bytes` (`integer`)\n \n The total number of bytes read from the cache.\n \n `stale`\n \n `responses` (`integer`)\n \n The total number of expired responses read from the cache (see [proxy\\_cache\\_use\\_stale](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_cache_use_stale) and other “`*_cache_use_stale`” directives).\n \n `bytes` (`integer`)\n \n The total number of bytes read from the cache.\n \n `updating`\n \n `responses` (`integer`)\n \n The total number of expired responses read from the cache while responses were being updated (see [proxy\\_cache\\_use\\_stale](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_cache_use_stale_updating) and other “`*_cache_use_stale`” directives).\n \n `bytes` (`integer`)\n \n The total number of bytes read from the cache.\n \n `revalidated`\n \n `responses` (`integer`)\n \n The total number of expired and revalidated responses read from the cache (see [proxy\\_cache\\_revalidate](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_cache_revalidate) and other “`*_cache_revalidate`” directives.\n \n `bytes` (`integer`)\n \n The total number of bytes read from the cache.\n \n `miss`\n \n `responses` (`integer`)\n \n The total number of responses not found in the cache.\n \n `bytes` (`integer`)\n \n The total number of bytes read from the proxied server.\n \n `responses_written` (`integer`)\n \n The total number of responses written to the cache.\n \n `bytes_written` (`integer`)\n \n The total number of bytes written to the cache.\n \n `expired`\n \n `responses` (`integer`)\n \n The total number of expired responses not taken from the cache.\n \n `bytes` (`integer`)\n \n The total number of bytes read from the proxied server.\n \n `responses_written` (`integer`)\n \n The total number of responses written to the cache.\n \n `bytes_written` (`integer`)\n \n The total number of bytes written to the cache.\n \n `bypass`\n \n `responses` (`integer`)\n \n The total number of responses not looked up in the cache due to the [proxy\\_cache\\_bypass](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_cache_bypass) and other “`*_cache_bypass`” directives.\n \n `bytes` (`integer`)\n \n The total number of bytes read from the proxied server.\n \n `responses_written` (`integer`)\n \n The total number of responses written to the cache.\n \n `bytes_written` (`integer`)\n \n The total number of bytes written to the cache.\n \n Example:\n \n > {\n > \"size\" : 530915328,\n > \"max\\_size\" : 536870912,\n > \"cold\" : false,\n > \"hit\" : {\n > \"responses\" : 254032,\n > \"bytes\" : 6685627875\n > },\n > \"stale\" : {\n > \"responses\" : 0,\n > \"bytes\" : 0\n > },\n > \"updating\" : {\n > \"responses\" : 0,\n > \"bytes\" : 0\n > },\n > \"revalidated\" : {\n > \"responses\" : 0,\n > \"bytes\" : 0\n > },\n > \"miss\" : {\n > \"responses\" : 1619201,\n > \"bytes\" : 53841943822\n > },\n > \"expired\" : {\n > \"responses\" : 45859,\n > \"bytes\" : 1656847080,\n > \"responses\\_written\" : 44992,\n > \"bytes\\_written\" : 1641825173\n > },\n > \"bypass\" : {\n > \"responses\" : 200187,\n > \"bytes\" : 5510647548,\n > \"responses\\_written\" : 200173,\n > \"bytes\\_written\" : 44992\n > }\n > }\n \n* HTTP Connections Limiting:\n \n `passed` (`integer`)\n \n The total number of connections that were neither limited nor accounted as limited.\n \n `rejected` (`integer`)\n \n The total number of connections that were rejected.\n \n `rejected_dry_run` (`integer`)\n \n The total number of connections accounted as rejected in the [dry run](https://nginx.org/en/docs/http/ngx_http_limit_conn_module.html#limit_conn_dry_run) mode.\n \n Example:\n \n > {\n > \"passed\" : 15,\n > \"rejected\" : 0,\n > \"rejected\\_dry\\_run\" : 2\n > }\n \n* HTTP Requests Rate Limiting:\n \n `passed` (`integer`)\n \n The total number of requests that were neither limited nor accounted as limited.\n \n `delayed` (`integer`)\n \n The total number of requests that were delayed.\n \n `rejected` (`integer`)\n \n The total number of requests that were rejected.\n \n `delayed_dry_run` (`integer`)\n \n The total number of requests accounted as delayed in the [dry run](https://nginx.org/en/docs/http/ngx_http_limit_req_module.html#limit_req_dry_run) mode.\n \n `rejected_dry_run` (`integer`)\n \n The total number of requests accounted as rejected in the [dry run](https://nginx.org/en/docs/http/ngx_http_limit_req_module.html#limit_req_dry_run) mode.\n \n Example:\n \n > {\n > \"passed\" : 15,\n > \"delayed\" : 4,\n > \"rejected\" : 0,\n > \"delayed\\_dry\\_run\" : 1,\n > \"rejected\\_dry\\_run\" : 2\n > }\n \n* HTTP Upstream:\n \n `peers`\n \n An array of:\n \n `id` (`integer`)\n \n The ID of the server.\n \n `server` (`string`)\n \n An [address](https://nginx.org/en/docs/http/ngx_http_upstream_module.html#server) of the server.\n \n `service` (`string`)\n \n The [service](https://nginx.org/en/docs/http/ngx_http_upstream_module.html#service) parameter value of the [server](https://nginx.org/en/docs/http/ngx_http_upstream_module.html#server) directive.\n \n `name` (`string`)\n \n The name of the server specified in the [server](https://nginx.org/en/docs/http/ngx_http_upstream_module.html#server) directive.\n \n `backup` (`boolean`)\n \n A boolean value indicating whether the server is a [backup](https://nginx.org/en/docs/http/ngx_http_upstream_module.html#backup) server.\n \n `weight` (`integer`)\n \n [Weight](https://nginx.org/en/docs/http/ngx_http_upstream_module.html#weight) of the server.\n \n `state` (`string`)\n \n Current state, which may be one of “`up`”, “`draining`”, “`down`”, “`unavail`”, “`checking`”, and “`unhealthy`”.\n \n `active` (`integer`)\n \n The current number of active connections.\n \n `ssl`\n \n `handshakes` (`integer`)\n \n The total number of successful SSL handshakes.\n \n `handshakes_failed` (`integer`)\n \n The total number of failed SSL handshakes.\n \n `session_reuses` (`integer`)\n \n The total number of session reuses during SSL handshake.\n \n `no_common_protocol` (`integer`)\n \n The number of SSL handshakes failed because of no common protocol.\n \n `handshake_timeout` (`integer`)\n \n The number of SSL handshakes failed because of a timeout.\n \n `peer_rejected_cert` (`integer`)\n \n The number of failed SSL handshakes when nginx presented the certificate to the upstream server but it was rejected with a corresponding alert message.\n \n `verify_failures`\n \n SSL certificate verification errors\n \n `expired_cert` (`integer`)\n \n An expired or not yet valid certificate was presented by an upstream server.\n \n `revoked_cert` (`integer`)\n \n A revoked certificate was presented by an upstream server.\n \n `hostname_mismatch` (`integer`)\n \n Server's certificate doesn't match the hostname.\n \n `other` (`integer`)\n \n Other SSL certificate verification errors.\n \n `max_conns` (`integer`)\n \n The [max\\_conns](https://nginx.org/en/docs/http/ngx_http_upstream_module.html#max_conns) limit for the server.\n \n `requests` (`integer`)\n \n The total number of client requests forwarded to this server.\n \n `responses`\n \n `1xx` (`integer`)\n \n The number of responses with “`1xx`” status codes.\n \n `2xx` (`integer`)\n \n The number of responses with “`2xx`” status codes.\n \n `3xx` (`integer`)\n \n The number of responses with “`3xx`” status codes.\n \n `4xx` (`integer`)\n \n The number of responses with “`4xx`” status codes.\n \n `5xx` (`integer`)\n \n The number of responses with “`5xx`” status codes.\n \n `codes`\n \n The number of responses per each status code.\n \n `codeNumber` (`integer`)\n \n The number of responses with this particular status code.\n \n `total` (`integer`)\n \n The total number of responses obtained from this server.\n \n `sent` (`integer`)\n \n The total number of bytes sent to this server.\n \n `received` (`integer`)\n \n The total number of bytes received from this server.\n \n `fails` (`integer`)\n \n The total number of unsuccessful attempts to communicate with the server.\n \n `unavail` (`integer`)\n \n How many times the server became unavailable for client requests (state “`unavail`”) due to the number of unsuccessful attempts reaching the [max\\_fails](https://nginx.org/en/docs/http/ngx_http_upstream_module.html#max_fails) threshold.\n \n `health_checks`\n \n `checks` (`integer`)\n \n The total number of [health check](https://nginx.org/en/docs/http/ngx_http_upstream_hc_module.html#health_check) requests made.\n \n `fails` (`integer`)\n \n The number of failed health checks.\n \n `unhealthy` (`integer`)\n \n How many times the server became unhealthy (state “`unhealthy`”).\n \n `last_passed` (`boolean`)\n \n Boolean indicating if the last health check request was successful and passed [tests](https://nginx.org/en/docs/http/ngx_http_upstream_hc_module.html#match).\n \n `downtime` (`integer`)\n \n Total time the server was in the “`unavail`”, “`checking`”, and “`unhealthy`” states.\n \n `downstart` (`string`)\n \n The time when the server became “`unavail`”, “`checking`”, or “`unhealthy`”, in the ISO 8601 format with millisecond resolution.\n \n `selected` (`string`)\n \n The time when the server was last selected to process a request, in the ISO 8601 format with millisecond resolution.\n \n `header_time` (`integer`)\n \n The average time to get the [response header](https://nginx.org/en/docs/http/ngx_http_upstream_module.html#var_upstream_header_time) from the server.\n \n `response_time` (`integer`)\n \n The average time to get the [full response](https://nginx.org/en/docs/http/ngx_http_upstream_module.html#var_upstream_response_time) from the server.\n \n `keepalive` (`integer`)\n \n The current number of idle [keepalive](https://nginx.org/en/docs/http/ngx_http_upstream_module.html#keepalive) connections.\n \n `zombies` (`integer`)\n \n The current number of servers removed from the group but still processing active client requests.\n \n `zone` (`string`)\n \n The name of the shared memory [zone](https://nginx.org/en/docs/http/ngx_http_upstream_module.html#zone) that keeps the group’s configuration and run-time state.\n \n `queue`\n \n For the requests [queue](https://nginx.org/en/docs/http/ngx_http_upstream_module.html#queue), the following data are provided:\n \n `size` (`integer`)\n \n The current number of requests in the queue.\n \n `max_size` (`integer`)\n \n The maximum number of requests that can be in the queue at the same time.\n \n `overflows` (`integer`)\n \n The total number of requests rejected due to the queue overflow.\n \n Example:\n \n > {\n > \"upstream\\_backend\" : {\n > \"peers\" : \\[\n > {\n > \"id\" : 0,\n > \"server\" : \"10.0.0.1:8088\",\n > \"name\" : \"10.0.0.1:8088\",\n > \"backup\" : false,\n > \"weight\" : 5,\n > \"state\" : \"up\",\n > \"active\" : 0,\n > \"ssl\" : {\n > \"handshakes\" : 620311,\n > \"handshakes\\_failed\" : 3432,\n > \"session\\_reuses\" : 36442,\n > \"no\\_common\\_protocol\" : 4,\n > \"handshake\\_timeout\" : 0,\n > \"peer\\_rejected\\_cert\" : 0,\n > \"verify\\_failures\" : {\n > \"expired\\_cert\" : 2,\n > \"revoked\\_cert\" : 1,\n > \"hostname\\_mismatch\" : 2,\n > \"other\" : 1\n > }\n > },\n > \"max\\_conns\" : 20,\n > \"requests\" : 667231,\n > \"header\\_time\" : 20,\n > \"response\\_time\" : 36,\n > \"responses\" : {\n > \"1xx\" : 0,\n > \"2xx\" : 666310,\n > \"3xx\" : 0,\n > \"4xx\" : 915,\n > \"5xx\" : 6,\n > \"codes\" : {\n > \"200\" : 666310,\n > \"404\" : 915,\n > \"503\" : 6\n > },\n > \"total\" : 667231\n > },\n > \"sent\" : 251946292,\n > \"received\" : 19222475454,\n > \"fails\" : 0,\n > \"unavail\" : 0,\n > \"health\\_checks\" : {\n > \"checks\" : 26214,\n > \"fails\" : 0,\n > \"unhealthy\" : 0,\n > \"last\\_passed\" : true\n > },\n > \"downtime\" : 0,\n > \"downstart\" : \"2022-06-28T11:09:21.602Z\",\n > \"selected\" : \"2022-06-28T15:01:25.000Z\"\n > },\n > {\n > \"id\" : 1,\n > \"server\" : \"10.0.0.1:8089\",\n > \"name\" : \"10.0.0.1:8089\",\n > \"backup\" : true,\n > \"weight\" : 1,\n > \"state\" : \"unhealthy\",\n > \"active\" : 0,\n > \"max\\_conns\" : 20,\n > \"requests\" : 0,\n > \"responses\" : {\n > \"1xx\" : 0,\n > \"2xx\" : 0,\n > \"3xx\" : 0,\n > \"4xx\" : 0,\n > \"5xx\" : 0,\n > \"codes\" : {\n > },\n > \"total\" : 0\n > },\n > \"sent\" : 0,\n > \"received\" : 0,\n > \"fails\" : 0,\n > \"unavail\" : 0,\n > \"health\\_checks\" : {\n > \"checks\" : 26284,\n > \"fails\" : 26284,\n > \"unhealthy\" : 1,\n > \"last\\_passed\" : false\n > },\n > \"downtime\" : 262925617,\n > \"downstart\" : \"2022-06-28T11:09:21.602Z\",\n > \"selected\" : \"2022-06-28T15:01:25.000Z\"\n > }\n > \\],\n > \"keepalive\" : 0,\n > \"zombies\" : 0,\n > \"zone\" : \"upstream\\_backend\"\n > }\n > }\n \n* HTTP Upstream Server:\n \n Dynamically configurable parameters of an HTTP upstream [server](https://nginx.org/en/docs/http/ngx_http_upstream_module.html#server):\n \n `id` (`integer`)\n \n The ID of the HTTP upstream server. The ID is assigned automatically and cannot be changed.\n \n `server` (`string`)\n \n Same as the [address](https://nginx.org/en/docs/http/ngx_http_upstream_module.html#address) parameter of the HTTP upstream server. When adding a server, it is possible to specify it as a domain name. In this case, changes of the IP addresses that correspond to a domain name will be monitored and automatically applied to the upstream configuration without the need of restarting nginx. This requires the [resolver](https://nginx.org/en/docs/http/ngx_http_core_module.html#resolver) directive in the “`http`” block. See also the [resolve](https://nginx.org/en/docs/http/ngx_http_upstream_module.html#resolve) parameter of the HTTP upstream server.\n \n `service` (`string`)\n \n Same as the [service](https://nginx.org/en/docs/http/ngx_http_upstream_module.html#service) parameter of the HTTP upstream server. This parameter cannot be changed.\n \n `weight` (`integer`)\n \n Same as the [weight](https://nginx.org/en/docs/http/ngx_http_upstream_module.html#weight) parameter of the HTTP upstream server.\n \n `max_conns` (`integer`)\n \n Same as the [max\\_conns](https://nginx.org/en/docs/http/ngx_http_upstream_module.html#max_conns) parameter of the HTTP upstream server.\n \n `max_fails` (`integer`)\n \n Same as the [max\\_fails](https://nginx.org/en/docs/http/ngx_http_upstream_module.html#max_fails) parameter of the HTTP upstream server.\n \n `fail_timeout` (`string`)\n \n Same as the [fail\\_timeout](https://nginx.org/en/docs/http/ngx_http_upstream_module.html#fail_timeout) parameter of the HTTP upstream server.\n \n `slow_start` (`string`)\n \n Same as the [slow\\_start](https://nginx.org/en/docs/http/ngx_http_upstream_module.html#slow_start) parameter of the HTTP upstream server.\n \n `route` (`string`)\n \n Same as the [route](https://nginx.org/en/docs/http/ngx_http_upstream_module.html#route) parameter of the HTTP upstream server.\n \n `backup` (`boolean`)\n \n When `true`, adds a [backup](https://nginx.org/en/docs/http/ngx_http_upstream_module.html#backup) server. This parameter cannot be changed.\n \n `down` (`boolean`)\n \n Same as the [down](https://nginx.org/en/docs/http/ngx_http_upstream_module.html#down) parameter of the HTTP upstream server.\n \n `drain` (`boolean`)\n \n Same as the [drain](https://nginx.org/en/docs/http/ngx_http_upstream_module.html#drain) parameter of the HTTP upstream server.\n \n `parent` (`string`)\n \n Parent server ID of the resolved server. The ID is assigned automatically and cannot be changed.\n \n `host` (`string`)\n \n Hostname of the resolved server. The hostname is assigned automatically and cannot be changed.\n \n Example:\n \n > {\n > \"id\" : 1,\n > \"server\" : \"10.0.0.1:8089\",\n > \"weight\" : 4,\n > \"max\\_conns\" : 0,\n > \"max\\_fails\" : 0,\n > \"fail\\_timeout\" : \"10s\",\n > \"slow\\_start\" : \"10s\",\n > \"route\" : \"\",\n > \"backup\" : true,\n > \"down\" : true\n > }\n \n* HTTP Keyval Shared Memory Zone:\n \n Contents of an HTTP keyval shared memory zone when using the GET method.\n \n Example:\n \n > {\n > \"key1\" : \"value1\",\n > \"key2\" : \"value2\",\n > \"key3\" : \"value3\"\n > }\n \n* HTTP Keyval Shared Memory Zone:\n \n Contents of an HTTP keyval shared memory zone when using the POST or PATCH methods.\n \n Example:\n \n > {\n > \"key1\" : \"value1\",\n > \"key2\" : \"value2\",\n > \"key3\" : {\n > \"value\" : \"value3\",\n > \"expire\" : 30000\n > }\n > }\n \n* Stream Server Zone:\n \n `processing` (`integer`)\n \n The number of client connections that are currently being processed.\n \n `connections` (`integer`)\n \n The total number of connections accepted from clients.\n \n `sessions`\n \n The total number of completed sessions, and the number of sessions completed with status codes “`2xx`”, “`4xx`”, or “`5xx`”.\n \n `2xx` (`integer`)\n \n The total number of sessions completed with [status codes](https://nginx.org/en/docs/stream/ngx_stream_core_module.html#var_status) “`2xx`”.\n \n `4xx` (`integer`)\n \n The total number of sessions completed with [status codes](https://nginx.org/en/docs/stream/ngx_stream_core_module.html#var_status) “`4xx`”.\n \n `5xx` (`integer`)\n \n The total number of sessions completed with [status codes](https://nginx.org/en/docs/stream/ngx_stream_core_module.html#var_status) “`5xx`”.\n \n `total` (`integer`)\n \n The total number of completed client sessions.\n \n `discarded` (`integer`)\n \n The total number of connections completed without creating a session.\n \n `received` (`integer`)\n \n The total number of bytes received from clients.\n \n `sent` (`integer`)\n \n The total number of bytes sent to clients.\n \n `ssl`\n \n `handshakes` (`integer`)\n \n The total number of successful SSL handshakes.\n \n `handshakes_failed` (`integer`)\n \n The total number of failed SSL handshakes.\n \n `session_reuses` (`integer`)\n \n The total number of session reuses during SSL handshake.\n \n `no_common_protocol` (`integer`)\n \n The number of SSL handshakes failed because of no common protocol.\n \n `no_common_cipher` (`integer`)\n \n The number of SSL handshakes failed because of no shared cipher.\n \n `handshake_timeout` (`integer`)\n \n The number of SSL handshakes failed because of a timeout.\n \n `peer_rejected_cert` (`integer`)\n \n The number of failed SSL handshakes when nginx presented the certificate to the client but it was rejected with a corresponding alert message.\n \n `verify_failures`\n \n SSL certificate verification errors\n \n `no_cert` (`integer`)\n \n A client did not provide the required certificate.\n \n `expired_cert` (`integer`)\n \n An expired or not yet valid certificate was presented by a client.\n \n `revoked_cert` (`integer`)\n \n A revoked certificate was presented by a client.\n \n `other` (`integer`)\n \n Other SSL certificate verification errors.\n \n Example:\n \n > {\n > \"dns\" : {\n > \"processing\" : 1,\n > \"connections\" : 155569,\n > \"sessions\" : {\n > \"2xx\" : 155564,\n > \"4xx\" : 0,\n > \"5xx\" : 0,\n > \"total\" : 155569\n > },\n > \"discarded\" : 0,\n > \"received\" : 4200363,\n > \"sent\" : 20489184,\n > \"ssl\" : {\n > \"handshakes\" : 76455,\n > \"handshakes\\_failed\" : 432,\n > \"session\\_reuses\" : 28770,\n > \"no\\_common\\_protocol\" : 4,\n > \"no\\_common\\_cipher\" : 2,\n > \"handshake\\_timeout\" : 0,\n > \"peer\\_rejected\\_cert\" : 0,\n > \"verify\\_failures\" : {\n > \"no\\_cert\" : 0,\n > \"expired\\_cert\" : 2,\n > \"revoked\\_cert\" : 1,\n > \"other\" : 1\n > }\n > }\n > }\n > }\n \n* Stream Connections Limiting:\n \n `passed` (`integer`)\n \n The total number of connections that were neither limited nor accounted as limited.\n \n `rejected` (`integer`)\n \n The total number of connections that were rejected.\n \n `rejected_dry_run` (`integer`)\n \n The total number of connections accounted as rejected in the [dry run](https://nginx.org/en/docs/stream/ngx_stream_limit_conn_module.html#limit_conn_dry_run) mode.\n \n Example:\n \n > {\n > \"passed\" : 15,\n > \"rejected\" : 0,\n > \"rejected\\_dry\\_run\" : 2\n > }\n \n* Stream Upstream:\n \n `peers`\n \n An array of:\n \n `id` (`integer`)\n \n The ID of the server.\n \n `server` (`string`)\n \n An [address](https://nginx.org/en/docs/stream/ngx_stream_upstream_module.html#server) of the server.\n \n `service` (`string`)\n \n The [service](https://nginx.org/en/docs/stream/ngx_stream_upstream_module.html#service) parameter value of the [server](https://nginx.org/en/docs/stream/ngx_stream_upstream_module.html#server) directive.\n \n `name` (`string`)\n \n The name of the server specified in the [server](https://nginx.org/en/docs/stream/ngx_stream_upstream_module.html#server) directive.\n \n `backup` (`boolean`)\n \n A boolean value indicating whether the server is a [backup](https://nginx.org/en/docs/stream/ngx_stream_upstream_module.html#backup) server.\n \n `weight` (`integer`)\n \n [Weight](https://nginx.org/en/docs/stream/ngx_stream_upstream_module.html#weight) of the server.\n \n `state` (`string`)\n \n Current state, which may be one of “`up`”, “`down`”, “`unavail`”, “`checking`”, or “`unhealthy`”.\n \n `active` (`integer`)\n \n The current number of connections.\n \n `ssl`\n \n `handshakes` (`integer`)\n \n The total number of successful SSL handshakes.\n \n `handshakes_failed` (`integer`)\n \n The total number of failed SSL handshakes.\n \n `session_reuses` (`integer`)\n \n The total number of session reuses during SSL handshake.\n \n `no_common_protocol` (`integer`)\n \n The number of SSL handshakes failed because of no common protocol.\n \n `handshake_timeout` (`integer`)\n \n The number of SSL handshakes failed because of a timeout.\n \n `peer_rejected_cert` (`integer`)\n \n The number of failed SSL handshakes when nginx presented the certificate to the upstream server but it was rejected with a corresponding alert message.\n \n `verify_failures`\n \n SSL certificate verification errors\n \n `expired_cert` (`integer`)\n \n An expired or not yet valid certificate was presented by an upstream server.\n \n `revoked_cert` (`integer`)\n \n A revoked certificate was presented by an upstream server.\n \n `hostname_mismatch` (`integer`)\n \n Server's certificate doesn't match the hostname.\n \n `other` (`integer`)\n \n Other SSL certificate verification errors.\n \n `max_conns` (`integer`)\n \n The [max\\_conns](https://nginx.org/en/docs/stream/ngx_stream_upstream_module.html#max_conns) limit for the server.\n \n `connections` (`integer`)\n \n The total number of client connections forwarded to this server.\n \n `connect_time` (`integer`)\n \n The average time to connect to the upstream server.\n \n `first_byte_time` (`integer`)\n \n The average time to receive the first byte of data.\n \n `response_time` (`integer`)\n \n The average time to receive the last byte of data.\n \n `sent` (`integer`)\n \n The total number of bytes sent to this server.\n \n `received` (`integer`)\n \n The total number of bytes received from this server.\n \n `fails` (`integer`)\n \n The total number of unsuccessful attempts to communicate with the server.\n \n `unavail` (`integer`)\n \n How many times the server became unavailable for client connections (state “`unavail`”) due to the number of unsuccessful attempts reaching the [max\\_fails](https://nginx.org/en/docs/stream/ngx_stream_upstream_module.html#max_fails) threshold.\n \n `health_checks`\n \n `checks` (`integer`)\n \n The total number of [health check](https://nginx.org/en/docs/stream/ngx_stream_upstream_hc_module.html#health_check) requests made.\n \n `fails` (`integer`)\n \n The number of failed health checks.\n \n `unhealthy` (`integer`)\n \n How many times the server became unhealthy (state “`unhealthy`”).\n \n `last_passed` (`boolean`)\n \n Boolean indicating whether the last health check request was successful and passed [tests](https://nginx.org/en/docs/stream/ngx_stream_upstream_hc_module.html#match).\n \n `downtime` (`integer`)\n \n Total time the server was in the “`unavail`”, “`checking`”, and “`unhealthy`” states.\n \n `downstart` (`string`)\n \n The time when the server became “`unavail`”, “`checking`”, or “`unhealthy`”, in the ISO 8601 format with millisecond resolution.\n \n `selected` (`string`)\n \n The time when the server was last selected to process a connection, in the ISO 8601 format with millisecond resolution.\n \n `zombies` (`integer`)\n \n The current number of servers removed from the group but still processing active client connections.\n \n `zone` (`string`)\n \n The name of the shared memory [zone](https://nginx.org/en/docs/stream/ngx_stream_upstream_module.html#zone) that keeps the group’s configuration and run-time state.\n \n Example:\n \n > {\n > \"dns\" : {\n > \"peers\" : \\[\n > {\n > \"id\" : 0,\n > \"server\" : \"10.0.0.1:12347\",\n > \"name\" : \"10.0.0.1:12347\",\n > \"backup\" : false,\n > \"weight\" : 5,\n > \"state\" : \"up\",\n > \"active\" : 0,\n > \"ssl\" : {\n > \"handshakes\" : 200,\n > \"handshakes\\_failed\" : 4,\n > \"session\\_reuses\" : 189,\n > \"no\\_common\\_protocol\" : 4,\n > \"handshake\\_timeout\" : 0,\n > \"peer\\_rejected\\_cert\" : 0,\n > \"verify\\_failures\" : {\n > \"expired\\_cert\" : 2,\n > \"revoked\\_cert\" : 1,\n > \"hostname\\_mismatch\" : 2,\n > \"other\" : 1\n > }\n > },\n > \"max\\_conns\" : 50,\n > \"connections\" : 667231,\n > \"sent\" : 251946292,\n > \"received\" : 19222475454,\n > \"fails\" : 0,\n > \"unavail\" : 0,\n > \"health\\_checks\" : {\n > \"checks\" : 26214,\n > \"fails\" : 0,\n > \"unhealthy\" : 0,\n > \"last\\_passed\" : true\n > },\n > \"downtime\" : 0,\n > \"downstart\" : \"2022-06-28T11:09:21.602Z\",\n > \"selected\" : \"2022-06-28T15:01:25.000Z\"\n > },\n > {\n > \"id\" : 1,\n > \"server\" : \"10.0.0.1:12348\",\n > \"name\" : \"10.0.0.1:12348\",\n > \"backup\" : true,\n > \"weight\" : 1,\n > \"state\" : \"unhealthy\",\n > \"active\" : 0,\n > \"max\\_conns\" : 50,\n > \"connections\" : 0,\n > \"sent\" : 0,\n > \"received\" : 0,\n > \"fails\" : 0,\n > \"unavail\" : 0,\n > \"health\\_checks\" : {\n > \"checks\" : 26284,\n > \"fails\" : 26284,\n > \"unhealthy\" : 1,\n > \"last\\_passed\" : false\n > },\n > \"downtime\" : 262925617,\n > \"downstart\" : \"2022-06-28T11:09:21.602Z\",\n > \"selected\" : \"2022-06-28T15:01:25.000Z\"\n > }\n > \\],\n > \"zombies\" : 0,\n > \"zone\" : \"dns\"\n > }\n > }\n \n* Stream Upstream Server:\n \n Dynamically configurable parameters of a stream upstream [server](https://nginx.org/en/docs/stream/ngx_stream_upstream_module.html#server):\n \n `id` (`integer`)\n \n The ID of the stream upstream server. The ID is assigned automatically and cannot be changed.\n \n `server` (`string`)\n \n Same as the [address](https://nginx.org/en/docs/stream/ngx_stream_upstream_module.html#server) parameter of the stream upstream server. When adding a server, it is possible to specify it as a domain name. In this case, changes of the IP addresses that correspond to a domain name will be monitored and automatically applied to the upstream configuration without the need of restarting nginx. This requires the [resolver](https://nginx.org/en/docs/stream/ngx_stream_core_module.html#resolver) directive in the “`stream`” block. See also the [resolve](https://nginx.org/en/docs/stream/ngx_stream_upstream_module.html#resolve) parameter of the stream upstream server.\n \n `service` (`string`)\n \n Same as the [service](https://nginx.org/en/docs/stream/ngx_stream_upstream_module.html#service) parameter of the stream upstream server. This parameter cannot be changed.\n \n `weight` (`integer`)\n \n Same as the [weight](https://nginx.org/en/docs/stream/ngx_stream_upstream_module.html#weight) parameter of the stream upstream server.\n \n `max_conns` (`integer`)\n \n Same as the [max\\_conns](https://nginx.org/en/docs/stream/ngx_stream_upstream_module.html#max_conns) parameter of the stream upstream server.\n \n `max_fails` (`integer`)\n \n Same as the [max\\_fails](https://nginx.org/en/docs/stream/ngx_stream_upstream_module.html#max_fails) parameter of the stream upstream server.\n \n `fail_timeout` (`string`)\n \n Same as the [fail\\_timeout](https://nginx.org/en/docs/stream/ngx_stream_upstream_module.html#fail_timeout) parameter of the stream upstream server.\n \n `slow_start` (`string`)\n \n Same as the [slow\\_start](https://nginx.org/en/docs/stream/ngx_stream_upstream_module.html#slow_start) parameter of the stream upstream server.\n \n `backup` (`boolean`)\n \n When `true`, adds a [backup](https://nginx.org/en/docs/stream/ngx_stream_upstream_module.html#backup) server. This parameter cannot be changed.\n \n `down` (`boolean`)\n \n Same as the [down](https://nginx.org/en/docs/stream/ngx_stream_upstream_module.html#down) parameter of the stream upstream server.\n \n `parent` (`string`)\n \n Parent server ID of the resolved server. The ID is assigned automatically and cannot be changed.\n \n `host` (`string`)\n \n Hostname of the resolved server. The hostname is assigned automatically and cannot be changed.\n \n Example:\n \n > {\n > \"id\" : 0,\n > \"server\" : \"10.0.0.1:12348\",\n > \"weight\" : 1,\n > \"max\\_conns\" : 0,\n > \"max\\_fails\" : 1,\n > \"fail\\_timeout\" : \"10s\",\n > \"slow\\_start\" : 0,\n > \"backup\" : false,\n > \"down\" : false\n > }\n \n* Stream Keyval Shared Memory Zone:\n \n Contents of a stream keyval shared memory zone when using the GET method.\n \n Example:\n \n > {\n > \"key1\" : \"value1\",\n > \"key2\" : \"value2\",\n > \"key3\" : \"value3\"\n > }\n \n* Stream Keyval Shared Memory Zone:\n \n Contents of a stream keyval shared memory zone when using the POST or PATCH methods.\n \n Example:\n \n > {\n > \"key1\" : \"value1\",\n > \"key2\" : \"value2\",\n > \"key3\" : {\n > \"value\" : \"value3\",\n > \"expire\" : 30000\n > }\n > }\n \n* Stream Zone Sync Node:\n \n `zones`\n \n Synchronization information per each shared memory zone.\n \n A collection of \"[Sync Zone](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_stream_zone_sync_zone)\" objects\n \n `status`\n \n Synchronization information per node in a cluster.\n \n `bytes_in` (`integer`)\n \n The number of bytes received by this node.\n \n `msgs_in` (`integer`)\n \n The number of messages received by this node.\n \n `msgs_out` (`integer`)\n \n The number of messages sent by this node.\n \n `bytes_out` (`integer`)\n \n The number of bytes sent by this node.\n \n `nodes_online` (`integer`)\n \n The number of peers this node is connected to.\n \n Example:\n \n > {\n > \"zones\" : {\n > \"zone1\" : {\n > \"records\\_pending\" : 2061,\n > \"records\\_total\" : 260575\n > },\n > \"zone2\" : {\n > \"records\\_pending\" : 0,\n > \"records\\_total\" : 14749\n > }\n > },\n > \"status\" : {\n > \"bytes\\_in\" : 1364923761,\n > \"msgs\\_in\" : 337236,\n > \"msgs\\_out\" : 346717,\n > \"bytes\\_out\" : 1402765472,\n > \"nodes\\_online\" : 15\n > }\n > }\n \n* Sync Zone:\n \n Synchronization status of a shared memory zone.\n \n `records_pending` (`integer`)\n \n The number of records that need to be sent to the cluster.\n \n `records_total` (`integer`)\n \n The total number of records stored in the shared memory zone.\n \n* Resolver Zone:\n \n Statistics of DNS requests and responses per particular [resolver zone](https://nginx.org/en/docs/http/ngx_http_core_module.html#resolver_status_zone).\n \n `requests`\n \n `name` (`integer`)\n \n The total number of requests to resolve names to addresses.\n \n `srv` (`integer`)\n \n The total number of requests to resolve SRV records.\n \n `addr` (`integer`)\n \n The total number of requests to resolve addresses to names.\n \n `responses`\n \n `noerror` (`integer`)\n \n The total number of successful responses.\n \n `formerr` (`integer`)\n \n The total number of FORMERR (`Format error`) responses.\n \n `servfail` (`integer`)\n \n The total number of SERVFAIL (`Server failure`) responses.\n \n `nxdomain` (`integer`)\n \n The total number of NXDOMAIN (`Host not found`) responses.\n \n `notimp` (`integer`)\n \n The total number of NOTIMP (`Unimplemented`) responses.\n \n `refused` (`integer`)\n \n The total number of REFUSED (`Operation refused`) responses.\n \n `timedout` (`integer`)\n \n The total number of timed out requests.\n \n `unknown` (`integer`)\n \n The total number of requests completed with an unknown error.\n \n Example:\n \n > {\n > \"resolver\\_zone1\" : {\n > \"requests\" : {\n > \"name\" : 25460,\n > \"srv\" : 130,\n > \"addr\" : 2580\n > },\n > \"responses\" : {\n > \"noerror\" : 26499,\n > \"formerr\" : 0,\n > \"servfail\" : 3,\n > \"nxdomain\" : 0,\n > \"notimp\" : 0,\n > \"refused\" : 0,\n > \"timedout\" : 243,\n > \"unknown\" : 478\n > }\n > }\n > }\n \n* Error:\n \n nginx error object.\n \n `error`\n \n `status` (`integer`)\n \n HTTP error code.\n \n `text` (`string`)\n \n Error description.\n \n `code` (`string`)\n \n Internal nginx error code.\n \n `request_id` (`string`)\n \n The ID of the request, equals the value of the [$request\\_id](https://nginx.org/en/docs/http/ngx_http_core_module.html#var_request_id) variable.\n \n `href` (`string`)\n \n Link to reference documentation.\n", - "c": "`server`, `location`, `if in location`", - "s": "**status_zone** `_zone_`;" - }, - { - "m": "ngx_http_auth_basic_module", - "n": "auth_basic", - "d": "Enables validation of user name and password using the “HTTP Basic Authentication” protocol. The specified parameter is used as a `_realm_`. Parameter value can contain variables (1.3.10, 1.2.7). The special value `off` cancels the effect of the `auth_basic` directive inherited from the previous configuration level.", - "v": "auth\\_basic off;", - "c": "`http`, `server`, `location`, `limit_except`", - "s": "**auth_basic** `_string_` | `off`;" - }, - { - "m": "ngx_http_auth_basic_module", - "n": "auth_basic_user_file", - "d": "Specifies a file that keeps user names and passwords, in the following format:\n```\n# comment\nname1:password1\nname2:password2:comment\nname3:password3\n\n```\nThe `_file_` name can contain variables.\nThe following password types are supported:\n* encrypted with the `crypt()` function; can be generated using the “`htpasswd`” utility from the Apache HTTP Server distribution or the “`openssl passwd`” command;\n* hashed with the Apache variant of the MD5-based password algorithm (apr1); can be generated with the same tools;\n* specified by the “`{``_scheme_``}``_data_`” syntax (1.0.3+) as described in [RFC 2307](https://datatracker.ietf.org/doc/html/rfc2307#section-5.3); currently implemented schemes include `PLAIN` (an example one, should not be used), `SHA` (1.3.13) (plain SHA-1 hashing, should not be used) and `SSHA` (salted SHA-1 hashing, used by some software packages, notably OpenLDAP and Dovecot).\n \n > Support for `SHA` scheme was added only to aid in migration from other web servers. It should not be used for new passwords, since unsalted SHA-1 hashing that it employs is vulnerable to [rainbow table](http://en.wikipedia.org/wiki/Rainbow_attack) attacks.\n", - "c": "`http`, `server`, `location`, `limit_except`", - "s": "**auth_basic_user_file** `_file_`;" - }, - { - "m": "ngx_http_auth_jwt_module", - "n": "algorithms", - "d": "#### Supported Algorithms\nThe module supports the following JSON Web [Algorithms](https://www.iana.org/assignments/jose/jose.xhtml#web-signature-encryption-algorithms).\nJWS algorithms:\n* HS256, HS384, HS512\n* RS256, RS384, RS512\n* ES256, ES384, ES512\n* EdDSA (Ed25519 and Ed448 signatures) (1.15.7)\n\nPrior to version 1.13.7, only HS256, RS256, ES256 algorithms were supported.\n\nJWE content encryption algorithms (1.19.7):\n* A128CBC-HS256, A192CBC-HS384, A256CBC-HS512\n* A128GCM, A192GCM, A256GCM\n\nJWE key management algorithms (1.19.9):\n* A128KW, A192KW, A256KW\n* A128GCMKW, A192GCMKW, A256GCMKW\n* dir - direct use of a shared symmetric key as the content encryption key\n* RSA-OAEP, RSA-OAEP-256, RSA-OAEP-384, RSA-OAEP-512 (1.21.0)\n" - }, - { - "m": "ngx_http_auth_jwt_module", - "n": "auth_jwt", - "d": "Enables validation of JSON Web Token. The specified `_string_` is used as a `realm`. Parameter value can contain variables.\nThe optional `token` parameter specifies a variable that contains JSON Web Token. By default, JWT is passed in the “Authorization” header as a [Bearer Token](https://datatracker.ietf.org/doc/html/rfc6750). JWT may be also passed as a cookie or a part of a query string:\n```\nauth_jwt \"closed site\" token=$cookie_auth_token;\n\n```\n\nThe special value `off` cancels the effect of the `auth_jwt` directive inherited from the previous configuration level.", - "v": "auth\\_jwt off;", - "c": "`http`, `server`, `location`, `limit_except`", - "s": "**auth_jwt** `_string_` [`token=``_$variable_`] | `off`;" - }, - { - "m": "ngx_http_auth_jwt_module", - "n": "auth_jwt_claim_set", - "d": "Sets the `_variable_` to a JWT claim parameter identified by key names. Name matching starts from the top level of the JSON tree. For arrays, the variable keeps a list of array elements separated by commas.\n```\nauth_jwt_claim_set $email info e-mail;\nauth_jwt_claim_set $job info \"job title\";\n\n```\n\nPrior to version 1.13.7, only one key name could be specified, and the result was undefined for arrays.\n\n\nVariable values for tokens encrypted with JWE are available only after decryption which occurs during the [Access](https://nginx.org/en/docs/dev/development_guide.html#http_phases) phase.\n", - "c": "`http`", - "s": "**auth_jwt_claim_set** `_$variable_` `_name_` ...;" - }, - { - "m": "ngx_http_auth_jwt_module", - "n": "auth_jwt_header_set", - "d": "Sets the `_variable_` to a JOSE header parameter identified by key names. Name matching starts from the top level of the JSON tree. For arrays, the variable keeps a list of array elements separated by commas.\nPrior to version 1.13.7, only one key name could be specified, and the result was undefined for arrays.\n", - "c": "`http`", - "s": "**auth_jwt_header_set** `_$variable_` `_name_` ...;" - }, - { - "m": "ngx_http_auth_jwt_module", - "n": "auth_jwt_key_cache", - "d": "Enables or disables caching of keys obtained from a [file](https://nginx.org/en/docs/http/ngx_http_auth_jwt_module.html#auth_jwt_key_file) or from a [subrequest](https://nginx.org/en/docs/http/ngx_http_auth_jwt_module.html#auth_jwt_key_request), and sets caching time for them. Caching of keys obtained from variables is not supported. By default, caching of keys is disabled.", - "v": "auth\\_jwt\\_key\\_cache 0;", - "c": "`http`, `server`, `location`", - "s": "**auth_jwt_key_cache** `_time_`;" - }, - { - "m": "ngx_http_auth_jwt_module", - "n": "auth_jwt_key_file", - "d": "Specifies a `_file_` in [JSON Web Key Set](https://datatracker.ietf.org/doc/html/rfc7517#section-5) format for validating JWT signature. Parameter value can contain variables.\nSeveral `auth_jwt_key_file` directives can be specified on the same level (1.21.1):\n```\nauth_jwt_key_file conf/keys.json;\nauth_jwt_key_file conf/key.jwk;\n\n```\nIf at least one of the specified keys cannot be loaded or processed, nginx will return the 500 (Internal Server Error) error.", - "c": "`http`, `server`, `location`, `limit_except`", - "s": "**auth_jwt_key_file** `_file_`;" - }, - { - "m": "ngx_http_auth_jwt_module", - "n": "auth_jwt_key_request", - "d": "Allows retrieving a [JSON Web Key Set](https://datatracker.ietf.org/doc/html/rfc7517#section-5) file from a subrequest for validating JWT signature and sets the URI where the subrequest will be sent to. Parameter value can contain variables. To avoid validation overhead, it is recommended to cache the key file:\n```\nproxy_cache_path /data/nginx/cache levels=1 keys_zone=foo:10m;\n\nserver {\n ...\n\n location / {\n auth_jwt \"closed site\";\n auth_jwt_key_request /jwks_uri;\n }\n\n location = /jwks_uri {\n internal;\n proxy_cache foo;\n proxy_pass http://idp.example.com/keys;\n }\n}\n\n```\nSeveral `auth_jwt_key_request` directives can be specified on the same level (1.21.1):\n```\nauth_jwt_key_request /jwks_uri;\nauth_jwt_key_request /jwks2_uri;\n\n```\nIf at least one of the specified keys cannot be loaded or processed, nginx will return the 500 (Internal Server Error) error.", - "c": "`http`, `server`, `location`, `limit_except`", - "s": "**auth_jwt_key_request** `_uri_`;" - }, - { - "m": "ngx_http_auth_jwt_module", - "n": "auth_jwt_leeway", - "d": "Sets the maximum allowable leeway to compensate clock skew when verifying the [exp](https://datatracker.ietf.org/doc/html/rfc7519#section-4.1.4) and [nbf](https://datatracker.ietf.org/doc/html/rfc7519#section-4.1.5) JWT claims.", - "v": "auth\\_jwt\\_leeway 0s;", - "c": "`http`, `server`, `location`", - "s": "**auth_jwt_leeway** `_time_`;" - }, - { - "m": "ngx_http_auth_jwt_module", - "n": "auth_jwt_type", - "d": "Specifies which type of JSON Web Token to expect: JWS (`signed`), JWE (`encrypted`), or signed and then encrypted Nested JWT (`nested`) (1.21.0).", - "v": "auth\\_jwt\\_type signed;", - "c": "`http`, `server`, `location`, `limit_except`", - "s": "**auth_jwt_type** `_signed_` | `_encrypted_` | `_nested_`;" - }, - { - "m": "ngx_http_auth_jwt_module", - "n": "auth_jwt_require", - "d": "Specifies additional checks for JWT validation. The value can contain text, variables, and their combination, and must start with a variable (1.21.7). The authentication will succeed only if all the values are not empty and are not equal to “0”.\n```\nmap $jwt_claim_iss $valid_jwt_iss {\n \"good\" 1;\n}\n...\n\nauth_jwt_require $valid_jwt_iss;\n\n```\n\nIf any of the checks fails, the `401` error code is returned. The optional `error` parameter (1.21.7) allows redefining the error code to `403`.", - "c": "`http`, `server`, `location`, `limit_except`", - "s": "**auth_jwt_require** `_$value_` ... [`error`=`401` | `403`] ;" - }, - { - "m": "ngx_http_auth_jwt_module", - "n": "variables", - "d": "#### Embedded Variables\nThe `ngx_http_auth_jwt_module` module supports embedded variables:\n\n`$jwt_header_``_name_`\n\nreturns the value of a specified [JOSE header](https://datatracker.ietf.org/doc/html/rfc7515#section-4)\n\n`$jwt_claim_``_name_`\n\nreturns the value of a specified [JWT claim](https://datatracker.ietf.org/doc/html/rfc7519#section-4)\n\nFor nested claims and claims including a dot (“.”), the value of the variable cannot be evaluated; the [auth\\_jwt\\_claim\\_set](https://nginx.org/en/docs/http/ngx_http_auth_jwt_module.html#auth_jwt_claim_set) directive should be used instead.\n\nVariable values for tokens encrypted with JWE are available only after decryption which occurs during the [Access](https://nginx.org/en/docs/dev/development_guide.html#http_phases) phase.\n\n`$jwt_payload`\n\nreturns the decrypted top-level payload of `nested` or `encrypted` tokens (1.21.2). For nested tokens returns the enclosed JWS token. For encrypted tokens returns JSON with claims.\n", - "c": "`http`, `server`, `location`, `limit_except`", - "s": "**auth_jwt_require** `_$value_` ... [`error`=`401` | `403`] ;" - }, - { - "m": "ngx_http_auth_jwt_module", - "n": "$jwt_header_name", - "d": "returns the decrypted top-level payload of `nested` or `encrypted` tokens (1.21.2). For nested tokens returns the enclosed JWS token. For encrypted tokens returns JSON with claims." - }, - { - "m": "ngx_http_auth_jwt_module", - "n": "$jwt_claim_name", - "d": "returns the decrypted top-level payload of `nested` or `encrypted` tokens (1.21.2). For nested tokens returns the enclosed JWS token. For encrypted tokens returns JSON with claims." - }, - { - "m": "ngx_http_auth_jwt_module", - "n": "$jwt_payload", - "d": "returns the decrypted top-level payload of `nested` or `encrypted` tokens (1.21.2). For nested tokens returns the enclosed JWS token. For encrypted tokens returns JSON with claims." - }, - { - "m": "ngx_http_auth_request_module", - "n": "auth_request", - "d": "Enables authorization based on the result of a subrequest and sets the URI to which the subrequest will be sent.", - "v": "auth\\_request off;", - "c": "`http`, `server`, `location`", - "s": "**auth_request** `_uri_` | `off`;" - }, - { - "m": "ngx_http_auth_request_module", - "n": "auth_request_set", - "d": "Sets the request `_variable_` to the given `_value_` after the authorization request completes. The value may contain variables from the authorization request, such as `$upstream_http_*`.", - "c": "`http`, `server`, `location`", - "s": "**auth_request_set** `_$variable_` `_value_`;" - }, - { - "m": "ngx_http_autoindex_module", - "n": "autoindex", - "d": "Enables or disables the directory listing output.", - "v": "autoindex off;", - "c": "`http`, `server`, `location`", - "s": "**autoindex** `on` | `off`;" - }, - { - "m": "ngx_http_autoindex_module", - "n": "autoindex_exact_size", - "d": "For the HTML [format](https://nginx.org/en/docs/http/ngx_http_autoindex_module.html#autoindex_format), specifies whether exact file sizes should be output in the directory listing, or rather rounded to kilobytes, megabytes, and gigabytes.", - "v": "autoindex\\_exact\\_size on;", - "c": "`http`, `server`, `location`", - "s": "**autoindex_exact_size** `on` | `off`;" - }, - { - "m": "ngx_http_autoindex_module", - "n": "autoindex_format", - "d": "Sets the format of a directory listing.\nWhen the JSONP format is used, the name of a callback function is set with the `callback` request argument. If the argument is missing or has an empty value, then the JSON format is used.\nThe XML output can be transformed using the [ngx\\_http\\_xslt\\_module](https://nginx.org/en/docs/http/ngx_http_xslt_module.html) module.", - "v": "autoindex\\_format html;", - "c": "`http`, `server`, `location`", - "s": "**autoindex_format** `html` | `xml` | `json` | `jsonp`;" - }, - { - "m": "ngx_http_autoindex_module", - "n": "autoindex_localtime", - "d": "For the HTML [format](https://nginx.org/en/docs/http/ngx_http_autoindex_module.html#autoindex_format), specifies whether times in the directory listing should be output in the local time zone or UTC.", - "v": "autoindex\\_localtime off;", - "c": "`http`, `server`, `location`", - "s": "**autoindex_localtime** `on` | `off`;" - }, - { - "m": "ngx_http_browser_module", - "n": "ancient_browser", - "d": "If any of the specified substrings is found in the “User-Agent” request header field, the browser will be considered ancient. The special string “`netscape4`” corresponds to the regular expression “`^Mozilla/[1-4]`”.", - "c": "`http`, `server`, `location`", - "s": "**ancient_browser** `_string_` ...;" - }, - { - "m": "ngx_http_browser_module", - "n": "ancient_browser_value", - "d": "Sets a value for the `$ancient_browser` variables.", - "v": "ancient\\_browser\\_value 1;", - "c": "`http`, `server`, `location`", - "s": "**ancient_browser_value** `_string_`;" - }, - { - "m": "ngx_http_browser_module", - "n": "modern_browser", - "d": "Specifies a version starting from which a browser is considered modern. A browser can be any one of the following: `msie`, `gecko` (browsers based on Mozilla), `opera`, `safari`, or `konqueror`.\nVersions can be specified in the following formats: X, X.X, X.X.X, or X.X.X.X. The maximum values for each of the format are 4000, 4000.99, 4000.99.99, and 4000.99.99.99, respectively.\nThe special value `unlisted` specifies to consider a browser as modern if it was not listed by the `modern_browser` and [ancient\\_browser](https://nginx.org/en/docs/http/ngx_http_browser_module.html#ancient_browser) directives. Otherwise such a browser is considered ancient. If a request does not provide the “User-Agent” field in the header, the browser is treated as not being listed.", - "c": "`http`, `server`, `location`", - "s": "**modern_browser** `_browser_` `_version_`;`` \n``**modern_browser** `unlisted`;" - }, - { - "m": "ngx_http_browser_module", - "n": "modern_browser_value", - "d": "Sets a value for the `$modern_browser` variables.", - "v": "modern\\_browser\\_value 1;", - "c": "`http`, `server`, `location`", - "s": "**modern_browser_value** `_string_`;" - }, - { - "m": "ngx_http_charset_module", - "n": "charset", - "d": "Adds the specified charset to the “Content-Type” response header field. If this charset is different from the charset specified in the [source\\_charset](https://nginx.org/en/docs/http/ngx_http_charset_module.html#source_charset) directive, a conversion is performed.\nThe parameter `off` cancels the addition of charset to the “Content-Type” response header field.\nA charset can be defined with a variable:\n```\ncharset $charset;\n\n```\nIn such a case, all possible values of a variable need to be present in the configuration at least once in the form of the [charset\\_map](https://nginx.org/en/docs/http/ngx_http_charset_module.html#charset_map), [charset](https://nginx.org/en/docs/http/ngx_http_charset_module.html#charset), or [source\\_charset](https://nginx.org/en/docs/http/ngx_http_charset_module.html#source_charset) directives. For `utf-8`, `windows-1251`, and `koi8-r` charsets, it is sufficient to include the files `conf/koi-win`, `conf/koi-utf`, and `conf/win-utf` into configuration. For other charsets, simply making a fictitious conversion table works, for example:\n```\ncharset_map iso-8859-5 _ { }\n\n```\n\nIn addition, a charset can be set in the “X-Accel-Charset” response header field. This capability can be disabled using the [proxy\\_ignore\\_headers](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_ignore_headers), [fastcgi\\_ignore\\_headers](https://nginx.org/en/docs/http/ngx_http_fastcgi_module.html#fastcgi_ignore_headers), [uwsgi\\_ignore\\_headers](https://nginx.org/en/docs/http/ngx_http_uwsgi_module.html#uwsgi_ignore_headers), [scgi\\_ignore\\_headers](https://nginx.org/en/docs/http/ngx_http_scgi_module.html#scgi_ignore_headers), and [grpc\\_ignore\\_headers](https://nginx.org/en/docs/http/ngx_http_grpc_module.html#grpc_ignore_headers) directives.", - "v": "charset off;", - "c": "`http`, `server`, `location`, `if in location`", - "s": "**charset** `_charset_` | `off`;" - }, - { - "m": "ngx_http_charset_module", - "n": "charset_map", - "d": "Describes the conversion table from one charset to another. A reverse conversion table is built using the same data. Character codes are given in hexadecimal. Missing characters in the range 80-FF are replaced with “`?`”. When converting from UTF-8, characters missing in a one-byte charset are replaced with “`&#XXXX;`”.\nExample:\n```\ncharset_map koi8-r windows-1251 {\n C0 FE ; # small yu\n C1 E0 ; # small a\n C2 E1 ; # small b\n C3 F6 ; # small ts\n ...\n}\n\n```\n\nWhen describing a conversion table to UTF-8, codes for the UTF-8 charset should be given in the second column, for example:\n```\ncharset_map koi8-r utf-8 {\n C0 D18E ; # small yu\n C1 D0B0 ; # small a\n C2 D0B1 ; # small b\n C3 D186 ; # small ts\n ...\n}\n\n```\n\nFull conversion tables from `koi8-r` to `windows-1251`, and from `koi8-r` and `windows-1251` to `utf-8` are provided in the distribution files `conf/koi-win`, `conf/koi-utf`, and `conf/win-utf`.", - "c": "`http`", - "s": "**charset_map** `_charset1_` `_charset2_` { ... }" - }, - { - "m": "ngx_http_charset_module", - "n": "charset_types", - "d": "Enables module processing in responses with the specified MIME types in addition to “`text/html`”. The special value “`*`” matches any MIME type (0.8.29).\n\nUntil version 1.5.4, “`application/x-javascript`” was used as the default MIME type instead of “`application/javascript`”.\n", - "v": "charset\\_types text/html text/xml text/plain text/vnd.wap.wml\napplication/javascript application/rss+xml;", - "c": "`http`, `server`, `location`", - "s": "**charset_types** `_mime-type_` ...;" - }, - { - "m": "ngx_http_charset_module", - "n": "override_charset", - "d": "Determines whether a conversion should be performed for answers received from a proxied or a FastCGI/uwsgi/SCGI/gRPC server when the answers already carry a charset in the “Content-Type” response header field. If conversion is enabled, a charset specified in the received response is used as a source charset.\nIt should be noted that if a response is received in a subrequest then the conversion from the response charset to the main request charset is always performed, regardless of the `override_charset` directive setting.\n", - "v": "override\\_charset off;", - "c": "`http`, `server`, `location`, `if in location`", - "s": "**override_charset** `on` | `off`;" - }, - { - "m": "ngx_http_charset_module", - "n": "source_charset", - "d": "Defines the source charset of a response. If this charset is different from the charset specified in the [charset](https://nginx.org/en/docs/http/ngx_http_charset_module.html#charset) directive, a conversion is performed.", - "c": "`http`, `server`, `location`, `if in location`", - "s": "**source_charset** `_charset_`;" - }, - { - "m": "ngx_http_dav_module", - "n": "create_full_put_path", - "d": "The WebDAV specification only allows creating files in already existing directories. This directive allows creating all needed intermediate directories.", - "v": "create\\_full\\_put\\_path off;", - "c": "`http`, `server`, `location`", - "s": "**create_full_put_path** `on` | `off`;" - }, - { - "m": "ngx_http_dav_module", - "n": "dav_access", - "d": "Sets access permissions for newly created files and directories, e.g.:\n```\ndav_access user:rw group:rw all:r;\n\n```\n\nIf any `group` or `all` access permissions are specified then `user` permissions may be omitted:\n```\ndav_access group:rw all:r;\n\n```\n", - "v": "dav\\_access user:rw;", - "c": "`http`, `server`, `location`", - "s": "**dav_access** `_users_`:`_permissions_` ...;" - }, - { - "m": "ngx_http_dav_module", - "n": "dav_methods", - "d": "Allows the specified HTTP and WebDAV methods. The parameter `off` denies all methods processed by this module. The following methods are supported: `PUT`, `DELETE`, `MKCOL`, `COPY`, and `MOVE`.\nA file uploaded with the PUT method is first written to a temporary file, and then the file is renamed. Starting from version 0.8.9, temporary files and the persistent store can be put on different file systems. However, be aware that in this case a file is copied across two file systems instead of the cheap renaming operation. It is thus recommended that for any given location both saved files and a directory holding temporary files, set by the [client\\_body\\_temp\\_path](https://nginx.org/en/docs/http/ngx_http_core_module.html#client_body_temp_path) directive, are put on the same file system.\nWhen creating a file with the PUT method, it is possible to specify the modification date by passing it in the “Date” header field.", - "v": "dav\\_methods off;", - "c": "`http`, `server`, `location`", - "s": "**dav_methods** `off` | `_method_` ...;" - }, - { - "m": "ngx_http_dav_module", - "n": "min_delete_depth", - "d": "Allows the DELETE method to remove files provided that the number of elements in a request path is not less than the specified number. For example, the directive\n```\nmin_delete_depth 4;\n\n```\nallows removing files on requests\n```\n/users/00/00/name\n/users/00/00/name/pic.jpg\n/users/00/00/page.html\n\n```\nand denies the removal of\n```\n/users/00/00\n\n```\n", - "v": "min\\_delete\\_depth 0;", - "c": "`http`, `server`, `location`", - "s": "**min_delete_depth** `_number_`;" - }, - { - "m": "ngx_http_empty_gif_module", - "n": "empty_gif", - "d": "Turns on module processing in a surrounding location.", - "c": "`location`", - "s": "**empty_gif**;" - }, - { - "m": "ngx_http_f4f_module", - "n": "f4f", - "d": "Turns on module processing in the surrounding location.", - "c": "`location`", - "s": "**f4f**;" - }, - { - "m": "ngx_http_f4f_module", - "n": "f4f_buffer_size", - "d": "Sets the `_size_` of the buffer used for reading the `.f4x` index file.", - "v": "f4f\\_buffer\\_size 512k;", - "c": "`http`, `server`, `location`", - "s": "**f4f_buffer_size** `_size_`;" - }, - { - "m": "ngx_http_fastcgi_module", - "n": "fastcgi_bind", - "d": "Makes outgoing connections to a FastCGI server originate from the specified local IP address with an optional port (1.11.2). Parameter value can contain variables (1.3.12). The special value `off` (1.3.12) cancels the effect of the `fastcgi_bind` directive inherited from the previous configuration level, which allows the system to auto-assign the local IP address and port.", - "c": "`http`, `server`, `location`", - "s": "**fastcgi_bind** `_address_` [`transparent`] | `off`;" - }, - { - "m": "ngx_http_fastcgi_module", - "n": "fastcgi_bind_transparent", - "d": "The `transparent` parameter (1.11.0) allows outgoing connections to a FastCGI server originate from a non-local IP address, for example, from a real IP address of a client:\n```\nfastcgi_bind $remote_addr transparent;\n\n```\nIn order for this parameter to work, it is usually necessary to run nginx worker processes with the [superuser](https://nginx.org/en/docs/ngx_core_module.html#user) privileges. On Linux it is not required (1.13.8) as if the `transparent` parameter is specified, worker processes inherit the `CAP_NET_RAW` capability from the master process. It is also necessary to configure kernel routing table to intercept network traffic from the FastCGI server.", - "c": "`http`, `server`, `location`", - "s": "**fastcgi_bind** `_address_` [`transparent`] | `off`;" - }, - { - "m": "ngx_http_fastcgi_module", - "n": "fastcgi_buffer_size", - "d": "Sets the `_size_` of the buffer used for reading the first part of the response received from the FastCGI server. This part usually contains a small response header. By default, the buffer size is equal to one memory page. This is either 4K or 8K, depending on a platform. It can be made smaller, however.", - "v": "fastcgi\\_buffer\\_size 4k|8k;", - "c": "`http`, `server`, `location`", - "s": "**fastcgi_buffer_size** `_size_`;" - }, - { - "m": "ngx_http_fastcgi_module", - "n": "fastcgi_buffering", - "d": "Enables or disables buffering of responses from the FastCGI server.\nWhen buffering is enabled, nginx receives a response from the FastCGI server as soon as possible, saving it into the buffers set by the [fastcgi\\_buffer\\_size](https://nginx.org/en/docs/http/ngx_http_fastcgi_module.html#fastcgi_buffer_size) and [fastcgi\\_buffers](https://nginx.org/en/docs/http/ngx_http_fastcgi_module.html#fastcgi_buffers) directives. If the whole response does not fit into memory, a part of it can be saved to a [temporary file](https://nginx.org/en/docs/http/ngx_http_fastcgi_module.html#fastcgi_temp_path) on the disk. Writing to temporary files is controlled by the [fastcgi\\_max\\_temp\\_file\\_size](https://nginx.org/en/docs/http/ngx_http_fastcgi_module.html#fastcgi_max_temp_file_size) and [fastcgi\\_temp\\_file\\_write\\_size](https://nginx.org/en/docs/http/ngx_http_fastcgi_module.html#fastcgi_temp_file_write_size) directives.\nWhen buffering is disabled, the response is passed to a client synchronously, immediately as it is received. nginx will not try to read the whole response from the FastCGI server. The maximum size of the data that nginx can receive from the server at a time is set by the [fastcgi\\_buffer\\_size](https://nginx.org/en/docs/http/ngx_http_fastcgi_module.html#fastcgi_buffer_size) directive.\nBuffering can also be enabled or disabled by passing “`yes`” or “`no`” in the “X-Accel-Buffering” response header field. This capability can be disabled using the [fastcgi\\_ignore\\_headers](https://nginx.org/en/docs/http/ngx_http_fastcgi_module.html#fastcgi_ignore_headers) directive.", - "v": "fastcgi\\_buffering on;", - "c": "`http`, `server`, `location`", - "s": "**fastcgi_buffering** `on` | `off`;" - }, - { - "m": "ngx_http_fastcgi_module", - "n": "fastcgi_buffers", - "d": "Sets the `_number_` and `_size_` of the buffers used for reading a response from the FastCGI server, for a single connection. By default, the buffer size is equal to one memory page. This is either 4K or 8K, depending on a platform.", - "v": "fastcgi\\_buffers 8 4k|8k;", - "c": "`http`, `server`, `location`", - "s": "**fastcgi_buffers** `_number_` `_size_`;" - }, - { - "m": "ngx_http_fastcgi_module", - "n": "fastcgi_busy_buffers_size", - "d": "When [buffering](https://nginx.org/en/docs/http/ngx_http_fastcgi_module.html#fastcgi_buffering) of responses from the FastCGI server is enabled, limits the total `_size_` of buffers that can be busy sending a response to the client while the response is not yet fully read. In the meantime, the rest of the buffers can be used for reading the response and, if needed, buffering part of the response to a temporary file. By default, `_size_` is limited by the size of two buffers set by the [fastcgi\\_buffer\\_size](https://nginx.org/en/docs/http/ngx_http_fastcgi_module.html#fastcgi_buffer_size) and [fastcgi\\_buffers](https://nginx.org/en/docs/http/ngx_http_fastcgi_module.html#fastcgi_buffers) directives.", - "v": "fastcgi\\_busy\\_buffers\\_size 8k|16k;", - "c": "`http`, `server`, `location`", - "s": "**fastcgi_busy_buffers_size** `_size_`;" - }, - { - "m": "ngx_http_fastcgi_module", - "n": "fastcgi_cache", - "d": "Defines a shared memory zone used for caching. The same zone can be used in several places. Parameter value can contain variables (1.7.9). The `off` parameter disables caching inherited from the previous configuration level.", - "v": "fastcgi\\_cache off;", - "c": "`http`, `server`, `location`", - "s": "**fastcgi_cache** `_zone_` | `off`;" - }, - { - "m": "ngx_http_fastcgi_module", - "n": "fastcgi_cache_background_update", - "d": "Allows starting a background subrequest to update an expired cache item, while a stale cached response is returned to the client. Note that it is necessary to [allow](https://nginx.org/en/docs/http/ngx_http_fastcgi_module.html#fastcgi_cache_use_stale_updating) the usage of a stale cached response when it is being updated.", - "v": "fastcgi\\_cache\\_background\\_update off;", - "c": "`http`, `server`, `location`", - "s": "**fastcgi_cache_background_update** `on` | `off`;" - }, - { - "m": "ngx_http_fastcgi_module", - "n": "fastcgi_cache_bypass", - "d": "Defines conditions under which the response will not be taken from a cache. If at least one value of the string parameters is not empty and is not equal to “0” then the response will not be taken from the cache:\n```\nfastcgi_cache_bypass $cookie_nocache $arg_nocache$arg_comment;\nfastcgi_cache_bypass $http_pragma $http_authorization;\n\n```\nCan be used along with the [fastcgi\\_no\\_cache](https://nginx.org/en/docs/http/ngx_http_fastcgi_module.html#fastcgi_no_cache) directive.", - "c": "`http`, `server`, `location`", - "s": "**fastcgi_cache_bypass** `_string_` ...;" - }, - { - "m": "ngx_http_fastcgi_module", - "n": "fastcgi_cache_key", - "d": "Defines a key for caching, for example\n```\nfastcgi_cache_key localhost:9000$request_uri;\n\n```\n", - "c": "`http`, `server`, `location`", - "s": "**fastcgi_cache_key** `_string_`;" - }, - { - "m": "ngx_http_fastcgi_module", - "n": "fastcgi_cache_lock", - "d": "When enabled, only one request at a time will be allowed to populate a new cache element identified according to the [fastcgi\\_cache\\_key](https://nginx.org/en/docs/http/ngx_http_fastcgi_module.html#fastcgi_cache_key) directive by passing a request to a FastCGI server. Other requests of the same cache element will either wait for a response to appear in the cache or the cache lock for this element to be released, up to the time set by the [fastcgi\\_cache\\_lock\\_timeout](https://nginx.org/en/docs/http/ngx_http_fastcgi_module.html#fastcgi_cache_lock_timeout) directive.", - "v": "fastcgi\\_cache\\_lock off;", - "c": "`http`, `server`, `location`", - "s": "**fastcgi_cache_lock** `on` | `off`;" - }, - { - "m": "ngx_http_fastcgi_module", - "n": "fastcgi_cache_lock_age", - "d": "If the last request passed to the FastCGI server for populating a new cache element has not completed for the specified `_time_`, one more request may be passed to the FastCGI server.", - "v": "fastcgi\\_cache\\_lock\\_age 5s;", - "c": "`http`, `server`, `location`", - "s": "**fastcgi_cache_lock_age** `_time_`;" - }, - { - "m": "ngx_http_fastcgi_module", - "n": "fastcgi_cache_lock_timeout", - "d": "Sets a timeout for [fastcgi\\_cache\\_lock](https://nginx.org/en/docs/http/ngx_http_fastcgi_module.html#fastcgi_cache_lock). When the `_time_` expires, the request will be passed to the FastCGI server, however, the response will not be cached.\nBefore 1.7.8, the response could be cached.\n", - "v": "fastcgi\\_cache\\_lock\\_timeout 5s;", - "c": "`http`, `server`, `location`", - "s": "**fastcgi_cache_lock_timeout** `_time_`;" - }, - { - "m": "ngx_http_fastcgi_module", - "n": "fastcgi_cache_max_range_offset", - "d": "Sets an offset in bytes for byte-range requests. If the range is beyond the offset, the range request will be passed to the FastCGI server and the response will not be cached.", - "c": "`http`, `server`, `location`", - "s": "**fastcgi_cache_max_range_offset** `_number_`;" - }, - { - "m": "ngx_http_fastcgi_module", - "n": "fastcgi_cache_methods", - "d": "If the client request method is listed in this directive then the response will be cached. “`GET`” and “`HEAD`” methods are always added to the list, though it is recommended to specify them explicitly. See also the [fastcgi\\_no\\_cache](https://nginx.org/en/docs/http/ngx_http_fastcgi_module.html#fastcgi_no_cache) directive.", - "v": "fastcgi\\_cache\\_methods GET HEAD;", - "c": "`http`, `server`, `location`", - "s": "**fastcgi_cache_methods** `GET` | `HEAD` | `POST` ...;" - }, - { - "m": "ngx_http_fastcgi_module", - "n": "fastcgi_cache_min_uses", - "d": "Sets the `_number_` of requests after which the response will be cached.", - "v": "fastcgi\\_cache\\_min\\_uses 1;", - "c": "`http`, `server`, `location`", - "s": "**fastcgi_cache_min_uses** `_number_`;" - }, - { - "m": "ngx_http_fastcgi_module", - "n": "fastcgi_cache_path", - "d": "Sets the path and other parameters of a cache. Cache data are stored in files. Both the key and file name in a cache are a result of applying the MD5 function to the proxied URL. The `levels` parameter defines hierarchy levels of a cache: from 1 to 3, each level accepts values 1 or 2. For example, in the following configuration\n```\nfastcgi_cache_path /data/nginx/cache levels=1:2 keys_zone=one:10m;\n\n```\nfile names in a cache will look like this:\n```\n/data/nginx/cache/c/29/b7f54b2df7773722d382f4809d65029c\n\n```\n\nA cached response is first written to a temporary file, and then the file is renamed. Starting from version 0.8.9, temporary files and the cache can be put on different file systems. However, be aware that in this case a file is copied across two file systems instead of the cheap renaming operation. It is thus recommended that for any given location both cache and a directory holding temporary files are put on the same file system. A directory for temporary files is set based on the `use_temp_path` parameter (1.7.10). If this parameter is omitted or set to the value `on`, the directory set by the [fastcgi\\_temp\\_path](https://nginx.org/en/docs/http/ngx_http_fastcgi_module.html#fastcgi_temp_path) directive for the given location will be used. If the value is set to `off`, temporary files will be put directly in the cache directory.\nIn addition, all active keys and information about data are stored in a shared memory zone, whose `_name_` and `_size_` are configured by the `keys_zone` parameter. One megabyte zone can store about 8 thousand keys.\nAs part of [commercial subscription](http://nginx.com/products/), the shared memory zone also stores extended cache [information](https://nginx.org/en/docs/http/ngx_http_api_module.html#http_caches_), thus, it is required to specify a larger zone size for the same number of keys. For example, one megabyte zone can store about 4 thousand keys.\n\nCached data that are not accessed during the time specified by the `inactive` parameter get removed from the cache regardless of their freshness. By default, `inactive` is set to 10 minutes.", - "c": "`http`", - "s": "**fastcgi_cache_path** `_path_` [`levels`=`_levels_`] [`use_temp_path`=`on`|`off`] `keys_zone`=`_name_`:`_size_` [`inactive`=`_time_`] [`max_size`=`_size_`] [`min_free`=`_size_`] [`manager_files`=`_number_`] [`manager_sleep`=`_time_`] [`manager_threshold`=`_time_`] [`loader_files`=`_number_`] [`loader_sleep`=`_time_`] [`loader_threshold`=`_time_`] [`purger`=`on`|`off`] [`purger_files`=`_number_`] [`purger_sleep`=`_time_`] [`purger_threshold`=`_time_`];" - }, - { - "m": "ngx_http_fastcgi_module", - "n": "fastcgi_cache_path_max_size", - "d": "The special “cache manager” process monitors the maximum cache size set by the `max_size` parameter, and the minimum amount of free space set by the `min_free` (1.19.1) parameter on the file system with cache. When the size is exceeded or there is not enough free space, it removes the least recently used data. The data is removed in iterations configured by `manager_files`, `manager_threshold`, and `manager_sleep` parameters (1.11.5). During one iteration no more than `manager_files` items are deleted (by default, 100). The duration of one iteration is limited by the `manager_threshold` parameter (by default, 200 milliseconds). Between iterations, a pause configured by the `manager_sleep` parameter (by default, 50 milliseconds) is made.\nA minute after the start the special “cache loader” process is activated. It loads information about previously cached data stored on file system into a cache zone. The loading is also done in iterations. During one iteration no more than `loader_files` items are loaded (by default, 100). Besides, the duration of one iteration is limited by the `loader_threshold` parameter (by default, 200 milliseconds). Between iterations, a pause configured by the `loader_sleep` parameter (by default, 50 milliseconds) is made.\nAdditionally, the following parameters are available as part of our [commercial subscription](http://nginx.com/products/):\n\n`purger`\\=`on`|`off`\n\nInstructs whether cache entries that match a [wildcard key](https://nginx.org/en/docs/http/ngx_http_fastcgi_module.html#fastcgi_cache_purge) will be removed from the disk by the cache purger (1.7.12). Setting the parameter to `on` (default is `off`) will activate the “cache purger” process that permanently iterates through all cache entries and deletes the entries that match the wildcard key.\n\n`purger_files`\\=`_number_`\n\nSets the number of items that will be scanned during one iteration (1.7.12). By default, `purger_files` is set to 10.\n\n`purger_threshold`\\=`_number_`\n\nSets the duration of one iteration (1.7.12). By default, `purger_threshold` is set to 50 milliseconds.\n\n`purger_sleep`\\=`_number_`\n\nSets a pause between iterations (1.7.12). By default, `purger_sleep` is set to 50 milliseconds.\n\n\nIn versions 1.7.3, 1.7.7, and 1.11.10 cache header format has been changed. Previously cached responses will be considered invalid after upgrading to a newer nginx version.\n", - "c": "`http`", - "s": "**fastcgi_cache_path** `_path_` [`levels`=`_levels_`] [`use_temp_path`=`on`|`off`] `keys_zone`=`_name_`:`_size_` [`inactive`=`_time_`] [`max_size`=`_size_`] [`min_free`=`_size_`] [`manager_files`=`_number_`] [`manager_sleep`=`_time_`] [`manager_threshold`=`_time_`] [`loader_files`=`_number_`] [`loader_sleep`=`_time_`] [`loader_threshold`=`_time_`] [`purger`=`on`|`off`] [`purger_files`=`_number_`] [`purger_sleep`=`_time_`] [`purger_threshold`=`_time_`];" - }, - { - "m": "ngx_http_fastcgi_module", - "n": "fastcgi_cache_purge", - "d": "Defines conditions under which the request will be considered a cache purge request. If at least one value of the string parameters is not empty and is not equal to “0” then the cache entry with a corresponding [cache key](https://nginx.org/en/docs/http/ngx_http_fastcgi_module.html#fastcgi_cache_key) is removed. The result of successful operation is indicated by returning the 204 (No Content) response.\nIf the [cache key](https://nginx.org/en/docs/http/ngx_http_fastcgi_module.html#fastcgi_cache_key) of a purge request ends with an asterisk (“`*`”), all cache entries matching the wildcard key will be removed from the cache. However, these entries will remain on the disk until they are deleted for either [inactivity](https://nginx.org/en/docs/http/ngx_http_fastcgi_module.html#fastcgi_cache_path), or processed by the [cache purger](https://nginx.org/en/docs/http/ngx_http_fastcgi_module.html#purger) (1.7.12), or a client attempts to access them.\nExample configuration:\n```\nfastcgi_cache_path /data/nginx/cache keys_zone=cache_zone:10m;\n\nmap $request_method $purge_method {\n PURGE 1;\n default 0;\n}\n\nserver {\n ...\n location / {\n fastcgi_pass backend;\n fastcgi_cache cache_zone;\n fastcgi_cache_key $uri;\n fastcgi_cache_purge $purge_method;\n }\n}\n\n```\n\nThis functionality is available as part of our [commercial subscription](http://nginx.com/products/).\n", - "c": "`http`, `server`, `location`", - "s": "**fastcgi_cache_purge** string ...;" - }, - { - "m": "ngx_http_fastcgi_module", - "n": "fastcgi_cache_revalidate", - "d": "Enables revalidation of expired cache items using conditional requests with the “If-Modified-Since” and “If-None-Match” header fields.", - "v": "fastcgi\\_cache\\_revalidate off;", - "c": "`http`, `server`, `location`", - "s": "**fastcgi_cache_revalidate** `on` | `off`;" - }, - { - "m": "ngx_http_fastcgi_module", - "n": "fastcgi_cache_use_stale", - "d": "Determines in which cases a stale cached response can be used when an error occurs during communication with the FastCGI server. The directive’s parameters match the parameters of the [fastcgi\\_next\\_upstream](https://nginx.org/en/docs/http/ngx_http_fastcgi_module.html#fastcgi_next_upstream) directive.\nThe `error` parameter also permits using a stale cached response if a FastCGI server to process a request cannot be selected.", - "v": "fastcgi\\_cache\\_use\\_stale off;", - "c": "`http`, `server`, `location`", - "s": "**fastcgi_cache_use_stale** `error` | `timeout` | `invalid_header` | `updating` | `http_500` | `http_503` | `http_403` | `http_404` | `http_429` | `off` ...;" - }, - { - "m": "ngx_http_fastcgi_module", - "n": "fastcgi_cache_use_stale_updating", - "d": "Additionally, the `updating` parameter permits using a stale cached response if it is currently being updated. This allows minimizing the number of accesses to FastCGI servers when updating cached data.\nUsing a stale cached response can also be enabled directly in the response header for a specified number of seconds after the response became stale (1.11.10). This has lower priority than using the directive parameters.\n* The “[stale-while-revalidate](https://datatracker.ietf.org/doc/html/rfc5861#section-3)” extension of the “Cache-Control” header field permits using a stale cached response if it is currently being updated.\n* The “[stale-if-error](https://datatracker.ietf.org/doc/html/rfc5861#section-4)” extension of the “Cache-Control” header field permits using a stale cached response in case of an error.\n\nTo minimize the number of accesses to FastCGI servers when populating a new cache element, the [fastcgi\\_cache\\_lock](https://nginx.org/en/docs/http/ngx_http_fastcgi_module.html#fastcgi_cache_lock) directive can be used.", - "v": "fastcgi\\_cache\\_use\\_stale off;", - "c": "`http`, `server`, `location`", - "s": "**fastcgi_cache_use_stale** `error` | `timeout` | `invalid_header` | `updating` | `http_500` | `http_503` | `http_403` | `http_404` | `http_429` | `off` ...;" - }, - { - "m": "ngx_http_fastcgi_module", - "n": "fastcgi_cache_valid", - "d": "Sets caching time for different response codes. For example, the following directives\n```\nfastcgi_cache_valid 200 302 10m;\nfastcgi_cache_valid 404 1m;\n\n```\nset 10 minutes of caching for responses with codes 200 and 302 and 1 minute for responses with code 404.\nIf only caching `_time_` is specified\n```\nfastcgi_cache_valid 5m;\n\n```\nthen only 200, 301, and 302 responses are cached.\nIn addition, the `any` parameter can be specified to cache any responses:\n```\nfastcgi_cache_valid 200 302 10m;\nfastcgi_cache_valid 301 1h;\nfastcgi_cache_valid any 1m;\n\n```\n\nParameters of caching can also be set directly in the response header. This has higher priority than setting of caching time using the directive.\n* The “X-Accel-Expires” header field sets caching time of a response in seconds. The zero value disables caching for a response. If the value starts with the `@` prefix, it sets an absolute time in seconds since Epoch, up to which the response may be cached.\n* If the header does not include the “X-Accel-Expires” field, parameters of caching may be set in the header fields “Expires” or “Cache-Control”.\n* If the header includes the “Set-Cookie” field, such a response will not be cached.\n* If the header includes the “Vary” field with the special value “`*`”, such a response will not be cached (1.7.7). If the header includes the “Vary” field with another value, such a response will be cached taking into account the corresponding request header fields (1.7.7).\nProcessing of one or more of these response header fields can be disabled using the [fastcgi\\_ignore\\_headers](https://nginx.org/en/docs/http/ngx_http_fastcgi_module.html#fastcgi_ignore_headers) directive.", - "c": "`http`, `server`, `location`", - "s": "**fastcgi_cache_valid** [`_code_` ...] `_time_`;" - }, - { - "m": "ngx_http_fastcgi_module", - "n": "fastcgi_catch_stderr", - "d": "Sets a string to search for in the error stream of a response received from a FastCGI server. If the `_string_` is found then it is considered that the FastCGI server has returned an [invalid response](https://nginx.org/en/docs/http/ngx_http_fastcgi_module.html#fastcgi_next_upstream). This allows handling application errors in nginx, for example:\n```\nlocation /php/ {\n fastcgi_pass backend:9000;\n ...\n fastcgi_catch_stderr \"PHP Fatal error\";\n fastcgi_next_upstream error timeout invalid_header;\n}\n\n```\n", - "c": "`http`, `server`, `location`", - "s": "**fastcgi_catch_stderr** `_string_`;" - }, - { - "m": "ngx_http_fastcgi_module", - "n": "fastcgi_connect_timeout", - "d": "Defines a timeout for establishing a connection with a FastCGI server. It should be noted that this timeout cannot usually exceed 75 seconds.", - "v": "fastcgi\\_connect\\_timeout 60s;", - "c": "`http`, `server`, `location`", - "s": "**fastcgi_connect_timeout** `_time_`;" - }, - { - "m": "ngx_http_fastcgi_module", - "n": "fastcgi_force_ranges", - "d": "Enables byte-range support for both cached and uncached responses from the FastCGI server regardless of the “Accept-Ranges” field in these responses.", - "v": "fastcgi\\_force\\_ranges off;", - "c": "`http`, `server`, `location`", - "s": "**fastcgi_force_ranges** `on` | `off`;" - }, - { - "m": "ngx_http_fastcgi_module", - "n": "fastcgi_hide_header", - "d": "By default, nginx does not pass the header fields “Status” and “X-Accel-...” from the response of a FastCGI server to a client. The `fastcgi_hide_header` directive sets additional fields that will not be passed. If, on the contrary, the passing of fields needs to be permitted, the [fastcgi\\_pass\\_header](https://nginx.org/en/docs/http/ngx_http_fastcgi_module.html#fastcgi_pass_header) directive can be used.", - "c": "`http`, `server`, `location`", - "s": "**fastcgi_hide_header** `_field_`;" - }, - { - "m": "ngx_http_fastcgi_module", - "n": "fastcgi_ignore_client_abort", - "d": "Determines whether the connection with a FastCGI server should be closed when a client closes the connection without waiting for a response.", - "v": "fastcgi\\_ignore\\_client\\_abort off;", - "c": "`http`, `server`, `location`", - "s": "**fastcgi_ignore_client_abort** `on` | `off`;" - }, - { - "m": "ngx_http_fastcgi_module", - "n": "fastcgi_ignore_headers", - "d": "Disables processing of certain response header fields from the FastCGI server. The following fields can be ignored: “X-Accel-Redirect”, “X-Accel-Expires”, “X-Accel-Limit-Rate” (1.1.6), “X-Accel-Buffering” (1.1.6), “X-Accel-Charset” (1.1.6), “Expires”, “Cache-Control”, “Set-Cookie” (0.8.44), and “Vary” (1.7.7).\nIf not disabled, processing of these header fields has the following effect:\n* “X-Accel-Expires”, “Expires”, “Cache-Control”, “Set-Cookie”, and “Vary” set the parameters of response [caching](https://nginx.org/en/docs/http/ngx_http_fastcgi_module.html#fastcgi_cache_valid);\n* “X-Accel-Redirect” performs an [internal redirect](https://nginx.org/en/docs/http/ngx_http_core_module.html#internal) to the specified URI;\n* “X-Accel-Limit-Rate” sets the [rate limit](https://nginx.org/en/docs/http/ngx_http_core_module.html#limit_rate) for transmission of a response to a client;\n* “X-Accel-Buffering” enables or disables [buffering](https://nginx.org/en/docs/http/ngx_http_fastcgi_module.html#fastcgi_buffering) of a response;\n* “X-Accel-Charset” sets the desired [charset](https://nginx.org/en/docs/http/ngx_http_charset_module.html#charset) of a response.\n", - "c": "`http`, `server`, `location`", - "s": "**fastcgi_ignore_headers** `_field_` ...;" - }, - { - "m": "ngx_http_fastcgi_module", - "n": "fastcgi_index", - "d": "Sets a file name that will be appended after a URI that ends with a slash, in the value of the `$fastcgi_script_name` variable. For example, with these settings\n```\nfastcgi_index index.php;\nfastcgi_param SCRIPT_FILENAME /home/www/scripts/php$fastcgi_script_name;\n\n```\nand the “`/page.php`” request, the `SCRIPT_FILENAME` parameter will be equal to “`/home/www/scripts/php/page.php`”, and with the “`/`” request it will be equal to “`/home/www/scripts/php/index.php`”.", - "c": "`http`, `server`, `location`", - "s": "**fastcgi_index** `_name_`;" - }, - { - "m": "ngx_http_fastcgi_module", - "n": "fastcgi_intercept_errors", - "d": "Determines whether FastCGI server responses with codes greater than or equal to 300 should be passed to a client or be intercepted and redirected to nginx for processing with the [error\\_page](https://nginx.org/en/docs/http/ngx_http_core_module.html#error_page) directive.", - "v": "fastcgi\\_intercept\\_errors off;", - "c": "`http`, `server`, `location`", - "s": "**fastcgi_intercept_errors** `on` | `off`;" - }, - { - "m": "ngx_http_fastcgi_module", - "n": "fastcgi_keep_conn", - "d": "By default, a FastCGI server will close a connection right after sending the response. However, when this directive is set to the value `on`, nginx will instruct a FastCGI server to keep connections open. This is necessary, in particular, for [keepalive](https://nginx.org/en/docs/http/ngx_http_upstream_module.html#keepalive) connections to FastCGI servers to function.", - "v": "fastcgi\\_keep\\_conn off;", - "c": "`http`, `server`, `location`", - "s": "**fastcgi_keep_conn** `on` | `off`;" - }, - { - "m": "ngx_http_fastcgi_module", - "n": "fastcgi_limit_rate", - "d": "Limits the speed of reading the response from the FastCGI server. The `_rate_` is specified in bytes per second. The zero value disables rate limiting. The limit is set per a request, and so if nginx simultaneously opens two connections to the FastCFI server, the overall rate will be twice as much as the specified limit. The limitation works only if [buffering](https://nginx.org/en/docs/http/ngx_http_fastcgi_module.html#fastcgi_buffering) of responses from the FastCGI server is enabled.", - "v": "fastcgi\\_limit\\_rate 0;", - "c": "`http`, `server`, `location`", - "s": "**fastcgi_limit_rate** `_rate_`;" - }, - { - "m": "ngx_http_fastcgi_module", - "n": "fastcgi_max_temp_file_size", - "d": "When [buffering](https://nginx.org/en/docs/http/ngx_http_fastcgi_module.html#fastcgi_buffering) of responses from the FastCGI server is enabled, and the whole response does not fit into the buffers set by the [fastcgi\\_buffer\\_size](https://nginx.org/en/docs/http/ngx_http_fastcgi_module.html#fastcgi_buffer_size) and [fastcgi\\_buffers](https://nginx.org/en/docs/http/ngx_http_fastcgi_module.html#fastcgi_buffers) directives, a part of the response can be saved to a temporary file. This directive sets the maximum `_size_` of the temporary file. The size of data written to the temporary file at a time is set by the [fastcgi\\_temp\\_file\\_write\\_size](https://nginx.org/en/docs/http/ngx_http_fastcgi_module.html#fastcgi_temp_file_write_size) directive.\nThe zero value disables buffering of responses to temporary files.\n\nThis restriction does not apply to responses that will be [cached](https://nginx.org/en/docs/http/ngx_http_fastcgi_module.html#fastcgi_cache) or [stored](https://nginx.org/en/docs/http/ngx_http_fastcgi_module.html#fastcgi_store) on disk.\n", - "v": "fastcgi\\_max\\_temp\\_file\\_size 1024m;", - "c": "`http`, `server`, `location`", - "s": "**fastcgi_max_temp_file_size** `_size_`;" - }, - { - "m": "ngx_http_fastcgi_module", - "n": "fastcgi_next_upstream", - "d": "Specifies in which cases a request should be passed to the next server:\n`error`\n\nan error occurred while establishing a connection with the server, passing a request to it, or reading the response header;\n\n`timeout`\n\na timeout has occurred while establishing a connection with the server, passing a request to it, or reading the response header;\n\n`invalid_header`\n\na server returned an empty or invalid response;\n\n`http_500`\n\na server returned a response with the code 500;\n\n`http_503`\n\na server returned a response with the code 503;\n\n`http_403`\n\na server returned a response with the code 403;\n\n`http_404`\n\na server returned a response with the code 404;\n\n`http_429`\n\na server returned a response with the code 429 (1.11.13);\n\n`non_idempotent`\n\nnormally, requests with a [non-idempotent](https://datatracker.ietf.org/doc/html/rfc7231#section-4.2.2) method (`POST`, `LOCK`, `PATCH`) are not passed to the next server if a request has been sent to an upstream server (1.9.13); enabling this option explicitly allows retrying such requests;\n\n`off`\n\ndisables passing a request to the next server.\n\nOne should bear in mind that passing a request to the next server is only possible if nothing has been sent to a client yet. That is, if an error or timeout occurs in the middle of the transferring of a response, fixing this is impossible.\nThe directive also defines what is considered an [unsuccessful attempt](https://nginx.org/en/docs/http/ngx_http_upstream_module.html#max_fails) of communication with a server. The cases of `error`, `timeout` and `invalid_header` are always considered unsuccessful attempts, even if they are not specified in the directive. The cases of `http_500`, `http_503`, and `http_429` are considered unsuccessful attempts only if they are specified in the directive. The cases of `http_403` and `http_404` are never considered unsuccessful attempts.\nPassing a request to the next server can be limited by [the number of tries](https://nginx.org/en/docs/http/ngx_http_fastcgi_module.html#fastcgi_next_upstream_tries) and by [time](https://nginx.org/en/docs/http/ngx_http_fastcgi_module.html#fastcgi_next_upstream_timeout).", - "v": "fastcgi\\_next\\_upstream error timeout;", - "c": "`http`, `server`, `location`", - "s": "**fastcgi_next_upstream** `error` | `timeout` | `invalid_header` | `http_500` | `http_503` | `http_403` | `http_404` | `http_429` | `non_idempotent` | `off` ...;" - }, - { - "m": "ngx_http_fastcgi_module", - "n": "fastcgi_next_upstream_timeout", - "d": "Limits the time during which a request can be passed to the [next server](https://nginx.org/en/docs/http/ngx_http_fastcgi_module.html#fastcgi_next_upstream). The `0` value turns off this limitation.", - "v": "fastcgi\\_next\\_upstream\\_timeout 0;", - "c": "`http`, `server`, `location`", - "s": "**fastcgi_next_upstream_timeout** `_time_`;" - }, - { - "m": "ngx_http_fastcgi_module", - "n": "fastcgi_next_upstream_tries", - "d": "Limits the number of possible tries for passing a request to the [next server](https://nginx.org/en/docs/http/ngx_http_fastcgi_module.html#fastcgi_next_upstream). The `0` value turns off this limitation.", - "v": "fastcgi\\_next\\_upstream\\_tries 0;", - "c": "`http`, `server`, `location`", - "s": "**fastcgi_next_upstream_tries** `_number_`;" - }, - { - "m": "ngx_http_fastcgi_module", - "n": "fastcgi_no_cache", - "d": "Defines conditions under which the response will not be saved to a cache. If at least one value of the string parameters is not empty and is not equal to “0” then the response will not be saved:\n```\nfastcgi_no_cache $cookie_nocache $arg_nocache$arg_comment;\nfastcgi_no_cache $http_pragma $http_authorization;\n\n```\nCan be used along with the [fastcgi\\_cache\\_bypass](https://nginx.org/en/docs/http/ngx_http_fastcgi_module.html#fastcgi_cache_bypass) directive.", - "c": "`http`, `server`, `location`", - "s": "**fastcgi_no_cache** `_string_` ...;" - }, - { - "m": "ngx_http_fastcgi_module", - "n": "fastcgi_param", - "d": "Sets a `_parameter_` that should be passed to the FastCGI server. The `_value_` can contain text, variables, and their combination. These directives are inherited from the previous configuration level if and only if there are no `fastcgi_param` directives defined on the current level.\nThe following example shows the minimum required settings for PHP:\n```\nfastcgi_param SCRIPT_FILENAME /home/www/scripts/php$fastcgi_script_name;\nfastcgi_param QUERY_STRING $query_string;\n\n```\n\nThe `SCRIPT_FILENAME` parameter is used in PHP for determining the script name, and the `QUERY_STRING` parameter is used to pass request parameters.\nFor scripts that process `POST` requests, the following three parameters are also required:\n```\nfastcgi_param REQUEST_METHOD $request_method;\nfastcgi_param CONTENT_TYPE $content_type;\nfastcgi_param CONTENT_LENGTH $content_length;\n\n```\n\nIf PHP was built with the `--enable-force-cgi-redirect` configuration parameter, the `REDIRECT_STATUS` parameter should also be passed with the value “200”:\n```\nfastcgi_param REDIRECT_STATUS 200;\n\n```\n\nIf the directive is specified with `if_not_empty` (1.1.11) then such a parameter will be passed to the server only if its value is not empty:\n```\nfastcgi_param HTTPS $https if_not_empty;\n\n```\n", - "c": "`http`, `server`, `location`", - "s": "**fastcgi_param** `_parameter_` `_value_` [`if_not_empty`];" - }, - { - "m": "ngx_http_fastcgi_module", - "n": "fastcgi_pass", - "d": "Sets the address of a FastCGI server. The address can be specified as a domain name or IP address, and a port:\n```\nfastcgi_pass localhost:9000;\n\n```\nor as a UNIX-domain socket path:\n```\nfastcgi_pass unix:/tmp/fastcgi.socket;\n\n```\n\nIf a domain name resolves to several addresses, all of them will be used in a round-robin fashion. In addition, an address can be specified as a [server group](https://nginx.org/en/docs/http/ngx_http_upstream_module.html).\nParameter value can contain variables. In this case, if an address is specified as a domain name, the name is searched among the described [server groups](https://nginx.org/en/docs/http/ngx_http_upstream_module.html), and, if not found, is determined using a [resolver](https://nginx.org/en/docs/http/ngx_http_core_module.html#resolver).", - "c": "`location`, `if in location`", - "s": "**fastcgi_pass** `_address_`;" - }, - { - "m": "ngx_http_fastcgi_module", - "n": "fastcgi_pass_header", - "d": "Permits passing [otherwise disabled](https://nginx.org/en/docs/http/ngx_http_fastcgi_module.html#fastcgi_hide_header) header fields from a FastCGI server to a client.", - "c": "`http`, `server`, `location`", - "s": "**fastcgi_pass_header** `_field_`;" - }, - { - "m": "ngx_http_fastcgi_module", - "n": "fastcgi_pass_request_body", - "d": "Indicates whether the original request body is passed to the FastCGI server. See also the [fastcgi\\_pass\\_request\\_headers](https://nginx.org/en/docs/http/ngx_http_fastcgi_module.html#fastcgi_pass_request_headers) directive.", - "v": "fastcgi\\_pass\\_request\\_body on;", - "c": "`http`, `server`, `location`", - "s": "**fastcgi_pass_request_body** `on` | `off`;" - }, - { - "m": "ngx_http_fastcgi_module", - "n": "fastcgi_pass_request_headers", - "d": "Indicates whether the header fields of the original request are passed to the FastCGI server. See also the [fastcgi\\_pass\\_request\\_body](https://nginx.org/en/docs/http/ngx_http_fastcgi_module.html#fastcgi_pass_request_body) directive.", - "v": "fastcgi\\_pass\\_request\\_headers on;", - "c": "`http`, `server`, `location`", - "s": "**fastcgi_pass_request_headers** `on` | `off`;" - }, - { - "m": "ngx_http_fastcgi_module", - "n": "fastcgi_read_timeout", - "d": "Defines a timeout for reading a response from the FastCGI server. The timeout is set only between two successive read operations, not for the transmission of the whole response. If the FastCGI server does not transmit anything within this time, the connection is closed.", - "v": "fastcgi\\_read\\_timeout 60s;", - "c": "`http`, `server`, `location`", - "s": "**fastcgi_read_timeout** `_time_`;" - }, - { - "m": "ngx_http_fastcgi_module", - "n": "fastcgi_request_buffering", - "d": "Enables or disables buffering of a client request body.\nWhen buffering is enabled, the entire request body is [read](https://nginx.org/en/docs/http/ngx_http_core_module.html#client_body_buffer_size) from the client before sending the request to a FastCGI server.\nWhen buffering is disabled, the request body is sent to the FastCGI server immediately as it is received. In this case, the request cannot be passed to the [next server](https://nginx.org/en/docs/http/ngx_http_fastcgi_module.html#fastcgi_next_upstream) if nginx already started sending the request body.", - "v": "fastcgi\\_request\\_buffering on;", - "c": "`http`, `server`, `location`", - "s": "**fastcgi_request_buffering** `on` | `off`;" - }, - { - "m": "ngx_http_fastcgi_module", - "n": "fastcgi_send_lowat", - "d": "If the directive is set to a non-zero value, nginx will try to minimize the number of send operations on outgoing connections to a FastCGI server by using either `NOTE_LOWAT` flag of the [kqueue](https://nginx.org/en/docs/events.html#kqueue) method, or the `SO_SNDLOWAT` socket option, with the specified `_size_`.\nThis directive is ignored on Linux, Solaris, and Windows.", - "v": "fastcgi\\_send\\_lowat 0;", - "c": "`http`, `server`, `location`", - "s": "**fastcgi_send_lowat** `_size_`;" - }, - { - "m": "ngx_http_fastcgi_module", - "n": "fastcgi_send_timeout", - "d": "Sets a timeout for transmitting a request to the FastCGI server. The timeout is set only between two successive write operations, not for the transmission of the whole request. If the FastCGI server does not receive anything within this time, the connection is closed.", - "v": "fastcgi\\_send\\_timeout 60s;", - "c": "`http`, `server`, `location`", - "s": "**fastcgi_send_timeout** `_time_`;" - }, - { - "m": "ngx_http_fastcgi_module", - "n": "fastcgi_socket_keepalive", - "d": "Configures the “TCP keepalive” behavior for outgoing connections to a FastCGI server. By default, the operating system’s settings are in effect for the socket. If the directive is set to the value “`on`”, the `SO_KEEPALIVE` socket option is turned on for the socket.", - "v": "fastcgi\\_socket\\_keepalive off;", - "c": "`http`, `server`, `location`", - "s": "**fastcgi_socket_keepalive** `on` | `off`;" - }, - { - "m": "ngx_http_fastcgi_module", - "n": "fastcgi_split_path_info", - "d": "Defines a regular expression that captures a value for the `$fastcgi_path_info` variable. The regular expression should have two captures: the first becomes a value of the `$fastcgi_script_name` variable, the second becomes a value of the `$fastcgi_path_info` variable. For example, with these settings\n```\nlocation ~ ^(.+\\.php)(.*)$ {\n fastcgi_split_path_info ^(.+\\.php)(.*)$;\n fastcgi_param SCRIPT_FILENAME /path/to/php$fastcgi_script_name;\n fastcgi_param PATH_INFO $fastcgi_path_info;\n\n```\nand the “`/show.php/article/0001`” request, the `SCRIPT_FILENAME` parameter will be equal to “`/path/to/php/show.php`”, and the `PATH_INFO` parameter will be equal to “`/article/0001`”.", - "c": "`location`", - "s": "**fastcgi_split_path_info** `_regex_`;" - }, - { - "m": "ngx_http_fastcgi_module", - "n": "fastcgi_store", - "d": "Enables saving of files to a disk. The `on` parameter saves files with paths corresponding to the directives [alias](https://nginx.org/en/docs/http/ngx_http_core_module.html#alias) or [root](https://nginx.org/en/docs/http/ngx_http_core_module.html#root). The `off` parameter disables saving of files. In addition, the file name can be set explicitly using the `_string_` with variables:\n```\nfastcgi_store /data/www$original_uri;\n\n```\n\nThe modification time of files is set according to the received “Last-Modified” response header field. The response is first written to a temporary file, and then the file is renamed. Starting from version 0.8.9, temporary files and the persistent store can be put on different file systems. However, be aware that in this case a file is copied across two file systems instead of the cheap renaming operation. It is thus recommended that for any given location both saved files and a directory holding temporary files, set by the [fastcgi\\_temp\\_path](https://nginx.org/en/docs/http/ngx_http_fastcgi_module.html#fastcgi_temp_path) directive, are put on the same file system.\nThis directive can be used to create local copies of static unchangeable files, e.g.:\n```\nlocation /images/ {\n root /data/www;\n error_page 404 = /fetch$uri;\n}\n\nlocation /fetch/ {\n internal;\n\n fastcgi_pass backend:9000;\n ...\n\n fastcgi_store on;\n fastcgi_store_access user:rw group:rw all:r;\n fastcgi_temp_path /data/temp;\n\n alias /data/www/;\n}\n\n```\n", - "v": "fastcgi\\_store off;", - "c": "`http`, `server`, `location`", - "s": "**fastcgi_store** `on` | `off` | `_string_`;" - }, - { - "m": "ngx_http_fastcgi_module", - "n": "fastcgi_store_access", - "d": "Sets access permissions for newly created files and directories, e.g.:\n```\nfastcgi_store_access user:rw group:rw all:r;\n\n```\n\nIf any `group` or `all` access permissions are specified then `user` permissions may be omitted:\n```\nfastcgi_store_access group:rw all:r;\n\n```\n", - "v": "fastcgi\\_store\\_access user:rw;", - "c": "`http`, `server`, `location`", - "s": "**fastcgi_store_access** `_users_`:`_permissions_` ...;" - }, - { - "m": "ngx_http_fastcgi_module", - "n": "fastcgi_temp_file_write_size", - "d": "Limits the `_size_` of data written to a temporary file at a time, when buffering of responses from the FastCGI server to temporary files is enabled. By default, `_size_` is limited by two buffers set by the [fastcgi\\_buffer\\_size](https://nginx.org/en/docs/http/ngx_http_fastcgi_module.html#fastcgi_buffer_size) and [fastcgi\\_buffers](https://nginx.org/en/docs/http/ngx_http_fastcgi_module.html#fastcgi_buffers) directives. The maximum size of a temporary file is set by the [fastcgi\\_max\\_temp\\_file\\_size](https://nginx.org/en/docs/http/ngx_http_fastcgi_module.html#fastcgi_max_temp_file_size) directive.", - "v": "fastcgi\\_temp\\_file\\_write\\_size 8k|16k;", - "c": "`http`, `server`, `location`", - "s": "**fastcgi_temp_file_write_size** `_size_`;" - }, - { - "m": "ngx_http_fastcgi_module", - "n": "fastcgi_temp_path", - "d": "Defines a directory for storing temporary files with data received from FastCGI servers. Up to three-level subdirectory hierarchy can be used underneath the specified directory. For example, in the following configuration\n```\nfastcgi_temp_path /spool/nginx/fastcgi_temp 1 2;\n\n```\na temporary file might look like this:\n```\n/spool/nginx/fastcgi_temp/7/45/00000123457\n\n```\n\nSee also the `use_temp_path` parameter of the [fastcgi\\_cache\\_path](https://nginx.org/en/docs/http/ngx_http_fastcgi_module.html#fastcgi_cache_path) directive.", - "v": "fastcgi\\_temp\\_path fastcgi\\_temp;", - "c": "`http`, `server`, `location`", - "s": "**fastcgi_temp_path** `_path_` [`_level1_` [`_level2_` [`_level3_`]]];" - }, - { - "m": "ngx_http_fastcgi_module", - "n": "parameters", - "d": "#### Parameters Passed to a FastCGI Server\nHTTP request header fields are passed to a FastCGI server as parameters. In applications and scripts running as FastCGI servers, these parameters are usually made available as environment variables. For example, the “User-Agent” header field is passed as the `HTTP_USER_AGENT` parameter. In addition to HTTP request header fields, it is possible to pass arbitrary parameters using the [fastcgi\\_param](https://nginx.org/en/docs/http/ngx_http_fastcgi_module.html#fastcgi_param) directive.", - "v": "fastcgi\\_temp\\_path fastcgi\\_temp;", - "c": "`http`, `server`, `location`", - "s": "**fastcgi_temp_path** `_path_` [`_level1_` [`_level2_` [`_level3_`]]];" - }, - { - "m": "ngx_http_fastcgi_module", - "n": "variables", - "d": "#### Embedded Variables\nThe `ngx_http_fastcgi_module` module supports embedded variables that can be used to set parameters using the [fastcgi\\_param](https://nginx.org/en/docs/http/ngx_http_fastcgi_module.html#fastcgi_param) directive:\n`$fastcgi_script_name`\n\nrequest URI or, if a URI ends with a slash, request URI with an index file name configured by the [fastcgi\\_index](https://nginx.org/en/docs/http/ngx_http_fastcgi_module.html#fastcgi_index) directive appended to it. This variable can be used to set the `SCRIPT_FILENAME` and `PATH_TRANSLATED` parameters that determine the script name in PHP. For example, for the “`/info/`” request with the following directives\n\n> fastcgi\\_index index.php;\n> fastcgi\\_param SCRIPT\\_FILENAME /home/www/scripts/php$fastcgi\\_script\\_name;\n\nthe `SCRIPT_FILENAME` parameter will be equal to “`/home/www/scripts/php/info/index.php`”.\n\nWhen using the [fastcgi\\_split\\_path\\_info](https://nginx.org/en/docs/http/ngx_http_fastcgi_module.html#fastcgi_split_path_info) directive, the `$fastcgi_script_name` variable equals the value of the first capture set by the directive.\n\n`$fastcgi_path_info`\n\nthe value of the second capture set by the [fastcgi\\_split\\_path\\_info](https://nginx.org/en/docs/http/ngx_http_fastcgi_module.html#fastcgi_split_path_info) directive. This variable can be used to set the `PATH_INFO` parameter.\n", - "v": "fastcgi\\_temp\\_path fastcgi\\_temp;", - "c": "`http`, `server`, `location`", - "s": "**fastcgi_temp_path** `_path_` [`_level1_` [`_level2_` [`_level3_`]]];" - }, - { - "m": "ngx_http_fastcgi_module", - "n": "$fastcgi_script_name\n", - "d": "the value of the second capture set by the [fastcgi\\_split\\_path\\_info](https://nginx.org/en/docs/http/ngx_http_fastcgi_module.html#fastcgi_split_path_info) directive. This variable can be used to set the `PATH_INFO` parameter." - }, - { - "m": "ngx_http_fastcgi_module", - "n": "$fastcgi_path_info", - "d": "the value of the second capture set by the [fastcgi\\_split\\_path\\_info](https://nginx.org/en/docs/http/ngx_http_fastcgi_module.html#fastcgi_split_path_info) directive. This variable can be used to set the `PATH_INFO` parameter." - }, - { - "m": "ngx_http_flv_module", - "n": "flv", - "d": "Turns on module processing in a surrounding location.", - "c": "`location`", - "s": "**flv**;" - }, - { - "m": "ngx_http_geo_module", - "n": "geo", - "d": "Describes the dependency of values of the specified variable on the client IP address. By default, the address is taken from the `$remote_addr` variable, but it can also be taken from another variable (0.7.27), for example:\n```\ngeo $arg_remote_addr $geo {\n ...;\n}\n\n```\n\n\nSince variables are evaluated only when used, the mere existence of even a large number of declared “`geo`” variables does not cause any extra costs for request processing.\n\nIf the value of a variable does not represent a valid IP address then the “`255.255.255.255`” address is used.\nAddresses are specified either as prefixes in CIDR notation (including individual addresses) or as ranges (0.7.23).\nIPv6 prefixes are supported starting from versions 1.3.10 and 1.2.7.\n\nThe following special parameters are also supported:\n`delete`\n\ndeletes the specified network (0.7.23).\n\n`default`\n\na value set to the variable if the client address does not match any of the specified addresses. When addresses are specified in CIDR notation, “`0.0.0.0/0`” and “`::/0`” can be used instead of `default`. When `default` is not specified, the default value will be an empty string.\n\n`include`\n\nincludes a file with addresses and values. There can be several inclusions.\n\n`proxy`\n\ndefines trusted addresses (0.8.7, 0.7.63). When a request comes from a trusted address, an address from the “X-Forwarded-For” request header field will be used instead. In contrast to the regular addresses, trusted addresses are checked sequentially.\n\n> Trusted IPv6 addresses are supported starting from versions 1.3.0 and 1.2.1.\n\n`proxy_recursive`\n\nenables recursive address search (1.3.0, 1.2.1). If recursive search is disabled then instead of the original client address that matches one of the trusted addresses, the last address sent in “X-Forwarded-For” will be used. If recursive search is enabled then instead of the original client address that matches one of the trusted addresses, the last non-trusted address sent in “X-Forwarded-For” will be used.\n\n`ranges`\n\nindicates that addresses are specified as ranges (0.7.23). This parameter should be the first. To speed up loading of a geo base, addresses should be put in ascending order.\n\nExample:\n```\ngeo $country {\n default ZZ;\n include conf/geo.conf;\n delete 127.0.0.0/16;\n proxy 192.168.100.0/24;\n proxy 2001:0db8::/32;\n\n 127.0.0.0/24 US;\n 127.0.0.1/32 RU;\n 10.1.0.0/16 RU;\n 192.168.1.0/24 UK;\n}\n\n```\n\nThe `conf/geo.conf` file could contain the following lines:\n```\n10.2.0.0/16 RU;\n192.168.2.0/24 RU;\n\n```\n\nA value of the most specific match is used. For example, for the 127.0.0.1 address the value “`RU`” will be chosen, not “`US`”.\nExample with ranges:\n```\ngeo $country {\n ranges;\n default ZZ;\n 127.0.0.0-127.0.0.0 US;\n 127.0.0.1-127.0.0.1 RU;\n 127.0.0.1-127.0.0.255 US;\n 10.1.0.0-10.1.255.255 RU;\n 192.168.1.0-192.168.1.255 UK;\n}\n\n```\n", - "c": "`http`", - "s": "**geo** [`_$address_`] `_$variable_` { ... }" - }, - { - "m": "ngx_http_geoip_module", - "n": "geoip_country", - "d": "Specifies a database used to determine the country depending on the client IP address. The following variables are available when using this database:\n`$geoip_country_code`\n\ntwo-letter country code, for example, “`RU`”, “`US`”.\n\n`$geoip_country_code3`\n\nthree-letter country code, for example, “`RUS`”, “`USA`”.\n\n`$geoip_country_name`\n\ncountry name, for example, “`Russian Federation`”, “`United States`”.\n", - "c": "`http`", - "s": "**geoip_country** `_file_`;" - }, - { - "m": "ngx_http_geoip_module", - "n": "geoip_city", - "d": "Specifies a database used to determine the country, region, and city depending on the client IP address. The following variables are available when using this database:\n`$geoip_area_code`\n\ntelephone area code (US only).\n\n> This variable may contain outdated information since the corresponding database field is deprecated.\n\n`$geoip_city_continent_code`\n\ntwo-letter continent code, for example, “`EU`”, “`NA`”.\n\n`$geoip_city_country_code`\n\ntwo-letter country code, for example, “`RU`”, “`US`”.\n\n`$geoip_city_country_code3`\n\nthree-letter country code, for example, “`RUS`”, “`USA`”.\n\n`$geoip_city_country_name`\n\ncountry name, for example, “`Russian Federation`”, “`United States`”.\n\n`$geoip_dma_code`\n\nDMA region code in US (also known as “metro code”), according to the [geotargeting](https://developers.google.com/adwords/api/docs/appendix/cities-DMAregions) in Google AdWords API.\n\n`$geoip_latitude`\n\nlatitude.\n\n`$geoip_longitude`\n\nlongitude.\n\n`$geoip_region`\n\ntwo-symbol country region code (region, territory, state, province, federal land and the like), for example, “`48`”, “`DC`”.\n\n`$geoip_region_name`\n\ncountry region name (region, territory, state, province, federal land and the like), for example, “`Moscow City`”, “`District of Columbia`”.\n\n`$geoip_city`\n\ncity name, for example, “`Moscow`”, “`Washington`”.\n\n`$geoip_postal_code`\n\npostal code.\n", - "c": "`http`", - "s": "**geoip_city** `_file_`;" - }, - { - "m": "ngx_http_geoip_module", - "n": "geoip_org", - "d": "Specifies a database used to determine the organization depending on the client IP address. The following variable is available when using this database:\n`$geoip_org`\n\norganization name, for example, “The University of Melbourne”.\n", - "c": "`http`", - "s": "**geoip_org** `_file_`;" - }, - { - "m": "ngx_http_geoip_module", - "n": "geoip_proxy", - "d": "Defines trusted addresses. When a request comes from a trusted address, an address from the “X-Forwarded-For” request header field will be used instead.", - "c": "`http`", - "s": "**geoip_proxy** `_address_` | `_CIDR_`;" - }, - { - "m": "ngx_http_geoip_module", - "n": "geoip_proxy_recursive", - "d": "If recursive search is disabled then instead of the original client address that matches one of the trusted addresses, the last address sent in “X-Forwarded-For” will be used. If recursive search is enabled then instead of the original client address that matches one of the trusted addresses, the last non-trusted address sent in “X-Forwarded-For” will be used.", - "v": "geoip\\_proxy\\_recursive off;", - "c": "`http`", - "s": "**geoip_proxy_recursive** `on` | `off`;" - }, - { - "m": "ngx_http_grpc_module", - "n": "grpc_bind", - "d": "Makes outgoing connections to a gRPC server originate from the specified local IP address with an optional port. Parameter value can contain variables. The special value `off` cancels the effect of the `grpc_bind` directive inherited from the previous configuration level, which allows the system to auto-assign the local IP address and port.", - "c": "`http`, `server`, `location`", - "s": "**grpc_bind** `_address_` [`transparent` ] | `off`;" - }, - { - "m": "ngx_http_grpc_module", - "n": "grpc_bind_transparent", - "d": "The `transparent` parameter allows outgoing connections to a gRPC server originate from a non-local IP address, for example, from a real IP address of a client:\n```\ngrpc_bind $remote_addr transparent;\n\n```\nIn order for this parameter to work, it is usually necessary to run nginx worker processes with the [superuser](https://nginx.org/en/docs/ngx_core_module.html#user) privileges. On Linux it is not required as if the `transparent` parameter is specified, worker processes inherit the `CAP_NET_RAW` capability from the master process. It is also necessary to configure kernel routing table to intercept network traffic from the gRPC server.", - "c": "`http`, `server`, `location`", - "s": "**grpc_bind** `_address_` [`transparent` ] | `off`;" - }, - { - "m": "ngx_http_grpc_module", - "n": "grpc_buffer_size", - "d": "Sets the `_size_` of the buffer used for reading the response received from the gRPC server. The response is passed to the client synchronously, as soon as it is received.", - "v": "grpc\\_buffer\\_size 4k|8k;", - "c": "`http`, `server`, `location`", - "s": "**grpc_buffer_size** `_size_`;" - }, - { - "m": "ngx_http_grpc_module", - "n": "grpc_connect_timeout", - "d": "Defines a timeout for establishing a connection with a gRPC server. It should be noted that this timeout cannot usually exceed 75 seconds.", - "v": "grpc\\_connect\\_timeout 60s;", - "c": "`http`, `server`, `location`", - "s": "**grpc_connect_timeout** `_time_`;" - }, - { - "m": "ngx_http_grpc_module", - "n": "grpc_hide_header", - "d": "By default, nginx does not pass the header fields “Date”, “Server”, and “X-Accel-...” from the response of a gRPC server to a client. The `grpc_hide_header` directive sets additional fields that will not be passed. If, on the contrary, the passing of fields needs to be permitted, the [grpc\\_pass\\_header](https://nginx.org/en/docs/http/ngx_http_grpc_module.html#grpc_pass_header) directive can be used.", - "c": "`http`, `server`, `location`", - "s": "**grpc_hide_header** `_field_`;" - }, - { - "m": "ngx_http_grpc_module", - "n": "grpc_ignore_headers", - "d": "Disables processing of certain response header fields from the gRPC server. The following fields can be ignored: “X-Accel-Redirect” and “X-Accel-Charset”.\nIf not disabled, processing of these header fields has the following effect:\n* “X-Accel-Redirect” performs an [internal redirect](https://nginx.org/en/docs/http/ngx_http_core_module.html#internal) to the specified URI;\n* “X-Accel-Charset” sets the desired [charset](https://nginx.org/en/docs/http/ngx_http_charset_module.html#charset) of a response.\n", - "c": "`http`, `server`, `location`", - "s": "**grpc_ignore_headers** `_field_` ...;" - }, - { - "m": "ngx_http_grpc_module", - "n": "grpc_intercept_errors", - "d": "Determines whether gRPC server responses with codes greater than or equal to 300 should be passed to a client or be intercepted and redirected to nginx for processing with the [error\\_page](https://nginx.org/en/docs/http/ngx_http_core_module.html#error_page) directive.", - "v": "grpc\\_intercept\\_errors off;", - "c": "`http`, `server`, `location`", - "s": "**grpc_intercept_errors** `on` | `off`;" - }, - { - "m": "ngx_http_grpc_module", - "n": "grpc_next_upstream", - "d": "Specifies in which cases a request should be passed to the next server:\n`error`\n\nan error occurred while establishing a connection with the server, passing a request to it, or reading the response header;\n\n`timeout`\n\na timeout has occurred while establishing a connection with the server, passing a request to it, or reading the response header;\n\n`invalid_header`\n\na server returned an empty or invalid response;\n\n`http_500`\n\na server returned a response with the code 500;\n\n`http_502`\n\na server returned a response with the code 502;\n\n`http_503`\n\na server returned a response with the code 503;\n\n`http_504`\n\na server returned a response with the code 504;\n\n`http_403`\n\na server returned a response with the code 403;\n\n`http_404`\n\na server returned a response with the code 404;\n\n`http_429`\n\na server returned a response with the code 429;\n\n`non_idempotent`\n\nnormally, requests with a [non-idempotent](https://datatracker.ietf.org/doc/html/rfc7231#section-4.2.2) method (`POST`, `LOCK`, `PATCH`) are not passed to the next server if a request has been sent to an upstream server; enabling this option explicitly allows retrying such requests;\n\n`off`\n\ndisables passing a request to the next server.\n\nOne should bear in mind that passing a request to the next server is only possible if nothing has been sent to a client yet. That is, if an error or timeout occurs in the middle of the transferring of a response, fixing this is impossible.\nThe directive also defines what is considered an [unsuccessful attempt](https://nginx.org/en/docs/http/ngx_http_upstream_module.html#max_fails) of communication with a server. The cases of `error`, `timeout` and `invalid_header` are always considered unsuccessful attempts, even if they are not specified in the directive. The cases of `http_500`, `http_502`, `http_503`, `http_504`, and `http_429` are considered unsuccessful attempts only if they are specified in the directive. The cases of `http_403` and `http_404` are never considered unsuccessful attempts.\nPassing a request to the next server can be limited by [the number of tries](https://nginx.org/en/docs/http/ngx_http_grpc_module.html#grpc_next_upstream_tries) and by [time](https://nginx.org/en/docs/http/ngx_http_grpc_module.html#grpc_next_upstream_timeout).", - "v": "grpc\\_next\\_upstream error timeout;", - "c": "`http`, `server`, `location`", - "s": "**grpc_next_upstream** `error` | `timeout` | `invalid_header` | `http_500` | `http_502` | `http_503` | `http_504` | `http_403` | `http_404` | `http_429` | `non_idempotent` | `off` ...;" - }, - { - "m": "ngx_http_grpc_module", - "n": "grpc_next_upstream_timeout", - "d": "Limits the time during which a request can be passed to the [next server](https://nginx.org/en/docs/http/ngx_http_grpc_module.html#grpc_next_upstream). The `0` value turns off this limitation.", - "v": "grpc\\_next\\_upstream\\_timeout 0;", - "c": "`http`, `server`, `location`", - "s": "**grpc_next_upstream_timeout** `_time_`;" - }, - { - "m": "ngx_http_grpc_module", - "n": "grpc_next_upstream_tries", - "d": "Limits the number of possible tries for passing a request to the [next server](https://nginx.org/en/docs/http/ngx_http_grpc_module.html#grpc_next_upstream). The `0` value turns off this limitation.", - "v": "grpc\\_next\\_upstream\\_tries 0;", - "c": "`http`, `server`, `location`", - "s": "**grpc_next_upstream_tries** `_number_`;" - }, - { - "m": "ngx_http_grpc_module", - "n": "grpc_pass", - "d": "Sets the gRPC server address. The address can be specified as a domain name or IP address, and a port:\n```\ngrpc_pass localhost:9000;\n\n```\nor as a UNIX-domain socket path:\n```\ngrpc_pass unix:/tmp/grpc.socket;\n\n```\nAlternatively, the “`grpc://`” scheme can be used:\n```\ngrpc_pass grpc://127.0.0.1:9000;\n\n```\nTo use gRPC over SSL, the “`grpcs://`” scheme should be used:\n```\ngrpc_pass grpcs://127.0.0.1:443;\n\n```\n\nIf a domain name resolves to several addresses, all of them will be used in a round-robin fashion. In addition, an address can be specified as a [server group](https://nginx.org/en/docs/http/ngx_http_upstream_module.html).\nParameter value can contain variables (1.17.8). In this case, if an address is specified as a domain name, the name is searched among the described [server groups](https://nginx.org/en/docs/http/ngx_http_upstream_module.html), and, if not found, is determined using a [resolver](https://nginx.org/en/docs/http/ngx_http_core_module.html#resolver).", - "c": "`location`, `if in location`", - "s": "**grpc_pass** `_address_`;" - }, - { - "m": "ngx_http_grpc_module", - "n": "grpc_pass_header", - "d": "Permits passing [otherwise disabled](https://nginx.org/en/docs/http/ngx_http_grpc_module.html#grpc_hide_header) header fields from a gRPC server to a client.", - "c": "`http`, `server`, `location`", - "s": "**grpc_pass_header** `_field_`;" - }, - { - "m": "ngx_http_grpc_module", - "n": "grpc_read_timeout", - "d": "Defines a timeout for reading a response from the gRPC server. The timeout is set only between two successive read operations, not for the transmission of the whole response. If the gRPC server does not transmit anything within this time, the connection is closed.", - "v": "grpc\\_read\\_timeout 60s;", - "c": "`http`, `server`, `location`", - "s": "**grpc_read_timeout** `_time_`;" - }, - { - "m": "ngx_http_grpc_module", - "n": "grpc_send_timeout", - "d": "Sets a timeout for transmitting a request to the gRPC server. The timeout is set only between two successive write operations, not for the transmission of the whole request. If the gRPC server does not receive anything within this time, the connection is closed.", - "v": "grpc\\_send\\_timeout 60s;", - "c": "`http`, `server`, `location`", - "s": "**grpc_send_timeout** `_time_`;" - }, - { - "m": "ngx_http_grpc_module", - "n": "grpc_set_header", - "d": "Allows redefining or appending fields to the request header [passed](https://nginx.org/en/docs/http/ngx_http_grpc_module.html#grpc_pass_request_headers) to the gRPC server. The `_value_` can contain text, variables, and their combinations. These directives are inherited from the previous configuration level if and only if there are no `grpc_set_header` directives defined on the current level.\nIf the value of a header field is an empty string then this field will not be passed to a gRPC server:\n```\ngrpc_set_header Accept-Encoding \"\";\n\n```\n", - "v": "grpc\\_set\\_header Content-Length $content\\_length;", - "c": "`http`, `server`, `location`", - "s": "**grpc_set_header** `_field_` `_value_`;" - }, - { - "m": "ngx_http_grpc_module", - "n": "grpc_socket_keepalive", - "d": "Configures the “TCP keepalive” behavior for outgoing connections to a gRPC server. By default, the operating system’s settings are in effect for the socket. If the directive is set to the value “`on`”, the `SO_KEEPALIVE` socket option is turned on for the socket.", - "v": "grpc\\_socket\\_keepalive off;", - "c": "`http`, `server`, `location`", - "s": "**grpc_socket_keepalive** `on` | `off`;" - }, - { - "m": "ngx_http_grpc_module", - "n": "grpc_ssl_certificate", - "d": "Specifies a `_file_` with the certificate in the PEM format used for authentication to a gRPC SSL server.\nSince version 1.21.0, variables can be used in the `_file_` name.", - "c": "`http`, `server`, `location`", - "s": "**grpc_ssl_certificate** `_file_`;" - }, - { - "m": "ngx_http_grpc_module", - "n": "grpc_ssl_certificate_key", - "d": "Specifies a `_file_` with the secret key in the PEM format used for authentication to a gRPC SSL server.\nThe value `engine`:`_name_`:`_id_` can be specified instead of the `_file_`, which loads a secret key with a specified `_id_` from the OpenSSL engine `_name_`.\nSince version 1.21.0, variables can be used in the `_file_` name.", - "c": "`http`, `server`, `location`", - "s": "**grpc_ssl_certificate_key** `_file_`;" - }, - { - "m": "ngx_http_grpc_module", - "n": "grpc_ssl_ciphers", - "d": "Specifies the enabled ciphers for requests to a gRPC SSL server. The ciphers are specified in the format understood by the OpenSSL library.\nThe full list can be viewed using the “`openssl ciphers`” command.", - "v": "grpc\\_ssl\\_ciphers DEFAULT;", - "c": "`http`, `server`, `location`", - "s": "**grpc_ssl_ciphers** `_ciphers_`;" - }, - { - "m": "ngx_http_grpc_module", - "n": "grpc_ssl_conf_command", - "d": "Sets arbitrary OpenSSL configuration [commands](https://www.openssl.org/docs/man1.1.1/man3/SSL_CONF_cmd.html) when establishing a connection with the gRPC SSL server.\nThe directive is supported when using OpenSSL 1.0.2 or higher.\n\nSeveral `grpc_ssl_conf_command` directives can be specified on the same level. These directives are inherited from the previous configuration level if and only if there are no `grpc_ssl_conf_command` directives defined on the current level.\n\nNote that configuring OpenSSL directly might result in unexpected behavior.\n", - "c": "`http`, `server`, `location`", - "s": "**grpc_ssl_conf_command** `_name_` `_value_`;" - }, - { - "m": "ngx_http_grpc_module", - "n": "grpc_ssl_crl", - "d": "Specifies a `_file_` with revoked certificates (CRL) in the PEM format used to [verify](https://nginx.org/en/docs/http/ngx_http_grpc_module.html#grpc_ssl_verify) the certificate of the gRPC SSL server.", - "c": "`http`, `server`, `location`", - "s": "**grpc_ssl_crl** `_file_`;" - }, - { - "m": "ngx_http_grpc_module", - "n": "grpc_ssl_name", - "d": "Allows overriding the server name used to [verify](https://nginx.org/en/docs/http/ngx_http_grpc_module.html#grpc_ssl_verify) the certificate of the gRPC SSL server and to be [passed through SNI](https://nginx.org/en/docs/http/ngx_http_grpc_module.html#grpc_ssl_server_name) when establishing a connection with the gRPC SSL server.\nBy default, the host part from [grpc\\_pass](https://nginx.org/en/docs/http/ngx_http_grpc_module.html#grpc_pass) is used.", - "v": "grpc\\_ssl\\_name host from grpc\\_pass;", - "c": "`http`, `server`, `location`", - "s": "**grpc_ssl_name** `_name_`;" - }, - { - "m": "ngx_http_grpc_module", - "n": "grpc_ssl_password_file", - "d": "Specifies a `_file_` with passphrases for [secret keys](https://nginx.org/en/docs/http/ngx_http_grpc_module.html#grpc_ssl_certificate_key) where each passphrase is specified on a separate line. Passphrases are tried in turn when loading the key.", - "c": "`http`, `server`, `location`", - "s": "**grpc_ssl_password_file** `_file_`;" - }, - { - "m": "ngx_http_grpc_module", - "n": "grpc_ssl_protocols", - "d": "Enables the specified protocols for requests to a gRPC SSL server.", - "v": "grpc\\_ssl\\_protocols TLSv1 TLSv1.1 TLSv1.2;", - "c": "`http`, `server`, `location`", - "s": "**grpc_ssl_protocols** [`SSLv2`] [`SSLv3`] [`TLSv1`] [`TLSv1.1`] [`TLSv1.2`] [`TLSv1.3`];" - }, - { - "m": "ngx_http_grpc_module", - "n": "grpc_ssl_server_name", - "d": "Enables or disables passing of the server name through [TLS Server Name Indication extension](http://en.wikipedia.org/wiki/Server_Name_Indication) (SNI, RFC 6066) when establishing a connection with the gRPC SSL server.", - "v": "grpc\\_ssl\\_server\\_name off;", - "c": "`http`, `server`, `location`", - "s": "**grpc_ssl_server_name** `on` | `off`;" - }, - { - "m": "ngx_http_grpc_module", - "n": "grpc_ssl_session_reuse", - "d": "Determines whether SSL sessions can be reused when working with the gRPC server. If the errors “`SSL3_GET_FINISHED:digest check failed`” appear in the logs, try disabling session reuse.", - "v": "grpc\\_ssl\\_session\\_reuse on;", - "c": "`http`, `server`, `location`", - "s": "**grpc_ssl_session_reuse** `on` | `off`;" - }, - { - "m": "ngx_http_grpc_module", - "n": "grpc_ssl_trusted_certificate", - "d": "Specifies a `_file_` with trusted CA certificates in the PEM format used to [verify](https://nginx.org/en/docs/http/ngx_http_grpc_module.html#grpc_ssl_verify) the certificate of the gRPC SSL server.", - "c": "`http`, `server`, `location`", - "s": "**grpc_ssl_trusted_certificate** `_file_`;" - }, - { - "m": "ngx_http_grpc_module", - "n": "grpc_ssl_verify", - "d": "Enables or disables verification of the gRPC SSL server certificate.", - "v": "grpc\\_ssl\\_verify off;", - "c": "`http`, `server`, `location`", - "s": "**grpc_ssl_verify** `on` | `off`;" - }, - { - "m": "ngx_http_grpc_module", - "n": "grpc_ssl_verify_depth", - "d": "Sets the verification depth in the gRPC SSL server certificates chain.", - "v": "grpc\\_ssl\\_verify\\_depth 1;", - "c": "`http`, `server`, `location`", - "s": "**grpc_ssl_verify_depth** `_number_`;" - }, - { - "m": "ngx_http_gunzip_module", - "n": "gunzip", - "d": "Enables or disables decompression of gzipped responses for clients that lack gzip support. If enabled, the following directives are also taken into account when determining if clients support gzip: [gzip\\_http\\_version](https://nginx.org/en/docs/http/ngx_http_gzip_module.html#gzip_http_version), [gzip\\_proxied](https://nginx.org/en/docs/http/ngx_http_gzip_module.html#gzip_proxied), and [gzip\\_disable](https://nginx.org/en/docs/http/ngx_http_gzip_module.html#gzip_disable). See also the [gzip\\_vary](https://nginx.org/en/docs/http/ngx_http_gzip_module.html#gzip_vary) directive.", - "v": "gunzip off;", - "c": "`http`, `server`, `location`", - "s": "**gunzip** `on` | `off`;" - }, - { - "m": "ngx_http_gunzip_module", - "n": "gunzip_buffers", - "d": "Sets the `_number_` and `_size_` of buffers used to decompress a response. By default, the buffer size is equal to one memory page. This is either 4K or 8K, depending on a platform.", - "v": "gunzip\\_buffers 32 4k|16 8k;", - "c": "`http`, `server`, `location`", - "s": "**gunzip_buffers** `_number_` `_size_`;" - }, - { - "m": "ngx_http_gzip_module", - "n": "gzip", - "d": "Enables or disables gzipping of responses.", - "v": "gzip off;", - "c": "`http`, `server`, `location`, `if in location`", - "s": "**gzip** `on` | `off`;" - }, - { - "m": "ngx_http_gzip_module", - "n": "gzip_buffers", - "d": "Sets the `_number_` and `_size_` of buffers used to compress a response. By default, the buffer size is equal to one memory page. This is either 4K or 8K, depending on a platform.\nUntil version 0.7.28, four 4K or 8K buffers were used by default.\n", - "v": "gzip\\_buffers 32 4k|16 8k;", - "c": "`http`, `server`, `location`", - "s": "**gzip_buffers** `_number_` `_size_`;" - }, - { - "m": "ngx_http_gzip_module", - "n": "gzip_comp_level", - "d": "Sets a gzip compression `_level_` of a response. Acceptable values are in the range from 1 to 9.", - "v": "gzip\\_comp\\_level 1;", - "c": "`http`, `server`, `location`", - "s": "**gzip_comp_level** `_level_`;" - }, - { - "m": "ngx_http_gzip_module", - "n": "gzip_disable", - "d": "Disables gzipping of responses for requests with “User-Agent” header fields matching any of the specified regular expressions.\nThe special mask “`msie6`” (0.7.12) corresponds to the regular expression “`MSIE [4-6]\\.`”, but works faster. Starting from version 0.8.11, “`MSIE 6.0; ... SV1`” is excluded from this mask.", - "c": "`http`, `server`, `location`", - "s": "**gzip_disable** `_regex_` ...;" - }, - { - "m": "ngx_http_gzip_module", - "n": "gzip_http_version", - "d": "Sets the minimum HTTP version of a request required to compress a response.", - "v": "gzip\\_http\\_version 1.1;", - "c": "`http`, `server`, `location`", - "s": "**gzip_http_version** `1.0` | `1.1`;" - }, - { - "m": "ngx_http_gzip_module", - "n": "gzip_min_length", - "d": "Sets the minimum length of a response that will be gzipped. The length is determined only from the “Content-Length” response header field.", - "v": "gzip\\_min\\_length 20;", - "c": "`http`, `server`, `location`", - "s": "**gzip_min_length** `_length_`;" - }, - { - "m": "ngx_http_gzip_module", - "n": "gzip_proxied", - "d": "Enables or disables gzipping of responses for proxied requests depending on the request and response. The fact that the request is proxied is determined by the presence of the “Via” request header field. The directive accepts multiple parameters:\n`off`\n\ndisables compression for all proxied requests, ignoring other parameters;\n\n`expired`\n\nenables compression if a response header includes the “Expires” field with a value that disables caching;\n\n`no-cache`\n\nenables compression if a response header includes the “Cache-Control” field with the “`no-cache`” parameter;\n\n`no-store`\n\nenables compression if a response header includes the “Cache-Control” field with the “`no-store`” parameter;\n\n`private`\n\nenables compression if a response header includes the “Cache-Control” field with the “`private`” parameter;\n\n`no_last_modified`\n\nenables compression if a response header does not include the “Last-Modified” field;\n\n`no_etag`\n\nenables compression if a response header does not include the “ETag” field;\n\n`auth`\n\nenables compression if a request header includes the “Authorization” field;\n\n`any`\n\nenables compression for all proxied requests.\n", - "v": "gzip\\_proxied off;", - "c": "`http`, `server`, `location`", - "s": "**gzip_proxied** `off` | `expired` | `no-cache` | `no-store` | `private` | `no_last_modified` | `no_etag` | `auth` | `any` ...;" - }, - { - "m": "ngx_http_gzip_module", - "n": "gzip_types", - "d": "Enables gzipping of responses for the specified MIME types in addition to “`text/html`”. The special value “`*`” matches any MIME type (0.8.29). Responses with the “`text/html`” type are always compressed.", - "v": "gzip\\_types text/html;", - "c": "`http`, `server`, `location`", - "s": "**gzip_types** `_mime-type_` ...;" - }, - { - "m": "ngx_http_gzip_module", - "n": "gzip_vary", - "d": "Enables or disables inserting the “Vary: Accept-Encoding” response header field if the directives [gzip](https://nginx.org/en/docs/http/ngx_http_gzip_module.html#gzip), [gzip\\_static](https://nginx.org/en/docs/http/ngx_http_gzip_static_module.html#gzip_static), or [gunzip](https://nginx.org/en/docs/http/ngx_http_gunzip_module.html#gunzip) are active.", - "v": "gzip\\_vary off;", - "c": "`http`, `server`, `location`", - "s": "**gzip_vary** `on` | `off`;" - }, - { - "m": "ngx_http_gzip_module", - "n": "variables", - "d": "#### Embedded Variables\n\n`$gzip_ratio`\n\nachieved compression ratio, computed as the ratio between the original and compressed response sizes.\n", - "v": "gzip\\_vary off;", - "c": "`http`, `server`, `location`", - "s": "**gzip_vary** `on` | `off`;" - }, - { - "m": "ngx_http_gzip_module", - "n": "$gzip_ratio", - "d": "achieved compression ratio, computed as the ratio between the original and compressed response sizes." - }, - { - "m": "ngx_http_gzip_static_module", - "n": "gzip_static", - "d": "Enables (“`on`”) or disables (“`off`”) checking the existence of precompressed files. The following directives are also taken into account: [gzip\\_http\\_version](https://nginx.org/en/docs/http/ngx_http_gzip_module.html#gzip_http_version), [gzip\\_proxied](https://nginx.org/en/docs/http/ngx_http_gzip_module.html#gzip_proxied), [gzip\\_disable](https://nginx.org/en/docs/http/ngx_http_gzip_module.html#gzip_disable), and [gzip\\_vary](https://nginx.org/en/docs/http/ngx_http_gzip_module.html#gzip_vary).\nWith the “`always`” value (1.3.6), gzipped file is used in all cases, without checking if the client supports it. It is useful if there are no uncompressed files on the disk anyway or the [ngx\\_http\\_gunzip\\_module](https://nginx.org/en/docs/http/ngx_http_gunzip_module.html) is used.\nThe files can be compressed using the `gzip` command, or any other compatible one. It is recommended that the modification date and time of original and compressed files be the same.", - "v": "gzip\\_static off;", - "c": "`http`, `server`, `location`", - "s": "**gzip_static** `on` | `off` | `always`;" - }, - { - "m": "ngx_http_headers_module", - "n": "add_header", - "d": "Adds the specified field to a response header provided that the response code equals 200, 201 (1.3.10), 204, 206, 301, 302, 303, 304, 307 (1.1.16, 1.0.13), or 308 (1.13.0). Parameter value can contain variables.\nThere could be several `add_header` directives. These directives are inherited from the previous configuration level if and only if there are no `add_header` directives defined on the current level.\nIf the `always` parameter is specified (1.7.5), the header field will be added regardless of the response code.", - "c": "`http`, `server`, `location`, `if in location`", - "s": "**add_header** `_name_` `_value_` [`always`];" - }, - { - "m": "ngx_http_headers_module", - "n": "add_trailer", - "d": "Adds the specified field to the end of a response provided that the response code equals 200, 201, 206, 301, 302, 303, 307, or 308. Parameter value can contain variables.\nThere could be several `add_trailer` directives. These directives are inherited from the previous configuration level if and only if there are no `add_trailer` directives defined on the current level.\nIf the `always` parameter is specified the specified field will be added regardless of the response code.", - "c": "`http`, `server`, `location`, `if in location`", - "s": "**add_trailer** `_name_` `_value_` [`always`];" - }, - { - "m": "ngx_http_headers_module", - "n": "expires", - "d": "Enables or disables adding or modifying the “Expires” and “Cache-Control” response header fields provided that the response code equals 200, 201 (1.3.10), 204, 206, 301, 302, 303, 304, 307 (1.1.16, 1.0.13), or 308 (1.13.0). The parameter can be a positive or negative [time](https://nginx.org/en/docs/syntax.html).\nThe time in the “Expires” field is computed as a sum of the current time and `_time_` specified in the directive. If the `modified` parameter is used (0.7.0, 0.6.32) then the time is computed as a sum of the file’s modification time and the `_time_` specified in the directive.\nIn addition, it is possible to specify a time of day using the “`@`” prefix (0.7.9, 0.6.34):\n```\nexpires @15h30m;\n\n```\n\nThe contents of the “Cache-Control” field depends on the sign of the specified time:\n* time is negative — “Cache-Control: no-cache”.\n* time is positive or zero — “Cache-Control: max-age=`_t_`”, where `_t_` is a time specified in the directive, in seconds.\n\nThe `epoch` parameter sets “Expires” to the value “`Thu, 01 Jan 1970 00:00:01 GMT`”, and “Cache-Control” to “`no-cache`”.\nThe `max` parameter sets “Expires” to the value “`Thu, 31 Dec 2037 23:55:55 GMT`”, and “Cache-Control” to 10 years.\nThe `off` parameter disables adding or modifying the “Expires” and “Cache-Control” response header fields.\nThe last parameter value can contain variables (1.7.9):\n```\nmap $sent_http_content_type $expires {\n default off;\n application/pdf 42d;\n ~image/ max;\n}\n\nexpires $expires;\n\n```\n", - "v": "expires off;", - "c": "`http`, `server`, `location`, `if in location`", - "s": "**expires** [`modified`] `_time_`;`` \n``**expires** `epoch` | `max` | `off`;" - }, - { - "m": "ngx_http_hls_module", - "n": "hls", - "d": "Turns on HLS streaming in the surrounding location.", - "c": "`location`", - "s": "**hls**;" - }, - { - "m": "ngx_http_hls_module", - "n": "hls_buffers", - "d": "Sets the maximum `_number_` and `_size_` of buffers that are used for reading and writing data frames.", - "v": "hls\\_buffers 8 2m;", - "c": "`http`, `server`, `location`", - "s": "**hls_buffers** `_number_` `_size_`;" - }, - { - "m": "ngx_http_hls_module", - "n": "hls_forward_args", - "d": "Adds arguments from a playlist request to URIs of fragments. This may be useful for performing client authorization at the moment of requesting a fragment, or when protecting an HLS stream with the [ngx\\_http\\_secure\\_link\\_module](https://nginx.org/en/docs/http/ngx_http_secure_link_module.html) module.\nFor example, if a client requests a playlist `http://example.com/hls/test.mp4.m3u8?a=1&b=2`, the arguments `a=1` and `b=2` will be added to URIs of fragments after the arguments `start` and `end`:\n```\n#EXTM3U\n#EXT-X-VERSION:3\n#EXT-X-TARGETDURATION:15\n#EXT-X-PLAYLIST-TYPE:VOD\n\n#EXTINF:9.333,\ntest.mp4.ts?start=0.000&end=9.333&a=1&b=2\n#EXTINF:7.167,\ntest.mp4.ts?start=9.333&end=16.500&a=1&b=2\n#EXTINF:5.416,\ntest.mp4.ts?start=16.500&end=21.916&a=1&b=2\n#EXTINF:5.500,\ntest.mp4.ts?start=21.916&end=27.416&a=1&b=2\n#EXTINF:15.167,\ntest.mp4.ts?start=27.416&end=42.583&a=1&b=2\n#EXTINF:9.626,\ntest.mp4.ts?start=42.583&end=52.209&a=1&b=2\n\n#EXT-X-ENDLIST\n\n```\n\nIf an HLS stream is protected with the [ngx\\_http\\_secure\\_link\\_module](https://nginx.org/en/docs/http/ngx_http_secure_link_module.html) module, `$uri` should not be used in the [secure\\_link\\_md5](https://nginx.org/en/docs/http/ngx_http_secure_link_module.html#secure_link_md5) expression because this will cause errors when requesting the fragments. [Base URI](https://nginx.org/en/docs/http/ngx_http_map_module.html#map) should be used instead of `$uri` (`$hls_uri` in the example):\n```\nhttp {\n ...\n\n map $uri $hls_uri {\n ~^(?.*).m3u8$ $base_uri;\n ~^(?.*).ts$ $base_uri;\n default $uri;\n }\n\n server {\n ...\n\n location /hls/ {\n hls;\n hls_forward_args on;\n\n alias /var/videos/;\n\n secure_link $arg_md5,$arg_expires;\n secure_link_md5 \"$secure_link_expires$hls_uri$remote_addr secret\";\n\n if ($secure_link = \"\") {\n return 403;\n }\n\n if ($secure_link = \"0\") {\n return 410;\n }\n }\n }\n}\n\n```\n", - "v": "hls\\_forward\\_args off;", - "c": "`http`, `server`, `location`", - "s": "**hls_forward_args** `on` | `off`;" - }, - { - "m": "ngx_http_hls_module", - "n": "hls_fragment", - "d": "Defines the default fragment length for playlist URIs requested without the “`len`” argument.", - "v": "hls\\_fragment 5s;", - "c": "`http`, `server`, `location`", - "s": "**hls_fragment** `_time_`;" - }, - { - "m": "ngx_http_hls_module", - "n": "hls_mp4_buffer_size", - "d": "Sets the initial `_size_` of the buffer used for processing MP4 and MOV files.", - "v": "hls\\_mp4\\_buffer\\_size 512k;", - "c": "`http`, `server`, `location`", - "s": "**hls_mp4_buffer_size** `_size_`;" - }, - { - "m": "ngx_http_hls_module", - "n": "hls_mp4_max_buffer_size", - "d": "During metadata processing, a larger buffer may become necessary. Its size cannot exceed the specified `_size_`, or else nginx will return the server error 500 (Internal Server Error), and log the following message:\n```\n\"/some/movie/file.mp4\" mp4 moov atom is too large:\n12583268, you may want to increase hls_mp4_max_buffer_size\n\n```\n", - "v": "hls\\_mp4\\_max\\_buffer\\_size 10m;", - "c": "`http`, `server`, `location`", - "s": "**hls_mp4_max_buffer_size** `_size_`;" - }, - { - "m": "ngx_http_image_filter_module", - "n": "image_filter", - "d": "Sets the type of transformation to perform on images:\n`off`\n\nturns off module processing in a surrounding location.\n\n`test`\n\nensures that responses are images in either JPEG, GIF, PNG, or WebP format. Otherwise, the 415 (Unsupported Media Type) error is returned.\n\n`size`\n\noutputs information about images in a JSON format, e.g.:\n\n> { \"img\" : { \"width\": 100, \"height\": 100, \"type\": \"gif\" } }\n\nIn case of an error, the output is as follows:\n\n> {}\n\n`rotate` `90`|`180`|`270`\n\nrotates images counter-clockwise by the specified number of degrees. Parameter value can contain variables. This mode can be used either alone or along with the `resize` and `crop` transformations.\n\n`resize` `_width_` `_height_`\n\nproportionally reduces an image to the specified sizes. To reduce by only one dimension, another dimension can be specified as “`-`”. In case of an error, the server will return code 415 (Unsupported Media Type). Parameter values can contain variables. When used along with the `rotate` parameter, the rotation happens **after** reduction.\n\n`crop` `_width_` `_height_`\n\nproportionally reduces an image to the larger side size and crops extraneous edges by another side. To reduce by only one dimension, another dimension can be specified as “`-`”. In case of an error, the server will return code 415 (Unsupported Media Type). Parameter values can contain variables. When used along with the `rotate` parameter, the rotation happens **before** reduction.\n", - "v": "image\\_filter off;", - "c": "`location`", - "s": "**image_filter** `off`;`` \n``**image_filter** `test`;`` \n``**image_filter** `size`;`` \n``**image_filter** `rotate` `90` | `180` | `270`;`` \n``**image_filter** `resize` `_width_` `_height_`;`` \n``**image_filter** `crop` `_width_` `_height_`;" - }, - { - "m": "ngx_http_image_filter_module", - "n": "image_filter_buffer", - "d": "Sets the maximum size of the buffer used for reading images. When the size is exceeded the server returns error 415 (Unsupported Media Type).", - "v": "image\\_filter\\_buffer 1M;", - "c": "`http`, `server`, `location`", - "s": "**image_filter_buffer** `_size_`;" - }, - { - "m": "ngx_http_image_filter_module", - "n": "image_filter_interlace", - "d": "If enabled, final images will be interlaced. For JPEG, final images will be in “progressive JPEG” format.", - "v": "image\\_filter\\_interlace off;", - "c": "`http`, `server`, `location`", - "s": "**image_filter_interlace** `on` | `off`;" - }, - { - "m": "ngx_http_image_filter_module", - "n": "image_filter_jpeg_quality", - "d": "Sets the desired `_quality_` of the transformed JPEG images. Acceptable values are in the range from 1 to 100. Lesser values usually imply both lower image quality and less data to transfer. The maximum recommended value is 95. Parameter value can contain variables.", - "v": "image\\_filter\\_jpeg\\_quality 75;", - "c": "`http`, `server`, `location`", - "s": "**image_filter_jpeg_quality** `_quality_`;" - }, - { - "m": "ngx_http_image_filter_module", - "n": "image_filter_sharpen", - "d": "Increases sharpness of the final image. The sharpness percentage can exceed 100. The zero value disables sharpening. Parameter value can contain variables.", - "v": "image\\_filter\\_sharpen 0;", - "c": "`http`, `server`, `location`", - "s": "**image_filter_sharpen** `_percent_`;" - }, - { - "m": "ngx_http_image_filter_module", - "n": "image_filter_transparency", - "d": "Defines whether transparency should be preserved when transforming GIF images or PNG images with colors specified by a palette. The loss of transparency results in images of a better quality. The alpha channel transparency in PNG is always preserved.", - "v": "image\\_filter\\_transparency on;", - "c": "`http`, `server`, `location`", - "s": "**image_filter_transparency** `on`|`off`;" - }, - { - "m": "ngx_http_image_filter_module", - "n": "image_filter_webp_quality", - "d": "Sets the desired `_quality_` of the transformed WebP images. Acceptable values are in the range from 1 to 100. Lesser values usually imply both lower image quality and less data to transfer. Parameter value can contain variables.", - "v": "image\\_filter\\_webp\\_quality 80;", - "c": "`http`, `server`, `location`", - "s": "**image_filter_webp_quality** `_quality_`;" - }, - { - "m": "ngx_http_index_module", - "n": "index", - "d": "Defines files that will be used as an index. The `_file_` name can contain variables. Files are checked in the specified order. The last element of the list can be a file with an absolute path. Example:\n```\nindex index.$geo.html index.0.html /index.html;\n\n```\n\nIt should be noted that using an index file causes an internal redirect, and the request can be processed in a different location. For example, with the following configuration:\n```\nlocation = / {\n index index.html;\n}\n\nlocation / {\n ...\n}\n\n```\na “`/`” request will actually be processed in the second location as “`/index.html`”.", - "v": "index index.html;", - "c": "`http`, `server`, `location`", - "s": "**index** `_file_` ...;" - }, - { - "m": "ngx_http_js_module", - "n": "js_body_filter", - "d": "Sets an njs function as a response body filter. The filter function is called for each data chunk of a response body with the following arguments:\n`r`\n\nthe [HTTP request](https://nginx.org/en/docs/njs/reference.html#http) object\n\n`data`\n\nthe incoming data chunk, may be a string or Buffer depending on the `buffer_type` value, by default is a string.\n\n`flags`\n\nan object with the following properties:\n\n`last`\n\na boolean value, true if data is a last buffer.\n\nThe filter function can pass its own modified version of the input data chunk to the next body filter by calling [`r.sendBuffer()`](https://nginx.org/en/docs/njs/reference.html#r_sendbuffer). For example, to transform all the lowercase letters in the response body:\n```\nfunction filter(r, data, flags) {\n r.sendBuffer(data.toLowerCase(), flags);\n}\n\n```\nTo stop filtering (following data chunks will be passed to client without calling `js_body_filter`), [`r.done()`](https://nginx.org/en/docs/njs/reference.html#r_done) can be used.\nIf the filter function changes the length of the response body, then it is required to clear out the “Content-Length” response header (if any) in [`js_header_filter`](https://nginx.org/en/docs/http/ngx_http_js_module.html#js_header_filter) to enforce chunked transfer encoding.\n\nAs the `js_body_filter` handler returns its result immediately, it supports only synchronous operations. Thus, asynchronous operations such as [r.subrequest()](https://nginx.org/en/docs/njs/reference.html#r_subrequest) or [setTimeout()](https://nginx.org/en/docs/njs/reference.html#settimeout) are not supported.\n\n\nThe directive can be specified inside the [if](https://nginx.org/en/docs/http/ngx_http_rewrite_module.html#if) block since [0.7.7](https://nginx.org/en/docs/njs/changes.html#njs0.7.7).\n", - "c": "`location`, `if in location`, `limit_except`", - "s": "**js_body_filter** `_function_` | `_module.function_` [`_buffer_type_`=`_string_` | `_buffer_`];" - }, - { - "m": "ngx_http_js_module", - "n": "js_content", - "d": "Sets an njs function as a location content handler. Since [0.4.0](https://nginx.org/en/docs/njs/changes.html#njs0.4.0), a module function can be referenced.\n\nThe directive can be specified inside the [if](https://nginx.org/en/docs/http/ngx_http_rewrite_module.html#if) block since [0.7.7](https://nginx.org/en/docs/njs/changes.html#njs0.7.7).\n", - "c": "`location`, `if in location`, `limit_except`", - "s": "**js_content** `_function_` | `_module.function_`;" - }, - { - "m": "ngx_http_js_module", - "n": "js_fetch_buffer_size", - "d": "Sets the `_size_` of the buffer used for reading and writing with [Fetch API](https://nginx.org/en/docs/njs/reference.html#ngx_fetch).", - "v": "js\\_fetch\\_buffer\\_size 16k;", - "c": "`http`, `server`, `location`", - "s": "**js_fetch_buffer_size** `_size_`;" - }, - { - "m": "ngx_http_js_module", - "n": "js_fetch_ciphers", - "d": "Specifies the enabled ciphers for HTTPS requests with [Fetch API](https://nginx.org/en/docs/njs/reference.html#ngx_fetch). The ciphers are specified in the format understood by the OpenSSL library.\nThe full list can be viewed using the “`openssl ciphers`” command.", - "v": "js\\_fetch\\_ciphers HIGH:!aNULL:!MD5;", - "c": "`http`, `server`, `location`", - "s": "**js_fetch_ciphers** `_ciphers_`;" - }, - { - "m": "ngx_http_js_module", - "n": "js_fetch_max_response_buffer_size", - "d": "Sets the maximum `_size_` of the response received with [Fetch API](https://nginx.org/en/docs/njs/reference.html#ngx_fetch).", - "v": "js\\_fetch\\_max\\_response\\_buffer\\_size 1m;", - "c": "`http`, `server`, `location`", - "s": "**js_fetch_max_response_buffer_size** `_size_`;" - }, - { - "m": "ngx_http_js_module", - "n": "js_fetch_protocols", - "d": "Enables the specified protocols for HTTPS requests with [Fetch API](https://nginx.org/en/docs/njs/reference.html#ngx_fetch).", - "v": "js\\_fetch\\_protocols TLSv1 TLSv1.1 TLSv1.2;", - "c": "`http`, `server`, `location`", - "s": "**js_fetch_protocols** [`TLSv1`] [`TLSv1.1`] [`TLSv1.2`] [`TLSv1.3`];" - }, - { - "m": "ngx_http_js_module", - "n": "js_fetch_timeout", - "d": "Defines a timeout for reading and writing for [Fetch API](https://nginx.org/en/docs/njs/reference.html#ngx_fetch). The timeout is set only between two successive read/write operations, not for the whole response. If no data is transmitted within this time, the connection is closed.", - "v": "js\\_fetch\\_timeout 60s;", - "c": "`http`, `server`, `location`", - "s": "**js_fetch_timeout** `_time_`;" - }, - { - "m": "ngx_http_js_module", - "n": "js_fetch_trusted_certificate", - "d": "Specifies a `_file_` with trusted CA certificates in the PEM format used to [verify](https://nginx.org/en/docs/njs/reference.html#fetch_verify) the HTTPS certificate with [Fetch API](https://nginx.org/en/docs/njs/reference.html#ngx_fetch).", - "c": "`http`, `server`, `location`", - "s": "**js_fetch_trusted_certificate** `_file_`;" - }, - { - "m": "ngx_http_js_module", - "n": "js_fetch_verify", - "d": "Enables or disables verification of the HTTPS server certificate with [Fetch API](https://nginx.org/en/docs/njs/reference.html#ngx_fetch).", - "v": "js\\_fetch\\_verify on;", - "c": "`http`, `server`, `location`", - "s": "**js_fetch_verify** `on` | `off`;" - }, - { - "m": "ngx_http_js_module", - "n": "js_fetch_verify_depth", - "d": "Sets the verification depth in the HTTPS server certificates chain with [Fetch API](https://nginx.org/en/docs/njs/reference.html#ngx_fetch).", - "v": "js\\_fetch\\_verify\\_depth 100;", - "c": "`http`, `server`, `location`", - "s": "**js_fetch_verify_depth** `_number_`;" - }, - { - "m": "ngx_http_js_module", - "n": "js_header_filter", - "d": "Sets an njs function as a response header filter. The directive allows changing arbitrary header fields of a response header.\n\nAs the `js_header_filter` handler returns its result immediately, it supports only synchronous operations. Thus, asynchronous operations such as [r.subrequest()](https://nginx.org/en/docs/njs/reference.html#r_subrequest) or [setTimeout()](https://nginx.org/en/docs/njs/reference.html#settimeout) are not supported.\n\n\nThe directive can be specified inside the [if](https://nginx.org/en/docs/http/ngx_http_rewrite_module.html#if) block since [0.7.7](https://nginx.org/en/docs/njs/changes.html#njs0.7.7).\n", - "c": "`location`, `if in location`, `limit_except`", - "s": "**js_header_filter** `_function_` | `_module.function_`;" - }, - { - "m": "ngx_http_js_module", - "n": "js_import", - "d": "Imports a module that implements location and variable handlers in njs. The `export_name` is used as a namespace to access module functions. If the `export_name` is not specified, the module name will be used as a namespace.\n```\njs_import http.js;\n\n```\nHere, the module name `http` is used as a namespace while accessing exports. If the imported module exports `foo()`, `http.foo` is used to refer to it.\nSeveral `js_import` directives can be specified.\n\nThe directive can be specified on the `server` and `location` level since [0.7.7](https://nginx.org/en/docs/njs/changes.html#njs0.7.7).\n", - "c": "`http`, `server`, `location`", - "s": "**js_import** `_module.js_` | `_export_name from module.js_`;" - }, - { - "m": "ngx_http_js_module", - "n": "js_include", - "d": "Specifies a file that implements location and variable handlers in njs:\n```\nnginx.conf:\njs_include http.js;\nlocation /version {\n js_content version;\n}\n\nhttp.js:\nfunction version(r) {\n r.return(200, njs.version);\n}\n\n```\n\nThe directive was made obsolete in version [0.4.0](https://nginx.org/en/docs/njs/changes.html#njs0.4.0) and was removed in version [0.7.1](https://nginx.org/en/docs/njs/changes.html#njs0.7.1). The [js\\_import](https://nginx.org/en/docs/http/ngx_http_js_module.html#js_import) directive should be used instead.", - "c": "`http`", - "s": "**js_include** `_file_`;" - }, - { - "m": "ngx_http_js_module", - "n": "js_path", - "d": "Sets an additional path for njs modules.\n\nThe directive can be specified on the `server` and `location` level since [0.7.7](https://nginx.org/en/docs/njs/changes.html#njs0.7.7).\n", - "c": "`http`, `server`, `location`", - "s": "**js_path** `_path_`;" - }, - { - "m": "ngx_http_js_module", - "n": "js_preload_object", - "d": "Preloads an immutable object at configure time. The `name` is used a name of the global variable though which the object is available in njs code. If the `name` is not specified, the file name will be used instead.\n```\njs_preload_object map.json;\n\n```\nHere, the `map` is used as a name while accessing the preloaded object.\nSeveral `js_preload_object` directives can be specified.", - "c": "`http`, `server`, `location`", - "s": "**js_preload_object** `_name.json_` | `_name_` from `_file.json_`;" - }, - { - "m": "ngx_http_js_module", - "n": "js_set", - "d": "Sets an njs `function` for the specified `variable`. Since [0.4.0](https://nginx.org/en/docs/njs/changes.html#njs0.4.0), a module function can be referenced.\nThe function is called when the variable is referenced for the first time for a given request. The exact moment depends on a [phase](https://nginx.org/en/docs/dev/development_guide.html#http_phases) at which the variable is referenced. This can be used to perform some logic not related to variable evaluation. For example, if the variable is referenced only in the [log\\_format](https://nginx.org/en/docs/http/ngx_http_log_module.html#log_format) directive, its handler will not be executed until the log phase. This handler can be used to do some cleanup right before the request is freed.\n\nAs the `js_set` handler returns its result immediately, it supports only synchronous operations. Thus, asynchronous operations such as [r.subrequest()](https://nginx.org/en/docs/njs/reference.html#r_subrequest) or [setTimeout()](https://nginx.org/en/docs/njs/reference.html#settimeout) are not supported.\n\n\nThe directive can be specified on the `server` and `location` level since [0.7.7](https://nginx.org/en/docs/njs/changes.html#njs0.7.7).\n", - "c": "`http`, `server`, `location`", - "s": "**js_set** `_$variable_` `_function_` | `_module.function_`;" - }, - { - "m": "ngx_http_js_module", - "n": "js_var", - "d": "Declares a [writable](https://nginx.org/en/docs/njs/reference.html#r_variables) variable. The value can contain text, variables, and their combination. The variable is not overwritten after a redirect unlike variables created with the [set](https://nginx.org/en/docs/http/ngx_http_rewrite_module.html#set) directive.\n\nThe directive can be specified on the `server` and `location` level since [0.7.7](https://nginx.org/en/docs/njs/changes.html#njs0.7.7).\n", - "c": "`http`, `server`, `location`", - "s": "**js_var** `_$variable_` [`_value_`];" - }, - { - "m": "ngx_http_js_module", - "n": "arguments", - "d": "#### Request Argument\nEach HTTP njs handler receives one argument, a request [object](https://nginx.org/en/docs/njs/reference.html#http).", - "c": "`http`, `server`, `location`", - "s": "**js_var** `_$variable_` [`_value_`];" - }, - { - "m": "ngx_http_keyval_module", - "n": "keyval", - "d": "Creates a new `_$variable_` whose value is looked up by the `_key_` in the key-value database. Matching rules are defined by the [`type`](https://nginx.org/en/docs/http/ngx_http_keyval_module.html#keyval_type) parameter of the [`keyval_zone`](https://nginx.org/en/docs/http/ngx_http_keyval_module.html#keyval_zone) directive. The database is stored in a shared memory zone specified by the `zone` parameter.", - "c": "`http`", - "s": "**keyval** `_key_` `_$variable_` `zone`=`_name_`;" - }, - { - "m": "ngx_http_keyval_module", - "n": "keyval_zone", - "d": "Sets the `_name_` and `_size_` of the shared memory zone that keeps the key-value database. Key-value pairs are managed by the [API](https://nginx.org/en/docs/http/ngx_http_api_module.html#http_keyvals_).", - "c": "`http`", - "s": "**keyval_zone** `zone`=`_name_`:`_size_` [`state`=`_file_`] [`timeout`=`_time_`] [`type`=`string`|`ip`|`prefix`] [`sync`];" - }, - { - "m": "ngx_http_keyval_module", - "n": "keyval_state", - "d": "The optional `state` parameter specifies a `_file_` that keeps the current state of the key-value database in the JSON format and makes it persistent across nginx restarts. Changing the file content directly should be avoided.\nExamples:\n```\nkeyval_zone zone=one:32k state=/var/lib/nginx/state/one.keyval; # path for Linux\nkeyval_zone zone=one:32k state=/var/db/nginx/state/one.keyval; # path for FreeBSD\n\n```\n", - "c": "`http`", - "s": "**keyval_zone** `zone`=`_name_`:`_size_` [`state`=`_file_`] [`timeout`=`_time_`] [`type`=`string`|`ip`|`prefix`] [`sync`];" - }, - { - "m": "ngx_http_keyval_module", - "n": "keyval_timeout", - "d": "The optional `timeout` parameter (1.15.0) sets the time after which key-value pairs are removed from the zone.", - "c": "`http`", - "s": "**keyval_zone** `zone`=`_name_`:`_size_` [`state`=`_file_`] [`timeout`=`_time_`] [`type`=`string`|`ip`|`prefix`] [`sync`];" - }, - { - "m": "ngx_http_keyval_module", - "n": "keyval_type", - "d": "The optional `type` parameter (1.17.1) activates an extra index optimized for matching the key of a certain type and defines matching rules when evaluating a [keyval](https://nginx.org/en/docs/http/ngx_http_keyval_module.html#keyval) `$variable`.\nThe index is stored in the same shared memory zone and thus requires additional storage.\n\n`type=string`\n\ndefault, no index is enabled; variable lookup is performed using exact match of the record key and a search key\n\n`type=ip`\n\nthe search key is the textual representation of IPv4 or IPv6 address or CIDR range; to match a record key, the search key must belong to a subnet specified by a record key or exactly match an IP address\n\n`type=prefix`\n\nvariable lookup is performed using prefix match of a record key and a search key (1.17.5); to match a record key, the record key must be a prefix of the search key\n", - "c": "`http`", - "s": "**keyval_zone** `zone`=`_name_`:`_size_` [`state`=`_file_`] [`timeout`=`_time_`] [`type`=`string`|`ip`|`prefix`] [`sync`];" - }, - { - "m": "ngx_http_keyval_module", - "n": "keyval_sync", - "d": "The optional `sync` parameter (1.15.0) enables [synchronization](https://nginx.org/en/docs/stream/ngx_stream_zone_sync_module.html#zone_sync) of the shared memory zone. The synchronization requires the `timeout` parameter to be set.\nIf the synchronization is enabled, removal of key-value pairs (no matter [one](https://nginx.org/en/docs/http/ngx_http_api_module.html#patchHttpKeyvalZoneKeyValue) or [all](https://nginx.org/en/docs/http/ngx_http_api_module.html#deleteHttpKeyvalZoneData)) will be performed only on a target cluster node. The same key-value pairs on other cluster nodes will be removed upon `timeout`.\n", - "c": "`http`", - "s": "**keyval_zone** `zone`=`_name_`:`_size_` [`state`=`_file_`] [`timeout`=`_time_`] [`type`=`string`|`ip`|`prefix`] [`sync`];" - }, - { - "m": "ngx_http_limit_conn_module", - "n": "limit_conn", - "d": "Sets the shared memory zone and the maximum allowed number of connections for a given key value. When this limit is exceeded, the server will return the [error](https://nginx.org/en/docs/http/ngx_http_limit_conn_module.html#limit_conn_status) in reply to a request. For example, the directives\n```\nlimit_conn_zone $binary_remote_addr zone=addr:10m;\n\nserver {\n location /download/ {\n limit_conn addr 1;\n }\n\n```\nallow only one connection per an IP address at a time.\nIn HTTP/2 and SPDY, each concurrent request is considered a separate connection.\n\nThere could be several `limit_conn` directives. For example, the following configuration will limit the number of connections to the server per a client IP and, at the same time, the total number of connections to the virtual server:\n```\nlimit_conn_zone $binary_remote_addr zone=perip:10m;\nlimit_conn_zone $server_name zone=perserver:10m;\n\nserver {\n ...\n limit_conn perip 10;\n limit_conn perserver 100;\n}\n\n```\n\nThese directives are inherited from the previous configuration level if and only if there are no `limit_conn` directives defined on the current level.", - "c": "`http`, `server`, `location`", - "s": "**limit_conn** `_zone_` `_number_`;" - }, - { - "m": "ngx_http_limit_conn_module", - "n": "limit_conn_dry_run", - "d": "Enables the dry run mode. In this mode, the number of connections is not limited, however, in the shared memory zone, the number of excessive connections is accounted as usual.", - "v": "limit\\_conn\\_dry\\_run off;", - "c": "`http`, `server`, `location`", - "s": "**limit_conn_dry_run** `on` | `off`;" - }, - { - "m": "ngx_http_limit_conn_module", - "n": "limit_conn_log_level", - "d": "Sets the desired logging level for cases when the server limits the number of connections.", - "v": "limit\\_conn\\_log\\_level error;", - "c": "`http`, `server`, `location`", - "s": "**limit_conn_log_level** `info` | `notice` | `warn` | `error`;" - }, - { - "m": "ngx_http_limit_conn_module", - "n": "limit_conn_status", - "d": "Sets the status code to return in response to rejected requests.", - "v": "limit\\_conn\\_status 503;", - "c": "`http`, `server`, `location`", - "s": "**limit_conn_status** `_code_`;" - }, - { - "m": "ngx_http_limit_conn_module", - "n": "limit_conn_zone", - "d": "Sets parameters for a shared memory zone that will keep states for various keys. In particular, the state includes the current number of connections. The `_key_` can contain text, variables, and their combination. Requests with an empty key value are not accounted.\nPrior to version 1.7.6, a `_key_` could contain exactly one variable.\nUsage example:\n```\nlimit_conn_zone $binary_remote_addr zone=addr:10m;\n\n```\nHere, a client IP address serves as a key. Note that instead of `$remote_addr`, the `$binary_remote_addr` variable is used here. The `$remote_addr` variable’s size can vary from 7 to 15 bytes. The stored state occupies either 32 or 64 bytes of memory on 32-bit platforms and always 64 bytes on 64-bit platforms. The `$binary_remote_addr` variable’s size is always 4 bytes for IPv4 addresses or 16 bytes for IPv6 addresses. The stored state always occupies 32 or 64 bytes on 32-bit platforms and 64 bytes on 64-bit platforms. One megabyte zone can keep about 32 thousand 32-byte states or about 16 thousand 64-byte states. If the zone storage is exhausted, the server will return the [error](https://nginx.org/en/docs/http/ngx_http_limit_conn_module.html#limit_conn_status) to all further requests.\n\nAdditionally, as part of our [commercial subscription](http://nginx.com/products/), the [status information](https://nginx.org/en/docs/http/ngx_http_api_module.html#http_limit_conns_) for each such shared memory zone can be [obtained](https://nginx.org/en/docs/http/ngx_http_api_module.html#getHttpLimitConnZone) or [reset](https://nginx.org/en/docs/http/ngx_http_api_module.html#deleteHttpLimitConnZoneStat) with the [API](https://nginx.org/en/docs/http/ngx_http_api_module.html) since 1.17.7.\n", - "c": "`http`", - "s": "**limit_conn_zone** `_key_` `zone`=`_name_`:`_size_`;" - }, - { - "m": "ngx_http_limit_conn_module", - "n": "limit_zone", - "d": "This directive was made obsolete in version 1.1.8 and was removed in version 1.7.6. An equivalent [limit\\_conn\\_zone](https://nginx.org/en/docs/http/ngx_http_limit_conn_module.html#limit_conn_zone) directive with a changed syntax should be used instead:\n`limit_conn_zone` `_$variable_` `zone`\\=`_name_`:`_size_`;\n", - "c": "`http`", - "s": "**limit_zone** `_name_` `_$variable_` `_size_`;" - }, - { - "m": "ngx_http_limit_conn_module", - "n": "variables", - "d": "#### Embedded Variables\n\n`$limit_conn_status`\n\nkeeps the result of limiting the number of connections (1.17.6): `PASSED`, `REJECTED`, or `REJECTED_DRY_RUN`\n", - "c": "`http`", - "s": "**limit_zone** `_name_` `_$variable_` `_size_`;" - }, - { - "m": "ngx_http_limit_conn_module", - "n": "$limit_conn_status", - "d": "keeps the result of limiting the number of connections (1.17.6): `PASSED`, `REJECTED`, or `REJECTED_DRY_RUN`" - }, - { - "m": "ngx_http_limit_req_module", - "n": "limit_req", - "d": "Sets the shared memory zone and the maximum burst size of requests. If the requests rate exceeds the rate configured for a zone, their processing is delayed such that requests are processed at a defined rate. Excessive requests are delayed until their number exceeds the maximum burst size in which case the request is terminated with an [error](https://nginx.org/en/docs/http/ngx_http_limit_req_module.html#limit_req_status). By default, the maximum burst size is equal to zero. For example, the directives\n```\nlimit_req_zone $binary_remote_addr zone=one:10m rate=1r/s;\n\nserver {\n location /search/ {\n limit_req zone=one burst=5;\n }\n\n```\nallow not more than 1 request per second at an average, with bursts not exceeding 5 requests.\nIf delaying of excessive requests while requests are being limited is not desired, the parameter `nodelay` should be used:\n```\nlimit_req zone=one burst=5 nodelay;\n\n```\n", - "c": "`http`, `server`, `location`", - "s": "**limit_req** `zone`=`_name_` [`burst`=`_number_`] [`nodelay` | `delay`=`_number_`];" - }, - { - "m": "ngx_http_limit_req_module", - "n": "limit_req_delay", - "d": "The `delay` parameter (1.15.7) specifies a limit at which excessive requests become delayed. Default value is zero, i.e. all excessive requests are delayed.\nThere could be several `limit_req` directives. For example, the following configuration will limit the processing rate of requests coming from a single IP address and, at the same time, the request processing rate by the virtual server:\n```\nlimit_req_zone $binary_remote_addr zone=perip:10m rate=1r/s;\nlimit_req_zone $server_name zone=perserver:10m rate=10r/s;\n\nserver {\n ...\n limit_req zone=perip burst=5 nodelay;\n limit_req zone=perserver burst=10;\n}\n\n```\n\nThese directives are inherited from the previous configuration level if and only if there are no `limit_req` directives defined on the current level.", - "c": "`http`, `server`, `location`", - "s": "**limit_req** `zone`=`_name_` [`burst`=`_number_`] [`nodelay` | `delay`=`_number_`];" - }, - { - "m": "ngx_http_limit_req_module", - "n": "limit_req_dry_run", - "d": "Enables the dry run mode. In this mode, requests processing rate is not limited, however, in the shared memory zone, the number of excessive requests is accounted as usual.", - "v": "limit\\_req\\_dry\\_run off;", - "c": "`http`, `server`, `location`", - "s": "**limit_req_dry_run** `on` | `off`;" - }, - { - "m": "ngx_http_limit_req_module", - "n": "limit_req_log_level", - "d": "Sets the desired logging level for cases when the server refuses to process requests due to rate exceeding, or delays request processing. Logging level for delays is one point less than for refusals; for example, if “`limit_req_log_level notice`” is specified, delays are logged with the `info` level.", - "v": "limit\\_req\\_log\\_level error;", - "c": "`http`, `server`, `location`", - "s": "**limit_req_log_level** `info` | `notice` | `warn` | `error`;" - }, - { - "m": "ngx_http_limit_req_module", - "n": "limit_req_status", - "d": "Sets the status code to return in response to rejected requests.", - "v": "limit\\_req\\_status 503;", - "c": "`http`, `server`, `location`", - "s": "**limit_req_status** `_code_`;" - }, - { - "m": "ngx_http_limit_req_module", - "n": "limit_req_zone", - "d": "Sets parameters for a shared memory zone that will keep states for various keys. In particular, the state stores the current number of excessive requests. The `_key_` can contain text, variables, and their combination. Requests with an empty key value are not accounted.\nPrior to version 1.7.6, a `_key_` could contain exactly one variable.\nUsage example:\n```\nlimit_req_zone $binary_remote_addr zone=one:10m rate=1r/s;\n\n```\n\nHere, the states are kept in a 10 megabyte zone “one”, and an average request processing rate for this zone cannot exceed 1 request per second.\nA client IP address serves as a key. Note that instead of `$remote_addr`, the `$binary_remote_addr` variable is used here. The `$binary_remote_addr` variable’s size is always 4 bytes for IPv4 addresses or 16 bytes for IPv6 addresses. The stored state always occupies 64 bytes on 32-bit platforms and 128 bytes on 64-bit platforms. One megabyte zone can keep about 16 thousand 64-byte states or about 8 thousand 128-byte states.\nIf the zone storage is exhausted, the least recently used state is removed. If even after that a new state cannot be created, the request is terminated with an [error](https://nginx.org/en/docs/http/ngx_http_limit_req_module.html#limit_req_status).\nThe rate is specified in requests per second (r/s). If a rate of less than one request per second is desired, it is specified in request per minute (r/m). For example, half-request per second is 30r/m.", - "c": "`http`", - "s": "**limit_req_zone** `_key_` `zone`=`_name_`:`_size_` `rate`=`_rate_` [`sync`];" - }, - { - "m": "ngx_http_limit_req_module", - "n": "limit_req_zone_sync", - "d": "The `sync` parameter (1.15.3) enables [synchronization](https://nginx.org/en/docs/stream/ngx_stream_zone_sync_module.html#zone_sync) of the shared memory zone.\nThe `sync` parameter is available as part of our [commercial subscription](http://nginx.com/products/).\n\n\nAdditionally, as part of our [commercial subscription](http://nginx.com/products/), the [status information](https://nginx.org/en/docs/http/ngx_http_api_module.html#http_limit_reqs_) for each such shared memory zone can be [obtained](https://nginx.org/en/docs/http/ngx_http_api_module.html#getHttpLimitReqZone) or [reset](https://nginx.org/en/docs/http/ngx_http_api_module.html#deleteHttpLimitReqZoneStat) with the [API](https://nginx.org/en/docs/http/ngx_http_api_module.html) since 1.17.7.\n", - "c": "`http`", - "s": "**limit_req_zone** `_key_` `zone`=`_name_`:`_size_` `rate`=`_rate_` [`sync`];" - }, - { - "m": "ngx_http_limit_req_module", - "n": "variables", - "d": "#### Embedded Variables\n\n`$limit_req_status`\n\nkeeps the result of limiting the request processing rate (1.17.6): `PASSED`, `DELAYED`, `REJECTED`, `DELAYED_DRY_RUN`, or `REJECTED_DRY_RUN`\n", - "c": "`http`", - "s": "**limit_req_zone** `_key_` `zone`=`_name_`:`_size_` `rate`=`_rate_` [`sync`];" - }, - { - "m": "ngx_http_limit_req_module", - "n": "$limit_req_status", - "d": "keeps the result of limiting the request processing rate (1.17.6): `PASSED`, `DELAYED`, `REJECTED`, `DELAYED_DRY_RUN`, or `REJECTED_DRY_RUN`" - }, - { - "m": "ngx_http_log_module", - "n": "access_log", - "d": "Sets the path, format, and configuration for a buffered log write. Several logs can be specified on the same configuration level. Logging to [syslog](https://nginx.org/en/docs/syslog.html) can be configured by specifying the “`syslog:`” prefix in the first parameter. The special value `off` cancels all `access_log` directives on the current level. If the format is not specified then the predefined “`combined`” format is used.\nIf either the `buffer` or `gzip` (1.3.10, 1.2.7) parameter is used, writes to log will be buffered.\nThe buffer size must not exceed the size of an atomic write to a disk file. For FreeBSD this size is unlimited.\n\nWhen buffering is enabled, the data will be written to the file:\n* if the next log line does not fit into the buffer;\n* if the buffered data is older than specified by the `flush` parameter (1.3.10, 1.2.7);\n* when a worker process is [re-opening](https://nginx.org/en/docs/control.html) log files or is shutting down.\n\nIf the `gzip` parameter is used, then the buffered data will be compressed before writing to the file. The compression level can be set between 1 (fastest, less compression) and 9 (slowest, best compression). By default, the buffer size is equal to 64K bytes, and the compression level is set to 1. Since the data is compressed in atomic blocks, the log file can be decompressed or read by “`zcat`” at any time.\nExample:\n```\naccess_log /path/to/log.gz combined gzip flush=5m;\n\n```\n\n\nFor gzip compression to work, nginx must be built with the zlib library.\n\nThe file path can contain variables (0.7.6+), but such logs have some constraints:\n* the [user](https://nginx.org/en/docs/ngx_core_module.html#user) whose credentials are used by worker processes should have permissions to create files in a directory with such logs;\n* buffered writes do not work;\n* the file is opened and closed for each log write. However, since the descriptors of frequently used files can be stored in a [cache](https://nginx.org/en/docs/http/ngx_http_log_module.html#open_log_file_cache), writing to the old file can continue during the time specified by the [open\\_log\\_file\\_cache](https://nginx.org/en/docs/http/ngx_http_log_module.html#open_log_file_cache) directive’s `valid` parameter\n* during each log write the existence of the request’s [root directory](https://nginx.org/en/docs/http/ngx_http_core_module.html#root) is checked, and if it does not exist the log is not created. It is thus a good idea to specify both [root](https://nginx.org/en/docs/http/ngx_http_core_module.html#root) and `access_log` on the same configuration level:\n \n > server {\n > root /spool/vhost/data/$host;\n > access\\_log /spool/vhost/logs/$host;\n > ...\n\nThe `if` parameter (1.7.0) enables conditional logging. A request will not be logged if the `_condition_` evaluates to “0” or an empty string. In the following example, the requests with response codes 2xx and 3xx will not be logged:\n```\nmap $status $loggable {\n ~^[23] 0;\n default 1;\n}\n\naccess_log /path/to/access.log combined if=$loggable;\n\n```\n", - "v": "access\\_log logs/access.log combined;", - "c": "`http`, `server`, `location`, `if in location`, `limit_except`", - "s": "**access_log** `_path_` [`_format_` [`buffer`=`_size_`] [``gzip[=`_level_`]``] [`flush`=`_time_`] [`if`=`_condition_`]];``` \n``**access_log** `off`;" - }, - { - "m": "ngx_http_log_module", - "n": "log_format", - "d": "Specifies log format.", - "v": "log\\_format combined \"...\";", - "c": "`http`", - "s": "**log_format** `_name_` [`escape`=`default`|`json`|`none`] `_string_` ...;" - }, - { - "m": "ngx_http_log_module", - "n": "log_format_escape", - "d": "The `escape` parameter (1.11.8) allows setting `json` or `default` characters escaping in variables, by default, `default` escaping is used. The `none` value (1.13.10) disables escaping.", - "v": "log\\_format combined \"...\";", - "c": "`http`", - "s": "**log_format** `_name_` [`escape`=`default`|`json`|`none`] `_string_` ...;" - }, - { - "m": "ngx_http_log_module", - "n": "log_format_escape_default", - "d": "For `default` escaping, characters “`\"`”, “`\\`”, and other characters with values less than 32 (0.7.0) or above 126 (1.1.6) are escaped as “`\\xXX`”. If the variable value is not found, a hyphen (“`-`”) will be logged.", - "v": "log\\_format combined \"...\";", - "c": "`http`", - "s": "**log_format** `_name_` [`escape`=`default`|`json`|`none`] `_string_` ...;" - }, - { - "m": "ngx_http_log_module", - "n": "log_format_escape_json", - "d": "For `json` escaping, all characters not allowed in JSON [strings](https://datatracker.ietf.org/doc/html/rfc8259#section-7) will be escaped: characters “`\"`” and “`\\`” are escaped as “`\\\"`” and “`\\\\`”, characters with values less than 32 are escaped as “`\\n`”, “`\\r`”, “`\\t`”, “`\\b`”, “`\\f`”, or “`\\u00XX`”.\nThe log format can contain common variables, and variables that exist only at the time of a log write:\n`$bytes_sent`\n\nthe number of bytes sent to a client\n\n`$connection`\n\nconnection serial number\n\n`$connection_requests`\n\nthe current number of requests made through a connection (1.1.18)\n\n`$msec`\n\ntime in seconds with a milliseconds resolution at the time of the log write\n\n`$pipe`\n\n“`p`” if request was pipelined, “`.`” otherwise\n\n`$request_length`\n\nrequest length (including request line, header, and request body)\n\n`$request_time`\n\nrequest processing time in seconds with a milliseconds resolution; time elapsed between the first bytes were read from the client and the log write after the last bytes were sent to the client\n\n`$status`\n\nresponse status\n\n`$time_iso8601`\n\nlocal time in the ISO 8601 standard format\n\n`$time_local`\n\nlocal time in the Common Log Format\n\nIn the modern nginx versions variables [$status](https://nginx.org/en/docs/http/ngx_http_core_module.html#var_status) (1.3.2, 1.2.2), [$bytes\\_sent](https://nginx.org/en/docs/http/ngx_http_core_module.html#var_bytes_sent) (1.3.8, 1.2.5), [$connection](https://nginx.org/en/docs/http/ngx_http_core_module.html#var_connection) (1.3.8, 1.2.5), [$connection\\_requests](https://nginx.org/en/docs/http/ngx_http_core_module.html#var_connection_requests) (1.3.8, 1.2.5), [$msec](https://nginx.org/en/docs/http/ngx_http_core_module.html#var_msec) (1.3.9, 1.2.6), [$request\\_time](https://nginx.org/en/docs/http/ngx_http_core_module.html#var_request_time) (1.3.9, 1.2.6), [$pipe](https://nginx.org/en/docs/http/ngx_http_core_module.html#var_pipe) (1.3.12, 1.2.7), [$request\\_length](https://nginx.org/en/docs/http/ngx_http_core_module.html#var_request_length) (1.3.12, 1.2.7), [$time\\_iso8601](https://nginx.org/en/docs/http/ngx_http_core_module.html#var_time_iso8601) (1.3.12, 1.2.7), and [$time\\_local](https://nginx.org/en/docs/http/ngx_http_core_module.html#var_time_local) (1.3.12, 1.2.7) are also available as common variables.\n\nHeader lines sent to a client have the prefix “`sent_http_`”, for example, `$sent_http_content_range`.\nThe configuration always includes the predefined “`combined`” format:\n```\nlog_format combined '$remote_addr - $remote_user [$time_local] '\n '\"$request\" $status $body_bytes_sent '\n '\"$http_referer\" \"$http_user_agent\"';\n\n```\n", - "v": "log\\_format combined \"...\";", - "c": "`http`", - "s": "**log_format** `_name_` [`escape`=`default`|`json`|`none`] `_string_` ...;" - }, - { - "m": "ngx_http_log_module", - "n": "open_log_file_cache", - "d": "Defines a cache that stores the file descriptors of frequently used logs whose names contain variables. The directive has the following parameters:\n`max`\n\nsets the maximum number of descriptors in a cache; if the cache becomes full the least recently used (LRU) descriptors are closed\n\n`inactive`\n\nsets the time after which the cached descriptor is closed if there were no access during this time; by default, 10 seconds\n\n`min_uses`\n\nsets the minimum number of file uses during the time defined by the `inactive` parameter to let the descriptor stay open in a cache; by default, 1\n\n`valid`\n\nsets the time after which it should be checked that the file still exists with the same name; by default, 60 seconds\n\n`off`\n\ndisables caching\n\nUsage example:\n```\nopen_log_file_cache max=1000 inactive=20s valid=1m min_uses=2;\n\n```\n", - "v": "open\\_log\\_file\\_cache off;", - "c": "`http`, `server`, `location`", - "s": "**open_log_file_cache** `max`=`_N_` [`inactive`=`_time_`] [`min_uses`=`_N_`] [`valid`=`_time_`];`` \n``**open_log_file_cache** `off`;" - }, - { - "m": "ngx_http_map_module", - "n": "map", - "d": "Creates a new variable whose value depends on values of one or more of the source variables specified in the first parameter.\nBefore version 0.9.0 only a single variable could be specified in the first parameter.\n\n\nSince variables are evaluated only when they are used, the mere declaration even of a large number of “`map`” variables does not add any extra costs to request processing.\n\nParameters inside the `map` block specify a mapping between source and resulting values.\nSource values are specified as strings or regular expressions (0.9.6).\nStrings are matched ignoring the case.\nA regular expression should either start from the “`~`” symbol for a case-sensitive matching, or from the “`~*`” symbols (1.0.4) for case-insensitive matching. A regular expression can contain named and positional captures that can later be used in other directives along with the resulting variable.\nIf a source value matches one of the names of special parameters described below, it should be prefixed with the “`\\`” symbol.\nThe resulting value can contain text, variable (0.9.0), and their combination (1.11.0).\nThe following special parameters are also supported:\n`default` `_value_`\n\nsets the resulting value if the source value matches none of the specified variants. When `default` is not specified, the default resulting value will be an empty string.\n\n`hostnames`\n\nindicates that source values can be hostnames with a prefix or suffix mask:\n\n> \\*.example.com 1;\n> example.\\* 1;\n\nThe following two records\n\n> example.com 1;\n> \\*.example.com 1;\n\ncan be combined:\n\n> .example.com 1;\n\nThis parameter should be specified before the list of values.\n\n`include` `_file_`\n\nincludes a file with values. There can be several inclusions.\n\n`volatile`\n\nindicates that the variable is not cacheable (1.11.7).\n\nIf the source value matches more than one of the specified variants, e.g. both a mask and a regular expression match, the first matching variant will be chosen, in the following order of priority:\n* string value without a mask\n* longest string value with a prefix mask, e.g. “`*.example.com`”\n* longest string value with a suffix mask, e.g. “`mail.*`”\n* first matching regular expression (in order of appearance in a configuration file)\n* default value\n", - "c": "`http`", - "s": "**map** `_string_` `_$variable_` { ... }" - }, - { - "m": "ngx_http_map_module", - "n": "map_hash_bucket_size", - "d": "Sets the bucket size for the [map](https://nginx.org/en/docs/http/ngx_http_map_module.html#map) variables hash tables. Default value depends on the processor’s cache line size. The details of setting up hash tables are provided in a separate [document](https://nginx.org/en/docs/hash.html).", - "v": "map\\_hash\\_bucket\\_size 32|64|128;", - "c": "`http`", - "s": "**map_hash_bucket_size** `_size_`;" - }, - { - "m": "ngx_http_map_module", - "n": "map_hash_max_size", - "d": "Sets the maximum `_size_` of the [map](https://nginx.org/en/docs/http/ngx_http_map_module.html#map) variables hash tables. The details of setting up hash tables are provided in a separate [document](https://nginx.org/en/docs/hash.html).", - "v": "map\\_hash\\_max\\_size 2048;", - "c": "`http`", - "s": "**map_hash_max_size** `_size_`;" - }, - { - "m": "ngx_http_memcached_module", - "n": "memcached_bind", - "d": "Makes outgoing connections to a memcached server originate from the specified local IP address with an optional port (1.11.2). Parameter value can contain variables (1.3.12). The special value `off` (1.3.12) cancels the effect of the `memcached_bind` directive inherited from the previous configuration level, which allows the system to auto-assign the local IP address and port.", - "c": "`http`, `server`, `location`", - "s": "**memcached_bind** `_address_` [`transparent` ] | `off`;" - }, - { - "m": "ngx_http_memcached_module", - "n": "memcached_bind_transparent", - "d": "The `transparent` parameter (1.11.0) allows outgoing connections to a memcached server originate from a non-local IP address, for example, from a real IP address of a client:\n```\nmemcached_bind $remote_addr transparent;\n\n```\nIn order for this parameter to work, it is usually necessary to run nginx worker processes with the [superuser](https://nginx.org/en/docs/ngx_core_module.html#user) privileges. On Linux it is not required (1.13.8) as if the `transparent` parameter is specified, worker processes inherit the `CAP_NET_RAW` capability from the master process. It is also necessary to configure kernel routing table to intercept network traffic from the memcached server.", - "c": "`http`, `server`, `location`", - "s": "**memcached_bind** `_address_` [`transparent` ] | `off`;" - }, - { - "m": "ngx_http_memcached_module", - "n": "memcached_buffer_size", - "d": "Sets the `_size_` of the buffer used for reading the response received from the memcached server. The response is passed to the client synchronously, as soon as it is received.", - "v": "memcached\\_buffer\\_size 4k|8k;", - "c": "`http`, `server`, `location`", - "s": "**memcached_buffer_size** `_size_`;" - }, - { - "m": "ngx_http_memcached_module", - "n": "memcached_connect_timeout", - "d": "Defines a timeout for establishing a connection with a memcached server. It should be noted that this timeout cannot usually exceed 75 seconds.", - "v": "memcached\\_connect\\_timeout 60s;", - "c": "`http`, `server`, `location`", - "s": "**memcached_connect_timeout** `_time_`;" - }, - { - "m": "ngx_http_memcached_module", - "n": "memcached_gzip_flag", - "d": "Enables the test for the `_flag_` presence in the memcached server response and sets the “`Content-Encoding`” response header field to “`gzip`” if the flag is set.", - "c": "`http`, `server`, `location`", - "s": "**memcached_gzip_flag** `_flag_`;" - }, - { - "m": "ngx_http_memcached_module", - "n": "memcached_next_upstream", - "d": "Specifies in which cases a request should be passed to the next server:\n`error`\n\nan error occurred while establishing a connection with the server, passing a request to it, or reading the response header;\n\n`timeout`\n\na timeout has occurred while establishing a connection with the server, passing a request to it, or reading the response header;\n\n`invalid_response`\n\na server returned an empty or invalid response;\n\n`not_found`\n\na response was not found on the server;\n\n`off`\n\ndisables passing a request to the next server.\n\nOne should bear in mind that passing a request to the next server is only possible if nothing has been sent to a client yet. That is, if an error or timeout occurs in the middle of the transferring of a response, fixing this is impossible.\nThe directive also defines what is considered an [unsuccessful attempt](https://nginx.org/en/docs/http/ngx_http_upstream_module.html#max_fails) of communication with a server. The cases of `error`, `timeout` and `invalid_response` are always considered unsuccessful attempts, even if they are not specified in the directive. The case of `not_found` is never considered an unsuccessful attempt.\nPassing a request to the next server can be limited by [the number of tries](https://nginx.org/en/docs/http/ngx_http_memcached_module.html#memcached_next_upstream_tries) and by [time](https://nginx.org/en/docs/http/ngx_http_memcached_module.html#memcached_next_upstream_timeout).", - "v": "memcached\\_next\\_upstream error timeout;", - "c": "`http`, `server`, `location`", - "s": "**memcached_next_upstream** `error` | `timeout` | `invalid_response` | `not_found` | `off` ...;" - }, - { - "m": "ngx_http_memcached_module", - "n": "memcached_next_upstream_timeout", - "d": "Limits the time during which a request can be passed to the [next server](https://nginx.org/en/docs/http/ngx_http_memcached_module.html#memcached_next_upstream). The `0` value turns off this limitation.", - "v": "memcached\\_next\\_upstream\\_timeout 0;", - "c": "`http`, `server`, `location`", - "s": "**memcached_next_upstream_timeout** `_time_`;" - }, - { - "m": "ngx_http_memcached_module", - "n": "memcached_next_upstream_tries", - "d": "Limits the number of possible tries for passing a request to the [next server](https://nginx.org/en/docs/http/ngx_http_memcached_module.html#memcached_next_upstream). The `0` value turns off this limitation.", - "v": "memcached\\_next\\_upstream\\_tries 0;", - "c": "`http`, `server`, `location`", - "s": "**memcached_next_upstream_tries** `_number_`;" - }, - { - "m": "ngx_http_memcached_module", - "n": "memcached_pass", - "d": "Sets the memcached server address. The address can be specified as a domain name or IP address, and a port:\n```\nmemcached_pass localhost:11211;\n\n```\nor as a UNIX-domain socket path:\n```\nmemcached_pass unix:/tmp/memcached.socket;\n\n```\n\nIf a domain name resolves to several addresses, all of them will be used in a round-robin fashion. In addition, an address can be specified as a [server group](https://nginx.org/en/docs/http/ngx_http_upstream_module.html).", - "c": "`location`, `if in location`", - "s": "**memcached_pass** `_address_`;" - }, - { - "m": "ngx_http_memcached_module", - "n": "memcached_read_timeout", - "d": "Defines a timeout for reading a response from the memcached server. The timeout is set only between two successive read operations, not for the transmission of the whole response. If the memcached server does not transmit anything within this time, the connection is closed.", - "v": "memcached\\_read\\_timeout 60s;", - "c": "`http`, `server`, `location`", - "s": "**memcached_read_timeout** `_time_`;" - }, - { - "m": "ngx_http_memcached_module", - "n": "memcached_send_timeout", - "d": "Sets a timeout for transmitting a request to the memcached server. The timeout is set only between two successive write operations, not for the transmission of the whole request. If the memcached server does not receive anything within this time, the connection is closed.", - "v": "memcached\\_send\\_timeout 60s;", - "c": "`http`, `server`, `location`", - "s": "**memcached_send_timeout** `_time_`;" - }, - { - "m": "ngx_http_memcached_module", - "n": "memcached_socket_keepalive", - "d": "Configures the “TCP keepalive” behavior for outgoing connections to a memcached server. By default, the operating system’s settings are in effect for the socket. If the directive is set to the value “`on`”, the `SO_KEEPALIVE` socket option is turned on for the socket.", - "v": "memcached\\_socket\\_keepalive off;", - "c": "`http`, `server`, `location`", - "s": "**memcached_socket_keepalive** `on` | `off`;" - }, - { - "m": "ngx_http_memcached_module", - "n": "variables", - "d": "#### Embedded Variables\n\n`$memcached_key`\n\nDefines a key for obtaining response from a memcached server.\n", - "v": "memcached\\_socket\\_keepalive off;", - "c": "`http`, `server`, `location`", - "s": "**memcached_socket_keepalive** `on` | `off`;" - }, - { - "m": "ngx_http_memcached_module", - "n": "$memcached_key", - "d": "Defines a key for obtaining response from a memcached server." - }, - { - "m": "ngx_http_mirror_module", - "n": "mirror", - "d": "Sets the URI to which an original request will be mirrored. Several mirrors can be specified on the same configuration level.", - "v": "mirror off;", - "c": "`http`, `server`, `location`", - "s": "**mirror** `_uri_` | `off`;" - }, - { - "m": "ngx_http_mirror_module", - "n": "mirror_request_body", - "d": "Indicates whether the client request body is mirrored. When enabled, the client request body will be read prior to creating mirror subrequests. In this case, unbuffered client request body proxying set by the [proxy\\_request\\_buffering](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_request_buffering), [fastcgi\\_request\\_buffering](https://nginx.org/en/docs/http/ngx_http_fastcgi_module.html#fastcgi_request_buffering), [scgi\\_request\\_buffering](https://nginx.org/en/docs/http/ngx_http_scgi_module.html#scgi_request_buffering), and [uwsgi\\_request\\_buffering](https://nginx.org/en/docs/http/ngx_http_uwsgi_module.html#uwsgi_request_buffering) directives will be disabled.\n```\nlocation / {\n mirror /mirror;\n mirror_request_body off;\n proxy_pass http://backend;\n}\n\nlocation = /mirror {\n internal;\n proxy_pass http://log_backend;\n proxy_pass_request_body off;\n proxy_set_header Content-Length \"\";\n proxy_set_header X-Original-URI $request_uri;\n}\n\n```\n", - "v": "mirror\\_request\\_body on;", - "c": "`http`, `server`, `location`", - "s": "**mirror_request_body** `on` | `off`;" - }, - { - "m": "ngx_http_mp4_module", - "n": "keyframe", - "d": "If the `start` argument points to a non-key video frame, the beginning of such video will be broken. To fix this issue, the video [can](https://nginx.org/en/docs/http/ngx_http_mp4_module.html#mp4_start_key_frame) be prepended with the key frame before `start` point and with all intermediate frames between them. These frames will be hidden from playback using an edit list (1.21.4).\nIf a matching request does not include the `start` and `end` arguments, there is no overhead, and the file is sent simply as a static resource. Some players also support byte-range requests, and thus do not require this module.\nThis module is not built by default, it should be enabled with the `--with-http_mp4_module` configuration parameter.\nIf a third-party mp4 module was previously used, it should be disabled.\n\nA similar pseudo-streaming support for FLV files is provided by the [ngx\\_http\\_flv\\_module](https://nginx.org/en/docs/http/ngx_http_flv_module.html) module." - }, - { - "m": "ngx_http_mp4_module", - "n": "mp4", - "d": "Turns on module processing in a surrounding location.", - "c": "`location`", - "s": "**mp4**;" - }, - { - "m": "ngx_http_mp4_module", - "n": "mp4_buffer_size", - "d": "Sets the initial `_size_` of the buffer used for processing MP4 files.", - "v": "mp4\\_buffer\\_size 512K;", - "c": "`http`, `server`, `location`", - "s": "**mp4_buffer_size** `_size_`;" - }, - { - "m": "ngx_http_mp4_module", - "n": "mp4_max_buffer_size", - "d": "During metadata processing, a larger buffer may become necessary. Its size cannot exceed the specified `_size_`, or else nginx will return the 500 (Internal Server Error) server error, and log the following message:\n```\n\"/some/movie/file.mp4\" mp4 moov atom is too large:\n12583268, you may want to increase mp4_max_buffer_size\n\n```\n", - "v": "mp4\\_max\\_buffer\\_size 10M;", - "c": "`http`, `server`, `location`", - "s": "**mp4_max_buffer_size** `_size_`;" - }, - { - "m": "ngx_http_mp4_module", - "n": "mp4_limit_rate", - "d": "Limits the rate of response transmission to a client. The rate is limited based on the average bitrate of the MP4 file served. To calculate the rate, the bitrate is multiplied by the specified `_factor_`. The special value “`on`” corresponds to the factor of 1.1. The special value “`off`” disables rate limiting. The limit is set per a request, and so if a client simultaneously opens two connections, the overall rate will be twice as much as the specified limit.\n\nThis directive is available as part of our [commercial subscription](http://nginx.com/products/).\n", - "v": "mp4\\_limit\\_rate off;", - "c": "`http`, `server`, `location`", - "s": "**mp4_limit_rate** `on` | `off` | `_factor_`;" - }, - { - "m": "ngx_http_mp4_module", - "n": "mp4_limit_rate_after", - "d": "Sets the initial amount of media data (measured in playback time) after which the further transmission of the response to a client will be rate limited.\n\nThis directive is available as part of our [commercial subscription](http://nginx.com/products/).\n", - "v": "mp4\\_limit\\_rate\\_after 60s;", - "c": "`http`, `server`, `location`", - "s": "**mp4_limit_rate_after** `_time_`;" - }, - { - "m": "ngx_http_mp4_module", - "n": "mp4_start_key_frame", - "d": "Forces output video to always start with a key video frame. If the `start` argument does not point to a key frame, initial frames are hidden using an mp4 edit list. Edit lists are supported by major players and browsers such as Chrome, Safari, QuickTime and ffmpeg, partially supported by Firefox.", - "v": "mp4\\_start\\_key\\_frame off;", - "c": "`http`, `server`, `location`", - "s": "**mp4_start_key_frame** `on` | `off`;" - }, - { - "m": "ngx_http_perl_module", - "n": "issues", - "d": "#### Known Issues\nThe module is experimental, caveat emptor applies.\nIn order for Perl to recompile the modified modules during reconfiguration, it should be built with the `-Dusemultiplicity=yes` or `-Dusethreads=yes` parameters. Also, to make Perl leak less memory at run time, it should be built with the `-Dusemymalloc=no` parameter. To check the values of these parameters in an already built Perl (preferred values are specified in the example), run:\n```\n$ perl -V:usemultiplicity -V:usemymalloc\nusemultiplicity='define';\nusemymalloc='n';\n\n```\n\nNote that after rebuilding Perl with the new `-Dusemultiplicity=yes` or `-Dusethreads=yes` parameters, all binary Perl modules will have to be rebuilt as well — they will just stop working with the new Perl.\nThere is a possibility that the main process and then worker processes will grow in size after every reconfiguration. If the main process grows to an unacceptable size, the [live upgrade](https://nginx.org/en/docs/control.html#upgrade) procedure can be applied without changing the executable file.\nWhile the Perl module is performing a long-running operation, such as resolving a domain name, connecting to another server, or querying a database, other requests assigned to the current worker process will not be processed. It is thus recommended to perform only such operations that have predictable and short execution time, such as accessing the local file system." - }, - { - "m": "ngx_http_perl_module", - "n": "perl", - "d": "Sets a Perl handler for the given location.", - "c": "`location`, `limit_except`", - "s": "**perl** `_module_`::`_function_`|'sub { ... }';" - }, - { - "m": "ngx_http_perl_module", - "n": "perl_modules", - "d": "Sets an additional path for Perl modules.", - "c": "`http`", - "s": "**perl_modules** `_path_`;" - }, - { - "m": "ngx_http_perl_module", - "n": "perl_require", - "d": "Defines the name of a module that will be loaded during each reconfiguration. Several `perl_require` directives can be present.", - "c": "`http`", - "s": "**perl_require** `_module_`;" - }, - { - "m": "ngx_http_perl_module", - "n": "perl_set", - "d": "Installs a Perl handler for the specified variable.", - "c": "`http`", - "s": "**perl_set** `_$variable_` `_module_`::`_function_`|'sub { ... }';" - }, - { - "m": "ngx_http_perl_module", - "n": "ssi", - "d": "#### Calling Perl from SSI\nAn SSI command calling Perl has the following format:\n```\n\n\n```\n", - "c": "`http`", - "s": "**perl_set** `_$variable_` `_module_`::`_function_`|'sub { ... }';" - }, - { - "m": "ngx_http_perl_module", - "n": "methods", - "d": "#### The $r Request Object Methods\n\n`$r->args`\n\nreturns request arguments.\n\n`$r->filename`\n\nreturns a filename corresponding to the request URI.\n\n``$r->has_request_body(`_handler_`)``\n\nreturns 0 if there is no body in a request. If there is a body, the specified handler is set for the request and 1 is returned. After reading the request body, nginx will call the specified handler. Note that the handler function should be passed by reference. Example:\n\n> package hello;\n> \n> use nginx;\n> \n> sub handler {\n> my $r = shift;\n> \n> if ($r->request\\_method ne \"POST\") {\n> return DECLINED;\n> }\n> \n> if ($r->has\\_request\\_body(**\\\\&post**)) {\n> return OK;\n> }\n> \n> return HTTP\\_BAD\\_REQUEST;\n> }\n> \n> sub **post** {\n> my $r = shift;\n> \n> $r->send\\_http\\_header;\n> \n> $r->print(\"request\\_body: \\\\\"\", $r->request\\_body, \"\\\\\"
\");\n> $r->print(\"request\\_body\\_file: \\\\\"\", $r->request\\_body\\_file, \"\\\\\"
\\\\n\");\n> \n> return OK;\n> }\n> \n> 1;\n> \n> \\_\\_END\\_\\_\n\n`$r->allow_ranges`\n\nenables the use of byte ranges when sending responses.\n\n`$r->discard_request_body`\n\ninstructs nginx to discard the request body.\n\n``$r->header_in(`_field_`)``\n\nreturns the value of the specified client request header field.\n\n`$r->header_only`\n\ndetermines whether the whole response or only its header should be sent to the client.\n\n``$r->header_out(`_field_`, `_value_`)``\n\nsets a value for the specified response header field.\n\n``$r->internal_redirect(`_uri_`)``\n\ndoes an internal redirect to the specified `_uri_`. An actual redirect happens after the Perl handler execution is completed.\n\n> Since version 1.17.2, the method accepts escaped URIs and supports redirections to named locations.\n\n``$r->log_error(`_errno_`, `_message_`)``\n\nwrites the specified `_message_` into the [error\\_log](https://nginx.org/en/docs/ngx_core_module.html#error_log). If `_errno_` is non-zero, an error code and its description will be appended to the message.\n\n``$r->print(`_text_`, ...)``\n\npasses data to a client.\n\n`$r->request_body`\n\nreturns the client request body if it has not been written to a temporary file. To ensure that the client request body is in memory, its size should be limited by [client\\_max\\_body\\_size](https://nginx.org/en/docs/http/ngx_http_core_module.html#client_max_body_size), and a sufficient buffer size should be set using [client\\_body\\_buffer\\_size](https://nginx.org/en/docs/http/ngx_http_core_module.html#client_body_buffer_size).\n\n`$r->request_body_file`\n\nreturns the name of the file with the client request body. After the processing, the file should be removed. To always write a request body to a file, [client\\_body\\_in\\_file\\_only](https://nginx.org/en/docs/http/ngx_http_core_module.html#client_body_in_file_only) should be enabled.\n\n`$r->request_method`\n\nreturns the client request HTTP method.\n\n`$r->remote_addr`\n\nreturns the client IP address.\n\n`$r->flush`\n\nimmediately sends data to the client.\n\n``$r->sendfile(`_name_`[, `_offset_`[, `_length_`]])``\n\nsends the specified file content to the client. Optional parameters specify the initial offset and length of the data to be transmitted. The actual data transmission happens after the Perl handler has completed.\n\n``$r->send_http_header([`_type_`])``\n\nsends the response header to the client. The optional `_type_` parameter sets the value of the “Content-Type” response header field. If the value is an empty string, the “Content-Type” header field will not be sent.\n\n``$r->status(`_code_`)``\n\nsets a response code.\n\n``$r->sleep(`_milliseconds_`, `_handler_`)``\n\nsets the specified handler and stops request processing for the specified time. In the meantime, nginx continues to process other requests. After the specified time has elapsed, nginx will call the installed handler. Note that the handler function should be passed by reference. In order to pass data between handlers, `$r->variable()` should be used. Example:\n\n> package hello;\n> \n> use nginx;\n> \n> sub handler {\n> my $r = shift;\n> \n> $r->discard\\_request\\_body;\n> $r->variable(\"var\", \"OK\");\n> $r->sleep(1000, **\\\\&next**);\n> \n> return OK;\n> }\n> \n> sub **next** {\n> my $r = shift;\n> \n> $r->send\\_http\\_header;\n> $r->print($r->variable(\"var\"));\n> \n> return OK;\n> }\n> \n> 1;\n> \n> \\_\\_END\\_\\_\n\n``$r->unescape(`_text_`)``\n\ndecodes a text encoded in the “%XX” form.\n\n`$r->uri`\n\nreturns a request URI.\n\n``$r->variable(`_name_`[, `_value_`])``\n\nreturns or sets the value of the specified variable. Variables are local to each request.\n", - "c": "`http`", - "s": "**perl_set** `_$variable_` `_module_`::`_function_`|'sub { ... }';" - }, - { - "m": "ngx_http_proxy_module", - "n": "proxy_bind", - "d": "Makes outgoing connections to a proxied server originate from the specified local IP address with an optional port (1.11.2). Parameter value can contain variables (1.3.12). The special value `off` (1.3.12) cancels the effect of the `proxy_bind` directive inherited from the previous configuration level, which allows the system to auto-assign the local IP address and port.", - "c": "`http`, `server`, `location`", - "s": "**proxy_bind** `_address_` [`transparent`] | `off`;" - }, - { - "m": "ngx_http_proxy_module", - "n": "proxy_bind_transparent", - "d": "The `transparent` parameter (1.11.0) allows outgoing connections to a proxied server originate from a non-local IP address, for example, from a real IP address of a client:\n```\nproxy_bind $remote_addr transparent;\n\n```\nIn order for this parameter to work, it is usually necessary to run nginx worker processes with the [superuser](https://nginx.org/en/docs/ngx_core_module.html#user) privileges. On Linux it is not required (1.13.8) as if the `transparent` parameter is specified, worker processes inherit the `CAP_NET_RAW` capability from the master process. It is also necessary to configure kernel routing table to intercept network traffic from the proxied server.", - "c": "`http`, `server`, `location`", - "s": "**proxy_bind** `_address_` [`transparent`] | `off`;" - }, - { - "m": "ngx_http_proxy_module", - "n": "proxy_buffer_size", - "d": "Sets the `_size_` of the buffer used for reading the first part of the response received from the proxied server. This part usually contains a small response header. By default, the buffer size is equal to one memory page. This is either 4K or 8K, depending on a platform. It can be made smaller, however.", - "v": "proxy\\_buffer\\_size 4k|8k;", - "c": "`http`, `server`, `location`", - "s": "**proxy_buffer_size** `_size_`;" - }, - { - "m": "ngx_http_proxy_module", - "n": "proxy_buffering", - "d": "Enables or disables buffering of responses from the proxied server.\nWhen buffering is enabled, nginx receives a response from the proxied server as soon as possible, saving it into the buffers set by the [proxy\\_buffer\\_size](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_buffer_size) and [proxy\\_buffers](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_buffers) directives. If the whole response does not fit into memory, a part of it can be saved to a [temporary file](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_temp_path) on the disk. Writing to temporary files is controlled by the [proxy\\_max\\_temp\\_file\\_size](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_max_temp_file_size) and [proxy\\_temp\\_file\\_write\\_size](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_temp_file_write_size) directives.\nWhen buffering is disabled, the response is passed to a client synchronously, immediately as it is received. nginx will not try to read the whole response from the proxied server. The maximum size of the data that nginx can receive from the server at a time is set by the [proxy\\_buffer\\_size](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_buffer_size) directive.\nBuffering can also be enabled or disabled by passing “`yes`” or “`no`” in the “X-Accel-Buffering” response header field. This capability can be disabled using the [proxy\\_ignore\\_headers](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_ignore_headers) directive.", - "v": "proxy\\_buffering on;", - "c": "`http`, `server`, `location`", - "s": "**proxy_buffering** `on` | `off`;" - }, - { - "m": "ngx_http_proxy_module", - "n": "proxy_buffers", - "d": "Sets the `_number_` and `_size_` of the buffers used for reading a response from the proxied server, for a single connection. By default, the buffer size is equal to one memory page. This is either 4K or 8K, depending on a platform.", - "v": "proxy\\_buffers 8 4k|8k;", - "c": "`http`, `server`, `location`", - "s": "**proxy_buffers** `_number_` `_size_`;" - }, - { - "m": "ngx_http_proxy_module", - "n": "proxy_busy_buffers_size", - "d": "When [buffering](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_buffering) of responses from the proxied server is enabled, limits the total `_size_` of buffers that can be busy sending a response to the client while the response is not yet fully read. In the meantime, the rest of the buffers can be used for reading the response and, if needed, buffering part of the response to a temporary file. By default, `_size_` is limited by the size of two buffers set by the [proxy\\_buffer\\_size](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_buffer_size) and [proxy\\_buffers](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_buffers) directives.", - "v": "proxy\\_busy\\_buffers\\_size 8k|16k;", - "c": "`http`, `server`, `location`", - "s": "**proxy_busy_buffers_size** `_size_`;" - }, - { - "m": "ngx_http_proxy_module", - "n": "proxy_cache", - "d": "Defines a shared memory zone used for caching. The same zone can be used in several places. Parameter value can contain variables (1.7.9). The `off` parameter disables caching inherited from the previous configuration level.", - "v": "proxy\\_cache off;", - "c": "`http`, `server`, `location`", - "s": "**proxy_cache** `_zone_` | `off`;" - }, - { - "m": "ngx_http_proxy_module", - "n": "proxy_cache_background_update", - "d": "Allows starting a background subrequest to update an expired cache item, while a stale cached response is returned to the client. Note that it is necessary to [allow](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_cache_use_stale_updating) the usage of a stale cached response when it is being updated.", - "v": "proxy\\_cache\\_background\\_update off;", - "c": "`http`, `server`, `location`", - "s": "**proxy_cache_background_update** `on` | `off`;" - }, - { - "m": "ngx_http_proxy_module", - "n": "proxy_cache_bypass", - "d": "Defines conditions under which the response will not be taken from a cache. If at least one value of the string parameters is not empty and is not equal to “0” then the response will not be taken from the cache:\n```\nproxy_cache_bypass $cookie_nocache $arg_nocache$arg_comment;\nproxy_cache_bypass $http_pragma $http_authorization;\n\n```\nCan be used along with the [proxy\\_no\\_cache](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_no_cache) directive.", - "c": "`http`, `server`, `location`", - "s": "**proxy_cache_bypass** `_string_` ...;" - }, - { - "m": "ngx_http_proxy_module", - "n": "proxy_cache_convert_head", - "d": "Enables or disables the conversion of the “`HEAD`” method to “`GET`” for caching. When the conversion is disabled, the [cache key](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_cache_key) should be configured to include the `$request_method`.", - "v": "proxy\\_cache\\_convert\\_head on;", - "c": "`http`, `server`, `location`", - "s": "**proxy_cache_convert_head** `on` | `off`;" - }, - { - "m": "ngx_http_proxy_module", - "n": "proxy_cache_key", - "d": "Defines a key for caching, for example\n```\nproxy_cache_key \"$host$request_uri $cookie_user\";\n\n```\nBy default, the directive’s value is close to the string\n```\nproxy_cache_key $scheme$proxy_host$uri$is_args$args;\n\n```\n", - "v": "proxy\\_cache\\_key $scheme$proxy\\_host$request\\_uri;", - "c": "`http`, `server`, `location`", - "s": "**proxy_cache_key** `_string_`;" - }, - { - "m": "ngx_http_proxy_module", - "n": "proxy_cache_lock", - "d": "When enabled, only one request at a time will be allowed to populate a new cache element identified according to the [proxy\\_cache\\_key](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_cache_key) directive by passing a request to a proxied server. Other requests of the same cache element will either wait for a response to appear in the cache or the cache lock for this element to be released, up to the time set by the [proxy\\_cache\\_lock\\_timeout](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_cache_lock_timeout) directive.", - "v": "proxy\\_cache\\_lock off;", - "c": "`http`, `server`, `location`", - "s": "**proxy_cache_lock** `on` | `off`;" - }, - { - "m": "ngx_http_proxy_module", - "n": "proxy_cache_lock_age", - "d": "If the last request passed to the proxied server for populating a new cache element has not completed for the specified `_time_`, one more request may be passed to the proxied server.", - "v": "proxy\\_cache\\_lock\\_age 5s;", - "c": "`http`, `server`, `location`", - "s": "**proxy_cache_lock_age** `_time_`;" - }, - { - "m": "ngx_http_proxy_module", - "n": "proxy_cache_lock_timeout", - "d": "Sets a timeout for [proxy\\_cache\\_lock](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_cache_lock). When the `_time_` expires, the request will be passed to the proxied server, however, the response will not be cached.\nBefore 1.7.8, the response could be cached.\n", - "v": "proxy\\_cache\\_lock\\_timeout 5s;", - "c": "`http`, `server`, `location`", - "s": "**proxy_cache_lock_timeout** `_time_`;" - }, - { - "m": "ngx_http_proxy_module", - "n": "proxy_cache_max_range_offset", - "d": "Sets an offset in bytes for byte-range requests. If the range is beyond the offset, the range request will be passed to the proxied server and the response will not be cached.", - "c": "`http`, `server`, `location`", - "s": "**proxy_cache_max_range_offset** `_number_`;" - }, - { - "m": "ngx_http_proxy_module", - "n": "proxy_cache_methods", - "d": "If the client request method is listed in this directive then the response will be cached. “`GET`” and “`HEAD`” methods are always added to the list, though it is recommended to specify them explicitly. See also the [proxy\\_no\\_cache](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_no_cache) directive.", - "v": "proxy\\_cache\\_methods GET HEAD;", - "c": "`http`, `server`, `location`", - "s": "**proxy_cache_methods** `GET` | `HEAD` | `POST` ...;" - }, - { - "m": "ngx_http_proxy_module", - "n": "proxy_cache_min_uses", - "d": "Sets the `_number_` of requests after which the response will be cached.", - "v": "proxy\\_cache\\_min\\_uses 1;", - "c": "`http`, `server`, `location`", - "s": "**proxy_cache_min_uses** `_number_`;" - }, - { - "m": "ngx_http_proxy_module", - "n": "proxy_cache_path", - "d": "Sets the path and other parameters of a cache. Cache data are stored in files. The file name in a cache is a result of applying the MD5 function to the [cache key](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_cache_key). The `levels` parameter defines hierarchy levels of a cache: from 1 to 3, each level accepts values 1 or 2. For example, in the following configuration\n```\nproxy_cache_path /data/nginx/cache levels=1:2 keys_zone=one:10m;\n\n```\nfile names in a cache will look like this:\n```\n/data/nginx/cache/c/29/b7f54b2df7773722d382f4809d65029c\n\n```\n\nA cached response is first written to a temporary file, and then the file is renamed. Starting from version 0.8.9, temporary files and the cache can be put on different file systems. However, be aware that in this case a file is copied across two file systems instead of the cheap renaming operation. It is thus recommended that for any given location both cache and a directory holding temporary files are put on the same file system. The directory for temporary files is set based on the `use_temp_path` parameter (1.7.10). If this parameter is omitted or set to the value `on`, the directory set by the [proxy\\_temp\\_path](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_temp_path) directive for the given location will be used. If the value is set to `off`, temporary files will be put directly in the cache directory.\nIn addition, all active keys and information about data are stored in a shared memory zone, whose `_name_` and `_size_` are configured by the `keys_zone` parameter. One megabyte zone can store about 8 thousand keys.\nAs part of [commercial subscription](http://nginx.com/products/), the shared memory zone also stores extended cache [information](https://nginx.org/en/docs/http/ngx_http_api_module.html#http_caches_), thus, it is required to specify a larger zone size for the same number of keys. For example, one megabyte zone can store about 4 thousand keys.\n\nCached data that are not accessed during the time specified by the `inactive` parameter get removed from the cache regardless of their freshness. By default, `inactive` is set to 10 minutes.", - "c": "`http`", - "s": "**proxy_cache_path** `_path_` [`levels`=`_levels_`] [`use_temp_path`=`on`|`off`] `keys_zone`=`_name_`:`_size_` [`inactive`=`_time_`] [`max_size`=`_size_`] [`min_free`=`_size_`] [`manager_files`=`_number_`] [`manager_sleep`=`_time_`] [`manager_threshold`=`_time_`] [`loader_files`=`_number_`] [`loader_sleep`=`_time_`] [`loader_threshold`=`_time_`] [`purger`=`on`|`off`] [`purger_files`=`_number_`] [`purger_sleep`=`_time_`] [`purger_threshold`=`_time_`];" - }, - { - "m": "ngx_http_proxy_module", - "n": "proxy_cache_path_max_size", - "d": "The special “cache manager” process monitors the maximum cache size set by the `max_size` parameter, and the minimum amount of free space set by the `min_free` (1.19.1) parameter on the file system with cache. When the size is exceeded or there is not enough free space, it removes the least recently used data. The data is removed in iterations configured by `manager_files`, `manager_threshold`, and `manager_sleep` parameters (1.11.5). During one iteration no more than `manager_files` items are deleted (by default, 100). The duration of one iteration is limited by the `manager_threshold` parameter (by default, 200 milliseconds). Between iterations, a pause configured by the `manager_sleep` parameter (by default, 50 milliseconds) is made.\nA minute after the start the special “cache loader” process is activated. It loads information about previously cached data stored on file system into a cache zone. The loading is also done in iterations. During one iteration no more than `loader_files` items are loaded (by default, 100). Besides, the duration of one iteration is limited by the `loader_threshold` parameter (by default, 200 milliseconds). Between iterations, a pause configured by the `loader_sleep` parameter (by default, 50 milliseconds) is made.\nAdditionally, the following parameters are available as part of our [commercial subscription](http://nginx.com/products/):\n\n`purger`\\=`on`|`off`\n\nInstructs whether cache entries that match a [wildcard key](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_cache_purge) will be removed from the disk by the cache purger (1.7.12). Setting the parameter to `on` (default is `off`) will activate the “cache purger” process that permanently iterates through all cache entries and deletes the entries that match the wildcard key.\n\n`purger_files`\\=`_number_`\n\nSets the number of items that will be scanned during one iteration (1.7.12). By default, `purger_files` is set to 10.\n\n`purger_threshold`\\=`_number_`\n\nSets the duration of one iteration (1.7.12). By default, `purger_threshold` is set to 50 milliseconds.\n\n`purger_sleep`\\=`_number_`\n\nSets a pause between iterations (1.7.12). By default, `purger_sleep` is set to 50 milliseconds.\n\n\nIn versions 1.7.3, 1.7.7, and 1.11.10 cache header format has been changed. Previously cached responses will be considered invalid after upgrading to a newer nginx version.\n", - "c": "`http`", - "s": "**proxy_cache_path** `_path_` [`levels`=`_levels_`] [`use_temp_path`=`on`|`off`] `keys_zone`=`_name_`:`_size_` [`inactive`=`_time_`] [`max_size`=`_size_`] [`min_free`=`_size_`] [`manager_files`=`_number_`] [`manager_sleep`=`_time_`] [`manager_threshold`=`_time_`] [`loader_files`=`_number_`] [`loader_sleep`=`_time_`] [`loader_threshold`=`_time_`] [`purger`=`on`|`off`] [`purger_files`=`_number_`] [`purger_sleep`=`_time_`] [`purger_threshold`=`_time_`];" - }, - { - "m": "ngx_http_proxy_module", - "n": "proxy_cache_purge", - "d": "Defines conditions under which the request will be considered a cache purge request. If at least one value of the string parameters is not empty and is not equal to “0” then the cache entry with a corresponding [cache key](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_cache_key) is removed. The result of successful operation is indicated by returning the 204 (No Content) response.\nIf the [cache key](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_cache_key) of a purge request ends with an asterisk (“`*`”), all cache entries matching the wildcard key will be removed from the cache. However, these entries will remain on the disk until they are deleted for either [inactivity](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_cache_path), or processed by the [cache purger](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#purger) (1.7.12), or a client attempts to access them.\nExample configuration:\n```\nproxy_cache_path /data/nginx/cache keys_zone=cache_zone:10m;\n\nmap $request_method $purge_method {\n PURGE 1;\n default 0;\n}\n\nserver {\n ...\n location / {\n proxy_pass http://backend;\n proxy_cache cache_zone;\n proxy_cache_key $uri;\n proxy_cache_purge $purge_method;\n }\n}\n\n```\n\nThis functionality is available as part of our [commercial subscription](http://nginx.com/products/).\n", - "c": "`http`, `server`, `location`", - "s": "**proxy_cache_purge** string ...;" - }, - { - "m": "ngx_http_proxy_module", - "n": "proxy_cache_revalidate", - "d": "Enables revalidation of expired cache items using conditional requests with the “If-Modified-Since” and “If-None-Match” header fields.", - "v": "proxy\\_cache\\_revalidate off;", - "c": "`http`, `server`, `location`", - "s": "**proxy_cache_revalidate** `on` | `off`;" - }, - { - "m": "ngx_http_proxy_module", - "n": "proxy_cache_use_stale", - "d": "Determines in which cases a stale cached response can be used during communication with the proxied server. The directive’s parameters match the parameters of the [proxy\\_next\\_upstream](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_next_upstream) directive.\nThe `error` parameter also permits using a stale cached response if a proxied server to process a request cannot be selected.", - "v": "proxy\\_cache\\_use\\_stale off;", - "c": "`http`, `server`, `location`", - "s": "**proxy_cache_use_stale** `error` | `timeout` | `invalid_header` | `updating` | `http_500` | `http_502` | `http_503` | `http_504` | `http_403` | `http_404` | `http_429` | `off` ...;" - }, - { - "m": "ngx_http_proxy_module", - "n": "proxy_cache_use_stale_updating", - "d": "Additionally, the `updating` parameter permits using a stale cached response if it is currently being updated. This allows minimizing the number of accesses to proxied servers when updating cached data.\nUsing a stale cached response can also be enabled directly in the response header for a specified number of seconds after the response became stale (1.11.10). This has lower priority than using the directive parameters.\n* The “[stale-while-revalidate](https://datatracker.ietf.org/doc/html/rfc5861#section-3)” extension of the “Cache-Control” header field permits using a stale cached response if it is currently being updated.\n* The “[stale-if-error](https://datatracker.ietf.org/doc/html/rfc5861#section-4)” extension of the “Cache-Control” header field permits using a stale cached response in case of an error.\n\nTo minimize the number of accesses to proxied servers when populating a new cache element, the [proxy\\_cache\\_lock](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_cache_lock) directive can be used.", - "v": "proxy\\_cache\\_use\\_stale off;", - "c": "`http`, `server`, `location`", - "s": "**proxy_cache_use_stale** `error` | `timeout` | `invalid_header` | `updating` | `http_500` | `http_502` | `http_503` | `http_504` | `http_403` | `http_404` | `http_429` | `off` ...;" - }, - { - "m": "ngx_http_proxy_module", - "n": "proxy_cache_valid", - "d": "Sets caching time for different response codes. For example, the following directives\n```\nproxy_cache_valid 200 302 10m;\nproxy_cache_valid 404 1m;\n\n```\nset 10 minutes of caching for responses with codes 200 and 302 and 1 minute for responses with code 404.\nIf only caching `_time_` is specified\n```\nproxy_cache_valid 5m;\n\n```\nthen only 200, 301, and 302 responses are cached.\nIn addition, the `any` parameter can be specified to cache any responses:\n```\nproxy_cache_valid 200 302 10m;\nproxy_cache_valid 301 1h;\nproxy_cache_valid any 1m;\n\n```\n\nParameters of caching can also be set directly in the response header. This has higher priority than setting of caching time using the directive.\n* The “X-Accel-Expires” header field sets caching time of a response in seconds. The zero value disables caching for a response. If the value starts with the `@` prefix, it sets an absolute time in seconds since Epoch, up to which the response may be cached.\n* If the header does not include the “X-Accel-Expires” field, parameters of caching may be set in the header fields “Expires” or “Cache-Control”.\n* If the header includes the “Set-Cookie” field, such a response will not be cached.\n* If the header includes the “Vary” field with the special value “`*`”, such a response will not be cached (1.7.7). If the header includes the “Vary” field with another value, such a response will be cached taking into account the corresponding request header fields (1.7.7).\nProcessing of one or more of these response header fields can be disabled using the [proxy\\_ignore\\_headers](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_ignore_headers) directive.", - "c": "`http`, `server`, `location`", - "s": "**proxy_cache_valid** [`_code_` ...] `_time_`;" - }, - { - "m": "ngx_http_proxy_module", - "n": "proxy_connect_timeout", - "d": "Defines a timeout for establishing a connection with a proxied server. It should be noted that this timeout cannot usually exceed 75 seconds.", - "v": "proxy\\_connect\\_timeout 60s;", - "c": "`http`, `server`, `location`", - "s": "**proxy_connect_timeout** `_time_`;" - }, - { - "m": "ngx_http_proxy_module", - "n": "proxy_cookie_domain", - "d": "Sets a text that should be changed in the `domain` attribute of the “Set-Cookie” header fields of a proxied server response. Suppose a proxied server returned the “Set-Cookie” header field with the attribute “`domain=localhost`”. The directive\n```\nproxy_cookie_domain localhost example.org;\n\n```\nwill rewrite this attribute to “`domain=example.org`”.\nA dot at the beginning of the `_domain_` and `_replacement_` strings and the `domain` attribute is ignored. Matching is case-insensitive.\nThe `_domain_` and `_replacement_` strings can contain variables:\n```\nproxy_cookie_domain www.$host $host;\n\n```\n\nThe directive can also be specified using regular expressions. In this case, `_domain_` should start from the “`~`” symbol. A regular expression can contain named and positional captures, and `_replacement_` can reference them:\n```\nproxy_cookie_domain ~\\.(?P[-0-9a-z]+\\.[a-z]+)$ $sl_domain;\n\n```\n\nSeveral `proxy_cookie_domain` directives can be specified on the same level:\n```\nproxy_cookie_domain localhost example.org;\nproxy_cookie_domain ~\\.([a-z]+\\.[a-z]+)$ $1;\n\n```\nIf several directives can be applied to the cookie, the first matching directive will be chosen.\nThe `off` parameter cancels the effect of the `proxy_cookie_domain` directives inherited from the previous configuration level.", - "v": "proxy\\_cookie\\_domain off;", - "c": "`http`, `server`, `location`", - "s": "**proxy_cookie_domain** `off`;`` \n``**proxy_cookie_domain** `_domain_` `_replacement_`;" - }, - { - "m": "ngx_http_proxy_module", - "n": "proxy_cookie_flags", - "d": "Sets one or more flags for the cookie. The `_cookie_` can contain text, variables, and their combinations. The `_flag_` can contain text, variables, and their combinations (1.19.8). The `secure`, `httponly`, `samesite=strict`, `samesite=lax`, `samesite=none` parameters add the corresponding flags. The `nosecure`, `nohttponly`, `nosamesite` parameters remove the corresponding flags.\nThe cookie can also be specified using regular expressions. In this case, `_cookie_` should start from the “`~`” symbol.\nSeveral `proxy_cookie_flags` directives can be specified on the same configuration level:\n```\nproxy_cookie_flags one httponly;\nproxy_cookie_flags ~ nosecure samesite=strict;\n\n```\nIf several directives can be applied to the cookie, the first matching directive will be chosen. In the example, the `httponly` flag is added to the cookie `one`, for all other cookies the `samesite=strict` flag is added and the `secure` flag is deleted.\nThe `off` parameter cancels the effect of the `proxy_cookie_flags` directives inherited from the previous configuration level.", - "v": "proxy\\_cookie\\_flags off;", - "c": "`http`, `server`, `location`", - "s": "**proxy_cookie_flags** `off` | `_cookie_` [`_flag_` ...];" - }, - { - "m": "ngx_http_proxy_module", - "n": "proxy_cookie_path", - "d": "Sets a text that should be changed in the `path` attribute of the “Set-Cookie” header fields of a proxied server response. Suppose a proxied server returned the “Set-Cookie” header field with the attribute “`path=/two/some/uri/`”. The directive\n```\nproxy_cookie_path /two/ /;\n\n```\nwill rewrite this attribute to “`path=/some/uri/`”.\nThe `_path_` and `_replacement_` strings can contain variables:\n```\nproxy_cookie_path $uri /some$uri;\n\n```\n\nThe directive can also be specified using regular expressions. In this case, `_path_` should either start from the “`~`” symbol for a case-sensitive matching, or from the “`~*`” symbols for case-insensitive matching. The regular expression can contain named and positional captures, and `_replacement_` can reference them:\n```\nproxy_cookie_path ~*^/user/([^/]+) /u/$1;\n\n```\n\nSeveral `proxy_cookie_path` directives can be specified on the same level:\n```\nproxy_cookie_path /one/ /;\nproxy_cookie_path / /two/;\n\n```\nIf several directives can be applied to the cookie, the first matching directive will be chosen.\nThe `off` parameter cancels the effect of the `proxy_cookie_path` directives inherited from the previous configuration level.", - "v": "proxy\\_cookie\\_path off;", - "c": "`http`, `server`, `location`", - "s": "**proxy_cookie_path** `off`;`` \n``**proxy_cookie_path** `_path_` `_replacement_`;" - }, - { - "m": "ngx_http_proxy_module", - "n": "proxy_force_ranges", - "d": "Enables byte-range support for both cached and uncached responses from the proxied server regardless of the “Accept-Ranges” field in these responses.", - "v": "proxy\\_force\\_ranges off;", - "c": "`http`, `server`, `location`", - "s": "**proxy_force_ranges** `on` | `off`;" - }, - { - "m": "ngx_http_proxy_module", - "n": "proxy_headers_hash_bucket_size", - "d": "Sets the bucket `_size_` for hash tables used by the [proxy\\_hide\\_header](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_hide_header) and [proxy\\_set\\_header](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_set_header) directives. The details of setting up hash tables are provided in a separate [document](https://nginx.org/en/docs/hash.html).", - "v": "proxy\\_headers\\_hash\\_bucket\\_size 64;", - "c": "`http`, `server`, `location`", - "s": "**proxy_headers_hash_bucket_size** `_size_`;" - }, - { - "m": "ngx_http_proxy_module", - "n": "proxy_headers_hash_max_size", - "d": "Sets the maximum `_size_` of hash tables used by the [proxy\\_hide\\_header](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_hide_header) and [proxy\\_set\\_header](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_set_header) directives. The details of setting up hash tables are provided in a separate [document](https://nginx.org/en/docs/hash.html).", - "v": "proxy\\_headers\\_hash\\_max\\_size 512;", - "c": "`http`, `server`, `location`", - "s": "**proxy_headers_hash_max_size** `_size_`;" - }, - { - "m": "ngx_http_proxy_module", - "n": "proxy_hide_header", - "d": "By default, nginx does not pass the header fields “Date”, “Server”, “X-Pad”, and “X-Accel-...” from the response of a proxied server to a client. The `proxy_hide_header` directive sets additional fields that will not be passed. If, on the contrary, the passing of fields needs to be permitted, the [proxy\\_pass\\_header](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_pass_header) directive can be used.", - "c": "`http`, `server`, `location`", - "s": "**proxy_hide_header** `_field_`;" - }, - { - "m": "ngx_http_proxy_module", - "n": "proxy_http_version", - "d": "Sets the HTTP protocol version for proxying. By default, version 1.0 is used. Version 1.1 is recommended for use with [keepalive](https://nginx.org/en/docs/http/ngx_http_upstream_module.html#keepalive) connections and [NTLM authentication](https://nginx.org/en/docs/http/ngx_http_upstream_module.html#ntlm).", - "v": "proxy\\_http\\_version 1.0;", - "c": "`http`, `server`, `location`", - "s": "**proxy_http_version** `1.0` | `1.1`;" - }, - { - "m": "ngx_http_proxy_module", - "n": "proxy_ignore_client_abort", - "d": "Determines whether the connection with a proxied server should be closed when a client closes the connection without waiting for a response.", - "v": "proxy\\_ignore\\_client\\_abort off;", - "c": "`http`, `server`, `location`", - "s": "**proxy_ignore_client_abort** `on` | `off`;" - }, - { - "m": "ngx_http_proxy_module", - "n": "proxy_ignore_headers", - "d": "Disables processing of certain response header fields from the proxied server. The following fields can be ignored: “X-Accel-Redirect”, “X-Accel-Expires”, “X-Accel-Limit-Rate” (1.1.6), “X-Accel-Buffering” (1.1.6), “X-Accel-Charset” (1.1.6), “Expires”, “Cache-Control”, “Set-Cookie” (0.8.44), and “Vary” (1.7.7).\nIf not disabled, processing of these header fields has the following effect:\n* “X-Accel-Expires”, “Expires”, “Cache-Control”, “Set-Cookie”, and “Vary” set the parameters of response [caching](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_cache_valid);\n* “X-Accel-Redirect” performs an [internal redirect](https://nginx.org/en/docs/http/ngx_http_core_module.html#internal) to the specified URI;\n* “X-Accel-Limit-Rate” sets the [rate limit](https://nginx.org/en/docs/http/ngx_http_core_module.html#limit_rate) for transmission of a response to a client;\n* “X-Accel-Buffering” enables or disables [buffering](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_buffering) of a response;\n* “X-Accel-Charset” sets the desired [charset](https://nginx.org/en/docs/http/ngx_http_charset_module.html#charset) of a response.\n", - "c": "`http`, `server`, `location`", - "s": "**proxy_ignore_headers** `_field_` ...;" - }, - { - "m": "ngx_http_proxy_module", - "n": "proxy_intercept_errors", - "d": "Determines whether proxied responses with codes greater than or equal to 300 should be passed to a client or be intercepted and redirected to nginx for processing with the [error\\_page](https://nginx.org/en/docs/http/ngx_http_core_module.html#error_page) directive.", - "v": "proxy\\_intercept\\_errors off;", - "c": "`http`, `server`, `location`", - "s": "**proxy_intercept_errors** `on` | `off`;" - }, - { - "m": "ngx_http_proxy_module", - "n": "proxy_limit_rate", - "d": "Limits the speed of reading the response from the proxied server. The `_rate_` is specified in bytes per second. The zero value disables rate limiting. The limit is set per a request, and so if nginx simultaneously opens two connections to the proxied server, the overall rate will be twice as much as the specified limit. The limitation works only if [buffering](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_buffering) of responses from the proxied server is enabled.", - "v": "proxy\\_limit\\_rate 0;", - "c": "`http`, `server`, `location`", - "s": "**proxy_limit_rate** `_rate_`;" - }, - { - "m": "ngx_http_proxy_module", - "n": "proxy_max_temp_file_size", - "d": "When [buffering](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_buffering) of responses from the proxied server is enabled, and the whole response does not fit into the buffers set by the [proxy\\_buffer\\_size](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_buffer_size) and [proxy\\_buffers](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_buffers) directives, a part of the response can be saved to a temporary file. This directive sets the maximum `_size_` of the temporary file. The size of data written to the temporary file at a time is set by the [proxy\\_temp\\_file\\_write\\_size](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_temp_file_write_size) directive.\nThe zero value disables buffering of responses to temporary files.\n\nThis restriction does not apply to responses that will be [cached](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_cache) or [stored](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_store) on disk.\n", - "v": "proxy\\_max\\_temp\\_file\\_size 1024m;", - "c": "`http`, `server`, `location`", - "s": "**proxy_max_temp_file_size** `_size_`;" - }, - { - "m": "ngx_http_proxy_module", - "n": "proxy_method", - "d": "Specifies the HTTP `_method_` to use in requests forwarded to the proxied server instead of the method from the client request. Parameter value can contain variables (1.11.6).", - "c": "`http`, `server`, `location`", - "s": "**proxy_method** `_method_`;" - }, - { - "m": "ngx_http_proxy_module", - "n": "proxy_next_upstream", - "d": "Specifies in which cases a request should be passed to the next server:\n`error`\n\nan error occurred while establishing a connection with the server, passing a request to it, or reading the response header;\n\n`timeout`\n\na timeout has occurred while establishing a connection with the server, passing a request to it, or reading the response header;\n\n`invalid_header`\n\na server returned an empty or invalid response;\n\n`http_500`\n\na server returned a response with the code 500;\n\n`http_502`\n\na server returned a response with the code 502;\n\n`http_503`\n\na server returned a response with the code 503;\n\n`http_504`\n\na server returned a response with the code 504;\n\n`http_403`\n\na server returned a response with the code 403;\n\n`http_404`\n\na server returned a response with the code 404;\n\n`http_429`\n\na server returned a response with the code 429 (1.11.13);\n\n`non_idempotent`\n\nnormally, requests with a [non-idempotent](https://datatracker.ietf.org/doc/html/rfc7231#section-4.2.2) method (`POST`, `LOCK`, `PATCH`) are not passed to the next server if a request has been sent to an upstream server (1.9.13); enabling this option explicitly allows retrying such requests;\n\n`off`\n\ndisables passing a request to the next server.\n\nOne should bear in mind that passing a request to the next server is only possible if nothing has been sent to a client yet. That is, if an error or timeout occurs in the middle of the transferring of a response, fixing this is impossible.\nThe directive also defines what is considered an [unsuccessful attempt](https://nginx.org/en/docs/http/ngx_http_upstream_module.html#max_fails) of communication with a server. The cases of `error`, `timeout` and `invalid_header` are always considered unsuccessful attempts, even if they are not specified in the directive. The cases of `http_500`, `http_502`, `http_503`, `http_504`, and `http_429` are considered unsuccessful attempts only if they are specified in the directive. The cases of `http_403` and `http_404` are never considered unsuccessful attempts.\nPassing a request to the next server can be limited by [the number of tries](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_next_upstream_tries) and by [time](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_next_upstream_timeout).", - "v": "proxy\\_next\\_upstream error timeout;", - "c": "`http`, `server`, `location`", - "s": "**proxy_next_upstream** `error` | `timeout` | `invalid_header` | `http_500` | `http_502` | `http_503` | `http_504` | `http_403` | `http_404` | `http_429` | `non_idempotent` | `off` ...;" - }, - { - "m": "ngx_http_proxy_module", - "n": "proxy_next_upstream_timeout", - "d": "Limits the time during which a request can be passed to the [next server](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_next_upstream). The `0` value turns off this limitation.", - "v": "proxy\\_next\\_upstream\\_timeout 0;", - "c": "`http`, `server`, `location`", - "s": "**proxy_next_upstream_timeout** `_time_`;" - }, - { - "m": "ngx_http_proxy_module", - "n": "proxy_next_upstream_tries", - "d": "Limits the number of possible tries for passing a request to the [next server](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_next_upstream). The `0` value turns off this limitation.", - "v": "proxy\\_next\\_upstream\\_tries 0;", - "c": "`http`, `server`, `location`", - "s": "**proxy_next_upstream_tries** `_number_`;" - }, - { - "m": "ngx_http_proxy_module", - "n": "proxy_no_cache", - "d": "Defines conditions under which the response will not be saved to a cache. If at least one value of the string parameters is not empty and is not equal to “0” then the response will not be saved:\n```\nproxy_no_cache $cookie_nocache $arg_nocache$arg_comment;\nproxy_no_cache $http_pragma $http_authorization;\n\n```\nCan be used along with the [proxy\\_cache\\_bypass](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_cache_bypass) directive.", - "c": "`http`, `server`, `location`", - "s": "**proxy_no_cache** `_string_` ...;" - }, - { - "m": "ngx_http_proxy_module", - "n": "proxy_pass", - "d": "Sets the protocol and address of a proxied server and an optional URI to which a location should be mapped. As a protocol, “`http`” or “`https`” can be specified. The address can be specified as a domain name or IP address, and an optional port:\n```\nproxy_pass http://localhost:8000/uri/;\n\n```\nor as a UNIX-domain socket path specified after the word “`unix`” and enclosed in colons:\n```\nproxy_pass http://unix:/tmp/backend.socket:/uri/;\n\n```\n\nIf a domain name resolves to several addresses, all of them will be used in a round-robin fashion. In addition, an address can be specified as a [server group](https://nginx.org/en/docs/http/ngx_http_upstream_module.html).\nParameter value can contain variables. In this case, if an address is specified as a domain name, the name is searched among the described server groups, and, if not found, is determined using a [resolver](https://nginx.org/en/docs/http/ngx_http_core_module.html#resolver).\nA request URI is passed to the server as follows:\n* If the `proxy_pass` directive is specified with a URI, then when a request is passed to the server, the part of a [normalized](https://nginx.org/en/docs/http/ngx_http_core_module.html#location) request URI matching the location is replaced by a URI specified in the directive:\n \n > location /name/ {\n > proxy\\_pass http://127.0.0.1/remote/;\n > }\n \n* If `proxy_pass` is specified without a URI, the request URI is passed to the server in the same form as sent by a client when the original request is processed, or the full normalized request URI is passed when processing the changed URI:\n \n > location /some/path/ {\n > proxy\\_pass http://127.0.0.1;\n > }\n \n > Before version 1.1.12, if `proxy_pass` is specified without a URI, the original request URI might be passed instead of the changed URI in some cases.\n\nIn some cases, the part of a request URI to be replaced cannot be determined:\n* When location is specified using a regular expression, and also inside named locations.\n \n In these cases, `proxy_pass` should be specified without a URI.\n \n* When the URI is changed inside a proxied location using the [rewrite](https://nginx.org/en/docs/http/ngx_http_rewrite_module.html#rewrite) directive, and this same configuration will be used to process a request (`break`):\n \n > location /name/ {\n > rewrite /name/(\\[^/\\]+) /users?name=$1 break;\n > proxy\\_pass http://127.0.0.1;\n > }\n \n In this case, the URI specified in the directive is ignored and the full changed request URI is passed to the server.\n \n* When variables are used in `proxy_pass`:\n \n > location /name/ {\n > proxy\\_pass http://127.0.0.1$request\\_uri;\n > }\n \n In this case, if URI is specified in the directive, it is passed to the server as is, replacing the original request URI.\n\n[WebSocket](https://nginx.org/en/docs/http/websocket.html) proxying requires special configuration and is supported since version 1.3.13.", - "c": "`location`, `if in location`, `limit_except`", - "s": "**proxy_pass** `_URL_`;" - }, - { - "m": "ngx_http_proxy_module", - "n": "proxy_pass_header", - "d": "Permits passing [otherwise disabled](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_hide_header) header fields from a proxied server to a client.", - "c": "`http`, `server`, `location`", - "s": "**proxy_pass_header** `_field_`;" - }, - { - "m": "ngx_http_proxy_module", - "n": "proxy_pass_request_body", - "d": "Indicates whether the original request body is passed to the proxied server.\n```\nlocation /x-accel-redirect-here/ {\n proxy_method GET;\n proxy_pass_request_body off;\n proxy_set_header Content-Length \"\";\n\n proxy_pass ...\n}\n\n```\nSee also the [proxy\\_set\\_header](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_set_header) and [proxy\\_pass\\_request\\_headers](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_pass_request_headers) directives.", - "v": "proxy\\_pass\\_request\\_body on;", - "c": "`http`, `server`, `location`", - "s": "**proxy_pass_request_body** `on` | `off`;" - }, - { - "m": "ngx_http_proxy_module", - "n": "proxy_pass_request_headers", - "d": "Indicates whether the header fields of the original request are passed to the proxied server.\n```\nlocation /x-accel-redirect-here/ {\n proxy_method GET;\n proxy_pass_request_headers off;\n proxy_pass_request_body off;\n\n proxy_pass ...\n}\n\n```\nSee also the [proxy\\_set\\_header](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_set_header) and [proxy\\_pass\\_request\\_body](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_pass_request_body) directives.", - "v": "proxy\\_pass\\_request\\_headers on;", - "c": "`http`, `server`, `location`", - "s": "**proxy_pass_request_headers** `on` | `off`;" - }, - { - "m": "ngx_http_proxy_module", - "n": "proxy_read_timeout", - "d": "Defines a timeout for reading a response from the proxied server. The timeout is set only between two successive read operations, not for the transmission of the whole response. If the proxied server does not transmit anything within this time, the connection is closed.", - "v": "proxy\\_read\\_timeout 60s;", - "c": "`http`, `server`, `location`", - "s": "**proxy_read_timeout** `_time_`;" - }, - { - "m": "ngx_http_proxy_module", - "n": "proxy_redirect", - "d": "Sets the text that should be changed in the “Location” and “Refresh” header fields of a proxied server response. Suppose a proxied server returned the header field “`Location: http://localhost:8000/two/some/uri/`”. The directive\n```\nproxy_redirect http://localhost:8000/two/ http://frontend/one/;\n\n```\nwill rewrite this string to “`Location: http://frontend/one/some/uri/`”.\nA server name may be omitted in the `_replacement_` string:\n```\nproxy_redirect http://localhost:8000/two/ /;\n\n```\nthen the primary server’s name and port, if different from 80, will be inserted.\nThe default replacement specified by the `default` parameter uses the parameters of the [location](https://nginx.org/en/docs/http/ngx_http_core_module.html#location) and [proxy\\_pass](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_pass) directives. Hence, the two configurations below are equivalent:\n```\nlocation /one/ {\n proxy_pass http://upstream:port/two/;\n proxy_redirect default;\n\n```\n\n```\nlocation /one/ {\n proxy_pass http://upstream:port/two/;\n proxy_redirect http://upstream:port/two/ /one/;\n\n```\nThe `default` parameter is not permitted if [proxy\\_pass](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_pass) is specified using variables.\nA `_replacement_` string can contain variables:\n```\nproxy_redirect http://localhost:8000/ http://$host:$server_port/;\n\n```\n\nA `_redirect_` can also contain (1.1.11) variables:\n```\nproxy_redirect http://$proxy_host:8000/ /;\n\n```\n\nThe directive can be specified (1.1.11) using regular expressions. In this case, `_redirect_` should either start with the “`~`” symbol for a case-sensitive matching, or with the “`~*`” symbols for case-insensitive matching. The regular expression can contain named and positional captures, and `_replacement_` can reference them:\n```\nproxy_redirect ~^(http://[^:]+):\\d+(/.+)$ $1$2;\nproxy_redirect ~*/user/([^/]+)/(.+)$ http://$1.example.com/$2;\n\n```\n\nSeveral `proxy_redirect` directives can be specified on the same level:\n```\nproxy_redirect default;\nproxy_redirect http://localhost:8000/ /;\nproxy_redirect http://www.example.com/ /;\n\n```\nIf several directives can be applied to the header fields of a proxied server response, the first matching directive will be chosen.\nThe `off` parameter cancels the effect of the `proxy_redirect` directives inherited from the previous configuration level.\nUsing this directive, it is also possible to add host names to relative redirects issued by a proxied server:\n```\nproxy_redirect / /;\n\n```\n", - "v": "proxy\\_redirect default;", - "c": "`http`, `server`, `location`", - "s": "**proxy_redirect** `default`;`` \n``**proxy_redirect** `off`;`` \n``**proxy_redirect** `_redirect_` `_replacement_`;" - }, - { - "m": "ngx_http_proxy_module", - "n": "proxy_request_buffering", - "d": "Enables or disables buffering of a client request body.\nWhen buffering is enabled, the entire request body is [read](https://nginx.org/en/docs/http/ngx_http_core_module.html#client_body_buffer_size) from the client before sending the request to a proxied server.\nWhen buffering is disabled, the request body is sent to the proxied server immediately as it is received. In this case, the request cannot be passed to the [next server](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_next_upstream) if nginx already started sending the request body.\nWhen HTTP/1.1 chunked transfer encoding is used to send the original request body, the request body will be buffered regardless of the directive value unless HTTP/1.1 is [enabled](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_http_version) for proxying.", - "v": "proxy\\_request\\_buffering on;", - "c": "`http`, `server`, `location`", - "s": "**proxy_request_buffering** `on` | `off`;" - }, - { - "m": "ngx_http_proxy_module", - "n": "proxy_send_lowat", - "d": "If the directive is set to a non-zero value, nginx will try to minimize the number of send operations on outgoing connections to a proxied server by using either `NOTE_LOWAT` flag of the [kqueue](https://nginx.org/en/docs/events.html#kqueue) method, or the `SO_SNDLOWAT` socket option, with the specified `_size_`.\nThis directive is ignored on Linux, Solaris, and Windows.", - "v": "proxy\\_send\\_lowat 0;", - "c": "`http`, `server`, `location`", - "s": "**proxy_send_lowat** `_size_`;" - }, - { - "m": "ngx_http_proxy_module", - "n": "proxy_send_timeout", - "d": "Sets a timeout for transmitting a request to the proxied server. The timeout is set only between two successive write operations, not for the transmission of the whole request. If the proxied server does not receive anything within this time, the connection is closed.", - "v": "proxy\\_send\\_timeout 60s;", - "c": "`http`, `server`, `location`", - "s": "**proxy_send_timeout** `_time_`;" - }, - { - "m": "ngx_http_proxy_module", - "n": "proxy_set_body", - "d": "Allows redefining the request body passed to the proxied server. The `_value_` can contain text, variables, and their combination.", - "c": "`http`, `server`, `location`", - "s": "**proxy_set_body** `_value_`;" - }, - { - "m": "ngx_http_proxy_module", - "n": "proxy_set_header", - "d": "Allows redefining or appending fields to the request header [passed](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_pass_request_headers) to the proxied server. The `_value_` can contain text, variables, and their combinations. These directives are inherited from the previous configuration level if and only if there are no `proxy_set_header` directives defined on the current level. By default, only two fields are redefined:\n```\nproxy_set_header Host $proxy_host;\nproxy_set_header Connection close;\n\n```\nIf caching is enabled, the header fields “If-Modified-Since”, “If-Unmodified-Since”, “If-None-Match”, “If-Match”, “Range”, and “If-Range” from the original request are not passed to the proxied server.\nAn unchanged “Host” request header field can be passed like this:\n```\nproxy_set_header Host $http_host;\n\n```\n\nHowever, if this field is not present in a client request header then nothing will be passed. In such a case it is better to use the `$host` variable - its value equals the server name in the “Host” request header field or the primary server name if this field is not present:\n```\nproxy_set_header Host $host;\n\n```\n\nIn addition, the server name can be passed together with the port of the proxied server:\n```\nproxy_set_header Host $host:$proxy_port;\n\n```\n\nIf the value of a header field is an empty string then this field will not be passed to a proxied server:\n```\nproxy_set_header Accept-Encoding \"\";\n\n```\n", - "v": "proxy\\_set\\_header Host $proxy\\_host;\n\nproxy\\_set\\_header Connection close;", - "c": "`http`, `server`, `location`", - "s": "**proxy_set_header** `_field_` `_value_`;" - }, - { - "m": "ngx_http_proxy_module", - "n": "proxy_socket_keepalive", - "d": "Configures the “TCP keepalive” behavior for outgoing connections to a proxied server. By default, the operating system’s settings are in effect for the socket. If the directive is set to the value “`on`”, the `SO_KEEPALIVE` socket option is turned on for the socket.", - "v": "proxy\\_socket\\_keepalive off;", - "c": "`http`, `server`, `location`", - "s": "**proxy_socket_keepalive** `on` | `off`;" - }, - { - "m": "ngx_http_proxy_module", - "n": "proxy_ssl_certificate", - "d": "Specifies a `_file_` with the certificate in the PEM format used for authentication to a proxied HTTPS server.\nSince version 1.21.0, variables can be used in the `_file_` name.", - "c": "`http`, `server`, `location`", - "s": "**proxy_ssl_certificate** `_file_`;" - }, - { - "m": "ngx_http_proxy_module", - "n": "proxy_ssl_certificate_key", - "d": "Specifies a `_file_` with the secret key in the PEM format used for authentication to a proxied HTTPS server.\nThe value `engine`:`_name_`:`_id_` can be specified instead of the `_file_` (1.7.9), which loads a secret key with a specified `_id_` from the OpenSSL engine `_name_`.\nSince version 1.21.0, variables can be used in the `_file_` name.", - "c": "`http`, `server`, `location`", - "s": "**proxy_ssl_certificate_key** `_file_`;" - }, - { - "m": "ngx_http_proxy_module", - "n": "proxy_ssl_ciphers", - "d": "Specifies the enabled ciphers for requests to a proxied HTTPS server. The ciphers are specified in the format understood by the OpenSSL library.\nThe full list can be viewed using the “`openssl ciphers`” command.", - "v": "proxy\\_ssl\\_ciphers DEFAULT;", - "c": "`http`, `server`, `location`", - "s": "**proxy_ssl_ciphers** `_ciphers_`;" - }, - { - "m": "ngx_http_proxy_module", - "n": "proxy_ssl_conf_command", - "d": "Sets arbitrary OpenSSL configuration [commands](https://www.openssl.org/docs/man1.1.1/man3/SSL_CONF_cmd.html) when establishing a connection with the proxied HTTPS server.\nThe directive is supported when using OpenSSL 1.0.2 or higher.\n\nSeveral `proxy_ssl_conf_command` directives can be specified on the same level. These directives are inherited from the previous configuration level if and only if there are no `proxy_ssl_conf_command` directives defined on the current level.\n\nNote that configuring OpenSSL directly might result in unexpected behavior.\n", - "c": "`http`, `server`, `location`", - "s": "**proxy_ssl_conf_command** `_name_` `_value_`;" - }, - { - "m": "ngx_http_proxy_module", - "n": "proxy_ssl_crl", - "d": "Specifies a `_file_` with revoked certificates (CRL) in the PEM format used to [verify](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_ssl_verify) the certificate of the proxied HTTPS server.", - "c": "`http`, `server`, `location`", - "s": "**proxy_ssl_crl** `_file_`;" - }, - { - "m": "ngx_http_proxy_module", - "n": "proxy_ssl_name", - "d": "Allows overriding the server name used to [verify](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_ssl_verify) the certificate of the proxied HTTPS server and to be [passed through SNI](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_ssl_server_name) when establishing a connection with the proxied HTTPS server.\nBy default, the host part of the [proxy\\_pass](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_pass) URL is used.", - "v": "proxy\\_ssl\\_name $proxy\\_host;", - "c": "`http`, `server`, `location`", - "s": "**proxy_ssl_name** `_name_`;" - }, - { - "m": "ngx_http_proxy_module", - "n": "proxy_ssl_password_file", - "d": "Specifies a `_file_` with passphrases for [secret keys](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_ssl_certificate_key) where each passphrase is specified on a separate line. Passphrases are tried in turn when loading the key.", - "c": "`http`, `server`, `location`", - "s": "**proxy_ssl_password_file** `_file_`;" - }, - { - "m": "ngx_http_proxy_module", - "n": "proxy_ssl_protocols", - "d": "Enables the specified protocols for requests to a proxied HTTPS server.", - "v": "proxy\\_ssl\\_protocols TLSv1 TLSv1.1 TLSv1.2;", - "c": "`http`, `server`, `location`", - "s": "**proxy_ssl_protocols** [`SSLv2`] [`SSLv3`] [`TLSv1`] [`TLSv1.1`] [`TLSv1.2`] [`TLSv1.3`];" - }, - { - "m": "ngx_http_proxy_module", - "n": "proxy_ssl_server_name", - "d": "Enables or disables passing of the server name through [TLS Server Name Indication extension](http://en.wikipedia.org/wiki/Server_Name_Indication) (SNI, RFC 6066) when establishing a connection with the proxied HTTPS server.", - "v": "proxy\\_ssl\\_server\\_name off;", - "c": "`http`, `server`, `location`", - "s": "**proxy_ssl_server_name** `on` | `off`;" - }, - { - "m": "ngx_http_proxy_module", - "n": "proxy_ssl_session_reuse", - "d": "Determines whether SSL sessions can be reused when working with the proxied server. If the errors “`SSL3_GET_FINISHED:digest check failed`” appear in the logs, try disabling session reuse.", - "v": "proxy\\_ssl\\_session\\_reuse on;", - "c": "`http`, `server`, `location`", - "s": "**proxy_ssl_session_reuse** `on` | `off`;" - }, - { - "m": "ngx_http_proxy_module", - "n": "proxy_ssl_trusted_certificate", - "d": "Specifies a `_file_` with trusted CA certificates in the PEM format used to [verify](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_ssl_verify) the certificate of the proxied HTTPS server.", - "c": "`http`, `server`, `location`", - "s": "**proxy_ssl_trusted_certificate** `_file_`;" - }, - { - "m": "ngx_http_proxy_module", - "n": "proxy_ssl_verify", - "d": "Enables or disables verification of the proxied HTTPS server certificate.", - "v": "proxy\\_ssl\\_verify off;", - "c": "`http`, `server`, `location`", - "s": "**proxy_ssl_verify** `on` | `off`;" - }, - { - "m": "ngx_http_proxy_module", - "n": "proxy_ssl_verify_depth", - "d": "Sets the verification depth in the proxied HTTPS server certificates chain.", - "v": "proxy\\_ssl\\_verify\\_depth 1;", - "c": "`http`, `server`, `location`", - "s": "**proxy_ssl_verify_depth** `_number_`;" - }, - { - "m": "ngx_http_proxy_module", - "n": "proxy_store", - "d": "Enables saving of files to a disk. The `on` parameter saves files with paths corresponding to the directives [alias](https://nginx.org/en/docs/http/ngx_http_core_module.html#alias) or [root](https://nginx.org/en/docs/http/ngx_http_core_module.html#root). The `off` parameter disables saving of files. In addition, the file name can be set explicitly using the `_string_` with variables:\n```\nproxy_store /data/www$original_uri;\n\n```\n\nThe modification time of files is set according to the received “Last-Modified” response header field. The response is first written to a temporary file, and then the file is renamed. Starting from version 0.8.9, temporary files and the persistent store can be put on different file systems. However, be aware that in this case a file is copied across two file systems instead of the cheap renaming operation. It is thus recommended that for any given location both saved files and a directory holding temporary files, set by the [proxy\\_temp\\_path](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_temp_path) directive, are put on the same file system.\nThis directive can be used to create local copies of static unchangeable files, e.g.:\n```\nlocation /images/ {\n root /data/www;\n error_page 404 = /fetch$uri;\n}\n\nlocation /fetch/ {\n internal;\n\n proxy_pass http://backend/;\n proxy_store on;\n proxy_store_access user:rw group:rw all:r;\n proxy_temp_path /data/temp;\n\n alias /data/www/;\n}\n\n```\n\nor like this:\n```\nlocation /images/ {\n root /data/www;\n error_page 404 = @fetch;\n}\n\nlocation @fetch {\n internal;\n\n proxy_pass http://backend;\n proxy_store on;\n proxy_store_access user:rw group:rw all:r;\n proxy_temp_path /data/temp;\n\n root /data/www;\n}\n\n```\n", - "v": "proxy\\_store off;", - "c": "`http`, `server`, `location`", - "s": "**proxy_store** `on` | `off` | `_string_`;" - }, - { - "m": "ngx_http_proxy_module", - "n": "proxy_store_access", - "d": "Sets access permissions for newly created files and directories, e.g.:\n```\nproxy_store_access user:rw group:rw all:r;\n\n```\n\nIf any `group` or `all` access permissions are specified then `user` permissions may be omitted:\n```\nproxy_store_access group:rw all:r;\n\n```\n", - "v": "proxy\\_store\\_access user:rw;", - "c": "`http`, `server`, `location`", - "s": "**proxy_store_access** `_users_`:`_permissions_` ...;" - }, - { - "m": "ngx_http_proxy_module", - "n": "proxy_temp_file_write_size", - "d": "Limits the `_size_` of data written to a temporary file at a time, when buffering of responses from the proxied server to temporary files is enabled. By default, `_size_` is limited by two buffers set by the [proxy\\_buffer\\_size](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_buffer_size) and [proxy\\_buffers](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_buffers) directives. The maximum size of a temporary file is set by the [proxy\\_max\\_temp\\_file\\_size](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_max_temp_file_size) directive.", - "v": "proxy\\_temp\\_file\\_write\\_size 8k|16k;", - "c": "`http`, `server`, `location`", - "s": "**proxy_temp_file_write_size** `_size_`;" - }, - { - "m": "ngx_http_proxy_module", - "n": "proxy_temp_path", - "d": "Defines a directory for storing temporary files with data received from proxied servers. Up to three-level subdirectory hierarchy can be used underneath the specified directory. For example, in the following configuration\n```\nproxy_temp_path /spool/nginx/proxy_temp 1 2;\n\n```\na temporary file might look like this:\n```\n/spool/nginx/proxy_temp/7/45/00000123457\n\n```\n\nSee also the `use_temp_path` parameter of the [proxy\\_cache\\_path](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_cache_path) directive.", - "v": "proxy\\_temp\\_path proxy\\_temp;", - "c": "`http`, `server`, `location`", - "s": "**proxy_temp_path** `_path_` [`_level1_` [`_level2_` [`_level3_`]]];" - }, - { - "m": "ngx_http_proxy_module", - "n": "variables", - "d": "#### Embedded Variables\nThe `ngx_http_proxy_module` module supports embedded variables that can be used to compose headers using the [proxy\\_set\\_header](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_set_header) directive:\n`$proxy_host`\n\nname and port of a proxied server as specified in the [proxy\\_pass](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_pass) directive;\n\n`$proxy_port`\n\nport of a proxied server as specified in the [proxy\\_pass](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_pass) directive, or the protocol’s default port;\n\n`$proxy_add_x_forwarded_for`\n\nthe “X-Forwarded-For” client request header field with the `$remote_addr` variable appended to it, separated by a comma. If the “X-Forwarded-For” field is not present in the client request header, the `$proxy_add_x_forwarded_for` variable is equal to the `$remote_addr` variable.\n", - "v": "proxy\\_temp\\_path proxy\\_temp;", - "c": "`http`, `server`, `location`", - "s": "**proxy_temp_path** `_path_` [`_level1_` [`_level2_` [`_level3_`]]];" - }, - { - "m": "ngx_http_proxy_module", - "n": "$proxy_host", - "d": "the “X-Forwarded-For” client request header field with the `$remote_addr` variable appended to it, separated by a comma. If the “X-Forwarded-For” field is not present in the client request header, the `$proxy_add_x_forwarded_for` variable is equal to the `$remote_addr` variable." - }, - { - "m": "ngx_http_proxy_module", - "n": "$proxy_port", - "d": "the “X-Forwarded-For” client request header field with the `$remote_addr` variable appended to it, separated by a comma. If the “X-Forwarded-For” field is not present in the client request header, the `$proxy_add_x_forwarded_for` variable is equal to the `$remote_addr` variable." - }, - { - "m": "ngx_http_proxy_module", - "n": "\n$proxy_add_x_forwarded_for", - "d": "the “X-Forwarded-For” client request header field with the `$remote_addr` variable appended to it, separated by a comma. If the “X-Forwarded-For” field is not present in the client request header, the `$proxy_add_x_forwarded_for` variable is equal to the `$remote_addr` variable." - }, - { - "m": "ngx_http_random_index_module", - "n": "random_index", - "d": "Enables or disables module processing in a surrounding location.", - "v": "random\\_index off;", - "c": "`location`", - "s": "**random_index** `on` | `off`;" - }, - { - "m": "ngx_http_realip_module", - "n": "set_real_ip_from", - "d": "Defines trusted addresses that are known to send correct replacement addresses. If the special value `unix:` is specified, all UNIX-domain sockets will be trusted. Trusted addresses may also be specified using a hostname (1.13.1).\nIPv6 addresses are supported starting from versions 1.3.0 and 1.2.1.\n", - "c": "`http`, `server`, `location`", - "s": "**set_real_ip_from** `_address_` | `_CIDR_` | `unix:`;" - }, - { - "m": "ngx_http_realip_module", - "n": "real_ip_header", - "d": "Defines the request header field whose value will be used to replace the client address.\nThe request header field value that contains an optional port is also used to replace the client port (1.11.0). The address and port should be specified according to [RFC 3986](https://datatracker.ietf.org/doc/html/rfc3986).\nThe `proxy_protocol` parameter (1.5.12) changes the client address to the one from the PROXY protocol header. The PROXY protocol must be previously enabled by setting the `proxy_protocol` parameter in the [listen](https://nginx.org/en/docs/http/ngx_http_core_module.html#listen) directive.", - "v": "real\\_ip\\_header X-Real-IP;", - "c": "`http`, `server`, `location`", - "s": "**real_ip_header** `_field_` | `X-Real-IP` | `X-Forwarded-For` | `proxy_protocol`;" - }, - { - "m": "ngx_http_realip_module", - "n": "real_ip_recursive", - "d": "If recursive search is disabled, the original client address that matches one of the trusted addresses is replaced by the last address sent in the request header field defined by the [real\\_ip\\_header](https://nginx.org/en/docs/http/ngx_http_realip_module.html#real_ip_header) directive. If recursive search is enabled, the original client address that matches one of the trusted addresses is replaced by the last non-trusted address sent in the request header field.", - "v": "real\\_ip\\_recursive off;", - "c": "`http`, `server`, `location`", - "s": "**real_ip_recursive** `on` | `off`;" - }, - { - "m": "ngx_http_realip_module", - "n": "variables", - "d": "#### Embedded Variables\n\n`$realip_remote_addr`\n\nkeeps the original client address (1.9.7)\n\n`$realip_remote_port`\n\nkeeps the original client port (1.11.0)\n", - "v": "real\\_ip\\_recursive off;", - "c": "`http`, `server`, `location`", - "s": "**real_ip_recursive** `on` | `off`;" - }, - { - "m": "ngx_http_realip_module", - "n": "$realip_remote_addr", - "d": "keeps the original client port (1.11.0)" - }, - { - "m": "ngx_http_realip_module", - "n": "$realip_remote_port", - "d": "keeps the original client port (1.11.0)" - }, - { - "m": "ngx_http_referer_module", - "n": "referer_hash_bucket_size", - "d": "Sets the bucket size for the valid referers hash tables. The details of setting up hash tables are provided in a separate [document](https://nginx.org/en/docs/hash.html).", - "v": "referer\\_hash\\_bucket\\_size 64;", - "c": "`server`, `location`", - "s": "**referer_hash_bucket_size** `_size_`;" - }, - { - "m": "ngx_http_referer_module", - "n": "referer_hash_max_size", - "d": "Sets the maximum `_size_` of the valid referers hash tables. The details of setting up hash tables are provided in a separate [document](https://nginx.org/en/docs/hash.html).", - "v": "referer\\_hash\\_max\\_size 2048;", - "c": "`server`, `location`", - "s": "**referer_hash_max_size** `_size_`;" - }, - { - "m": "ngx_http_referer_module", - "n": "valid_referers", - "d": "Specifies the “Referer” request header field values that will cause the embedded `$invalid_referer` variable to be set to an empty string. Otherwise, the variable will be set to “`1`”. Search for a match is case-insensitive.\nParameters can be as follows:\n`none`\n\nthe “Referer” field is missing in the request header;\n\n`blocked`\n\nthe “Referer” field is present in the request header, but its value has been deleted by a firewall or proxy server; such values are strings that do not start with “`http://`” or “`https://`”;\n\n`server_names`\n\nthe “Referer” request header field contains one of the server names;\n\narbitrary string\n\ndefines a server name and an optional URI prefix. A server name can have an “`*`” at the beginning or end. During the checking, the server’s port in the “Referer” field is ignored;\n\nregular expression\n\nthe first symbol should be a “`~`”. It should be noted that an expression will be matched against the text starting after the “`http://`” or “`https://`”.\n\nExample:\n```\nvalid_referers none blocked server_names\n *.example.com example.* www.example.org/galleries/\n ~\\.google\\.;\n\n```\n", - "c": "`server`, `location`", - "s": "**valid_referers** `none` | `blocked` | `server_names` | `_string_` ...;" - }, - { - "m": "ngx_http_referer_module", - "n": "variables", - "d": "#### Embedded Variables\n\n`$invalid_referer`\n\nEmpty string, if the “Referer” request header field value is considered [valid](https://nginx.org/en/docs/http/ngx_http_referer_module.html#valid_referers), otherwise “`1`”.\n", - "c": "`server`, `location`", - "s": "**valid_referers** `none` | `blocked` | `server_names` | `_string_` ...;" - }, - { - "m": "ngx_http_referer_module", - "n": "$invalid_referer", - "d": "Empty string, if the “Referer” request header field value is considered [valid](https://nginx.org/en/docs/http/ngx_http_referer_module.html#valid_referers), otherwise “`1`”." - }, - { - "m": "ngx_http_rewrite_module", - "n": "break", - "d": "Stops processing the current set of `ngx_http_rewrite_module` directives.\nIf a directive is specified inside the [location](https://nginx.org/en/docs/http/ngx_http_core_module.html#location), further processing of the request continues in this location.\nExample:\n```\nif ($slow) {\n limit_rate 10k;\n break;\n}\n\n```\n", - "c": "`server`, `location`, `if`", - "s": "**break**;" - }, - { - "m": "ngx_http_rewrite_module", - "n": "if", - "d": "The specified `_condition_` is evaluated. If true, this module directives specified inside the braces are executed, and the request is assigned the configuration inside the `if` directive. Configurations inside the `if` directives are inherited from the previous configuration level.\nA condition may be any of the following:\n* a variable name; false if the value of a variable is an empty string or “`0`”;\n \n > Before version 1.0.1, any string starting with “`0`” was considered a false value.\n \n* comparison of a variable with a string using the “`=`” and “`!=`” operators;\n* matching of a variable against a regular expression using the “`~`” (for case-sensitive matching) and “`~*`” (for case-insensitive matching) operators. Regular expressions can contain captures that are made available for later reuse in the `$1`..`$9` variables. Negative operators “`!~`” and “`!~*`” are also available. If a regular expression includes the “`}`” or “`;`” characters, the whole expressions should be enclosed in single or double quotes.\n* checking of a file existence with the “`-f`” and “`!-f`” operators;\n* checking of a directory existence with the “`-d`” and “`!-d`” operators;\n* checking of a file, directory, or symbolic link existence with the “`-e`” and “`!-e`” operators;\n* checking for an executable file with the “`-x`” and “`!-x`” operators.\n\nExamples:\n```\nif ($http_user_agent ~ MSIE) {\n rewrite ^(.*)$ /msie/$1 break;\n}\n\nif ($http_cookie ~* \"id=([^;]+)(?:;|$)\") {\n set $id $1;\n}\n\nif ($request_method = POST) {\n return 405;\n}\n\nif ($slow) {\n limit_rate 10k;\n}\n\nif ($invalid_referer) {\n return 403;\n}\n\n```\n\nA value of the `$invalid_referer` embedded variable is set by the [valid\\_referers](https://nginx.org/en/docs/http/ngx_http_referer_module.html#valid_referers) directive.\n", - "c": "`server`, `location`", - "s": "**if** (`_condition_`) { ... }" - }, - { - "m": "ngx_http_rewrite_module", - "n": "return", - "d": "Stops processing and returns the specified `_code_` to a client. The non-standard code 444 closes a connection without sending a response header.\nStarting from version 0.8.42, it is possible to specify either a redirect URL (for codes 301, 302, 303, 307, and 308) or the response body `_text_` (for other codes). A response body text and redirect URL can contain variables. As a special case, a redirect URL can be specified as a URI local to this server, in which case the full redirect URL is formed according to the request scheme (`$scheme`) and the [server\\_name\\_in\\_redirect](https://nginx.org/en/docs/http/ngx_http_core_module.html#server_name_in_redirect) and [port\\_in\\_redirect](https://nginx.org/en/docs/http/ngx_http_core_module.html#port_in_redirect) directives.\nIn addition, a `_URL_` for temporary redirect with the code 302 can be specified as the sole parameter. Such a parameter should start with the “`http://`”, “`https://`”, or “`$scheme`” string. A `_URL_` can contain variables.\n\nOnly the following codes could be returned before version 0.7.51: 204, 400, 402 — 406, 408, 410, 411, 413, 416, and 500 — 504.\n\nThe code 307 was not treated as a redirect until versions 1.1.16 and 1.0.13.\n\nThe code 308 was not treated as a redirect until version 1.13.0.\n\nSee also the [error\\_page](https://nginx.org/en/docs/http/ngx_http_core_module.html#error_page) directive.", - "c": "`server`, `location`, `if`", - "s": "**return** `_code_` [`_text_`];`` \n``**return** `_code_` `_URL_`;`` \n``**return** `_URL_`;" - }, - { - "m": "ngx_http_rewrite_module", - "n": "rewrite", - "d": "If the specified regular expression matches a request URI, URI is changed as specified in the `_replacement_` string. The `rewrite` directives are executed sequentially in order of their appearance in the configuration file. It is possible to terminate further processing of the directives using flags. If a replacement string starts with “`http://`”, “`https://`”, or “`$scheme`”, the processing stops and the redirect is returned to a client.\nAn optional `_flag_` parameter can be one of:\n`last`\n\nstops processing the current set of `ngx_http_rewrite_module` directives and starts a search for a new location matching the changed URI;\n\n`break`\n\nstops processing the current set of `ngx_http_rewrite_module` directives as with the [break](https://nginx.org/en/docs/http/ngx_http_rewrite_module.html#break) directive;\n\n`redirect`\n\nreturns a temporary redirect with the 302 code; used if a replacement string does not start with “`http://`”, “`https://`”, or “`$scheme`”;\n\n`permanent`\n\nreturns a permanent redirect with the 301 code.\nThe full redirect URL is formed according to the request scheme (`$scheme`) and the [server\\_name\\_in\\_redirect](https://nginx.org/en/docs/http/ngx_http_core_module.html#server_name_in_redirect) and [port\\_in\\_redirect](https://nginx.org/en/docs/http/ngx_http_core_module.html#port_in_redirect) directives.\nExample:\n```\nserver {\n ...\n rewrite ^(/download/.*)/media/(.*)\\..*$ $1/mp3/$2.mp3 last;\n rewrite ^(/download/.*)/audio/(.*)\\..*$ $1/mp3/$2.ra last;\n return 403;\n ...\n}\n\n```\n\nBut if these directives are put inside the “`/download/`” location, the `last` flag should be replaced by `break`, or otherwise nginx will make 10 cycles and return the 500 error:\n```\nlocation /download/ {\n rewrite ^(/download/.*)/media/(.*)\\..*$ $1/mp3/$2.mp3 break;\n rewrite ^(/download/.*)/audio/(.*)\\..*$ $1/mp3/$2.ra break;\n return 403;\n}\n\n```\n\nIf a `_replacement_` string includes the new request arguments, the previous request arguments are appended after them. If this is undesired, putting a question mark at the end of a replacement string avoids having them appended, for example:\n```\nrewrite ^/users/(.*)$ /show?user=$1? last;\n\n```\n\nIf a regular expression includes the “`}`” or “`;`” characters, the whole expressions should be enclosed in single or double quotes.", - "c": "`server`, `location`, `if`", - "s": "**rewrite** `_regex_` `_replacement_` [`_flag_`];" - }, - { - "m": "ngx_http_rewrite_module", - "n": "rewrite_log", - "d": "Enables or disables logging of `ngx_http_rewrite_module` module directives processing results into the [error\\_log](https://nginx.org/en/docs/ngx_core_module.html#error_log) at the `notice` level.", - "v": "rewrite\\_log off;", - "c": "`http`, `server`, `location`, `if`", - "s": "**rewrite_log** `on` | `off`;" - }, - { - "m": "ngx_http_rewrite_module", - "n": "set", - "d": "Sets a `_value_` for the specified `_variable_`. The `_value_` can contain text, variables, and their combination.", - "c": "`server`, `location`, `if`", - "s": "**set** `_$variable_` `_value_`;" - }, - { - "m": "ngx_http_rewrite_module", - "n": "uninitialized_variable_warn", - "d": "Controls whether warnings about uninitialized variables are logged.", - "v": "uninitialized\\_variable\\_warn on;", - "c": "`http`, `server`, `location`, `if`", - "s": "**uninitialized_variable_warn** `on` | `off`;" - }, - { - "m": "ngx_http_rewrite_module", - "n": "internals", - "d": "#### Internal Implementation\nThe `ngx_http_rewrite_module` module directives are compiled at the configuration stage into internal instructions that are interpreted during request processing. An interpreter is a simple virtual stack machine.\nFor example, the directives\n```\nlocation /download/ {\n if ($forbidden) {\n return 403;\n }\n\n if ($slow) {\n limit_rate 10k;\n }\n\n rewrite ^/(download/.*)/media/(.*)\\..*$ /$1/mp3/$2.mp3 break;\n}\n\n```\nwill be translated into these instructions:\n```\nvariable $forbidden\ncheck against zero\n return 403\n end of code\nvariable $slow\ncheck against zero\nmatch of regular expression\ncopy \"/\"\ncopy $1\ncopy \"/mp3/\"\ncopy $2\ncopy \".mp3\"\nend of regular expression\nend of code\n\n```\n\nNote that there are no instructions for the [limit\\_rate](https://nginx.org/en/docs/http/ngx_http_core_module.html#limit_rate) directive above as it is unrelated to the `ngx_http_rewrite_module` module. A separate configuration is created for the [if](https://nginx.org/en/docs/http/ngx_http_rewrite_module.html#if) block. If the condition holds true, a request is assigned this configuration where `limit_rate` equals to 10k.\nThe directive\n```\nrewrite ^/(download/.*)/media/(.*)\\..*$ /$1/mp3/$2.mp3 break;\n\n```\ncan be made smaller by one instruction if the first slash in the regular expression is put inside the parentheses:\n```\nrewrite ^(/download/.*)/media/(.*)\\..*$ $1/mp3/$2.mp3 break;\n\n```\nThe corresponding instructions will then look like this:\n```\nmatch of regular expression\ncopy $1\ncopy \"/mp3/\"\ncopy $2\ncopy \".mp3\"\nend of regular expression\nend of code\n\n```\n", - "v": "uninitialized\\_variable\\_warn on;", - "c": "`http`, `server`, `location`, `if`", - "s": "**uninitialized_variable_warn** `on` | `off`;" - }, - { - "m": "ngx_http_scgi_module", - "n": "scgi_bind", - "d": "Makes outgoing connections to an SCGI server originate from the specified local IP address with an optional port (1.11.2). Parameter value can contain variables (1.3.12). The special value `off` (1.3.12) cancels the effect of the `scgi_bind` directive inherited from the previous configuration level, which allows the system to auto-assign the local IP address and port.", - "c": "`http`, `server`, `location`", - "s": "**scgi_bind** `_address_` [`transparent`] | `off`;" - }, - { - "m": "ngx_http_scgi_module", - "n": "scgi_bind_transparent", - "d": "The `transparent` parameter (1.11.0) allows outgoing connections to an SCGI server originate from a non-local IP address, for example, from a real IP address of a client:\n```\nscgi_bind $remote_addr transparent;\n\n```\nIn order for this parameter to work, it is usually necessary to run nginx worker processes with the [superuser](https://nginx.org/en/docs/ngx_core_module.html#user) privileges. On Linux it is not required (1.13.8) as if the `transparent` parameter is specified, worker processes inherit the `CAP_NET_RAW` capability from the master process. It is also necessary to configure kernel routing table to intercept network traffic from the SCGI server.", - "c": "`http`, `server`, `location`", - "s": "**scgi_bind** `_address_` [`transparent`] | `off`;" - }, - { - "m": "ngx_http_scgi_module", - "n": "scgi_buffer_size", - "d": "Sets the `_size_` of the buffer used for reading the first part of the response received from the SCGI server. This part usually contains a small response header. By default, the buffer size is equal to one memory page. This is either 4K or 8K, depending on a platform. It can be made smaller, however.", - "v": "scgi\\_buffer\\_size 4k|8k;", - "c": "`http`, `server`, `location`", - "s": "**scgi_buffer_size** `_size_`;" - }, - { - "m": "ngx_http_scgi_module", - "n": "scgi_buffering", - "d": "Enables or disables buffering of responses from the SCGI server.\nWhen buffering is enabled, nginx receives a response from the SCGI server as soon as possible, saving it into the buffers set by the [scgi\\_buffer\\_size](https://nginx.org/en/docs/http/ngx_http_scgi_module.html#scgi_buffer_size) and [scgi\\_buffers](https://nginx.org/en/docs/http/ngx_http_scgi_module.html#scgi_buffers) directives. If the whole response does not fit into memory, a part of it can be saved to a [temporary file](https://nginx.org/en/docs/http/ngx_http_scgi_module.html#scgi_temp_path) on the disk. Writing to temporary files is controlled by the [scgi\\_max\\_temp\\_file\\_size](https://nginx.org/en/docs/http/ngx_http_scgi_module.html#scgi_max_temp_file_size) and [scgi\\_temp\\_file\\_write\\_size](https://nginx.org/en/docs/http/ngx_http_scgi_module.html#scgi_temp_file_write_size) directives.\nWhen buffering is disabled, the response is passed to a client synchronously, immediately as it is received. nginx will not try to read the whole response from the SCGI server. The maximum size of the data that nginx can receive from the server at a time is set by the [scgi\\_buffer\\_size](https://nginx.org/en/docs/http/ngx_http_scgi_module.html#scgi_buffer_size) directive.\nBuffering can also be enabled or disabled by passing “`yes`” or “`no`” in the “X-Accel-Buffering” response header field. This capability can be disabled using the [scgi\\_ignore\\_headers](https://nginx.org/en/docs/http/ngx_http_scgi_module.html#scgi_ignore_headers) directive.", - "v": "scgi\\_buffering on;", - "c": "`http`, `server`, `location`", - "s": "**scgi_buffering** `on` | `off`;" - }, - { - "m": "ngx_http_scgi_module", - "n": "scgi_buffers", - "d": "Sets the `_number_` and `_size_` of the buffers used for reading a response from the SCGI server, for a single connection. By default, the buffer size is equal to one memory page. This is either 4K or 8K, depending on a platform.", - "v": "scgi\\_buffers 8 4k|8k;", - "c": "`http`, `server`, `location`", - "s": "**scgi_buffers** `_number_` `_size_`;" - }, - { - "m": "ngx_http_scgi_module", - "n": "scgi_busy_buffers_size", - "d": "When [buffering](https://nginx.org/en/docs/http/ngx_http_scgi_module.html#scgi_buffering) of responses from the SCGI server is enabled, limits the total `_size_` of buffers that can be busy sending a response to the client while the response is not yet fully read. In the meantime, the rest of the buffers can be used for reading the response and, if needed, buffering part of the response to a temporary file. By default, `_size_` is limited by the size of two buffers set by the [scgi\\_buffer\\_size](https://nginx.org/en/docs/http/ngx_http_scgi_module.html#scgi_buffer_size) and [scgi\\_buffers](https://nginx.org/en/docs/http/ngx_http_scgi_module.html#scgi_buffers) directives.", - "v": "scgi\\_busy\\_buffers\\_size 8k|16k;", - "c": "`http`, `server`, `location`", - "s": "**scgi_busy_buffers_size** `_size_`;" - }, - { - "m": "ngx_http_scgi_module", - "n": "scgi_cache", - "d": "Defines a shared memory zone used for caching. The same zone can be used in several places. Parameter value can contain variables (1.7.9). The `off` parameter disables caching inherited from the previous configuration level.", - "v": "scgi\\_cache off;", - "c": "`http`, `server`, `location`", - "s": "**scgi_cache** `_zone_` | `off`;" - }, - { - "m": "ngx_http_scgi_module", - "n": "scgi_cache_background_update", - "d": "Allows starting a background subrequest to update an expired cache item, while a stale cached response is returned to the client. Note that it is necessary to [allow](https://nginx.org/en/docs/http/ngx_http_scgi_module.html#scgi_cache_use_stale_updating) the usage of a stale cached response when it is being updated.", - "v": "scgi\\_cache\\_background\\_update off;", - "c": "`http`, `server`, `location`", - "s": "**scgi_cache_background_update** `on` | `off`;" - }, - { - "m": "ngx_http_scgi_module", - "n": "scgi_cache_bypass", - "d": "Defines conditions under which the response will not be taken from a cache. If at least one value of the string parameters is not empty and is not equal to “0” then the response will not be taken from the cache:\n```\nscgi_cache_bypass $cookie_nocache $arg_nocache$arg_comment;\nscgi_cache_bypass $http_pragma $http_authorization;\n\n```\nCan be used along with the [scgi\\_no\\_cache](https://nginx.org/en/docs/http/ngx_http_scgi_module.html#scgi_no_cache) directive.", - "c": "`http`, `server`, `location`", - "s": "**scgi_cache_bypass** `_string_` ...;" - }, - { - "m": "ngx_http_scgi_module", - "n": "scgi_cache_key", - "d": "Defines a key for caching, for example\n```\nscgi_cache_key localhost:9000$request_uri;\n\n```\n", - "c": "`http`, `server`, `location`", - "s": "**scgi_cache_key** `_string_`;" - }, - { - "m": "ngx_http_scgi_module", - "n": "scgi_cache_lock", - "d": "When enabled, only one request at a time will be allowed to populate a new cache element identified according to the [scgi\\_cache\\_key](https://nginx.org/en/docs/http/ngx_http_scgi_module.html#scgi_cache_key) directive by passing a request to an SCGI server. Other requests of the same cache element will either wait for a response to appear in the cache or the cache lock for this element to be released, up to the time set by the [scgi\\_cache\\_lock\\_timeout](https://nginx.org/en/docs/http/ngx_http_scgi_module.html#scgi_cache_lock_timeout) directive.", - "v": "scgi\\_cache\\_lock off;", - "c": "`http`, `server`, `location`", - "s": "**scgi_cache_lock** `on` | `off`;" - }, - { - "m": "ngx_http_scgi_module", - "n": "scgi_cache_lock_age", - "d": "If the last request passed to the SCGI server for populating a new cache element has not completed for the specified `_time_`, one more request may be passed to the SCGI server.", - "v": "scgi\\_cache\\_lock\\_age 5s;", - "c": "`http`, `server`, `location`", - "s": "**scgi_cache_lock_age** `_time_`;" - }, - { - "m": "ngx_http_scgi_module", - "n": "scgi_cache_lock_timeout", - "d": "Sets a timeout for [scgi\\_cache\\_lock](https://nginx.org/en/docs/http/ngx_http_scgi_module.html#scgi_cache_lock). When the `_time_` expires, the request will be passed to the SCGI server, however, the response will not be cached.\nBefore 1.7.8, the response could be cached.\n", - "v": "scgi\\_cache\\_lock\\_timeout 5s;", - "c": "`http`, `server`, `location`", - "s": "**scgi_cache_lock_timeout** `_time_`;" - }, - { - "m": "ngx_http_scgi_module", - "n": "scgi_cache_max_range_offset", - "d": "Sets an offset in bytes for byte-range requests. If the range is beyond the offset, the range request will be passed to the SCGI server and the response will not be cached.", - "c": "`http`, `server`, `location`", - "s": "**scgi_cache_max_range_offset** `_number_`;" - }, - { - "m": "ngx_http_scgi_module", - "n": "scgi_cache_methods", - "d": "If the client request method is listed in this directive then the response will be cached. “`GET`” and “`HEAD`” methods are always added to the list, though it is recommended to specify them explicitly. See also the [scgi\\_no\\_cache](https://nginx.org/en/docs/http/ngx_http_scgi_module.html#scgi_no_cache) directive.", - "v": "scgi\\_cache\\_methods GET HEAD;", - "c": "`http`, `server`, `location`", - "s": "**scgi_cache_methods** `GET` | `HEAD` | `POST` ...;" - }, - { - "m": "ngx_http_scgi_module", - "n": "scgi_cache_min_uses", - "d": "Sets the `_number_` of requests after which the response will be cached.", - "v": "scgi\\_cache\\_min\\_uses 1;", - "c": "`http`, `server`, `location`", - "s": "**scgi_cache_min_uses** `_number_`;" - }, - { - "m": "ngx_http_scgi_module", - "n": "scgi_cache_path", - "d": "Sets the path and other parameters of a cache. Cache data are stored in files. The file name in a cache is a result of applying the MD5 function to the [cache key](https://nginx.org/en/docs/http/ngx_http_scgi_module.html#scgi_cache_key). The `levels` parameter defines hierarchy levels of a cache: from 1 to 3, each level accepts values 1 or 2. For example, in the following configuration\n```\nscgi_cache_path /data/nginx/cache levels=1:2 keys_zone=one:10m;\n\n```\nfile names in a cache will look like this:\n```\n/data/nginx/cache/c/29/b7f54b2df7773722d382f4809d65029c\n\n```\n\nA cached response is first written to a temporary file, and then the file is renamed. Starting from version 0.8.9, temporary files and the cache can be put on different file systems. However, be aware that in this case a file is copied across two file systems instead of the cheap renaming operation. It is thus recommended that for any given location both cache and a directory holding temporary files are put on the same file system. A directory for temporary files is set based on the `use_temp_path` parameter (1.7.10). If this parameter is omitted or set to the value `on`, the directory set by the [scgi\\_temp\\_path](https://nginx.org/en/docs/http/ngx_http_scgi_module.html#scgi_temp_path) directive for the given location will be used. If the value is set to `off`, temporary files will be put directly in the cache directory.\nIn addition, all active keys and information about data are stored in a shared memory zone, whose `_name_` and `_size_` are configured by the `keys_zone` parameter. One megabyte zone can store about 8 thousand keys.\nAs part of [commercial subscription](http://nginx.com/products/), the shared memory zone also stores extended cache [information](https://nginx.org/en/docs/http/ngx_http_api_module.html#http_caches_), thus, it is required to specify a larger zone size for the same number of keys. For example, one megabyte zone can store about 4 thousand keys.\n\nCached data that are not accessed during the time specified by the `inactive` parameter get removed from the cache regardless of their freshness. By default, `inactive` is set to 10 minutes.", - "c": "`http`", - "s": "**scgi_cache_path** `_path_` [`levels`=`_levels_`] [`use_temp_path`=`on`|`off`] `keys_zone`=`_name_`:`_size_` [`inactive`=`_time_`] [`max_size`=`_size_`] [`min_free`=`_size_`] [`manager_files`=`_number_`] [`manager_sleep`=`_time_`] [`manager_threshold`=`_time_`] [`loader_files`=`_number_`] [`loader_sleep`=`_time_`] [`loader_threshold`=`_time_`] [`purger`=`on`|`off`] [`purger_files`=`_number_`] [`purger_sleep`=`_time_`] [`purger_threshold`=`_time_`];" - }, - { - "m": "ngx_http_scgi_module", - "n": "scgi_cache_path_max_size", - "d": "The special “cache manager” process monitors the maximum cache size set by the `max_size` parameter, and the minimum amount of free space set by the `min_free` (1.19.1) parameter on the file system with cache. When the size is exceeded or there is not enough free space, it removes the least recently used data. The data is removed in iterations configured by `manager_files`, `manager_threshold`, and `manager_sleep` parameters (1.11.5). During one iteration no more than `manager_files` items are deleted (by default, 100). The duration of one iteration is limited by the `manager_threshold` parameter (by default, 200 milliseconds). Between iterations, a pause configured by the `manager_sleep` parameter (by default, 50 milliseconds) is made.\nA minute after the start the special “cache loader” process is activated. It loads information about previously cached data stored on file system into a cache zone. The loading is also done in iterations. During one iteration no more than `loader_files` items are loaded (by default, 100). Besides, the duration of one iteration is limited by the `loader_threshold` parameter (by default, 200 milliseconds). Between iterations, a pause configured by the `loader_sleep` parameter (by default, 50 milliseconds) is made.\nAdditionally, the following parameters are available as part of our [commercial subscription](http://nginx.com/products/):\n\n`purger`\\=`on`|`off`\n\nInstructs whether cache entries that match a [wildcard key](https://nginx.org/en/docs/http/ngx_http_scgi_module.html#scgi_cache_purge) will be removed from the disk by the cache purger (1.7.12). Setting the parameter to `on` (default is `off`) will activate the “cache purger” process that permanently iterates through all cache entries and deletes the entries that match the wildcard key.\n\n`purger_files`\\=`_number_`\n\nSets the number of items that will be scanned during one iteration (1.7.12). By default, `purger_files` is set to 10.\n\n`purger_threshold`\\=`_number_`\n\nSets the duration of one iteration (1.7.12). By default, `purger_threshold` is set to 50 milliseconds.\n\n`purger_sleep`\\=`_number_`\n\nSets a pause between iterations (1.7.12). By default, `purger_sleep` is set to 50 milliseconds.\n\n\nIn versions 1.7.3, 1.7.7, and 1.11.10 cache header format has been changed. Previously cached responses will be considered invalid after upgrading to a newer nginx version.\n", - "c": "`http`", - "s": "**scgi_cache_path** `_path_` [`levels`=`_levels_`] [`use_temp_path`=`on`|`off`] `keys_zone`=`_name_`:`_size_` [`inactive`=`_time_`] [`max_size`=`_size_`] [`min_free`=`_size_`] [`manager_files`=`_number_`] [`manager_sleep`=`_time_`] [`manager_threshold`=`_time_`] [`loader_files`=`_number_`] [`loader_sleep`=`_time_`] [`loader_threshold`=`_time_`] [`purger`=`on`|`off`] [`purger_files`=`_number_`] [`purger_sleep`=`_time_`] [`purger_threshold`=`_time_`];" - }, - { - "m": "ngx_http_scgi_module", - "n": "scgi_cache_purge", - "d": "Defines conditions under which the request will be considered a cache purge request. If at least one value of the string parameters is not empty and is not equal to “0” then the cache entry with a corresponding [cache key](https://nginx.org/en/docs/http/ngx_http_scgi_module.html#scgi_cache_key) is removed. The result of successful operation is indicated by returning the 204 (No Content) response.\nIf the [cache key](https://nginx.org/en/docs/http/ngx_http_scgi_module.html#scgi_cache_key) of a purge request ends with an asterisk (“`*`”), all cache entries matching the wildcard key will be removed from the cache. However, these entries will remain on the disk until they are deleted for either [inactivity](https://nginx.org/en/docs/http/ngx_http_scgi_module.html#scgi_cache_path), or processed by the [cache purger](https://nginx.org/en/docs/http/ngx_http_scgi_module.html#purger) (1.7.12), or a client attempts to access them.\nExample configuration:\n```\nscgi_cache_path /data/nginx/cache keys_zone=cache_zone:10m;\n\nmap $request_method $purge_method {\n PURGE 1;\n default 0;\n}\n\nserver {\n ...\n location / {\n scgi_pass backend;\n scgi_cache cache_zone;\n scgi_cache_key $uri;\n scgi_cache_purge $purge_method;\n }\n}\n\n```\n\nThis functionality is available as part of our [commercial subscription](http://nginx.com/products/).\n", - "c": "`http`, `server`, `location`", - "s": "**scgi_cache_purge** string ...;" - }, - { - "m": "ngx_http_scgi_module", - "n": "scgi_cache_revalidate", - "d": "Enables revalidation of expired cache items using conditional requests with the “If-Modified-Since” and “If-None-Match” header fields.", - "v": "scgi\\_cache\\_revalidate off;", - "c": "`http`, `server`, `location`", - "s": "**scgi_cache_revalidate** `on` | `off`;" - }, - { - "m": "ngx_http_scgi_module", - "n": "scgi_cache_use_stale", - "d": "Determines in which cases a stale cached response can be used when an error occurs during communication with the SCGI server. The directive’s parameters match the parameters of the [scgi\\_next\\_upstream](https://nginx.org/en/docs/http/ngx_http_scgi_module.html#scgi_next_upstream) directive.\nThe `error` parameter also permits using a stale cached response if an SCGI server to process a request cannot be selected.", - "v": "scgi\\_cache\\_use\\_stale off;", - "c": "`http`, `server`, `location`", - "s": "**scgi_cache_use_stale** `error` | `timeout` | `invalid_header` | `updating` | `http_500` | `http_503` | `http_403` | `http_404` | `http_429` | `off` ...;" - }, - { - "m": "ngx_http_scgi_module", - "n": "scgi_cache_use_stale_updating", - "d": "Additionally, the `updating` parameter permits using a stale cached response if it is currently being updated. This allows minimizing the number of accesses to SCGI servers when updating cached data.\nUsing a stale cached response can also be enabled directly in the response header for a specified number of seconds after the response became stale (1.11.10). This has lower priority than using the directive parameters.\n* The “[stale-while-revalidate](https://datatracker.ietf.org/doc/html/rfc5861#section-3)” extension of the “Cache-Control” header field permits using a stale cached response if it is currently being updated.\n* The “[stale-if-error](https://datatracker.ietf.org/doc/html/rfc5861#section-4)” extension of the “Cache-Control” header field permits using a stale cached response in case of an error.\n\nTo minimize the number of accesses to SCGI servers when populating a new cache element, the [scgi\\_cache\\_lock](https://nginx.org/en/docs/http/ngx_http_scgi_module.html#scgi_cache_lock) directive can be used.", - "v": "scgi\\_cache\\_use\\_stale off;", - "c": "`http`, `server`, `location`", - "s": "**scgi_cache_use_stale** `error` | `timeout` | `invalid_header` | `updating` | `http_500` | `http_503` | `http_403` | `http_404` | `http_429` | `off` ...;" - }, - { - "m": "ngx_http_scgi_module", - "n": "scgi_cache_valid", - "d": "Sets caching time for different response codes. For example, the following directives\n```\nscgi_cache_valid 200 302 10m;\nscgi_cache_valid 404 1m;\n\n```\nset 10 minutes of caching for responses with codes 200 and 302 and 1 minute for responses with code 404.\nIf only caching `_time_` is specified\n```\nscgi_cache_valid 5m;\n\n```\nthen only 200, 301, and 302 responses are cached.\nIn addition, the `any` parameter can be specified to cache any responses:\n```\nscgi_cache_valid 200 302 10m;\nscgi_cache_valid 301 1h;\nscgi_cache_valid any 1m;\n\n```\n\nParameters of caching can also be set directly in the response header. This has higher priority than setting of caching time using the directive.\n* The “X-Accel-Expires” header field sets caching time of a response in seconds. The zero value disables caching for a response. If the value starts with the `@` prefix, it sets an absolute time in seconds since Epoch, up to which the response may be cached.\n* If the header does not include the “X-Accel-Expires” field, parameters of caching may be set in the header fields “Expires” or “Cache-Control”.\n* If the header includes the “Set-Cookie” field, such a response will not be cached.\n* If the header includes the “Vary” field with the special value “`*`”, such a response will not be cached (1.7.7). If the header includes the “Vary” field with another value, such a response will be cached taking into account the corresponding request header fields (1.7.7).\nProcessing of one or more of these response header fields can be disabled using the [scgi\\_ignore\\_headers](https://nginx.org/en/docs/http/ngx_http_scgi_module.html#scgi_ignore_headers) directive.", - "c": "`http`, `server`, `location`", - "s": "**scgi_cache_valid** [`_code_` ...] `_time_`;" - }, - { - "m": "ngx_http_scgi_module", - "n": "scgi_connect_timeout", - "d": "Defines a timeout for establishing a connection with an SCGI server. It should be noted that this timeout cannot usually exceed 75 seconds.", - "v": "scgi\\_connect\\_timeout 60s;", - "c": "`http`, `server`, `location`", - "s": "**scgi_connect_timeout** `_time_`;" - }, - { - "m": "ngx_http_scgi_module", - "n": "scgi_force_ranges", - "d": "Enables byte-range support for both cached and uncached responses from the SCGI server regardless of the “Accept-Ranges” field in these responses.", - "v": "scgi\\_force\\_ranges off;", - "c": "`http`, `server`, `location`", - "s": "**scgi_force_ranges** `on` | `off`;" - }, - { - "m": "ngx_http_scgi_module", - "n": "scgi_hide_header", - "d": "By default, nginx does not pass the header fields “Status” and “X-Accel-...” from the response of an SCGI server to a client. The `scgi_hide_header` directive sets additional fields that will not be passed. If, on the contrary, the passing of fields needs to be permitted, the [scgi\\_pass\\_header](https://nginx.org/en/docs/http/ngx_http_scgi_module.html#scgi_pass_header) directive can be used.", - "c": "`http`, `server`, `location`", - "s": "**scgi_hide_header** `_field_`;" - }, - { - "m": "ngx_http_scgi_module", - "n": "scgi_ignore_client_abort", - "d": "Determines whether the connection with an SCGI server should be closed when a client closes the connection without waiting for a response.", - "v": "scgi\\_ignore\\_client\\_abort off;", - "c": "`http`, `server`, `location`", - "s": "**scgi_ignore_client_abort** `on` | `off`;" - }, - { - "m": "ngx_http_scgi_module", - "n": "scgi_ignore_headers", - "d": "Disables processing of certain response header fields from the SCGI server. The following fields can be ignored: “X-Accel-Redirect”, “X-Accel-Expires”, “X-Accel-Limit-Rate” (1.1.6), “X-Accel-Buffering” (1.1.6), “X-Accel-Charset” (1.1.6), “Expires”, “Cache-Control”, “Set-Cookie” (0.8.44), and “Vary” (1.7.7).\nIf not disabled, processing of these header fields has the following effect:\n* “X-Accel-Expires”, “Expires”, “Cache-Control”, “Set-Cookie”, and “Vary” set the parameters of response [caching](https://nginx.org/en/docs/http/ngx_http_scgi_module.html#scgi_cache_valid);\n* “X-Accel-Redirect” performs an [internal redirect](https://nginx.org/en/docs/http/ngx_http_core_module.html#internal) to the specified URI;\n* “X-Accel-Limit-Rate” sets the [rate limit](https://nginx.org/en/docs/http/ngx_http_core_module.html#limit_rate) for transmission of a response to a client;\n* “X-Accel-Buffering” enables or disables [buffering](https://nginx.org/en/docs/http/ngx_http_scgi_module.html#scgi_buffering) of a response;\n* “X-Accel-Charset” sets the desired [charset](https://nginx.org/en/docs/http/ngx_http_charset_module.html#charset) of a response.\n", - "c": "`http`, `server`, `location`", - "s": "**scgi_ignore_headers** `_field_` ...;" - }, - { - "m": "ngx_http_scgi_module", - "n": "scgi_intercept_errors", - "d": "Determines whether an SCGI server responses with codes greater than or equal to 300 should be passed to a client or be intercepted and redirected to nginx for processing with the [error\\_page](https://nginx.org/en/docs/http/ngx_http_core_module.html#error_page) directive.", - "v": "scgi\\_intercept\\_errors off;", - "c": "`http`, `server`, `location`", - "s": "**scgi_intercept_errors** `on` | `off`;" - }, - { - "m": "ngx_http_scgi_module", - "n": "scgi_limit_rate", - "d": "Limits the speed of reading the response from the SCGI server. The `_rate_` is specified in bytes per second. The zero value disables rate limiting. The limit is set per a request, and so if nginx simultaneously opens two connections to the SCGI server, the overall rate will be twice as much as the specified limit. The limitation works only if [buffering](https://nginx.org/en/docs/http/ngx_http_scgi_module.html#scgi_buffering) of responses from the SCGI server is enabled.", - "v": "scgi\\_limit\\_rate 0;", - "c": "`http`, `server`, `location`", - "s": "**scgi_limit_rate** `_rate_`;" - }, - { - "m": "ngx_http_scgi_module", - "n": "scgi_max_temp_file_size", - "d": "When [buffering](https://nginx.org/en/docs/http/ngx_http_scgi_module.html#scgi_buffering) of responses from the SCGI server is enabled, and the whole response does not fit into the buffers set by the [scgi\\_buffer\\_size](https://nginx.org/en/docs/http/ngx_http_scgi_module.html#scgi_buffer_size) and [scgi\\_buffers](https://nginx.org/en/docs/http/ngx_http_scgi_module.html#scgi_buffers) directives, a part of the response can be saved to a temporary file. This directive sets the maximum `_size_` of the temporary file. The size of data written to the temporary file at a time is set by the [scgi\\_temp\\_file\\_write\\_size](https://nginx.org/en/docs/http/ngx_http_scgi_module.html#scgi_temp_file_write_size) directive.\nThe zero value disables buffering of responses to temporary files.\n\nThis restriction does not apply to responses that will be [cached](https://nginx.org/en/docs/http/ngx_http_scgi_module.html#scgi_cache) or [stored](https://nginx.org/en/docs/http/ngx_http_scgi_module.html#scgi_store) on disk.\n", - "v": "scgi\\_max\\_temp\\_file\\_size 1024m;", - "c": "`http`, `server`, `location`", - "s": "**scgi_max_temp_file_size** `_size_`;" - }, - { - "m": "ngx_http_scgi_module", - "n": "scgi_next_upstream", - "d": "Specifies in which cases a request should be passed to the next server:\n`error`\n\nan error occurred while establishing a connection with the server, passing a request to it, or reading the response header;\n\n`timeout`\n\na timeout has occurred while establishing a connection with the server, passing a request to it, or reading the response header;\n\n`invalid_header`\n\na server returned an empty or invalid response;\n\n`http_500`\n\na server returned a response with the code 500;\n\n`http_503`\n\na server returned a response with the code 503;\n\n`http_403`\n\na server returned a response with the code 403;\n\n`http_404`\n\na server returned a response with the code 404;\n\n`http_429`\n\na server returned a response with the code 429 (1.11.13);\n\n`non_idempotent`\n\nnormally, requests with a [non-idempotent](https://datatracker.ietf.org/doc/html/rfc7231#section-4.2.2) method (`POST`, `LOCK`, `PATCH`) are not passed to the next server if a request has been sent to an upstream server (1.9.13); enabling this option explicitly allows retrying such requests;\n\n`off`\n\ndisables passing a request to the next server.\n\nOne should bear in mind that passing a request to the next server is only possible if nothing has been sent to a client yet. That is, if an error or timeout occurs in the middle of the transferring of a response, fixing this is impossible.\nThe directive also defines what is considered an [unsuccessful attempt](https://nginx.org/en/docs/http/ngx_http_upstream_module.html#max_fails) of communication with a server. The cases of `error`, `timeout` and `invalid_header` are always considered unsuccessful attempts, even if they are not specified in the directive. The cases of `http_500`, `http_503`, and `http_429` are considered unsuccessful attempts only if they are specified in the directive. The cases of `http_403` and `http_404` are never considered unsuccessful attempts.\nPassing a request to the next server can be limited by [the number of tries](https://nginx.org/en/docs/http/ngx_http_scgi_module.html#scgi_next_upstream_tries) and by [time](https://nginx.org/en/docs/http/ngx_http_scgi_module.html#scgi_next_upstream_timeout).", - "v": "scgi\\_next\\_upstream error timeout;", - "c": "`http`, `server`, `location`", - "s": "**scgi_next_upstream** `error` | `timeout` | `invalid_header` | `http_500` | `http_503` | `http_403` | `http_404` | `http_429` | `non_idempotent` | `off` ...;" - }, - { - "m": "ngx_http_scgi_module", - "n": "scgi_next_upstream_timeout", - "d": "Limits the time during which a request can be passed to the [next server](https://nginx.org/en/docs/http/ngx_http_scgi_module.html#scgi_next_upstream). The `0` value turns off this limitation.", - "v": "scgi\\_next\\_upstream\\_timeout 0;", - "c": "`http`, `server`, `location`", - "s": "**scgi_next_upstream_timeout** `_time_`;" - }, - { - "m": "ngx_http_scgi_module", - "n": "scgi_next_upstream_tries", - "d": "Limits the number of possible tries for passing a request to the [next server](https://nginx.org/en/docs/http/ngx_http_scgi_module.html#scgi_next_upstream). The `0` value turns off this limitation.", - "v": "scgi\\_next\\_upstream\\_tries 0;", - "c": "`http`, `server`, `location`", - "s": "**scgi_next_upstream_tries** `_number_`;" - }, - { - "m": "ngx_http_scgi_module", - "n": "scgi_no_cache", - "d": "Defines conditions under which the response will not be saved to a cache. If at least one value of the string parameters is not empty and is not equal to “0” then the response will not be saved:\n```\nscgi_no_cache $cookie_nocache $arg_nocache$arg_comment;\nscgi_no_cache $http_pragma $http_authorization;\n\n```\nCan be used along with the [scgi\\_cache\\_bypass](https://nginx.org/en/docs/http/ngx_http_scgi_module.html#scgi_cache_bypass) directive.", - "c": "`http`, `server`, `location`", - "s": "**scgi_no_cache** `_string_` ...;" - }, - { - "m": "ngx_http_scgi_module", - "n": "scgi_param", - "d": "Sets a `_parameter_` that should be passed to the SCGI server. The `_value_` can contain text, variables, and their combination. These directives are inherited from the previous configuration level if and only if there are no `scgi_param` directives defined on the current level.\nStandard [CGI environment variables](https://datatracker.ietf.org/doc/html/rfc3875#section-4.1) should be provided as SCGI headers, see the `scgi_params` file provided in the distribution:\n```\nlocation / {\n include scgi_params;\n ...\n}\n\n```\n\nIf the directive is specified with `if_not_empty` (1.1.11) then such a parameter will be passed to the server only if its value is not empty:\n```\nscgi_param HTTPS $https if_not_empty;\n\n```\n", - "c": "`http`, `server`, `location`", - "s": "**scgi_param** `_parameter_` `_value_` [`if_not_empty`];" - }, - { - "m": "ngx_http_scgi_module", - "n": "scgi_pass", - "d": "Sets the address of an SCGI server. The address can be specified as a domain name or IP address, and a port:\n```\nscgi_pass localhost:9000;\n\n```\nor as a UNIX-domain socket path:\n```\nscgi_pass unix:/tmp/scgi.socket;\n\n```\n\nIf a domain name resolves to several addresses, all of them will be used in a round-robin fashion. In addition, an address can be specified as a [server group](https://nginx.org/en/docs/http/ngx_http_upstream_module.html).\nParameter value can contain variables. In this case, if an address is specified as a domain name, the name is searched among the described [server groups](https://nginx.org/en/docs/http/ngx_http_upstream_module.html), and, if not found, is determined using a [resolver](https://nginx.org/en/docs/http/ngx_http_core_module.html#resolver).", - "c": "`location`, `if in location`", - "s": "**scgi_pass** `_address_`;" - }, - { - "m": "ngx_http_scgi_module", - "n": "scgi_pass_header", - "d": "Permits passing [otherwise disabled](https://nginx.org/en/docs/http/ngx_http_scgi_module.html#scgi_hide_header) header fields from an SCGI server to a client.", - "c": "`http`, `server`, `location`", - "s": "**scgi_pass_header** `_field_`;" - }, - { - "m": "ngx_http_scgi_module", - "n": "scgi_pass_request_body", - "d": "Indicates whether the original request body is passed to the SCGI server. See also the [scgi\\_pass\\_request\\_headers](https://nginx.org/en/docs/http/ngx_http_scgi_module.html#scgi_pass_request_headers) directive.", - "v": "scgi\\_pass\\_request\\_body on;", - "c": "`http`, `server`, `location`", - "s": "**scgi_pass_request_body** `on` | `off`;" - }, - { - "m": "ngx_http_scgi_module", - "n": "scgi_pass_request_headers", - "d": "Indicates whether the header fields of the original request are passed to the SCGI server. See also the [scgi\\_pass\\_request\\_body](https://nginx.org/en/docs/http/ngx_http_scgi_module.html#scgi_pass_request_body) directive.", - "v": "scgi\\_pass\\_request\\_headers on;", - "c": "`http`, `server`, `location`", - "s": "**scgi_pass_request_headers** `on` | `off`;" - }, - { - "m": "ngx_http_scgi_module", - "n": "scgi_read_timeout", - "d": "Defines a timeout for reading a response from the SCGI server. The timeout is set only between two successive read operations, not for the transmission of the whole response. If the SCGI server does not transmit anything within this time, the connection is closed.", - "v": "scgi\\_read\\_timeout 60s;", - "c": "`http`, `server`, `location`", - "s": "**scgi_read_timeout** `_time_`;" - }, - { - "m": "ngx_http_scgi_module", - "n": "scgi_request_buffering", - "d": "Enables or disables buffering of a client request body.\nWhen buffering is enabled, the entire request body is [read](https://nginx.org/en/docs/http/ngx_http_core_module.html#client_body_buffer_size) from the client before sending the request to an SCGI server.\nWhen buffering is disabled, the request body is sent to the SCGI server immediately as it is received. In this case, the request cannot be passed to the [next server](https://nginx.org/en/docs/http/ngx_http_scgi_module.html#scgi_next_upstream) if nginx already started sending the request body.\nWhen HTTP/1.1 chunked transfer encoding is used to send the original request body, the request body will be buffered regardless of the directive value.", - "v": "scgi\\_request\\_buffering on;", - "c": "`http`, `server`, `location`", - "s": "**scgi_request_buffering** `on` | `off`;" - }, - { - "m": "ngx_http_scgi_module", - "n": "scgi_send_timeout", - "d": "Sets a timeout for transmitting a request to the SCGI server. The timeout is set only between two successive write operations, not for the transmission of the whole request. If the SCGI server does not receive anything within this time, the connection is closed.", - "v": "scgi\\_send\\_timeout 60s;", - "c": "`http`, `server`, `location`", - "s": "**scgi_send_timeout** `_time_`;" - }, - { - "m": "ngx_http_scgi_module", - "n": "scgi_socket_keepalive", - "d": "Configures the “TCP keepalive” behavior for outgoing connections to an SCGI server. By default, the operating system’s settings are in effect for the socket. If the directive is set to the value “`on`”, the `SO_KEEPALIVE` socket option is turned on for the socket.", - "v": "scgi\\_socket\\_keepalive off;", - "c": "`http`, `server`, `location`", - "s": "**scgi_socket_keepalive** `on` | `off`;" - }, - { - "m": "ngx_http_scgi_module", - "n": "scgi_store", - "d": "Enables saving of files to a disk. The `on` parameter saves files with paths corresponding to the directives [alias](https://nginx.org/en/docs/http/ngx_http_core_module.html#alias) or [root](https://nginx.org/en/docs/http/ngx_http_core_module.html#root). The `off` parameter disables saving of files. In addition, the file name can be set explicitly using the `_string_` with variables:\n```\nscgi_store /data/www$original_uri;\n\n```\n\nThe modification time of files is set according to the received “Last-Modified” response header field. The response is first written to a temporary file, and then the file is renamed. Starting from version 0.8.9, temporary files and the persistent store can be put on different file systems. However, be aware that in this case a file is copied across two file systems instead of the cheap renaming operation. It is thus recommended that for any given location both saved files and a directory holding temporary files, set by the [scgi\\_temp\\_path](https://nginx.org/en/docs/http/ngx_http_scgi_module.html#scgi_temp_path) directive, are put on the same file system.\nThis directive can be used to create local copies of static unchangeable files, e.g.:\n```\nlocation /images/ {\n root /data/www;\n error_page 404 = /fetch$uri;\n}\n\nlocation /fetch/ {\n internal;\n\n scgi_pass backend:9000;\n ...\n\n scgi_store on;\n scgi_store_access user:rw group:rw all:r;\n scgi_temp_path /data/temp;\n\n alias /data/www/;\n}\n\n```\n", - "v": "scgi\\_store off;", - "c": "`http`, `server`, `location`", - "s": "**scgi_store** `on` | `off` | `_string_`;" - }, - { - "m": "ngx_http_scgi_module", - "n": "scgi_store_access", - "d": "Sets access permissions for newly created files and directories, e.g.:\n```\nscgi_store_access user:rw group:rw all:r;\n\n```\n\nIf any `group` or `all` access permissions are specified then `user` permissions may be omitted:\n```\nscgi_store_access group:rw all:r;\n\n```\n", - "v": "scgi\\_store\\_access user:rw;", - "c": "`http`, `server`, `location`", - "s": "**scgi_store_access** `_users_`:`_permissions_` ...;" - }, - { - "m": "ngx_http_scgi_module", - "n": "scgi_temp_file_write_size", - "d": "Limits the `_size_` of data written to a temporary file at a time, when buffering of responses from the SCGI server to temporary files is enabled. By default, `_size_` is limited by two buffers set by the [scgi\\_buffer\\_size](https://nginx.org/en/docs/http/ngx_http_scgi_module.html#scgi_buffer_size) and [scgi\\_buffers](https://nginx.org/en/docs/http/ngx_http_scgi_module.html#scgi_buffers) directives. The maximum size of a temporary file is set by the [scgi\\_max\\_temp\\_file\\_size](https://nginx.org/en/docs/http/ngx_http_scgi_module.html#scgi_max_temp_file_size) directive.", - "v": "scgi\\_temp\\_file\\_write\\_size 8k|16k;", - "c": "`http`, `server`, `location`", - "s": "**scgi_temp_file_write_size** `_size_`;" - }, - { - "m": "ngx_http_scgi_module", - "n": "scgi_temp_path", - "d": "Defines a directory for storing temporary files with data received from SCGI servers. Up to three-level subdirectory hierarchy can be used underneath the specified directory. For example, in the following configuration\n```\nscgi_temp_path /spool/nginx/scgi_temp 1 2;\n\n```\na temporary file might look like this:\n```\n/spool/nginx/scgi_temp/7/45/00000123457\n\n```\n\nSee also the `use_temp_path` parameter of the [scgi\\_cache\\_path](https://nginx.org/en/docs/http/ngx_http_scgi_module.html#scgi_cache_path) directive.", - "v": "scgi\\_temp\\_path scgi\\_temp;", - "c": "`http`, `server`, `location`", - "s": "**scgi_temp_path** `_path_` [`_level1_` [`_level2_` [`_level3_`]]];" - }, - { - "m": "ngx_http_secure_link_module", - "n": "secure_link", - "d": "Defines a string with variables from which the checksum value and lifetime of a link will be extracted.\nVariables used in an `_expression_` are usually associated with a request; see [example](https://nginx.org/en/docs/http/ngx_http_secure_link_module.html#secure_link_md5) below.\nThe checksum value extracted from the string is compared with the MD5 hash value of the expression defined by the [secure\\_link\\_md5](https://nginx.org/en/docs/http/ngx_http_secure_link_module.html#secure_link_md5) directive. If the checksums are different, the `$secure_link` variable is set to an empty string. If the checksums are the same, the link lifetime is checked. If the link has a limited lifetime and the time has expired, the `$secure_link` variable is set to “`0`”. Otherwise, it is set to “`1`”. The MD5 hash value passed in a request is encoded in [base64url](https://datatracker.ietf.org/doc/html/rfc4648#section-5).\nIf a link has a limited lifetime, the expiration time is set in seconds since Epoch (Thu, 01 Jan 1970 00:00:00 GMT). The value is specified in the expression after the MD5 hash, and is separated by a comma. The expiration time passed in a request is available through the `$secure_link_expires` variable for a use in the [secure\\_link\\_md5](https://nginx.org/en/docs/http/ngx_http_secure_link_module.html#secure_link_md5) directive. If the expiration time is not specified, a link has the unlimited lifetime.", - "c": "`http`, `server`, `location`", - "s": "**secure_link** `_expression_`;" - }, - { - "m": "ngx_http_secure_link_module", - "n": "secure_link_md5", - "d": "Defines an expression for which the MD5 hash value will be computed and compared with the value passed in a request.\nThe expression should contain the secured part of a link (resource) and a secret ingredient. If the link has a limited lifetime, the expression should also contain `$secure_link_expires`.\nTo prevent unauthorized access, the expression may contain some information about the client, such as its address and browser version.\nExample:\n```\nlocation /s/ {\n secure_link $arg_md5,$arg_expires;\n secure_link_md5 \"$secure_link_expires$uri$remote_addr secret\";\n\n if ($secure_link = \"\") {\n return 403;\n }\n\n if ($secure_link = \"0\") {\n return 410;\n }\n\n ...\n}\n\n```\nThe “`/s/link?md5=_e4Nc3iduzkWRm01TBBNYw&expires=2147483647`” link restricts access to “`/s/link`” for the client with the IP address 127.0.0.1. The link also has the limited lifetime until January 19, 2038 (GMT).\nOn UNIX, the `_md5_` request argument value can be obtained as:\n```\necho -n '2147483647/s/link127.0.0.1 secret' | \\\n openssl md5 -binary | openssl base64 | tr +/ -_ | tr -d =\n\n```\n", - "c": "`http`, `server`, `location`", - "s": "**secure_link_md5** `_expression_`;" - }, - { - "m": "ngx_http_secure_link_module", - "n": "secure_link_secret", - "d": "Defines a secret `_word_` used to check authenticity of requested links.\nThe full URI of a requested link looks as follows:\n```\n/prefix/hash/link\n\n```\nwhere `_hash_` is a hexadecimal representation of the MD5 hash computed for the concatenation of the link and secret word, and `_prefix_` is an arbitrary string without slashes.\nIf the requested link passes the authenticity check, the `$secure_link` variable is set to the link extracted from the request URI. Otherwise, the `$secure_link` variable is set to an empty string.\nExample:\n```\nlocation /p/ {\n secure_link_secret secret;\n\n if ($secure_link = \"\") {\n return 403;\n }\n\n rewrite ^ /secure/$secure_link;\n}\n\nlocation /secure/ {\n internal;\n}\n\n```\nA request of “`/p/5e814704a28d9bc1914ff19fa0c4a00a/link`” will be internally redirected to “`/secure/link`”.\nOn UNIX, the hash value for this example can be obtained as:\n```\necho -n 'linksecret' | openssl md5 -hex\n\n```\n", - "c": "`location`", - "s": "**secure_link_secret** `_word_`;" - }, - { - "m": "ngx_http_secure_link_module", - "n": "variables", - "d": "#### Embedded Variables\n\n`$secure_link`\n\nThe status of a link check. The specific value depends on the selected operation mode.\n\n`$secure_link_expires`\n\nThe lifetime of a link passed in a request; intended to be used only in the [secure\\_link\\_md5](https://nginx.org/en/docs/http/ngx_http_secure_link_module.html#secure_link_md5) directive.\n", - "c": "`location`", - "s": "**secure_link_secret** `_word_`;" - }, - { - "m": "ngx_http_session_log_module", - "n": "session_log", - "d": "Enables the use of the specified session log. The special value `off` cancels the effect of the `session_log` directives inherited from the previous configuration level.", - "v": "session\\_log off;", - "c": "`http`, `server`, `location`", - "s": "**session_log** `_name_` | `off`;" - }, - { - "m": "ngx_http_session_log_module", - "n": "session_log_format", - "d": "Specifies the output format of a log. The value of the `$body_bytes_sent` variable is aggregated across all requests in a session. The values of all other variables available for logging correspond to the first request in a session.", - "v": "session\\_log\\_format combined \"...\";", - "c": "`http`", - "s": "**session_log_format** `_name_` `_string_` ...;" - }, - { - "m": "ngx_http_session_log_module", - "n": "session_log_zone", - "d": "Sets the path to a log file and configures the shared memory zone that is used to store currently active sessions.\nA session is considered active for as long as the time elapsed since the last request in the session does not exceed the specified `timeout` (by default, 30 seconds). Once a session is no longer active, it is written to the log.\nThe `id` parameter identifies the session to which a request is mapped. The `id` parameter is set to the hexadecimal representation of an MD5 hash (for example, obtained from a cookie using variables). If this parameter is not specified or does not represent the valid MD5 hash, nginx computes the MD5 hash from the value of the `md5` parameter and creates a new session using this hash. Both the `id` and `md5` parameters can contain variables.\nThe `format` parameter sets the custom session log format configured by the [session\\_log\\_format](https://nginx.org/en/docs/http/ngx_http_session_log_module.html#session_log_format) directive. If `format` is not specified, the predefined “`combined`” format is used.", - "c": "`http`", - "s": "**session_log_zone** `_path_` `zone`=`_name_`:`_size_` [`format`=`_format_`] [`timeout`=`_time_`] [`id`=`_id_`] [`md5`=`_md5_`] ;" - }, - { - "m": "ngx_http_session_log_module", - "n": "variables", - "d": "#### Embedded Variables\nThe `ngx_http_session_log_module` module supports two embedded variables:\n`$session_log_id`\n\ncurrent session ID;\n\n`$session_log_binary_id`\n\ncurrent session ID in binary form (16 bytes).\n", - "c": "`http`", - "s": "**session_log_zone** `_path_` `zone`=`_name_`:`_size_` [`format`=`_format_`] [`timeout`=`_time_`] [`id`=`_id_`] [`md5`=`_md5_`] ;" - }, - { - "m": "ngx_http_session_log_module", - "n": "$session_log_id", - "d": "current session ID in binary form (16 bytes)." - }, - { - "m": "ngx_http_session_log_module", - "n": "$session_log_binary_id\n", - "d": "current session ID in binary form (16 bytes)." - }, - { - "m": "ngx_http_slice_module", - "n": "slice", - "d": "Sets the `_size_` of the slice. The zero value disables splitting responses into slices. Note that a too low value may result in excessive memory usage and opening a large number of files.\nIn order for a subrequest to return the required range, the `$slice_range` variable should be [passed](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_set_header) to the proxied server as the `Range` request header field. If [caching](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_cache) is enabled, `$slice_range` should be added to the [cache key](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_cache_key) and caching of responses with 206 status code should be [enabled](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_cache_valid).", - "v": "slice 0;", - "c": "`http`, `server`, `location`", - "s": "**slice** `_size_`;" - }, - { - "m": "ngx_http_slice_module", - "n": "variables", - "d": "#### Embedded Variables\nThe `ngx_http_slice_module` module supports the following embedded variables:\n`$slice_range`\n\nthe current slice range in [HTTP byte range](https://datatracker.ietf.org/doc/html/rfc7233#section-2.1) format, for example, `bytes=0-1048575`.\n", - "v": "slice 0;", - "c": "`http`, `server`, `location`", - "s": "**slice** `_size_`;" - }, - { - "m": "ngx_http_slice_module", - "n": "$slice_range", - "d": "the current slice range in [HTTP byte range](https://datatracker.ietf.org/doc/html/rfc7233#section-2.1) format, for example, `bytes=0-1048575`." - }, - { - "m": "ngx_http_spdy_module", - "n": "issues", - "d": "#### Known Issues\nThe module is experimental, caveat emptor applies.\nCurrent implementation of SPDY protocol does not support “server push”.\nIn versions prior to 1.5.9, responses in SPDY connections could not be [rate limited](https://nginx.org/en/docs/http/ngx_http_core_module.html#limit_rate).\nBuffering of a client request body cannot be disabled regardless of [proxy\\_request\\_buffering](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_request_buffering), [fastcgi\\_request\\_buffering](https://nginx.org/en/docs/http/ngx_http_fastcgi_module.html#fastcgi_request_buffering), [uwsgi\\_request\\_buffering](https://nginx.org/en/docs/http/ngx_http_uwsgi_module.html#uwsgi_request_buffering), and [scgi\\_request\\_buffering](https://nginx.org/en/docs/http/ngx_http_scgi_module.html#scgi_request_buffering) directive values." - }, - { - "m": "ngx_http_spdy_module", - "n": "spdy_chunk_size", - "d": "Sets the maximum size of chunks into which the response body is [sliced](http://www.chromium.org/spdy/spdy-protocol/spdy-protocol-draft2#TOC-Data-frames). A too low value results in higher overhead. A too high value impairs prioritization due to [HOL blocking](http://en.wikipedia.org/wiki/Head-of-line_blocking).", - "v": "spdy\\_chunk\\_size 8k;", - "c": "`http`, `server`, `location`", - "s": "**spdy_chunk_size** `_size_`;" - }, - { - "m": "ngx_http_spdy_module", - "n": "spdy_headers_comp", - "d": "Sets the header compression `_level_` of a response in a range from 1 (fastest, less compression) to 9 (slowest, best compression). The special value 0 turns off the header compression.", - "v": "spdy\\_headers\\_comp 0;", - "c": "`http`, `server`", - "s": "**spdy_headers_comp** `_level_`;" - }, - { - "m": "ngx_http_spdy_module", - "n": "variables", - "d": "#### Embedded Variables\nThe `ngx_http_spdy_module` module supports the following embedded variables:\n`$spdy`\n\nSPDY protocol version for SPDY connections, or an empty string otherwise;\n\n`$spdy_request_priority`\n\nrequest priority for SPDY connections, or an empty string otherwise.\n", - "v": "spdy\\_headers\\_comp 0;", - "c": "`http`, `server`", - "s": "**spdy_headers_comp** `_level_`;" - }, - { - "m": "ngx_http_split_clients_module", - "n": "split_clients", - "d": "Creates a variable for A/B testing, for example:\n```\nsplit_clients \"${remote_addr}AAA\" $variant {\n 0.5% .one;\n 2.0% .two;\n * \"\";\n}\n\n```\nThe value of the original string is hashed using MurmurHash2. In the example given, hash values from 0 to 21474835 (0.5%) correspond to the value `\".one\"` of the `$variant` variable, hash values from 21474836 to 107374180 (2%) correspond to the value `\".two\"`, and hash values from 107374181 to 4294967295 correspond to the value `\"\"` (an empty string).", - "c": "`http`", - "s": "**split_clients** `_string_` `_$variable_` { ... }" - }, - { - "m": "ngx_http_ssi_module", - "n": "ssi", - "d": "Enables or disables processing of SSI commands in responses.", - "v": "ssi off;", - "c": "`http`, `server`, `location`, `if in location`", - "s": "**ssi** `on` | `off`;" - }, - { - "m": "ngx_http_ssi_module", - "n": "ssi_last_modified", - "d": "Allows preserving the “Last-Modified” header field from the original response during SSI processing to facilitate response caching.\nBy default, the header field is removed as contents of the response are modified during processing and may contain dynamically generated elements or parts that are changed independently of the original response.", - "v": "ssi\\_last\\_modified off;", - "c": "`http`, `server`, `location`", - "s": "**ssi_last_modified** `on` | `off`;" - }, - { - "m": "ngx_http_ssi_module", - "n": "ssi_min_file_chunk", - "d": "Sets the minimum `_size_` for parts of a response stored on disk, starting from which it makes sense to send them using [sendfile](https://nginx.org/en/docs/http/ngx_http_core_module.html#sendfile).", - "v": "ssi\\_min\\_file\\_chunk 1k;", - "c": "`http`, `server`, `location`", - "s": "**ssi_min_file_chunk** `size`;" - }, - { - "m": "ngx_http_ssi_module", - "n": "ssi_silent_errors", - "d": "If enabled, suppresses the output of the “`[an error occurred while processing the directive]`” string if an error occurred during SSI processing.", - "v": "ssi\\_silent\\_errors off;", - "c": "`http`, `server`, `location`", - "s": "**ssi_silent_errors** `on` | `off`;" - }, - { - "m": "ngx_http_ssi_module", - "n": "ssi_types", - "d": "Enables processing of SSI commands in responses with the specified MIME types in addition to “`text/html`”. The special value “`*`” matches any MIME type (0.8.29).", - "v": "ssi\\_types text/html;", - "c": "`http`, `server`, `location`", - "s": "**ssi_types** `_mime-type_` ...;" - }, - { - "m": "ngx_http_ssi_module", - "n": "ssi_value_length", - "d": "Sets the maximum length of parameter values in SSI commands.", - "v": "ssi\\_value\\_length 256;", - "c": "`http`, `server`, `location`", - "s": "**ssi_value_length** `_length_`;" - }, - { - "m": "ngx_http_ssi_module", - "n": "commands", - "d": "#### SSI Commands\nSSI commands have the following generic format:\n```\n\n\n```\n\nThe following commands are supported:\n`block`\n\nDefines a block that can be used as a stub in the `include` command. The block can contain other SSI commands. The command has the following parameter:\n\n`name`\n\nblock name.\n\nExample:\n\n> \n> stub\n> \n\n`config`\n\nSets some parameters used during SSI processing, namely:\n\n`errmsg`\n\na string that is output if an error occurs during SSI processing. By default, the following string is output:\n\n> \\[an error occurred while processing the directive\\]\n\n`timefmt`\n\na format string passed to the `strftime()` function used to output date and time. By default, the following format is used:\n\n> \"%A, %d-%b-%Y %H:%M:%S %Z\"\n\nThe “`%s`” format is suitable to output time in seconds.\n\n`echo`\n\nOutputs the value of a variable. The command has the following parameters:\n\n`var`\n\nthe variable name.\n\n`encoding`\n\nthe encoding method. Possible values include `none`, `url`, and `entity`. By default, `entity` is used.\n\n`default`\n\na non-standard parameter that sets a string to be output if a variable is undefined. By default, “`(none)`” is output. The command\n\n> \n\nreplaces the following sequence of commands:\n\n> **no**\n\n`if`\n\nPerforms a conditional inclusion. The following commands are supported:\n\n> \n> ...\n> \n> ...\n> \n> ...\n> \n\nOnly one level of nesting is currently supported. The command has the following parameter:\n\n`expr`\n\nexpression. An expression can be:\n\n* variable existence check:\n \n > \n \n* comparison of a variable with a text:\n \n > \n > \n \n* comparison of a variable with a regular expression:\n \n > \n > \n \n\nIf a `_text_` contains variables, their values are substituted. A regular expression can contain positional and named captures that can later be used through variables, for example:\n\n> \n> \n> \n> \n\n`include`\n\nIncludes the result of another request into a response. The command has the following parameters:\n\n`file`\n\nspecifies an included file, for example:\n\n> \n\n`virtual`\n\nspecifies an included request, for example:\n\n> \n\nSeveral requests specified on one page and processed by proxied or FastCGI/uwsgi/SCGI/gRPC servers run in parallel. If sequential processing is desired, the `wait` parameter should be used.\n\n`stub`\n\na non-standard parameter that names the block whose content will be output if the included request results in an empty body or if an error occurs during the request processing, for example:\n\n>  \n> \n\nThe replacement block content is processed in the included request context.\n\n`wait`\n\na non-standard parameter that instructs to wait for a request to fully complete before continuing with SSI processing, for example:\n\n> \n\n`set`\n\na non-standard parameter that instructs to write a successful result of request processing to the specified variable, for example:\n\n> \n\nThe maximum size of the response is set by the [subrequest\\_output\\_buffer\\_size](https://nginx.org/en/docs/http/ngx_http_core_module.html#subrequest_output_buffer_size) directive (1.13.10):\n\n> location /remote/ {\n> subrequest\\_output\\_buffer\\_size 64k;\n> ...\n> }\n\nPrior to version 1.13.10, only the results of responses obtained using the [ngx\\_http\\_proxy\\_module](https://nginx.org/en/docs/http/ngx_http_proxy_module.html), [ngx\\_http\\_memcached\\_module](https://nginx.org/en/docs/http/ngx_http_memcached_module.html), [ngx\\_http\\_fastcgi\\_module](https://nginx.org/en/docs/http/ngx_http_fastcgi_module.html) (1.5.6), [ngx\\_http\\_uwsgi\\_module](https://nginx.org/en/docs/http/ngx_http_uwsgi_module.html) (1.5.6), and [ngx\\_http\\_scgi\\_module](https://nginx.org/en/docs/http/ngx_http_scgi_module.html) (1.5.6) modules could be written into variables. The maximum size of the response was set with the [proxy\\_buffer\\_size](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_buffer_size), [memcached\\_buffer\\_size](https://nginx.org/en/docs/http/ngx_http_memcached_module.html#memcached_buffer_size), [fastcgi\\_buffer\\_size](https://nginx.org/en/docs/http/ngx_http_fastcgi_module.html#fastcgi_buffer_size), [uwsgi\\_buffer\\_size](https://nginx.org/en/docs/http/ngx_http_uwsgi_module.html#uwsgi_buffer_size), and [scgi\\_buffer\\_size](https://nginx.org/en/docs/http/ngx_http_scgi_module.html#scgi_buffer_size) directives.\n\n`set`\n\nSets a value of a variable. The command has the following parameters:\n\n`var`\n\nthe variable name.\n\n`value`\n\nthe variable value. If an assigned value contains variables, their values are substituted.\n", - "v": "ssi\\_value\\_length 256;", - "c": "`http`, `server`, `location`", - "s": "**ssi_value_length** `_length_`;" - }, - { - "m": "ngx_http_ssi_module", - "n": "variables", - "d": "#### Embedded Variables\nThe `ngx_http_ssi_module` module supports two embedded variables:\n`$date_local`\n\ncurrent time in the local time zone. The format is set by the `config` command with the `timefmt` parameter.\n\n`$date_gmt`\n\ncurrent time in GMT. The format is set by the `config` command with the `timefmt` parameter.\n", - "v": "ssi\\_value\\_length 256;", - "c": "`http`, `server`, `location`", - "s": "**ssi_value_length** `_length_`;" - }, - { - "m": "ngx_http_ssi_module", - "n": "$date_local", - "d": "current time in GMT. The format is set by the `config` command with the `timefmt` parameter." - }, - { - "m": "ngx_http_ssi_module", - "n": "$date_gmt", - "d": "current time in GMT. The format is set by the `config` command with the `timefmt` parameter." - }, - { - "m": "ngx_http_ssl_module", - "n": "ssl", - "d": "This directive was made obsolete in version 1.15.0. The `ssl` parameter of the [listen](https://nginx.org/en/docs/http/ngx_http_core_module.html#listen) directive should be used instead.", - "v": "ssl off;", - "c": "`http`, `server`", - "s": "**ssl** `on` | `off`;" - }, - { - "m": "ngx_http_ssl_module", - "n": "ssl_buffer_size", - "d": "Sets the size of the buffer used for sending data.\nBy default, the buffer size is 16k, which corresponds to minimal overhead when sending big responses. To minimize Time To First Byte it may be beneficial to use smaller values, for example:\n```\nssl_buffer_size 4k;\n\n```\n", - "v": "ssl\\_buffer\\_size 16k;", - "c": "`http`, `server`", - "s": "**ssl_buffer_size** `_size_`;" - }, - { - "m": "ngx_http_ssl_module", - "n": "ssl_certificate", - "d": "Specifies a `_file_` with the certificate in the PEM format for the given virtual server. If intermediate certificates should be specified in addition to a primary certificate, they should be specified in the same file in the following order: the primary certificate comes first, then the intermediate certificates. A secret key in the PEM format may be placed in the same file.\nSince version 1.11.0, this directive can be specified multiple times to load certificates of different types, for example, RSA and ECDSA:\n```\nserver {\n listen 443 ssl;\n server_name example.com;\n\n ssl_certificate example.com.rsa.crt;\n ssl_certificate_key example.com.rsa.key;\n\n ssl_certificate example.com.ecdsa.crt;\n ssl_certificate_key example.com.ecdsa.key;\n\n ...\n}\n\n```\n\nOnly OpenSSL 1.0.2 or higher supports separate [certificate chains](https://nginx.org/en/docs/http/configuring_https_servers.html#chains) for different certificates. With older versions, only one certificate chain can be used.\n\nSince version 1.15.9, variables can be used in the `_file_` name when using OpenSSL 1.0.2 or higher:\n```\nssl_certificate $ssl_server_name.crt;\nssl_certificate_key $ssl_server_name.key;\n\n```\nNote that using variables implies that a certificate will be loaded for each SSL handshake, and this may have a negative impact on performance.", - "c": "`http`, `server`", - "s": "**ssl_certificate** `_file_`;" - }, - { - "m": "ngx_http_ssl_module", - "n": "ssl_certificate_data", - "d": "The value `data`:`_$variable_` can be specified instead of the `_file_` (1.15.10), which loads a certificate from a variable without using intermediate files. Note that inappropriate use of this syntax may have its security implications, such as writing secret key data to [error log](https://nginx.org/en/docs/ngx_core_module.html#error_log).\nIt should be kept in mind that due to the HTTPS protocol limitations for maximum interoperability virtual servers should listen on [different IP addresses](https://nginx.org/en/docs/http/configuring_https_servers.html#name_based_https_servers).", - "c": "`http`, `server`", - "s": "**ssl_certificate** `_file_`;" - }, - { - "m": "ngx_http_ssl_module", - "n": "ssl_certificate_key", - "d": "Specifies a `_file_` with the secret key in the PEM format for the given virtual server.\nThe value `engine`:`_name_`:`_id_` can be specified instead of the `_file_` (1.7.9), which loads a secret key with a specified `_id_` from the OpenSSL engine `_name_`.", - "c": "`http`, `server`", - "s": "**ssl_certificate_key** `_file_`;" - }, - { - "m": "ngx_http_ssl_module", - "n": "ssl_certificate_key_data", - "d": "The value `data`:`_$variable_` can be specified instead of the `_file_` (1.15.10), which loads a secret key from a variable without using intermediate files. Note that inappropriate use of this syntax may have its security implications, such as writing secret key data to [error log](https://nginx.org/en/docs/ngx_core_module.html#error_log).\nSince version 1.15.9, variables can be used in the `_file_` name when using OpenSSL 1.0.2 or higher.", - "c": "`http`, `server`", - "s": "**ssl_certificate_key** `_file_`;" - }, - { - "m": "ngx_http_ssl_module", - "n": "ssl_ciphers", - "d": "Specifies the enabled ciphers. The ciphers are specified in the format understood by the OpenSSL library, for example:\n```\nssl_ciphers ALL:!aNULL:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;\n\n```\n\nThe full list can be viewed using the “`openssl ciphers`” command.\n\nThe previous versions of nginx used [different](https://nginx.org/en/docs/http/configuring_https_servers.html#compatibility) ciphers by default.\n", - "v": "ssl\\_ciphers HIGH:!aNULL:!MD5;", - "c": "`http`, `server`", - "s": "**ssl_ciphers** `_ciphers_`;" - }, - { - "m": "ngx_http_ssl_module", - "n": "ssl_client_certificate", - "d": "Specifies a `_file_` with trusted CA certificates in the PEM format used to [verify](https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_verify_client) client certificates and OCSP responses if [ssl\\_stapling](https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_stapling) is enabled.\nThe list of certificates will be sent to clients. If this is not desired, the [ssl\\_trusted\\_certificate](https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_trusted_certificate) directive can be used.", - "c": "`http`, `server`", - "s": "**ssl_client_certificate** `_file_`;" - }, - { - "m": "ngx_http_ssl_module", - "n": "ssl_conf_command", - "d": "Sets arbitrary OpenSSL configuration [commands](https://www.openssl.org/docs/man1.1.1/man3/SSL_CONF_cmd.html).\nThe directive is supported when using OpenSSL 1.0.2 or higher.\n\nSeveral `ssl_conf_command` directives can be specified on the same level:\n```\nssl_conf_command Options PrioritizeChaCha;\nssl_conf_command Ciphersuites TLS_CHACHA20_POLY1305_SHA256;\n\n```\nThese directives are inherited from the previous configuration level if and only if there are no `ssl_conf_command` directives defined on the current level.\n\nNote that configuring OpenSSL directly might result in unexpected behavior.\n", - "c": "`http`, `server`", - "s": "**ssl_conf_command** `_name_` `_value_`;" - }, - { - "m": "ngx_http_ssl_module", - "n": "ssl_crl", - "d": "Specifies a `_file_` with revoked certificates (CRL) in the PEM format used to [verify](https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_verify_client) client certificates.", - "c": "`http`, `server`", - "s": "**ssl_crl** `_file_`;" - }, - { - "m": "ngx_http_ssl_module", - "n": "ssl_dhparam", - "d": "Specifies a `_file_` with DH parameters for DHE ciphers.\nBy default no parameters are set, and therefore DHE ciphers will not be used.\nPrior to version 1.11.0, builtin parameters were used by default.\n", - "c": "`http`, `server`", - "s": "**ssl_dhparam** `_file_`;" - }, - { - "m": "ngx_http_ssl_module", - "n": "ssl_early_data", - "d": "Enables or disables TLS 1.3 [early data](https://datatracker.ietf.org/doc/html/rfc8446#section-2.3).\nRequests sent within early data are subject to [replay attacks](https://datatracker.ietf.org/doc/html/rfc8470). To protect against such attacks at the application layer, the [$ssl\\_early\\_data](https://nginx.org/en/docs/http/ngx_http_ssl_module.html#var_ssl_early_data) variable should be used.\n\n```\nproxy_set_header Early-Data $ssl_early_data;\n\n```\n\nThe directive is supported when using OpenSSL 1.1.1 or higher (1.15.4) and [BoringSSL](https://boringssl.googlesource.com/boringssl/).\n", - "v": "ssl\\_early\\_data off;", - "c": "`http`, `server`", - "s": "**ssl_early_data** `on` | `off`;" - }, - { - "m": "ngx_http_ssl_module", - "n": "ssl_ecdh_curve", - "d": "Specifies a `_curve_` for ECDHE ciphers.\nWhen using OpenSSL 1.0.2 or higher, it is possible to specify multiple curves (1.11.0), for example:\n```\nssl_ecdh_curve prime256v1:secp384r1;\n\n```\n\nThe special value `auto` (1.11.0) instructs nginx to use a list built into the OpenSSL library when using OpenSSL 1.0.2 or higher, or `prime256v1` with older versions.\n\nPrior to version 1.11.0, the `prime256v1` curve was used by default.\n\n\nWhen using OpenSSL 1.0.2 or higher, this directive sets the list of curves supported by the server. Thus, in order for ECDSA certificates to work, it is important to include the curves used in the certificates.\n", - "v": "ssl\\_ecdh\\_curve auto;", - "c": "`http`, `server`", - "s": "**ssl_ecdh_curve** `_curve_`;" - }, - { - "m": "ngx_http_ssl_module", - "n": "ssl_ocsp", - "d": "Enables OCSP validation of the client certificate chain. The `leaf` parameter enables validation of the client certificate only.\nFor the OCSP validation to work, the [ssl\\_verify\\_client](https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_verify_client) directive should be set to `on` or `optional`.\nTo resolve the OCSP responder hostname, the [resolver](https://nginx.org/en/docs/http/ngx_http_core_module.html#resolver) directive should also be specified.\nExample:\n```\nssl_verify_client on;\nssl_ocsp on;\nresolver 192.0.2.1;\n\n```\n", - "v": "ssl\\_ocsp off;", - "c": "`http`, `server`", - "s": "**ssl_ocsp** `on` | `off` | `leaf`;" - }, - { - "m": "ngx_http_ssl_module", - "n": "ssl_ocsp_cache", - "d": "Sets `name` and `size` of the cache that stores client certificates status for OCSP validation. The cache is shared between all worker processes. A cache with the same name can be used in several virtual servers.\nThe `off` parameter prohibits the use of the cache.", - "v": "ssl\\_ocsp\\_cache off;", - "c": "`http`, `server`", - "s": "**ssl_ocsp_cache** `off` | [`shared`:`_name_`:`_size_`];" - }, - { - "m": "ngx_http_ssl_module", - "n": "ssl_ocsp_responder", - "d": "Overrides the URL of the OCSP responder specified in the “[Authority Information Access](https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.2.1)” certificate extension for [validation](https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_ocsp) of client certificates.\nOnly “`http://`” OCSP responders are supported:\n```\nssl_ocsp_responder http://ocsp.example.com/;\n\n```\n", - "c": "`http`, `server`", - "s": "**ssl_ocsp_responder** `_url_`;" - }, - { - "m": "ngx_http_ssl_module", - "n": "ssl_password_file", - "d": "Specifies a `_file_` with passphrases for [secret keys](https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_certificate_key) where each passphrase is specified on a separate line. Passphrases are tried in turn when loading the key.\nExample:\n```\nhttp {\n ssl_password_file /etc/keys/global.pass;\n ...\n\n server {\n server_name www1.example.com;\n ssl_certificate_key /etc/keys/first.key;\n }\n\n server {\n server_name www2.example.com;\n\n # named pipe can also be used instead of a file\n ssl_password_file /etc/keys/fifo;\n ssl_certificate_key /etc/keys/second.key;\n }\n}\n\n```\n", - "c": "`http`, `server`", - "s": "**ssl_password_file** `_file_`;" - }, - { - "m": "ngx_http_ssl_module", - "n": "ssl_prefer_server_ciphers", - "d": "Specifies that server ciphers should be preferred over client ciphers when using the SSLv3 and TLS protocols.", - "v": "ssl\\_prefer\\_server\\_ciphers off;", - "c": "`http`, `server`", - "s": "**ssl_prefer_server_ciphers** `on` | `off`;" - }, - { - "m": "ngx_http_ssl_module", - "n": "ssl_protocols", - "d": "Enables the specified protocols.\nThe `TLSv1.1` and `TLSv1.2` parameters (1.1.13, 1.0.12) work only when OpenSSL 1.0.1 or higher is used.\n\nThe `TLSv1.3` parameter (1.13.0) works only when OpenSSL 1.1.1 or higher is used.\n", - "v": "ssl\\_protocols TLSv1 TLSv1.1 TLSv1.2;", - "c": "`http`, `server`", - "s": "**ssl_protocols** [`SSLv2`] [`SSLv3`] [`TLSv1`] [`TLSv1.1`] [`TLSv1.2`] [`TLSv1.3`];" - }, - { - "m": "ngx_http_ssl_module", - "n": "ssl_reject_handshake", - "d": "If enabled, SSL handshakes in the [server](https://nginx.org/en/docs/http/ngx_http_core_module.html#server) block will be rejected.\nFor example, in the following configuration, SSL handshakes with server names other than `example.com` are rejected:\n```\nserver {\n listen 443 ssl default_server;\n ssl_reject_handshake on;\n}\n\nserver {\n listen 443 ssl;\n server_name example.com;\n ssl_certificate example.com.crt;\n ssl_certificate_key example.com.key;\n}\n\n```\n", - "v": "ssl\\_reject\\_handshake off;", - "c": "`http`, `server`", - "s": "**ssl_reject_handshake** `on` | `off`;" - }, - { - "m": "ngx_http_ssl_module", - "n": "ssl_session_cache", - "d": "Sets the types and sizes of caches that store session parameters. A cache can be of any of the following types:\n`off`\n\nthe use of a session cache is strictly prohibited: nginx explicitly tells a client that sessions may not be reused.\n\n`none`\n\nthe use of a session cache is gently disallowed: nginx tells a client that sessions may be reused, but does not actually store session parameters in the cache.\n\n`builtin`\n\na cache built in OpenSSL; used by one worker process only. The cache size is specified in sessions. If size is not given, it is equal to 20480 sessions. Use of the built-in cache can cause memory fragmentation.\n\n`shared`\n\na cache shared between all worker processes. The cache size is specified in bytes; one megabyte can store about 4000 sessions. Each shared cache should have an arbitrary name. A cache with the same name can be used in several virtual servers. It is also used to automatically generate, store, and periodically rotate TLS session ticket keys (1.23.2) unless configured explicitly using the [ssl\\_session\\_ticket\\_key](https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_session_ticket_key) directive.\n\nBoth cache types can be used simultaneously, for example:\n```\nssl_session_cache builtin:1000 shared:SSL:10m;\n\n```\nbut using only shared cache without the built-in cache should be more efficient.", - "v": "ssl\\_session\\_cache none;", - "c": "`http`, `server`", - "s": "**ssl_session_cache** `off` | `none` | [`builtin`[:`_size_`]] [`shared`:`_name_`:`_size_`];" - }, - { - "m": "ngx_http_ssl_module", - "n": "ssl_session_ticket_key", - "d": "Sets a `_file_` with the secret key used to encrypt and decrypt TLS session tickets. The directive is necessary if the same key has to be shared between multiple servers. By default, a randomly generated key is used.\nIf several keys are specified, only the first key is used to encrypt TLS session tickets. This allows configuring key rotation, for example:\n```\nssl_session_ticket_key current.key;\nssl_session_ticket_key previous.key;\n\n```\n\nThe `_file_` must contain 80 or 48 bytes of random data and can be created using the following command:\n```\nopenssl rand 80 > ticket.key\n\n```\nDepending on the file size either AES256 (for 80-byte keys, 1.11.8) or AES128 (for 48-byte keys) is used for encryption.", - "c": "`http`, `server`", - "s": "**ssl_session_ticket_key** `_file_`;" - }, - { - "m": "ngx_http_ssl_module", - "n": "ssl_session_tickets", - "d": "Enables or disables session resumption through [TLS session tickets](https://datatracker.ietf.org/doc/html/rfc5077).", - "v": "ssl\\_session\\_tickets on;", - "c": "`http`, `server`", - "s": "**ssl_session_tickets** `on` | `off`;" - }, - { - "m": "ngx_http_ssl_module", - "n": "ssl_session_timeout", - "d": "Specifies a time during which a client may reuse the session parameters.", - "v": "ssl\\_session\\_timeout 5m;", - "c": "`http`, `server`", - "s": "**ssl_session_timeout** `_time_`;" - }, - { - "m": "ngx_http_ssl_module", - "n": "ssl_stapling", - "d": "Enables or disables [stapling of OCSP responses](https://datatracker.ietf.org/doc/html/rfc6066#section-8) by the server. Example:\n```\nssl_stapling on;\nresolver 192.0.2.1;\n\n```\n\nFor the OCSP stapling to work, the certificate of the server certificate issuer should be known. If the [ssl\\_certificate](https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_certificate) file does not contain intermediate certificates, the certificate of the server certificate issuer should be present in the [ssl\\_trusted\\_certificate](https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_trusted_certificate) file.\nFor a resolution of the OCSP responder hostname, the [resolver](https://nginx.org/en/docs/http/ngx_http_core_module.html#resolver) directive should also be specified.", - "v": "ssl\\_stapling off;", - "c": "`http`, `server`", - "s": "**ssl_stapling** `on` | `off`;" - }, - { - "m": "ngx_http_ssl_module", - "n": "ssl_stapling_file", - "d": "When set, the stapled OCSP response will be taken from the specified `_file_` instead of querying the OCSP responder specified in the server certificate.\nThe file should be in the DER format as produced by the “`openssl ocsp`” command.", - "c": "`http`, `server`", - "s": "**ssl_stapling_file** `_file_`;" - }, - { - "m": "ngx_http_ssl_module", - "n": "ssl_stapling_responder", - "d": "Overrides the URL of the OCSP responder specified in the “[Authority Information Access](https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.2.1)” certificate extension.\nOnly “`http://`” OCSP responders are supported:\n```\nssl_stapling_responder http://ocsp.example.com/;\n\n```\n", - "c": "`http`, `server`", - "s": "**ssl_stapling_responder** `_url_`;" - }, - { - "m": "ngx_http_ssl_module", - "n": "ssl_stapling_verify", - "d": "Enables or disables verification of OCSP responses by the server.\nFor verification to work, the certificate of the server certificate issuer, the root certificate, and all intermediate certificates should be configured as trusted using the [ssl\\_trusted\\_certificate](https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_trusted_certificate) directive.", - "v": "ssl\\_stapling\\_verify off;", - "c": "`http`, `server`", - "s": "**ssl_stapling_verify** `on` | `off`;" - }, - { - "m": "ngx_http_ssl_module", - "n": "ssl_trusted_certificate", - "d": "Specifies a `_file_` with trusted CA certificates in the PEM format used to [verify](https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_verify_client) client certificates and OCSP responses if [ssl\\_stapling](https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_stapling) is enabled.\nIn contrast to the certificate set by [ssl\\_client\\_certificate](https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_client_certificate), the list of these certificates will not be sent to clients.", - "c": "`http`, `server`", - "s": "**ssl_trusted_certificate** `_file_`;" - }, - { - "m": "ngx_http_ssl_module", - "n": "ssl_verify_client", - "d": "Enables verification of client certificates. The verification result is stored in the [$ssl\\_client\\_verify](https://nginx.org/en/docs/http/ngx_http_ssl_module.html#var_ssl_client_verify) variable.\nThe `optional` parameter (0.8.7+) requests the client certificate and verifies it if the certificate is present.\nThe `optional_no_ca` parameter (1.3.8, 1.2.5) requests the client certificate but does not require it to be signed by a trusted CA certificate. This is intended for the use in cases when a service that is external to nginx performs the actual certificate verification. The contents of the certificate is accessible through the [$ssl\\_client\\_cert](https://nginx.org/en/docs/http/ngx_http_ssl_module.html#var_ssl_client_cert) variable.", - "v": "ssl\\_verify\\_client off;", - "c": "`http`, `server`", - "s": "**ssl_verify_client** `on` | `off` | `optional` | `optional_no_ca`;" - }, - { - "m": "ngx_http_ssl_module", - "n": "ssl_verify_depth", - "d": "Sets the verification depth in the client certificates chain.", - "v": "ssl\\_verify\\_depth 1;", - "c": "`http`, `server`", - "s": "**ssl_verify_depth** `_number_`;" - }, - { - "m": "ngx_http_ssl_module", - "n": "errors", - "d": "#### Error Processing\nThe `ngx_http_ssl_module` module supports several non-standard error codes that can be used for redirects using the [error\\_page](https://nginx.org/en/docs/http/ngx_http_core_module.html#error_page) directive:\n495\n\nan error has occurred during the client certificate verification;\n\n496\n\na client has not presented the required certificate;\n\n497\n\na regular request has been sent to the HTTPS port.\n\nThe redirection happens after the request is fully parsed and the variables, such as `$request_uri`, `$uri`, `$args` and others, are available.", - "v": "ssl\\_verify\\_depth 1;", - "c": "`http`, `server`", - "s": "**ssl_verify_depth** `_number_`;" - }, - { - "m": "ngx_http_ssl_module", - "n": "variables", - "d": "#### Embedded Variables\nThe `ngx_http_ssl_module` module supports embedded variables:\n`$ssl_alpn_protocol`\n\nreturns the protocol selected by ALPN during the SSL handshake, or an empty string otherwise (1.21.4);\n\n`$ssl_cipher`\n\nreturns the name of the cipher used for an established SSL connection;\n\n`$ssl_ciphers`\n\nreturns the list of ciphers supported by the client (1.11.7). Known ciphers are listed by names, unknown are shown in hexadecimal, for example:\n\n> AES128-SHA:AES256-SHA:0x00ff\n\n> The variable is fully supported only when using OpenSSL version 1.0.2 or higher. With older versions, the variable is available only for new sessions and lists only known ciphers.\n\n`$ssl_client_escaped_cert`\n\nreturns the client certificate in the PEM format (urlencoded) for an established SSL connection (1.13.5);\n\n`$ssl_client_cert`\n\nreturns the client certificate in the PEM format for an established SSL connection, with each line except the first prepended with the tab character; this is intended for the use in the [proxy\\_set\\_header](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_set_header) directive;\n\n> The variable is deprecated, the `$ssl_client_escaped_cert` variable should be used instead.\n\n`$ssl_client_fingerprint`\n\nreturns the SHA1 fingerprint of the client certificate for an established SSL connection (1.7.1);\n\n`$ssl_client_i_dn`\n\nreturns the “issuer DN” string of the client certificate for an established SSL connection according to [RFC 2253](https://datatracker.ietf.org/doc/html/rfc2253) (1.11.6);\n\n`$ssl_client_i_dn_legacy`\n\nreturns the “issuer DN” string of the client certificate for an established SSL connection;\n\n> Prior to version 1.11.6, the variable name was `$ssl_client_i_dn`.\n\n`$ssl_client_raw_cert`\n\nreturns the client certificate in the PEM format for an established SSL connection;\n\n`$ssl_client_s_dn`\n\nreturns the “subject DN” string of the client certificate for an established SSL connection according to [RFC 2253](https://datatracker.ietf.org/doc/html/rfc2253) (1.11.6);\n\n`$ssl_client_s_dn_legacy`\n\nreturns the “subject DN” string of the client certificate for an established SSL connection;\n\n> Prior to version 1.11.6, the variable name was `$ssl_client_s_dn`.\n\n`$ssl_client_serial`\n\nreturns the serial number of the client certificate for an established SSL connection;\n\n`$ssl_client_v_end`\n\nreturns the end date of the client certificate (1.11.7);\n\n`$ssl_client_v_remain`\n\nreturns the number of days until the client certificate expires (1.11.7);\n\n`$ssl_client_v_start`\n\nreturns the start date of the client certificate (1.11.7);\n\n`$ssl_client_verify`\n\nreturns the result of client certificate verification: “`SUCCESS`”, “`FAILED:``_reason_`”, and “`NONE`” if a certificate was not present;\n\n> Prior to version 1.11.7, the “`FAILED`” result did not contain the `_reason_` string.\n\n`$ssl_curve`\n\nreturns the negotiated curve used for SSL handshake key exchange process (1.21.5). Known curves are listed by names, unknown are shown in hexadecimal, for example:\n\n> prime256v1\n\n> The variable is supported only when using OpenSSL version 3.0 or higher. With older versions, the variable value will be an empty string.\n\n`$ssl_curves`\n\nreturns the list of curves supported by the client (1.11.7). Known curves are listed by names, unknown are shown in hexadecimal, for example:\n\n> 0x001d:prime256v1:secp521r1:secp384r1\n\n> The variable is supported only when using OpenSSL version 1.0.2 or higher. With older versions, the variable value will be an empty string.\n\n> The variable is available only for new sessions.\n\n`$ssl_early_data`\n\nreturns “`1`” if TLS 1.3 [early data](https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_early_data) is used and the handshake is not complete, otherwise “” (1.15.3).\n\n`$ssl_protocol`\n\nreturns the protocol of an established SSL connection;\n\n`$ssl_server_name`\n\nreturns the server name requested through [SNI](http://en.wikipedia.org/wiki/Server_Name_Indication) (1.7.0);\n\n`$ssl_session_id`\n\nreturns the session identifier of an established SSL connection;\n\n`$ssl_session_reused`\n\nreturns “`r`” if an SSL session was reused, or “`.`” otherwise (1.5.11).\n", - "v": "ssl\\_verify\\_depth 1;", - "c": "`http`, `server`", - "s": "**ssl_verify_depth** `_number_`;" - }, - { - "m": "ngx_http_ssl_module", - "n": "$ssl_alpn_protocol", - "d": "returns “`r`” if an SSL session was reused, or “`.`” otherwise (1.5.11)." - }, - { - "m": "ngx_http_ssl_module", - "n": "$ssl_cipher", - "d": "returns “`r`” if an SSL session was reused, or “`.`” otherwise (1.5.11)." - }, - { - "m": "ngx_http_ssl_module", - "n": "$ssl_ciphers", - "d": "returns “`r`” if an SSL session was reused, or “`.`” otherwise (1.5.11)." - }, - { - "m": "ngx_http_ssl_module", - "n": "$ssl_client_escaped_cert", - "d": "returns “`r`” if an SSL session was reused, or “`.`” otherwise (1.5.11)." - }, - { - "m": "ngx_http_ssl_module", - "n": "$ssl_client_cert", - "d": "returns “`r`” if an SSL session was reused, or “`.`” otherwise (1.5.11)." - }, - { - "m": "ngx_http_ssl_module", - "n": "$ssl_client_fingerprint", - "d": "returns “`r`” if an SSL session was reused, or “`.`” otherwise (1.5.11)." - }, - { - "m": "ngx_http_ssl_module", - "n": "$ssl_client_i_dn", - "d": "returns “`r`” if an SSL session was reused, or “`.`” otherwise (1.5.11)." - }, - { - "m": "ngx_http_ssl_module", - "n": "$ssl_client_i_dn_legacy", - "d": "returns “`r`” if an SSL session was reused, or “`.`” otherwise (1.5.11)." - }, - { - "m": "ngx_http_ssl_module", - "n": "$ssl_client_raw_cert\n", - "d": "returns “`r`” if an SSL session was reused, or “`.`” otherwise (1.5.11)." - }, - { - "m": "ngx_http_ssl_module", - "n": "$ssl_client_s_dn", - "d": "returns “`r`” if an SSL session was reused, or “`.`” otherwise (1.5.11)." - }, - { - "m": "ngx_http_ssl_module", - "n": "$ssl_client_s_dn_legacy", - "d": "returns “`r`” if an SSL session was reused, or “`.`” otherwise (1.5.11)." - }, - { - "m": "ngx_http_ssl_module", - "n": "$ssl_client_serial", - "d": "returns “`r`” if an SSL session was reused, or “`.`” otherwise (1.5.11)." - }, - { - "m": "ngx_http_ssl_module", - "n": "$ssl_client_v_end", - "d": "returns “`r`” if an SSL session was reused, or “`.`” otherwise (1.5.11)." - }, - { - "m": "ngx_http_ssl_module", - "n": "$ssl_client_v_remain", - "d": "returns “`r`” if an SSL session was reused, or “`.`” otherwise (1.5.11)." - }, - { - "m": "ngx_http_ssl_module", - "n": "$ssl_client_v_start", - "d": "returns “`r`” if an SSL session was reused, or “`.`” otherwise (1.5.11)." - }, - { - "m": "ngx_http_ssl_module", - "n": "$ssl_client_verify", - "d": "returns “`r`” if an SSL session was reused, or “`.`” otherwise (1.5.11)." - }, - { - "m": "ngx_http_ssl_module", - "n": "$ssl_curve", - "d": "returns “`r`” if an SSL session was reused, or “`.`” otherwise (1.5.11)." - }, - { - "m": "ngx_http_ssl_module", - "n": "$ssl_curves", - "d": "returns “`r`” if an SSL session was reused, or “`.`” otherwise (1.5.11)." - }, - { - "m": "ngx_http_ssl_module", - "n": "$ssl_early_data", - "d": "returns “`r`” if an SSL session was reused, or “`.`” otherwise (1.5.11)." - }, - { - "m": "ngx_http_ssl_module", - "n": "$ssl_protocol", - "d": "returns “`r`” if an SSL session was reused, or “`.`” otherwise (1.5.11)." - }, - { - "m": "ngx_http_ssl_module", - "n": "$ssl_server_name", - "d": "returns “`r`” if an SSL session was reused, or “`.`” otherwise (1.5.11)." - }, - { - "m": "ngx_http_ssl_module", - "n": "$ssl_session_id", - "d": "returns “`r`” if an SSL session was reused, or “`.`” otherwise (1.5.11)." - }, - { - "m": "ngx_http_ssl_module", - "n": "$ssl_session_reused", - "d": "returns “`r`” if an SSL session was reused, or “`.`” otherwise (1.5.11)." - }, - { - "m": "ngx_http_status_module", - "n": "status", - "d": "The status information will be accessible from the surrounding location. Access to this location should be [limited](https://nginx.org/en/docs/http/ngx_http_core_module.html#satisfy).", - "c": "`location`", - "s": "**status**;" - }, - { - "m": "ngx_http_status_module", - "n": "status_format", - "d": "By default, status information is output in the JSON format.\nAlternatively, data may be output as JSONP. The `_callback_` parameter specifies the name of a callback function. Parameter value can contain variables. If parameter is omitted, or the computed value is an empty string, then “`ngx_status_jsonp_callback`” is used.", - "v": "status\\_format json;", - "c": "`http`, `server`, `location`", - "s": "**status_format** `json`;`` \n``**status_format** `jsonp` [`_callback_`];" - }, - { - "m": "ngx_http_status_module", - "n": "status_zone", - "d": "Enables collection of virtual [http](https://nginx.org/en/docs/http/ngx_http_core_module.html#server) or [stream](https://nginx.org/en/docs/stream/ngx_stream_core_module.html#server) (1.7.11) server status information in the specified `_zone_`. Several servers may share the same zone.", - "c": "`server`", - "s": "**status_zone** `_zone_`;" - }, - { - "m": "ngx_http_status_module", - "n": "data", - "d": "#### Data\nThe following status information is provided:\n`version`\n\nVersion of the provided data set. The current version is 8.\n\n`nginx_version`\n\nVersion of nginx.\n\n`nginx_build`\n\nName of nginx build.\n\n`address`\n\nThe address of the server that accepted status request.\n\n`generation`\n\nThe total number of configuration [reloads](https://nginx.org/en/docs/control.html#reconfiguration).\n\n`load_timestamp`\n\nTime of the last reload of configuration, in milliseconds since Epoch.\n\n`timestamp`\n\nCurrent time in milliseconds since Epoch.\n\n`pid`\n\nThe ID of the worker process that handled status request.\n\n`ppid`\n\nThe ID of the master process that started the [worker process](https://nginx.org/en/docs/http/ngx_http_status_module.html#pid).\n\n`processes`\n\n`respawned`\n\nThe total number of abnormally terminated and respawned child processes.\n\n`connections`\n\n`accepted`\n\nThe total number of accepted client connections.\n\n`dropped`\n\nThe total number of dropped client connections.\n\n`active`\n\nThe current number of active client connections.\n\n`idle`\n\nThe current number of idle client connections.\n\n`ssl`\n\n`handshakes`\n\nThe total number of successful SSL handshakes.\n\n`handshakes_failed`\n\nThe total number of failed SSL handshakes.\n\n`session_reuses`\n\nThe total number of session reuses during SSL handshake.\n\n`requests`\n\n`total`\n\nThe total number of client requests.\n\n`current`\n\nThe current number of client requests.\n\n`server_zones`\n\nFor each [status\\_zone](https://nginx.org/en/docs/http/ngx_http_status_module.html#status_zone):\n\n`processing`\n\nThe number of client requests that are currently being processed.\n\n`requests`\n\nThe total number of client requests received from clients.\n\n`responses`\n\n`total`\n\nThe total number of responses sent to clients.\n\n`1xx`, `2xx`, `3xx`, `4xx`, `5xx`\n\nThe number of responses with status codes 1xx, 2xx, 3xx, 4xx, and 5xx.\n\n`discarded`\n\nThe total number of requests completed without sending a response.\n\n`received`\n\nThe total number of bytes received from clients.\n\n`sent`\n\nThe total number of bytes sent to clients.\n\n`slabs`\n\nFor each shared memory zone that uses slab allocator:\n\n`pages`\n\n`used`\n\nThe current number of used memory pages.\n\n`free`\n\nThe current number of free memory pages.\n\n`slots`\n\nFor each memory slot size (8, 16, 32, 64, 128, etc.) the following data are provided:\n\n`used`\n\nThe current number of used memory slots.\n\n`free`\n\nThe current number of free memory slots.\n\n`reqs`\n\nThe total number of attempts to allocate memory of specified size.\n\n`fails`\n\nThe number of unsuccessful attempts to allocate memory of specified size.\n\n`upstreams`\n\nFor each [dynamically configurable](https://nginx.org/en/docs/http/ngx_http_upstream_module.html#zone) [group](https://nginx.org/en/docs/http/ngx_http_upstream_module.html#upstream), the following data are provided:\n\n`peers`\n\nFor each [server](https://nginx.org/en/docs/http/ngx_http_upstream_module.html#server), the following data are provided:\n\n`id`\n\nThe ID of the server.\n\n`server`\n\nAn [address](https://nginx.org/en/docs/http/ngx_http_upstream_module.html#server) of the server.\n\n`name`\n\nThe name of the server specified in the [server](https://nginx.org/en/docs/http/ngx_http_upstream_module.html#server) directive.\n\n`service`\n\nThe [service](https://nginx.org/en/docs/http/ngx_http_upstream_module.html#service) parameter value of the [server](https://nginx.org/en/docs/http/ngx_http_upstream_module.html#server) directive.\n\n`backup`\n\nA boolean value indicating whether the server is a [backup](https://nginx.org/en/docs/http/ngx_http_upstream_module.html#backup) server.\n\n`weight`\n\n[Weight](https://nginx.org/en/docs/http/ngx_http_upstream_module.html#weight) of the server.\n\n`state`\n\nCurrent state, which may be one of “`up`”, “`draining`”, “`down`”, “`unavail`”, “`checking`”, or “`unhealthy`”.\n\n`active`\n\nThe current number of active connections.\n\n`max_conns`\n\nThe [max\\_conns](https://nginx.org/en/docs/http/ngx_http_upstream_module.html#max_conns) limit for the server.\n\n`requests`\n\nThe total number of client requests forwarded to this server.\n\n`responses`\n\n`total`\n\nThe total number of responses obtained from this server.\n\n`1xx`, `2xx`, `3xx`, `4xx`, `5xx`\n\nThe number of responses with status codes 1xx, 2xx, 3xx, 4xx, and 5xx.\n\n`sent`\n\nThe total number of bytes sent to this server.\n\n`received`\n\nThe total number of bytes received from this server.\n\n`fails`\n\nThe total number of unsuccessful attempts to communicate with the server.\n\n`unavail`\n\nHow many times the server became unavailable for client requests (state “`unavail`”) due to the number of unsuccessful attempts reaching the [max\\_fails](https://nginx.org/en/docs/http/ngx_http_upstream_module.html#max_fails) threshold.\n\n`health_checks`\n\n`checks`\n\nThe total number of [health check](https://nginx.org/en/docs/http/ngx_http_upstream_hc_module.html#health_check) requests made.\n\n`fails`\n\nThe number of failed health checks.\n\n`unhealthy`\n\nHow many times the server became unhealthy (state “`unhealthy`”).\n\n`last_passed`\n\nBoolean indicating if the last health check request was successful and passed [tests](https://nginx.org/en/docs/http/ngx_http_upstream_hc_module.html#match).\n\n`downtime`\n\nTotal time the server was in the “`unavail`”, “`checking`”, and “`unhealthy`” states.\n\n`downstart`\n\nThe time (in milliseconds since Epoch) when the server became “`unavail`”, “`checking`”, or “`unhealthy`”.\n\n`selected`\n\nThe time (in milliseconds since Epoch) when the server was last selected to process a request (1.7.5).\n\n`header_time`\n\nThe average time to get the [response header](https://nginx.org/en/docs/http/ngx_http_upstream_module.html#var_upstream_header_time) from the server (1.7.10). Prior to version 1.11.6, the field was available only when using the [least\\_time](https://nginx.org/en/docs/http/ngx_http_upstream_module.html#least_time) load balancing method.\n\n`response_time`\n\nThe average time to get the [full response](https://nginx.org/en/docs/http/ngx_http_upstream_module.html#var_upstream_response_time) from the server (1.7.10). Prior to version 1.11.6, the field was available only when using the [least\\_time](https://nginx.org/en/docs/http/ngx_http_upstream_module.html#least_time) load balancing method.\n\n`keepalive`\n\nThe current number of idle [keepalive](https://nginx.org/en/docs/http/ngx_http_upstream_module.html#keepalive) connections.\n\n`zombies`\n\nThe current number of servers removed from the group but still processing active client requests.\n\n`zone`\n\nThe name of the shared memory [zone](https://nginx.org/en/docs/http/ngx_http_upstream_module.html#zone) that keeps the group’s configuration and run-time state.\n\n`queue`\n\nFor the requests [queue](https://nginx.org/en/docs/http/ngx_http_upstream_module.html#queue), the following data are provided:\n\n`size`\n\nThe current number of requests in the queue.\n\n`max_size`\n\nThe maximum number of requests that can be in the queue at the same time.\n\n`overflows`\n\nThe total number of requests rejected due to the queue overflow.\n\n`caches`\n\nFor each cache (configured by [proxy\\_cache\\_path](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_cache_path) and the likes):\n\n`size`\n\nThe current size of the cache.\n\n`max_size`\n\nThe limit on the maximum size of the cache specified in the configuration.\n\n`cold`\n\nA boolean value indicating whether the “cache loader” process is still loading data from disk into the cache.\n\n`hit`, `stale`, `updating`, `revalidated`\n\n`responses`\n\nThe total number of responses read from the cache (hits, or stale responses due to [proxy\\_cache\\_use\\_stale](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_cache_use_stale) and the likes).\n\n`bytes`\n\nThe total number of bytes read from the cache.\n\n`miss`, `expired`, `bypass`\n\n`responses`\n\nThe total number of responses not taken from the cache (misses, expires, or bypasses due to [proxy\\_cache\\_bypass](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_cache_bypass) and the likes).\n\n`bytes`\n\nThe total number of bytes read from the proxied server.\n\n`responses_written`\n\nThe total number of responses written to the cache.\n\n`bytes_written`\n\nThe total number of bytes written to the cache.\n\n`stream`\n\n`server_zones`\n\nFor each [status\\_zone](https://nginx.org/en/docs/http/ngx_http_status_module.html#status_zone):\n\n`processing`\n\nThe number of client connections that are currently being processed.\n\n`connections`\n\nThe total number of connections accepted from clients.\n\n`sessions`\n\n`total`\n\nThe total number of completed client sessions.\n\n`2xx`, `4xx`, `5xx`\n\nThe number of sessions completed with [status codes](https://nginx.org/en/docs/stream/ngx_stream_core_module.html#var_status) 2xx, 4xx, or 5xx.\n\n`discarded`\n\nThe total number of connections completed without creating a session.\n\n`received`\n\nThe total number of bytes received from clients.\n\n`sent`\n\nThe total number of bytes sent to clients.\n\n`upstreams`\n\nFor each [dynamically configurable](https://nginx.org/en/docs/stream/ngx_stream_upstream_module.html#zone) [group](https://nginx.org/en/docs/stream/ngx_stream_upstream_module.html#upstream), the following data are provided:\n\n`peers`\n\nFor each [server](https://nginx.org/en/docs/stream/ngx_stream_upstream_module.html#server) the following data are provided:\n\n`id`\n\nThe ID of the server.\n\n`server`\n\nAn [address](https://nginx.org/en/docs/stream/ngx_stream_upstream_module.html#server) of the server.\n\n`name`\n\nThe name of the server specified in the [server](https://nginx.org/en/docs/stream/ngx_stream_upstream_module.html#server) directive.\n\n`service`\n\nThe [service](https://nginx.org/en/docs/stream/ngx_stream_upstream_module.html#service) parameter value of the [server](https://nginx.org/en/docs/stream/ngx_stream_upstream_module.html#server) directive.\n\n`backup`\n\nA boolean value indicating whether the server is a [backup](https://nginx.org/en/docs/stream/ngx_stream_upstream_module.html#backup) server.\n\n`weight`\n\n[Weight](https://nginx.org/en/docs/stream/ngx_stream_upstream_module.html#weight) of the server.\n\n`state`\n\nCurrent state, which may be one of “`up`”, “`down`”, “`unavail`”, “`checking`”, or “`unhealthy`”.\n\n`active`\n\nThe current number of connections.\n\n`max_conns`\n\nThe [max\\_conns](https://nginx.org/en/docs/stream/ngx_stream_upstream_module.html#max_conns) limit for the server.\n\n`connections`\n\nThe total number of client connections forwarded to this server.\n\n`connect_time`\n\nThe average time to connect to the upstream server. Prior to version 1.11.6, the field was available only when using the [least\\_time](https://nginx.org/en/docs/stream/ngx_stream_upstream_module.html#least_time) load balancing method.\n\n`first_byte_time`\n\nThe average time to receive the first byte of data. Prior to version 1.11.6, the field was available only when using the [least\\_time](https://nginx.org/en/docs/stream/ngx_stream_upstream_module.html#least_time) load balancing method.\n\n`response_time`\n\nThe average time to receive the last byte of data. Prior to version 1.11.6, the field was available only when using the [least\\_time](https://nginx.org/en/docs/stream/ngx_stream_upstream_module.html#least_time) load balancing method.\n\n`sent`\n\nThe total number of bytes sent to this server.\n\n`received`\n\nThe total number of bytes received from this server.\n\n`fails`\n\nThe total number of unsuccessful attempts to communicate with the server.\n\n`unavail`\n\nHow many times the server became unavailable for client connections (state “`unavail`”) due to the number of unsuccessful attempts reaching the [max\\_fails](https://nginx.org/en/docs/stream/ngx_stream_upstream_module.html#max_fails) threshold.\n\n`health_checks`\n\n`checks`\n\nThe total number of [health check](https://nginx.org/en/docs/stream/ngx_stream_upstream_hc_module.html#health_check) requests made.\n\n`fails`\n\nThe number of failed health checks.\n\n`unhealthy`\n\nHow many times the server became unhealthy (state “`unhealthy`”).\n\n`last_passed`\n\nBoolean indicating if the last health check request was successful and passed [tests](https://nginx.org/en/docs/stream/ngx_stream_upstream_hc_module.html#match).\n\n`downtime`\n\nTotal time the server was in the “`unavail`”, “`checking`”, and “`unhealthy`” states.\n\n`downstart`\n\nThe time (in milliseconds since Epoch) when the server became “`unavail`”, “`checking`”, or “`unhealthy`”.\n\n`selected`\n\nThe time (in milliseconds since Epoch) when the server was last selected to process a connection.\n\n`zombies`\n\nThe current number of servers removed from the group but still processing active client connections.\n\n`zone`\n\nThe name of the shared memory [zone](https://nginx.org/en/docs/stream/ngx_stream_upstream_module.html#zone) that keeps the group’s configuration and run-time state.\n", - "c": "`server`", - "s": "**status_zone** `_zone_`;" - }, - { - "m": "ngx_http_status_module", - "n": "compatibility", - "d": "#### Compatibility\n\n* The [zone](https://nginx.org/en/docs/http/ngx_http_status_module.html#zone) field in [http](https://nginx.org/en/docs/http/ngx_http_status_module.html#upstreams) and [stream](https://nginx.org/en/docs/http/ngx_http_status_module.html#stream_upstreams) upstreams was added in [version](https://nginx.org/en/docs/http/ngx_http_status_module.html#version) 8.\n* The [slabs](https://nginx.org/en/docs/http/ngx_http_status_module.html#slabs) status data were added in [version](https://nginx.org/en/docs/http/ngx_http_status_module.html#version) 8.\n* The [checking](https://nginx.org/en/docs/http/ngx_http_status_module.html#state) state was added in [version](https://nginx.org/en/docs/http/ngx_http_status_module.html#version) 8.\n* The [name](https://nginx.org/en/docs/http/ngx_http_status_module.html#name) and [service](https://nginx.org/en/docs/http/ngx_http_status_module.html#service) fields in [http](https://nginx.org/en/docs/http/ngx_http_status_module.html#upstreams) and [stream](https://nginx.org/en/docs/http/ngx_http_status_module.html#stream_upstreams) upstreams were added in [version](https://nginx.org/en/docs/http/ngx_http_status_module.html#version) 8.\n* The [nginx\\_build](https://nginx.org/en/docs/http/ngx_http_status_module.html#nginx_build) and [ppid](https://nginx.org/en/docs/http/ngx_http_status_module.html#ppid) fields were added in [version](https://nginx.org/en/docs/http/ngx_http_status_module.html#version) 8.\n* The [sessions](https://nginx.org/en/docs/http/ngx_http_status_module.html#sessions) status data and the [discarded](https://nginx.org/en/docs/http/ngx_http_status_module.html#stream_discarded) field in stream [server\\_zones](https://nginx.org/en/docs/http/ngx_http_status_module.html#stream_server_zones) were added in [version](https://nginx.org/en/docs/http/ngx_http_status_module.html#version) 7.\n* The [zombies](https://nginx.org/en/docs/http/ngx_http_status_module.html#zombies) field was moved from nginx [debug](https://nginx.org/en/docs/debugging_log.html) version in [version](https://nginx.org/en/docs/http/ngx_http_status_module.html#version) 6.\n* The [ssl](https://nginx.org/en/docs/http/ngx_http_status_module.html#ssl) status data were added in [version](https://nginx.org/en/docs/http/ngx_http_status_module.html#version) 6.\n* The [discarded](https://nginx.org/en/docs/http/ngx_http_status_module.html#discarded) field in [server\\_zones](https://nginx.org/en/docs/http/ngx_http_status_module.html#server_zones) was added in [version](https://nginx.org/en/docs/http/ngx_http_status_module.html#version) 6.\n* The [queue](https://nginx.org/en/docs/http/ngx_http_status_module.html#queue) status data were added in [version](https://nginx.org/en/docs/http/ngx_http_status_module.html#version) 6.\n* The [pid](https://nginx.org/en/docs/http/ngx_http_status_module.html#pid) field was added in [version](https://nginx.org/en/docs/http/ngx_http_status_module.html#version) 6.\n* The list of servers in [upstreams](https://nginx.org/en/docs/http/ngx_http_status_module.html#upstreams) was moved into [peers](https://nginx.org/en/docs/http/ngx_http_status_module.html#peers) in [version](https://nginx.org/en/docs/http/ngx_http_status_module.html#version) 6.\n* The `keepalive` field of an upstream server was removed in [version](https://nginx.org/en/docs/http/ngx_http_status_module.html#version) 5.\n* The [stream](https://nginx.org/en/docs/http/ngx_http_status_module.html#stream) status data were added in [version](https://nginx.org/en/docs/http/ngx_http_status_module.html#version) 5.\n* The [generation](https://nginx.org/en/docs/http/ngx_http_status_module.html#generation) field was added in [version](https://nginx.org/en/docs/http/ngx_http_status_module.html#version) 5.\n* The [respawned](https://nginx.org/en/docs/http/ngx_http_status_module.html#respawned) field in [processes](https://nginx.org/en/docs/http/ngx_http_status_module.html#processes) was added in [version](https://nginx.org/en/docs/http/ngx_http_status_module.html#version) 5.\n* The [header\\_time](https://nginx.org/en/docs/http/ngx_http_status_module.html#header_time) and [response\\_time](https://nginx.org/en/docs/http/ngx_http_status_module.html#response_time) fields in [upstreams](https://nginx.org/en/docs/http/ngx_http_status_module.html#upstreams) were added in [version](https://nginx.org/en/docs/http/ngx_http_status_module.html#version) 5.\n* The [selected](https://nginx.org/en/docs/http/ngx_http_status_module.html#selected) field in [upstreams](https://nginx.org/en/docs/http/ngx_http_status_module.html#upstreams) was added in [version](https://nginx.org/en/docs/http/ngx_http_status_module.html#version) 4.\n* The [draining](https://nginx.org/en/docs/http/ngx_http_status_module.html#state) state in [upstreams](https://nginx.org/en/docs/http/ngx_http_status_module.html#upstreams) was added in [version](https://nginx.org/en/docs/http/ngx_http_status_module.html#version) 4.\n* The [id](https://nginx.org/en/docs/http/ngx_http_status_module.html#id) and [max\\_conns](https://nginx.org/en/docs/http/ngx_http_status_module.html#max_conns) fields in [upstreams](https://nginx.org/en/docs/http/ngx_http_status_module.html#upstreams) were added in [version](https://nginx.org/en/docs/http/ngx_http_status_module.html#version) 3.\n* The `revalidated` field in [caches](https://nginx.org/en/docs/http/ngx_http_status_module.html#caches) was added in [version](https://nginx.org/en/docs/http/ngx_http_status_module.html#version) 3.\n* The [server\\_zones](https://nginx.org/en/docs/http/ngx_http_status_module.html#server_zones), [caches](https://nginx.org/en/docs/http/ngx_http_status_module.html#caches), and [load\\_timestamp](https://nginx.org/en/docs/http/ngx_http_status_module.html#load_timestamp) status data were added in [version](https://nginx.org/en/docs/http/ngx_http_status_module.html#version) 2.\n", - "c": "`server`", - "s": "**status_zone** `_zone_`;" - }, - { - "m": "ngx_http_stub_status_module", - "n": "stub_status", - "d": "The basic status information will be accessible from the surrounding location.\n\nIn versions prior to 1.7.5, the directive syntax required an arbitrary argument, for example, “`stub_status on`”.\n", - "c": "`server`, `location`", - "s": "**stub_status**;" - }, - { - "m": "ngx_http_stub_status_module", - "n": "data", - "d": "#### Data\nThe following status information is provided:\n`Active connections`\n\nThe current number of active client connections including `Waiting` connections.\n\n`accepts`\n\nThe total number of accepted client connections.\n\n`handled`\n\nThe total number of handled connections. Generally, the parameter value is the same as `accepts` unless some resource limits have been reached (for example, the [worker\\_connections](https://nginx.org/en/docs/ngx_core_module.html#worker_connections) limit).\n\n`requests`\n\nThe total number of client requests.\n\n`Reading`\n\nThe current number of connections where nginx is reading the request header.\n\n`Writing`\n\nThe current number of connections where nginx is writing the response back to the client.\n\n`Waiting`\n\nThe current number of idle client connections waiting for a request.\n", - "c": "`server`, `location`", - "s": "**stub_status**;" - }, - { - "m": "ngx_http_stub_status_module", - "n": "variables", - "d": "#### Embedded Variables\nThe `ngx_http_stub_status_module` module supports the following embedded variables (1.3.14):\n`$connections_active`\n\nsame as the `Active connections` value;\n\n`$connections_reading`\n\nsame as the `Reading` value;\n\n`$connections_writing`\n\nsame as the `Writing` value;\n\n`$connections_waiting`\n\nsame as the `Waiting` value.\n", - "c": "`server`, `location`", - "s": "**stub_status**;" - }, - { - "m": "ngx_http_stub_status_module", - "n": "$connections_active", - "d": "same as the `Waiting` value." - }, - { - "m": "ngx_http_stub_status_module", - "n": "$connections_reading", - "d": "same as the `Waiting` value." - }, - { - "m": "ngx_http_stub_status_module", - "n": "$connections_writing", - "d": "same as the `Waiting` value." - }, - { - "m": "ngx_http_stub_status_module", - "n": "$connections_waiting", - "d": "same as the `Waiting` value." - }, - { - "m": "ngx_http_sub_module", - "n": "sub_filter", - "d": "Sets a string to replace and a replacement string. The string to replace is matched ignoring the case. The string to replace (1.9.4) and replacement string can contain variables. Several `sub_filter` directives can be specified on the same configuration level (1.9.4). These directives are inherited from the previous configuration level if and only if there are no `sub_filter` directives defined on the current level.", - "c": "`http`, `server`, `location`", - "s": "**sub_filter** `_string_` `_replacement_`;" - }, - { - "m": "ngx_http_sub_module", - "n": "sub_filter_last_modified", - "d": "Allows preserving the “Last-Modified” header field from the original response during replacement to facilitate response caching.\nBy default, the header field is removed as contents of the response are modified during processing.", - "v": "sub\\_filter\\_last\\_modified off;", - "c": "`http`, `server`, `location`", - "s": "**sub_filter_last_modified** `on` | `off`;" - }, - { - "m": "ngx_http_sub_module", - "n": "sub_filter_once", - "d": "Indicates whether to look for each string to replace once or repeatedly.", - "v": "sub\\_filter\\_once on;", - "c": "`http`, `server`, `location`", - "s": "**sub_filter_once** `on` | `off`;" - }, - { - "m": "ngx_http_sub_module", - "n": "sub_filter_types", - "d": "Enables string replacement in responses with the specified MIME types in addition to “`text/html`”. The special value “`*`” matches any MIME type (0.8.29).", - "v": "sub\\_filter\\_types text/html;", - "c": "`http`, `server`, `location`", - "s": "**sub_filter_types** `_mime-type_` ...;" - }, - { - "m": "ngx_http_upstream_module", - "n": "upstream", - "d": "Defines a group of servers. Servers can listen on different ports. In addition, servers listening on TCP and UNIX-domain sockets can be mixed.\nExample:\n```\nupstream backend {\n server backend1.example.com weight=5;\n server 127.0.0.1:8080 max_fails=3 fail_timeout=30s;\n server unix:/tmp/backend3;\n\n server backup1.example.com backup;\n}\n\n```\n\nBy default, requests are distributed between the servers using a weighted round-robin balancing method. In the above example, each 7 requests will be distributed as follows: 5 requests go to `backend1.example.com` and one request to each of the second and third servers. If an error occurs during communication with a server, the request will be passed to the next server, and so on until all of the functioning servers will be tried. If a successful response could not be obtained from any of the servers, the client will receive the result of the communication with the last server.", - "c": "`http`", - "s": "**upstream** `_name_` { ... }" - }, - { - "m": "ngx_http_upstream_module", - "n": "server", - "d": "Defines the `_address_` and other `_parameters_` of a server. The address can be specified as a domain name or IP address, with an optional port, or as a UNIX-domain socket path specified after the “`unix:`” prefix. If a port is not specified, the port 80 is used. A domain name that resolves to several IP addresses defines multiple servers at once.\nThe following parameters can be defined:\n`weight`\\=`_number_`\n\nsets the weight of the server, by default, 1.\n\n`max_conns`\\=`_number_`\n\nlimits the maximum `_number_` of simultaneous active connections to the proxied server (1.11.5). Default value is zero, meaning there is no limit. If the server group does not reside in the [shared memory](https://nginx.org/en/docs/http/ngx_http_upstream_module.html#zone), the limitation works per each worker process.\n\n> If [idle keepalive](https://nginx.org/en/docs/http/ngx_http_upstream_module.html#keepalive) connections, multiple [workers](https://nginx.org/en/docs/ngx_core_module.html#worker_processes), and the [shared memory](https://nginx.org/en/docs/http/ngx_http_upstream_module.html#zone) are enabled, the total number of active and idle connections to the proxied server may exceed the `max_conns` value.\n\n> Since version 1.5.9 and prior to version 1.11.5, this parameter was available as part of our [commercial subscription](http://nginx.com/products/).\n\n`max_fails`\\=`_number_`\n\nsets the number of unsuccessful attempts to communicate with the server that should happen in the duration set by the `fail_timeout` parameter to consider the server unavailable for a duration also set by the `fail_timeout` parameter. By default, the number of unsuccessful attempts is set to 1. The zero value disables the accounting of attempts. What is considered an unsuccessful attempt is defined by the [proxy\\_next\\_upstream](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_next_upstream), [fastcgi\\_next\\_upstream](https://nginx.org/en/docs/http/ngx_http_fastcgi_module.html#fastcgi_next_upstream), [uwsgi\\_next\\_upstream](https://nginx.org/en/docs/http/ngx_http_uwsgi_module.html#uwsgi_next_upstream), [scgi\\_next\\_upstream](https://nginx.org/en/docs/http/ngx_http_scgi_module.html#scgi_next_upstream), [memcached\\_next\\_upstream](https://nginx.org/en/docs/http/ngx_http_memcached_module.html#memcached_next_upstream), and [grpc\\_next\\_upstream](https://nginx.org/en/docs/http/ngx_http_grpc_module.html#grpc_next_upstream) directives.\n\n`fail_timeout`\\=`_time_`\n\nsets\n\n* the time during which the specified number of unsuccessful attempts to communicate with the server should happen to consider the server unavailable;\n* and the period of time the server will be considered unavailable.\n\nBy default, the parameter is set to 10 seconds.\n\n`backup`\n\nmarks the server as a backup server. It will be passed requests when the primary servers are unavailable.\n\n> The parameter cannot be used along with the [hash](https://nginx.org/en/docs/http/ngx_http_upstream_module.html#hash), [ip\\_hash](https://nginx.org/en/docs/http/ngx_http_upstream_module.html#ip_hash), and [random](https://nginx.org/en/docs/http/ngx_http_upstream_module.html#random) load balancing methods.\n\n`down`\n\nmarks the server as permanently unavailable.\n\nAdditionally, the following parameters are available as part of our [commercial subscription](http://nginx.com/products/):\n`resolve`\n\nmonitors changes of the IP addresses that correspond to a domain name of the server, and automatically modifies the upstream configuration without the need of restarting nginx (1.5.12). The server group must reside in the [shared memory](https://nginx.org/en/docs/http/ngx_http_upstream_module.html#zone).\n\nIn order for this parameter to work, the `resolver` directive must be specified in the [http](https://nginx.org/en/docs/http/ngx_http_core_module.html#resolver) block or in the corresponding [upstream](https://nginx.org/en/docs/http/ngx_http_upstream_module.html#resolver) block.\n\n`route`\\=`_string_`\n\nsets the server route name.\n\n`service`\\=`_name_`\n\nenables resolving of DNS [SRV](https://datatracker.ietf.org/doc/html/rfc2782) records and sets the service `_name_` (1.9.13). In order for this parameter to work, it is necessary to specify the [resolve](https://nginx.org/en/docs/http/ngx_http_upstream_module.html#resolve) parameter for the server and specify a hostname without a port number.\n\nIf the service name does not contain a dot (“`.`”), then the [RFC](https://datatracker.ietf.org/doc/html/rfc2782)\\-compliant name is constructed and the TCP protocol is added to the service prefix. For example, to look up the `_http._tcp.backend.example.com` SRV record, it is necessary to specify the directive:\n\n> server backend.example.com service=http resolve;\n\nIf the service name contains one or more dots, then the name is constructed by joining the service prefix and the server name. For example, to look up the `_http._tcp.backend.example.com` and `server1.backend.example.com` SRV records, it is necessary to specify the directives:\n\n> server backend.example.com service=\\_http.\\_tcp resolve;\n> server example.com service=server1.backend resolve;\n\nHighest-priority SRV records (records with the same lowest-number priority value) are resolved as primary servers, the rest of SRV records are resolved as backup servers. If the [backup](https://nginx.org/en/docs/http/ngx_http_upstream_module.html#backup) parameter is specified for the server, high-priority SRV records are resolved as backup servers, the rest of SRV records are ignored.\n\n`slow_start`\\=`_time_`\n\nsets the `_time_` during which the server will recover its weight from zero to a nominal value, when unhealthy server becomes [healthy](https://nginx.org/en/docs/http/ngx_http_upstream_hc_module.html#health_check), or when the server becomes available after a period of time it was considered [unavailable](https://nginx.org/en/docs/http/ngx_http_upstream_module.html#fail_timeout). Default value is zero, i.e. slow start is disabled.\n\n> The parameter cannot be used along with the [hash](https://nginx.org/en/docs/http/ngx_http_upstream_module.html#hash), [ip\\_hash](https://nginx.org/en/docs/http/ngx_http_upstream_module.html#ip_hash), and [random](https://nginx.org/en/docs/http/ngx_http_upstream_module.html#random) load balancing methods.\n\n`drain`\n\nputs the server into the “draining” mode (1.13.6). In this mode, only requests [bound](https://nginx.org/en/docs/http/ngx_http_upstream_module.html#sticky) to the server will be proxied to it.\n\n> Prior to version 1.13.6, the parameter could be changed only with the [API](https://nginx.org/en/docs/http/ngx_http_api_module.html) module.\n\n\nIf there is only a single server in a group, `max_fails`, `fail_timeout` and `slow_start` parameters are ignored, and such a server will never be considered unavailable.\n", - "c": "`upstream`", - "s": "**server** `_address_` [`_parameters_`];" - }, - { - "m": "ngx_http_upstream_module", - "n": "zone", - "d": "Defines the `_name_` and `_size_` of the shared memory zone that keeps the group’s configuration and run-time state that are shared between worker processes. Several groups may share the same zone. In this case, it is enough to specify the `_size_` only once.\nAdditionally, as part of our [commercial subscription](http://nginx.com/products/), such groups allow changing the group membership or modifying the settings of a particular server without the need of restarting nginx. The configuration is accessible via the [API](https://nginx.org/en/docs/http/ngx_http_api_module.html) module (1.13.3).\nPrior to version 1.13.3, the configuration was accessible only via a special location handled by [upstream\\_conf](https://nginx.org/en/docs/http/ngx_http_upstream_conf_module.html#upstream_conf).\n", - "c": "`upstream`", - "s": "**zone** `_name_` [`_size_`];" - }, - { - "m": "ngx_http_upstream_module", - "n": "state", - "d": "Specifies a `_file_` that keeps the state of the dynamically configurable group.\nExamples:\n```\nstate /var/lib/nginx/state/servers.conf; # path for Linux\nstate /var/db/nginx/state/servers.conf; # path for FreeBSD\n\n```\n\nThe state is currently limited to the list of servers with their parameters. The file is read when parsing the configuration and is updated each time the upstream configuration is [changed](https://nginx.org/en/docs/http/ngx_http_api_module.html#http_upstreams_http_upstream_name_servers_). Changing the file content directly should be avoided. The directive cannot be used along with the [server](https://nginx.org/en/docs/http/ngx_http_upstream_module.html#server) directive.\n\nChanges made during [configuration reload](https://nginx.org/en/docs/control.html#reconfiguration) or [binary upgrade](https://nginx.org/en/docs/control.html#upgrade) can be lost.\n\n\nThis directive is available as part of our [commercial subscription](http://nginx.com/products/).\n", - "c": "`upstream`", - "s": "**state** `_file_`;" - }, - { - "m": "ngx_http_upstream_module", - "n": "hash", - "d": "Specifies a load balancing method for a server group where the client-server mapping is based on the hashed `_key_` value. The `_key_` can contain text, variables, and their combinations. Note that adding or removing a server from the group may result in remapping most of the keys to different servers. The method is compatible with the [Cache::Memcached](https://metacpan.org/pod/Cache::Memcached) Perl library.\nIf the `consistent` parameter is specified, the [ketama](https://www.metabrew.com/article/libketama-consistent-hashing-algo-memcached-clients) consistent hashing method will be used instead. The method ensures that only a few keys will be remapped to different servers when a server is added to or removed from the group. This helps to achieve a higher cache hit ratio for caching servers. The method is compatible with the [Cache::Memcached::Fast](https://metacpan.org/pod/Cache::Memcached::Fast) Perl library with the `_ketama_points_` parameter set to 160.", - "c": "`upstream`", - "s": "**hash** `_key_` [`consistent`];" - }, - { - "m": "ngx_http_upstream_module", - "n": "ip_hash", - "d": "Specifies that a group should use a load balancing method where requests are distributed between servers based on client IP addresses. The first three octets of the client IPv4 address, or the entire IPv6 address, are used as a hashing key. The method ensures that requests from the same client will always be passed to the same server except when this server is unavailable. In the latter case client requests will be passed to another server. Most probably, it will always be the same server as well.\nIPv6 addresses are supported starting from versions 1.3.2 and 1.2.2.\n\nIf one of the servers needs to be temporarily removed, it should be marked with the `down` parameter in order to preserve the current hashing of client IP addresses.\nExample:\n```\nupstream backend {\n ip_hash;\n\n server backend1.example.com;\n server backend2.example.com;\n server backend3.example.com down;\n server backend4.example.com;\n}\n\n```\n\n\nUntil versions 1.3.1 and 1.2.2, it was not possible to specify a weight for servers using the `ip_hash` load balancing method.\n", - "c": "`upstream`", - "s": "**ip_hash**;" - }, - { - "m": "ngx_http_upstream_module", - "n": "keepalive", - "d": "Activates the cache for connections to upstream servers.\nThe `_connections_` parameter sets the maximum number of idle keepalive connections to upstream servers that are preserved in the cache of each worker process. When this number is exceeded, the least recently used connections are closed.\nIt should be particularly noted that the `keepalive` directive does not limit the total number of connections to upstream servers that an nginx worker process can open. The `_connections_` parameter should be set to a number small enough to let upstream servers process new incoming connections as well.\n\nWhen using load balancing methods other than the default round-robin method, it is necessary to activate them before the `keepalive` directive.\n\nExample configuration of memcached upstream with keepalive connections:\n```\nupstream memcached_backend {\n server 127.0.0.1:11211;\n server 10.0.0.2:11211;\n\n keepalive 32;\n}\n\nserver {\n ...\n\n location /memcached/ {\n set $memcached_key $uri;\n memcached_pass memcached_backend;\n }\n\n}\n\n```\n\nFor HTTP, the [proxy\\_http\\_version](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_http_version) directive should be set to “`1.1`” and the “Connection” header field should be cleared:\n```\nupstream http_backend {\n server 127.0.0.1:8080;\n\n keepalive 16;\n}\n\nserver {\n ...\n\n location /http/ {\n proxy_pass http://http_backend;\n proxy_http_version 1.1;\n proxy_set_header Connection \"\";\n ...\n }\n}\n\n```\n\n\nAlternatively, HTTP/1.0 persistent connections can be used by passing the “Connection: Keep-Alive” header field to an upstream server, though this method is not recommended.\n\nFor FastCGI servers, it is required to set [fastcgi\\_keep\\_conn](https://nginx.org/en/docs/http/ngx_http_fastcgi_module.html#fastcgi_keep_conn) for keepalive connections to work:\n```\nupstream fastcgi_backend {\n server 127.0.0.1:9000;\n\n keepalive 8;\n}\n\nserver {\n ...\n\n location /fastcgi/ {\n fastcgi_pass fastcgi_backend;\n fastcgi_keep_conn on;\n ...\n }\n}\n\n```\n\n\nSCGI and uwsgi protocols do not have a notion of keepalive connections.\n", - "c": "`upstream`", - "s": "**keepalive** `_connections_`;" - }, - { - "m": "ngx_http_upstream_module", - "n": "keepalive_requests", - "d": "Sets the maximum number of requests that can be served through one keepalive connection. After the maximum number of requests is made, the connection is closed.\nClosing connections periodically is necessary to free per-connection memory allocations. Therefore, using too high maximum number of requests could result in excessive memory usage and not recommended.\n\nPrior to version 1.19.10, the default value was 100.\n", - "v": "keepalive\\_requests 1000;", - "c": "`upstream`", - "s": "**keepalive_requests** `_number_`;" - }, - { - "m": "ngx_http_upstream_module", - "n": "keepalive_time", - "d": "Limits the maximum time during which requests can be processed through one keepalive connection. After this time is reached, the connection is closed following the subsequent request processing.", - "v": "keepalive\\_time 1h;", - "c": "`upstream`", - "s": "**keepalive_time** `_time_`;" - }, - { - "m": "ngx_http_upstream_module", - "n": "keepalive_timeout", - "d": "Sets a timeout during which an idle keepalive connection to an upstream server will stay open.", - "v": "keepalive\\_timeout 60s;", - "c": "`upstream`", - "s": "**keepalive_timeout** `_timeout_`;" - }, - { - "m": "ngx_http_upstream_module", - "n": "ntlm", - "d": "Allows proxying requests with [NTLM Authentication](https://en.wikipedia.org/wiki/Integrated_Windows_Authentication). The upstream connection is bound to the client connection once the client sends a request with the “Authorization” header field value starting with “`Negotiate`” or “`NTLM`”. Further client requests will be proxied through the same upstream connection, keeping the authentication context.\nIn order for NTLM authentication to work, it is necessary to enable keepalive connections to upstream servers. The [proxy\\_http\\_version](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_http_version) directive should be set to “`1.1`” and the “Connection” header field should be cleared:\n```\nupstream http_backend {\n server 127.0.0.1:8080;\n\n ntlm;\n}\n\nserver {\n ...\n\n location /http/ {\n proxy_pass http://http_backend;\n proxy_http_version 1.1;\n proxy_set_header Connection \"\";\n ...\n }\n}\n\n```\n\n\nWhen using load balancer methods other than the default round-robin method, it is necessary to activate them before the `ntlm` directive.\n\n\nThis directive is available as part of our [commercial subscription](http://nginx.com/products/).\n", - "c": "`upstream`", - "s": "**ntlm**;" - }, - { - "m": "ngx_http_upstream_module", - "n": "least_conn", - "d": "Specifies that a group should use a load balancing method where a request is passed to the server with the least number of active connections, taking into account weights of servers. If there are several such servers, they are tried in turn using a weighted round-robin balancing method.", - "c": "`upstream`", - "s": "**least_conn**;" - }, - { - "m": "ngx_http_upstream_module", - "n": "least_time", - "d": "Specifies that a group should use a load balancing method where a request is passed to the server with the least average response time and least number of active connections, taking into account weights of servers. If there are several such servers, they are tried in turn using a weighted round-robin balancing method.\nIf the `header` parameter is specified, time to receive the [response header](https://nginx.org/en/docs/http/ngx_http_upstream_module.html#var_upstream_header_time) is used. If the `last_byte` parameter is specified, time to receive the [full response](https://nginx.org/en/docs/http/ngx_http_upstream_module.html#var_upstream_response_time) is used. If the `inflight` parameter is specified (1.11.6), incomplete requests are also taken into account.\nPrior to version 1.11.6, incomplete requests were taken into account by default.\n\n\nThis directive is available as part of our [commercial subscription](http://nginx.com/products/).\n", - "c": "`upstream`", - "s": "**least_time** `header` | `last_byte` [`inflight`];" - }, - { - "m": "ngx_http_upstream_module", - "n": "queue", - "d": "If an upstream server cannot be selected immediately while processing a request, the request will be placed into the queue. The directive specifies the maximum `_number_` of requests that can be in the queue at the same time. If the queue is filled up, or the server to pass the request to cannot be selected within the time period specified in the `timeout` parameter, the 502 (Bad Gateway) error will be returned to the client.\nThe default value of the `timeout` parameter is 60 seconds.\n\nWhen using load balancer methods other than the default round-robin method, it is necessary to activate them before the `queue` directive.\n\nThis directive is available as part of our [commercial subscription](http://nginx.com/products/).\n", - "c": "`upstream`", - "s": "**queue** `_number_` [`timeout`=`_time_`];" - }, - { - "m": "ngx_http_upstream_module", - "n": "random", - "d": "Specifies that a group should use a load balancing method where a request is passed to a randomly selected server, taking into account weights of servers.\nThe optional `two` parameter instructs nginx to randomly select [two](https://homes.cs.washington.edu/~karlin/papers/balls.pdf) servers and then choose a server using the specified `method`. The default method is `least_conn` which passes a request to a server with the least number of active connections.", - "c": "`upstream`", - "s": "**random** [`two` [`_method_`]];" - }, - { - "m": "ngx_http_upstream_module", - "n": "random_least_time", - "d": "The `least_time` method passes a request to a server with the least average response time and least number of active connections. If `least_time=header` is specified, the time to receive the [response header](https://nginx.org/en/docs/http/ngx_http_upstream_module.html#var_upstream_header_time) is used. If `least_time=last_byte` is specified, the time to receive the [full response](https://nginx.org/en/docs/http/ngx_http_upstream_module.html#var_upstream_response_time) is used.\nThe `least_time` method is available as a part of our [commercial subscription](http://nginx.com/products/).\n", - "c": "`upstream`", - "s": "**random** [`two` [`_method_`]];" - }, - { - "m": "ngx_http_upstream_module", - "n": "resolver", - "d": "Configures name servers used to resolve names of upstream servers into addresses, for example:\n```\nresolver 127.0.0.1 [::1]:5353;\n\n```\nThe address can be specified as a domain name or IP address, with an optional port. If port is not specified, the port 53 is used. Name servers are queried in a round-robin fashion.", - "c": "`upstream`", - "s": "**resolver** `_address_` ... [`valid`=`_time_`] [`ipv4`=`on`|`off`] [`ipv6`=`on`|`off`] [`status_zone`=`_zone_`];" - }, - { - "m": "ngx_http_upstream_module", - "n": "resolver_ipv6", - "d": "By default, nginx will look up both IPv4 and IPv6 addresses while resolving. If looking up of IPv4 or IPv6 addresses is not desired, the `ipv4=off` (1.23.1) or the `ipv6=off` parameter can be specified.", - "c": "`upstream`", - "s": "**resolver** `_address_` ... [`valid`=`_time_`] [`ipv4`=`on`|`off`] [`ipv6`=`on`|`off`] [`status_zone`=`_zone_`];" - }, - { - "m": "ngx_http_upstream_module", - "n": "resolver_valid", - "d": "By default, nginx caches answers using the TTL value of a response. An optional `valid` parameter allows overriding it:\n```\nresolver 127.0.0.1 [::1]:5353 valid=30s;\n\n```\n\nTo prevent DNS spoofing, it is recommended configuring DNS servers in a properly secured trusted local network.\n", - "c": "`upstream`", - "s": "**resolver** `_address_` ... [`valid`=`_time_`] [`ipv4`=`on`|`off`] [`ipv6`=`on`|`off`] [`status_zone`=`_zone_`];" - }, - { - "m": "ngx_http_upstream_module", - "n": "resolver_status_zone", - "d": "The optional `status_zone` parameter enables [collection](https://nginx.org/en/docs/http/ngx_http_api_module.html#resolvers_) of DNS server statistics of requests and responses in the specified `_zone_`.\n\nThis directive is available as part of our [commercial subscription](http://nginx.com/products/).\n", - "c": "`upstream`", - "s": "**resolver** `_address_` ... [`valid`=`_time_`] [`ipv4`=`on`|`off`] [`ipv6`=`on`|`off`] [`status_zone`=`_zone_`];" - }, - { - "m": "ngx_http_upstream_module", - "n": "resolver_timeout", - "d": "Sets a timeout for name resolution, for example:\n```\nresolver_timeout 5s;\n\n```\n\n\nThis directive is available as part of our [commercial subscription](http://nginx.com/products/).\n", - "v": "resolver\\_timeout 30s;", - "c": "`upstream`", - "s": "**resolver_timeout** `_time_`;" - }, - { - "m": "ngx_http_upstream_module", - "n": "sticky", - "d": "Enables session affinity, which causes requests from the same client to be passed to the same server in a group of servers. Three methods are available:\n`cookie`\n\nWhen the `cookie` method is used, information about the designated server is passed in an HTTP cookie generated by nginx:\n\n> upstream backend {\n> server backend1.example.com;\n> server backend2.example.com;\n> \n> sticky cookie srv\\_id expires=1h domain=.example.com path=/;\n> }\n\nA request that comes from a client not yet bound to a particular server is passed to the server selected by the configured balancing method. Further requests with this cookie will be passed to the designated server. If the designated server cannot process a request, the new server is selected as if the client has not been bound yet.\n\n> As a load balancing method always tries to evenly distribute the load considering already bound requests, the server with a higher number of active bound requests has less possibility of getting new unbound requests.\n\nThe first parameter sets the name of the cookie to be set or inspected. The cookie value is a hexadecimal representation of the MD5 hash of the IP address and port, or of the UNIX-domain socket path. However, if the “`route`” parameter of the [server](https://nginx.org/en/docs/http/ngx_http_upstream_module.html#server) directive is specified, the cookie value will be the value of the “`route`” parameter:\n\n> upstream backend {\n> server backend1.example.com route=**a**;\n> server backend2.example.com route=**b**;\n> \n> sticky cookie srv\\_id expires=1h domain=.example.com path=/;\n> }\n\nIn this case, the value of the “`srv_id`” cookie will be either `_a_` or `_b_`.\n\nAdditional parameters may be as follows:\n\n`expires=``_time_`\n\nSets the `_time_` for which a browser should keep the cookie. The special value `max` will cause the cookie to expire on “`31 Dec 2037 23:55:55 GMT`”. If the parameter is not specified, it will cause the cookie to expire at the end of a browser session.\n\n`domain=``_domain_`\n\nDefines the `_domain_` for which the cookie is set. Parameter value can contain variables (1.11.5).\n\n`httponly`\n\nAdds the `HttpOnly` attribute to the cookie (1.7.11).\n\n`samesite=``strict` | `lax` | `none` | `_$variable_`\n\nAdds the `SameSite` (1.19.4) attribute to the cookie with one of the following values: `Strict`, `Lax`, `None`, or using variables (1.23.3). In the latter case, if the variable value is empty, the `SameSite` attribute will not be added to the cookie, if the value is resolved to `Strict`, `Lax`, or `None`, the corresponding value will be assigned, otherwise the `Strict` value will be assigned.\n\n`secure`\n\nAdds the `Secure` attribute to the cookie (1.7.11).\n\n`path=``_path_`\n\nDefines the `_path_` for which the cookie is set.\n\nIf any parameters are omitted, the corresponding cookie fields are not set.\n\n`route`\n\nWhen the `route` method is used, proxied server assigns client a route on receipt of the first request. All subsequent requests from this client will carry routing information in a cookie or URI. This information is compared with the “`route`” parameter of the [server](https://nginx.org/en/docs/http/ngx_http_upstream_module.html#server) directive to identify the server to which the request should be proxied. If the “`route`” parameter is not specified, the route name will be a hexadecimal representation of the MD5 hash of the IP address and port, or of the UNIX-domain socket path. If the designated server cannot process a request, the new server is selected by the configured balancing method as if there is no routing information in the request.\n\nThe parameters of the `route` method specify variables that may contain routing information. The first non-empty variable is used to find the matching server.\n\nExample:\n\n> map $cookie\\_jsessionid $route\\_cookie {\n> ~.+\\\\.(?P\\\\w+)$ $route;\n> }\n> \n> map $request\\_uri $route\\_uri {\n> ~jsessionid=.+\\\\.(?P\\\\w+)$ $route;\n> }\n> \n> upstream backend {\n> server backend1.example.com route=a;\n> server backend2.example.com route=b;\n> \n> sticky route $route\\_cookie $route\\_uri;\n> }\n\nHere, the route is taken from the “`JSESSIONID`” cookie if present in a request. Otherwise, the route from the URI is used.\n\n`learn`\n\nWhen the `learn` method (1.7.1) is used, nginx analyzes upstream server responses and learns server-initiated sessions usually passed in an HTTP cookie.\n\n> upstream backend {\n> server backend1.example.com:8080;\n> server backend2.example.com:8081;\n> \n> sticky learn\n> create=$upstream\\_cookie\\_examplecookie\n> lookup=$cookie\\_examplecookie\n> zone=client\\_sessions:1m;\n> }\n\nIn the example, the upstream server creates a session by setting the cookie “`EXAMPLECOOKIE`” in the response. Further requests with this cookie will be passed to the same server. If the server cannot process the request, the new server is selected as if the client has not been bound yet.\n\nThe parameters `create` and `lookup` specify variables that indicate how new sessions are created and existing sessions are searched, respectively. Both parameters may be specified more than once, in which case the first non-empty variable is used.\n\nSessions are stored in a shared memory zone, whose `_name_` and `_size_` are configured by the `zone` parameter. One megabyte zone can store about 4000 sessions on the 64-bit platform. The sessions that are not accessed during the time specified by the `timeout` parameter get removed from the zone. By default, `timeout` is set to 10 minutes.\n\nThe `header` parameter (1.13.1) allows creating a session right after receiving response headers from the upstream server.\n\nThe `sync` parameter (1.13.8) enables [synchronization](https://nginx.org/en/docs/stream/ngx_stream_zone_sync_module.html#zone_sync) of the shared memory zone.\n\n\nThis directive is available as part of our [commercial subscription](http://nginx.com/products/).\n", - "c": "`upstream`", - "s": "**sticky** `cookie` `_name_` [`expires=``_time_`] [`domain=``_domain_`] [`httponly`] [`samesite=``strict`|`lax`|`none`|`_$variable_`] [`secure`] [`path=``_path_`];``` \n``**sticky** `route` `_$variable_` ...;`` \n```**sticky** `learn` `create=``_$variable_` `lookup=``_$variable_` `zone=``_name_`:`_size_` [`timeout=``_time_`] [`header`] [`sync`];" - }, - { - "m": "ngx_http_upstream_module", - "n": "sticky_cookie_insert", - "d": "This directive is obsolete since version 1.5.7. An equivalent [sticky](https://nginx.org/en/docs/http/ngx_http_upstream_module.html#sticky) directive with a new syntax should be used instead:\n`sticky cookie` `_name_` \\[`expires=``_time_`\\] \\[`domain=``_domain_`\\] \\[`path=``_path_`\\];\n", - "c": "`upstream`", - "s": "**sticky_cookie_insert** `_name_` [`expires=``_time_`] [`domain=``_domain_`] [`path=``_path_`];" - }, - { - "m": "ngx_http_upstream_module", - "n": "variables", - "d": "#### Embedded Variables\nThe `ngx_http_upstream_module` module supports the following embedded variables:\n`$upstream_addr`\n\nkeeps the IP address and port, or the path to the UNIX-domain socket of the upstream server. If several servers were contacted during request processing, their addresses are separated by commas, e.g. “`192.168.1.1:80, 192.168.1.2:80, unix:/tmp/sock`”. If an internal redirect from one server group to another happens, initiated by “X-Accel-Redirect” or [error\\_page](https://nginx.org/en/docs/http/ngx_http_core_module.html#error_page), then the server addresses from different groups are separated by colons, e.g. “`192.168.1.1:80, 192.168.1.2:80, unix:/tmp/sock : 192.168.10.1:80, 192.168.10.2:80`”. If a server cannot be selected, the variable keeps the name of the server group.\n\n`$upstream_bytes_received`\n\nnumber of bytes received from an upstream server (1.11.4). Values from several connections are separated by commas and colons like addresses in the [$upstream\\_addr](https://nginx.org/en/docs/http/ngx_http_upstream_module.html#var_upstream_addr) variable.\n\n`$upstream_bytes_sent`\n\nnumber of bytes sent to an upstream server (1.15.8). Values from several connections are separated by commas and colons like addresses in the [$upstream\\_addr](https://nginx.org/en/docs/http/ngx_http_upstream_module.html#var_upstream_addr) variable.\n\n`$upstream_cache_status`\n\nkeeps the status of accessing a response cache (0.8.3). The status can be either “`MISS`”, “`BYPASS`”, “`EXPIRED`”, “`STALE`”, “`UPDATING`”, “`REVALIDATED`”, or “`HIT`”.\n\n`$upstream_connect_time`\n\nkeeps time spent on establishing a connection with the upstream server (1.9.1); the time is kept in seconds with millisecond resolution. In case of SSL, includes time spent on handshake. Times of several connections are separated by commas and colons like addresses in the [$upstream\\_addr](https://nginx.org/en/docs/http/ngx_http_upstream_module.html#var_upstream_addr) variable.\n\n`$upstream_cookie_``_name_`\n\ncookie with the specified `_name_` sent by the upstream server in the “Set-Cookie” response header field (1.7.1). Only the cookies from the response of the last server are saved.\n\n`$upstream_header_time`\n\nkeeps time spent on receiving the response header from the upstream server (1.7.10); the time is kept in seconds with millisecond resolution. Times of several responses are separated by commas and colons like addresses in the [$upstream\\_addr](https://nginx.org/en/docs/http/ngx_http_upstream_module.html#var_upstream_addr) variable.\n\n`$upstream_http_``_name_`\n\nkeep server response header fields. For example, the “Server” response header field is available through the `$upstream_http_server` variable. The rules of converting header field names to variable names are the same as for the variables that start with the “[$http\\_](https://nginx.org/en/docs/http/ngx_http_core_module.html#var_http_)” prefix. Only the header fields from the response of the last server are saved.\n\n`$upstream_queue_time`\n\nkeeps time the request spent in the upstream [queue](https://nginx.org/en/docs/http/ngx_http_upstream_module.html#queue) (1.13.9); the time is kept in seconds with millisecond resolution. Times of several responses are separated by commas and colons like addresses in the [$upstream\\_addr](https://nginx.org/en/docs/http/ngx_http_upstream_module.html#var_upstream_addr) variable.\n\n`$upstream_response_length`\n\nkeeps the length of the response obtained from the upstream server (0.7.27); the length is kept in bytes. Lengths of several responses are separated by commas and colons like addresses in the [$upstream\\_addr](https://nginx.org/en/docs/http/ngx_http_upstream_module.html#var_upstream_addr) variable.\n\n`$upstream_response_time`\n\nkeeps time spent on receiving the response from the upstream server; the time is kept in seconds with millisecond resolution. Times of several responses are separated by commas and colons like addresses in the [$upstream\\_addr](https://nginx.org/en/docs/http/ngx_http_upstream_module.html#var_upstream_addr) variable.\n\n`$upstream_status`\n\nkeeps status code of the response obtained from the upstream server. Status codes of several responses are separated by commas and colons like addresses in the [$upstream\\_addr](https://nginx.org/en/docs/http/ngx_http_upstream_module.html#var_upstream_addr) variable. If a server cannot be selected, the variable keeps the 502 (Bad Gateway) status code.\n\n`$upstream_trailer_``_name_`\n\nkeeps fields from the end of the response obtained from the upstream server (1.13.10).\n", - "c": "`upstream`", - "s": "**sticky_cookie_insert** `_name_` [`expires=``_time_`] [`domain=``_domain_`] [`path=``_path_`];" - }, - { - "m": "ngx_http_upstream_module", - "n": "$upstream_addr", - "d": "keeps fields from the end of the response obtained from the upstream server (1.13.10)." - }, - { - "m": "ngx_http_upstream_module", - "n": "$upstream_bytes_received", - "d": "keeps fields from the end of the response obtained from the upstream server (1.13.10)." - }, - { - "m": "ngx_http_upstream_module", - "n": "$upstream_bytes_sent", - "d": "keeps fields from the end of the response obtained from the upstream server (1.13.10)." - }, - { - "m": "ngx_http_upstream_module", - "n": "$upstream_cache_status\n", - "d": "keeps fields from the end of the response obtained from the upstream server (1.13.10)." - }, - { - "m": "ngx_http_upstream_module", - "n": "$upstream_connect_time\n", - "d": "keeps fields from the end of the response obtained from the upstream server (1.13.10)." - }, - { - "m": "ngx_http_upstream_module", - "n": "$upstream_cookie_name\n", - "d": "keeps fields from the end of the response obtained from the upstream server (1.13.10)." - }, - { - "m": "ngx_http_upstream_module", - "n": "$upstream_header_time\n", - "d": "keeps fields from the end of the response obtained from the upstream server (1.13.10)." - }, - { - "m": "ngx_http_upstream_module", - "n": "$upstream_http_name", - "d": "keeps fields from the end of the response obtained from the upstream server (1.13.10)." - }, - { - "m": "ngx_http_upstream_module", - "n": "$upstream_queue_time", - "d": "keeps fields from the end of the response obtained from the upstream server (1.13.10)." - }, - { - "m": "ngx_http_upstream_module", - "n": "$upstream_response_length\n", - "d": "keeps fields from the end of the response obtained from the upstream server (1.13.10)." - }, - { - "m": "ngx_http_upstream_module", - "n": "$upstream_response_time\n", - "d": "keeps fields from the end of the response obtained from the upstream server (1.13.10)." - }, - { - "m": "ngx_http_upstream_module", - "n": "$upstream_status", - "d": "keeps fields from the end of the response obtained from the upstream server (1.13.10)." - }, - { - "m": "ngx_http_upstream_module", - "n": "$upstream_trailer_name", - "d": "keeps fields from the end of the response obtained from the upstream server (1.13.10)." - }, - { - "m": "ngx_http_upstream_conf_module", - "n": "upstream_conf", - "d": "Turns on the HTTP interface of upstream configuration in the surrounding location. Access to this location should be [limited](https://nginx.org/en/docs/http/ngx_http_core_module.html#satisfy).\nConfiguration commands can be used to:\n* view the group configuration;\n* view, modify, or remove a server;\n* add a new server.\n\nSince addresses in a group are not required to be unique, specific servers in a group are referenced by their IDs. IDs are assigned automatically and shown when adding a new server or viewing the group configuration.\n\nA configuration command consists of parameters passed as request arguments, for example:\n```\nhttp://127.0.0.1/upstream_conf?upstream=backend\n\n```\n\nThe following parameters are supported:\n`stream=`\n\nSelects a [stream](https://nginx.org/en/docs/stream/ngx_stream_upstream_module.html) upstream server group. Without this parameter, selects an [http](https://nginx.org/en/docs/http/ngx_http_upstream_module.html) upstream server group.\n\n`upstream=``_name_`\n\nSelects a group to work with. This parameter is mandatory.\n\n`id=``_number_`\n\nSelects a server for viewing, modifying, or removing.\n\n`remove=`\n\nRemoves a server from the group.\n\n`add=`\n\nAdds a new server to the group.\n\n`backup=`\n\nRequired to add a backup server.\n\n> Before version 1.7.2, `backup=` was also required to view, modify, or remove existing backup servers.\n\n`server=``_address_`\n\nSame as the “`address`” parameter of the [http](https://nginx.org/en/docs/http/ngx_http_upstream_module.html#server) or [stream](https://nginx.org/en/docs/stream/ngx_stream_upstream_module.html#server) upstream server.\n\nWhen adding a server, it is possible to specify it as a domain name. In this case, changes of the IP addresses that correspond to a domain name will be monitored and automatically applied to the upstream configuration without the need of restarting nginx (1.7.2). This requires the “`resolver`” directive in the [http](https://nginx.org/en/docs/http/ngx_http_core_module.html#resolver) or [stream](https://nginx.org/en/docs/stream/ngx_stream_core_module.html#resolver) block. See also the “`resolve`” parameter of the [http](https://nginx.org/en/docs/http/ngx_http_upstream_module.html#resolve) or [stream](https://nginx.org/en/docs/stream/ngx_stream_upstream_module.html#resolve) upstream server.\n\n`service=``_name_`\n\nSame as the “`service`” parameter of the [http](https://nginx.org/en/docs/http/ngx_http_upstream_module.html#service) or [stream](https://nginx.org/en/docs/stream/ngx_stream_upstream_module.html#service) upstream server (1.9.13).\n\n`weight=``_number_`\n\nSame as the “`weight`” parameter of the [http](https://nginx.org/en/docs/http/ngx_http_upstream_module.html#weight) or [stream](https://nginx.org/en/docs/stream/ngx_stream_upstream_module.html#weight) upstream server.\n\n`max_conns=``_number_`\n\nSame as the “`max_conns`” parameter of the [http](https://nginx.org/en/docs/http/ngx_http_upstream_module.html#max_conns) or [stream](https://nginx.org/en/docs/stream/ngx_stream_upstream_module.html#max_conns) upstream server.\n\n`max_fails=``_number_`\n\nSame as the “`max_fails`” parameter of the [http](https://nginx.org/en/docs/http/ngx_http_upstream_module.html#max_fails) or [stream](https://nginx.org/en/docs/stream/ngx_stream_upstream_module.html#max_fails) upstream server.\n\n`fail_timeout=``_time_`\n\nSame as the “`fail_timeout`” parameter of the [http](https://nginx.org/en/docs/http/ngx_http_upstream_module.html#fail_timeout) or [stream](https://nginx.org/en/docs/stream/ngx_stream_upstream_module.html#fail_timeout) upstream server.\n\n`slow_start=``_time_`\n\nSame as the “`slow_start`” parameter of the [http](https://nginx.org/en/docs/http/ngx_http_upstream_module.html#slow_start) or [stream](https://nginx.org/en/docs/stream/ngx_stream_upstream_module.html#slow_start) upstream server.\n\n`down=`\n\nSame as the “`down`” parameter of the [http](https://nginx.org/en/docs/http/ngx_http_upstream_module.html#down) or [stream](https://nginx.org/en/docs/stream/ngx_stream_upstream_module.html#down) upstream server.\n\n`drain=`\n\nPuts the [http](https://nginx.org/en/docs/http/ngx_http_upstream_module.html) upstream server into the “draining” mode (1.7.5). In this mode, only requests [bound](https://nginx.org/en/docs/http/ngx_http_upstream_module.html#sticky) to the server will be proxied to it.\n\n`up=`\n\nThe opposite of the “`down`” parameter of the [http](https://nginx.org/en/docs/http/ngx_http_upstream_module.html#down) or [stream](https://nginx.org/en/docs/stream/ngx_stream_upstream_module.html#down) upstream server.\n\n`route=``_string_`\n\nSame as the “`route`” parameter of the [http](https://nginx.org/en/docs/http/ngx_http_upstream_module.html#route) upstream server.\nThe first three parameters select an object. This can be either the whole http or stream upstream server group, or a specific server. Without other parameters, the configuration of the selected group or server is shown.\nFor example, to view the configuration of the whole group, send:\n```\nhttp://127.0.0.1/upstream_conf?upstream=backend\n\n```\nTo view the configuration of a specific server, also specify its ID:\n```\nhttp://127.0.0.1/upstream_conf?upstream=backend&id=42\n\n```\n\nTo add a new server, specify its address in the “`server=`” parameter. Without other parameters specified, a server will be added with other parameters set to their default values (see the [http](https://nginx.org/en/docs/http/ngx_http_upstream_module.html#server) or [stream](https://nginx.org/en/docs/stream/ngx_stream_upstream_module.html#server) “`server`” directive).\nFor example, to add a new primary server, send:\n```\nhttp://127.0.0.1/upstream_conf?add=&upstream=backend&server=127.0.0.1:8080\n\n```\nTo add a new backup server, send:\n```\nhttp://127.0.0.1/upstream_conf?add=&upstream=backend&backup=&server=127.0.0.1:8080\n\n```\nTo add a new primary server, set its parameters to non-default values and mark it as “`down`”, send:\n```\nhttp://127.0.0.1/upstream_conf?add=&upstream=backend&server=127.0.0.1:8080&weight=2&down=\n\n```\nTo remove a server, specify its ID:\n```\nhttp://127.0.0.1/upstream_conf?remove=&upstream=backend&id=42\n\n```\nTo mark an existing server as “`down`”, send:\n```\nhttp://127.0.0.1/upstream_conf?upstream=backend&id=42&down=\n\n```\nTo modify the address of an existing server, send:\n```\nhttp://127.0.0.1/upstream_conf?upstream=backend&id=42&server=192.0.2.3:8123\n\n```\nTo modify other parameters of an existing server, send:\n```\nhttp://127.0.0.1/upstream_conf?upstream=backend&id=42&max_fails=3&weight=4\n\n```\nThe above examples are for an [http](https://nginx.org/en/docs/http/ngx_http_upstream_module.html) upstream server group. Similar examples for a [stream](https://nginx.org/en/docs/stream/ngx_stream_upstream_module.html) upstream server group require the “`stream=`” parameter.", - "c": "`location`", - "s": "**upstream_conf**;" - }, - { - "m": "ngx_http_upstream_hc_module", - "n": "health_check", - "d": "Enables periodic health checks of the servers in a [group](https://nginx.org/en/docs/http/ngx_http_upstream_module.html#upstream) referenced in the surrounding location.\nThe following optional parameters are supported:\n`interval`\\=`_time_`\n\nsets the interval between two consecutive health checks, by default, 5 seconds.\n\n`jitter`\\=`_time_`\n\nsets the time within which each health check will be randomly delayed, by default, there is no delay.\n\n`fails`\\=`_number_`\n\nsets the number of consecutive failed health checks of a particular server after which this server will be considered unhealthy, by default, 1.\n\n`passes`\\=`_number_`\n\nsets the number of consecutive passed health checks of a particular server after which the server will be considered healthy, by default, 1.\n\n`uri`\\=`_uri_`\n\ndefines the URI used in health check requests, by default, “`/`”.\n\n`mandatory` \\[`persistent`\\]\n\nsets the initial “checking” state for a server until the first health check is completed (1.11.7). Client requests are not passed to servers in the “checking” state. If the parameter is not specified, the server will be initially considered healthy.\n\nThe `persistent` parameter (1.19.7) sets the initial “up” state for a server after reload if the server was considered healthy before reload.\n\n`match`\\=`_name_`\n\nspecifies the `match` block configuring the tests that a response should pass in order for a health check to pass. By default, the response should have status code 2xx or 3xx.\n\n`port`\\=`_number_`\n\ndefines the port used when connecting to a server to perform a health check (1.9.7). By default, equals the [server](https://nginx.org/en/docs/http/ngx_http_upstream_module.html#server) port.\n\n`type`\\=`grpc` \\[`grpc_service`\\=`_name_`\\] \\[`grpc_status`\\=`_code_`\\]\n\nenables periodic [health checks](https://github.com/grpc/grpc/blob/master/doc/health-checking.md#grpc-health-checking-protocol) of a gRPC server or a particular gRPC service specified with the optional `grpc_service` parameter (1.19.5). If the server does not support the gRPC Health Checking Protocol, the optional `grpc_status` parameter can be used to specify non-zero gRPC [status](https://github.com/grpc/grpc/blob/master/doc/statuscodes.md#status-codes-and-their-use-in-grpc) (for example, status code “`12`” / “`UNIMPLEMENTED`”) that will be treated as healthy:\n\n> health\\_check mandatory type=grpc grpc\\_status=12;\n\nThe `type`\\=`grpc` parameter must be specified after all other directive parameters, `grpc_service` and `grpc_status` must follow `type`\\=`grpc`. The parameter is not compatible with [`uri`](https://nginx.org/en/docs/http/ngx_http_upstream_hc_module.html#health_check_uri) or [`match`](https://nginx.org/en/docs/http/ngx_http_upstream_hc_module.html#health_check_match) parameters.\n\n`keepalive_time`\\=`_time_`\n\nenables [keepalive](https://nginx.org/en/docs/http/ngx_http_upstream_module.html#keepalive) connections for health checks and specifies the time during which requests can be processed through one keepalive connection (1.21.7). By default keepalive connections are disabled.\n", - "c": "`location`", - "s": "**health_check** [`_parameters_`];" - }, - { - "m": "ngx_http_upstream_hc_module", - "n": "match", - "d": "Defines the named test set used to verify responses to health check requests.\nThe following items can be tested in a response:\n`status 200;`\n\nstatus is 200\n\n`status ! 500;`\n\nstatus is not 500\n\n`status 200 204;`\n\nstatus is 200 or 204\n\n`status ! 301 302;`\n\nstatus is neither 301 nor 302\n\n`status 200-399;`\n\nstatus is in the range from 200 to 399\n\n`status ! 400-599;`\n\nstatus is not in the range from 400 to 599\n\n`status 301-303 307;`\n\nstatus is either 301, 302, 303, or 307\n\n`header Content-Type = text/html;`\n\nheader contains “Content-Type” with value `text/html`\n\n`header Content-Type != text/html;`\n\nheader contains “Content-Type” with value other than `text/html`\n\n`header Connection ~ close;`\n\nheader contains “Connection” with value matching regular expression `close`\n\n`header Connection !~ close;`\n\nheader contains “Connection” with value not matching regular expression `close`\n\n`header Host;`\n\nheader contains “Host”\n\n`header ! X-Accel-Redirect;`\n\nheader lacks “X-Accel-Redirect”\n\n`body ~ \"Welcome to nginx!\";`\n\nbody matches regular expression “`Welcome to nginx!`”\n\n`body !~ \"Welcome to nginx!\";`\n\nbody does not match regular expression “`Welcome to nginx!`”\n\n`require` `_$variable_` `...;`\n\nall specified variables are not empty and not equal to “0” (1.15.9).\n\nIf several tests are specified, the response matches only if it matches all tests.\nOnly the first 256k of the response body are examined.\n\nExamples:\n```\n# status is 200, content type is \"text/html\",\n# and body contains \"Welcome to nginx!\"\nmatch welcome {\n status 200;\n header Content-Type = text/html;\n body ~ \"Welcome to nginx!\";\n}\n\n```\n\n```\n# status is not one of 301, 302, 303, or 307, and header does not have \"Refresh:\"\nmatch not_redirect {\n status ! 301-303 307;\n header ! Refresh;\n}\n\n```\n\n```\n# status ok and not in maintenance mode\nmatch server_ok {\n status 200-399;\n body !~ \"maintenance mode\";\n}\n\n```\n\n```\n# status is 200 or 204\nmap $upstream_status $good_status {\n 200 1;\n 204 1;\n}\n\nmatch server_ok {\n require $good_status;\n}\n\n```\n", - "c": "`http`", - "s": "**match** `_name_` { ... }" - }, - { - "m": "ngx_http_userid_module", - "n": "userid", - "d": "Enables or disables setting cookies and logging the received cookies:\n`on`\n\nenables the setting of version 2 cookies and logging of the received cookies;\n\n`v1`\n\nenables the setting of version 1 cookies and logging of the received cookies;\n\n`log`\n\ndisables the setting of cookies, but enables logging of the received cookies;\n\n`off`\n\ndisables the setting of cookies and logging of the received cookies.\n", - "v": "userid off;", - "c": "`http`, `server`, `location`", - "s": "**userid** `on` | `v1` | `log` | `off`;" - }, - { - "m": "ngx_http_userid_module", - "n": "userid_domain", - "d": "Defines a domain for which the cookie is set. The `none` parameter disables setting of a domain for the cookie.", - "v": "userid\\_domain none;", - "c": "`http`, `server`, `location`", - "s": "**userid_domain** `_name_` | `none`;" - }, - { - "m": "ngx_http_userid_module", - "n": "userid_expires", - "d": "Sets a time during which a browser should keep the cookie. The parameter `max` will cause the cookie to expire on “`31 Dec 2037 23:55:55 GMT`”. The parameter `off` will cause the cookie to expire at the end of a browser session.", - "v": "userid\\_expires off;", - "c": "`http`, `server`, `location`", - "s": "**userid_expires** `_time_` | `max` | `off`;" - }, - { - "m": "ngx_http_userid_module", - "n": "userid_flags", - "d": "If the parameter is not `off`, defines one or more additional flags for the cookie: `secure`, `httponly`, `samesite=strict`, `samesite=lax`, `samesite=none`.", - "v": "userid\\_flags off;", - "c": "`http`, `server`, `location`", - "s": "**userid_flags** `off` | `_flag_` ...;" - }, - { - "m": "ngx_http_userid_module", - "n": "userid_mark", - "d": "If the parameter is not `off`, enables the cookie marking mechanism and sets the character used as a mark. This mechanism is used to add or change [userid\\_p3p](https://nginx.org/en/docs/http/ngx_http_userid_module.html#userid_p3p) and/or a cookie expiration time while preserving the client identifier. A mark can be any letter of the English alphabet (case-sensitive), digit, or the “`=`” character.\nIf the mark is set, it is compared with the first padding symbol in the base64 representation of the client identifier passed in a cookie. If they do not match, the cookie is resent with the specified mark, expiration time, and “P3P” header.", - "v": "userid\\_mark off;", - "c": "`http`, `server`, `location`", - "s": "**userid_mark** `_letter_` | `_digit_` | `=` | `off`;" - }, - { - "m": "ngx_http_userid_module", - "n": "userid_name", - "d": "Sets the cookie name.", - "v": "userid\\_name uid;", - "c": "`http`, `server`, `location`", - "s": "**userid_name** `_name_`;" - }, - { - "m": "ngx_http_userid_module", - "n": "userid_p3p", - "d": "Sets a value for the “P3P” header field that will be sent along with the cookie. If the directive is set to the special value `none`, the “P3P” header will not be sent in a response.", - "v": "userid\\_p3p none;", - "c": "`http`, `server`, `location`", - "s": "**userid_p3p** `_string_` | `none`;" - }, - { - "m": "ngx_http_userid_module", - "n": "userid_path", - "d": "Defines a path for which the cookie is set.", - "v": "userid\\_path /;", - "c": "`http`, `server`, `location`", - "s": "**userid_path** `_path_`;" - }, - { - "m": "ngx_http_userid_module", - "n": "userid_service", - "d": "If identifiers are issued by multiple servers (services), each service should be assigned its own `_number_` to ensure that client identifiers are unique. For version 1 cookies, the default value is zero. For version 2 cookies, the default value is the number composed from the last four octets of the server’s IP address.", - "v": "userid\\_service IP address of the server;", - "c": "`http`, `server`, `location`", - "s": "**userid_service** `_number_`;" - }, - { - "m": "ngx_http_userid_module", - "n": "variables", - "d": "#### Embedded Variables\nThe `ngx_http_userid_module` module supports the following embedded variables:\n`$uid_got`\n\nThe cookie name and received client identifier.\n\n`$uid_reset`\n\nIf the variable is set to a non-empty string that is not “`0`”, the client identifiers are reset. The special value “`log`” additionally leads to the output of messages about the reset identifiers to the [error\\_log](https://nginx.org/en/docs/ngx_core_module.html#error_log).\n\n`$uid_set`\n\nThe cookie name and sent client identifier.\n", - "v": "userid\\_service IP address of the server;", - "c": "`http`, `server`, `location`", - "s": "**userid_service** `_number_`;" - }, - { - "m": "ngx_http_userid_module", - "n": "$uid_got", - "d": "The cookie name and sent client identifier." - }, - { - "m": "ngx_http_userid_module", - "n": "$uid_reset", - "d": "The cookie name and sent client identifier." - }, - { - "m": "ngx_http_userid_module", - "n": "$uid_set", - "d": "The cookie name and sent client identifier." - }, - { - "m": "ngx_http_uwsgi_module", - "n": "uwsgi_bind", - "d": "Makes outgoing connections to a uwsgi server originate from the specified local IP address with an optional port (1.11.2). Parameter value can contain variables (1.3.12). The special value `off` (1.3.12) cancels the effect of the `uwsgi_bind` directive inherited from the previous configuration level, which allows the system to auto-assign the local IP address and port.", - "c": "`http`, `server`, `location`", - "s": "**uwsgi_bind** `_address_` [`transparent`] | `off`;" - }, - { - "m": "ngx_http_uwsgi_module", - "n": "uwsgi_bind_transparent", - "d": "The `transparent` parameter (1.11.0) allows outgoing connections to a uwsgi server originate from a non-local IP address, for example, from a real IP address of a client:\n```\nuwsgi_bind $remote_addr transparent;\n\n```\nIn order for this parameter to work, it is usually necessary to run nginx worker processes with the [superuser](https://nginx.org/en/docs/ngx_core_module.html#user) privileges. On Linux it is not required (1.13.8) as if the `transparent` parameter is specified, worker processes inherit the `CAP_NET_RAW` capability from the master process. It is also necessary to configure kernel routing table to intercept network traffic from the uwsgi server.", - "c": "`http`, `server`, `location`", - "s": "**uwsgi_bind** `_address_` [`transparent`] | `off`;" - }, - { - "m": "ngx_http_uwsgi_module", - "n": "uwsgi_buffer_size", - "d": "Sets the `_size_` of the buffer used for reading the first part of the response received from the uwsgi server. This part usually contains a small response header. By default, the buffer size is equal to one memory page. This is either 4K or 8K, depending on a platform. It can be made smaller, however.", - "v": "uwsgi\\_buffer\\_size 4k|8k;", - "c": "`http`, `server`, `location`", - "s": "**uwsgi_buffer_size** `_size_`;" - }, - { - "m": "ngx_http_uwsgi_module", - "n": "uwsgi_buffering", - "d": "Enables or disables buffering of responses from the uwsgi server.\nWhen buffering is enabled, nginx receives a response from the uwsgi server as soon as possible, saving it into the buffers set by the [uwsgi\\_buffer\\_size](https://nginx.org/en/docs/http/ngx_http_uwsgi_module.html#uwsgi_buffer_size) and [uwsgi\\_buffers](https://nginx.org/en/docs/http/ngx_http_uwsgi_module.html#uwsgi_buffers) directives. If the whole response does not fit into memory, a part of it can be saved to a [temporary file](https://nginx.org/en/docs/http/ngx_http_uwsgi_module.html#uwsgi_temp_path) on the disk. Writing to temporary files is controlled by the [uwsgi\\_max\\_temp\\_file\\_size](https://nginx.org/en/docs/http/ngx_http_uwsgi_module.html#uwsgi_max_temp_file_size) and [uwsgi\\_temp\\_file\\_write\\_size](https://nginx.org/en/docs/http/ngx_http_uwsgi_module.html#uwsgi_temp_file_write_size) directives.\nWhen buffering is disabled, the response is passed to a client synchronously, immediately as it is received. nginx will not try to read the whole response from the uwsgi server. The maximum size of the data that nginx can receive from the server at a time is set by the [uwsgi\\_buffer\\_size](https://nginx.org/en/docs/http/ngx_http_uwsgi_module.html#uwsgi_buffer_size) directive.\nBuffering can also be enabled or disabled by passing “`yes`” or “`no`” in the “X-Accel-Buffering” response header field. This capability can be disabled using the [uwsgi\\_ignore\\_headers](https://nginx.org/en/docs/http/ngx_http_uwsgi_module.html#uwsgi_ignore_headers) directive.", - "v": "uwsgi\\_buffering on;", - "c": "`http`, `server`, `location`", - "s": "**uwsgi_buffering** `on` | `off`;" - }, - { - "m": "ngx_http_uwsgi_module", - "n": "uwsgi_buffers", - "d": "Sets the `_number_` and `_size_` of the buffers used for reading a response from the uwsgi server, for a single connection. By default, the buffer size is equal to one memory page. This is either 4K or 8K, depending on a platform.", - "v": "uwsgi\\_buffers 8 4k|8k;", - "c": "`http`, `server`, `location`", - "s": "**uwsgi_buffers** `_number_` `_size_`;" - }, - { - "m": "ngx_http_uwsgi_module", - "n": "uwsgi_busy_buffers_size", - "d": "When [buffering](https://nginx.org/en/docs/http/ngx_http_uwsgi_module.html#uwsgi_buffering) of responses from the uwsgi server is enabled, limits the total `_size_` of buffers that can be busy sending a response to the client while the response is not yet fully read. In the meantime, the rest of the buffers can be used for reading the response and, if needed, buffering part of the response to a temporary file. By default, `_size_` is limited by the size of two buffers set by the [uwsgi\\_buffer\\_size](https://nginx.org/en/docs/http/ngx_http_uwsgi_module.html#uwsgi_buffer_size) and [uwsgi\\_buffers](https://nginx.org/en/docs/http/ngx_http_uwsgi_module.html#uwsgi_buffers) directives.", - "v": "uwsgi\\_busy\\_buffers\\_size 8k|16k;", - "c": "`http`, `server`, `location`", - "s": "**uwsgi_busy_buffers_size** `_size_`;" - }, - { - "m": "ngx_http_uwsgi_module", - "n": "uwsgi_cache", - "d": "Defines a shared memory zone used for caching. The same zone can be used in several places. Parameter value can contain variables (1.7.9). The `off` parameter disables caching inherited from the previous configuration level.", - "v": "uwsgi\\_cache off;", - "c": "`http`, `server`, `location`", - "s": "**uwsgi_cache** `_zone_` | `off`;" - }, - { - "m": "ngx_http_uwsgi_module", - "n": "uwsgi_cache_background_update", - "d": "Allows starting a background subrequest to update an expired cache item, while a stale cached response is returned to the client. Note that it is necessary to [allow](https://nginx.org/en/docs/http/ngx_http_uwsgi_module.html#uwsgi_cache_use_stale_updating) the usage of a stale cached response when it is being updated.", - "v": "uwsgi\\_cache\\_background\\_update off;", - "c": "`http`, `server`, `location`", - "s": "**uwsgi_cache_background_update** `on` | `off`;" - }, - { - "m": "ngx_http_uwsgi_module", - "n": "uwsgi_cache_bypass", - "d": "Defines conditions under which the response will not be taken from a cache. If at least one value of the string parameters is not empty and is not equal to “0” then the response will not be taken from the cache:\n```\nuwsgi_cache_bypass $cookie_nocache $arg_nocache$arg_comment;\nuwsgi_cache_bypass $http_pragma $http_authorization;\n\n```\nCan be used along with the [uwsgi\\_no\\_cache](https://nginx.org/en/docs/http/ngx_http_uwsgi_module.html#uwsgi_no_cache) directive.", - "c": "`http`, `server`, `location`", - "s": "**uwsgi_cache_bypass** `_string_` ...;" - }, - { - "m": "ngx_http_uwsgi_module", - "n": "uwsgi_cache_key", - "d": "Defines a key for caching, for example\n```\nuwsgi_cache_key localhost:9000$request_uri;\n\n```\n", - "c": "`http`, `server`, `location`", - "s": "**uwsgi_cache_key** `_string_`;" - }, - { - "m": "ngx_http_uwsgi_module", - "n": "uwsgi_cache_lock", - "d": "When enabled, only one request at a time will be allowed to populate a new cache element identified according to the [uwsgi\\_cache\\_key](https://nginx.org/en/docs/http/ngx_http_uwsgi_module.html#uwsgi_cache_key) directive by passing a request to a uwsgi server. Other requests of the same cache element will either wait for a response to appear in the cache or the cache lock for this element to be released, up to the time set by the [uwsgi\\_cache\\_lock\\_timeout](https://nginx.org/en/docs/http/ngx_http_uwsgi_module.html#uwsgi_cache_lock_timeout) directive.", - "v": "uwsgi\\_cache\\_lock off;", - "c": "`http`, `server`, `location`", - "s": "**uwsgi_cache_lock** `on` | `off`;" - }, - { - "m": "ngx_http_uwsgi_module", - "n": "uwsgi_cache_lock_age", - "d": "If the last request passed to the uwsgi server for populating a new cache element has not completed for the specified `_time_`, one more request may be passed to the uwsgi server.", - "v": "uwsgi\\_cache\\_lock\\_age 5s;", - "c": "`http`, `server`, `location`", - "s": "**uwsgi_cache_lock_age** `_time_`;" - }, - { - "m": "ngx_http_uwsgi_module", - "n": "uwsgi_cache_lock_timeout", - "d": "Sets a timeout for [uwsgi\\_cache\\_lock](https://nginx.org/en/docs/http/ngx_http_uwsgi_module.html#uwsgi_cache_lock). When the `_time_` expires, the request will be passed to the uwsgi server, however, the response will not be cached.\nBefore 1.7.8, the response could be cached.\n", - "v": "uwsgi\\_cache\\_lock\\_timeout 5s;", - "c": "`http`, `server`, `location`", - "s": "**uwsgi_cache_lock_timeout** `_time_`;" - }, - { - "m": "ngx_http_uwsgi_module", - "n": "uwsgi_cache_max_range_offset", - "d": "Sets an offset in bytes for byte-range requests. If the range is beyond the offset, the range request will be passed to the uwsgi server and the response will not be cached.", - "c": "`http`, `server`, `location`", - "s": "**uwsgi_cache_max_range_offset** `_number_`;" - }, - { - "m": "ngx_http_uwsgi_module", - "n": "uwsgi_cache_methods", - "d": "If the client request method is listed in this directive then the response will be cached. “`GET`” and “`HEAD`” methods are always added to the list, though it is recommended to specify them explicitly. See also the [uwsgi\\_no\\_cache](https://nginx.org/en/docs/http/ngx_http_uwsgi_module.html#uwsgi_no_cache) directive.", - "v": "uwsgi\\_cache\\_methods GET HEAD;", - "c": "`http`, `server`, `location`", - "s": "**uwsgi_cache_methods** `GET` | `HEAD` | `POST` ...;" - }, - { - "m": "ngx_http_uwsgi_module", - "n": "uwsgi_cache_min_uses", - "d": "Sets the `_number_` of requests after which the response will be cached.", - "v": "uwsgi\\_cache\\_min\\_uses 1;", - "c": "`http`, `server`, `location`", - "s": "**uwsgi_cache_min_uses** `_number_`;" - }, - { - "m": "ngx_http_uwsgi_module", - "n": "uwsgi_cache_path", - "d": "Sets the path and other parameters of a cache. Cache data are stored in files. The file name in a cache is a result of applying the MD5 function to the [cache key](https://nginx.org/en/docs/http/ngx_http_uwsgi_module.html#uwsgi_cache_key). The `levels` parameter defines hierarchy levels of a cache: from 1 to 3, each level accepts values 1 or 2. For example, in the following configuration\n```\nuwsgi_cache_path /data/nginx/cache levels=1:2 keys_zone=one:10m;\n\n```\nfile names in a cache will look like this:\n```\n/data/nginx/cache/c/29/b7f54b2df7773722d382f4809d65029c\n\n```\n\nA cached response is first written to a temporary file, and then the file is renamed. Starting from version 0.8.9, temporary files and the cache can be put on different file systems. However, be aware that in this case a file is copied across two file systems instead of the cheap renaming operation. It is thus recommended that for any given location both cache and a directory holding temporary files are put on the same file system. A directory for temporary files is set based on the `use_temp_path` parameter (1.7.10). If this parameter is omitted or set to the value `on`, the directory set by the [uwsgi\\_temp\\_path](https://nginx.org/en/docs/http/ngx_http_uwsgi_module.html#uwsgi_temp_path) directive for the given location will be used. If the value is set to `off`, temporary files will be put directly in the cache directory.\nIn addition, all active keys and information about data are stored in a shared memory zone, whose `_name_` and `_size_` are configured by the `keys_zone` parameter. One megabyte zone can store about 8 thousand keys.\nAs part of [commercial subscription](http://nginx.com/products/), the shared memory zone also stores extended cache [information](https://nginx.org/en/docs/http/ngx_http_api_module.html#http_caches_), thus, it is required to specify a larger zone size for the same number of keys. For example, one megabyte zone can store about 4 thousand keys.\n\nCached data that are not accessed during the time specified by the `inactive` parameter get removed from the cache regardless of their freshness. By default, `inactive` is set to 10 minutes.", - "c": "`http`", - "s": "**uwsgi_cache_path** `_path_` [`levels`=`_levels_`] [`use_temp_path`=`on`|`off`] `keys_zone`=`_name_`:`_size_` [`inactive`=`_time_`] [`max_size`=`_size_`] [`min_free`=`_size_`] [`manager_files`=`_number_`] [`manager_sleep`=`_time_`] [`manager_threshold`=`_time_`] [`loader_files`=`_number_`] [`loader_sleep`=`_time_`] [`loader_threshold`=`_time_`] [`purger`=`on`|`off`] [`purger_files`=`_number_`] [`purger_sleep`=`_time_`] [`purger_threshold`=`_time_`];" - }, - { - "m": "ngx_http_uwsgi_module", - "n": "uwsgi_cache_path_max_size", - "d": "The special “cache manager” process monitors the maximum cache size set by the `max_size` parameter, and the minimum amount of free space set by the `min_free` (1.19.1) parameter on the file system with cache. When the size is exceeded or there is not enough free space, it removes the least recently used data. The data is removed in iterations configured by `manager_files`, `manager_threshold`, and `manager_sleep` parameters (1.11.5). During one iteration no more than `manager_files` items are deleted (by default, 100). The duration of one iteration is limited by the `manager_threshold` parameter (by default, 200 milliseconds). Between iterations, a pause configured by the `manager_sleep` parameter (by default, 50 milliseconds) is made.\nA minute after the start the special “cache loader” process is activated. It loads information about previously cached data stored on file system into a cache zone. The loading is also done in iterations. During one iteration no more than `loader_files` items are loaded (by default, 100). Besides, the duration of one iteration is limited by the `loader_threshold` parameter (by default, 200 milliseconds). Between iterations, a pause configured by the `loader_sleep` parameter (by default, 50 milliseconds) is made.\nAdditionally, the following parameters are available as part of our [commercial subscription](http://nginx.com/products/):\n\n`purger`\\=`on`|`off`\n\nInstructs whether cache entries that match a [wildcard key](https://nginx.org/en/docs/http/ngx_http_uwsgi_module.html#uwsgi_cache_purge) will be removed from the disk by the cache purger (1.7.12). Setting the parameter to `on` (default is `off`) will activate the “cache purger” process that permanently iterates through all cache entries and deletes the entries that match the wildcard key.\n\n`purger_files`\\=`_number_`\n\nSets the number of items that will be scanned during one iteration (1.7.12). By default, `purger_files` is set to 10.\n\n`purger_threshold`\\=`_number_`\n\nSets the duration of one iteration (1.7.12). By default, `purger_threshold` is set to 50 milliseconds.\n\n`purger_sleep`\\=`_number_`\n\nSets a pause between iterations (1.7.12). By default, `purger_sleep` is set to 50 milliseconds.\n\n\nIn versions 1.7.3, 1.7.7, and 1.11.10 cache header format has been changed. Previously cached responses will be considered invalid after upgrading to a newer nginx version.\n", - "c": "`http`", - "s": "**uwsgi_cache_path** `_path_` [`levels`=`_levels_`] [`use_temp_path`=`on`|`off`] `keys_zone`=`_name_`:`_size_` [`inactive`=`_time_`] [`max_size`=`_size_`] [`min_free`=`_size_`] [`manager_files`=`_number_`] [`manager_sleep`=`_time_`] [`manager_threshold`=`_time_`] [`loader_files`=`_number_`] [`loader_sleep`=`_time_`] [`loader_threshold`=`_time_`] [`purger`=`on`|`off`] [`purger_files`=`_number_`] [`purger_sleep`=`_time_`] [`purger_threshold`=`_time_`];" - }, - { - "m": "ngx_http_uwsgi_module", - "n": "uwsgi_cache_purge", - "d": "Defines conditions under which the request will be considered a cache purge request. If at least one value of the string parameters is not empty and is not equal to “0” then the cache entry with a corresponding [cache key](https://nginx.org/en/docs/http/ngx_http_uwsgi_module.html#uwsgi_cache_key) is removed. The result of successful operation is indicated by returning the 204 (No Content) response.\nIf the [cache key](https://nginx.org/en/docs/http/ngx_http_uwsgi_module.html#uwsgi_cache_key) of a purge request ends with an asterisk (“`*`”), all cache entries matching the wildcard key will be removed from the cache. However, these entries will remain on the disk until they are deleted for either [inactivity](https://nginx.org/en/docs/http/ngx_http_uwsgi_module.html#uwsgi_cache_path), or processed by the [cache purger](https://nginx.org/en/docs/http/ngx_http_uwsgi_module.html#purger) (1.7.12), or a client attempts to access them.\nExample configuration:\n```\nuwsgi_cache_path /data/nginx/cache keys_zone=cache_zone:10m;\n\nmap $request_method $purge_method {\n PURGE 1;\n default 0;\n}\n\nserver {\n ...\n location / {\n uwsgi_pass backend;\n uwsgi_cache cache_zone;\n uwsgi_cache_key $uri;\n uwsgi_cache_purge $purge_method;\n }\n}\n\n```\n\nThis functionality is available as part of our [commercial subscription](http://nginx.com/products/).\n", - "c": "`http`, `server`, `location`", - "s": "**uwsgi_cache_purge** string ...;" - }, - { - "m": "ngx_http_uwsgi_module", - "n": "uwsgi_cache_revalidate", - "d": "Enables revalidation of expired cache items using conditional requests with the “If-Modified-Since” and “If-None-Match” header fields.", - "v": "uwsgi\\_cache\\_revalidate off;", - "c": "`http`, `server`, `location`", - "s": "**uwsgi_cache_revalidate** `on` | `off`;" - }, - { - "m": "ngx_http_uwsgi_module", - "n": "uwsgi_cache_use_stale", - "d": "Determines in which cases a stale cached response can be used when an error occurs during communication with the uwsgi server. The directive’s parameters match the parameters of the [uwsgi\\_next\\_upstream](https://nginx.org/en/docs/http/ngx_http_uwsgi_module.html#uwsgi_next_upstream) directive.\nThe `error` parameter also permits using a stale cached response if a uwsgi server to process a request cannot be selected.", - "v": "uwsgi\\_cache\\_use\\_stale off;", - "c": "`http`, `server`, `location`", - "s": "**uwsgi_cache_use_stale** `error` | `timeout` | `invalid_header` | `updating` | `http_500` | `http_503` | `http_403` | `http_404` | `http_429` | `off` ...;" - }, - { - "m": "ngx_http_uwsgi_module", - "n": "uwsgi_cache_use_stale_updating", - "d": "Additionally, the `updating` parameter permits using a stale cached response if it is currently being updated. This allows minimizing the number of accesses to uwsgi servers when updating cached data.\nUsing a stale cached response can also be enabled directly in the response header for a specified number of seconds after the response became stale (1.11.10). This has lower priority than using the directive parameters.\n* The “[stale-while-revalidate](https://datatracker.ietf.org/doc/html/rfc5861#section-3)” extension of the “Cache-Control” header field permits using a stale cached response if it is currently being updated.\n* The “[stale-if-error](https://datatracker.ietf.org/doc/html/rfc5861#section-4)” extension of the “Cache-Control” header field permits using a stale cached response in case of an error.\n\nTo minimize the number of accesses to uwsgi servers when populating a new cache element, the [uwsgi\\_cache\\_lock](https://nginx.org/en/docs/http/ngx_http_uwsgi_module.html#uwsgi_cache_lock) directive can be used.", - "v": "uwsgi\\_cache\\_use\\_stale off;", - "c": "`http`, `server`, `location`", - "s": "**uwsgi_cache_use_stale** `error` | `timeout` | `invalid_header` | `updating` | `http_500` | `http_503` | `http_403` | `http_404` | `http_429` | `off` ...;" - }, - { - "m": "ngx_http_uwsgi_module", - "n": "uwsgi_cache_valid", - "d": "Sets caching time for different response codes. For example, the following directives\n```\nuwsgi_cache_valid 200 302 10m;\nuwsgi_cache_valid 404 1m;\n\n```\nset 10 minutes of caching for responses with codes 200 and 302 and 1 minute for responses with code 404.\nIf only caching `_time_` is specified\n```\nuwsgi_cache_valid 5m;\n\n```\nthen only 200, 301, and 302 responses are cached.\nIn addition, the `any` parameter can be specified to cache any responses:\n```\nuwsgi_cache_valid 200 302 10m;\nuwsgi_cache_valid 301 1h;\nuwsgi_cache_valid any 1m;\n\n```\n\nParameters of caching can also be set directly in the response header. This has higher priority than setting of caching time using the directive.\n* The “X-Accel-Expires” header field sets caching time of a response in seconds. The zero value disables caching for a response. If the value starts with the `@` prefix, it sets an absolute time in seconds since Epoch, up to which the response may be cached.\n* If the header does not include the “X-Accel-Expires” field, parameters of caching may be set in the header fields “Expires” or “Cache-Control”.\n* If the header includes the “Set-Cookie” field, such a response will not be cached.\n* If the header includes the “Vary” field with the special value “`*`”, such a response will not be cached (1.7.7). If the header includes the “Vary” field with another value, such a response will be cached taking into account the corresponding request header fields (1.7.7).\nProcessing of one or more of these response header fields can be disabled using the [uwsgi\\_ignore\\_headers](https://nginx.org/en/docs/http/ngx_http_uwsgi_module.html#uwsgi_ignore_headers) directive.", - "c": "`http`, `server`, `location`", - "s": "**uwsgi_cache_valid** [`_code_` ...] `_time_`;" - }, - { - "m": "ngx_http_uwsgi_module", - "n": "uwsgi_connect_timeout", - "d": "Defines a timeout for establishing a connection with a uwsgi server. It should be noted that this timeout cannot usually exceed 75 seconds.", - "v": "uwsgi\\_connect\\_timeout 60s;", - "c": "`http`, `server`, `location`", - "s": "**uwsgi_connect_timeout** `_time_`;" - }, - { - "m": "ngx_http_uwsgi_module", - "n": "uwsgi_force_ranges", - "d": "Enables byte-range support for both cached and uncached responses from the uwsgi server regardless of the “Accept-Ranges” field in these responses.", - "v": "uwsgi\\_force\\_ranges off;", - "c": "`http`, `server`, `location`", - "s": "**uwsgi_force_ranges** `on` | `off`;" - }, - { - "m": "ngx_http_uwsgi_module", - "n": "uwsgi_hide_header", - "d": "By default, nginx does not pass the header fields “Status” and “X-Accel-...” from the response of a uwsgi server to a client. The `uwsgi_hide_header` directive sets additional fields that will not be passed. If, on the contrary, the passing of fields needs to be permitted, the [uwsgi\\_pass\\_header](https://nginx.org/en/docs/http/ngx_http_uwsgi_module.html#uwsgi_pass_header) directive can be used.", - "c": "`http`, `server`, `location`", - "s": "**uwsgi_hide_header** `_field_`;" - }, - { - "m": "ngx_http_uwsgi_module", - "n": "uwsgi_ignore_client_abort", - "d": "Determines whether the connection with a uwsgi server should be closed when a client closes the connection without waiting for a response.", - "v": "uwsgi\\_ignore\\_client\\_abort off;", - "c": "`http`, `server`, `location`", - "s": "**uwsgi_ignore_client_abort** `on` | `off`;" - }, - { - "m": "ngx_http_uwsgi_module", - "n": "uwsgi_ignore_headers", - "d": "Disables processing of certain response header fields from the uwsgi server. The following fields can be ignored: “X-Accel-Redirect”, “X-Accel-Expires”, “X-Accel-Limit-Rate” (1.1.6), “X-Accel-Buffering” (1.1.6), “X-Accel-Charset” (1.1.6), “Expires”, “Cache-Control”, “Set-Cookie” (0.8.44), and “Vary” (1.7.7).\nIf not disabled, processing of these header fields has the following effect:\n* “X-Accel-Expires”, “Expires”, “Cache-Control”, “Set-Cookie”, and “Vary” set the parameters of response [caching](https://nginx.org/en/docs/http/ngx_http_uwsgi_module.html#uwsgi_cache_valid);\n* “X-Accel-Redirect” performs an [internal redirect](https://nginx.org/en/docs/http/ngx_http_core_module.html#internal) to the specified URI;\n* “X-Accel-Limit-Rate” sets the [rate limit](https://nginx.org/en/docs/http/ngx_http_core_module.html#limit_rate) for transmission of a response to a client;\n* “X-Accel-Buffering” enables or disables [buffering](https://nginx.org/en/docs/http/ngx_http_uwsgi_module.html#uwsgi_buffering) of a response;\n* “X-Accel-Charset” sets the desired [charset](https://nginx.org/en/docs/http/ngx_http_charset_module.html#charset) of a response.\n", - "c": "`http`, `server`, `location`", - "s": "**uwsgi_ignore_headers** `_field_` ...;" - }, - { - "m": "ngx_http_uwsgi_module", - "n": "uwsgi_intercept_errors", - "d": "Determines whether a uwsgi server responses with codes greater than or equal to 300 should be passed to a client or be intercepted and redirected to nginx for processing with the [error\\_page](https://nginx.org/en/docs/http/ngx_http_core_module.html#error_page) directive.", - "v": "uwsgi\\_intercept\\_errors off;", - "c": "`http`, `server`, `location`", - "s": "**uwsgi_intercept_errors** `on` | `off`;" - }, - { - "m": "ngx_http_uwsgi_module", - "n": "uwsgi_limit_rate", - "d": "Limits the speed of reading the response from the uwsgi server. The `_rate_` is specified in bytes per second. The zero value disables rate limiting. The limit is set per a request, and so if nginx simultaneously opens two connections to the uwsgi server, the overall rate will be twice as much as the specified limit. The limitation works only if [buffering](https://nginx.org/en/docs/http/ngx_http_uwsgi_module.html#uwsgi_buffering) of responses from the uwsgi server is enabled.", - "v": "uwsgi\\_limit\\_rate 0;", - "c": "`http`, `server`, `location`", - "s": "**uwsgi_limit_rate** `_rate_`;" - }, - { - "m": "ngx_http_uwsgi_module", - "n": "uwsgi_max_temp_file_size", - "d": "When [buffering](https://nginx.org/en/docs/http/ngx_http_uwsgi_module.html#uwsgi_buffering) of responses from the uwsgi server is enabled, and the whole response does not fit into the buffers set by the [uwsgi\\_buffer\\_size](https://nginx.org/en/docs/http/ngx_http_uwsgi_module.html#uwsgi_buffer_size) and [uwsgi\\_buffers](https://nginx.org/en/docs/http/ngx_http_uwsgi_module.html#uwsgi_buffers) directives, a part of the response can be saved to a temporary file. This directive sets the maximum `_size_` of the temporary file. The size of data written to the temporary file at a time is set by the [uwsgi\\_temp\\_file\\_write\\_size](https://nginx.org/en/docs/http/ngx_http_uwsgi_module.html#uwsgi_temp_file_write_size) directive.\nThe zero value disables buffering of responses to temporary files.\n\nThis restriction does not apply to responses that will be [cached](https://nginx.org/en/docs/http/ngx_http_uwsgi_module.html#uwsgi_cache) or [stored](https://nginx.org/en/docs/http/ngx_http_uwsgi_module.html#uwsgi_store) on disk.\n", - "v": "uwsgi\\_max\\_temp\\_file\\_size 1024m;", - "c": "`http`, `server`, `location`", - "s": "**uwsgi_max_temp_file_size** `_size_`;" - }, - { - "m": "ngx_http_uwsgi_module", - "n": "uwsgi_modifier1", - "d": "Sets the value of the `modifier1` field in the [uwsgi packet header](http://uwsgi-docs.readthedocs.org/en/latest/Protocol.html#uwsgi-packet-header).", - "v": "uwsgi\\_modifier1 0;", - "c": "`http`, `server`, `location`", - "s": "**uwsgi_modifier1** `_number_`;" - }, - { - "m": "ngx_http_uwsgi_module", - "n": "uwsgi_modifier2", - "d": "Sets the value of the `modifier2` field in the [uwsgi packet header](http://uwsgi-docs.readthedocs.org/en/latest/Protocol.html#uwsgi-packet-header).", - "v": "uwsgi\\_modifier2 0;", - "c": "`http`, `server`, `location`", - "s": "**uwsgi_modifier2** `_number_`;" - }, - { - "m": "ngx_http_uwsgi_module", - "n": "uwsgi_next_upstream", - "d": "Specifies in which cases a request should be passed to the next server:\n`error`\n\nan error occurred while establishing a connection with the server, passing a request to it, or reading the response header;\n\n`timeout`\n\na timeout has occurred while establishing a connection with the server, passing a request to it, or reading the response header;\n\n`invalid_header`\n\na server returned an empty or invalid response;\n\n`http_500`\n\na server returned a response with the code 500;\n\n`http_503`\n\na server returned a response with the code 503;\n\n`http_403`\n\na server returned a response with the code 403;\n\n`http_404`\n\na server returned a response with the code 404;\n\n`http_429`\n\na server returned a response with the code 429 (1.11.13);\n\n`non_idempotent`\n\nnormally, requests with a [non-idempotent](https://datatracker.ietf.org/doc/html/rfc7231#section-4.2.2) method (`POST`, `LOCK`, `PATCH`) are not passed to the next server if a request has been sent to an upstream server (1.9.13); enabling this option explicitly allows retrying such requests;\n\n`off`\n\ndisables passing a request to the next server.\n\nOne should bear in mind that passing a request to the next server is only possible if nothing has been sent to a client yet. That is, if an error or timeout occurs in the middle of the transferring of a response, fixing this is impossible.\nThe directive also defines what is considered an [unsuccessful attempt](https://nginx.org/en/docs/http/ngx_http_upstream_module.html#max_fails) of communication with a server. The cases of `error`, `timeout` and `invalid_header` are always considered unsuccessful attempts, even if they are not specified in the directive. The cases of `http_500`, `http_503`, and `http_429` are considered unsuccessful attempts only if they are specified in the directive. The cases of `http_403` and `http_404` are never considered unsuccessful attempts.\nPassing a request to the next server can be limited by [the number of tries](https://nginx.org/en/docs/http/ngx_http_uwsgi_module.html#uwsgi_next_upstream_tries) and by [time](https://nginx.org/en/docs/http/ngx_http_uwsgi_module.html#uwsgi_next_upstream_timeout).", - "v": "uwsgi\\_next\\_upstream error timeout;", - "c": "`http`, `server`, `location`", - "s": "**uwsgi_next_upstream** `error` | `timeout` | `invalid_header` | `http_500` | `http_503` | `http_403` | `http_404` | `http_429` | `non_idempotent` | `off` ...;" - }, - { - "m": "ngx_http_uwsgi_module", - "n": "uwsgi_next_upstream_timeout", - "d": "Limits the time during which a request can be passed to the [next server](https://nginx.org/en/docs/http/ngx_http_uwsgi_module.html#uwsgi_next_upstream). The `0` value turns off this limitation.", - "v": "uwsgi\\_next\\_upstream\\_timeout 0;", - "c": "`http`, `server`, `location`", - "s": "**uwsgi_next_upstream_timeout** `_time_`;" - }, - { - "m": "ngx_http_uwsgi_module", - "n": "uwsgi_next_upstream_tries", - "d": "Limits the number of possible tries for passing a request to the [next server](https://nginx.org/en/docs/http/ngx_http_uwsgi_module.html#uwsgi_next_upstream). The `0` value turns off this limitation.", - "v": "uwsgi\\_next\\_upstream\\_tries 0;", - "c": "`http`, `server`, `location`", - "s": "**uwsgi_next_upstream_tries** `_number_`;" - }, - { - "m": "ngx_http_uwsgi_module", - "n": "uwsgi_no_cache", - "d": "Defines conditions under which the response will not be saved to a cache. If at least one value of the string parameters is not empty and is not equal to “0” then the response will not be saved:\n```\nuwsgi_no_cache $cookie_nocache $arg_nocache$arg_comment;\nuwsgi_no_cache $http_pragma $http_authorization;\n\n```\nCan be used along with the [uwsgi\\_cache\\_bypass](https://nginx.org/en/docs/http/ngx_http_uwsgi_module.html#uwsgi_cache_bypass) directive.", - "c": "`http`, `server`, `location`", - "s": "**uwsgi_no_cache** `_string_` ...;" - }, - { - "m": "ngx_http_uwsgi_module", - "n": "uwsgi_param", - "d": "Sets a `_parameter_` that should be passed to the uwsgi server. The `_value_` can contain text, variables, and their combination. These directives are inherited from the previous configuration level if and only if there are no `uwsgi_param` directives defined on the current level.\nStandard [CGI environment variables](https://datatracker.ietf.org/doc/html/rfc3875#section-4.1) should be provided as uwsgi headers, see the `uwsgi_params` file provided in the distribution:\n```\nlocation / {\n include uwsgi_params;\n ...\n}\n\n```\n\nIf the directive is specified with `if_not_empty` (1.1.11) then such a parameter will be passed to the server only if its value is not empty:\n```\nuwsgi_param HTTPS $https if_not_empty;\n\n```\n", - "c": "`http`, `server`, `location`", - "s": "**uwsgi_param** `_parameter_` `_value_` [`if_not_empty`];" - }, - { - "m": "ngx_http_uwsgi_module", - "n": "uwsgi_pass", - "d": "Sets the protocol and address of a uwsgi server. As a `_protocol_`, “`uwsgi`” or “`suwsgi`” (secured uwsgi, uwsgi over SSL) can be specified. The address can be specified as a domain name or IP address, and a port:\n```\nuwsgi_pass localhost:9000;\nuwsgi_pass uwsgi://localhost:9000;\nuwsgi_pass suwsgi://[2001:db8::1]:9090;\n\n```\nor as a UNIX-domain socket path:\n```\nuwsgi_pass unix:/tmp/uwsgi.socket;\n\n```\n\nIf a domain name resolves to several addresses, all of them will be used in a round-robin fashion. In addition, an address can be specified as a [server group](https://nginx.org/en/docs/http/ngx_http_upstream_module.html).\nParameter value can contain variables. In this case, if an address is specified as a domain name, the name is searched among the described [server groups](https://nginx.org/en/docs/http/ngx_http_upstream_module.html), and, if not found, is determined using a [resolver](https://nginx.org/en/docs/http/ngx_http_core_module.html#resolver).\n\nSecured uwsgi protocol is supported since version 1.5.8.\n", - "c": "`location`, `if in location`", - "s": "**uwsgi_pass** [`_protocol_`://]`_address_`;" - }, - { - "m": "ngx_http_uwsgi_module", - "n": "uwsgi_pass_header", - "d": "Permits passing [otherwise disabled](https://nginx.org/en/docs/http/ngx_http_uwsgi_module.html#uwsgi_hide_header) header fields from a uwsgi server to a client.", - "c": "`http`, `server`, `location`", - "s": "**uwsgi_pass_header** `_field_`;" - }, - { - "m": "ngx_http_uwsgi_module", - "n": "uwsgi_pass_request_body", - "d": "Indicates whether the original request body is passed to the uwsgi server. See also the [uwsgi\\_pass\\_request\\_headers](https://nginx.org/en/docs/http/ngx_http_uwsgi_module.html#uwsgi_pass_request_headers) directive.", - "v": "uwsgi\\_pass\\_request\\_body on;", - "c": "`http`, `server`, `location`", - "s": "**uwsgi_pass_request_body** `on` | `off`;" - }, - { - "m": "ngx_http_uwsgi_module", - "n": "uwsgi_pass_request_headers", - "d": "Indicates whether the header fields of the original request are passed to the uwsgi server. See also the [uwsgi\\_pass\\_request\\_body](https://nginx.org/en/docs/http/ngx_http_uwsgi_module.html#uwsgi_pass_request_body) directive.", - "v": "uwsgi\\_pass\\_request\\_headers on;", - "c": "`http`, `server`, `location`", - "s": "**uwsgi_pass_request_headers** `on` | `off`;" - }, - { - "m": "ngx_http_uwsgi_module", - "n": "uwsgi_read_timeout", - "d": "Defines a timeout for reading a response from the uwsgi server. The timeout is set only between two successive read operations, not for the transmission of the whole response. If the uwsgi server does not transmit anything within this time, the connection is closed.", - "v": "uwsgi\\_read\\_timeout 60s;", - "c": "`http`, `server`, `location`", - "s": "**uwsgi_read_timeout** `_time_`;" - }, - { - "m": "ngx_http_uwsgi_module", - "n": "uwsgi_request_buffering", - "d": "Enables or disables buffering of a client request body.\nWhen buffering is enabled, the entire request body is [read](https://nginx.org/en/docs/http/ngx_http_core_module.html#client_body_buffer_size) from the client before sending the request to a uwsgi server.\nWhen buffering is disabled, the request body is sent to the uwsgi server immediately as it is received. In this case, the request cannot be passed to the [next server](https://nginx.org/en/docs/http/ngx_http_uwsgi_module.html#uwsgi_next_upstream) if nginx already started sending the request body.\nWhen HTTP/1.1 chunked transfer encoding is used to send the original request body, the request body will be buffered regardless of the directive value.", - "v": "uwsgi\\_request\\_buffering on;", - "c": "`http`, `server`, `location`", - "s": "**uwsgi_request_buffering** `on` | `off`;" - }, - { - "m": "ngx_http_uwsgi_module", - "n": "uwsgi_send_timeout", - "d": "Sets a timeout for transmitting a request to the uwsgi server. The timeout is set only between two successive write operations, not for the transmission of the whole request. If the uwsgi server does not receive anything within this time, the connection is closed.", - "v": "uwsgi\\_send\\_timeout 60s;", - "c": "`http`, `server`, `location`", - "s": "**uwsgi_send_timeout** `_time_`;" - }, - { - "m": "ngx_http_uwsgi_module", - "n": "uwsgi_socket_keepalive", - "d": "Configures the “TCP keepalive” behavior for outgoing connections to a uwsgi server. By default, the operating system’s settings are in effect for the socket. If the directive is set to the value “`on`”, the `SO_KEEPALIVE` socket option is turned on for the socket.", - "v": "uwsgi\\_socket\\_keepalive off;", - "c": "`http`, `server`, `location`", - "s": "**uwsgi_socket_keepalive** `on` | `off`;" - }, - { - "m": "ngx_http_uwsgi_module", - "n": "uwsgi_ssl_certificate", - "d": "Specifies a `_file_` with the certificate in the PEM format used for authentication to a secured uwsgi server.\nSince version 1.21.0, variables can be used in the `_file_` name.", - "c": "`http`, `server`, `location`", - "s": "**uwsgi_ssl_certificate** `_file_`;" - }, - { - "m": "ngx_http_uwsgi_module", - "n": "uwsgi_ssl_certificate_key", - "d": "Specifies a `_file_` with the secret key in the PEM format used for authentication to a secured uwsgi server.\nThe value `engine`:`_name_`:`_id_` can be specified instead of the `_file_` (1.7.9), which loads a secret key with a specified `_id_` from the OpenSSL engine `_name_`.\nSince version 1.21.0, variables can be used in the `_file_` name.", - "c": "`http`, `server`, `location`", - "s": "**uwsgi_ssl_certificate_key** `_file_`;" - }, - { - "m": "ngx_http_uwsgi_module", - "n": "uwsgi_ssl_ciphers", - "d": "Specifies the enabled ciphers for requests to a secured uwsgi server. The ciphers are specified in the format understood by the OpenSSL library.\nThe full list can be viewed using the “`openssl ciphers`” command.", - "v": "uwsgi\\_ssl\\_ciphers DEFAULT;", - "c": "`http`, `server`, `location`", - "s": "**uwsgi_ssl_ciphers** `_ciphers_`;" - }, - { - "m": "ngx_http_uwsgi_module", - "n": "uwsgi_ssl_conf_command", - "d": "Sets arbitrary OpenSSL configuration [commands](https://www.openssl.org/docs/man1.1.1/man3/SSL_CONF_cmd.html) when establishing a connection with the secured uwsgi server.\nThe directive is supported when using OpenSSL 1.0.2 or higher.\n\nSeveral `uwsgi_ssl_conf_command` directives can be specified on the same level. These directives are inherited from the previous configuration level if and only if there are no `uwsgi_ssl_conf_command` directives defined on the current level.\n\nNote that configuring OpenSSL directly might result in unexpected behavior.\n", - "c": "`http`, `server`, `location`", - "s": "**uwsgi_ssl_conf_command** `_name_` `_value_`;" - }, - { - "m": "ngx_http_uwsgi_module", - "n": "uwsgi_ssl_crl", - "d": "Specifies a `_file_` with revoked certificates (CRL) in the PEM format used to [verify](https://nginx.org/en/docs/http/ngx_http_uwsgi_module.html#uwsgi_ssl_verify) the certificate of the secured uwsgi server.", - "c": "`http`, `server`, `location`", - "s": "**uwsgi_ssl_crl** `_file_`;" - }, - { - "m": "ngx_http_uwsgi_module", - "n": "uwsgi_ssl_name", - "d": "Allows overriding the server name used to [verify](https://nginx.org/en/docs/http/ngx_http_uwsgi_module.html#uwsgi_ssl_verify) the certificate of the secured uwsgi server and to be [passed through SNI](https://nginx.org/en/docs/http/ngx_http_uwsgi_module.html#uwsgi_ssl_server_name) when establishing a connection with the secured uwsgi server.\nBy default, the host part from [uwsgi\\_pass](https://nginx.org/en/docs/http/ngx_http_uwsgi_module.html#uwsgi_pass) is used.", - "v": "uwsgi\\_ssl\\_name host from uwsgi\\_pass;", - "c": "`http`, `server`, `location`", - "s": "**uwsgi_ssl_name** `_name_`;" - }, - { - "m": "ngx_http_uwsgi_module", - "n": "uwsgi_ssl_password_file", - "d": "Specifies a `_file_` with passphrases for [secret keys](https://nginx.org/en/docs/http/ngx_http_uwsgi_module.html#uwsgi_ssl_certificate_key) where each passphrase is specified on a separate line. Passphrases are tried in turn when loading the key.", - "c": "`http`, `server`, `location`", - "s": "**uwsgi_ssl_password_file** `_file_`;" - }, - { - "m": "ngx_http_uwsgi_module", - "n": "uwsgi_ssl_protocols", - "d": "Enables the specified protocols for requests to a secured uwsgi server.", - "v": "uwsgi\\_ssl\\_protocols TLSv1 TLSv1.1 TLSv1.2;", - "c": "`http`, `server`, `location`", - "s": "**uwsgi_ssl_protocols** [`SSLv2`] [`SSLv3`] [`TLSv1`] [`TLSv1.1`] [`TLSv1.2`] [`TLSv1.3`];" - }, - { - "m": "ngx_http_uwsgi_module", - "n": "uwsgi_ssl_server_name", - "d": "Enables or disables passing of the server name through [TLS Server Name Indication extension](http://en.wikipedia.org/wiki/Server_Name_Indication) (SNI, RFC 6066) when establishing a connection with the secured uwsgi server.", - "v": "uwsgi\\_ssl\\_server\\_name off;", - "c": "`http`, `server`, `location`", - "s": "**uwsgi_ssl_server_name** `on` | `off`;" - }, - { - "m": "ngx_http_uwsgi_module", - "n": "uwsgi_ssl_session_reuse", - "d": "Determines whether SSL sessions can be reused when working with a secured uwsgi server. If the errors “`SSL3_GET_FINISHED:digest check failed`” appear in the logs, try disabling session reuse.", - "v": "uwsgi\\_ssl\\_session\\_reuse on;", - "c": "`http`, `server`, `location`", - "s": "**uwsgi_ssl_session_reuse** `on` | `off`;" - }, - { - "m": "ngx_http_uwsgi_module", - "n": "uwsgi_ssl_trusted_certificate", - "d": "Specifies a `_file_` with trusted CA certificates in the PEM format used to [verify](https://nginx.org/en/docs/http/ngx_http_uwsgi_module.html#uwsgi_ssl_verify) the certificate of the secured uwsgi server.", - "c": "`http`, `server`, `location`", - "s": "**uwsgi_ssl_trusted_certificate** `_file_`;" - }, - { - "m": "ngx_http_uwsgi_module", - "n": "uwsgi_ssl_verify", - "d": "Enables or disables verification of the secured uwsgi server certificate.", - "v": "uwsgi\\_ssl\\_verify off;", - "c": "`http`, `server`, `location`", - "s": "**uwsgi_ssl_verify** `on` | `off`;" - }, - { - "m": "ngx_http_uwsgi_module", - "n": "uwsgi_ssl_verify_depth", - "d": "Sets the verification depth in the secured uwsgi server certificates chain.", - "v": "uwsgi\\_ssl\\_verify\\_depth 1;", - "c": "`http`, `server`, `location`", - "s": "**uwsgi_ssl_verify_depth** `_number_`;" - }, - { - "m": "ngx_http_uwsgi_module", - "n": "uwsgi_store", - "d": "Enables saving of files to a disk. The `on` parameter saves files with paths corresponding to the directives [alias](https://nginx.org/en/docs/http/ngx_http_core_module.html#alias) or [root](https://nginx.org/en/docs/http/ngx_http_core_module.html#root). The `off` parameter disables saving of files. In addition, the file name can be set explicitly using the `_string_` with variables:\n```\nuwsgi_store /data/www$original_uri;\n\n```\n\nThe modification time of files is set according to the received “Last-Modified” response header field. The response is first written to a temporary file, and then the file is renamed. Starting from version 0.8.9, temporary files and the persistent store can be put on different file systems. However, be aware that in this case a file is copied across two file systems instead of the cheap renaming operation. It is thus recommended that for any given location both saved files and a directory holding temporary files, set by the [uwsgi\\_temp\\_path](https://nginx.org/en/docs/http/ngx_http_uwsgi_module.html#uwsgi_temp_path) directive, are put on the same file system.\nThis directive can be used to create local copies of static unchangeable files, e.g.:\n```\nlocation /images/ {\n root /data/www;\n error_page 404 = /fetch$uri;\n}\n\nlocation /fetch/ {\n internal;\n\n uwsgi_pass backend:9000;\n ...\n\n uwsgi_store on;\n uwsgi_store_access user:rw group:rw all:r;\n uwsgi_temp_path /data/temp;\n\n alias /data/www/;\n}\n\n```\n", - "v": "uwsgi\\_store off;", - "c": "`http`, `server`, `location`", - "s": "**uwsgi_store** `on` | `off` | `_string_`;" - }, - { - "m": "ngx_http_uwsgi_module", - "n": "uwsgi_store_access", - "d": "Sets access permissions for newly created files and directories, e.g.:\n```\nuwsgi_store_access user:rw group:rw all:r;\n\n```\n\nIf any `group` or `all` access permissions are specified then `user` permissions may be omitted:\n```\nuwsgi_store_access group:rw all:r;\n\n```\n", - "v": "uwsgi\\_store\\_access user:rw;", - "c": "`http`, `server`, `location`", - "s": "**uwsgi_store_access** `_users_`:`_permissions_` ...;" - }, - { - "m": "ngx_http_uwsgi_module", - "n": "uwsgi_temp_file_write_size", - "d": "Limits the `_size_` of data written to a temporary file at a time, when buffering of responses from the uwsgi server to temporary files is enabled. By default, `_size_` is limited by two buffers set by the [uwsgi\\_buffer\\_size](https://nginx.org/en/docs/http/ngx_http_uwsgi_module.html#uwsgi_buffer_size) and [uwsgi\\_buffers](https://nginx.org/en/docs/http/ngx_http_uwsgi_module.html#uwsgi_buffers) directives. The maximum size of a temporary file is set by the [uwsgi\\_max\\_temp\\_file\\_size](https://nginx.org/en/docs/http/ngx_http_uwsgi_module.html#uwsgi_max_temp_file_size) directive.", - "v": "uwsgi\\_temp\\_file\\_write\\_size 8k|16k;", - "c": "`http`, `server`, `location`", - "s": "**uwsgi_temp_file_write_size** `_size_`;" - }, - { - "m": "ngx_http_uwsgi_module", - "n": "uwsgi_temp_path", - "d": "Defines a directory for storing temporary files with data received from uwsgi servers. Up to three-level subdirectory hierarchy can be used underneath the specified directory. For example, in the following configuration\n```\nuwsgi_temp_path /spool/nginx/uwsgi_temp 1 2;\n\n```\na temporary file might look like this:\n```\n/spool/nginx/uwsgi_temp/7/45/00000123457\n\n```\n\nSee also the `use_temp_path` parameter of the [uwsgi\\_cache\\_path](https://nginx.org/en/docs/http/ngx_http_uwsgi_module.html#uwsgi_cache_path) directive.", - "v": "uwsgi\\_temp\\_path uwsgi\\_temp;", - "c": "`http`, `server`, `location`", - "s": "**uwsgi_temp_path** `_path_` [`_level1_` [`_level2_` [`_level3_`]]];" - }, - { - "m": "ngx_http_v2_module", - "n": "issues", - "d": "#### Known Issues\nBefore version 1.9.14, buffering of a client request body could not be disabled regardless of [proxy\\_request\\_buffering](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_request_buffering), [fastcgi\\_request\\_buffering](https://nginx.org/en/docs/http/ngx_http_fastcgi_module.html#fastcgi_request_buffering), [uwsgi\\_request\\_buffering](https://nginx.org/en/docs/http/ngx_http_uwsgi_module.html#uwsgi_request_buffering), and [scgi\\_request\\_buffering](https://nginx.org/en/docs/http/ngx_http_scgi_module.html#scgi_request_buffering) directive values.\nBefore version 1.19.1, the [lingering\\_close](https://nginx.org/en/docs/http/ngx_http_core_module.html#lingering_close) mechanism was not used to control closing HTTP/2 connections." - }, - { - "m": "ngx_http_v2_module", - "n": "http2_body_preread_size", - "d": "Sets the `_size_` of the buffer per each request in which the request body may be saved before it is started to be processed.", - "v": "http2\\_body\\_preread\\_size 64k;", - "c": "`http`, `server`", - "s": "**http2_body_preread_size** `_size_`;" - }, - { - "m": "ngx_http_v2_module", - "n": "http2_chunk_size", - "d": "Sets the maximum size of chunks into which the response body is sliced. A too low value results in higher overhead. A too high value impairs prioritization due to [HOL blocking](http://en.wikipedia.org/wiki/Head-of-line_blocking).", - "v": "http2\\_chunk\\_size 8k;", - "c": "`http`, `server`, `location`", - "s": "**http2_chunk_size** `_size_`;" - }, - { - "m": "ngx_http_v2_module", - "n": "http2_idle_timeout", - "d": "\nThis directive is obsolete since version 1.19.7. The [keepalive\\_timeout](https://nginx.org/en/docs/http/ngx_http_core_module.html#keepalive_timeout) directive should be used instead.\n\nSets the timeout of inactivity after which the connection is closed.", - "v": "http2\\_idle\\_timeout 3m;", - "c": "`http`, `server`", - "s": "**http2_idle_timeout** `_time_`;" - }, - { - "m": "ngx_http_v2_module", - "n": "http2_max_concurrent_pushes", - "d": "Limits the maximum number of concurrent [push](https://nginx.org/en/docs/http/ngx_http_v2_module.html#http2_push) requests in a connection.", - "v": "http2\\_max\\_concurrent\\_pushes 10;", - "c": "`http`, `server`", - "s": "**http2_max_concurrent_pushes** `_number_`;" - }, - { - "m": "ngx_http_v2_module", - "n": "http2_max_concurrent_streams", - "d": "Sets the maximum number of concurrent HTTP/2 streams in a connection.", - "v": "http2\\_max\\_concurrent\\_streams 128;", - "c": "`http`, `server`", - "s": "**http2_max_concurrent_streams** `_number_`;" - }, - { - "m": "ngx_http_v2_module", - "n": "http2_max_field_size", - "d": "\nThis directive is obsolete since version 1.19.7. The [large\\_client\\_header\\_buffers](https://nginx.org/en/docs/http/ngx_http_core_module.html#large_client_header_buffers) directive should be used instead.\n\nLimits the maximum size of an [HPACK](https://datatracker.ietf.org/doc/html/rfc7541)\\-compressed request header field. The limit applies equally to both name and value. Note that if Huffman encoding is applied, the actual size of decompressed name and value strings may be larger. For most requests, the default limit should be enough.", - "v": "http2\\_max\\_field\\_size 4k;", - "c": "`http`, `server`", - "s": "**http2_max_field_size** `_size_`;" - }, - { - "m": "ngx_http_v2_module", - "n": "http2_max_header_size", - "d": "\nThis directive is obsolete since version 1.19.7. The [large\\_client\\_header\\_buffers](https://nginx.org/en/docs/http/ngx_http_core_module.html#large_client_header_buffers) directive should be used instead.\n\nLimits the maximum size of the entire request header list after [HPACK](https://datatracker.ietf.org/doc/html/rfc7541) decompression. For most requests, the default limit should be enough.", - "v": "http2\\_max\\_header\\_size 16k;", - "c": "`http`, `server`", - "s": "**http2_max_header_size** `_size_`;" - }, - { - "m": "ngx_http_v2_module", - "n": "http2_max_requests", - "d": "\nThis directive is obsolete since version 1.19.7. The [keepalive\\_requests](https://nginx.org/en/docs/http/ngx_http_core_module.html#keepalive_requests) directive should be used instead.\n\nSets the maximum number of requests (including [push](https://nginx.org/en/docs/http/ngx_http_v2_module.html#http2_push) requests) that can be served through one HTTP/2 connection, after which the next client request will lead to connection closing and the need of establishing a new connection.\nClosing connections periodically is necessary to free per-connection memory allocations. Therefore, using too high maximum number of requests could result in excessive memory usage and not recommended.", - "v": "http2\\_max\\_requests 1000;", - "c": "`http`, `server`", - "s": "**http2_max_requests** `_number_`;" - }, - { - "m": "ngx_http_v2_module", - "n": "http2_push", - "d": "Pre-emptively sends ([pushes](https://datatracker.ietf.org/doc/html/rfc7540#section-8.2)) a request to the specified `_uri_` along with the response to the original request. Only relative URIs with absolute path will be processed, for example:\n```\nhttp2_push /static/css/main.css;\n\n```\nThe `_uri_` value can contain variables.\nSeveral `http2_push` directives can be specified on the same configuration level. The `off` parameter cancels the effect of the `http2_push` directives inherited from the previous configuration level.", - "v": "http2\\_push off;", - "c": "`http`, `server`, `location`", - "s": "**http2_push** `_uri_` | `off`;" - }, - { - "m": "ngx_http_v2_module", - "n": "http2_push_preload", - "d": "Enables automatic conversion of [preload links](https://www.w3.org/TR/preload/#server-push-http-2) specified in the “Link” response header fields into [push](https://datatracker.ietf.org/doc/html/rfc7540#section-8.2) requests.", - "v": "http2\\_push\\_preload off;", - "c": "`http`, `server`, `location`", - "s": "**http2_push_preload** `on` | `off`;" - }, - { - "m": "ngx_http_v2_module", - "n": "http2_recv_buffer_size", - "d": "Sets the size of the per [worker](https://nginx.org/en/docs/ngx_core_module.html#worker_processes) input buffer.", - "v": "http2\\_recv\\_buffer\\_size 256k;", - "c": "`http`", - "s": "**http2_recv_buffer_size** `_size_`;" - }, - { - "m": "ngx_http_v2_module", - "n": "http2_recv_timeout", - "d": "\nThis directive is obsolete since version 1.19.7. The [client\\_header\\_timeout](https://nginx.org/en/docs/http/ngx_http_core_module.html#client_header_timeout) directive should be used instead.\n\nSets the timeout for expecting more data from the client, after which the connection is closed.", - "v": "http2\\_recv\\_timeout 30s;", - "c": "`http`, `server`", - "s": "**http2_recv_timeout** `_time_`;" - }, - { - "m": "ngx_http_v2_module", - "n": "variables", - "d": "#### Embedded Variables\nThe `ngx_http_v2_module` module supports the following embedded variables:\n`$http2`\n\nnegotiated protocol identifier: “`h2`” for HTTP/2 over TLS, “`h2c`” for HTTP/2 over cleartext TCP, or an empty string otherwise.\n", - "v": "http2\\_recv\\_timeout 30s;", - "c": "`http`, `server`", - "s": "**http2_recv_timeout** `_time_`;" - }, - { - "m": "ngx_http_xslt_module", - "n": "xml_entities", - "d": "Specifies the DTD file that declares character entities. This file is compiled at the configuration stage. For technical reasons, the module is unable to use the external subset declared in the processed XML, so it is ignored and a specially defined file is used instead. This file should not describe the XML structure. It is enough to declare just the required character entities, for example:\n```\n\n\n```\n", - "c": "`http`, `server`, `location`", - "s": "**xml_entities** `_path_`;" - }, - { - "m": "ngx_http_xslt_module", - "n": "xslt_last_modified", - "d": "Allows preserving the “Last-Modified” header field from the original response during XSLT transformations to facilitate response caching.\nBy default, the header field is removed as contents of the response are modified during transformations and may contain dynamically generated elements or parts that are changed independently of the original response.", - "v": "xslt\\_last\\_modified off;", - "c": "`http`, `server`, `location`", - "s": "**xslt_last_modified** `on` | `off`;" - }, - { - "m": "ngx_http_xslt_module", - "n": "xslt_param", - "d": "Defines the parameters for XSLT stylesheets. The `_value_` is treated as an XPath expression. The `_value_` can contain variables. To pass a string value to a stylesheet, the [xslt\\_string\\_param](https://nginx.org/en/docs/http/ngx_http_xslt_module.html#xslt_string_param) directive can be used.\nThere could be several `xslt_param` directives. These directives are inherited from the previous configuration level if and only if there are no `xslt_param` and [xslt\\_string\\_param](https://nginx.org/en/docs/http/ngx_http_xslt_module.html#xslt_string_param) directives defined on the current level.", - "c": "`http`, `server`, `location`", - "s": "**xslt_param** `_parameter_` `_value_`;" - }, - { - "m": "ngx_http_xslt_module", - "n": "xslt_string_param", - "d": "Defines the string parameters for XSLT stylesheets. XPath expressions in the `_value_` are not interpreted. The `_value_` can contain variables.\nThere could be several `xslt_string_param` directives. These directives are inherited from the previous configuration level if and only if there are no [xslt\\_param](https://nginx.org/en/docs/http/ngx_http_xslt_module.html#xslt_param) and `xslt_string_param` directives defined on the current level.", - "c": "`http`, `server`, `location`", - "s": "**xslt_string_param** `_parameter_` `_value_`;" - }, - { - "m": "ngx_http_xslt_module", - "n": "xslt_stylesheet", - "d": "Defines the XSLT stylesheet and its optional parameters. A stylesheet is compiled at the configuration stage.\nParameters can either be specified separately, or grouped in a single line using the “`:`” delimiter. If a parameter includes the “`:`” character, it should be escaped as “`%3A`”. Also, `libxslt` requires to enclose parameters that contain non-alphanumeric characters into single or double quotes, for example:\n```\nparam1='http%3A//www.example.com':param2=value2\n\n```\n\nThe parameters description can contain variables, for example, the whole line of parameters can be taken from a single variable:\n```\nlocation / {\n xslt_stylesheet /site/xslt/one.xslt\n $arg_xslt_params\n param1='$value1':param2=value2\n param3=value3;\n}\n\n```\n\nIt is possible to specify several stylesheets. They will be applied sequentially in the specified order.", - "c": "`location`", - "s": "**xslt_stylesheet** `_stylesheet_` [`_parameter_`=`_value_` ...];" - }, - { - "m": "ngx_http_xslt_module", - "n": "xslt_types", - "d": "Enables transformations in responses with the specified MIME types in addition to “`text/xml`”. The special value “`*`” matches any MIME type (0.8.29). If the transformation result is an HTML response, its MIME type is changed to “`text/html`”.", - "v": "xslt\\_types text/xml;", - "c": "`http`, `server`, `location`", - "s": "**xslt_types** `_mime-type_` ...;" - }, - { - "m": "ngx_mail_core_module", - "n": "listen", - "d": "Sets the `_address_` and `_port_` for the socket on which the server will accept requests. It is possible to specify just the port. The address can also be a hostname, for example:\n```\nlisten 127.0.0.1:110;\nlisten *:110;\nlisten 110; # same as *:110\nlisten localhost:110;\n\n```\nIPv6 addresses (0.7.58) are specified in square brackets:\n```\nlisten [::1]:110;\nlisten [::]:110;\n\n```\nUNIX-domain sockets (1.3.5) are specified with the “`unix:`” prefix:\n```\nlisten unix:/var/run/nginx.sock;\n\n```\n\nDifferent servers must listen on different `_address_`:`_port_` pairs.\nThe `ssl` parameter allows specifying that all connections accepted on this port should work in SSL mode.", - "c": "`server`", - "s": "**listen** `_address_`:`_port_` [`ssl`] [`proxy_protocol`] [`backlog`=`_number_`] [`rcvbuf`=`_size_`] [`sndbuf`=`_size_`] [`bind`] [`ipv6only`=`on`|`off`] [`so_keepalive`=`on`|`off`|[`_keepidle_`]:[`_keepintvl_`]:[`_keepcnt_`]];" - }, - { - "m": "ngx_mail_core_module", - "n": "proxy_protocol", - "d": "The `proxy_protocol` parameter (1.19.8) allows specifying that all connections accepted on this port should use the [PROXY protocol](http://www.haproxy.org/download/1.8/doc/proxy-protocol.txt). Obtained information is passed to the [authentication server](https://nginx.org/en/docs/mail/ngx_mail_auth_http_module.html#proxy_protocol) and can be used to [change the client address](https://nginx.org/en/docs/mail/ngx_mail_realip_module.html).\nThe `listen` directive can have several additional parameters specific to socket-related system calls.\n`backlog`\\=`_number_`\n\nsets the `backlog` parameter in the `listen()` call that limits the maximum length for the queue of pending connections (1.9.2). By default, `backlog` is set to -1 on FreeBSD, DragonFly BSD, and macOS, and to 511 on other platforms.\n\n`rcvbuf`\\=`_size_`\n\nsets the receive buffer size (the `SO_RCVBUF` option) for the listening socket (1.11.13).\n\n`sndbuf`\\=`_size_`\n\nsets the send buffer size (the `SO_SNDBUF` option) for the listening socket (1.11.13).\n\n`bind`\n\nthis parameter instructs to make a separate `bind()` call for a given address:port pair. The fact is that if there are several `listen` directives with the same port but different addresses, and one of the `listen` directives listens on all addresses for the given port (`*:``_port_`), nginx will `bind()` only to `*:``_port_`. It should be noted that the `getsockname()` system call will be made in this case to determine the address that accepted the connection. If the `backlog`, `rcvbuf`, `sndbuf`, `ipv6only`, or `so_keepalive` parameters are used then for a given `_address_`:`_port_` pair a separate `bind()` call will always be made.\n\n`ipv6only`\\=`on`|`off`\n\nthis parameter determines (via the `IPV6_V6ONLY` socket option) whether an IPv6 socket listening on a wildcard address `[::]` will accept only IPv6 connections or both IPv6 and IPv4 connections. This parameter is turned on by default. It can only be set once on start.\n\n`so_keepalive`\\=`on`|`off`|\\[`_keepidle_`\\]:\\[`_keepintvl_`\\]:\\[`_keepcnt_`\\]\n\nthis parameter configures the “TCP keepalive” behavior for the listening socket. If this parameter is omitted then the operating system’s settings will be in effect for the socket. If it is set to the value “`on`”, the `SO_KEEPALIVE` option is turned on for the socket. If it is set to the value “`off`”, the `SO_KEEPALIVE` option is turned off for the socket. Some operating systems support setting of TCP keepalive parameters on a per-socket basis using the `TCP_KEEPIDLE`, `TCP_KEEPINTVL`, and `TCP_KEEPCNT` socket options. On such systems (currently, Linux 2.4+, NetBSD 5+, and FreeBSD 9.0-STABLE), they can be configured using the `_keepidle_`, `_keepintvl_`, and `_keepcnt_` parameters. One or two parameters may be omitted, in which case the system default setting for the corresponding socket option will be in effect. For example,\n\n> so\\_keepalive=30m::10\n\nwill set the idle timeout (`TCP_KEEPIDLE`) to 30 minutes, leave the probe interval (`TCP_KEEPINTVL`) at its system default, and set the probes count (`TCP_KEEPCNT`) to 10 probes.\n", - "c": "`server`", - "s": "**listen** `_address_`:`_port_` [`ssl`] [`proxy_protocol`] [`backlog`=`_number_`] [`rcvbuf`=`_size_`] [`sndbuf`=`_size_`] [`bind`] [`ipv6only`=`on`|`off`] [`so_keepalive`=`on`|`off`|[`_keepidle_`]:[`_keepintvl_`]:[`_keepcnt_`]];" - }, - { - "m": "ngx_mail_core_module", - "n": "mail", - "d": "Provides the configuration file context in which the mail server directives are specified.", - "c": "`main`", - "s": "**mail** { ... }" - }, - { - "m": "ngx_mail_core_module", - "n": "max_errors", - "d": "Sets the number of protocol errors after which the connection is closed.", - "v": "max\\_errors 5;", - "c": "`mail`, `server`", - "s": "**max_errors** `_number_`;" - }, - { - "m": "ngx_mail_core_module", - "n": "protocol", - "d": "Sets the protocol for a proxied server. Supported protocols are [IMAP](https://nginx.org/en/docs/mail/ngx_mail_imap_module.html), [POP3](https://nginx.org/en/docs/mail/ngx_mail_pop3_module.html), and [SMTP](https://nginx.org/en/docs/mail/ngx_mail_smtp_module.html).\nIf the directive is not set, the protocol can be detected automatically based on the well-known port specified in the [listen](https://nginx.org/en/docs/mail/ngx_mail_core_module.html#listen) directive:\n* `imap`: 143, 993\n* `pop3`: 110, 995\n* `smtp`: 25, 587, 465\n\nUnnecessary protocols can be disabled using the [configuration](https://nginx.org/en/docs/configure.html) parameters `--without-mail_imap_module`, `--without-mail_pop3_module`, and `--without-mail_smtp_module`.", - "c": "`server`", - "s": "**protocol** `imap` | `pop3` | `smtp`;" - }, - { - "m": "ngx_mail_core_module", - "n": "resolver", - "d": "Configures name servers used to find the client’s hostname to pass it to the [authentication server](https://nginx.org/en/docs/mail/ngx_mail_auth_http_module.html), and in the [XCLIENT](https://nginx.org/en/docs/mail/ngx_mail_proxy_module.html#xclient) command when proxying SMTP. For example:\n```\nresolver 127.0.0.1 [::1]:5353;\n\n```\nThe address can be specified as a domain name or IP address, with an optional port (1.3.1, 1.2.2). If port is not specified, the port 53 is used. Name servers are queried in a round-robin fashion.\nBefore version 1.1.7, only a single name server could be configured. Specifying name servers using IPv6 addresses is supported starting from versions 1.3.1 and 1.2.2.\n", - "v": "resolver off;", - "c": "`mail`, `server`", - "s": "**resolver** `_address_` ... [`valid`=`_time_`] [`ipv4`=`on`|`off`] [`ipv6`=`on`|`off`] [`status_zone`=`_zone_`];`` \n``**resolver** `off`;" - }, - { - "m": "ngx_mail_core_module", - "n": "resolver_ipv6", - "d": "By default, nginx will look up both IPv4 and IPv6 addresses while resolving. If looking up of IPv4 or IPv6 addresses is not desired, the `ipv4=off` (1.23.1) or the `ipv6=off` parameter can be specified.\nResolving of names into IPv6 addresses is supported starting from version 1.5.8.\n", - "v": "resolver off;", - "c": "`mail`, `server`", - "s": "**resolver** `_address_` ... [`valid`=`_time_`] [`ipv4`=`on`|`off`] [`ipv6`=`on`|`off`] [`status_zone`=`_zone_`];`` \n``**resolver** `off`;" - }, - { - "m": "ngx_mail_core_module", - "n": "resolver_valid", - "d": "By default, nginx caches answers using the TTL value of a response. An optional `valid` parameter allows overriding it:\n```\nresolver 127.0.0.1 [::1]:5353 valid=30s;\n\n```\n\nBefore version 1.1.9, tuning of caching time was not possible, and nginx always cached answers for the duration of 5 minutes.\n\nTo prevent DNS spoofing, it is recommended configuring DNS servers in a properly secured trusted local network.\n", - "v": "resolver off;", - "c": "`mail`, `server`", - "s": "**resolver** `_address_` ... [`valid`=`_time_`] [`ipv4`=`on`|`off`] [`ipv6`=`on`|`off`] [`status_zone`=`_zone_`];`` \n``**resolver** `off`;" - }, - { - "m": "ngx_mail_core_module", - "n": "resolver_status_zone", - "d": "The optional `status_zone` parameter (1.17.1) enables [collection](https://nginx.org/en/docs/http/ngx_http_api_module.html#resolvers_) of DNS server statistics of requests and responses in the specified `_zone_`. The parameter is available as part of our [commercial subscription](http://nginx.com/products/).", - "v": "resolver off;", - "c": "`mail`, `server`", - "s": "**resolver** `_address_` ... [`valid`=`_time_`] [`ipv4`=`on`|`off`] [`ipv6`=`on`|`off`] [`status_zone`=`_zone_`];`` \n``**resolver** `off`;" - }, - { - "m": "ngx_mail_core_module", - "n": "resolver_off", - "d": "The special value `off` disables resolving.", - "v": "resolver off;", - "c": "`mail`, `server`", - "s": "**resolver** `_address_` ... [`valid`=`_time_`] [`ipv4`=`on`|`off`] [`ipv6`=`on`|`off`] [`status_zone`=`_zone_`];`` \n``**resolver** `off`;" - }, - { - "m": "ngx_mail_core_module", - "n": "resolver_timeout", - "d": "Sets a timeout for DNS operations, for example:\n```\nresolver_timeout 5s;\n\n```\n", - "v": "resolver\\_timeout 30s;", - "c": "`mail`, `server`", - "s": "**resolver_timeout** `_time_`;" - }, - { - "m": "ngx_mail_core_module", - "n": "server", - "d": "Sets the configuration for a server.", - "c": "`mail`", - "s": "**server** { ... }" - }, - { - "m": "ngx_mail_core_module", - "n": "server_name", - "d": "Sets the server name that is used:\n* in the initial POP3/SMTP server greeting;\n* in the salt during the SASL CRAM-MD5 authentication;\n* in the `EHLO` command when connecting to the SMTP backend, if the passing of the [XCLIENT](https://nginx.org/en/docs/mail/ngx_mail_proxy_module.html#xclient) command is enabled.\n\nIf the directive is not specified, the machine’s hostname is used.", - "v": "server\\_name hostname;", - "c": "`mail`, `server`", - "s": "**server_name** `_name_`;" - }, - { - "m": "ngx_mail_core_module", - "n": "timeout", - "d": "Sets the timeout that is used before proxying to the backend starts.", - "v": "timeout 60s;", - "c": "`mail`, `server`", - "s": "**timeout** `_time_`;" - }, - { - "m": "ngx_mail_auth_http_module", - "n": "auth_http", - "d": "Sets the URL of the HTTP authentication server. The protocol is described [below](https://nginx.org/en/docs/mail/ngx_mail_auth_http_module.html#protocol).", - "c": "`mail`, `server`", - "s": "**auth_http** `_URL_`;" - }, - { - "m": "ngx_mail_auth_http_module", - "n": "auth_http_header", - "d": "Appends the specified header to requests sent to the authentication server. This header can be used as the shared secret to verify that the request comes from nginx. For example:\n```\nauth_http_header X-Auth-Key \"secret_string\";\n\n```\n", - "c": "`mail`, `server`", - "s": "**auth_http_header** `_header_` `_value_`;" - }, - { - "m": "ngx_mail_auth_http_module", - "n": "auth_http_pass_client_cert", - "d": "Appends the “Auth-SSL-Cert” header with the [client](https://nginx.org/en/docs/mail/ngx_mail_ssl_module.html#ssl_verify_client) certificate in the PEM format (urlencoded) to requests sent to the authentication server.", - "v": "auth\\_http\\_pass\\_client\\_cert off;", - "c": "`mail`, `server`", - "s": "**auth_http_pass_client_cert** `on` | `off`;" - }, - { - "m": "ngx_mail_auth_http_module", - "n": "auth_http_timeout", - "d": "Sets the timeout for communication with the authentication server.", - "v": "auth\\_http\\_timeout 60s;", - "c": "`mail`, `server`", - "s": "**auth_http_timeout** `_time_`;" - }, - { - "m": "ngx_mail_auth_http_module", - "n": "protocol", - "d": "#### Protocol\nThe HTTP protocol is used to communicate with the authentication server. The data in the response body is ignored, the information is passed only in the headers.\nExamples of requests and responses:\nRequest:\n```\nGET /auth HTTP/1.0\nHost: localhost\nAuth-Method: plain # plain/apop/cram-md5/external\nAuth-User: user\nAuth-Pass: password\nAuth-Protocol: imap # imap/pop3/smtp\nAuth-Login-Attempt: 1\nClient-IP: 192.0.2.42\nClient-Host: client.example.org\n\n```\nGood response:\n```\nHTTP/1.0 200 OK\nAuth-Status: OK\nAuth-Server: 198.51.100.1\nAuth-Port: 143\n\n```\nBad response:\n```\nHTTP/1.0 200 OK\nAuth-Status: Invalid login or password\nAuth-Wait: 3\n\n```\n\nIf there is no “Auth-Wait” header, an error will be returned and the connection will be closed. The current implementation allocates memory for each authentication attempt. The memory is freed only at the end of a session. Therefore, the number of invalid authentication attempts in a single session must be limited — the server must respond without the “Auth-Wait” header after 10-20 attempts (the attempt number is passed in the “Auth-Login-Attempt” header).\nWhen the APOP or CRAM-MD5 are used, request-response will look as follows:\n```\nGET /auth HTTP/1.0\nHost: localhost\nAuth-Method: apop\nAuth-User: user\nAuth-Salt: <238188073.1163692009@mail.example.com>\nAuth-Pass: auth_response\nAuth-Protocol: imap\nAuth-Login-Attempt: 1\nClient-IP: 192.0.2.42\nClient-Host: client.example.org\n\n```\nGood response:\n```\nHTTP/1.0 200 OK\nAuth-Status: OK\nAuth-Server: 198.51.100.1\nAuth-Port: 143\nAuth-Pass: plain-text-pass\n\n```\n\nIf the “Auth-User” header exists in the response, it overrides the username used to authenticate with the backend.\nFor the SMTP, the response additionally takes into account the “Auth-Error-Code” header — if exists, it is used as a response code in case of an error. Otherwise, the 535 5.7.0 code will be added to the “Auth-Status” header.\nFor example, if the following response is received from the authentication server:\n```\nHTTP/1.0 200 OK\nAuth-Status: Temporary server problem, try again later\nAuth-Error-Code: 451 4.3.0\nAuth-Wait: 3\n\n```\nthen the SMTP client will receive an error\n```\n451 4.3.0 Temporary server problem, try again later\n\n```\n\nIf proxying SMTP does not require authentication, the request will look as follows:\n```\nGET /auth HTTP/1.0\nHost: localhost\nAuth-Method: none\nAuth-User:\nAuth-Pass:\nAuth-Protocol: smtp\nAuth-Login-Attempt: 1\nClient-IP: 192.0.2.42\nClient-Host: client.example.org\nAuth-SMTP-Helo: client.example.org\nAuth-SMTP-From: MAIL FROM: <>\nAuth-SMTP-To: RCPT TO: \n\n```\n\nFor the SSL/TLS client connection (1.7.11), the “Auth-SSL” header is added, and “Auth-SSL-Verify” will contain the result of client certificate verification, if [enabled](https://nginx.org/en/docs/mail/ngx_mail_ssl_module.html#ssl_verify_client): “`SUCCESS`”, “`FAILED:``_reason_`”, and “`NONE`” if a certificate was not present.\nPrior to version 1.11.7, the “`FAILED`” result did not contain the `_reason_` string.\nWhen the client certificate was present, its details are passed in the following request headers: “Auth-SSL-Subject”, “Auth-SSL-Issuer”, “Auth-SSL-Serial”, and “Auth-SSL-Fingerprint”. If [auth\\_http\\_pass\\_client\\_cert](https://nginx.org/en/docs/mail/ngx_mail_auth_http_module.html#auth_http_pass_client_cert) is enabled, the certificate itself is passed in the “Auth-SSL-Cert” header. The protocol and cipher of the established connection are passed in the “Auth-SSL-Protocol” and “Auth-SSL-Cipher” headers (1.21.2). The request will look as follows:\n```\nGET /auth HTTP/1.0\nHost: localhost\nAuth-Method: plain\nAuth-User: user\nAuth-Pass: password\nAuth-Protocol: imap\nAuth-Login-Attempt: 1\nClient-IP: 192.0.2.42\nAuth-SSL: on\nAuth-SSL-Protocol: TLSv1.3\nAuth-SSL-Cipher: TLS_AES_256_GCM_SHA384\nAuth-SSL-Verify: SUCCESS\nAuth-SSL-Subject: /CN=example.com\nAuth-SSL-Issuer: /CN=example.com\nAuth-SSL-Serial: C07AD56B846B5BFF\nAuth-SSL-Fingerprint: 29d6a80a123d13355ed16b4b04605e29cb55a5ad\n\n```\n", - "v": "auth\\_http\\_timeout 60s;", - "c": "`mail`, `server`", - "s": "**auth_http_timeout** `_time_`;" - }, - { - "m": "ngx_mail_auth_http_module", - "n": "proxy_protocol", - "d": "When the [PROXY protocol](https://nginx.org/en/docs/mail/ngx_mail_core_module.html#proxy_protocol) is used, its details are passed in the following request headers: “Proxy-Protocol-Addr”, “Proxy-Protocol-Port”, “Proxy-Protocol-Server-Addr”, and “Proxy-Protocol-Server-Port” (1.19.8).", - "v": "auth\\_http\\_timeout 60s;", - "c": "`mail`, `server`", - "s": "**auth_http_timeout** `_time_`;" - }, - { - "m": "ngx_mail_proxy_module", - "n": "proxy_buffer", - "d": "Sets the size of the buffer used for proxying. By default, the buffer size is equal to one memory page. Depending on a platform, it is either 4K or 8K.", - "v": "proxy\\_buffer 4k|8k;", - "c": "`mail`, `server`", - "s": "**proxy_buffer** `_size_`;" - }, - { - "m": "ngx_mail_proxy_module", - "n": "proxy_pass_error_message", - "d": "Indicates whether to pass the error message obtained during the authentication on the backend to the client.\nUsually, if the authentication in nginx is a success, the backend cannot return an error. If it nevertheless returns an error, it means some internal error has occurred. In such case the backend message can contain information that should not be shown to the client. However, responding with an error for the correct password is a normal behavior for some POP3 servers. For example, CommuniGatePro informs a user about [mailbox overflow](http://www.stalker.com/CommuniGatePro/Alerts.html#Quota) or other events by periodically outputting the [authentication error](http://www.stalker.com/CommuniGatePro/POP.html#Alerts). The directive should be enabled in this case.", - "v": "proxy\\_pass\\_error\\_message off;", - "c": "`mail`, `server`", - "s": "**proxy_pass_error_message** `on` | `off`;" - }, - { - "m": "ngx_mail_proxy_module", - "n": "proxy_protocol", - "d": "Enables the [PROXY protocol](http://www.haproxy.org/download/1.8/doc/proxy-protocol.txt) for connections to a backend.", - "v": "proxy\\_protocol off;", - "c": "`mail`, `server`", - "s": "**proxy_protocol** `on` | `off`;" - }, - { - "m": "ngx_mail_proxy_module", - "n": "proxy_smtp_auth", - "d": "Enables or disables user authentication on the SMTP backend using the `AUTH` command.\nIf [XCLIENT](https://nginx.org/en/docs/mail/ngx_mail_proxy_module.html#xclient) is also enabled, then the `XCLIENT` command will not send the `LOGIN` parameter.", - "v": "proxy\\_smtp\\_auth off;", - "c": "`mail`, `server`", - "s": "**proxy_smtp_auth** `on` | `off`;" - }, - { - "m": "ngx_mail_proxy_module", - "n": "proxy_timeout", - "d": "Sets the `_timeout_` between two successive read or write operations on client or proxied server connections. If no data is transmitted within this time, the connection is closed.", - "v": "proxy\\_timeout 24h;", - "c": "`mail`, `server`", - "s": "**proxy_timeout** `_timeout_`;" - }, - { - "m": "ngx_mail_proxy_module", - "n": "xclient", - "d": "Enables or disables the passing of the [XCLIENT](http://www.postfix.org/XCLIENT_README.html) command with client parameters when connecting to the SMTP backend.\nWith `XCLIENT`, the MTA is able to write client information to the log and apply various limitations based on this data.\nIf `XCLIENT` is enabled then nginx passes the following commands when connecting to the backend:\n* `EHLO` with the [server name](https://nginx.org/en/docs/mail/ngx_mail_core_module.html#server_name)\n* `XCLIENT`\n* `EHLO` or `HELO`, as passed by the client\n\nIf the name [found](https://nginx.org/en/docs/mail/ngx_mail_core_module.html#resolver) by the client IP address points to the same address, it is passed in the `NAME` parameter of the `XCLIENT` command. If the name could not be found, points to a different address, or [resolver](https://nginx.org/en/docs/mail/ngx_mail_core_module.html#resolver) is not specified, the `[UNAVAILABLE]` is passed in the `NAME` parameter. If an error has occurred in the process of resolving, the `[TEMPUNAVAIL]` value is used.\nIf `XCLIENT` is disabled then nginx passes the `EHLO` command with the [server name](https://nginx.org/en/docs/mail/ngx_mail_core_module.html#server_name) when connecting to the backend if the client has passed `EHLO`, or `HELO` with the server name, otherwise.", - "v": "xclient on;", - "c": "`mail`, `server`", - "s": "**xclient** `on` | `off`;" - }, - { - "m": "ngx_mail_ssl_module", - "n": "ssl", - "d": "This directive was made obsolete in version 1.15.0. The `ssl` parameter of the [listen](https://nginx.org/en/docs/mail/ngx_mail_core_module.html#listen) directive should be used instead.", - "v": "ssl off;", - "c": "`mail`, `server`", - "s": "**ssl** `on` | `off`;" - }, - { - "m": "ngx_mail_ssl_module", - "n": "ssl_certificate", - "d": "Specifies a `_file_` with the certificate in the PEM format for the given server. If intermediate certificates should be specified in addition to a primary certificate, they should be specified in the same file in the following order: the primary certificate comes first, then the intermediate certificates. A secret key in the PEM format may be placed in the same file.\nSince version 1.11.0, this directive can be specified multiple times to load certificates of different types, for example, RSA and ECDSA:\n```\nserver {\n listen 993 ssl;\n\n ssl_certificate example.com.rsa.crt;\n ssl_certificate_key example.com.rsa.key;\n\n ssl_certificate example.com.ecdsa.crt;\n ssl_certificate_key example.com.ecdsa.key;\n\n ...\n}\n\n```\n\nOnly OpenSSL 1.0.2 or higher supports separate certificate chains for different certificates. With older versions, only one certificate chain can be used.\n", - "c": "`mail`, `server`", - "s": "**ssl_certificate** `_file_`;" - }, - { - "m": "ngx_mail_ssl_module", - "n": "ssl_certificate_data", - "d": "The value `data`:`_certificate_` can be specified instead of the `_file_` (1.15.10), which loads a certificate without using intermediate files. Note that inappropriate use of this syntax may have its security implications, such as writing secret key data to [error log](https://nginx.org/en/docs/ngx_core_module.html#error_log).", - "c": "`mail`, `server`", - "s": "**ssl_certificate** `_file_`;" - }, - { - "m": "ngx_mail_ssl_module", - "n": "ssl_certificate_key", - "d": "Specifies a `_file_` with the secret key in the PEM format for the given server.\nThe value `engine`:`_name_`:`_id_` can be specified instead of the `_file_` (1.7.9), which loads a secret key with a specified `_id_` from the OpenSSL engine `_name_`.", - "c": "`mail`, `server`", - "s": "**ssl_certificate_key** `_file_`;" - }, - { - "m": "ngx_mail_ssl_module", - "n": "ssl_certificate_key_data", - "d": "The value `data`:`_key_` can be specified instead of the `_file_` (1.15.10), which loads a secret key without using intermediate files. Note that inappropriate use of this syntax may have its security implications, such as writing secret key data to [error log](https://nginx.org/en/docs/ngx_core_module.html#error_log).", - "c": "`mail`, `server`", - "s": "**ssl_certificate_key** `_file_`;" - }, - { - "m": "ngx_mail_ssl_module", - "n": "ssl_ciphers", - "d": "Specifies the enabled ciphers. The ciphers are specified in the format understood by the OpenSSL library, for example:\n```\nssl_ciphers ALL:!aNULL:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;\n\n```\n\nThe full list can be viewed using the “`openssl ciphers`” command.\n\nThe previous versions of nginx used [different](https://nginx.org/en/docs/http/configuring_https_servers.html#compatibility) ciphers by default.\n", - "v": "ssl\\_ciphers HIGH:!aNULL:!MD5;", - "c": "`mail`, `server`", - "s": "**ssl_ciphers** `_ciphers_`;" - }, - { - "m": "ngx_mail_ssl_module", - "n": "ssl_client_certificate", - "d": "Specifies a `_file_` with trusted CA certificates in the PEM format used to [verify](https://nginx.org/en/docs/mail/ngx_mail_ssl_module.html#ssl_verify_client) client certificates.\nThe list of certificates will be sent to clients. If this is not desired, the [ssl\\_trusted\\_certificate](https://nginx.org/en/docs/mail/ngx_mail_ssl_module.html#ssl_trusted_certificate) directive can be used.", - "c": "`mail`, `server`", - "s": "**ssl_client_certificate** `_file_`;" - }, - { - "m": "ngx_mail_ssl_module", - "n": "ssl_conf_command", - "d": "Sets arbitrary OpenSSL configuration [commands](https://www.openssl.org/docs/man1.1.1/man3/SSL_CONF_cmd.html).\nThe directive is supported when using OpenSSL 1.0.2 or higher.\n\nSeveral `ssl_conf_command` directives can be specified on the same level:\n```\nssl_conf_command Options PrioritizeChaCha;\nssl_conf_command Ciphersuites TLS_CHACHA20_POLY1305_SHA256;\n\n```\nThese directives are inherited from the previous configuration level if and only if there are no `ssl_conf_command` directives defined on the current level.\n\nNote that configuring OpenSSL directly might result in unexpected behavior.\n", - "c": "`mail`, `server`", - "s": "**ssl_conf_command** `_name_` `_value_`;" - }, - { - "m": "ngx_mail_ssl_module", - "n": "ssl_crl", - "d": "Specifies a `_file_` with revoked certificates (CRL) in the PEM format used to [verify](https://nginx.org/en/docs/mail/ngx_mail_ssl_module.html#ssl_verify_client) client certificates.", - "c": "`mail`, `server`", - "s": "**ssl_crl** `_file_`;" - }, - { - "m": "ngx_mail_ssl_module", - "n": "ssl_dhparam", - "d": "Specifies a `_file_` with DH parameters for DHE ciphers.\nBy default no parameters are set, and therefore DHE ciphers will not be used.\nPrior to version 1.11.0, builtin parameters were used by default.\n", - "c": "`mail`, `server`", - "s": "**ssl_dhparam** `_file_`;" - }, - { - "m": "ngx_mail_ssl_module", - "n": "ssl_ecdh_curve", - "d": "Specifies a `_curve_` for ECDHE ciphers.\nWhen using OpenSSL 1.0.2 or higher, it is possible to specify multiple curves (1.11.0), for example:\n```\nssl_ecdh_curve prime256v1:secp384r1;\n\n```\n\nThe special value `auto` (1.11.0) instructs nginx to use a list built into the OpenSSL library when using OpenSSL 1.0.2 or higher, or `prime256v1` with older versions.\n\nPrior to version 1.11.0, the `prime256v1` curve was used by default.\n\n\nWhen using OpenSSL 1.0.2 or higher, this directive sets the list of curves supported by the server. Thus, in order for ECDSA certificates to work, it is important to include the curves used in the certificates.\n", - "v": "ssl\\_ecdh\\_curve auto;", - "c": "`mail`, `server`", - "s": "**ssl_ecdh_curve** `_curve_`;" - }, - { - "m": "ngx_mail_ssl_module", - "n": "ssl_password_file", - "d": "Specifies a `_file_` with passphrases for [secret keys](https://nginx.org/en/docs/mail/ngx_mail_ssl_module.html#ssl_certificate_key) where each passphrase is specified on a separate line. Passphrases are tried in turn when loading the key.\nExample:\n```\nmail {\n ssl_password_file /etc/keys/global.pass;\n ...\n\n server {\n server_name mail1.example.com;\n ssl_certificate_key /etc/keys/first.key;\n }\n\n server {\n server_name mail2.example.com;\n\n # named pipe can also be used instead of a file\n ssl_password_file /etc/keys/fifo;\n ssl_certificate_key /etc/keys/second.key;\n }\n}\n\n```\n", - "c": "`mail`, `server`", - "s": "**ssl_password_file** `_file_`;" - }, - { - "m": "ngx_mail_ssl_module", - "n": "ssl_prefer_server_ciphers", - "d": "Specifies that server ciphers should be preferred over client ciphers when the SSLv3 and TLS protocols are used.", - "v": "ssl\\_prefer\\_server\\_ciphers off;", - "c": "`mail`, `server`", - "s": "**ssl_prefer_server_ciphers** `on` | `off`;" - }, - { - "m": "ngx_mail_ssl_module", - "n": "ssl_protocols", - "d": "Enables the specified protocols.\nThe `TLSv1.1` and `TLSv1.2` parameters (1.1.13, 1.0.12) work only when OpenSSL 1.0.1 or higher is used.\n\nThe `TLSv1.3` parameter (1.13.0) works only when OpenSSL 1.1.1 or higher is used.\n", - "v": "ssl\\_protocols TLSv1 TLSv1.1 TLSv1.2;", - "c": "`mail`, `server`", - "s": "**ssl_protocols** [`SSLv2`] [`SSLv3`] [`TLSv1`] [`TLSv1.1`] [`TLSv1.2`] [`TLSv1.3`];" - }, - { - "m": "ngx_mail_ssl_module", - "n": "ssl_session_cache", - "d": "Sets the types and sizes of caches that store session parameters. A cache can be of any of the following types:\n`off`\n\nthe use of a session cache is strictly prohibited: nginx explicitly tells a client that sessions may not be reused.\n\n`none`\n\nthe use of a session cache is gently disallowed: nginx tells a client that sessions may be reused, but does not actually store session parameters in the cache.\n\n`builtin`\n\na cache built in OpenSSL; used by one worker process only. The cache size is specified in sessions. If size is not given, it is equal to 20480 sessions. Use of the built-in cache can cause memory fragmentation.\n\n`shared`\n\na cache shared between all worker processes. The cache size is specified in bytes; one megabyte can store about 4000 sessions. Each shared cache should have an arbitrary name. A cache with the same name can be used in several servers. It is also used to automatically generate, store, and periodically rotate TLS session ticket keys (1.23.2) unless configured explicitly using the [ssl\\_session\\_ticket\\_key](https://nginx.org/en/docs/mail/ngx_mail_ssl_module.html#ssl_session_ticket_key) directive.\n\nBoth cache types can be used simultaneously, for example:\n```\nssl_session_cache builtin:1000 shared:SSL:10m;\n\n```\nbut using only shared cache without the built-in cache should be more efficient.", - "v": "ssl\\_session\\_cache none;", - "c": "`mail`, `server`", - "s": "**ssl_session_cache** `off` | `none` | [`builtin`[:`_size_`]] [`shared`:`_name_`:`_size_`];" - }, - { - "m": "ngx_mail_ssl_module", - "n": "ssl_session_ticket_key", - "d": "Sets a `_file_` with the secret key used to encrypt and decrypt TLS session tickets. The directive is necessary if the same key has to be shared between multiple servers. By default, a randomly generated key is used.\nIf several keys are specified, only the first key is used to encrypt TLS session tickets. This allows configuring key rotation, for example:\n```\nssl_session_ticket_key current.key;\nssl_session_ticket_key previous.key;\n\n```\n\nThe `_file_` must contain 80 or 48 bytes of random data and can be created using the following command:\n```\nopenssl rand 80 > ticket.key\n\n```\nDepending on the file size either AES256 (for 80-byte keys, 1.11.8) or AES128 (for 48-byte keys) is used for encryption.", - "c": "`mail`, `server`", - "s": "**ssl_session_ticket_key** `_file_`;" - }, - { - "m": "ngx_mail_ssl_module", - "n": "ssl_session_tickets", - "d": "Enables or disables session resumption through [TLS session tickets](https://datatracker.ietf.org/doc/html/rfc5077).", - "v": "ssl\\_session\\_tickets on;", - "c": "`mail`, `server`", - "s": "**ssl_session_tickets** `on` | `off`;" - }, - { - "m": "ngx_mail_ssl_module", - "n": "ssl_session_timeout", - "d": "Specifies a time during which a client may reuse the session parameters.", - "v": "ssl\\_session\\_timeout 5m;", - "c": "`mail`, `server`", - "s": "**ssl_session_timeout** `_time_`;" - }, - { - "m": "ngx_mail_ssl_module", - "n": "ssl_trusted_certificate", - "d": "Specifies a `_file_` with trusted CA certificates in the PEM format used to [verify](https://nginx.org/en/docs/mail/ngx_mail_ssl_module.html#ssl_verify_client) client certificates.\nIn contrast to the certificate set by [ssl\\_client\\_certificate](https://nginx.org/en/docs/mail/ngx_mail_ssl_module.html#ssl_client_certificate), the list of these certificates will not be sent to clients.", - "c": "`mail`, `server`", - "s": "**ssl_trusted_certificate** `_file_`;" - }, - { - "m": "ngx_mail_ssl_module", - "n": "ssl_verify_client", - "d": "Enables verification of client certificates. The verification result is passed in the “Auth-SSL-Verify” header of the [authentication](https://nginx.org/en/docs/mail/ngx_mail_auth_http_module.html#auth_http) request.\nThe `optional` parameter requests the client certificate and verifies it if the certificate is present.\nThe `optional_no_ca` parameter requests the client certificate but does not require it to be signed by a trusted CA certificate. This is intended for the use in cases when a service that is external to nginx performs the actual certificate verification. The contents of the certificate is accessible through requests [sent](https://nginx.org/en/docs/mail/ngx_mail_auth_http_module.html#auth_http_pass_client_cert) to the authentication server.", - "v": "ssl\\_verify\\_client off;", - "c": "`mail`, `server`", - "s": "**ssl_verify_client** `on` | `off` | `optional` | `optional_no_ca`;" - }, - { - "m": "ngx_mail_ssl_module", - "n": "ssl_verify_depth", - "d": "Sets the verification depth in the client certificates chain.", - "v": "ssl\\_verify\\_depth 1;", - "c": "`mail`, `server`", - "s": "**ssl_verify_depth** `_number_`;" - }, - { - "m": "ngx_mail_ssl_module", - "n": "starttls", - "d": "\n`on`\n\nallow usage of the `STLS` command for the POP3 and the `STARTTLS` command for the IMAP and SMTP;\n\n`off`\n\ndeny usage of the `STLS` and `STARTTLS` commands;\n\n`only`\n\nrequire preliminary TLS transition.\n", - "v": "starttls off;", - "c": "`mail`, `server`", - "s": "**starttls** `on` | `off` | `only`;" - }, - { - "m": "ngx_mail_imap_module", - "n": "imap_auth", - "d": "Sets permitted methods of authentication for IMAP clients. Supported methods are:\n`plain`\n\n[LOGIN](https://datatracker.ietf.org/doc/html/rfc3501), [AUTH=PLAIN](https://datatracker.ietf.org/doc/html/rfc4616)\n\n`login`\n\n[AUTH=LOGIN](https://datatracker.ietf.org/doc/html/draft-murchison-sasl-login-00)\n\n`cram-md5`\n\n[AUTH=CRAM-MD5](https://datatracker.ietf.org/doc/html/rfc2195). In order for this method to work, the password must be stored unencrypted.\n\n`external`\n\n[AUTH=EXTERNAL](https://datatracker.ietf.org/doc/html/rfc4422) (1.11.6).\n\nPlain text authentication methods (the `LOGIN` command, `AUTH=PLAIN`, and `AUTH=LOGIN`) are always enabled, though if the `plain` and `login` methods are not specified, `AUTH=PLAIN` and `AUTH=LOGIN` will not be automatically included in [imap\\_capabilities](https://nginx.org/en/docs/mail/ngx_mail_imap_module.html#imap_capabilities).", - "v": "imap\\_auth plain;", - "c": "`mail`, `server`", - "s": "**imap_auth** `_method_` ...;" - }, - { - "m": "ngx_mail_imap_module", - "n": "imap_capabilities", - "d": "Sets the [IMAP protocol](https://datatracker.ietf.org/doc/html/rfc3501) extensions list that is passed to the client in response to the `CAPABILITY` command. The authentication methods specified in the [imap\\_auth](https://nginx.org/en/docs/mail/ngx_mail_imap_module.html#imap_auth) directive and [STARTTLS](https://datatracker.ietf.org/doc/html/rfc2595) are automatically added to this list depending on the [starttls](https://nginx.org/en/docs/mail/ngx_mail_ssl_module.html#starttls) directive value.\nIt makes sense to specify the extensions supported by the IMAP backends to which the clients are proxied (if these extensions are related to commands used after the authentication, when nginx transparently proxies a client connection to the backend).\nThe current list of standardized extensions is published at [www.iana.org](http://www.iana.org/assignments/imap4-capabilities).", - "v": "imap\\_capabilities IMAP4 IMAP4rev1 UIDPLUS;", - "c": "`mail`, `server`", - "s": "**imap_capabilities** `_extension_` ...;" - }, - { - "m": "ngx_mail_imap_module", - "n": "imap_client_buffer", - "d": "Sets the `_size_` of the buffer used for reading IMAP commands. By default, the buffer size is equal to one memory page. This is either 4K or 8K, depending on a platform.", - "v": "imap\\_client\\_buffer 4k|8k;", - "c": "`mail`, `server`", - "s": "**imap_client_buffer** `_size_`;" - }, - { - "m": "ngx_mail_pop3_module", - "n": "pop3_auth", - "d": "Sets permitted methods of authentication for POP3 clients. Supported methods are:\n`plain`\n\n[USER/PASS](https://datatracker.ietf.org/doc/html/rfc1939), [AUTH PLAIN](https://datatracker.ietf.org/doc/html/rfc4616), [AUTH LOGIN](https://datatracker.ietf.org/doc/html/draft-murchison-sasl-login-00)\n\n`apop`\n\n[APOP](https://datatracker.ietf.org/doc/html/rfc1939). In order for this method to work, the password must be stored unencrypted.\n\n`cram-md5`\n\n[AUTH CRAM-MD5](https://datatracker.ietf.org/doc/html/rfc2195). In order for this method to work, the password must be stored unencrypted.\n\n`external`\n\n[AUTH EXTERNAL](https://datatracker.ietf.org/doc/html/rfc4422) (1.11.6).\n\nPlain text authentication methods (`USER/PASS`, `AUTH PLAIN`, and `AUTH LOGIN`) are always enabled, though if the `plain` method is not specified, `AUTH PLAIN` and `AUTH LOGIN` will not be automatically included in [pop3\\_capabilities](https://nginx.org/en/docs/mail/ngx_mail_pop3_module.html#pop3_capabilities).", - "v": "pop3\\_auth plain;", - "c": "`mail`, `server`", - "s": "**pop3_auth** `_method_` ...;" - }, - { - "m": "ngx_mail_pop3_module", - "n": "pop3_capabilities", - "d": "Sets the [POP3 protocol](https://datatracker.ietf.org/doc/html/rfc2449) extensions list that is passed to the client in response to the `CAPA` command. The authentication methods specified in the [pop3\\_auth](https://nginx.org/en/docs/mail/ngx_mail_pop3_module.html#pop3_auth) directive ([SASL](https://datatracker.ietf.org/doc/html/rfc2449) extension) and [STLS](https://datatracker.ietf.org/doc/html/rfc2595) are automatically added to this list depending on the [starttls](https://nginx.org/en/docs/mail/ngx_mail_ssl_module.html#starttls) directive value.\nIt makes sense to specify the extensions supported by the POP3 backends to which the clients are proxied (if these extensions are related to commands used after the authentication, when nginx transparently proxies the client connection to the backend).\nThe current list of standardized extensions is published at [www.iana.org](http://www.iana.org/assignments/pop3-extension-mechanism).", - "v": "pop3\\_capabilities TOP USER UIDL;", - "c": "`mail`, `server`", - "s": "**pop3_capabilities** `_extension_` ...;" - }, - { - "m": "ngx_mail_smtp_module", - "n": "smtp_auth", - "d": "Sets permitted methods of [SASL authentication](https://datatracker.ietf.org/doc/html/rfc2554) for SMTP clients. Supported methods are:\n`plain`\n\n[AUTH PLAIN](https://datatracker.ietf.org/doc/html/rfc4616)\n\n`login`\n\n[AUTH LOGIN](https://datatracker.ietf.org/doc/html/draft-murchison-sasl-login-00)\n\n`cram-md5`\n\n[AUTH CRAM-MD5](https://datatracker.ietf.org/doc/html/rfc2195). In order for this method to work, the password must be stored unencrypted.\n\n`external`\n\n[AUTH EXTERNAL](https://datatracker.ietf.org/doc/html/rfc4422) (1.11.6).\n\n`none`\n\nAuthentication is not required.\n\nPlain text authentication methods (`AUTH PLAIN` and `AUTH LOGIN`) are always enabled, though if the `plain` and `login` methods are not specified, `AUTH PLAIN` and `AUTH LOGIN` will not be automatically included in [smtp\\_capabilities](https://nginx.org/en/docs/mail/ngx_mail_smtp_module.html#smtp_capabilities).", - "v": "smtp\\_auth plain login;", - "c": "`mail`, `server`", - "s": "**smtp_auth** `_method_` ...;" - }, - { - "m": "ngx_mail_smtp_module", - "n": "smtp_capabilities", - "d": "Sets the SMTP protocol extensions list that is passed to the client in response to the `EHLO` command. The authentication methods specified in the [smtp\\_auth](https://nginx.org/en/docs/mail/ngx_mail_smtp_module.html#smtp_auth) directive and [STARTTLS](https://datatracker.ietf.org/doc/html/rfc3207) are automatically added to this list depending on the [starttls](https://nginx.org/en/docs/mail/ngx_mail_ssl_module.html#starttls) directive value.\nIt makes sense to specify the extensions supported by the MTA to which the clients are proxied (if these extensions are related to commands used after the authentication, when nginx transparently proxies the client connection to the backend).\nThe current list of standardized extensions is published at [www.iana.org](http://www.iana.org/assignments/mail-parameters).", - "c": "`mail`, `server`", - "s": "**smtp_capabilities** `_extension_` ...;" - }, - { - "m": "ngx_mail_smtp_module", - "n": "smtp_client_buffer", - "d": "Sets the `_size_` of the buffer used for reading SMTP commands. By default, the buffer size is equal to one memory page. This is either 4K or 8K, depending on a platform.", - "v": "smtp\\_client\\_buffer 4k|8k;", - "c": "`mail`, `server`", - "s": "**smtp_client_buffer** `_size_`;" - }, - { - "m": "ngx_mail_smtp_module", - "n": "smtp_greeting_delay", - "d": "Allows setting a delay before sending an SMTP greeting in order to reject clients who fail to wait for the greeting before sending SMTP commands.", - "v": "smtp\\_greeting\\_delay 0;", - "c": "`mail`, `server`", - "s": "**smtp_greeting_delay** `_time_`;" - }, - { - "m": "ngx_stream_core_module", - "n": "listen", - "d": "Sets the `_address_` and `_port_` for the socket on which the server will accept connections. It is possible to specify just the port. The address can also be a hostname, for example:\n```\nlisten 127.0.0.1:12345;\nlisten *:12345;\nlisten 12345; # same as *:12345\nlisten localhost:12345;\n\n```\nIPv6 addresses are specified in square brackets:\n```\nlisten [::1]:12345;\nlisten [::]:12345;\n\n```\nUNIX-domain sockets are specified with the “`unix:`” prefix:\n```\nlisten unix:/var/run/nginx.sock;\n\n```\n", - "c": "`server`", - "s": "**listen** `_address_`:`_port_` [`ssl`] [`udp`] [`proxy_protocol`] [`fastopen`=`_number_`] [`backlog`=`_number_`] [`rcvbuf`=`_size_`] [`sndbuf`=`_size_`] [`bind`] [`ipv6only`=`on`|`off`] [`reuseport`] [`so_keepalive`=`on`|`off`|[`_keepidle_`]:[`_keepintvl_`]:[`_keepcnt_`]];" - }, - { - "m": "ngx_stream_core_module", - "n": "listen_port_range", - "d": "Port ranges (1.15.10) are specified with the first and last port separated by a hyphen:\n```\nlisten 127.0.0.1:12345-12399;\nlisten 12345-12399;\n\n```\n\nThe `ssl` parameter allows specifying that all connections accepted on this port should work in SSL mode.", - "c": "`server`", - "s": "**listen** `_address_`:`_port_` [`ssl`] [`udp`] [`proxy_protocol`] [`fastopen`=`_number_`] [`backlog`=`_number_`] [`rcvbuf`=`_size_`] [`sndbuf`=`_size_`] [`bind`] [`ipv6only`=`on`|`off`] [`reuseport`] [`so_keepalive`=`on`|`off`|[`_keepidle_`]:[`_keepintvl_`]:[`_keepcnt_`]];" - }, - { - "m": "ngx_stream_core_module", - "n": "udp", - "d": "The `udp` parameter configures a listening socket for working with datagrams (1.9.13). In order to handle packets from the same address and port in the same session, the [`reuseport`](https://nginx.org/en/docs/stream/ngx_stream_core_module.html#reuseport) parameter should also be specified.", - "c": "`server`", - "s": "**listen** `_address_`:`_port_` [`ssl`] [`udp`] [`proxy_protocol`] [`fastopen`=`_number_`] [`backlog`=`_number_`] [`rcvbuf`=`_size_`] [`sndbuf`=`_size_`] [`bind`] [`ipv6only`=`on`|`off`] [`reuseport`] [`so_keepalive`=`on`|`off`|[`_keepidle_`]:[`_keepintvl_`]:[`_keepcnt_`]];" - }, - { - "m": "ngx_stream_core_module", - "n": "proxy_protocol", - "d": "The `proxy_protocol` parameter (1.11.4) allows specifying that all connections accepted on this port should use the [PROXY protocol](http://www.haproxy.org/download/1.8/doc/proxy-protocol.txt).\nThe PROXY protocol version 2 is supported since version 1.13.11.\n\nThe `listen` directive can have several additional parameters specific to socket-related system calls.\n`fastopen`\\=`_number_`\n\nenables “[TCP Fast Open](http://en.wikipedia.org/wiki/TCP_Fast_Open)” for the listening socket (1.21.0) and [limits](https://datatracker.ietf.org/doc/html/rfc7413#section-5.1) the maximum length for the queue of connections that have not yet completed the three-way handshake.\n\n> Do not enable this feature unless the server can handle receiving the [same SYN packet with data](https://datatracker.ietf.org/doc/html/rfc7413#section-6.1) more than once.\n\n`backlog`\\=`_number_`\n\nsets the `backlog` parameter in the `listen()` call that limits the maximum length for the queue of pending connections (1.9.2). By default, `backlog` is set to -1 on FreeBSD, DragonFly BSD, and macOS, and to 511 on other platforms.\n\n`rcvbuf`\\=`_size_`\n\nsets the receive buffer size (the `SO_RCVBUF` option) for the listening socket (1.11.13).\n\n`sndbuf`\\=`_size_`\n\nsets the send buffer size (the `SO_SNDBUF` option) for the listening socket (1.11.13).\n\n`bind`\n\nthis parameter instructs to make a separate `bind()` call for a given address:port pair. The fact is that if there are several `listen` directives with the same port but different addresses, and one of the `listen` directives listens on all addresses for the given port (`*:``_port_`), nginx will `bind()` only to `*:``_port_`. It should be noted that the `getsockname()` system call will be made in this case to determine the address that accepted the connection. If the `backlog`, `rcvbuf`, `sndbuf`, `ipv6only`, `reuseport`, or `so_keepalive` parameters are used then for a given `_address_`:`_port_` pair a separate `bind()` call will always be made.\n\n`ipv6only`\\=`on`|`off`\n\nthis parameter determines (via the `IPV6_V6ONLY` socket option) whether an IPv6 socket listening on a wildcard address `[::]` will accept only IPv6 connections or both IPv6 and IPv4 connections. This parameter is turned on by default. It can only be set once on start.\n\n`reuseport`\n\nthis parameter (1.9.1) instructs to create an individual listening socket for each worker process (using the `SO_REUSEPORT` socket option on Linux 3.9+ and DragonFly BSD, or `SO_REUSEPORT_LB` on FreeBSD 12+), allowing a kernel to distribute incoming connections between worker processes. This currently works only on Linux 3.9+, DragonFly BSD, and FreeBSD 12+ (1.15.1).\n\n> Inappropriate use of this option may have its security [implications](http://man7.org/linux/man-pages/man7/socket.7.html).\n\n`so_keepalive`\\=`on`|`off`|\\[`_keepidle_`\\]:\\[`_keepintvl_`\\]:\\[`_keepcnt_`\\]\n\nthis parameter configures the “TCP keepalive” behavior for the listening socket. If this parameter is omitted then the operating system’s settings will be in effect for the socket. If it is set to the value “`on`”, the `SO_KEEPALIVE` option is turned on for the socket. If it is set to the value “`off`”, the `SO_KEEPALIVE` option is turned off for the socket. Some operating systems support setting of TCP keepalive parameters on a per-socket basis using the `TCP_KEEPIDLE`, `TCP_KEEPINTVL`, and `TCP_KEEPCNT` socket options. On such systems (currently, Linux 2.4+, NetBSD 5+, and FreeBSD 9.0-STABLE), they can be configured using the `_keepidle_`, `_keepintvl_`, and `_keepcnt_` parameters. One or two parameters may be omitted, in which case the system default setting for the corresponding socket option will be in effect. For example,\n\n> so\\_keepalive=30m::10\n\nwill set the idle timeout (`TCP_KEEPIDLE`) to 30 minutes, leave the probe interval (`TCP_KEEPINTVL`) at its system default, and set the probes count (`TCP_KEEPCNT`) to 10 probes.\n\nDifferent servers must listen on different `_address_`:`_port_` pairs.", - "c": "`server`", - "s": "**listen** `_address_`:`_port_` [`ssl`] [`udp`] [`proxy_protocol`] [`fastopen`=`_number_`] [`backlog`=`_number_`] [`rcvbuf`=`_size_`] [`sndbuf`=`_size_`] [`bind`] [`ipv6only`=`on`|`off`] [`reuseport`] [`so_keepalive`=`on`|`off`|[`_keepidle_`]:[`_keepintvl_`]:[`_keepcnt_`]];" - }, - { - "m": "ngx_stream_core_module", - "n": "preread_buffer_size", - "d": "Specifies a `_size_` of the [preread](https://nginx.org/en/docs/stream/stream_processing.html#preread_phase) buffer.", - "v": "preread\\_buffer\\_size 16k;", - "c": "`stream`, `server`", - "s": "**preread_buffer_size** `_size_`;" - }, - { - "m": "ngx_stream_core_module", - "n": "preread_timeout", - "d": "Specifies a `_timeout_` of the [preread](https://nginx.org/en/docs/stream/stream_processing.html#preread_phase) phase.", - "v": "preread\\_timeout 30s;", - "c": "`stream`, `server`", - "s": "**preread_timeout** `_timeout_`;" - }, - { - "m": "ngx_stream_core_module", - "n": "proxy_protocol_timeout", - "d": "Specifies a `_timeout_` for reading the PROXY protocol header to complete. If no entire header is transmitted within this time, the connection is closed.", - "v": "proxy\\_protocol\\_timeout 30s;", - "c": "`stream`, `server`", - "s": "**proxy_protocol_timeout** `_timeout_`;" - }, - { - "m": "ngx_stream_core_module", - "n": "resolver", - "d": "Configures name servers used to resolve names of upstream servers into addresses, for example:\n```\nresolver 127.0.0.1 [::1]:5353;\n\n```\nThe address can be specified as a domain name or IP address, with an optional port. If port is not specified, the port 53 is used. Name servers are queried in a round-robin fashion.", - "c": "`stream`, `server`", - "s": "**resolver** `_address_` ... [`valid`=`_time_`] [`ipv4`=`on`|`off`] [`ipv6`=`on`|`off`] [`status_zone`=`_zone_`];" - }, - { - "m": "ngx_stream_core_module", - "n": "resolver_ipv6", - "d": "By default, nginx will look up both IPv4 and IPv6 addresses while resolving. If looking up of IPv4 or IPv6 addresses is not desired, the `ipv4=off` (1.23.1) or the `ipv6=off` parameter can be specified.", - "c": "`stream`, `server`", - "s": "**resolver** `_address_` ... [`valid`=`_time_`] [`ipv4`=`on`|`off`] [`ipv6`=`on`|`off`] [`status_zone`=`_zone_`];" - }, - { - "m": "ngx_stream_core_module", - "n": "resolver_valid", - "d": "By default, nginx caches answers using the TTL value of a response. The optional `valid` parameter allows overriding it:\n```\nresolver 127.0.0.1 [::1]:5353 valid=30s;\n\n```\n\nTo prevent DNS spoofing, it is recommended configuring DNS servers in a properly secured trusted local network.\n", - "c": "`stream`, `server`", - "s": "**resolver** `_address_` ... [`valid`=`_time_`] [`ipv4`=`on`|`off`] [`ipv6`=`on`|`off`] [`status_zone`=`_zone_`];" - }, - { - "m": "ngx_stream_core_module", - "n": "resolver_status_zone", - "d": "The optional `status_zone` parameter (1.17.1) enables [collection](https://nginx.org/en/docs/http/ngx_http_api_module.html#resolvers_) of DNS server statistics of requests and responses in the specified `_zone_`. The parameter is available as part of our [commercial subscription](http://nginx.com/products/).\n\nBefore version 1.11.3, this directive was available as part of our [commercial subscription](http://nginx.com/products/).\n", - "c": "`stream`, `server`", - "s": "**resolver** `_address_` ... [`valid`=`_time_`] [`ipv4`=`on`|`off`] [`ipv6`=`on`|`off`] [`status_zone`=`_zone_`];" - }, - { - "m": "ngx_stream_core_module", - "n": "resolver_timeout", - "d": "Sets a timeout for name resolution, for example:\n```\nresolver_timeout 5s;\n\n```\n\nBefore version 1.11.3, this directive was available as part of our [commercial subscription](http://nginx.com/products/).\n", - "v": "resolver\\_timeout 30s;", - "c": "`stream`, `server`", - "s": "**resolver_timeout** `_time_`;" - }, - { - "m": "ngx_stream_core_module", - "n": "server", - "d": "Sets the configuration for a server.", - "c": "`stream`", - "s": "**server** { ... }" - }, - { - "m": "ngx_stream_core_module", - "n": "stream", - "d": "Provides the configuration file context in which the stream server directives are specified.", - "c": "`main`", - "s": "**stream** { ... }" - }, - { - "m": "ngx_stream_core_module", - "n": "tcp_nodelay", - "d": "Enables or disables the use of the `TCP_NODELAY` option. The option is enabled for both client and proxied server connections.", - "v": "tcp\\_nodelay on;", - "c": "`stream`, `server`", - "s": "**tcp_nodelay** `on` | `off`;" - }, - { - "m": "ngx_stream_core_module", - "n": "variables_hash_bucket_size", - "d": "Sets the bucket size for the variables hash table. The details of setting up hash tables are provided in a separate [document](https://nginx.org/en/docs/hash.html).", - "v": "variables\\_hash\\_bucket\\_size 64;", - "c": "`stream`", - "s": "**variables_hash_bucket_size** `_size_`;" - }, - { - "m": "ngx_stream_core_module", - "n": "variables_hash_max_size", - "d": "Sets the maximum `_size_` of the variables hash table. The details of setting up hash tables are provided in a separate [document](https://nginx.org/en/docs/hash.html).", - "v": "variables\\_hash\\_max\\_size 1024;", - "c": "`stream`", - "s": "**variables_hash_max_size** `_size_`;" - }, - { - "m": "ngx_stream_core_module", - "n": "variables", - "d": "#### Embedded Variables\nThe `ngx_stream_core_module` module supports variables since 1.11.2.\n`$binary_remote_addr`\n\nclient address in a binary form, value’s length is always 4 bytes for IPv4 addresses or 16 bytes for IPv6 addresses\n\n`$bytes_received`\n\nnumber of bytes received from a client (1.11.4)\n\n`$bytes_sent`\n\nnumber of bytes sent to a client\n\n`$connection`\n\nconnection serial number\n\n`$hostname`\n\nhost name\n\n`$msec`\n\ncurrent time in seconds with the milliseconds resolution\n\n`$nginx_version`\n\nnginx version\n\n`$pid`\n\nPID of the worker process\n\n`$protocol`\n\nprotocol used to communicate with the client: `TCP` or `UDP` (1.11.4)\n\n`$proxy_protocol_addr`\n\nclient address from the PROXY protocol header (1.11.4)\n\nThe PROXY protocol must be previously enabled by setting the `proxy_protocol` parameter in the [listen](https://nginx.org/en/docs/stream/ngx_stream_core_module.html#listen) directive.\n\n`$proxy_protocol_port`\n\nclient port from the PROXY protocol header (1.11.4)\n\nThe PROXY protocol must be previously enabled by setting the `proxy_protocol` parameter in the [listen](https://nginx.org/en/docs/stream/ngx_stream_core_module.html#listen) directive.\n\n`$proxy_protocol_server_addr`\n\nserver address from the PROXY protocol header (1.17.6)\n\nThe PROXY protocol must be previously enabled by setting the `proxy_protocol` parameter in the [listen](https://nginx.org/en/docs/stream/ngx_stream_core_module.html#listen) directive.\n\n`$proxy_protocol_server_port`\n\nserver port from the PROXY protocol header (1.17.6)\n\nThe PROXY protocol must be previously enabled by setting the `proxy_protocol` parameter in the [listen](https://nginx.org/en/docs/stream/ngx_stream_core_module.html#listen) directive.\n\n`$proxy_protocol_tlv_``_name_`\n\nTLV from the PROXY Protocol header (1.23.2). The `name` can be a TLV type name or its numeric value. In the latter case, the value is hexadecimal and should be prefixed with `0x`:\n\n> $proxy\\_protocol\\_tlv\\_alpn\n> $proxy\\_protocol\\_tlv\\_0x01\n\nSSL TLVs can also be accessed by TLV type name or its numeric value, both prefixed by `ssl_`:\n\n> $proxy\\_protocol\\_tlv\\_ssl\\_version\n> $proxy\\_protocol\\_tlv\\_ssl\\_0x21\n\nThe following TLV type names are supported:\n\n* `alpn` (`0x01`) - upper layer protocol used over the connection\n* `authority` (`0x02`) - host name value passed by the client\n* `unique_id` (`0x05`) - unique connection id\n* `netns` (`0x30`) - name of the namespace\n* `ssl` (`0x20`) - binary SSL TLV structure\n\nThe following SSL TLV type names are supported:\n\n* `ssl_version` (`0x21`) - SSL version used in client connection\n* `ssl_cn` (`0x22`) - SSL certificate Common Name\n* `ssl_cipher` (`0x23`) - name of the used cipher\n* `ssl_sig_alg` (`0x24`) - algorithm used to sign the certificate\n* `ssl_key_alg` (`0x25`) - public-key algorithm\n\nAlso, the following special SSL TLV type name is supported:\n\n* `ssl_verify` - client SSL certificate verification result, zero if the client presented a certificate and it was successfully verified, and non-zero otherwise\n\nThe PROXY protocol must be previously enabled by setting the `proxy_protocol` parameter in the [listen](https://nginx.org/en/docs/stream/ngx_stream_core_module.html#listen) directive.\n\n`$remote_addr`\n\nclient address\n\n`$remote_port`\n\nclient port\n\n`$server_addr`\n\nan address of the server which accepted a connection\n\nComputing a value of this variable usually requires one system call. To avoid a system call, the [listen](https://nginx.org/en/docs/stream/ngx_stream_core_module.html#listen) directives must specify addresses and use the `bind` parameter.\n\n`$server_port`\n\nport of the server which accepted a connection\n\n`$session_time`\n\nsession duration in seconds with a milliseconds resolution (1.11.4);\n\n`$status`\n\nsession status (1.11.4), can be one of the following:\n\n`200`\n\nsession completed successfully\n\n`400`\n\nclient data could not be parsed, for example, the [PROXY protocol](https://nginx.org/en/docs/stream/ngx_stream_core_module.html#proxy_protocol) header\n\n`403`\n\naccess forbidden, for example, when access is limited for [certain client addresses](https://nginx.org/en/docs/stream/ngx_stream_access_module.html)\n\n`500`\n\ninternal server error\n\n`502`\n\nbad gateway, for example, if an upstream server could not be selected or reached.\n\n`503`\n\nservice unavailable, for example, when access is limited by the [number of connections](https://nginx.org/en/docs/stream/ngx_stream_limit_conn_module.html)\n\n`$time_iso8601`\n\nlocal time in the ISO 8601 standard format\n\n`$time_local`\n\nlocal time in the Common Log Format\n", - "v": "variables\\_hash\\_max\\_size 1024;", - "c": "`stream`", - "s": "**variables_hash_max_size** `_size_`;" - }, - { - "m": "ngx_stream_core_module", - "n": "$binary_remote_addr", - "d": "local time in the Common Log Format" - }, - { - "m": "ngx_stream_core_module", - "n": "$bytes_received", - "d": "local time in the Common Log Format" - }, - { - "m": "ngx_stream_core_module", - "n": "$bytes_sent", - "d": "local time in the Common Log Format" - }, - { - "m": "ngx_stream_core_module", - "n": "$connection", - "d": "local time in the Common Log Format" - }, - { - "m": "ngx_stream_core_module", - "n": "$hostname", - "d": "local time in the Common Log Format" - }, - { - "m": "ngx_stream_core_module", - "n": "$msec", - "d": "local time in the Common Log Format" - }, - { - "m": "ngx_stream_core_module", - "n": "$nginx_version", - "d": "local time in the Common Log Format" - }, - { - "m": "ngx_stream_core_module", - "n": "$pid", - "d": "local time in the Common Log Format" - }, - { - "m": "ngx_stream_core_module", - "n": "$protocol", - "d": "local time in the Common Log Format" - }, - { - "m": "ngx_stream_core_module", - "n": "$proxy_protocol_addr", - "d": "local time in the Common Log Format" - }, - { - "m": "ngx_stream_core_module", - "n": "$proxy_protocol_port", - "d": "local time in the Common Log Format" - }, - { - "m": "ngx_stream_core_module", - "n": "$proxy_protocol_server_addr", - "d": "local time in the Common Log Format" - }, - { - "m": "ngx_stream_core_module", - "n": "$proxy_protocol_server_port", - "d": "local time in the Common Log Format" - }, - { - "m": "ngx_stream_core_module", - "n": "$proxy_protocol_tlv_name", - "d": "local time in the Common Log Format" - }, - { - "m": "ngx_stream_core_module", - "n": "$remote_addr", - "d": "local time in the Common Log Format" - }, - { - "m": "ngx_stream_core_module", - "n": "$remote_port", - "d": "local time in the Common Log Format" - }, - { - "m": "ngx_stream_core_module", - "n": "$server_addr", - "d": "local time in the Common Log Format" - }, - { - "m": "ngx_stream_core_module", - "n": "$server_port", - "d": "local time in the Common Log Format" - }, - { - "m": "ngx_stream_core_module", - "n": "$session_time", - "d": "local time in the Common Log Format" - }, - { - "m": "ngx_stream_core_module", - "n": "$status", - "d": "local time in the Common Log Format" - }, - { - "m": "ngx_stream_core_module", - "n": "$time_iso8601", - "d": "local time in the Common Log Format" - }, - { - "m": "ngx_stream_core_module", - "n": "$time_local", - "d": "local time in the Common Log Format" - }, - { - "m": "ngx_stream_access_module", - "n": "allow", - "d": "Allows access for the specified network or address. If the special value `unix:` is specified, allows access for all UNIX-domain sockets.", - "c": "`stream`, `server`", - "s": "**allow** `_address_` | `_CIDR_` | `unix:` | `all`;" - }, - { - "m": "ngx_stream_access_module", - "n": "deny", - "d": "Denies access for the specified network or address. If the special value `unix:` is specified, denies access for all UNIX-domain sockets.", - "c": "`stream`, `server`", - "s": "**deny** `_address_` | `_CIDR_` | `unix:` | `all`;" - }, - { - "m": "ngx_stream_geo_module", - "n": "geo", - "d": "Describes the dependency of values of the specified variable on the client IP address. By default, the address is taken from the `$remote_addr` variable, but it can also be taken from another variable, for example:\n```\ngeo $arg_remote_addr $geo {\n ...;\n}\n\n```\n\n\nSince variables are evaluated only when used, the mere existence of even a large number of declared “`geo`” variables does not cause any extra costs for connection processing.\n\nIf the value of a variable does not represent a valid IP address then the “`255.255.255.255`” address is used.\nAddresses are specified either as prefixes in CIDR notation (including individual addresses) or as ranges.\nThe following special parameters are also supported:\n`delete`\n\ndeletes the specified network.\n\n`default`\n\na value set to the variable if the client address does not match any of the specified addresses. When addresses are specified in CIDR notation, “`0.0.0.0/0`” and “`::/0`” can be used instead of `default`. When `default` is not specified, the default value will be an empty string.\n\n`include`\n\nincludes a file with addresses and values. There can be several inclusions.\n\n`ranges`\n\nindicates that addresses are specified as ranges. This parameter should be the first. To speed up loading of a geo base, addresses should be put in ascending order.\n\nExample:\n```\ngeo $country {\n default ZZ;\n include conf/geo.conf;\n delete 127.0.0.0/16;\n\n 127.0.0.0/24 US;\n 127.0.0.1/32 RU;\n 10.1.0.0/16 RU;\n 192.168.1.0/24 UK;\n}\n\n```\n\nThe `conf/geo.conf` file could contain the following lines:\n```\n10.2.0.0/16 RU;\n192.168.2.0/24 RU;\n\n```\n\nA value of the most specific match is used. For example, for the 127.0.0.1 address the value “`RU`” will be chosen, not “`US`”.\nExample with ranges:\n```\ngeo $country {\n ranges;\n default ZZ;\n 127.0.0.0-127.0.0.0 US;\n 127.0.0.1-127.0.0.1 RU;\n 127.0.0.1-127.0.0.255 US;\n 10.1.0.0-10.1.255.255 RU;\n 192.168.1.0-192.168.1.255 UK;\n}\n\n```\n", - "c": "`stream`", - "s": "**geo** [`_$address_`] `_$variable_` { ... }" - }, - { - "m": "ngx_stream_geoip_module", - "n": "geoip_country", - "d": "Specifies a database used to determine the country depending on the client IP address. The following variables are available when using this database:\n`$geoip_country_code`\n\ntwo-letter country code, for example, “`RU`”, “`US`”.\n\n`$geoip_country_code3`\n\nthree-letter country code, for example, “`RUS`”, “`USA`”.\n\n`$geoip_country_name`\n\ncountry name, for example, “`Russian Federation`”, “`United States`”.\n", - "c": "`stream`", - "s": "**geoip_country** `_file_`;" - }, - { - "m": "ngx_stream_geoip_module", - "n": "geoip_city", - "d": "Specifies a database used to determine the country, region, and city depending on the client IP address. The following variables are available when using this database:\n`$geoip_area_code`\n\ntelephone area code (US only).\n\n> This variable may contain outdated information since the corresponding database field is deprecated.\n\n`$geoip_city_continent_code`\n\ntwo-letter continent code, for example, “`EU`”, “`NA`”.\n\n`$geoip_city_country_code`\n\ntwo-letter country code, for example, “`RU`”, “`US`”.\n\n`$geoip_city_country_code3`\n\nthree-letter country code, for example, “`RUS`”, “`USA`”.\n\n`$geoip_city_country_name`\n\ncountry name, for example, “`Russian Federation`”, “`United States`”.\n\n`$geoip_dma_code`\n\nDMA region code in US (also known as “metro code”), according to the [geotargeting](https://developers.google.com/adwords/api/docs/appendix/cities-DMAregions) in Google AdWords API.\n\n`$geoip_latitude`\n\nlatitude.\n\n`$geoip_longitude`\n\nlongitude.\n\n`$geoip_region`\n\ntwo-symbol country region code (region, territory, state, province, federal land and the like), for example, “`48`”, “`DC`”.\n\n`$geoip_region_name`\n\ncountry region name (region, territory, state, province, federal land and the like), for example, “`Moscow City`”, “`District of Columbia`”.\n\n`$geoip_city`\n\ncity name, for example, “`Moscow`”, “`Washington`”.\n\n`$geoip_postal_code`\n\npostal code.\n", - "c": "`stream`", - "s": "**geoip_city** `_file_`;" - }, - { - "m": "ngx_stream_geoip_module", - "n": "geoip_org", - "d": "Specifies a database used to determine the organization depending on the client IP address. The following variable is available when using this database:\n`$geoip_org`\n\norganization name, for example, “The University of Melbourne”.\n", - "c": "`stream`", - "s": "**geoip_org** `_file_`;" - }, - { - "m": "ngx_stream_js_module", - "n": "js_access", - "d": "Sets an njs function which will be called at the [access](https://nginx.org/en/docs/stream/stream_processing.html#access_phase) phase. Since [0.4.0](https://nginx.org/en/docs/njs/changes.html#njs0.4.0), a module function can be referenced.\nThe function is called once at the moment when the stream session reaches the [access](https://nginx.org/en/docs/stream/stream_processing.html#access_phase) phase for the first time. The function is called with the following arguments:\n`s`\n\nthe [Stream Session](https://nginx.org/en/docs/njs/reference.html#stream) object\n\nAt this phase, it is possible to perform initialization or register a callback with the [`s.on()`](https://nginx.org/en/docs/njs/reference.html#s_on) method for each incoming data chunk until one of the following methods are called: [`s.allow()`](https://nginx.org/en/docs/njs/reference.html#s_allow), [`s.decline()`](https://nginx.org/en/docs/njs/reference.html#s_decline), [`s.done()`](https://nginx.org/en/docs/njs/reference.html#s_done). As soon as one of these methods is called, the stream session processing switches to the [next phase](https://nginx.org/en/docs/stream/stream_processing.html) and all current [`s.on()`](https://nginx.org/en/docs/njs/reference.html#s_on) callbacks are dropped.", - "c": "`stream`, `server`", - "s": "**js_access** `_function_` | `_module.function_`;" - }, - { - "m": "ngx_stream_js_module", - "n": "js_fetch_buffer_size", - "d": "Sets the `_size_` of the buffer used for reading and writing with [Fetch API](https://nginx.org/en/docs/njs/reference.html#ngx_fetch).", - "v": "js\\_fetch\\_buffer\\_size 16k;", - "c": "`stream`, `server`", - "s": "**js_fetch_buffer_size** `_size_`;" - }, - { - "m": "ngx_stream_js_module", - "n": "js_fetch_ciphers", - "d": "Specifies the enabled ciphers for HTTPS connections with [Fetch API](https://nginx.org/en/docs/njs/reference.html#ngx_fetch). The ciphers are specified in the format understood by the OpenSSL library.\nThe full list can be viewed using the “`openssl ciphers`” command.", - "v": "js\\_fetch\\_ciphers HIGH:!aNULL:!MD5;", - "c": "`stream`, `server`", - "s": "**js_fetch_ciphers** `_ciphers_`;" - }, - { - "m": "ngx_stream_js_module", - "n": "js_fetch_max_response_buffer_size", - "d": "Sets the maximum `_size_` of the response received with [Fetch API](https://nginx.org/en/docs/njs/reference.html#ngx_fetch).", - "v": "js\\_fetch\\_max\\_response\\_buffer\\_size 1m;", - "c": "`stream`, `server`", - "s": "**js_fetch_max_response_buffer_size** `_size_`;" - }, - { - "m": "ngx_stream_js_module", - "n": "js_fetch_protocols", - "d": "Enables the specified protocols for HTTPS connections with [Fetch API](https://nginx.org/en/docs/njs/reference.html#ngx_fetch).", - "v": "js\\_fetch\\_protocols TLSv1 TLSv1.1 TLSv1.2;", - "c": "`stream`, `server`", - "s": "**js_fetch_protocols** [`TLSv1`] [`TLSv1.1`] [`TLSv1.2`] [`TLSv1.3`];" - }, - { - "m": "ngx_stream_js_module", - "n": "js_fetch_timeout", - "d": "Defines a timeout for reading and writing for [Fetch API](https://nginx.org/en/docs/njs/reference.html#ngx_fetch). The timeout is set only between two successive read/write operations, not for the whole response. If no data is transmitted within this time, the connection is closed.", - "v": "js\\_fetch\\_timeout 60s;", - "c": "`stream`, `server`", - "s": "**js_fetch_timeout** `_time_`;" - }, - { - "m": "ngx_stream_js_module", - "n": "js_fetch_trusted_certificate", - "d": "Specifies a `_file_` with trusted CA certificates in the PEM format used to [verify](https://nginx.org/en/docs/njs/reference.html#fetch_verify) the HTTPS certificate with [Fetch API](https://nginx.org/en/docs/njs/reference.html#ngx_fetch).", - "c": "`stream`, `server`", - "s": "**js_fetch_trusted_certificate** `_file_`;" - }, - { - "m": "ngx_stream_js_module", - "n": "js_fetch_verify", - "d": "Enables or disables verification of the HTTPS server certificate with [Fetch API](https://nginx.org/en/docs/njs/reference.html#ngx_fetch).", - "v": "js\\_fetch\\_verify on;", - "c": "`stream`, `server`", - "s": "**js_fetch_verify** `on` | `off`;" - }, - { - "m": "ngx_stream_js_module", - "n": "js_fetch_verify_depth", - "d": "Sets the verification depth in the HTTPS server certificates chain with [Fetch API](https://nginx.org/en/docs/njs/reference.html#ngx_fetch).", - "v": "js\\_fetch\\_verify\\_depth 100;", - "c": "`stream`, `server`", - "s": "**js_fetch_verify_depth** `_number_`;" - }, - { - "m": "ngx_stream_js_module", - "n": "js_filter", - "d": "Sets a data filter. Since [0.4.0](https://nginx.org/en/docs/njs/changes.html#njs0.4.0), a module function can be referenced. The filter function is called once at the moment when the stream session reaches the [content](https://nginx.org/en/docs/stream/stream_processing.html#content_phase) phase.\nThe filter function is called with the following arguments:\n`s`\n\nthe [Stream Session](https://nginx.org/en/docs/njs/reference.html#stream) object\n\nAt this phase, it is possible to perform initialization or register a callback with the [`s.on()`](https://nginx.org/en/docs/njs/reference.html#s_on) method for each incoming data chunk. The [`s.off()`](https://nginx.org/en/docs/njs/reference.html#s_off) method may be used to unregister a callback and stop filtering.\n\nAs the `js_filter` handler returns its result immediately, it supports only synchronous operations. Thus, asynchronous operations such as [`ngx.fetch()`](https://nginx.org/en/docs/njs/reference.html#ngx_fetch) or [`setTimeout()`](https://nginx.org/en/docs/njs/reference.html#settimeout) are not supported.\n", - "c": "`stream`, `server`", - "s": "**js_filter** `_function_` | `_module.function_`;" - }, - { - "m": "ngx_stream_js_module", - "n": "js_import", - "d": "Imports a module that implements location and variable handlers in njs. The `export_name` is used as a namespace to access module functions. If the `export_name` is not specified, the module name will be used as a namespace.\n```\njs_import stream.js;\n\n```\nHere, the module name `stream` is used as a namespace while accessing exports. If the imported module exports `foo()`, `stream.foo` is used to refer to it.\nSeveral `js_import` directives can be specified.\n\nThe directive can be specified on the `server` level since [0.7.7](https://nginx.org/en/docs/njs/changes.html#njs0.7.7).\n", - "c": "`stream`, `server`", - "s": "**js_import** `_module.js_` | `_export_name from module.js_`;" - }, - { - "m": "ngx_stream_js_module", - "n": "js_include", - "d": "Specifies a file that implements server and variable handlers in njs:\n```\nnginx.conf:\njs_include stream.js;\njs_set $js_addr address;\nserver {\n listen 127.0.0.1:12345;\n return $js_addr;\n}\n\nstream.js:\nfunction address(s) {\n return s.remoteAddress;\n}\n\n```\n\nThe directive was made obsolete in version [0.4.0](https://nginx.org/en/docs/njs/changes.html#njs0.4.0) and was removed in version [0.7.1](https://nginx.org/en/docs/njs/changes.html#njs0.7.1). The [js\\_import](https://nginx.org/en/docs/stream/ngx_stream_js_module.html#js_import) directive should be used instead.", - "c": "`stream`", - "s": "**js_include** `_file_`;" - }, - { - "m": "ngx_stream_js_module", - "n": "js_path", - "d": "Sets an additional path for njs modules.\n\nThe directive can be specified on the `server` level since [0.7.7](https://nginx.org/en/docs/njs/changes.html#njs0.7.7).\n", - "c": "`stream`, `server`", - "s": "**js_path** `_path_`;" - }, - { - "m": "ngx_stream_js_module", - "n": "js_preload_object", - "d": "Preloads an immutable object at configure time. The `name` is used a name of the global variable though which the object is available in njs code. If the `name` is not specified, the file name will be used instead.\n```\njs_preload_object map.json;\n\n```\nHere, the `map` is used as a name while accessing the preloaded object.\nSeveral `js_preload_object` directives can be specified.", - "c": "`stream`, `server`", - "s": "**js_preload_object** `_name.json_` | `_name_` from `_file.json_`;" - }, - { - "m": "ngx_stream_js_module", - "n": "js_preread", - "d": "Sets an njs function which will be called at the [preread](https://nginx.org/en/docs/stream/stream_processing.html#preread_phase) phase. Since [0.4.0](https://nginx.org/en/docs/njs/changes.html#njs0.4.0), a module function can be referenced.\nThe function is called once at the moment when the stream session reaches the [preread](https://nginx.org/en/docs/stream/stream_processing.html#preread_phase) phase for the first time. The function is called with the following arguments:\n`s`\n\nthe [Stream Session](https://nginx.org/en/docs/njs/reference.html#stream) object\n\nAt this phase, it is possible to perform initialization or register a callback with the [`s.on()`](https://nginx.org/en/docs/njs/reference.html#s_on) method for each incoming data chunk until one of the following methods are called: [`s.allow()`](https://nginx.org/en/docs/njs/reference.html#s_allow), [`s.decline()`](https://nginx.org/en/docs/njs/reference.html#s_decline), [`s.done()`](https://nginx.org/en/docs/njs/reference.html#s_done). When one of these methods is called, the stream session switches to the [next phase](https://nginx.org/en/docs/stream/stream_processing.html) and all current [`s.on()`](https://nginx.org/en/docs/njs/reference.html#s_on) callbacks are dropped.\n\nAs the `js_preread` handler returns its result immediately, it supports only synchronous callbacks. Thus, asynchronous callbacks such as [`ngx.fetch()`](https://nginx.org/en/docs/njs/reference.html#ngx_fetch) or [`setTimeout()`](https://nginx.org/en/docs/njs/reference.html#settimeout) are not supported. Nevertheless, asynchronous operations are supported in [`s.on()`](https://nginx.org/en/docs/njs/reference.html#s_on) callbacks in the [preread](https://nginx.org/en/docs/stream/stream_processing.html#preread_phase) phase. See [this example](https://github.com/nginx/njs-examples#authorizing-connections-using-ngx-fetch-as-auth-request-stream-auth-request) for more information.\n", - "c": "`stream`, `server`", - "s": "**js_preread** `_function_` | `_module.function_`;" - }, - { - "m": "ngx_stream_js_module", - "n": "js_set", - "d": "Sets an njs `function` for the specified `variable`. Since [0.4.0](https://nginx.org/en/docs/njs/changes.html#njs0.4.0), a module function can be referenced.\nThe function is called when the variable is referenced for the first time for a given request. The exact moment depends on a [phase](https://nginx.org/en/docs/stream/stream_processing.html) at which the variable is referenced. This can be used to perform some logic not related to variable evaluation. For example, if the variable is referenced only in the [log\\_format](https://nginx.org/en/docs/stream/ngx_stream_log_module.html#log_format) directive, its handler will not be executed until the log phase. This handler can be used to do some cleanup right before the request is freed.\n\nAs the `js_set` handler returns its result immediately, it supports only synchronous callbacks. Thus, asynchronous callbacks such as [ngx.fetch()](https://nginx.org/en/docs/njs/reference.html#ngx_fetch) or [setTimeout()](https://nginx.org/en/docs/njs/reference.html#settimeout) are not supported.\n\n\nThe directive can be specified on the `server` level since [0.7.7](https://nginx.org/en/docs/njs/changes.html#njs0.7.7).\n", - "c": "`stream`, `server`", - "s": "**js_set** `_$variable_` `_function_` | `_module.function_`;" - }, - { - "m": "ngx_stream_js_module", - "n": "js_var", - "d": "Declares a [writable](https://nginx.org/en/docs/njs/reference.html#r_variables) variable. The value can contain text, variables, and their combination.\n\nThe directive can be specified on the `server` level since [0.7.7](https://nginx.org/en/docs/njs/changes.html#njs0.7.7).\n", - "c": "`stream`, `server`", - "s": "**js_var** `_$variable_` [`_value_`];" - }, - { - "m": "ngx_stream_js_module", - "n": "properties", - "d": "#### Session Object Properties\nEach stream njs handler receives one argument, a stream session [object](https://nginx.org/en/docs/njs/reference.html#stream).", - "c": "`stream`, `server`", - "s": "**js_var** `_$variable_` [`_value_`];" - }, - { - "m": "ngx_stream_keyval_module", - "n": "keyval", - "d": "Creates a new `_$variable_` whose value is looked up by the `_key_` in the key-value database. Matching rules are defined by the [`type`](https://nginx.org/en/docs/stream/ngx_stream_keyval_module.html#keyval_type) parameter of the [`keyval_zone`](https://nginx.org/en/docs/stream/ngx_stream_keyval_module.html#keyval_zone) directive. The database is stored in a shared memory zone specified by the `zone` parameter.", - "c": "`stream`", - "s": "**keyval** `_key_` `_$variable_` `zone`=`_name_`;" - }, - { - "m": "ngx_stream_keyval_module", - "n": "keyval_zone", - "d": "Sets the `_name_` and `_size_` of the shared memory zone that keeps the key-value database. Key-value pairs are managed by the [API](https://nginx.org/en/docs/http/ngx_http_api_module.html#stream_keyvals_).", - "c": "`stream`", - "s": "**keyval_zone** `zone`=`_name_`:`_size_` [`state`=`_file_`] [`timeout`=`_time_`] [`type`=`string`|`ip`|`prefix`] [`sync`];" - }, - { - "m": "ngx_stream_keyval_module", - "n": "keyval_state", - "d": "The optional `state` parameter specifies a `_file_` that keeps the current state of the key-value database in the JSON format and makes it persistent across nginx restarts. Changing the file content directly should be avoided.\nExamples:\n```\nkeyval_zone zone=one:32k state=/var/lib/nginx/state/one.keyval; # path for Linux\nkeyval_zone zone=one:32k state=/var/db/nginx/state/one.keyval; # path for FreeBSD\n\n```\n", - "c": "`stream`", - "s": "**keyval_zone** `zone`=`_name_`:`_size_` [`state`=`_file_`] [`timeout`=`_time_`] [`type`=`string`|`ip`|`prefix`] [`sync`];" - }, - { - "m": "ngx_stream_keyval_module", - "n": "keyval_timeout", - "d": "The optional `timeout` parameter (1.15.0) sets the time after which key-value pairs are removed from the zone.", - "c": "`stream`", - "s": "**keyval_zone** `zone`=`_name_`:`_size_` [`state`=`_file_`] [`timeout`=`_time_`] [`type`=`string`|`ip`|`prefix`] [`sync`];" - }, - { - "m": "ngx_stream_keyval_module", - "n": "keyval_type", - "d": "The optional `type` parameter (1.17.1) activates an extra index optimized for matching the key of a certain type and defines matching rules when evaluating a [keyval](https://nginx.org/en/docs/stream/ngx_stream_keyval_module.html#keyval) `$variable`.\nThe index is stored in the same shared memory zone and thus requires additional storage.\n\n`type=string`\n\ndefault, no index is enabled; variable lookup is performed using exact match of the record key and a search key\n\n`type=ip`\n\nthe search key is the textual representation of IPv4 or IPv6 address or CIDR range; to match a record key, the search key must belong to a subnet specified by a record key or exactly match an IP address\n\n`type=prefix`\n\nvariable lookup is performed using prefix match of a record key and a search key (1.17.5); to match a record key, the record key must be a prefix of the search key\n", - "c": "`stream`", - "s": "**keyval_zone** `zone`=`_name_`:`_size_` [`state`=`_file_`] [`timeout`=`_time_`] [`type`=`string`|`ip`|`prefix`] [`sync`];" - }, - { - "m": "ngx_stream_keyval_module", - "n": "keyval_sync", - "d": "The optional `sync` parameter (1.15.0) enables [synchronization](https://nginx.org/en/docs/stream/ngx_stream_zone_sync_module.html#zone_sync) of the shared memory zone. The synchronization requires the `timeout` parameter to be set.\nIf the synchronization is enabled, removal of key-value pairs (no matter [one](https://nginx.org/en/docs/http/ngx_http_api_module.html#patchStreamKeyvalZoneKeyValue) or [all](https://nginx.org/en/docs/http/ngx_http_api_module.html#deleteStreamKeyvalZoneData)) will be performed only on a target cluster node. The same key-value pairs on other cluster nodes will be removed upon `timeout`.\n", - "c": "`stream`", - "s": "**keyval_zone** `zone`=`_name_`:`_size_` [`state`=`_file_`] [`timeout`=`_time_`] [`type`=`string`|`ip`|`prefix`] [`sync`];" - }, - { - "m": "ngx_stream_limit_conn_module", - "n": "limit_conn", - "d": "Sets the shared memory zone and the maximum allowed number of connections for a given key value. When this limit is exceeded, the server will close the connection. For example, the directives\n```\nlimit_conn_zone $binary_remote_addr zone=addr:10m;\n\nserver {\n ...\n limit_conn addr 1;\n}\n\n```\nallow only one connection per an IP address at a time.\nWhen several `limit_conn` directives are specified, any configured limit will apply.\nThese directives are inherited from the previous configuration level if and only if there are no `limit_conn` directives defined on the current level.", - "c": "`stream`, `server`", - "s": "**limit_conn** `_zone_` `_number_`;" - }, - { - "m": "ngx_stream_limit_conn_module", - "n": "limit_conn_dry_run", - "d": "Enables the dry run mode. In this mode, the number of connections is not limited, however, in the shared memory zone, the number of excessive connections is accounted as usual.", - "v": "limit\\_conn\\_dry\\_run off;", - "c": "`stream`, `server`", - "s": "**limit_conn_dry_run** `on` | `off`;" - }, - { - "m": "ngx_stream_limit_conn_module", - "n": "limit_conn_log_level", - "d": "Sets the desired logging level for cases when the server limits the number of connections.", - "v": "limit\\_conn\\_log\\_level error;", - "c": "`stream`, `server`", - "s": "**limit_conn_log_level** `info` | `notice` | `warn` | `error`;" - }, - { - "m": "ngx_stream_limit_conn_module", - "n": "limit_conn_zone", - "d": "Sets parameters for a shared memory zone that will keep states for various keys. In particular, the state includes the current number of connections. The `_key_` can contain text, variables, and their combinations (1.11.2). Connections with an empty key value are not accounted. Usage example:\n```\nlimit_conn_zone $binary_remote_addr zone=addr:10m;\n\n```\nHere, the key is a client IP address set by the `$binary_remote_addr` variable. The size of `$binary_remote_addr` is 4 bytes for IPv4 addresses or 16 bytes for IPv6 addresses. The stored state always occupies 32 or 64 bytes on 32-bit platforms and 64 bytes on 64-bit platforms. One megabyte zone can keep about 32 thousand 32-byte states or about 16 thousand 64-byte states. If the zone storage is exhausted, the server will close the connection.\n\nAdditionally, as part of our [commercial subscription](http://nginx.com/products/), the [status information](https://nginx.org/en/docs/http/ngx_http_api_module.html#stream_limit_conns_) for each such shared memory zone can be [obtained](https://nginx.org/en/docs/http/ngx_http_api_module.html#getStreamLimitConnZone) or [reset](https://nginx.org/en/docs/http/ngx_http_api_module.html#deleteStreamLimitConnZoneStat) with the [API](https://nginx.org/en/docs/http/ngx_http_api_module.html) since 1.17.7.\n", - "c": "`stream`", - "s": "**limit_conn_zone** `_key_` `zone`=`_name_`:`_size_`;" - }, - { - "m": "ngx_stream_limit_conn_module", - "n": "variables", - "d": "#### Embedded Variables\n\n`$limit_conn_status`\n\nkeeps the result of limiting the number of connections (1.17.6): `PASSED`, `REJECTED`, or `REJECTED_DRY_RUN`\n", - "c": "`stream`", - "s": "**limit_conn_zone** `_key_` `zone`=`_name_`:`_size_`;" - }, - { - "m": "ngx_stream_limit_conn_module", - "n": "$limit_conn_status", - "d": "keeps the result of limiting the number of connections (1.17.6): `PASSED`, `REJECTED`, or `REJECTED_DRY_RUN`" - }, - { - "m": "ngx_stream_log_module", - "n": "access_log", - "d": "Sets the path, [format](https://nginx.org/en/docs/stream/ngx_stream_log_module.html#log_format), and configuration for a buffered log write. Several logs can be specified on the same configuration level. Logging to [syslog](https://nginx.org/en/docs/syslog.html) can be configured by specifying the “`syslog:`” prefix in the first parameter. The special value `off` cancels all `access_log` directives on the current level.\nIf either the `buffer` or `gzip` parameter is used, writes to log will be buffered.\nThe buffer size must not exceed the size of an atomic write to a disk file. For FreeBSD this size is unlimited.\n\nWhen buffering is enabled, the data will be written to the file:\n* if the next log line does not fit into the buffer;\n* if the buffered data is older than specified by the `flush` parameter;\n* when a worker process is [re-opening](https://nginx.org/en/docs/control.html) log files or is shutting down.\n\nIf the `gzip` parameter is used, then the buffered data will be compressed before writing to the file. The compression level can be set between 1 (fastest, less compression) and 9 (slowest, best compression). By default, the buffer size is equal to 64K bytes, and the compression level is set to 1. Since the data is compressed in atomic blocks, the log file can be decompressed or read by “`zcat`” at any time.\nExample:\n```\naccess_log /path/to/log.gz basic gzip flush=5m;\n\n```\n\n\nFor gzip compression to work, nginx must be built with the zlib library.\n\nThe file path can contain variables, but such logs have some constraints:\n* the [user](https://nginx.org/en/docs/ngx_core_module.html#user) whose credentials are used by worker processes should have permissions to create files in a directory with such logs;\n* buffered writes do not work;\n* the file is opened and closed for each log write. However, since the descriptors of frequently used files can be stored in a [cache](https://nginx.org/en/docs/stream/ngx_stream_log_module.html#open_log_file_cache), writing to the old file can continue during the time specified by the [open\\_log\\_file\\_cache](https://nginx.org/en/docs/stream/ngx_stream_log_module.html#open_log_file_cache) directive’s `valid` parameter\n\nThe `if` parameter enables conditional logging. A session will not be logged if the `_condition_` evaluates to “0” or an empty string.", - "v": "access\\_log off;", - "c": "`stream`, `server`", - "s": "**access_log** `_path_` `_format_` [`buffer`=`_size_`] [``gzip[=`_level_`]``] [`flush`=`_time_`] [`if`=`_condition_`];``` \n``**access_log** `off`;" - }, - { - "m": "ngx_stream_log_module", - "n": "log_format", - "d": "Specifies the log format, for example:\n```\nlog_format proxy '$remote_addr [$time_local] '\n '$protocol $status $bytes_sent $bytes_received '\n '$session_time \"$upstream_addr\" '\n '\"$upstream_bytes_sent\" \"$upstream_bytes_received\" \"$upstream_connect_time\"';\n\n```\n", - "c": "`stream`", - "s": "**log_format** `_name_` [`escape`=`default`|`json`|`none`] `_string_` ...;" - }, - { - "m": "ngx_stream_log_module", - "n": "log_format_escape", - "d": "The `escape` parameter (1.11.8) allows setting `json` or `default` characters escaping in variables, by default, `default` escaping is used. The `none` parameter (1.13.10) disables escaping.", - "c": "`stream`", - "s": "**log_format** `_name_` [`escape`=`default`|`json`|`none`] `_string_` ...;" - }, - { - "m": "ngx_stream_log_module", - "n": "log_format_escape_default", - "d": "For `default` escaping, characters “`\"`”, “`\\`”, and other characters with values less than 32 or above 126 are escaped as “`\\xXX`”. If the variable value is not found, a hyphen (“`-`”) will be logged.", - "c": "`stream`", - "s": "**log_format** `_name_` [`escape`=`default`|`json`|`none`] `_string_` ...;" - }, - { - "m": "ngx_stream_log_module", - "n": "log_format_escape_json", - "d": "For `json` escaping, all characters not allowed in JSON [strings](https://datatracker.ietf.org/doc/html/rfc8259#section-7) will be escaped: characters “`\"`” and “`\\`” are escaped as “`\\\"`” and “`\\\\`”, characters with values less than 32 are escaped as “`\\n`”, “`\\r`”, “`\\t`”, “`\\b`”, “`\\f`”, or “`\\u00XX`”.", - "c": "`stream`", - "s": "**log_format** `_name_` [`escape`=`default`|`json`|`none`] `_string_` ...;" - }, - { - "m": "ngx_stream_log_module", - "n": "open_log_file_cache", - "d": "Defines a cache that stores the file descriptors of frequently used logs whose names contain variables. The directive has the following parameters:\n`max`\n\nsets the maximum number of descriptors in a cache; if the cache becomes full the least recently used (LRU) descriptors are closed\n\n`inactive`\n\nsets the time after which the cached descriptor is closed if there were no access during this time; by default, 10 seconds\n\n`min_uses`\n\nsets the minimum number of file uses during the time defined by the `inactive` parameter to let the descriptor stay open in a cache; by default, 1\n\n`valid`\n\nsets the time after which it should be checked that the file still exists with the same name; by default, 60 seconds\n\n`off`\n\ndisables caching\n\nUsage example:\n```\nopen_log_file_cache max=1000 inactive=20s valid=1m min_uses=2;\n\n```\n", - "v": "open\\_log\\_file\\_cache off;", - "c": "`stream`, `server`", - "s": "**open_log_file_cache** `max`=`_N_` [`inactive`=`_time_`] [`min_uses`=`_N_`] [`valid`=`_time_`];`` \n``**open_log_file_cache** `off`;" - }, - { - "m": "ngx_stream_map_module", - "n": "map", - "d": "Creates a new variable whose value depends on values of one or more of the source variables specified in the first parameter.\n\nSince variables are evaluated only when they are used, the mere declaration even of a large number of “`map`” variables does not add any extra costs to connection processing.\n\nParameters inside the `map` block specify a mapping between source and resulting values.\nSource values are specified as strings or regular expressions.\nStrings are matched ignoring the case.\nA regular expression should either start from the “`~`” symbol for a case-sensitive matching, or from the “`~*`” symbols for case-insensitive matching. A regular expression can contain named and positional captures that can later be used in other directives along with the resulting variable.\nIf a source value matches one of the names of special parameters described below, it should be prefixed with the “`\\`” symbol.\nThe resulting value can contain text, variable, and their combination.\nThe following special parameters are also supported:\n`default` `_value_`\n\nsets the resulting value if the source value matches none of the specified variants. When `default` is not specified, the default resulting value will be an empty string.\n\n`hostnames`\n\nindicates that source values can be hostnames with a prefix or suffix mask:\n\n> \\*.example.com 1;\n> example.\\* 1;\n\nThe following two records\n\n> example.com 1;\n> \\*.example.com 1;\n\ncan be combined:\n\n> .example.com 1;\n\nThis parameter should be specified before the list of values.\n\n`include` `_file_`\n\nincludes a file with values. There can be several inclusions.\n\n`volatile`\n\nindicates that the variable is not cacheable (1.11.7).\n\nIf the source value matches more than one of the specified variants, e.g. both a mask and a regular expression match, the first matching variant will be chosen, in the following order of priority:\n* string value without a mask\n* longest string value with a prefix mask, e.g. “`*.example.com`”\n* longest string value with a suffix mask, e.g. “`mail.*`”\n* first matching regular expression (in order of appearance in a configuration file)\n* default value\n", - "c": "`stream`", - "s": "**map** `_string_` `_$variable_` { ... }" - }, - { - "m": "ngx_stream_map_module", - "n": "map_hash_bucket_size", - "d": "Sets the bucket size for the [map](https://nginx.org/en/docs/stream/ngx_stream_map_module.html#map) variables hash tables. Default value depends on the processor’s cache line size. The details of setting up hash tables are provided in a separate [document](https://nginx.org/en/docs/hash.html).", - "v": "map\\_hash\\_bucket\\_size 32|64|128;", - "c": "`stream`", - "s": "**map_hash_bucket_size** `_size_`;" - }, - { - "m": "ngx_stream_map_module", - "n": "map_hash_max_size", - "d": "Sets the maximum `_size_` of the [map](https://nginx.org/en/docs/stream/ngx_stream_map_module.html#map) variables hash tables. The details of setting up hash tables are provided in a separate [document](https://nginx.org/en/docs/hash.html).", - "v": "map\\_hash\\_max\\_size 2048;", - "c": "`stream`", - "s": "**map_hash_max_size** `_size_`;" - }, - { - "m": "ngx_stream_proxy_module", - "n": "proxy_bind", - "d": "Makes outgoing connections to a proxied server originate from the specified local IP `_address_`. Parameter value can contain variables (1.11.2). The special value `off` cancels the effect of the `proxy_bind` directive inherited from the previous configuration level, which allows the system to auto-assign the local IP address.", - "c": "`stream`, `server`", - "s": "**proxy_bind** `_address_` [`transparent`] | `off`;" - }, - { - "m": "ngx_stream_proxy_module", - "n": "proxy_bind_transparent", - "d": "The `transparent` parameter (1.11.0) allows outgoing connections to a proxied server originate from a non-local IP address, for example, from a real IP address of a client:\n```\nproxy_bind $remote_addr transparent;\n\n```\nIn order for this parameter to work, it is usually necessary to run nginx worker processes with the [superuser](https://nginx.org/en/docs/ngx_core_module.html#user) privileges. On Linux it is not required (1.13.8) as if the `transparent` parameter is specified, worker processes inherit the `CAP_NET_RAW` capability from the master process. It is also necessary to configure kernel routing table to intercept network traffic from the proxied server.", - "c": "`stream`, `server`", - "s": "**proxy_bind** `_address_` [`transparent`] | `off`;" - }, - { - "m": "ngx_stream_proxy_module", - "n": "proxy_buffer_size", - "d": "Sets the `_size_` of the buffer used for reading data from the proxied server. Also sets the `_size_` of the buffer used for reading data from the client.", - "v": "proxy\\_buffer\\_size 16k;", - "c": "`stream`, `server`", - "s": "**proxy_buffer_size** `_size_`;" - }, - { - "m": "ngx_stream_proxy_module", - "n": "proxy_connect_timeout", - "d": "Defines a timeout for establishing a connection with a proxied server.", - "v": "proxy\\_connect\\_timeout 60s;", - "c": "`stream`, `server`", - "s": "**proxy_connect_timeout** `_time_`;" - }, - { - "m": "ngx_stream_proxy_module", - "n": "proxy_download_rate", - "d": "Limits the speed of reading the data from the proxied server. The `_rate_` is specified in bytes per second. The zero value disables rate limiting. The limit is set per a connection, so if nginx simultaneously opens two connections to the proxied server, the overall rate will be twice as much as the specified limit.\nParameter value can contain variables (1.17.0). It may be useful in cases where rate should be limited depending on a certain condition:\n```\nmap $slow $rate {\n 1 4k;\n 2 8k;\n}\n\nproxy_download_rate $rate;\n\n```\n", - "v": "proxy\\_download\\_rate 0;", - "c": "`stream`, `server`", - "s": "**proxy_download_rate** `_rate_`;" - }, - { - "m": "ngx_stream_proxy_module", - "n": "proxy_half_close", - "d": "Enables or disables closing each direction of a TCP connection independently (“TCP half-close”). If enabled, proxying over TCP will be kept until both sides close the connection.", - "v": "proxy\\_half\\_close off;", - "c": "`stream`, `server`", - "s": "**proxy_half_close** `on` | `off`;" - }, - { - "m": "ngx_stream_proxy_module", - "n": "proxy_next_upstream", - "d": "When a connection to the proxied server cannot be established, determines whether a client connection will be passed to the next server.\nPassing a connection to the next server can be limited by [the number of tries](https://nginx.org/en/docs/stream/ngx_stream_proxy_module.html#proxy_next_upstream_tries) and by [time](https://nginx.org/en/docs/stream/ngx_stream_proxy_module.html#proxy_next_upstream_timeout).", - "v": "proxy\\_next\\_upstream on;", - "c": "`stream`, `server`", - "s": "**proxy_next_upstream** `on` | `off`;" - }, - { - "m": "ngx_stream_proxy_module", - "n": "proxy_next_upstream_timeout", - "d": "Limits the time allowed to pass a connection to the [next server](https://nginx.org/en/docs/stream/ngx_stream_proxy_module.html#proxy_next_upstream). The `0` value turns off this limitation.", - "v": "proxy\\_next\\_upstream\\_timeout 0;", - "c": "`stream`, `server`", - "s": "**proxy_next_upstream_timeout** `_time_`;" - }, - { - "m": "ngx_stream_proxy_module", - "n": "proxy_next_upstream_tries", - "d": "Limits the number of possible tries for passing a connection to the [next server](https://nginx.org/en/docs/stream/ngx_stream_proxy_module.html#proxy_next_upstream). The `0` value turns off this limitation.", - "v": "proxy\\_next\\_upstream\\_tries 0;", - "c": "`stream`, `server`", - "s": "**proxy_next_upstream_tries** `_number_`;" - }, - { - "m": "ngx_stream_proxy_module", - "n": "proxy_pass", - "d": "Sets the address of a proxied server. The address can be specified as a domain name or IP address, and a port:\n```\nproxy_pass localhost:12345;\n\n```\nor as a UNIX-domain socket path:\n```\nproxy_pass unix:/tmp/stream.socket;\n\n```\n\nIf a domain name resolves to several addresses, all of them will be used in a round-robin fashion. In addition, an address can be specified as a [server group](https://nginx.org/en/docs/stream/ngx_stream_upstream_module.html).\nThe address can also be specified using variables (1.11.3):\n```\nproxy_pass $upstream;\n\n```\nIn this case, the server name is searched among the described [server groups](https://nginx.org/en/docs/stream/ngx_stream_upstream_module.html), and, if not found, is determined using a [resolver](https://nginx.org/en/docs/stream/ngx_stream_core_module.html#resolver).", - "c": "`server`", - "s": "**proxy_pass** `_address_`;" - }, - { - "m": "ngx_stream_proxy_module", - "n": "proxy_protocol", - "d": "Enables the [PROXY protocol](http://www.haproxy.org/download/1.8/doc/proxy-protocol.txt) for connections to a proxied server.", - "v": "proxy\\_protocol off;", - "c": "`stream`, `server`", - "s": "**proxy_protocol** `on` | `off`;" - }, - { - "m": "ngx_stream_proxy_module", - "n": "proxy_requests", - "d": "Sets the number of client datagrams at which binding between a client and existing UDP stream session is dropped. After receiving the specified number of datagrams, next datagram from the same client starts a new session. The session terminates when all client datagrams are transmitted to a proxied server and the expected number of [responses](https://nginx.org/en/docs/stream/ngx_stream_proxy_module.html#proxy_responses) is received, or when it reaches a [timeout](https://nginx.org/en/docs/stream/ngx_stream_proxy_module.html#proxy_timeout).", - "v": "proxy\\_requests 0;", - "c": "`stream`, `server`", - "s": "**proxy_requests** `_number_`;" - }, - { - "m": "ngx_stream_proxy_module", - "n": "proxy_responses", - "d": "Sets the number of datagrams expected from the proxied server in response to a client datagram if the [UDP](https://nginx.org/en/docs/stream/ngx_stream_core_module.html#udp) protocol is used. The number serves as a hint for session termination. By default, the number of datagrams is not limited.\nIf zero value is specified, no response is expected. However, if a response is received and the session is still not finished, the response will be handled.", - "c": "`stream`, `server`", - "s": "**proxy_responses** `_number_`;" - }, - { - "m": "ngx_stream_proxy_module", - "n": "proxy_session_drop", - "d": "Enables terminating all sessions to a proxied server after it was removed from the group or marked as permanently unavailable. This can occur because of [re-resolve](https://nginx.org/en/docs/stream/ngx_stream_core_module.html#resolver) or with the API [`DELETE`](https://nginx.org/en/docs/http/ngx_http_api_module.html#deleteStreamUpstreamServer) command. A server can be marked as permanently unavailable if it is considered [unhealthy](https://nginx.org/en/docs/stream/ngx_stream_upstream_hc_module.html#health_check) or with the API [`PATCH`](https://nginx.org/en/docs/http/ngx_http_api_module.html#patchStreamUpstreamServer) command. Each session is terminated when the next read or write event is processed for the client or proxied server.\n\nThis directive is available as part of our [commercial subscription](http://nginx.com/products/).\n", - "v": "proxy\\_session\\_drop off;", - "c": "`stream`, `server`", - "s": "**proxy_session_drop** `on` | `off`;" - }, - { - "m": "ngx_stream_proxy_module", - "n": "proxy_socket_keepalive", - "d": "Configures the “TCP keepalive” behavior for outgoing connections to a proxied server. By default, the operating system’s settings are in effect for the socket. If the directive is set to the value “`on`”, the `SO_KEEPALIVE` socket option is turned on for the socket.", - "v": "proxy\\_socket\\_keepalive off;", - "c": "`stream`, `server`", - "s": "**proxy_socket_keepalive** `on` | `off`;" - }, - { - "m": "ngx_stream_proxy_module", - "n": "proxy_ssl", - "d": "Enables the SSL/TLS protocol for connections to a proxied server.", - "v": "proxy\\_ssl off;", - "c": "`stream`, `server`", - "s": "**proxy_ssl** `on` | `off`;" - }, - { - "m": "ngx_stream_proxy_module", - "n": "proxy_ssl_certificate", - "d": "Specifies a `_file_` with the certificate in the PEM format used for authentication to a proxied server.\nSince version 1.21.0, variables can be used in the `_file_` name.", - "c": "`stream`, `server`", - "s": "**proxy_ssl_certificate** `_file_`;" - }, - { - "m": "ngx_stream_proxy_module", - "n": "proxy_ssl_certificate_key", - "d": "Specifies a `_file_` with the secret key in the PEM format used for authentication to a proxied server.\nSince version 1.21.0, variables can be used in the `_file_` name.", - "c": "`stream`, `server`", - "s": "**proxy_ssl_certificate_key** `_file_`;" - }, - { - "m": "ngx_stream_proxy_module", - "n": "proxy_ssl_ciphers", - "d": "Specifies the enabled ciphers for connections to a proxied server. The ciphers are specified in the format understood by the OpenSSL library.\nThe full list can be viewed using the “`openssl ciphers`” command.", - "v": "proxy\\_ssl\\_ciphers DEFAULT;", - "c": "`stream`, `server`", - "s": "**proxy_ssl_ciphers** `_ciphers_`;" - }, - { - "m": "ngx_stream_proxy_module", - "n": "proxy_ssl_conf_command", - "d": "Sets arbitrary OpenSSL configuration [commands](https://www.openssl.org/docs/man1.1.1/man3/SSL_CONF_cmd.html) when establishing a connection with the proxied server.\nThe directive is supported when using OpenSSL 1.0.2 or higher.\n\nSeveral `proxy_ssl_conf_command` directives can be specified on the same level. These directives are inherited from the previous configuration level if and only if there are no `proxy_ssl_conf_command` directives defined on the current level.\n\nNote that configuring OpenSSL directly might result in unexpected behavior.\n", - "c": "`stream`, `server`", - "s": "**proxy_ssl_conf_command** `_name_` `_value_`;" - }, - { - "m": "ngx_stream_proxy_module", - "n": "proxy_ssl_crl", - "d": "Specifies a `_file_` with revoked certificates (CRL) in the PEM format used to [verify](https://nginx.org/en/docs/stream/ngx_stream_proxy_module.html#proxy_ssl_verify) the certificate of the proxied server.", - "c": "`stream`, `server`", - "s": "**proxy_ssl_crl** `_file_`;" - }, - { - "m": "ngx_stream_proxy_module", - "n": "proxy_ssl_name", - "d": "Allows overriding the server name used to [verify](https://nginx.org/en/docs/stream/ngx_stream_proxy_module.html#proxy_ssl_verify) the certificate of the proxied server and to be [passed through SNI](https://nginx.org/en/docs/stream/ngx_stream_proxy_module.html#proxy_ssl_server_name) when establishing a connection with the proxied server. The server name can also be specified using variables (1.11.3).\nBy default, the host part of the [proxy\\_pass](https://nginx.org/en/docs/stream/ngx_stream_proxy_module.html#proxy_pass) address is used.", - "v": "proxy\\_ssl\\_name host from proxy\\_pass;", - "c": "`stream`, `server`", - "s": "**proxy_ssl_name** `_name_`;" - }, - { - "m": "ngx_stream_proxy_module", - "n": "proxy_ssl_password_file", - "d": "Specifies a `_file_` with passphrases for [secret keys](https://nginx.org/en/docs/stream/ngx_stream_proxy_module.html#proxy_ssl_certificate_key) where each passphrase is specified on a separate line. Passphrases are tried in turn when loading the key.", - "c": "`stream`, `server`", - "s": "**proxy_ssl_password_file** `_file_`;" - }, - { - "m": "ngx_stream_proxy_module", - "n": "proxy_ssl_protocols", - "d": "Enables the specified protocols for connections to a proxied server.", - "v": "proxy\\_ssl\\_protocols TLSv1 TLSv1.1 TLSv1.2;", - "c": "`stream`, `server`", - "s": "**proxy_ssl_protocols** [`SSLv2`] [`SSLv3`] [`TLSv1`] [`TLSv1.1`] [`TLSv1.2`] [`TLSv1.3`];" - }, - { - "m": "ngx_stream_proxy_module", - "n": "proxy_ssl_server_name", - "d": "Enables or disables passing of the server name through [TLS Server Name Indication extension](http://en.wikipedia.org/wiki/Server_Name_Indication) (SNI, RFC 6066) when establishing a connection with the proxied server.", - "v": "proxy\\_ssl\\_server\\_name off;", - "c": "`stream`, `server`", - "s": "**proxy_ssl_server_name** `on` | `off`;" - }, - { - "m": "ngx_stream_proxy_module", - "n": "proxy_ssl_session_reuse", - "d": "Determines whether SSL sessions can be reused when working with the proxied server. If the errors “`SSL3_GET_FINISHED:digest check failed`” appear in the logs, try disabling session reuse.", - "v": "proxy\\_ssl\\_session\\_reuse on;", - "c": "`stream`, `server`", - "s": "**proxy_ssl_session_reuse** `on` | `off`;" - }, - { - "m": "ngx_stream_proxy_module", - "n": "proxy_ssl_trusted_certificate", - "d": "Specifies a `_file_` with trusted CA certificates in the PEM format used to [verify](https://nginx.org/en/docs/stream/ngx_stream_proxy_module.html#proxy_ssl_verify) the certificate of the proxied server.", - "c": "`stream`, `server`", - "s": "**proxy_ssl_trusted_certificate** `_file_`;" - }, - { - "m": "ngx_stream_proxy_module", - "n": "proxy_ssl_verify", - "d": "Enables or disables verification of the proxied server certificate.", - "v": "proxy\\_ssl\\_verify off;", - "c": "`stream`, `server`", - "s": "**proxy_ssl_verify** `on` | `off`;" - }, - { - "m": "ngx_stream_proxy_module", - "n": "proxy_ssl_verify_depth", - "d": "Sets the verification depth in the proxied server certificates chain.", - "v": "proxy\\_ssl\\_verify\\_depth 1;", - "c": "`stream`, `server`", - "s": "**proxy_ssl_verify_depth** `_number_`;" - }, - { - "m": "ngx_stream_proxy_module", - "n": "proxy_timeout", - "d": "Sets the `_timeout_` between two successive read or write operations on client or proxied server connections. If no data is transmitted within this time, the connection is closed.", - "v": "proxy\\_timeout 10m;", - "c": "`stream`, `server`", - "s": "**proxy_timeout** `_timeout_`;" - }, - { - "m": "ngx_stream_proxy_module", - "n": "proxy_upload_rate", - "d": "Limits the speed of reading the data from the client. The `_rate_` is specified in bytes per second. The zero value disables rate limiting. The limit is set per a connection, so if the client simultaneously opens two connections, the overall rate will be twice as much as the specified limit.\nParameter value can contain variables (1.17.0). It may be useful in cases where rate should be limited depending on a certain condition:\n```\nmap $slow $rate {\n 1 4k;\n 2 8k;\n}\n\nproxy_upload_rate $rate;\n\n```\n", - "v": "proxy\\_upload\\_rate 0;", - "c": "`stream`, `server`", - "s": "**proxy_upload_rate** `_rate_`;" - }, - { - "m": "ngx_stream_realip_module", - "n": "set_real_ip_from", - "d": "Defines trusted addresses that are known to send correct replacement addresses. If the special value `unix:` is specified, all UNIX-domain sockets will be trusted.", - "c": "`stream`, `server`", - "s": "**set_real_ip_from** `_address_` | `_CIDR_` | `unix:`;" - }, - { - "m": "ngx_stream_realip_module", - "n": "variables", - "d": "#### Embedded Variables\n\n`$realip_remote_addr`\n\nkeeps the original client address\n\n`$realip_remote_port`\n\nkeeps the original client port\n", - "c": "`stream`, `server`", - "s": "**set_real_ip_from** `_address_` | `_CIDR_` | `unix:`;" - }, - { - "m": "ngx_stream_realip_module", - "n": "$realip_remote_addr", - "d": "keeps the original client port" - }, - { - "m": "ngx_stream_realip_module", - "n": "$realip_remote_port", - "d": "keeps the original client port" - }, - { - "m": "ngx_stream_return_module", - "n": "return", - "d": "Specifies a `_value_` to send to the client. The value can contain text, variables, and their combination.", - "c": "`server`", - "s": "**return** `_value_`;" - }, - { - "m": "ngx_stream_set_module", - "n": "set", - "d": "Sets a `_value_` for the specified `_variable_`. The `_value_` can contain text, variables, and their combination.", - "c": "`server`", - "s": "**set** `_$variable_` `_value_`;" - }, - { - "m": "ngx_stream_split_clients_module", - "n": "split_clients", - "d": "Creates a variable for A/B testing, for example:\n```\nsplit_clients \"${remote_addr}AAA\" $variant {\n 0.5% .one;\n 2.0% .two;\n * \"\";\n}\n\n```\nThe value of the original string is hashed using MurmurHash2. In the example given, hash values from 0 to 21474835 (0.5%) correspond to the value `\".one\"` of the `$variant` variable, hash values from 21474836 to 107374180 (2%) correspond to the value `\".two\"`, and hash values from 107374181 to 4294967295 correspond to the value `\"\"` (an empty string).", - "c": "`stream`", - "s": "**split_clients** `_string_` `_$variable_` { ... }" - }, - { - "m": "ngx_stream_ssl_module", - "n": "ssl_alpn", - "d": "Specifies the list of supported [ALPN](https://datatracker.ietf.org/doc/html/rfc7301) protocols. One of the protocols must be [negotiated](https://nginx.org/en/docs/stream/ngx_stream_ssl_module.html#var_ssl_alpn_protocol) if the client uses ALPN:\n```\nmap $ssl_alpn_protocol $proxy {\n h2 127.0.0.1:8001;\n http/1.1 127.0.0.1:8002;\n}\n\nserver {\n listen 12346;\n proxy_pass $proxy;\n ssl_alpn h2 http/1.1;\n}\n\n```\n", - "c": "`stream`, `server`", - "s": "**ssl_alpn** `_protocol_` ...;" - }, - { - "m": "ngx_stream_ssl_module", - "n": "ssl_certificate", - "d": "Specifies a `_file_` with the certificate in the PEM format for the given server. If intermediate certificates should be specified in addition to a primary certificate, they should be specified in the same file in the following order: the primary certificate comes first, then the intermediate certificates. A secret key in the PEM format may be placed in the same file.\nSince version 1.11.0, this directive can be specified multiple times to load certificates of different types, for example, RSA and ECDSA:\n```\nserver {\n listen 12345 ssl;\n\n ssl_certificate example.com.rsa.crt;\n ssl_certificate_key example.com.rsa.key;\n\n ssl_certificate example.com.ecdsa.crt;\n ssl_certificate_key example.com.ecdsa.key;\n\n ...\n}\n\n```\n\nOnly OpenSSL 1.0.2 or higher supports separate certificate chains for different certificates. With older versions, only one certificate chain can be used.\n\nSince version 1.15.9, variables can be used in the `_file_` name when using OpenSSL 1.0.2 or higher:\n```\nssl_certificate $ssl_server_name.crt;\nssl_certificate_key $ssl_server_name.key;\n\n```\nNote that using variables implies that a certificate will be loaded for each SSL handshake, and this may have a negative impact on performance.", - "c": "`stream`, `server`", - "s": "**ssl_certificate** `_file_`;" - }, - { - "m": "ngx_stream_ssl_module", - "n": "ssl_certificate_data", - "d": "The value `data`:`_$variable_` can be specified instead of the `_file_` (1.15.10), which loads a certificate from a variable without using intermediate files. Note that inappropriate use of this syntax may have its security implications, such as writing secret key data to [error log](https://nginx.org/en/docs/ngx_core_module.html#error_log).", - "c": "`stream`, `server`", - "s": "**ssl_certificate** `_file_`;" - }, - { - "m": "ngx_stream_ssl_module", - "n": "ssl_certificate_key", - "d": "Specifies a `_file_` with the secret key in the PEM format for the given server.\nThe value `engine`:`_name_`:`_id_` can be specified instead of the `_file_`, which loads a secret key with a specified `_id_` from the OpenSSL engine `_name_`.", - "c": "`stream`, `server`", - "s": "**ssl_certificate_key** `_file_`;" - }, - { - "m": "ngx_stream_ssl_module", - "n": "ssl_certificate_key_data", - "d": "The value `data`:`_$variable_` can be specified instead of the `_file_` (1.15.10), which loads a secret key from a variable without using intermediate files. Note that inappropriate use of this syntax may have its security implications, such as writing secret key data to [error log](https://nginx.org/en/docs/ngx_core_module.html#error_log).\nSince version 1.15.9, variables can be used in the `_file_` name when using OpenSSL 1.0.2 or higher.", - "c": "`stream`, `server`", - "s": "**ssl_certificate_key** `_file_`;" - }, - { - "m": "ngx_stream_ssl_module", - "n": "ssl_ciphers", - "d": "Specifies the enabled ciphers. The ciphers are specified in the format understood by the OpenSSL library, for example:\n```\nssl_ciphers ALL:!aNULL:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;\n\n```\n\nThe full list can be viewed using the “`openssl ciphers`” command.", - "v": "ssl\\_ciphers HIGH:!aNULL:!MD5;", - "c": "`stream`, `server`", - "s": "**ssl_ciphers** `_ciphers_`;" - }, - { - "m": "ngx_stream_ssl_module", - "n": "ssl_client_certificate", - "d": "Specifies a `_file_` with trusted CA certificates in the PEM format used to [verify](https://nginx.org/en/docs/stream/ngx_stream_ssl_module.html#ssl_verify_client) client certificates.\nThe list of certificates will be sent to clients. If this is not desired, the [ssl\\_trusted\\_certificate](https://nginx.org/en/docs/stream/ngx_stream_ssl_module.html#ssl_trusted_certificate) directive can be used.", - "c": "`stream`, `server`", - "s": "**ssl_client_certificate** `_file_`;" - }, - { - "m": "ngx_stream_ssl_module", - "n": "ssl_conf_command", - "d": "Sets arbitrary OpenSSL configuration [commands](https://www.openssl.org/docs/man1.1.1/man3/SSL_CONF_cmd.html).\nThe directive is supported when using OpenSSL 1.0.2 or higher.\n\nSeveral `ssl_conf_command` directives can be specified on the same level:\n```\nssl_conf_command Options PrioritizeChaCha;\nssl_conf_command Ciphersuites TLS_CHACHA20_POLY1305_SHA256;\n\n```\nThese directives are inherited from the previous configuration level if and only if there are no `ssl_conf_command` directives defined on the current level.\n\nNote that configuring OpenSSL directly might result in unexpected behavior.\n", - "c": "`stream`, `server`", - "s": "**ssl_conf_command** `_name_` `_value_`;" - }, - { - "m": "ngx_stream_ssl_module", - "n": "ssl_crl", - "d": "Specifies a `_file_` with revoked certificates (CRL) in the PEM format used to [verify](https://nginx.org/en/docs/stream/ngx_stream_ssl_module.html#ssl_verify_client) client certificates.", - "c": "`stream`, `server`", - "s": "**ssl_crl** `_file_`;" - }, - { - "m": "ngx_stream_ssl_module", - "n": "ssl_dhparam", - "d": "Specifies a `_file_` with DH parameters for DHE ciphers.\nBy default no parameters are set, and therefore DHE ciphers will not be used.\nPrior to version 1.11.0, builtin parameters were used by default.\n", - "c": "`stream`, `server`", - "s": "**ssl_dhparam** `_file_`;" - }, - { - "m": "ngx_stream_ssl_module", - "n": "ssl_ecdh_curve", - "d": "Specifies a `_curve_` for ECDHE ciphers.\nWhen using OpenSSL 1.0.2 or higher, it is possible to specify multiple curves (1.11.0), for example:\n```\nssl_ecdh_curve prime256v1:secp384r1;\n\n```\n\nThe special value `auto` (1.11.0) instructs nginx to use a list built into the OpenSSL library when using OpenSSL 1.0.2 or higher, or `prime256v1` with older versions.\n\nPrior to version 1.11.0, the `prime256v1` curve was used by default.\n\n\nWhen using OpenSSL 1.0.2 or higher, this directive sets the list of curves supported by the server. Thus, in order for ECDSA certificates to work, it is important to include the curves used in the certificates.\n", - "v": "ssl\\_ecdh\\_curve auto;", - "c": "`stream`, `server`", - "s": "**ssl_ecdh_curve** `_curve_`;" - }, - { - "m": "ngx_stream_ssl_module", - "n": "ssl_handshake_timeout", - "d": "Specifies a timeout for the SSL handshake to complete.", - "v": "ssl\\_handshake\\_timeout 60s;", - "c": "`stream`, `server`", - "s": "**ssl_handshake_timeout** `_time_`;" - }, - { - "m": "ngx_stream_ssl_module", - "n": "ssl_password_file", - "d": "Specifies a `_file_` with passphrases for [secret keys](https://nginx.org/en/docs/stream/ngx_stream_ssl_module.html#ssl_certificate_key) where each passphrase is specified on a separate line. Passphrases are tried in turn when loading the key.\nExample:\n```\nstream {\n ssl_password_file /etc/keys/global.pass;\n ...\n\n server {\n listen 127.0.0.1:12345;\n ssl_certificate_key /etc/keys/first.key;\n }\n\n server {\n listen 127.0.0.1:12346;\n\n # named pipe can also be used instead of a file\n ssl_password_file /etc/keys/fifo;\n ssl_certificate_key /etc/keys/second.key;\n }\n}\n\n```\n", - "c": "`stream`, `server`", - "s": "**ssl_password_file** `_file_`;" - }, - { - "m": "ngx_stream_ssl_module", - "n": "ssl_prefer_server_ciphers", - "d": "Specifies that server ciphers should be preferred over client ciphers when the SSLv3 and TLS protocols are used.", - "v": "ssl\\_prefer\\_server\\_ciphers off;", - "c": "`stream`, `server`", - "s": "**ssl_prefer_server_ciphers** `on` | `off`;" - }, - { - "m": "ngx_stream_ssl_module", - "n": "ssl_protocols", - "d": "Enables the specified protocols.\nThe `TLSv1.1` and `TLSv1.2` parameters work only when OpenSSL 1.0.1 or higher is used.\n\nThe `TLSv1.3` parameter (1.13.0) works only when OpenSSL 1.1.1 or higher is used.\n", - "v": "ssl\\_protocols TLSv1 TLSv1.1 TLSv1.2;", - "c": "`stream`, `server`", - "s": "**ssl_protocols** [`SSLv2`] [`SSLv3`] [`TLSv1`] [`TLSv1.1`] [`TLSv1.2`] [`TLSv1.3`];" - }, - { - "m": "ngx_stream_ssl_module", - "n": "ssl_session_cache", - "d": "Sets the types and sizes of caches that store session parameters. A cache can be of any of the following types:\n`off`\n\nthe use of a session cache is strictly prohibited: nginx explicitly tells a client that sessions may not be reused.\n\n`none`\n\nthe use of a session cache is gently disallowed: nginx tells a client that sessions may be reused, but does not actually store session parameters in the cache.\n\n`builtin`\n\na cache built in OpenSSL; used by one worker process only. The cache size is specified in sessions. If size is not given, it is equal to 20480 sessions. Use of the built-in cache can cause memory fragmentation.\n\n`shared`\n\na cache shared between all worker processes. The cache size is specified in bytes; one megabyte can store about 4000 sessions. Each shared cache should have an arbitrary name. A cache with the same name can be used in several servers. It is also used to automatically generate, store, and periodically rotate TLS session ticket keys (1.23.2) unless configured explicitly using the [ssl\\_session\\_ticket\\_key](https://nginx.org/en/docs/stream/ngx_stream_ssl_module.html#ssl_session_ticket_key) directive.\n\nBoth cache types can be used simultaneously, for example:\n```\nssl_session_cache builtin:1000 shared:SSL:10m;\n\n```\nbut using only shared cache without the built-in cache should be more efficient.", - "v": "ssl\\_session\\_cache none;", - "c": "`stream`, `server`", - "s": "**ssl_session_cache** `off` | `none` | [`builtin`[:`_size_`]] [`shared`:`_name_`:`_size_`];" - }, - { - "m": "ngx_stream_ssl_module", - "n": "ssl_session_ticket_key", - "d": "Sets a `_file_` with the secret key used to encrypt and decrypt TLS session tickets. The directive is necessary if the same key has to be shared between multiple servers. By default, a randomly generated key is used.\nIf several keys are specified, only the first key is used to encrypt TLS session tickets. This allows configuring key rotation, for example:\n```\nssl_session_ticket_key current.key;\nssl_session_ticket_key previous.key;\n\n```\n\nThe `_file_` must contain 80 or 48 bytes of random data and can be created using the following command:\n```\nopenssl rand 80 > ticket.key\n\n```\nDepending on the file size either AES256 (for 80-byte keys, 1.11.8) or AES128 (for 48-byte keys) is used for encryption.", - "c": "`stream`, `server`", - "s": "**ssl_session_ticket_key** `_file_`;" - }, - { - "m": "ngx_stream_ssl_module", - "n": "ssl_session_tickets", - "d": "Enables or disables session resumption through [TLS session tickets](https://datatracker.ietf.org/doc/html/rfc5077).", - "v": "ssl\\_session\\_tickets on;", - "c": "`stream`, `server`", - "s": "**ssl_session_tickets** `on` | `off`;" - }, - { - "m": "ngx_stream_ssl_module", - "n": "ssl_session_timeout", - "d": "Specifies a time during which a client may reuse the session parameters.", - "v": "ssl\\_session\\_timeout 5m;", - "c": "`stream`, `server`", - "s": "**ssl_session_timeout** `_time_`;" - }, - { - "m": "ngx_stream_ssl_module", - "n": "ssl_trusted_certificate", - "d": "Specifies a `_file_` with trusted CA certificates in the PEM format used to [verify](https://nginx.org/en/docs/stream/ngx_stream_ssl_module.html#ssl_verify_client) client certificates.\nIn contrast to the certificate set by [ssl\\_client\\_certificate](https://nginx.org/en/docs/stream/ngx_stream_ssl_module.html#ssl_client_certificate), the list of these certificates will not be sent to clients.", - "c": "`stream`, `server`", - "s": "**ssl_trusted_certificate** `_file_`;" - }, - { - "m": "ngx_stream_ssl_module", - "n": "ssl_verify_client", - "d": "Enables verification of client certificates. The verification result is stored in the [$ssl\\_client\\_verify](https://nginx.org/en/docs/stream/ngx_stream_ssl_module.html#var_ssl_client_verify) variable. If an error has occurred during the client certificate verification or a client has not presented the required certificate, the connection is closed.\nThe `optional` parameter requests the client certificate and verifies it if the certificate is present.\nThe `optional_no_ca` parameter requests the client certificate but does not require it to be signed by a trusted CA certificate. This is intended for the use in cases when a service that is external to nginx performs the actual certificate verification. The contents of the certificate is accessible through the [$ssl\\_client\\_cert](https://nginx.org/en/docs/stream/ngx_stream_ssl_module.html#var_ssl_client_cert) variable.", - "v": "ssl\\_verify\\_client off;", - "c": "`stream`, `server`", - "s": "**ssl_verify_client** `on` | `off` | `optional` | `optional_no_ca`;" - }, - { - "m": "ngx_stream_ssl_module", - "n": "ssl_verify_depth", - "d": "Sets the verification depth in the client certificates chain.", - "v": "ssl\\_verify\\_depth 1;", - "c": "`stream`, `server`", - "s": "**ssl_verify_depth** `_number_`;" - }, - { - "m": "ngx_stream_ssl_module", - "n": "variables", - "d": "#### Embedded Variables\nThe `ngx_stream_ssl_module` module supports variables since 1.11.2.\n`$ssl_alpn_protocol`\n\nreturns the protocol selected by ALPN during the SSL handshake, or an empty string otherwise (1.21.4);\n\n`$ssl_cipher`\n\nreturns the name of the cipher used for an established SSL connection;\n\n`$ssl_ciphers`\n\nreturns the list of ciphers supported by the client (1.11.7). Known ciphers are listed by names, unknown are shown in hexadecimal, for example:\n\n> AES128-SHA:AES256-SHA:0x00ff\n\n> The variable is fully supported only when using OpenSSL version 1.0.2 or higher. With older versions, the variable is available only for new sessions and lists only known ciphers.\n\n`$ssl_client_cert`\n\nreturns the client certificate in the PEM format for an established SSL connection, with each line except the first prepended with the tab character (1.11.8);\n\n`$ssl_client_fingerprint`\n\nreturns the SHA1 fingerprint of the client certificate for an established SSL connection (1.11.8);\n\n`$ssl_client_i_dn`\n\nreturns the “issuer DN” string of the client certificate for an established SSL connection according to [RFC 2253](https://datatracker.ietf.org/doc/html/rfc2253) (1.11.8);\n\n`$ssl_client_raw_cert`\n\nreturns the client certificate in the PEM format for an established SSL connection (1.11.8);\n\n`$ssl_client_s_dn`\n\nreturns the “subject DN” string of the client certificate for an established SSL connection according to [RFC 2253](https://datatracker.ietf.org/doc/html/rfc2253) (1.11.8);\n\n`$ssl_client_serial`\n\nreturns the serial number of the client certificate for an established SSL connection (1.11.8);\n\n`$ssl_client_v_end`\n\nreturns the end date of the client certificate (1.11.8);\n\n`$ssl_client_v_remain`\n\nreturns the number of days until the client certificate expires (1.11.8);\n\n`$ssl_client_v_start`\n\nreturns the start date of the client certificate (1.11.8);\n\n`$ssl_client_verify`\n\nreturns the result of client certificate verification (1.11.8): “`SUCCESS`”, “`FAILED:``_reason_`”, and “`NONE`” if a certificate was not present;\n\n`$ssl_curve`\n\nreturns the negotiated curve used for SSL handshake key exchange process (1.21.5). Known curves are listed by names, unknown are shown in hexadecimal, for example:\n\n> prime256v1\n\n> The variable is supported only when using OpenSSL version 3.0 or higher. With older versions, the variable value will be an empty string.\n\n`$ssl_curves`\n\nreturns the list of curves supported by the client (1.11.7). Known curves are listed by names, unknown are shown in hexadecimal, for example:\n\n> 0x001d:prime256v1:secp521r1:secp384r1\n\n> The variable is supported only when using OpenSSL version 1.0.2 or higher. With older versions, the variable value will be an empty string.\n\n> The variable is available only for new sessions.\n\n`$ssl_protocol`\n\nreturns the protocol of an established SSL connection;\n\n`$ssl_server_name`\n\nreturns the server name requested through [SNI](http://en.wikipedia.org/wiki/Server_Name_Indication);\n\n`$ssl_session_id`\n\nreturns the session identifier of an established SSL connection;\n\n`$ssl_session_reused`\n\nreturns “`r`” if an SSL session was reused, or “`.`” otherwise.\n", - "v": "ssl\\_verify\\_depth 1;", - "c": "`stream`, `server`", - "s": "**ssl_verify_depth** `_number_`;" - }, - { - "m": "ngx_stream_ssl_module", - "n": "$ssl_alpn_protocol", - "d": "returns “`r`” if an SSL session was reused, or “`.`” otherwise." - }, - { - "m": "ngx_stream_ssl_module", - "n": "$ssl_cipher", - "d": "returns “`r`” if an SSL session was reused, or “`.`” otherwise." - }, - { - "m": "ngx_stream_ssl_module", - "n": "$ssl_ciphers", - "d": "returns “`r`” if an SSL session was reused, or “`.`” otherwise." - }, - { - "m": "ngx_stream_ssl_module", - "n": "$ssl_client_cert", - "d": "returns “`r`” if an SSL session was reused, or “`.`” otherwise." - }, - { - "m": "ngx_stream_ssl_module", - "n": "$ssl_client_fingerprint", - "d": "returns “`r`” if an SSL session was reused, or “`.`” otherwise." - }, - { - "m": "ngx_stream_ssl_module", - "n": "$ssl_client_i_dn", - "d": "returns “`r`” if an SSL session was reused, or “`.`” otherwise." - }, - { - "m": "ngx_stream_ssl_module", - "n": "$ssl_client_raw_cert\n", - "d": "returns “`r`” if an SSL session was reused, or “`.`” otherwise." - }, - { - "m": "ngx_stream_ssl_module", - "n": "$ssl_client_s_dn", - "d": "returns “`r`” if an SSL session was reused, or “`.`” otherwise." - }, - { - "m": "ngx_stream_ssl_module", - "n": "$ssl_client_serial", - "d": "returns “`r`” if an SSL session was reused, or “`.`” otherwise." - }, - { - "m": "ngx_stream_ssl_module", - "n": "$ssl_client_v_end", - "d": "returns “`r`” if an SSL session was reused, or “`.`” otherwise." - }, - { - "m": "ngx_stream_ssl_module", - "n": "$ssl_client_v_remain", - "d": "returns “`r`” if an SSL session was reused, or “`.`” otherwise." - }, - { - "m": "ngx_stream_ssl_module", - "n": "$ssl_client_v_start", - "d": "returns “`r`” if an SSL session was reused, or “`.`” otherwise." - }, - { - "m": "ngx_stream_ssl_module", - "n": "$ssl_client_verify", - "d": "returns “`r`” if an SSL session was reused, or “`.`” otherwise." - }, - { - "m": "ngx_stream_ssl_module", - "n": "$ssl_curve", - "d": "returns “`r`” if an SSL session was reused, or “`.`” otherwise." - }, - { - "m": "ngx_stream_ssl_module", - "n": "$ssl_curves", - "d": "returns “`r`” if an SSL session was reused, or “`.`” otherwise." - }, - { - "m": "ngx_stream_ssl_module", - "n": "$ssl_protocol", - "d": "returns “`r`” if an SSL session was reused, or “`.`” otherwise." - }, - { - "m": "ngx_stream_ssl_module", - "n": "$ssl_server_name", - "d": "returns “`r`” if an SSL session was reused, or “`.`” otherwise." - }, - { - "m": "ngx_stream_ssl_module", - "n": "$ssl_session_id", - "d": "returns “`r`” if an SSL session was reused, or “`.`” otherwise." - }, - { - "m": "ngx_stream_ssl_module", - "n": "$ssl_session_reused", - "d": "returns “`r`” if an SSL session was reused, or “`.`” otherwise." - }, - { - "m": "ngx_stream_ssl_preread_module", - "n": "ssl_preread", - "d": "Enables extracting information from the ClientHello message at the [preread](https://nginx.org/en/docs/stream/stream_processing.html#preread_phase) phase.", - "v": "ssl\\_preread off;", - "c": "`stream`, `server`", - "s": "**ssl_preread** `on` | `off`;" - }, - { - "m": "ngx_stream_ssl_preread_module", - "n": "variables", - "d": "#### Embedded Variables\n\n`$ssl_preread_protocol`\n\nthe highest SSL protocol version supported by the client (1.15.2)\n\n`$ssl_preread_server_name`\n\nserver name requested through SNI\n\n`$ssl_preread_alpn_protocols`\n\nlist of protocols advertised by the client through ALPN (1.13.10). The values are separated by commas.\n", - "v": "ssl\\_preread off;", - "c": "`stream`, `server`", - "s": "**ssl_preread** `on` | `off`;" - }, - { - "m": "ngx_stream_ssl_preread_module", - "n": "$ssl_preread_protocol", - "d": "list of protocols advertised by the client through ALPN (1.13.10). The values are separated by commas." - }, - { - "m": "ngx_stream_ssl_preread_module", - "n": "$ssl_preread_server_name", - "d": "list of protocols advertised by the client through ALPN (1.13.10). The values are separated by commas." - }, - { - "m": "ngx_stream_ssl_preread_module", - "n": "$ssl_preread_alpn_protocols", - "d": "list of protocols advertised by the client through ALPN (1.13.10). The values are separated by commas." - }, - { - "m": "ngx_stream_upstream_module", - "n": "upstream", - "d": "Defines a group of servers. Servers can listen on different ports. In addition, servers listening on TCP and UNIX-domain sockets can be mixed.\nExample:\n```\nupstream backend {\n server backend1.example.com:12345 weight=5;\n server 127.0.0.1:12345 max_fails=3 fail_timeout=30s;\n server unix:/tmp/backend2;\n server backend3.example.com:12345 resolve;\n\n server backup1.example.com:12345 backup;\n}\n\n```\n\nBy default, connections are distributed between the servers using a weighted round-robin balancing method. In the above example, each 7 connections will be distributed as follows: 5 connections go to `backend1.example.com:12345` and one connection to each of the second and third servers. If an error occurs during communication with a server, the connection will be passed to the next server, and so on until all of the functioning servers will be tried. If communication with all servers fails, the connection will be closed.", - "c": "`stream`", - "s": "**upstream** `_name_` { ... }" - }, - { - "m": "ngx_stream_upstream_module", - "n": "server", - "d": "Defines the `_address_` and other `_parameters_` of a server. The address can be specified as a domain name or IP address with an obligatory port, or as a UNIX-domain socket path specified after the “`unix:`” prefix. A domain name that resolves to several IP addresses defines multiple servers at once.\nThe following parameters can be defined:\n`weight`\\=`_number_`\n\nsets the weight of the server, by default, 1.\n\n`max_conns`\\=`_number_`\n\nlimits the maximum `_number_` of simultaneous connections to the proxied server (1.11.5). Default value is zero, meaning there is no limit. If the server group does not reside in the [shared memory](https://nginx.org/en/docs/stream/ngx_stream_upstream_module.html#zone), the limitation works per each worker process.\n\n> Prior to version 1.11.5, this parameter was available as part of our [commercial subscription](http://nginx.com/products/).\n\n`max_fails`\\=`_number_`\n\nsets the number of unsuccessful attempts to communicate with the server that should happen in the duration set by the `fail_timeout` parameter to consider the server unavailable for a duration also set by the `fail_timeout` parameter. By default, the number of unsuccessful attempts is set to 1. The zero value disables the accounting of attempts. Here, an unsuccessful attempt is an error or timeout while establishing a connection with the server.\n\n`fail_timeout`\\=`_time_`\n\nsets\n\n* the time during which the specified number of unsuccessful attempts to communicate with the server should happen to consider the server unavailable;\n* and the period of time the server will be considered unavailable.\n\nBy default, the parameter is set to 10 seconds.\n\n`backup`\n\nmarks the server as a backup server. Connections to the backup server will be passed when the primary servers are unavailable.\n\n> The parameter cannot be used along with the [hash](https://nginx.org/en/docs/stream/ngx_stream_upstream_module.html#hash) and [random](https://nginx.org/en/docs/stream/ngx_stream_upstream_module.html#random) load balancing methods.\n\n`down`\n\nmarks the server as permanently unavailable.\n\nAdditionally, the following parameters are available as part of our [commercial subscription](http://nginx.com/products/):\n`resolve`\n\nmonitors changes of the IP addresses that correspond to a domain name of the server, and automatically modifies the upstream configuration without the need of restarting nginx. The server group must reside in the [shared memory](https://nginx.org/en/docs/stream/ngx_stream_upstream_module.html#zone).\n\nIn order for this parameter to work, the `resolver` directive must be specified in the [stream](https://nginx.org/en/docs/stream/ngx_stream_core_module.html#resolver) block or in the corresponding [upstream](https://nginx.org/en/docs/stream/ngx_stream_upstream_module.html#resolver) block.\n\n`service`\\=`_name_`\n\nenables resolving of DNS [SRV](https://datatracker.ietf.org/doc/html/rfc2782) records and sets the service `_name_` (1.9.13). In order for this parameter to work, it is necessary to specify the [resolve](https://nginx.org/en/docs/stream/ngx_stream_upstream_module.html#resolve) parameter for the server and specify a hostname without a port number.\n\nIf the service name does not contain a dot (“`.`”), then the [RFC](https://datatracker.ietf.org/doc/html/rfc2782)\\-compliant name is constructed and the TCP protocol is added to the service prefix. For example, to look up the `_http._tcp.backend.example.com` SRV record, it is necessary to specify the directive:\n\n> server backend.example.com service=http resolve;\n\nIf the service name contains one or more dots, then the name is constructed by joining the service prefix and the server name. For example, to look up the `_http._tcp.backend.example.com` and `server1.backend.example.com` SRV records, it is necessary to specify the directives:\n\n> server backend.example.com service=\\_http.\\_tcp resolve;\n> server example.com service=server1.backend resolve;\n\nHighest-priority SRV records (records with the same lowest-number priority value) are resolved as primary servers, the rest of SRV records are resolved as backup servers. If the [backup](https://nginx.org/en/docs/stream/ngx_stream_upstream_module.html#backup) parameter is specified for the server, high-priority SRV records are resolved as backup servers, the rest of SRV records are ignored.\n\n`slow_start`\\=`_time_`\n\nsets the `_time_` during which the server will recover its weight from zero to a nominal value, when unhealthy server becomes [healthy](https://nginx.org/en/docs/stream/ngx_stream_upstream_hc_module.html#health_check), or when the server becomes available after a period of time it was considered [unavailable](https://nginx.org/en/docs/stream/ngx_stream_upstream_module.html#fail_timeout). Default value is zero, i.e. slow start is disabled.\n\n> The parameter cannot be used along with the [hash](https://nginx.org/en/docs/stream/ngx_stream_upstream_module.html#hash) and [random](https://nginx.org/en/docs/stream/ngx_stream_upstream_module.html#random) load balancing methods.\n\n\nIf there is only a single server in a group, `max_fails`, `fail_timeout` and `slow_start` parameters are ignored, and such a server will never be considered unavailable.\n", - "c": "`upstream`", - "s": "**server** `_address_` [`_parameters_`];" - }, - { - "m": "ngx_stream_upstream_module", - "n": "zone", - "d": "Defines the `_name_` and `_size_` of the shared memory zone that keeps the group’s configuration and run-time state that are shared between worker processes. Several groups may share the same zone. In this case, it is enough to specify the `_size_` only once.\nAdditionally, as part of our [commercial subscription](http://nginx.com/products/), such groups allow changing the group membership or modifying the settings of a particular server without the need of restarting nginx. The configuration is accessible via the [API](https://nginx.org/en/docs/http/ngx_http_api_module.html) module (1.13.3).\nPrior to version 1.13.3, the configuration was accessible only via a special location handled by [upstream\\_conf](https://nginx.org/en/docs/http/ngx_http_upstream_conf_module.html#upstream_conf).\n", - "c": "`upstream`", - "s": "**zone** `_name_` [`_size_`];" - }, - { - "m": "ngx_stream_upstream_module", - "n": "state", - "d": "Specifies a `_file_` that keeps the state of the dynamically configurable group.\nExamples:\n```\nstate /var/lib/nginx/state/servers.conf; # path for Linux\nstate /var/db/nginx/state/servers.conf; # path for FreeBSD\n\n```\n\nThe state is currently limited to the list of servers with their parameters. The file is read when parsing the configuration and is updated each time the upstream configuration is [changed](https://nginx.org/en/docs/http/ngx_http_api_module.html#stream_upstreams_stream_upstream_name_servers_). Changing the file content directly should be avoided. The directive cannot be used along with the [server](https://nginx.org/en/docs/stream/ngx_stream_upstream_module.html#server) directive.\n\nChanges made during [configuration reload](https://nginx.org/en/docs/control.html#reconfiguration) or [binary upgrade](https://nginx.org/en/docs/control.html#upgrade) can be lost.\n\n\nThis directive is available as part of our [commercial subscription](http://nginx.com/products/).\n", - "c": "`upstream`", - "s": "**state** `_file_`;" - }, - { - "m": "ngx_stream_upstream_module", - "n": "hash", - "d": "Specifies a load balancing method for a server group where the client-server mapping is based on the hashed `_key_` value. The `_key_` can contain text, variables, and their combinations (1.11.2). Usage example:\n```\nhash $remote_addr;\n\n```\nNote that adding or removing a server from the group may result in remapping most of the keys to different servers. The method is compatible with the [Cache::Memcached](https://metacpan.org/pod/Cache::Memcached) Perl library.\nIf the `consistent` parameter is specified, the [ketama](https://www.metabrew.com/article/libketama-consistent-hashing-algo-memcached-clients) consistent hashing method will be used instead. The method ensures that only a few keys will be remapped to different servers when a server is added to or removed from the group. This helps to achieve a higher cache hit ratio for caching servers. The method is compatible with the [Cache::Memcached::Fast](https://metacpan.org/pod/Cache::Memcached::Fast) Perl library with the `_ketama_points_` parameter set to 160.", - "c": "`upstream`", - "s": "**hash** `_key_` [`consistent`];" - }, - { - "m": "ngx_stream_upstream_module", - "n": "least_conn", - "d": "Specifies that a group should use a load balancing method where a connection is passed to the server with the least number of active connections, taking into account weights of servers. If there are several such servers, they are tried in turn using a weighted round-robin balancing method.", - "c": "`upstream`", - "s": "**least_conn**;" - }, - { - "m": "ngx_stream_upstream_module", - "n": "least_time", - "d": "Specifies that a group should use a load balancing method where a connection is passed to the server with the least average time and least number of active connections, taking into account weights of servers. If there are several such servers, they are tried in turn using a weighted round-robin balancing method.\nIf the `connect` parameter is specified, time to [connect](https://nginx.org/en/docs/stream/ngx_stream_upstream_module.html#var_upstream_connect_time) to the upstream server is used. If the `first_byte` parameter is specified, time to receive the [first byte](https://nginx.org/en/docs/stream/ngx_stream_upstream_module.html#var_upstream_first_byte_time) of data is used. If the `last_byte` is specified, time to receive the [last byte](https://nginx.org/en/docs/stream/ngx_stream_upstream_module.html#var_upstream_session_time) of data is used. If the `inflight` parameter is specified (1.11.6), incomplete connections are also taken into account.\nPrior to version 1.11.6, incomplete connections were taken into account by default.\n\n\nThis directive is available as part of our [commercial subscription](http://nginx.com/products/).\n", - "c": "`upstream`", - "s": "**least_time** `connect` | `first_byte` | `last_byte` [`inflight`];" - }, - { - "m": "ngx_stream_upstream_module", - "n": "random", - "d": "Specifies that a group should use a load balancing method where a connection is passed to a randomly selected server, taking into account weights of servers.\nThe optional `two` parameter instructs nginx to randomly select [two](https://homes.cs.washington.edu/~karlin/papers/balls.pdf) servers and then choose a server using the specified `method`. The default method is `least_conn` which passes a connection to a server with the least number of active connections.", - "c": "`upstream`", - "s": "**random** [`two` [`_method_`]];" - }, - { - "m": "ngx_stream_upstream_module", - "n": "random_least_time", - "d": "The `least_time` method passes a connection to a server with the least average time and least number of active connections. If `least_time=connect` parameter is specified, time to [connect](https://nginx.org/en/docs/stream/ngx_stream_upstream_module.html#var_upstream_connect_time) to the upstream server is used. If `least_time=first_byte` parameter is specified, time to receive the [first byte](https://nginx.org/en/docs/stream/ngx_stream_upstream_module.html#var_upstream_first_byte_time) of data is used. If `least_time=last_byte` is specified, time to receive the [last byte](https://nginx.org/en/docs/stream/ngx_stream_upstream_module.html#var_upstream_session_time) of data is used.\nThe `least_time` method is available as a part of our [commercial subscription](http://nginx.com/products/).\n", - "c": "`upstream`", - "s": "**random** [`two` [`_method_`]];" - }, - { - "m": "ngx_stream_upstream_module", - "n": "resolver", - "d": "Configures name servers used to resolve names of upstream servers into addresses, for example:\n```\nresolver 127.0.0.1 [::1]:5353;\n\n```\nThe address can be specified as a domain name or IP address, with an optional port. If port is not specified, the port 53 is used. Name servers are queried in a round-robin fashion.", - "c": "`upstream`", - "s": "**resolver** `_address_` ... [`valid`=`_time_`] [`ipv4`=`on`|`off`] [`ipv6`=`on`|`off`] [`status_zone`=`_zone_`];" - }, - { - "m": "ngx_stream_upstream_module", - "n": "resolver_ipv6", - "d": "By default, nginx will look up both IPv4 and IPv6 addresses while resolving. If looking up of IPv4 or IPv6 addresses is not desired, the `ipv4=off` (1.23.1) or the `ipv6=off` parameter can be specified.", - "c": "`upstream`", - "s": "**resolver** `_address_` ... [`valid`=`_time_`] [`ipv4`=`on`|`off`] [`ipv6`=`on`|`off`] [`status_zone`=`_zone_`];" - }, - { - "m": "ngx_stream_upstream_module", - "n": "resolver_valid", - "d": "By default, nginx caches answers using the TTL value of a response. The optional `valid` parameter allows overriding it:\n```\nresolver 127.0.0.1 [::1]:5353 valid=30s;\n\n```\n\nTo prevent DNS spoofing, it is recommended configuring DNS servers in a properly secured trusted local network.\n", - "c": "`upstream`", - "s": "**resolver** `_address_` ... [`valid`=`_time_`] [`ipv4`=`on`|`off`] [`ipv6`=`on`|`off`] [`status_zone`=`_zone_`];" - }, - { - "m": "ngx_stream_upstream_module", - "n": "resolver_status_zone", - "d": "The optional `status_zone` parameter enables [collection](https://nginx.org/en/docs/http/ngx_http_api_module.html#resolvers_) of DNS server statistics of requests and responses in the specified `_zone_`.\n\nThis directive is available as part of our [commercial subscription](http://nginx.com/products/).\n", - "c": "`upstream`", - "s": "**resolver** `_address_` ... [`valid`=`_time_`] [`ipv4`=`on`|`off`] [`ipv6`=`on`|`off`] [`status_zone`=`_zone_`];" - }, - { - "m": "ngx_stream_upstream_module", - "n": "resolver_timeout", - "d": "Sets a timeout for name resolution, for example:\n```\nresolver_timeout 5s;\n\n```\n\n\nThis directive is available as part of our [commercial subscription](http://nginx.com/products/).\n", - "v": "resolver\\_timeout 30s;", - "c": "`upstream`", - "s": "**resolver_timeout** `_time_`;" - }, - { - "m": "ngx_stream_upstream_module", - "n": "variables", - "d": "#### Embedded Variables\nThe `ngx_stream_upstream_module` module supports the following embedded variables:\n`$upstream_addr`\n\nkeeps the IP address and port, or the path to the UNIX-domain socket of the upstream server (1.11.4). If several servers were contacted during proxying, their addresses are separated by commas, e.g. “`192.168.1.1:12345, 192.168.1.2:12345, unix:/tmp/sock`”. If a server cannot be selected, the variable keeps the name of the server group.\n\n`$upstream_bytes_received`\n\nnumber of bytes received from an upstream server (1.11.4). Values from several connections are separated by commas like addresses in the [$upstream\\_addr](https://nginx.org/en/docs/stream/ngx_stream_upstream_module.html#var_upstream_addr) variable.\n\n`$upstream_bytes_sent`\n\nnumber of bytes sent to an upstream server (1.11.4). Values from several connections are separated by commas like addresses in the [$upstream\\_addr](https://nginx.org/en/docs/stream/ngx_stream_upstream_module.html#var_upstream_addr) variable.\n\n`$upstream_connect_time`\n\ntime to connect to the upstream server (1.11.4); the time is kept in seconds with millisecond resolution. Times of several connections are separated by commas like addresses in the [$upstream\\_addr](https://nginx.org/en/docs/stream/ngx_stream_upstream_module.html#var_upstream_addr) variable.\n\n`$upstream_first_byte_time`\n\ntime to receive the first byte of data (1.11.4); the time is kept in seconds with millisecond resolution. Times of several connections are separated by commas like addresses in the [$upstream\\_addr](https://nginx.org/en/docs/stream/ngx_stream_upstream_module.html#var_upstream_addr) variable.\n\n`$upstream_session_time`\n\nsession duration in seconds with millisecond resolution (1.11.4). Times of several connections are separated by commas like addresses in the [$upstream\\_addr](https://nginx.org/en/docs/stream/ngx_stream_upstream_module.html#var_upstream_addr) variable.\n", - "v": "resolver\\_timeout 30s;", - "c": "`upstream`", - "s": "**resolver_timeout** `_time_`;" - }, - { - "m": "ngx_stream_upstream_module", - "n": "$upstream_addr", - "d": "session duration in seconds with millisecond resolution (1.11.4). Times of several connections are separated by commas like addresses in the [$upstream\\_addr](https://nginx.org/en/docs/stream/ngx_stream_upstream_module.html#var_upstream_addr) variable." - }, - { - "m": "ngx_stream_upstream_module", - "n": "$upstream_bytes_received", - "d": "session duration in seconds with millisecond resolution (1.11.4). Times of several connections are separated by commas like addresses in the [$upstream\\_addr](https://nginx.org/en/docs/stream/ngx_stream_upstream_module.html#var_upstream_addr) variable." - }, - { - "m": "ngx_stream_upstream_module", - "n": "$upstream_bytes_sent", - "d": "session duration in seconds with millisecond resolution (1.11.4). Times of several connections are separated by commas like addresses in the [$upstream\\_addr](https://nginx.org/en/docs/stream/ngx_stream_upstream_module.html#var_upstream_addr) variable." - }, - { - "m": "ngx_stream_upstream_module", - "n": "$upstream_connect_time", - "d": "session duration in seconds with millisecond resolution (1.11.4). Times of several connections are separated by commas like addresses in the [$upstream\\_addr](https://nginx.org/en/docs/stream/ngx_stream_upstream_module.html#var_upstream_addr) variable." - }, - { - "m": "ngx_stream_upstream_module", - "n": "$upstream_first_byte_time", - "d": "session duration in seconds with millisecond resolution (1.11.4). Times of several connections are separated by commas like addresses in the [$upstream\\_addr](https://nginx.org/en/docs/stream/ngx_stream_upstream_module.html#var_upstream_addr) variable." - }, - { - "m": "ngx_stream_upstream_module", - "n": "$upstream_session_time", - "d": "session duration in seconds with millisecond resolution (1.11.4). Times of several connections are separated by commas like addresses in the [$upstream\\_addr](https://nginx.org/en/docs/stream/ngx_stream_upstream_module.html#var_upstream_addr) variable." - }, - { - "m": "ngx_stream_upstream_hc_module", - "n": "health_check", - "d": "Enables periodic health checks of the servers in a [group](https://nginx.org/en/docs/stream/ngx_stream_upstream_module.html#upstream).\nThe following optional parameters are supported:\n`interval`\\=`_time_`\n\nsets the interval between two consecutive health checks, by default, 5 seconds.\n\n`jitter`\\=`_time_`\n\nsets the time within which each health check will be randomly delayed, by default, there is no delay.\n\n`fails`\\=`_number_`\n\nsets the number of consecutive failed health checks of a particular server after which this server will be considered unhealthy, by default, 1.\n\n`passes`\\=`_number_`\n\nsets the number of consecutive passed health checks of a particular server after which the server will be considered healthy, by default, 1.\n\n`mandatory` \\[`persistent`\\]\n\nsets the initial “checking” state for a server until the first health check is completed (1.11.7). Client connections are not passed to servers in the “checking” state. If the parameter is not specified, the server will be initially considered healthy.\n\nThe `persistent` parameter (1.21.1) sets the initial “up” state for a server after reload if the server was considered healthy before reload.\n\n`match`\\=`_name_`\n\nspecifies the `match` block configuring the tests that a successful connection should pass in order for a health check to pass. By default, for TCP, only the ability to establish a TCP connection with the server is checked. For [UDP](https://nginx.org/en/docs/stream/ngx_stream_upstream_hc_module.html#health_check_udp), the absence of ICMP “`Destination Unreachable`” message is expected in reply to the sent string “`nginx health check`”.\n\n> Prior to version 1.11.7, by default, UDP health check required a [match](https://nginx.org/en/docs/stream/ngx_stream_upstream_hc_module.html#hc_match) block with the [send](https://nginx.org/en/docs/stream/ngx_stream_upstream_hc_module.html#match_send) and [expect](https://nginx.org/en/docs/stream/ngx_stream_upstream_hc_module.html#match_expect) parameters.\n\n`port`\\=`_number_`\n\ndefines the port used when connecting to a server to perform a health check (1.9.7). By default, equals the [server](https://nginx.org/en/docs/stream/ngx_stream_upstream_module.html#server) port.\n\n`udp`\n\nspecifies that the `UDP` protocol should be used for health checks instead of the default `TCP` protocol (1.9.13).\n", - "c": "`server`", - "s": "**health_check** [`_parameters_`];" - }, - { - "m": "ngx_stream_upstream_hc_module", - "n": "health_check_timeout", - "d": "Overrides the [proxy\\_timeout](https://nginx.org/en/docs/stream/ngx_stream_proxy_module.html#proxy_timeout) value for health checks.", - "v": "health\\_check\\_timeout 5s;", - "c": "`stream`, `server`", - "s": "**health_check_timeout** `_timeout_`;" - }, - { - "m": "ngx_stream_upstream_hc_module", - "n": "match", - "d": "Defines the named test set used to verify server responses to health checks.\nThe following parameters can be configured:\n`send` `_string_`;\n\nsends a `_string_` to the server;\n\n`expect` `_string_` | `~` `_regex_`;\n\na literal string (1.9.12) or a regular expression that the data obtained from the server should match. The regular expression is specified with the preceding “`~*`” modifier (for case-insensitive matching), or the “`~`” modifier (for case-sensitive matching).\nBoth `send` and `expect` parameters can contain hexadecimal literals with the prefix “`\\x`” followed by two hex digits, for example, “`\\x80`” (1.9.12).\nHealth check is passed if:\n* the TCP connection was successfully established;\n* the `_string_` from the `send` parameter, if specified, was sent;\n* the data obtained from the server matched the string or regular expression from the `expect` parameter, if specified;\n* the time elapsed does not exceed the value specified in the [health\\_check\\_timeout](https://nginx.org/en/docs/stream/ngx_stream_upstream_hc_module.html#health_check_timeout) directive.\n\nExample:\n```\nupstream backend {\n zone upstream_backend 10m;\n server 127.0.0.1:12345;\n}\n\nmatch http {\n send \"GET / HTTP/1.0\\r\\nHost: localhost\\r\\n\\r\\n\";\n expect ~ \"200 OK\";\n}\n\nserver {\n listen 12346;\n proxy_pass backend;\n health_check match=http;\n}\n\n```\n\n\nOnly the first [proxy\\_buffer\\_size](https://nginx.org/en/docs/stream/ngx_stream_proxy_module.html#proxy_buffer_size) bytes of data obtained from the server are examined.\n", - "c": "`stream`", - "s": "**match** `_name_` { ... }" - }, - { - "m": "ngx_stream_zone_sync_module", - "n": "zone_sync", - "d": "Enables the synchronization of shared memory zones between cluster nodes. Cluster nodes are defined using [zone\\_sync\\_server](https://nginx.org/en/docs/stream/ngx_stream_zone_sync_module.html#zone_sync_server) directives.", - "c": "`server`", - "s": "**zone_sync**;" - }, - { - "m": "ngx_stream_zone_sync_module", - "n": "zone_sync_buffers", - "d": "Sets the `_number_` and `_size_` of the per-zone buffers used for pushing zone contents. By default, the buffer size is equal to one memory page. This is either 4K or 8K, depending on a platform.\n\nA single buffer must be large enough to hold any entry of each zone being synchronized.\n", - "v": "zone\\_sync\\_buffers 8 4k|8k;", - "c": "`stream`, `server`", - "s": "**zone_sync_buffers** `_number_` `_size_`;" - }, - { - "m": "ngx_stream_zone_sync_module", - "n": "zone_sync_connect_retry_interval", - "d": "Defines an interval between connection attempts to another cluster node.", - "v": "zone\\_sync\\_connect\\_retry\\_interval 1s;", - "c": "`stream`, `server`", - "s": "**zone_sync_connect_retry_interval** `_time_`;" - }, - { - "m": "ngx_stream_zone_sync_module", - "n": "zone_sync_connect_timeout", - "d": "Defines a timeout for establishing a connection with another cluster node.", - "v": "zone\\_sync\\_connect\\_timeout 5s;", - "c": "`stream`, `server`", - "s": "**zone_sync_connect_timeout** `_time_`;" - }, - { - "m": "ngx_stream_zone_sync_module", - "n": "zone_sync_interval", - "d": "Defines an interval for polling updates in a shared memory zone.", - "v": "zone\\_sync\\_interval 1s;", - "c": "`stream`, `server`", - "s": "**zone_sync_interval** `_time_`;" - }, - { - "m": "ngx_stream_zone_sync_module", - "n": "zone_sync_recv_buffer_size", - "d": "Sets `_size_` of a per-connection receive buffer used to parse incoming stream of synchronization messages. The buffer size must be equal or greater than one of the [zone\\_sync\\_buffers](https://nginx.org/en/docs/stream/ngx_stream_zone_sync_module.html#zone_sync_buffers). By default, the buffer size is equal to [zone\\_sync\\_buffers](https://nginx.org/en/docs/stream/ngx_stream_zone_sync_module.html#zone_sync_buffers) `_size_` multiplied by `_number_`.", - "v": "zone\\_sync\\_recv\\_buffer\\_size 4k|8k;", - "c": "`stream`, `server`", - "s": "**zone_sync_recv_buffer_size** `_size_`;" - }, - { - "m": "ngx_stream_zone_sync_module", - "n": "zone_sync_server", - "d": "Defines the `_address_` of a cluster node. The address can be specified as a domain name or IP address with a mandatory port, or as a UNIX-domain socket path specified after the “`unix:`” prefix. A domain name that resolves to several IP addresses defines multiple nodes at once.", - "c": "`server`", - "s": "**zone_sync_server** `_address_` [`resolve`];" - }, - { - "m": "ngx_stream_zone_sync_module", - "n": "resolve", - "d": "The `resolve` parameter instructs nginx to monitor changes of the IP addresses that correspond to a domain name of the node and automatically modify the configuration without the need of restarting nginx.\nCluster nodes are specified either dynamically as a single `zone_sync_server` directive with the `resolve` parameter, or statically as a series of several directives without the parameter.\nEach cluster node should be specified only once.\n\nAll cluster nodes should use the same configuration.\n\nIn order for the `resolve` parameter to work, the [resolver](https://nginx.org/en/docs/stream/ngx_stream_core_module.html#resolver) directive must be specified in the [stream](https://nginx.org/en/docs/stream/ngx_stream_core_module.html#stream) block. Example:\n```\nstream {\n resolver 10.0.0.1;\n\n server {\n zone_sync;\n zone_sync_server cluster.example.com:12345 resolve;\n ...\n }\n}\n\n```\n", - "c": "`server`", - "s": "**zone_sync_server** `_address_` [`resolve`];" - }, - { - "m": "ngx_stream_zone_sync_module", - "n": "zone_sync_ssl", - "d": "Enables the SSL/TLS protocol for connections to another cluster server.", - "v": "zone\\_sync\\_ssl off;", - "c": "`stream`, `server`", - "s": "**zone_sync_ssl** `on` | `off`;" - }, - { - "m": "ngx_stream_zone_sync_module", - "n": "zone_sync_ssl_certificate", - "d": "Specifies a `_file_` with the certificate in the PEM format used for authentication to another cluster server.", - "c": "`stream`, `server`", - "s": "**zone_sync_ssl_certificate** `_file_`;" - }, - { - "m": "ngx_stream_zone_sync_module", - "n": "zone_sync_ssl_certificate_key", - "d": "Specifies a `_file_` with the secret key in the PEM format used for authentication to another cluster server.", - "c": "`stream`, `server`", - "s": "**zone_sync_ssl_certificate_key** `_file_`;" - }, - { - "m": "ngx_stream_zone_sync_module", - "n": "zone_sync_ssl_ciphers", - "d": "Specifies the enabled ciphers for connections to another cluster server. The ciphers are specified in the format understood by the OpenSSL library.\nThe full list can be viewed using the “`openssl ciphers`” command.", - "v": "zone\\_sync\\_ssl\\_ciphers DEFAULT;", - "c": "`stream`, `server`", - "s": "**zone_sync_ssl_ciphers** `_ciphers_`;" - }, - { - "m": "ngx_stream_zone_sync_module", - "n": "zone_sync_ssl_conf_command", - "d": "Sets arbitrary OpenSSL configuration [commands](https://www.openssl.org/docs/man1.1.1/man3/SSL_CONF_cmd.html) when establishing a connection with another cluster server.\nThe directive is supported when using OpenSSL 1.0.2 or higher.\n\nSeveral `zone_sync_ssl_conf_command` directives can be specified on the same level. These directives are inherited from the previous configuration level if and only if there are no `zone_sync_ssl_conf_command` directives defined on the current level.\n\nNote that configuring OpenSSL directly might result in unexpected behavior.\n", - "c": "`stream`, `server`", - "s": "**zone_sync_ssl_conf_command** `_name_` `_value_`;" - }, - { - "m": "ngx_stream_zone_sync_module", - "n": "zone_sync_ssl_crl", - "d": "Specifies a `_file_` with revoked certificates (CRL) in the PEM format used to [verify](https://nginx.org/en/docs/stream/ngx_stream_zone_sync_module.html#zone_sync_ssl_verify) the certificate of another cluster server.", - "c": "`stream`, `server`", - "s": "**zone_sync_ssl_crl** `_file_`;" - }, - { - "m": "ngx_stream_zone_sync_module", - "n": "zone_sync_ssl_name", - "d": "Allows overriding the server name used to [verify](https://nginx.org/en/docs/stream/ngx_stream_zone_sync_module.html#zone_sync_ssl_verify) the certificate of a cluster server and to be [passed through SNI](https://nginx.org/en/docs/stream/ngx_stream_zone_sync_module.html#zone_sync_ssl_server_name) when establishing a connection with the cluster server.\nBy default, the host part of the [zone\\_sync\\_server](https://nginx.org/en/docs/stream/ngx_stream_zone_sync_module.html#zone_sync_server) address is used, or resolved IP address if the [resolve](https://nginx.org/en/docs/stream/ngx_stream_zone_sync_module.html#resolve) parameter is specified.", - "v": "zone\\_sync\\_ssl\\_name host from zone\\_sync\\_server;", - "c": "`stream`, `server`", - "s": "**zone_sync_ssl_name** `_name_`;" - }, - { - "m": "ngx_stream_zone_sync_module", - "n": "zone_sync_ssl_password_file", - "d": "Specifies a `_file_` with passphrases for [secret keys](https://nginx.org/en/docs/stream/ngx_stream_zone_sync_module.html#zone_sync_ssl_certificate_key) where each passphrase is specified on a separate line. Passphrases are tried in turn when loading the key.", - "c": "`stream`, `server`", - "s": "**zone_sync_ssl_password_file** `_file_`;" - }, - { - "m": "ngx_stream_zone_sync_module", - "n": "zone_sync_ssl_protocols", - "d": "Enables the specified protocols for connections to another cluster server.", - "v": "zone\\_sync\\_ssl\\_protocols TLSv1 TLSv1.1 TLSv1.2;", - "c": "`stream`, `server`", - "s": "**zone_sync_ssl_protocols** [`SSLv2`] [`SSLv3`] [`TLSv1`] [`TLSv1.1`] [`TLSv1.2`] [`TLSv1.3`];" - }, - { - "m": "ngx_stream_zone_sync_module", - "n": "zone_sync_ssl_server_name", - "d": "Enables or disables passing of the server name through [TLS Server Name Indication extension](http://en.wikipedia.org/wiki/Server_Name_Indication) (SNI, RFC 6066) when establishing a connection with another cluster server.", - "v": "zone\\_sync\\_ssl\\_server\\_name off;", - "c": "`stream`, `server`", - "s": "**zone_sync_ssl_server_name** `on` | `off`;" - }, - { - "m": "ngx_stream_zone_sync_module", - "n": "zone_sync_ssl_trusted_certificate", - "d": "Specifies a `_file_` with trusted CA certificates in the PEM format used to [verify](https://nginx.org/en/docs/stream/ngx_stream_zone_sync_module.html#zone_sync_ssl_verify) the certificate of another cluster server.", - "c": "`stream`, `server`", - "s": "**zone_sync_ssl_trusted_certificate** `_file_`;" - }, - { - "m": "ngx_stream_zone_sync_module", - "n": "zone_sync_ssl_verify", - "d": "Enables or disables verification of another cluster server certificate.", - "v": "zone\\_sync\\_ssl\\_verify off;", - "c": "`stream`, `server`", - "s": "**zone_sync_ssl_verify** `on` | `off`;" - }, - { - "m": "ngx_stream_zone_sync_module", - "n": "zone_sync_ssl_verify_depth", - "d": "Sets the verification depth in another cluster server certificates chain.", - "v": "zone\\_sync\\_ssl\\_verify\\_depth 1;", - "c": "`stream`, `server`", - "s": "**zone_sync_ssl_verify_depth** `_number_`;" - }, - { - "m": "ngx_stream_zone_sync_module", - "n": "zone_sync_timeout", - "d": "Sets the `_timeout_` between two successive read or write operations on connection to another cluster node. If no data is transmitted within this time, the connection is closed.", - "v": "zone\\_sync\\_timeout 5s;", - "c": "`stream`, `server`", - "s": "**zone_sync_timeout** `_timeout_`;" - }, - { - "m": "ngx_stream_zone_sync_module", - "n": "stream_zone_sync_status", - "d": "#### API endpoints\nThe synchronization status of a node is available via the [/stream/zone\\_sync/](https://nginx.org/en/docs/http/ngx_http_api_module.html#stream_zone_sync_) endpoint of the API which returns the [following](https://nginx.org/en/docs/http/ngx_http_api_module.html#def_nginx_stream_zone_sync) metrics.", - "v": "zone\\_sync\\_timeout 5s;", - "c": "`stream`, `server`", - "s": "**zone_sync_timeout** `_timeout_`;" - }, - { - "m": "ngx_stream_zone_sync_module", - "n": "controlling_cluster_node", - "d": "#### Starting, stopping, removing a cluster node\nTo start a new node, update a DNS record of a cluster hostname with the IP address of the new node and start an instance. The new node will discover other nodes from DNS or static configuration and will start sending updates to them. Other nodes will eventually discover the new node using DNS and start pushing updates to it. In case of static configuration, other nodes need to be reloaded in order to send updates to the new node.\nTo stop a node, send the `QUIT` signal to the instance. The node will finish zone synchronization and gracefully close open connections.\nTo remove a node, update a DNS record of a cluster hostname and remove the IP address of the node. All other nodes will eventually discover that the node is removed, close connections to the node, and will no longer try to connect to it. After the node is removed, it can be stopped as described above. In case of static configuration, other nodes need to be reloaded in order to stop sending updates to the removed node.", - "v": "zone\\_sync\\_timeout 5s;", - "c": "`stream`, `server`", - "s": "**zone_sync_timeout** `_timeout_`;" - }, - { - "m": "ngx_google_perftools_module", - "n": "google_perftools_profiles", - "d": "Sets a file name that keeps profiling information of nginx worker process. The ID of the worker process is always a part of the file name and is appended to the end of the file name, after a dot.", - "c": "`main`", - "s": "**google_perftools_profiles** `_file_`;" - } -] diff --git a/src/directives.ts b/src/directives.ts new file mode 100644 index 0000000..0ef06cb --- /dev/null +++ b/src/directives.ts @@ -0,0 +1,36 @@ +import { getDirectives, Directive, Format } from '@nginx/reference-lib'; + +type autocomplete = { + /** name of the NGINX module */ + m: string; + /** name */ + n: string; + /** markdown-formatted description */ + d: string; + /** default value, as an unformatted string as if a human typed it into an + * nginx config */ + v?: string; + /** markdown CSV for valid contexts */ + c: string; + /** markdown-formatted syntax specifications, including directive name. + * Multiple syntaxes are seperated by newlines */ + s: string; +}; + +function toAutocomplete(d: Directive): autocomplete { + const ret: autocomplete = { + m: d.module, + n: d.name, + d: d.description, + c: d.contexts.map((c) => '`' + c + '`').join(', '), + s: d.syntax.map((s) => `**${d.name}** ${s};`).join('\n'), + }; + + if (d.default) { + ret.v = `${d.name} ${d.default};`; + } + + return ret; +} + +export const directives = getDirectives(Format.Markdown).map(toAutocomplete); diff --git a/src/index.tsx b/src/index.tsx index 52e89a0..b7ec9fe 100644 --- a/src/index.tsx +++ b/src/index.tsx @@ -1,7 +1,7 @@ import * as monaco from 'monaco-editor'; import { themeConfig, themeDarkConfig, tokenConf } from './conf'; import suggestions from './suggestions'; -import directives from './directives.json'; +import { directives } from './directives'; // Register a new language monaco.languages.register({ diff --git a/src/suggestions.ts b/src/suggestions.ts index 571392f..188e242 100644 --- a/src/suggestions.ts +++ b/src/suggestions.ts @@ -1,5 +1,5 @@ import * as monaco from 'monaco-editor'; -import directives from './directives.json'; +import { directives } from './directives'; function getDirectives(range: monaco.IRange) { return directives.map((item) => ({