=encoding utf-8 =head1 NAME ngx_http_core_module - Module ngx_http_core_module =head1 Directives =head2 aio B aio I< C E C E C[C<=>I>]> B I B I B I B I This directive appeared in version 0.8.11. Enables or disables the use of asynchronous file IEO (AIO) on FreeBSD and Linux: location /video/ { aio on; output_buffers 1 64k; } On FreeBSD, AIO can be used starting from FreeBSDE4.3. AIO can either be linked statically into a kernel: options VFS_AIO or loaded dynamically as a kernel loadable module: kldload aio On Linux, AIO can be used starting from kernel version 2.6.22. Also, it is necessary to enable L, or otherwise reading will be blocking: location /video/ { aio on; directio 512; output_buffers 1 128k; } On Linux, L can only be used for reading blocks that are aligned on 512-byte boundaries (or 4K for XFS). File’s unaligned end is read in blocking mode. The same holds true for byte range requests and for FLV requests not from the beginning of a file: reading of unaligned data at the beginning and end of a file will be blocking. When both AIO and L are enabled on Linux, AIO is used for files that are larger than or equal to the size specified in the L directive, while L is used for files of smaller sizes or when L is disabled. location /video/ { sendfile on; aio on; directio 8m; } Finally, files can be read and sent using multi-threading (1.7.11), without blocking a worker process: location /video/ { sendfile on; aio threads; } Read and send file operations are offloaded to threads of the specified L. If the pool name is omitted, the pool with the name “C” is used. The pool name can also be set with variables: aio threads=pool$disk; By default, multi-threading is disabled, it should be enabled with the C<--with-threads> configuration parameter. Currently, multi-threading is compatible only with the L, L, and L methods. Multi-threaded sending of files is only supported on Linux. See also the L directive. =head2 aio_write B aio_write I E C> B I B I B I B I This directive appeared in version 1.9.13. If L is enabled, specifies whether it is used for writing files. Currently, this only works when using C and is limited to writing temporary files with data received from proxied servers. =head2 alias B alias I>> B I Defines a replacement for the specified location. For example, with the following configuration location /i/ { alias /data/w3/images/; } on request of “CiEtop.gif>”, the file FdataEw3EimagesEtop.gif> will be sent. The I> value can contain variables, except C<$document_root> and C<$realpath_root>. If C is used inside a location defined with a regular expression then such regular expression should contain captures and C should refer to these captures (0.7.40), for example: location ~ ^/users/(.+\.(?:gif|jpe?g|png))$ { alias /data/w3/images/$1; } When location matches the last part of the directive’s value: location /images/ { alias /data/w3/images/; } it is better to use the L directive instead: location /images/ { root /data/w3; } =head2 chunked_transfer_encoding B chunked_transfer_encoding I E C> B I B I B I B I Allows disabling chunked transfer encoding in HTTPE1.1. It may come in handy when using a software failing to support chunked encoding despite the standard’s requirement. =head2 client_body_buffer_size B client_body_buffer_size I>> B I<8kE16k> B I B I B I Sets buffer size for reading client request body. In case the request body is larger than the buffer, the whole body or only its part is written to a temporary file. By default, buffer size is equal to two memory pages. This is 8K on x86, other 32-bit platforms, and x86-64. It is usually 16K on other 64-bit platforms. =head2 client_body_in_file_only B client_body_in_file_only I< C E C E C> B I B I B I B I Determines whether nginx should save the entire client request body into a file. This directive can be used during debugging, or when using the C<$request_body_file> variable, or the L<$r-Erequest_body_file|ngx_http_perl_module> method of the module L. When set to the value C, temporary files are not removed after request processing. The value C will cause the temporary files left after request processing to be removed. =head2 client_body_in_single_buffer B client_body_in_single_buffer I E C> B I B I B I B I Determines whether nginx should save the entire client request body in a single buffer. The directive is recommended when using the C<$request_body> variable, to save the number of copy operations involved. =head2 client_body_temp_path B client_body_temp_path I< I> [I> [I> [I>]]]> B I B I B I B I Defines a directory for storing temporary files holding client request bodies. Up to three-level subdirectory hierarchy can be used under the specified directory. For example, in the following configuration client_body_temp_path /spool/nginx/client_temp 1 2; a path to a temporary file might look like this: /spool/nginx/client_temp/7/45/00000123457 =head2 client_body_timeout B client_body_timeout I>> B I<60s> B I B I B I Defines a timeout for reading client request body. The timeout is set only for a period between two successive read operations, not for the transmission of the whole request body. If a client does not transmit anything within this time, the C<408> (C) error is returned to the client. =head2 client_header_buffer_size B client_header_buffer_size I>> B I<1k> B I B I Sets buffer size for reading client request header. For most requests, a buffer of 1K bytes is enough. However, if a request includes long cookies, or comes from a WAP client, it may not fit into 1K. If a request line or a request header field does not fit into this buffer then larger buffers, configured by the L directive, are allocated. =head2 client_header_timeout B client_header_timeout I>> B I<60s> B I B I Defines a timeout for reading client request header. If a client does not transmit the entire header within this time, the C<408> (C) error is returned to the client. =head2 client_max_body_size B client_max_body_size I>> B I<1m> B I B I B I Sets the maximum allowed size of the client request body, specified in the C request header field. If the size in a request exceeds the configured value, the C<413> (C) error is returned to the client. Please be aware that browsers cannot correctly display this error. Setting I> to 0 disables checking of client request body size. =head2 connection_pool_size B connection_pool_size I>> B I<256E512> B I B I Allows accurate tuning of per-connection memory allocations. This directive has minimal impact on performance and should not generally be used. By default, the size is equal to 256 bytes on 32-bit platforms and 512 bytes on 64-bit platforms. B Prior to version 1.9.8, the default value was 256 on all platforms. =head2 default_type B default_type I>> B Iplain> B I B I B I Defines the default MIME type of a response. Mapping of file name extensions to MIME types can be set with the L directive. =head2 directio B directio I> E C> B I B I B I B I This directive appeared in version 0.7.7. Enables the use of the C flag (FreeBSD, Linux), the C flag (Mac OS X), or the C function (Solaris), when reading files that are larger than or equal to the specified I>. The directive automatically disables (0.7.15) the use of L for a given request. It can be useful for serving large files: directio 4m; or when using L on Linux. =head2 directio_alignment B directio_alignment I>> B I<512> B I B I B I This directive appeared in version 0.8.11. Sets the alignment for L. In most cases, a 512-byte alignment is enough. However, when using XFS under Linux, it needs to be increased to 4K. =head2 disable_symlinks B disable_symlinks I> B disable_symlinks I< C E C [C=I>]> B I B I B I B I This directive appeared in version 1.1.15. Determines how symbolic links should be treated when opening files: =over =item C Symbolic links in the pathname are allowed and not checked. This is the default behavior. =item C If any component of the pathname is a symbolic link, access to a file is denied. =item C Access to a file is denied if any component of the pathname is a symbolic link, and the link and object that the link points to have different owners. =item C=I> When checking symbolic links (parameters C and C), all components of the pathname are normally checked. Checking of symbolic links in the initial part of the pathname may be avoided by specifying additionally the C=I> parameter. In this case, symbolic links are checked only from the pathname component that follows the specified initial part. If the value is not an initial part of the pathname checked, the whole pathname is checked as if this parameter was not specified at all. If the value matches the whole file name, symbolic links are not checked. The parameter value can contain variables. =back Example: disable_symlinks on from=$document_root; This directive is only available on systems that have the C and C interfaces. Such systems include modern versions of FreeBSD, Linux, and Solaris. Parameters C and C add a processing overhead. B On systems that do not support opening of directories only for search, to use these parameters it is required that worker processes have read permissions for all directories being checked. B The L, L, and L modules currently ignore this directive. =head2 error_page B error_page I< I> ... [C<=>[I>]] I>> B I B I B I B I Defines the URI that will be shown for the specified errors. C directives are inherited from the previous level only if there are no C directives defined on the current level. A C value can contain variables. Example: error_page 404 /404.html; error_page 500 502 503 504 /50x.html; Furthermore, it is possible to change the response code to another using the “C<=>I>” syntax, for example: error_page 404 =200 /empty.gif; If an error response is processed by a proxied server or a FastCGIEuwsgiESCGI server, and the server may return different response codes (e.g., 200, 302, 401 or 404), it is possible to respond with the code it returns: error_page 404 = /404.php; It is also possible to use redirects for error processing: error_page 403 http://example.com/forbidden.html; error_page 404 =301 http://example.com/notfound.html; In this case, by default, the response code 302 is returned to the client. It can only be changed to one of the redirect status codes (301, 302, 303, and 307). If there is no need to change URI during internal redirection it is possible to pass error processing into a named location: location / { error_page 404 = @fallback; } location @fallback { proxy_pass http://backend; } B If C processing leads to an error, the status code of the last occurred error is returned to the client. =head2 etag B etag I E C> B I B I B I B I This directive appeared in version 1.3.3. Enables or disables automatic generation of the C response header field for static resources. =head2 http http { B<...> } B I
Provides the configuration file context in which the HTTP server directives are specified. =head2 if_modified_since B if_modified_since I< C E C E C> B I B I B I B I This directive appeared in version 0.7.24. Specifies how to compare modification time of a response with the time in the C request header field: =over =item C the C request header field is ignored (0.7.34); =item C exact match; =item C modification time of a response is less than or equal to the time in the C request header field. =back =head2 ignore_invalid_headers B ignore_invalid_headers I E C> B I B I B I Controls whether header fields with invalid names should be ignored. Valid names are composed of English letters, digits, hyphens, and possibly underscores (as controlled by the L directive). If the directive is specified on the L level, its value is only used if a server is a default one. The value specified also applies to all virtual servers listening on the same address and port. =head2 internal B I Specifies that a given location can only be used for internal requests. For external requests, the client error C<404> (C) is returned. Internal requests are the following: =over =item * requests redirected by the L, L, L, and L directives; =item * requests redirected by the C response header field from an upstream server; =item * subrequests formed by the “C” command of the L module and by the L module directives; =item * requests changed by the L directive. =back Example: error_page 404 /404.html; location /404.html { internal; } B There is a limit of 10 internal redirects per request to prevent request processing cycles that can occur in incorrect configurations. If this limit is reached, the error C<500> (C) is returned. In such cases, the “rewrite or internal redirection cycle” message can be seen in the error log. =head2 keepalive_disable B keepalive_disable I E I> ...> B I B I B I B I Disables keep-alive connections with misbehaving browsers. The I> parameters specify which browsers will be affected. The value C disables keep-alive connections with old versions of MSIE, once a POST request is received. The value C disables keep-alive connections with Safari and Safari-like browsers on Mac OS X and Mac OS X-like operating systems. The value C enables keep-alive connections with all browsers. B Prior to version 1.1.18, the value C matched all Safari and Safari-like browsers on all operating systems, and keep-alive connections with them were disabled by default. =head2 keepalive_requests B keepalive_requests I>> B I<100> B I B I B I This directive appeared in version 0.8.0. Sets the maximum number of requests that can be served through one keep-alive connection. After the maximum number of requests are made, the connection is closed. =head2 keepalive_timeout B keepalive_timeout I< I> [I>]> B I<75s> B I B I B I The first parameter sets a timeout during which a keep-alive client connection will stay open on the server side. The zero value disables keep-alive client connections. The optional second parameter sets a value in the C>> response header field. Two parameters may differ. The C>> header field is recognized by Mozilla and Konqueror. MSIE closes keep-alive connections by itself in about 60 seconds. =head2 large_client_header_buffers B large_client_header_buffers I> I>> B I<4 8k> B I B I Sets the maximum I> and I> of buffers used for reading large client request header. A request line cannot exceed the size of one buffer, or the C<414> (C) error is returned to the client. A request header field cannot exceed the size of one buffer as well, or the C<400> (C) error is returned to the client. Buffers are allocated only on demand. By default, the buffer size is equal to 8K bytes. If after the end of request processing a connection is transitioned into the keep-alive state, these buffers are released. =head2 limit_except B limit_except I> ... { B<...> } > B I Limits allowed HTTP methods inside a location. The I> parameter can be one of the following: C, C, C, C, C, C, C, C, C, C, C, C, C, or C. Allowing the C method makes the C method also allowed. Access to other methods can be limited using the L and L modules directives: limit_except GET { allow 192.168.1.0/32; deny all; } Please note that this will limit access to all methods I GET and HEAD. =head2 limit_rate B limit_rate I>> B I<0> B I B I B I B I Limits the rate of response transmission to a client. The I> is specified in bytes per second. The zero value disables rate limiting. The limit is set per a request, and so if a client simultaneously opens two connections, the overall rate will be twice as much as the specified limit. Rate limit can also be set in the C<$limit_rate> variable. It may be useful in cases where rate should be limited depending on a certain condition: server { if ($slow) { set $limit_rate 4k; } ... } Rate limit can also be set in the C header field of a proxied server response. This capability can be disabled using the L, L, L, and L directives. =head2 limit_rate_after B limit_rate_after I>> B I<0> B I B I B I B I This directive appeared in version 0.8.0. Sets the initial amount after which the further transmission of a response to a client will be rate limited. Example: location /flv/ { flv; limit_rate_after 500k; limit_rate 50k; } =head2 lingering_close B lingering_close I< C E C E C> B I B I B I B I This directive appeared in version 1.1.0. This directive appeared in version 1.0.6. Controls how nginx closes client connections. The default value “C” instructs nginx to wait for and process additional data from a client before fully closing a connection, but only if heuristics suggests that a client may be sending more data. The value “C” will cause nginx to unconditionally wait for and process additional client data. The value “C” tells nginx to never wait for more data and close the connection immediately. This behavior breaks the protocol and should not be used under normal circumstances. =head2 lingering_time B lingering_time I>> B I<30s> B I B I B I When L is in effect, this directive specifies the maximum time during which nginx will process (read and ignore) additional data coming from a client. After that, the connection will be closed, even if there will be more data. =head2 lingering_timeout B lingering_timeout I>> B I<5s> B I B I B I When L is in effect, this directive specifies the maximum waiting time for more client data to arrive. If data are not received during this time, the connection is closed. Otherwise, the data are read and ignored, and nginx starts waiting for more data again. The “wait-read-ignore” cycle is repeated, but no longer than specified by the L directive. =head2 listen B listen I< I>[:I>] [C] [C] [C E C] [C] [C=I>] [C=I>] [C=I>] [C=I>] [C=I>] [C=I>] [C] [C] [C=CEC] [C] [C=CECE[I>]:[I>]:[I>]]> B listen I< I> [C] [C] [C E C] [C] [C=I>] [C=I>] [C=I>] [C=I>] [C=I>] [C=I>] [C] [C] [C=CEC] [C] [C=CECE[I>]:[I>]:[I>]]> B listen I< CI> [C] [C] [C E C] [C] [C=I>] [C=I>] [C=I>] [C=I>] [C] [C] [C=CECE[I>]:[I>]:[I>]]> B I<*:80 E *:8000> B I Sets the I> and I> for IP, or the I> for a UNIX-domain socket on which the server will accept requests. Both I> and I>, or only I> or only I> can be specified. An I> may also be a hostname, for example: listen 127.0.0.1:8000; listen 127.0.0.1; listen 8000; listen *:8000; listen localhost:8000; IPv6 addresses (0.7.36) are specified in square brackets: listen [::]:8000; listen [::1]; UNIX-domain sockets (0.8.21) are specified with the “C” prefix: listen unix:/var/run/nginx.sock; If only I> is given, the port 80 is used. If the directive is not present then either C<*:80> is used if nginx runs with the superuser privileges, or C<*:8000> otherwise. The C parameter, if present, will cause the server to become the default server for the specified I>:I> pair. If none of the directives have the C parameter then the first server with the I>:I> pair will be the default server for this pair. B In versions prior to 0.8.21 this parameter is named simply C. The C parameter (0.7.14) allows specifying that all connections accepted on this port should work in SSL mode. This allows for a more compact L for the server that handles both HTTP and HTTPS requests. The C parameter (1.9.5) configures the port to accept L2|ngx_http_v2_module> connections. Normally, for this to work the C parameter should be specified as well, but nginx can also be configured to accept HTTPE2 connections without SSL. The C parameter (1.3.15-1.9.4) allows accepting L connections on this port. Normally, for this to work the C parameter should be specified as well, but nginx can also be configured to accept SPDY connections without SSL. The C parameter (1.5.12) allows specifying that all connections accepted on this port should use the L. The C directive can have several additional parameters specific to socket-related system calls. These parameters can be specified in any C directive, but only once for a given I>:I> pair. B In versions prior to 0.8.21, they could only be specified in the C directive together with the C parameter. =over =item C=I> this parameter (0.8.44) sets the associated routing table, FIB (the C option) for the listening socket. This currently works only on FreeBSD. =item C=I> enables “L” for the listening socket (1.5.8) and L the maximum length for the queue of connections that have not yet completed the three-way handshake. B Do not enable this feature unless the server can handle receiving the L more than once. =item C=I> sets the C parameter in the C call that limits the maximum length for the queue of pending connections. By default, C is set to -1 on FreeBSD, DragonFly BSD, and Mac OS X, and to 511 on other platforms. =item C=I> sets the receive buffer size (the C option) for the listening socket. =item C=I> sets the send buffer size (the C option) for the listening socket. =item C=I> sets the name of accept filter (the C option) for the listening socket that filters incoming connections before passing them to C. This works only on FreeBSD and NetBSD 5.0+. Possible values are L and L. =item C instructs to use a deferred C (the C socket option) on Linux. =item C instructs to make a separate C call for a given I>:I> pair. This is useful because if there are several C directives with the same port but different addresses, and one of the C directives listens on all addresses for the given port (C<*:>I>), nginx will C only to C<*:>I>. It should be noted that the C system call will be made in this case to determine the address that accepted the connection. If the C, C, C, C, C, C, C, or C parameters are used then for a given I>:I> pair a separate C call will always be made. =item C=CEC this parameter (0.7.42) determines (via the C socket option) whether an IPv6 socket listening on a wildcard address C<[::]> will accept only IPv6 connections or both IPv6 and IPv4 connections. This parameter is turned on by default. It can only be set once on start. B Prior to version 1.3.4, if this parameter was omitted then the operating system’s settings were in effect for the socket. =item C this parameter (1.9.1) instructs to create an individual listening socket for each worker process (using the C socket option), allowing a kernel to distribute incoming connections between worker processes. This currently works only on Linux 3.9+ and DragonFly BSD. B Inappropriate use of this option may have its security L. =item C=CECE[I>]:[I>]:[I>] this parameter (1.1.11) configures the “TCP keepalive” behavior for the listening socket. If this parameter is omitted then the operating system’s settings will be in effect for the socket. If it is set to the value “C”, the C option is turned on for the socket. If it is set to the value “C”, the C option is turned off for the socket. Some operating systems support setting of TCP keepalive parameters on a per-socket basis using the C, C, and C socket options. On such systems (currently, Linux 2.4+, NetBSD 5+, and FreeBSD 9.0-STABLE), they can be configured using the I>, I>, and I> parameters. One or two parameters may be omitted, in which case the system default setting for the corresponding socket option will be in effect. For example, so_keepalive=30m::10 will set the idle timeout (C) to 30 minutes, leave the probe interval (C) at its system default, and set the probes count (C) to 10 probes. =back Example: listen 127.0.0.1 default_server accept_filter=dataready backlog=1024; =head2 location B location I<[ C<=> E C<~> E C<~*> E C<^~> ] I> { B<...> } > B location II> { B<...> } > B I B I Sets configuration depending on a request URI. The matching is performed against a normalized URI, after decoding the text encoded in the “C<%XX>” form, resolving references to relative path components “C<.>” and “C<..>”, and possible compression of two or more adjacent slashes into a single slash. A location can either be defined by a prefix string, or by a regular expression. Regular expressions are specified with the preceding “C<~*>” modifier (for case-insensitive matching), or the “C<~>” modifier (for case-sensitive matching). To find location matching a given request, nginx first checks locations defined using the prefix strings (prefix locations). Among them, the location with the longest matching prefix is selected and remembered. Then regular expressions are checked, in the order of their appearance in the configuration file. The search of regular expressions terminates on the first match, and the corresponding configuration is used. If no match with a regular expression is found then the configuration of the prefix location remembered earlier is used. C blocks can be nested, with some exceptions mentioned below. For case-insensitive operating systems such as Mac OS X and Cygwin, matching with prefix strings ignores a case (0.7.7). However, comparison is limited to one-byte locales. Regular expressions can contain captures (0.7.40) that can later be used in other directives. If the longest matching prefix location has the “C<^~>” modifier then regular expressions are not checked. Also, using the “C<=>” modifier it is possible to define an exact match of URI and location. If an exact match is found, the search terminates. For example, if a “C>” request happens frequently, defining “C>” will speed up the processing of these requests, as search terminates right after the first comparison. Such a location cannot obviously contain nested locations. B In versions from 0.7.1 to 0.8.41, if a request matched the prefix location without the “C<=>” and “C<^~>” modifiers, the search also terminated and regular expressions were not checked. Let’s illustrate the above by an example: location = / { [ configuration A ] } location / { [ configuration B ] } location /documents/ { [ configuration C ] } location ^~ /images/ { [ configuration D ] } location ~* \.(gif|jpg|jpeg)$ { [ configuration E ] } The “C>” request will match configuration A, the “Cindex.html>” request will match configuration B, the “CdocumentsEdocument.html>” request will match configuration C, the “CimagesE1.gif>” request will match configuration D, and the “CdocumentsE1.jpg>” request will match configuration E. The “C<@>” prefix defines a named location. Such a location is not used for a regular request processing, but instead used for request redirection. They cannot be nested, and cannot contain nested locations. If a location is defined by a prefix string that ends with the slash character, and requests are processed by one of L, L, L, L, or L, then the special processing is performed. In response to a request with URI equal to this string, but without the trailing slash, a permanent redirect with the code 301 will be returned to the requested URI with the slash appended. If this is not desired, an exact match of the URI and location could be defined like this: location /user/ { proxy_pass http://user.example.com; } location = /user { proxy_pass http://login.example.com; } =head2 log_not_found B log_not_found I E C> B I B I B I B I Enables or disables logging of errors about not found files into L. =head2 log_subrequest B log_subrequest I E C> B I B I B I B I Enables or disables logging of subrequests into L. =head2 max_ranges B max_ranges I>> B I B I B I This directive appeared in version 1.1.2. Limits the maximum allowed number of ranges in byte-range requests. Requests that exceed the limit are processed as if there were no byte ranges specified. By default, the number of ranges is not limited. The zero value disables the byte-range support completely. =head2 merge_slashes B merge_slashes I E C> B I B I B I Enables or disables compression of two or more adjacent slashes in a URI into a single slash. Note that compression is essential for the correct matching of prefix string and regular expression locations. Without it, the “CEscriptsEone.php>” request would not match location /scripts/ { ... } and might be processed as a static file. So it gets converted to “CscriptsEone.php>”. Turning the compression C can become necessary if a URI contains base64-encoded names, since base64 uses the “C>” character internally. However, for security considerations, it is better to avoid turning the compression off. If the directive is specified on the L level, its value is only used if a server is a default one. The value specified also applies to all virtual servers listening on the same address and port. =head2 msie_padding B msie_padding I E C> B I B I B I B I Enables or disables adding comments to responses for MSIE clients with status greater than 400 to increase the response size to 512 bytes. =head2 msie_refresh B msie_refresh I E C> B I B I B I B I Enables or disables issuing refreshes instead of redirects for MSIE clients. =head2 open_file_cache B open_file_cache I> B open_file_cache I< C=I> [C=I>]> B I B I B I B I Configures a cache that can store: =over =item * open file descriptors, their sizes and modification times; =item * information on existence of directories; =item * file lookup errors, such as “file not found”, “no read permission”, and so on. B Caching of errors should be enabled separately by the L directive. =back The directive has the following parameters: =over =item C sets the maximum number of elements in the cache; on cache overflow the least recently used (LRU) elements are removed; =item C defines a time after which an element is removed from the cache if it has not been accessed during this time; by default, it is 60 seconds; =item C disables the cache. =back Example: open_file_cache max=1000 inactive=20s; open_file_cache_valid 30s; open_file_cache_min_uses 2; open_file_cache_errors on; =head2 open_file_cache_errors B open_file_cache_errors I E C> B I B I B I B I Enables or disables caching of file lookup errors by L. =head2 open_file_cache_min_uses B open_file_cache_min_uses I>> B I<1> B I B I B I Sets the minimum I> of file accesses during the period configured by the C parameter of the L directive, required for a file descriptor to remain open in the cache. =head2 open_file_cache_valid B open_file_cache_valid I>> B I<60s> B I B I B I Sets a time after which L elements should be validated. =head2 output_buffers B output_buffers I> I>> B I<2 32k> B I B I B I Sets the I> and I> of the buffers used for reading a response from a disk. B Prior to version 1.9.5, the default value was 1 32k. =head2 port_in_redirect B port_in_redirect I E C> B I B I B I B I Enables or disables specifying the port in redirects issued by nginx. The use of the primary server name in redirects is controlled by the L directive. =head2 postpone_output B postpone_output I>> B I<1460> B I B I B I If possible, the transmission of client data will be postponed until nginx has at least I> bytes of data to send. The zero value disables postponing data transmission. =head2 read_ahead B read_ahead I>> B I<0> B I B I B I Sets the amount of pre-reading for the kernel when working with file. On Linux, the C system call is used, and so the I> parameter is ignored. On FreeBSD, the C I>C<)> system call, supported since FreeBSDE9.0-CURRENT, is used. FreeBSDE7 has to be L. =head2 recursive_error_pages B recursive_error_pages I E C> B I B I B I B I Enables or disables doing several redirects using the L directive. The number of such redirects is limited. =head2 request_pool_size B request_pool_size I>> B I<4k> B I B I Allows accurate tuning of per-request memory allocations. This directive has minimal impact on performance and should not generally be used. =head2 reset_timedout_connection B reset_timedout_connection I E C> B I B I B I B I Enables or disables resetting timed out connections. The reset is performed as follows. Before closing a socket, the C option is set on it with a timeout value of 0. When the socket is closed, TCP RST is sent to the client, and all memory occupied by this socket is released. This helps avoid keeping an already closed socket with filled buffers in a FIN_WAIT1 state for a long time. It should be noted that timed out keep-alive connections are closed normally. =head2 resolver B resolver I< I> ... [C=I>] [C=CEC]> B I B I B I Configures name servers used to resolve names of upstream servers into addresses, for example: resolver 127.0.0.1 [::1]:5353; An address can be specified as a domain name or IP address, and an optional port (1.3.1, 1.2.2). If port is not specified, the port 53 is used. Name servers are queried in a round-robin fashion. B Before version 1.1.7, only a single name server could be configured. Specifying name servers using IPv6 addresses is supported starting from versions 1.3.1 and 1.2.2. By default, nginx will look up both IPv4 and IPv6 addresses while resolving. If looking up of IPv6 addresses is not desired, the C parameter can be specified. B Resolving of names into IPv6 addresses is supported starting from version 1.5.8. By default, nginx caches answers using the TTL value of a response. An optional C parameter allows overriding it: resolver 127.0.0.1 [::1]:5353 valid=30s; B Before version 1.1.9, tuning of caching time was not possible, and nginx always cached answers for the duration of 5 minutes. =head2 resolver_timeout B resolver_timeout I>> B I<30s> B I B I B I Sets a timeout for name resolution, for example: resolver_timeout 5s; =head2 root B root I>> B I B I B I B I B I Sets the root directory for requests. For example, with the following configuration location /i/ { root /data/w3; } The FdataEw3EiEtop.gif> file will be sent in response to the “CiEtop.gif>” request. The I> value can contain variables, except C<$document_root> and C<$realpath_root>. A path to the file is constructed by merely adding a URI to the value of the C directive. If a URI has to be modified, the L directive should be used. =head2 satisfy B satisfy I E C> B I B I B I B I Allows access if all (C) or at least one (C) of the L, L, L, or L modules allow access. Example: location / { satisfy any; allow 192.168.1.0/32; deny all; auth_basic "closed site"; auth_basic_user_file conf/htpasswd; } =head2 send_lowat B send_lowat I>> B I<0> B I B I B I If the directive is set to a non-zero value, nginx will try to minimize the number of send operations on client sockets by using either C flag of the L method or the C socket option. In both cases the specified I> is used. This directive is ignored on Linux, Solaris, and Windows. =head2 send_timeout B send_timeout I>> B I<60s> B I B I B I Sets a timeout for transmitting a response to the client. The timeout is set only between two successive write operations, not for the transmission of the whole response. If the client does not receive anything within this time, the connection is closed. =head2 sendfile B sendfile I E C> B I B I B I B I B I Enables or disables the use of C. Starting from nginxE0.8.12 and FreeBSDE5.2.1, L can be used to pre-load data for C: location /video/ { sendfile on; tcp_nopush on; aio on; } In this configuration, C is called with the C flag which causes it not to block on disk IEO, but, instead, report back that the data are not in memory. nginx then initiates an asynchronous data load by reading one byte. On the first read, the FreeBSD kernel loads the first 128K bytes of a file into memory, although next reads will only load data in 16K chunks. This can be changed using the L directive. B Before version 1.7.11, pre-loading could be enabled with C. =head2 sendfile_max_chunk B sendfile_max_chunk I>> B I<0> B I B I B I When set to a non-zero value, limits the amount of data that can be transferred in a single C call. Without the limit, one fast connection may seize the worker process entirely. =head2 server server { B<...> } B I Sets configuration for a virtual server. There is no clear separation between IP-based (based on the IP address) and name-based (based on the C request header field) virtual servers. Instead, the L directives describe all addresses and ports that should accept connections for the server, and the L directive lists all server names. Example configurations are provided in the “L” document. =head2 server_name B server_name I> ...> B I<""> B I Sets names of a virtual server, for example: server { server_name example.com www.example.com; } The first name becomes the primary server name. Server names can include an asterisk (“C<*>”) replacing the first or last part of a name: server { server_name example.com *.example.com www.example.*; } Such names are called wildcard names. The first two of the names mentioned above can be combined in one: server { server_name .example.com; } It is also possible to use regular expressions in server names, preceding the name with a tilde (“C<~>”): server { server_name www.example.com ~^www\d+\.example\.com$; } Regular expressions can contain captures (0.7.40) that can later be used in other directives: server { server_name ~^(www\.)?(.+)$; location / { root /sites/$2; } } server { server_name _; location / { root /sites/default; } } Named captures in regular expressions create variables (0.8.25) that can later be used in other directives: server { server_name ~^(www\.)?(?.+)$; location / { root /sites/$domain; } } server { server_name _; location / { root /sites/default; } } If the directive’s parameter is set to “C<$hostname>” (0.9.4), the machine’s hostname is inserted. It is also possible to specify an empty server name (0.7.11): server { server_name www.example.com ""; } It allows this server to process requests without the C header field — instead of the default server — for the given address:port pair. This is the default setting. B Before 0.8.48, the machine’s hostname was used by default. During searching for a virtual server by name, if the name matches more than one of the specified variants, (e.g. both a wildcard name and regular expression match), the first matching variant will be chosen, in the following order of priority: =over =item 1. the exact name =item 2. the longest wildcard name starting with an asterisk, e.g. “C<*.example.com>” =item 3. the longest wildcard name ending with an asterisk, e.g. “C” =item 4. the first matching regular expression (in order of appearance in the configuration file) =back Detailed description of server names is provided in a separate L document. =head2 server_name_in_redirect B server_name_in_redirect I E C> B I B I B I B I Enables or disables the use of the primary server name, specified by the L directive, in redirects issued by nginx. When the use of the primary server name is disabled, the name from the C request header field is used. If this field is not present, the IP address of the server is used. The use of a port in redirects is controlled by the L directive. =head2 server_names_hash_bucket_size B server_names_hash_bucket_size I>> B I<32E64E128> B I Sets the bucket size for the server names hash tables. The default value depends on the size of the processor’s cache line. The details of setting up hash tables are provided in a separate L. =head2 server_names_hash_max_size B server_names_hash_max_size I>> B I<512> B I Sets the maximum I> of the server names hash tables. The details of setting up hash tables are provided in a separate L. =head2 server_tokens B server_tokens I< C E C E I>> B I B I B I B I Enables or disables emitting nginx version in error messages and in the C response header field. Additionally, as part of our commercial subscription, starting from version 1.9.13 the signature in error messages and the C response header field value can be set explicitly using the I> with variables. An empty string disables the emission of the C field. =head2 tcp_nodelay B tcp_nodelay I E C> B I B I B I B I Enables or disables the use of the C option. The option is enabled only when a connection is transitioned into the keep-alive state. =head2 tcp_nopush B tcp_nopush I E C> B I B I B I B I Enables or disables the use of the C socket option on FreeBSD or the C socket option on Linux. The options are enabled only when L is used. Enabling the option allows =over =item * sending the response header and the beginning of a file in one packet, on Linux and FreeBSDE4.*; =item * sending a file in full packets. =back =head2 try_files B try_files I> ... I>> B try_files I> ... =I>> B I B I Checks the existence of files in the specified order and uses the first found file for request processing; the processing is performed in the current context. The path to a file is constructed from the I> parameter according to the L and L directives. It is possible to check directory’s existence by specifying a slash at the end of a name, e.g. “C<$uriE>”. If none of the files were found, an internal redirect to the I> specified in the last parameter is made. For example: location /images/ { try_files $uri /images/default.gif; } location = /images/default.gif { expires 30s; } The last parameter can also point to a named location, as shown in examples below. Starting from version 0.7.51, the last parameter can also be a I>: location / { try_files $uri $uri/index.html $uri.html =404; } Example in proxying Mongrel: location / { try_files /system/maintenance.html $uri $uri/index.html $uri.html @mongrel; } location @mongrel { proxy_pass http://mongrel; } Example for DrupalEFastCGI: location / { try_files $uri $uri/ @drupal; } location ~ \.php$ { try_files $uri @drupal; fastcgi_pass ...; fastcgi_param SCRIPT_FILENAME /path/to$fastcgi_script_name; fastcgi_param SCRIPT_NAME $fastcgi_script_name; fastcgi_param QUERY_STRING $args; ... other fastcgi_param's } location @drupal { fastcgi_pass ...; fastcgi_param SCRIPT_FILENAME /path/to/index.php; fastcgi_param SCRIPT_NAME /index.php; fastcgi_param QUERY_STRING q=$uri&$args; ... other fastcgi_param's } In the following example, location / { try_files $uri $uri/ @drupal; } the C directive is equivalent to location / { error_page 404 = @drupal; log_not_found off; } And here, location ~ \.php$ { try_files $uri @drupal; fastcgi_pass ...; fastcgi_param SCRIPT_FILENAME /path/to$fastcgi_script_name; ... } C checks the existence of the PHP file before passing the request to the FastCGI server. Example for Wordpress and Joomla: location / { try_files $uri $uri/ @wordpress; } location ~ \.php$ { try_files $uri @wordpress; fastcgi_pass ...; fastcgi_param SCRIPT_FILENAME /path/to$fastcgi_script_name; ... other fastcgi_param's } location @wordpress { fastcgi_pass ...; fastcgi_param SCRIPT_FILENAME /path/to/index.php; ... other fastcgi_param's } =head2 types types { B<...> } B I< textEhtml html; imageEgif gif; imageEjpeg jpg; > B I B I B I Maps file name extensions to MIME types of responses. Extensions are case-insensitive. Several extensions can be mapped to one type, for example: types { application/octet-stream bin exe dll; application/octet-stream deb; application/octet-stream dmg; } A sufficiently full mapping table is distributed with nginx in the Fmime.types> file. To make a particular location emit the “Coctet-stream>” MIME type for all requests, the following configuration can be used: location /download/ { types { } default_type application/octet-stream; } =head2 types_hash_bucket_size B types_hash_bucket_size I>> B I<64> B I B I B I Sets the bucket size for the types hash tables. The details of setting up hash tables are provided in a separate L. B Prior to version 1.5.13, the default value depended on the size of the processor’s cache line. =head2 types_hash_max_size B types_hash_max_size I>> B I<1024> B I B I B I Sets the maximum I> of the types hash tables. The details of setting up hash tables are provided in a separate L. =head2 underscores_in_headers B underscores_in_headers I E C> B I B I B I Enables or disables the use of underscores in client request header fields. When the use of underscores is disabled, request header fields whose names contain underscores are marked as invalid and become subject to the L directive. If the directive is specified on the L level, its value is only used if a server is a default one. The value specified also applies to all virtual servers listening on the same address and port. =head2 variables_hash_bucket_size B variables_hash_bucket_size I>> B I<64> B I Sets the bucket size for the variables hash table. The details of setting up hash tables are provided in a separate L. =head2 variables_hash_max_size B variables_hash_max_size I>> B I<1024> B I Sets the maximum I> of the variables hash table. The details of setting up hash tables are provided in a separate L. B Prior to version 1.5.13, the default value was 512. =head1 Embedded Variables The C module supports embedded variables with names matching the Apache Server variables. First of all, these are variables representing client request header fields, such as C<$http_user_agent>, C<$http_cookie>, and so on. Also there are other variables: =over =item C<$arg_>I> argument I> in the request line =item C<$args> arguments in the request line =item C<$binary_remote_addr> client address in a binary form, value’s length is always 4 bytes for IPv4 addresses or 16 bytes for IPv6 addresses =item C<$body_bytes_sent> number of bytes sent to a client, not counting the response header; this variable is compatible with the “C<%B>” parameter of the C Apache module =item C<$bytes_sent> number of bytes sent to a client (1.3.8, 1.2.5) =item C<$connection> connection serial number (1.3.8, 1.2.5) =item C<$connection_requests> current number of requests made through a connection (1.3.8, 1.2.5) =item C<$content_length> C request header field =item C<$content_type> C request header field =item C<$cookie_>I> the I> cookie =item C<$document_root> L or L directive’s value for the current request =item C<$document_uri> same as C<$uri> =item C<$host> in this order of precedence: host name from the request line, or host name from the C request header field, or the server name matching a request =item C<$hostname> host name =item C<$http_>I> arbitrary request header field; the last part of a variable name is the field name converted to lower case with dashes replaced by underscores =item C<$https> “C” if connection operates in SSL mode, or an empty string otherwise =item C<$is_args> “C” if a request line has arguments, or an empty string otherwise =item C<$limit_rate> setting this variable enables response rate limiting; see L =item C<$msec> current time in seconds with the milliseconds resolution (1.3.9, 1.2.6) =item C<$nginx_version> nginx version =item C<$pid> PID of the worker process =item C<$pipe> “C

” if request was pipelined, “C<.>” otherwise (1.3.12, 1.2.7) =item C<$proxy_protocol_addr> client address from the PROXY protocol header, or an empty string otherwise (1.5.12) The PROXY protocol must be previously enabled by setting the C parameter in the L directive. =item C<$proxy_protocol_port> client port from the PROXY protocol header, or an empty string otherwise (1.11.0) The PROXY protocol must be previously enabled by setting the C parameter in the L directive. =item C<$query_string> same as C<$args> =item C<$realpath_root> an absolute pathname corresponding to the L or L directive’s value for the current request, with all symbolic links resolved to real paths =item C<$remote_addr> client address =item C<$remote_port> client port =item C<$remote_user> user name supplied with the Basic authentication =item C<$request> full original request line =item C<$request_body> request body The variable’s value is made available in locations processed by the L, L, L, and L directives when the request body was read to a memory buffer. =item C<$request_body_file> name of a temporary file with the request body At the end of processing, the file needs to be removed. To always write the request body to a file, L needs to be enabled. When the name of a temporary file is passed in a proxied request or in a request to a FastCGIEuwsgiESCGI server, passing the request body should be disabled by the L, L, L, or L directives, respectively. =item C<$request_completion> “C” if a request has completed, or an empty string otherwise =item C<$request_filename> file path for the current request, based on the L or L directives, and the request URI =item C<$request_id> unique request identifier generated from 16 random bytes, in hexadecimal (1.11.0) =item C<$request_length> request length (including request line, header, and request body) (1.3.12, 1.2.7) =item C<$request_method> request method, usually “C” or “C” =item C<$request_time> request processing time in seconds with a milliseconds resolution (1.3.9, 1.2.6); time elapsed since the first bytes were read from the client =item C<$request_uri> full original request URI (with arguments) =item C<$scheme> request scheme, “C” or “C” =item C<$sent_http_>I> arbitrary response header field; the last part of a variable name is the field name converted to lower case with dashes replaced by underscores =item C<$server_addr> an address of the server which accepted a request Computing a value of this variable usually requires one system call. To avoid a system call, the L directives must specify addresses and use the C parameter. =item C<$server_name> name of the server which accepted a request =item C<$server_port> port of the server which accepted a request =item C<$server_protocol> request protocol, usually “C1.0>”, “C1.1>”, or “L2.0|ngx_http_v2_module>” =item C<$status> response status (1.3.2, 1.2.2) =item C<$tcpinfo_rtt>, C<$tcpinfo_rttvar>, C<$tcpinfo_snd_cwnd>, C<$tcpinfo_rcv_space> information about the client TCP connection; available on systems that support the C socket option =item C<$time_iso8601> local time in the ISO 8601 standard format (1.3.12, 1.2.7) =item C<$time_local> local time in the Common Log Format (1.3.12, 1.2.7) =item C<$uri> current URI in request, normalized The value of C<$uri> may change during request processing, e.g. when doing internal redirects, or when using index files. =back