Apache traffic server 配置文件records.config的官方文档

records.config¶

The records.config file (by default, located in/usr/local/etc/trafficserver/) is a list of configurable variables used bythe Traffic Server software. Many of the variables in therecords.config file are set automatically when you set configurationoptions in Traffic Line. After you modify therecords.config file,run the command traffic_line -x to apply the changes.When you apply changes to one node in a cluster, Traffic Serverautomatically applies the changes to all other nodes in the cluster.

Format¶

Each variable has the following format:

SCOPE variable_name DATATYPE variable_value

where

SCOPE is related to clustering and is either CONFIG (all members ofthe cluster) or LOCAL (only the local machine)

DATATYPE is one of INT (integer), STRING (string), FLOAT(floating point).:A variable marked as Deprecated is still functional but should be avoidedas it may be removed in a future release without warning.

A variable marked as Reloadable can be updated via the command:

traffic_line -x

INT type configurations are expressed as any normal integer,e.g. 32768. They can also be expressed using more human readable valuesusing standard prefixes, e.g. 32K. The following prefixes are supportedfor all INT type configurations

• K Kilobytes (1024 bytes)
• M Megabytes (1024^2 or 1,048,576 bytes)
• G Gigabytes (1024^3 or 1,073,741,824 bytes)
• T Terabytes (1024^4 or 1,099,511,627,776 bytes)

Note

Traffic Server currently writes back configurations to disk periodically,and when doing so, will not preserve the prefixes.

Examples¶

In the following example, the variable proxy.config.proxy_name isa STRING datatype with the value my_server. This means that thename of the Traffic Server proxy is my_server.

CONFIG proxy.config.proxy_name STRING my_server

If the server name should be that_server the line would be

CONFIG proxy.config.proxy_name STRING that_server

In the following example, the variable proxy.config.arm.enabled isa yes/no flag. A value of 0 (zero) disables the option; a value of1 enables the option.

CONFIG proxy.config.arm.enabled INT 0

In the following example, the variable sets the cluster startup timeoutto 10 seconds.

CONFIG proxy.config.cluster.startup_timeout INT 10

The last examples configures a 64GB RAM cache, using a human readableprefix.

CONFIG proxy.config.cache.ram_cache.size INT 64G

Environment Overrides¶

Every records.config configuration variable can be overriddenby a corresponding environment variable. This can be useful insituations where you need a static records.config but stillwant to tweak one or two settings. The override variable is formedby converting the records.config variable name to uppercase, and replacing any dot separators with an underscore.

Overriding a variable from the environment is permanent and willnot be affected by future configuration changes made inrecords.config or applied with traffic_line.

For example, we could override the proxy.config.product_company variablelike this:

$ PROXY_CONFIG_PRODUCT_COMPANY=example traffic_cop &
$ traffic_line -r proxy.config.product_company

Configuration Variables¶

The following list describes the configuration variables available inthe records.config file.

System Variables¶

proxy.config.product_company ¶

Scope:	CONFIG
Type:	STRING
Default:	Apache Software Foundation

The name of the organization developing Traffic Server.

proxy.config.product_vendor ¶

Scope:	CONFIG
Type:	STRING
Default:	Apache

The name of the vendor providing Traffic Server.

proxy.config.product_name ¶

Scope:	CONFIG
Type:	STRING
Default:	Traffic Server

The name of the product.

proxy.config.proxy_name ¶

Scope:	CONFIG
Type:	STRING
Default:	``build_machine``
Reloadable:	Yes

The name of the Traffic Server node.

proxy.config.bin_path ¶

Scope:	CONFIG
Type:	STRING
Default:	bin

The location of the Traffic Server bin directory.

proxy.config.proxy_binary ¶

Scope:	CONFIG
Type:	STRING
Default:	traffic_server

The name of the executable that runs the traffic_server process.

proxy.config.proxy_binary_opts ¶

Scope:	CONFIG
Type:	STRING
Default:	-M

The command-line options for starting Traffic Server.

proxy.config.manager_binary ¶

Scope:	CONFIG
Type:	STRING
Default:	traffic_manager

The name of the executable that runs the traffic_manager process.

proxy.config.env_prep ¶

Scope:	CONFIG
Type:	STRING
Default:	*NONE*

The script executed before the traffic_manager process spawnsthe traffic_server process.

proxy.config.config_dir ¶

Scope:	CONFIG
Type:	STRING
Default:	etc/trafficserver

The directory that contains Traffic Server configuration files.This is a read-only configuration option that contains theSYSCONFDIR value specified at build time relative to theinstallation prefix. The $TS_ROOT environment variable canbe used alter the installation prefix at run time.

proxy.config.syslog_facility ¶

Scope:	CONFIG
Type:	STRING
Default:	LOG_DAEMON

The facility used to record system log files. Refer to Understanding Traffic Server Log Files.

proxy.config.cop.core_signal ¶

Scope:	CONFIG
Type:	INT
Default:	0

The signal sent to traffic_cop‘s managed processes to stop them.

A value of 0 means no signal will be sent.

proxy.config.cop.linux_min_memfree_kb ¶

Scope:	CONFIG
Type:	INT
Default:	0

The minimum amount of free memory space allowed before Traffic Server stopsthe traffic_server and traffic_manager processes toprevent the system from hanging.

proxy.config.cop.linux_min_swapfree_kb ¶

Scope:	CONFIG
Type:	INT
Default:	0

The minimum amount of free swap space allowed before Traffic Server stopsthe traffic_server and traffic_manager processes toprevent the system from hanging. This configuration variable applies ifswap is enabled in Linux 2.2 only.

proxy.config.cop.init_sleep_time ¶

Scope:	CONFIG
Type:	INT
Default:	0

The minimum amount of addtional duration allowed before Traffic Server detectsthat the traffic_server is not responsive and attempts a restartduring startup. This configuration variable allows Traffic Server a longer inittime to load potentially large configuration files such as remap config. Note thatthis applies only during startup of Traffic Server and does not apply to the runtime heartbeat checking.

proxy.config.output.logfile ¶

Scope:	CONFIG
Type:	STRING
Default:	traffic.out

The name and location of the file that contains warnings, status messages, and error messages produced by the Traffic Serverprocesses. If no path is specified, then Traffic Server creates the file in its logging directory.

proxy.config.snapshot_dir ¶

Scope:	CONFIG
Type:	STRING
Default:	snapshots

The directory in which Traffic Server stores configurationsnapshots on the local system. Unless you specify an absolutepath, this directory is located in the Traffic Server SYSCONFDIRdirectory.

proxy.config.exec_thread.autoconfig ¶

Scope:	CONFIG
Type:	INT
Default:	1

When enabled (the default, 1), Traffic Server scales threads according to the available CPU cores. See the config option below.

proxy.config.exec_thread.autoconfig.scale ¶

Scope:	CONFIG
Type:	FLOAT
Default:	1.5

Factor by which Traffic Server scales the number of threads. The multiplier is usually the number of available CPU cores. By defaultthis is scaling factor is 1.5.

proxy.config.exec_thread.limit ¶

Scope:	CONFIG
Type:	INT
Default:	2

The number of threads Traffic Server will create if proxy.config.exec_thread.autoconfig is set to 0, otherwise this option is ignored.

proxy.config.accept_threads ¶

Scope:	CONFIG
Type:	INT
Default:	1

When enabled (1), runs a separate thread for accept processing. If disabled (0), then only 1 thread can be created.

proxy.config.thread.default.stacksize ¶

Scope:	CONFIG
Type:	INT
Default:	1048576

The new default thread stack size, for all threads. The original default is set at 1 MB.

proxy.config.exec_thread.affinity ¶

Scope:	CONFIG
Type:	INT
Default:	0

Bind threads to specific processing units.

Value	Effect
0	assign threads to machine
1	assign threads to NUMA nodes
2	assign threads to sockets
3	assign threads to cores
4	assign threads to processing units

Note

This option only has an affect when Traffic Server has been compiled with --enable-hwloc.

proxy.config.system.file_max_pct ¶

Scope:	CONFIG
Type:	FLOAT
Default:	0.9

Set the maximum number of file handles for the traffic_server process as a percentage of the the fs.file-max proc value in Linux. The default is 90%.

proxy.config.crash_log_helper ¶

Scope:	CONFIG
Type:	STRING
Default:	traffic_crashlog

This option directs traffic_server to spawn a crashlog helper at startup. The value should be the path to anexecutable program. If the path is not absolute, it is locatedrelative to configured bin directory. Any user-providedprogram specified here must behave in a fashion compatible withtraffic_crashlog. Specifically, it must implementthe traffic_crashlog --wait behavior.

This setting not reloadable because the helper must be spawnedbefore traffic_server drops privilege. If this variableis set to NULL, no helper will be spawned.

proxy.config.restart.active_client_threshold ¶

Scope:	CONFIG
Type:	INT
Default:	0 :reloadable:

This setting specifies the number of active client connectionsfor use by traffic_line --drain.

Network¶

proxy.config.net.connections_throttle ¶

Scope:	CONFIG
Type:	INT
Default:	30000

The total number of client and origin server connections that the servercan handle simultaneously. This is in fact the max number of filedescriptors that the traffic_server process can have open at anygiven time. Roughly 10% of these connections are reserved for origin serverconnections, i.e. from the default, only ~9,000 client connections can behandled. This should be tuned according to your memory size, and expectedwork load.

proxy.config.net.default_inactivity_timeout ¶

Scope:	CONFIG
Type:	INT
Default:	86400
Reloadable:	Yes

The connection inactivity timeout (in seconds) to apply whenTraffic Server detects that no inactivity timeout has been appliedby the HTTP state machine. When this timeout is applied, theproxy.process.net.default_inactivity_timeout_applied metricis incremented.

proxy.config.net.inactivity_check_frequency ¶

Scope:	CONFIG
Type:	INT
Default:	1

How frequent (in seconds) to check for inactive connections. If you dealwith a lot of concurrent connections, increasing this setting can reducepressure on the system.

proxy.local.incoming_ip_to_bind ¶

Scope:	LOCAL
Type:	STRING
Default:	0.0.0.0 [::]

Controls the global default IP addresses to which to bind proxy server ports. The value is a space separated list of IP addresses, one per supported IP address family (currently IPv4 and IPv6).

Unless explicitly specified in proxy.config.http.server_ports the server port will be bound to one of these addresses, selected by IP address family. The built in default is any address. This is used if no address for a family is specified. This setting is useful if most or all server ports should be bound to the same address.

Note

This is ignored for inbound transparent server ports because they must be able to accept connections on arbitrary IP addresses.

Example

Set the global default for IPv4 to 192.168.101.18 and leave the global default for IPv6 as any address.:

LOCAL proxy.local.incoming_ip_to_bind STRING 192.168.101.18

Example

Set the global default for IPv4 to 191.68.101.18 and the global default for IPv6 to fc07:192:168:101::17.:

LOCAL proxy.local.incoming_ip_to_bind STRING 192.168.101.18 [fc07:192:168:101::17]

proxy.local.outgoing_ip_to_bind ¶

Scope:	LOCAL
Type:	STRING
Default:	0.0.0.0 [::]

This controls the global default for the local IP address for outbound connections to origin servers. The value is a list of space separated IP addresses, one per supported IP address family (currently IPv4 and IPv6).

Unless explicitly specified in proxy.config.http.server_ports one of these addresses, selected by IP address family, will be used as the local address for outbound connections. This setting is useful if most or all of the server ports should use the same outbound IP addresses.

Note

This is ignored for outbound transparent ports as the local outbound address will be the same as the client local address.

Example

Set the default local outbound IP address for IPv4 connections to 192.168.101.18.:

LOCAL proxy.local.outgoing_ip_to_bind STRING 192.168.101.18

Example

Set the default local outbound IP address to 192.168.101.17 for IPv4 and fc07:192:168:101::17 for IPv6.:

LOCAL proxy.local.outgoing_ip_to_bind STRING 192.168.101.17 [fc07:192:168:101::17]

Cluster¶

proxy.local.cluster.type ¶

Scope:	LOCAL
Type:	INT
Default:	3

Sets the clustering mode:

Value	Effect
1	full-clustering mode
2	management-only mode
3	no clustering

proxy.config.cluster.ethernet_interface ¶

Scope:	CONFIG
Type:	INT
Default:	eth0

The network interface to be used for cluster communication. This has to beidentical on all members of a clsuter. ToDo: Is that reasonable ?? Shouldthis be local”

proxy.config.cluster.rsport ¶

Scope:	CONFIG
Type:	INT
Default:	8088

The reliable service port. The reliable service port is used to send configuration information between the nodes in a cluster. All nodesin a cluster must use the same reliable service port.

proxy.config.cluster.threads ¶

Scope:	CONFIG
Type:	INT
Default:	1

The number of threads for cluster communication. On heavy cluster, the number should be adjusted. It is recommend that take the threadCPU usage as a reference when adjusting.

proxy.config.clustger.ethernet_interface ¶

Scope:	CONFIG
Type:	STRING
Default:	*NONE*

Set the interface to use for cluster communications.

proxy.config.http.cache.cluster_cache_local ¶

Scope:	CONFIG
Type:	INT
Default:	0

This turns on the local caching of objects in cluster mode. The point ofthis is to allow for popular or hot content to be cached on all nodesin a cluster. Be aware that the primary way to configure this behavior isvia the cache.config configuration file usingaction=cluster-cache-local directives.

This particular records.config configuration can be controlled pertransaction or per remap rule. As such, it augments thecache.config directives, since you can turn on the local cachingfeature without complex regular expression matching.

This implies that turning this on in your global records.config isalmost never what you want; instead, you want to use this either viae.g. conf_remap.so overrides for a certain remap rule, or through acustom plugin using the appropriate APIs.

Local Manager¶

proxy.config.lm.sem_id ¶

Scope:	CONFIG
Type:	INT
Default:	11452

The semaphore ID for the local manager.

proxy.config.admin.autoconf_port ¶

Scope:	CONFIG
Type:	INT
Default:	8083

The autoconfiguration port.

proxy.config.admin.number_config_bak ¶

Scope:	CONFIG
Type:	INT
Default:	3

The maximum number of copies of rolled configuration files to keep.

proxy.config.admin.user_id ¶

Scope:	CONFIG
Type:	STRING
Default:	nobody

Option used to specify who to run the traffic_server process as; also used to specify ownership of config and log files.

The nonprivileged user account designated to Traffic Server.

As of version 2.1.1 if the user_id is prefixed with pound character (#) the remaining of the string is considered to bea numeric user identifier. If the value is set to #-1 TrafficServer will not change the user during startup.

Setting user_id to root or #0 is now forbidden toincrease security. Trying to do so, will cause thetraffic_server fatal failure. However there are two ways tobypass that restriction

• Specify -DBIG_SECURITY_HOLE in CXXFLAGS during compilation.
• Set the user_id=#-1 and start trafficserver as root.

proxy.config.admin.api.restricted ¶

Scope:	CONFIG
Type:	INT
Default:	1

This setting specifies whether the management API should be restrictedto root processes. If this is set to 0, then on platforms thatsupport passing process credentials, non-root processes will beallowed to make read-only management API calls. Any management APIcalls that modify server state (eg. setting a configuration variable)will still be restricted to root processes.

This setting is not reloadable, since it is must be applied whenprogram:traffic_manager initializes.

Note

In Traffic Server 6.0, the default value ofproxy.config.admin.api.restricted will be changed to 0.

Process Manager¶

proxy.config.process_manager.mgmt_port ¶

Scope:	CONFIG
Type:	INT
Default:	8084

The port used for internal communication between the traffic_manager and traffic_server processes.

Alarm Configuration¶

proxy.config.alarm_email ¶

Scope:	CONFIG
Type:	STRING
Default:	*NONE*
Reloadable:	Yes

The address to which the alarm script should send email.

proxy.config.alarm.bin ¶

Scope:	CONFIG
Type:	STRING
Default:	example_alarm_bin.sh
Reloadable:	Yes

Name of the script file that can execute certain actions whenan alarm is signaled. The script is invoked with up to 4 arguments:

• the alarm message
• the value of proxy.config.product_name
• the value of proxy.config.admin.user_id
• the value of proxy.config.alarm_email

proxy.config.alarm.abs_path ¶

Scope:	CONFIG
Type:	STRING
Default:	NULL
Reloadable:	Yes

The absolute path to the directory containing the alarm script.If this is not set, the script will be located relative toproxy.config.bin_path.

proxy.config.alarm.script_runtime ¶

Scope:	CONFIG
Type:	INT
Default:	5
Reloadable:	Yes

The number of seconds that Traffic Server allows the alarm scriptto run before aborting it.

HTTP Engine¶

proxy.config.http.server_ports ¶

Scope:	CONFIG
Type:	STRING
Default:	8080

Ports used for proxying HTTP traffic.

This is a list, separated by space or comma, of port descriptors. Each descriptor is a sequence of keywords and values separated by colons. Not all keywords have values, those that do are specifically noted. Keywords with values can have an optional ‘=’ character separating the keyword and value. The case of keywords is ignored. The order of keywords is irrelevant but unspecified results may occur if incompatible options are used (noted below). Options without values are idempotent. Options with values use the last (right most) value specified, except for ip-out as detailed later.

Quick reference chart.

Name	Note	Definition
number	Required	The local port.
blind		Blind (CONNECT) port.
compress	N/I	Compressed. Not implemented.
ipv4	Default	Bind to IPv4 address family.
ipv6		Bind to IPv6 address family.
ip-in	Value	Local inbound IP address.
ip-out	Value	Local outbound IP address.
ip-resolve	Value	IP address resolution style.
proto	Value	List of supported session protocols.
ssl		SSL terminated.
tr-full		Fully transparent (inbound and outbound)
tr-in		Inbound transparent.
tr-out		Outbound transparent.
tr-pass		Pass through enabled.

number

Local IP port to bind. This is the port to which ATS clients will connect.

blind

Accept only the CONNECT method on this port.

Not compatible with: tr-in, ssl.

compress

Compress the connection. Retained only by inertia, should be considered “not implemented”.

ipv4

Use IPv4. This is the default and is included primarily for completeness. This forced if the ip-in option is used with an IPv4 address.

ipv6

Use IPv6. This is forced if the ip-in option is used with an IPv6 address.

ssl

Require SSL termination for inbound connections. SSL must be configured for this option to provide a functional server port.

Not compatible with: blind.

proto

Specify the session level protocols supported. These should beseparated by semi-colons. For TLS proxy ports the default value isall available protocols. For non-TLS proxy ports the default is HTTPonly. SPDY can be enabled on non-TLS proxy ports but that must be done explicitly.

tr-full

Fully transparent. This is a convenience option and is identical to specifying both tr-in and tr-out.

Not compatible with: Any option not compatible with tr-in or tr-out.

tr-in

Inbound transparent. The proxy port will accept connections to any IP address on the port. To have IPv6 inbound transparent you must use this and the ipv6 option. This overrides proxy.local.incoming_ip_to_bind for this port.

Not compatible with: ip-in, blind

tr-out

Outbound transparent. If ATS connects to an origin server for a transaction on this port, it will use the client’s address as its local address. This overrides proxy.local.outgoing_ip_to_bind for this port.

Not compatible with: ip-out, ip-resolve

tr-pass

Transparent pass through. This option is useful only for inbound transparent proxy ports. If the parsing of the expected HTTP header fails, then the transaction is switched to a blind tunnel instead of generating an error response to the client. It effectively enables proxy.config.http.use_client_target_addr for the transaction as there is no other place to obtain the origin server address.

ip-in

Set the local IP address for the port. This is the address to which clients will connect. This forces the IP address family for the port. The ipv4 or ipv6 can be used but it is optional and is an error for it to disagree with the IP address family of this value. An IPv6 address must be enclosed in square brackets. If this option is omitted proxy.local.incoming_ip_to_bind is used.

Not compatible with: tr-in.

ip-out

Set the local IP address for outbound connections. This is the address used by ATS locally when it connects to an origin server for transactions on this port. If this is omitted proxy.local.outgoing_ip_to_bind is used.

This option can used multiple times, once for each IP address family. The address used is selected by the IP address family of the origin server address.

Not compatible with: tr-out.

ip-resolve

Set the host resolution style for transactions on this proxy port.

Not compatible with: tr-out - this option requires a value of client;none which is forced and should not be explicitly specified.

Example

Listen on port 80 on any address for IPv4 and IPv6.:

80 80:ipv6

Example

Listen transparently on any IPv4 address on port 8080, andtransparently on port 8080 on local address fc01:10:10:1::1(which implies ipv6).:

IPv4:tr-FULL:8080 TR-full:IP-in=[fc02:10:10:1::1]:8080

Example

Listen on port 8080 for IPv6, fully transparent. Set up an SSL port on 443. These ports will use the IP address from proxy.local.incoming_ip_to_bind. Listen on IP address 192.168.17.1, port 80, IPv4, and connect to origin servers using the local address 10.10.10.1 for IPv4 and fc01:10:10:1::1 for IPv6.:

8080:ipv6:tr-full 443:ssl ip-in=192.168.17.1:80:ip-out=[fc01:10:10:1::1]:ip-out=10.10.10.1

Example

Listen on port 9090 for TSL enabled SPDY or HTTP connections, accept no other session protocols.:

9090:proto=spdy;http:ssl

proxy.config.http.connect_ports ¶

Scope:	CONFIG
Type:	STRING
Default:	443 563

The range of origin server ports that can be used for tunneling via CONNECT.

Traffic Server allows tunnels only to the specified ports.Supports both wildcards (‘*’) and ranges (“0-1023”).

Note

These are the ports on the origin server, not Traffic Server proxy ports.

proxy.config.http.insert_request_via_str ¶

Scope:	CONFIG
Type:	INT
Default:	1
Reloadable:	Yes

Set how the Via field is handled on a request to the origin server.

Value	Effect
0	Do not modify / set this via header
1	Update the via, with normal verbosity
2	Update the via, with higher verbosity
3	Update the via, with highest verbosity

Note

The Via header string can be decoded with the Via Decoder Ring.

proxy.config.http.insert_response_via_str ¶

Scope:	CONFIG
Type:	INT
Default:	0
Reloadable:	Yes

Set how the Via field is handled on the response to the client.

Value	Effect
0	Do not modify / set this via header
1	Update the via, with normal verbosity
2	Update the via, with higher verbosity
3	Update the via, with highest verbosity

Note

The Via header string can be decoded with the Via Decoder Ring.

proxy.config.http.send_100_continue_response ¶

Scope:	CONFIG
Type:	INT
Default:	0
Reloadable:	Yes

You can specify one of the following:

• 0 ATS buffer the request until the post body has been recieved and then send the request to origin.
• 1 immediately return a 100 Continue from ATS without waiting for the post body

proxy.config.http.response_server_enabled ¶

Scope:	CONFIG
Type:	INT
Default:	1
Reloadable:	Yes

You can specify one of the following:

• 0 no Server: header is added to the response.
• 1 the Server: header is added (see string below).
• 2 the Server: header is added only if the response from origin does not have one already.

proxy.config.http.insert_age_in_response ¶

Scope:	CONFIG
Type:	INT
Default:	1
Reloadable:	Yes

This option specifies whether Traffic Server should insert an Age header in the response. The Age field value is the cache’sestimate of the amount of time since the response was generated or revalidated by the origin server.

• 0 no Age header is added
• 1 the Age header is added

proxy.config.http.response_server_str ¶

Scope:	CONFIG
Type:	STRING
Default:	ATS/
Reloadable:	Yes

The Server: string that ATS will insert in a response header (if requested, see above). Note that the current version number isalways appended to this string.

proxy.config.http.enable_url_expandomatic ¶

Scope:	CONFIG
Type:	INT
Default:	0
Reloadable:	Yes

Enables (1) or disables (0) .com domain expansion. This configures the Traffic Server to resolve unqualified hostnames byprepending with www. and appending with .com before redirecting to the expanded address. For example: if a client makesa request to host, then Traffic Server redirects the request to www.host.com.

proxy.config.http.chunking_enabled ¶

Scope:	CONFIG
Type:	INT
Default:	1
Reloadable:	Yes

Specifies whether Traffic Sever can generate a chunked response:

• 0 Never
• 1 Always
• 2 Generate a chunked response if the server has returned HTTP/1.1 before
• 3 = Generate a chunked response if the client request is HTTP/1.1 and the origin server has returned HTTP/1.1 before

Note

If HTTP/1.1 is used, then Traffic Server can usekeep-alive connections with pipelining to origin servers. IfHTTP/0.9 is used, then Traffic Server does not use keep-aliveconnections to origin servers. If HTTP/1.0 is used, then TrafficServer can use keep-alive connections without pipelining toorigin servers.

proxy.config.http.send_http11_requests ¶

Scope:	CONFIG
Type:	INT
Default:	1
Reloadable:	Yes

Specifies when and how Traffic Sever uses HTTP/1.1 to communicate with the origin server

• 0 Never
• 1 Always
• 2 If the server has returned HTTP/1.1 before
• 3 If the client request is HTTP/1.1 and the server has returned HTTP/1.1 before

Note

If proxy.config.http.use_client_target_addr is set to 1, options 2 and 3 cause the proxy to usethe client HTTP version for upstream requests.

proxy.config.http.share_server_sessions ¶

Scope:	CONFIG
Type:	INT
Default:	2
Deprecated:	Yes

Enables (1) or disables (0) the reuse of server sessions. Thedefault (2) is similar to enabled, except it creates a server sessionpool per network thread. This has the best performance characteristics.Note that setting this parameter to (2) will not work correctly unlessthe dedicated SSL threads are disabled (proxy.config.ssl.number.threadsis set to (-1)).

proxy.config.http.auth_server_session_private ¶

Scope:	CONFIG
Type:	INT
Default:	1

If enabled (1) anytime a request contains a (Authorization), (Proxy-Authorization)or (Www-Authenticate) header the connection will be closed and not reused. This marksthe connection as private. When disabled (0) the connection will be available for reuse.

proxy.config.http.server_session_sharing.match ¶

Scope:	CONFIG
Type:	STRING
Default:	both

Enable and set the ability to re-use server connections across client connections. The valid values are

none

Do not match, do not re-use server sessions.

ip

Re-use server sessions, check only that the IP address and port of the origin server matches.

host

Re-use server sessions, check only that the fully qualified domain name matches.

both

Re-use server sessions, but only if the IP address and fully qualified domain name match.

It is strongly recommended to use either none or both for this value unless you have a specific need to use ipor host. The most common reason is virtual hosts that share an IP address in which case performance can be enhancedif those sessions can be re-used. However, not all web servers support requests for different virtual hosts on thesame connection so use with caution.

proxy.config.http.server_session_sharing.pool ¶

Scope:	CONFIG
Type:	STRING
Default:	thread

Control the scope of server session re-use if it is enabled by proxy.config.http.server_session_sharing.match. The valid values are

global

Re-use sessions from a global pool of all server sessions.

thread

Re-use sessions from a per-thread pool.

proxy.config.http.attach_server_session_to_client ¶

Scope:	CONFIG
Type:	INT
Default:	0

Control the re-use of an server session by a user agent (client) session.

If a user agent performs more than one HTTP transaction on its connection to Traffic Server a server session must beobtained for the second (and subsequent) transaction as for the first. This settings affects how that server sessionis selected.

If this setting is 0 then after the first transaction the server session for that transaction is released to theserver pool (if any). When a server session is needed for subsequent transactions one is selected from the serverpool or created if there is no suitable server session in the pool.

If this setting is not 0 then the current server session for the user agent session is “sticky”. It will bepreferred to any other server session (either from the pool or newly created). The server session will be detachedfrom the user agent session only if it cannot be used for the transaction. This is determined by theproxy.config.http.server_session_sharing.match value. If the server session matches the next transactionaccording to this setting then it will be used, otherwise it will be released to the pool and a different sessionselected or created.

proxy.config.http.record_heartbeat ¶

Scope:	CONFIG
Type:	INT
Default:	0
Reloadable:	Yes

Enables (1) or disables (0) traffic_cop heartbeat logging.

proxy.config.http.use_client_target_addr ¶

Scope:	CONFIG
Type:	INT
Default:	0

For fully transparent ports use the same origin server address as the client.

This option causes Traffic Server to avoid where possible doing DNSlookups in forward transparent proxy mode. The option is onlyeffective if the following three conditions are true -

• Traffic Server is in forward proxy mode.
• The proxy port is inbound transparent.
• The target URL has not been modified by either remapping or a plugin.

If any of these conditions are not true, then normal DNS processingis done for the connection.

There are three valid values.* 0 - Disables the feature.* 1 - Enables the feature with address verification. The Proxy does theregular DNS processing. If the client-specified origin address is not in theset of addresses found by the Proxy, the request continues to the clientspecified address, but the result is not cached.* 2 - Enables the feature with no address verification. No DNS processingis performed. The result is cached (if allowed otherwise). This option isvulnerable to cache poisoning if an incorrect Host header is specified, sothis option should be used with extreme caution. See bug TS-2954 fordetails.

If all of these conditions are met, then the origin server IPaddress is retrieved from the original client connection, ratherthan through HostDB or DNS lookup. In effect, client DNS resolutionis used instead of Traffic Server DNS.

This can be used to be a little more efficient (looking up thetarget once by the client rather than by both the client and TrafficServer) but the primary use is when client DNS resolution can differfrom that of Traffic Server. Two known uses cases are:

1. Embedded IP addresses in a protocol with DNS load sharing. Inthis case, even though Traffic Server and the client both makethe same request to the same DNS resolver chain, they may getdifferent origin server addresses. If the address is embedded inthe protocol then the overall exchange will fail. One currentexample is Microsoft Windows update, which presumably embeds theaddress as a security measure.
2. The client has access to local DNS zone information which is notavailable to Traffic Server. There are corporate nets with localDNS information for internal servers which, by design, is notpropagated outside the core corporate network. Depending anetwork topology it can be the case that Traffic Server canaccess the servers by IP address but cannot resolve suchaddresses by name. In such as case the client supplied targetaddress must be used.

This solution must be considered interim. In the longer term, itshould be possible to arrange for much finer grained control of DNSlookup so that wildcard domain can be set to use Traffic Server orclient resolution. In both known use cases, marking specific domainsas client determined (rather than a single global switch) wouldsuffice. It is possible to do this crudely with this flag byenabling it and then use identity URL mappings to re-disable it forspecific domains.

proxy.config.http.keep_alive_enabled_in ¶

Scope:	CONFIG
Type:	INT
Default:	1

Enables (1) or disables (0) incoming keep-alive connections.

proxy.config.http.keep_alive_enabled_out ¶

Scope:	CONFIG
Type:	INT
Default:	1

Enables ( 1) or disables ( 0) outgoing keep-alive connections.

Note

Enabling keep-alive does not automatically enable purging of keep-aliverequests when nearing the connection limit, that is controlled byproxy.config.http.server_max_connections.

proxy.config.http.keep_alive_post_out ¶

Scope:	CONFIG
Type:	INT
Default:	1

Controls wether new POST requests re-use keep-alive sessions (1) orcreate new connections per request (0).

proxy.config.http.send_408_post_timeout_response ¶

Scope:	CONFIG
Type:	INT
Default:	0

Controls wether POST timeout sends a HTTP status 408 response (1)

proxy.config.http.disallow_post_100_continue ¶

Scope:	CONFIG
Type:	INT
Default:	0

Allows you to return a 405 Method Not Supported with Posts alsocontaining an Expect: 100-continue.

When a Post w/ Expect: 100-continue is blocked the statproxy.process.http.disallowed_post_100_continue will be incremented.

Parent Proxy Configuration¶

proxy.config.http.parent_proxy_routing_enable ¶

Scope:	CONFIG
Type:	INT
Default:	0
Reloadable:	Yes

Enables (1) or disables (0) the parent caching option. Refer to Hierarchical Caching.

proxy.config.http.parent_proxy.retry_time ¶

Scope:	CONFIG
Type:	INT
Default:	300
Reloadable:	Yes

The amount of time allowed between connection retries to a parent cache that is unavailable.

proxy.config.http.parent_proxy.fail_threshold ¶

Scope:	CONFIG
Type:	INT
Default:	10
Reloadable:	Yes

The number of times the connection to the parent cache can fail before Traffic Server considers the parent unavailable.

proxy.config.http.parent_proxy.total_connect_attempts ¶

Scope:	CONFIG
Type:	INT
Default:	4
Reloadable:	Yes

The total number of connection attempts allowed to a parent cache before Traffic Server bypasses the parent or fails the request(depending on the go_direct option in the parent.config file).

proxy.config.http.parent_proxy.per_parent_connect_attempts ¶

Scope:	CONFIG
Type:	INT
Default:	2
Reloadable:	Yes

The total number of connection attempts allowed per parent, if multiple parents are used.

proxy.config.http.parent_proxy.connect_attempts_timeout ¶

Scope:	CONFIG
Type:	INT
Default:	30
Reloadable:	Yes

The timeout value (in seconds) for parent cache connection attempts.

proxy.config.http.forward.proxy_auth_to_parent ¶

Scope:	CONFIG
Type:	INT
Default:	0
Reloadable:	Yes

Configures Traffic Server to send proxy authentication headers on to the parent cache.

proxy.config.http.no_dns_just_forward_to_parent ¶

Scope:	CONFIG
Type:	INT
Default:	0
Reloadable:	Yes

Don’t try to resolve DNS, forward all DNS requests to the parent. This is off (0) by default.

HTTP Connection Timeouts¶

proxy.config.http.keep_alive_no_activity_timeout_in ¶

Scope:	CONFIG
Type:	INT
Default:	115
Reloadable:	Yes

Specifies how long Traffic Server keeps connections to clients open for asubsequent request after a transaction ends. A value of 0 will disablethe no activity timeout.

proxy.config.http.keep_alive_no_activity_timeout_out ¶

Scope:	CONFIG
Type:	INT
Default:	120
Reloadable:	Yes

Specifies how long Traffic Server keeps connections to origin servers openfor a subsequent transfer of data after a transaction ends. A value of0 will disable the no activity timeout.

proxy.config.http.transaction_no_activity_timeout_in ¶

Scope:	CONFIG
Type:	INT
Default:	30
Reloadable:	Yes

Specifies how long Traffic Server keeps connections to clients open if a transaction stalls.

proxy.config.http.transaction_no_activity_timeout_out ¶

Scope:	CONFIG
Type:	INT
Default:	30
Reloadable:	Yes

Specifies how long Traffic Server keeps connections to origin servers open if the transaction stalls.

proxy.config.http.transaction_active_timeout_in ¶

Scope:	CONFIG
Type:	INT
Default:	900
Reloadable:	Yes

The maximum amount of time Traffic Server can remain connected to a client. If the transfer to the client is not complete before thistimeout expires, then Traffic Server closes the connection.

The value of 0 specifies that there is no timeout.

proxy.config.http.transaction_active_timeout_out ¶

Scope:	CONFIG
Type:	INT
Default:	0
Reloadable:	Yes

The maximum amount of time Traffic Server waits for fulfillment of a connection request to an origin server. If Traffic Server does notcomplete the transfer to the origin server before this timeout expires, then Traffic Server terminates the connection request.

The default value of 0 specifies that there is no timeout.

proxy.config.http.accept_no_activity_timeout ¶

Scope:	CONFIG
Type:	INT
Default:	120
Reloadable:	Yes

The timeout interval in seconds before Traffic Server closes a connection that has no activity.

proxy.config.http.background_fill_active_timeout ¶

Scope:	CONFIG
Type:	INT
Default:	0
Reloadable:	Yes

Specifies how long Traffic Server continues a background fill before giving up and dropping the origin server connection.

proxy.config.http.background_fill_completed_threshold ¶

Scope:	CONFIG
Type:	FLOAT
Default:	0.0
Reloadable:	Yes

The proportion of total document size already transferred when a client aborts at which the proxy continues fetching the documentfrom the origin server to get it into the cache (a background fill).

Origin Server Connect Attempts¶

proxy.config.http.connect_attempts_max_retries ¶

Scope:	CONFIG
Type:	INT
Default:	6
Reloadable:	Yes

The maximum number of connection retries Traffic Server can make when the origin server is not responding.Each retry attempt lasts for proxy.config.http.connect_attempts_timeout seconds. Once the maximum number of retries isreached, the origin is marked dead. After this, the setting proxy.config.http.connect_attempts_max_retries_dead_serveris used to limit the number of retry attempts to the known dead origin.

proxy.config.http.connect_attempts_max_retries_dead_server ¶

Scope:	CONFIG
Type:	INT
Default:	3
Reloadable:	Yes

Maximum number of connection retries Traffic Server can make while an origin is marked dead. Typically this value is smaller thanproxy.config.http.connect_attempts_max_retries so an error is returned to the client faster and also to reduce the load on the dead origin.The timeout interval proxy.config.http.connect_attempts_timeout in seconds is used with this setting.

proxy.config.http.server_max_connections ¶

Scope:	CONFIG
Type:	INT
Default:	0
Reloadable:	Yes

Limits the number of socket connections across all origin servers to the value specified. To disable, set to zero (0).

Note

This value is used in determining when and if to prune active origin sessions. Without this value set connectionsto origins can consume all the way up to ts:cv:proxy.config.net.connections_throttle connections, which in turn canstarve incoming requests from available connections.

proxy.config.http.origin_max_connections ¶

Scope:	CONFIG
Type:	INT
Default:	0
Reloadable:	Yes

Limits the number of socket connections per origin server to the value specified. To enable, set to one (1).

proxy.config.http.origin_min_keep_alive_connections ¶

Scope:	CONFIG
Type:	INT
Default:	0
Reloadable:	Yes

As connection to an origin server are opened, keep at least ‘n’ number of connections open to that origin, even ifthe connection isn’t used for a long time period. Useful when the origin supports keep-alive, removing the timeneeded to set up a new connection fromthe next request at the expense of added (inactive) connections. To enable, set to one (1).

proxy.config.http.connect_attempts_rr_retries ¶

Scope:	CONFIG
Type:	INT
Default:	3
Reloadable:	Yes

The maximum number of failed connection attempts allowed before a round-robin entry is marked as ‘down’ if a serverhas round-robin DNS entries.

proxy.config.http.connect_attempts_timeout ¶

Scope:	CONFIG
Type:	INT
Default:	30
Reloadable:	Yes

The timeout value (in seconds) for time to first byte for an origin server connection.

proxy.config.http.post_connect_attempts_timeout ¶

Scope:	CONFIG
Type:	INT
Default:	1800
Reloadable:	Yes

The timeout value (in seconds) for an origin server connection when the client request is a POST or PUTrequest.

proxy.config.http.down_server.cache_time ¶

Scope:	CONFIG
Type:	INT
Default:	300
Reloadable:	Yes

Specifies how long (in seconds) Traffic Server remembers that an origin server was unreachable.

proxy.config.http.down_server.abort_threshold ¶

Scope:	CONFIG
Type:	INT
Default:	10
Reloadable:	Yes

The number of seconds before Traffic Server marks an origin server as unavailable after a client abandons a requestbecause the origin server was too slow in sending the response header.

proxy.config.http.uncacheable_requests_bypass_parent ¶

Scope:	CONFIG
Type:	INT
Default:	1

When enabled (1), Traffic Server bypasses the parent proxy for a request that is not cacheable.

Congestion Control¶

proxy.config.http.congestion_control.enabled ¶

Scope:	CONFIG
Type:	INT
Default:	0

Enables (1) or disables (0) the Congestion Control option, which configures Traffic Server to stop forwardingHTTP requests to origin servers when they become congested. Traffic Server sends the client a message to retry thecongested origin server later. Refer to Using Congestion Control.

proxy.config.http.flow_control.enabled ¶

Scope:	CONFIG
Type:	INT
Default:	0

Transaction buffering / flow control is enabled if this is set to a non-zero value. Otherwise no flow control is done.

proxy.config.http.flow_control.high_water ¶

Scope:	CONFIG
Type:	INT
Default:	0
Metric:	bytes

The high water mark for transaction buffer control. External source I/O is halted when the total buffer space in useby the transaction exceeds this value.

proxy.config.http.flow_control.low_water ¶

Scope:	CONFIG
Type:	INT
Default:	0
Metric:	bytes

The low water mark for transaction buffer control. External source I/O is resumed when the total buffer space in useby the transaction is no more than this value.

Negative Response Caching¶

proxy.config.http.negative_caching_enabled ¶

Scope:	CONFIG
Type:	INT
Default:	0
Reloadable:	Yes

When enabled (1), Traffic Server caches negative responses (such as 404 Not Found) when a requested page doesnot exist. The next time a client requests the same page, Traffic Server serves the negative response directly fromcache. When disabled (0) Traffic Server will only cache the response if the response has Cache-Control headers.

Note

The following negative responses are cached by Traffic Server::

204  No Content
305  Use Proxy
400  Bad Request
403  Forbidden
404  Not Found
405  Method Not Allowed
500  Internal Server Error
501  Not Implemented
502  Bad Gateway
503  Service Unavailable
504  Gateway Timeout

The cache lifetime for objects cached from this setting is controlled viaproxy.config.http.negative_caching_lifetime.

proxy.config.http.negative_caching_lifetime ¶

Scope:	CONFIG
Type:	INT
Default:	1800

How long (in seconds) Traffic Server keeps the negative responses valid in cache. This value only affects negativeresponses that do have explicit Expires: or Cache-Control: lifetimes set by the server.

Proxy User Variables¶

proxy.config.http.anonymize_remove_from ¶

Scope:	CONFIG
Type:	INT
Default:	0
Reloadable:	Yes

When enabled (1), Traffic Server removes the From header to protect the privacy of your users.

proxy.config.http.anonymize_remove_referer ¶

Scope:	CONFIG
Type:	INT
Default:	0
Reloadable:	Yes

When enabled (1), Traffic Server removes the Referrer header to protect the privacy of your site and users.

proxy.config.http.anonymize_remove_user_agent ¶

Scope:	CONFIG
Type:	INT
Default:	0
Reloadable:	Yes

When enabled (1), Traffic Server removes the User-agent header to protect the privacy of your site and users.

proxy.config.http.anonymize_remove_cookie ¶

Scope:	CONFIG
Type:	INT
Default:	0
Reloadable:	Yes

When enabled (1), Traffic Server removes the Cookie header to protect the privacy of your site and users.

proxy.config.http.anonymize_remove_client_ip ¶

Scope:	CONFIG
Type:	INT
Default:	0
Reloadable:	Yes

When enabled (1), Traffic Server removes Client-IP headers for more privacy.

proxy.config.http.anonymize_insert_client_ip ¶

Scope:	CONFIG
Type:	INT
Default:	1
Reloadable:	Yes

When enabled (1), Traffic Server inserts Client-IP headers to retain the client IP address.

proxy.config.http.anonymize_other_header_list ¶

Scope:	CONFIG
Type:	STRING
Default:	NULL
Reloadable:	Yes

Comma separated list of headers Traffic Server should remove from outgoing requests.

proxy.config.http.insert_squid_x_forwarded_for ¶

Scope:	CONFIG
Type:	INT
Default:	1
Reloadable:	Yes

When enabled (1), Traffic Server adds the client IP address to the X-Forwarded-For header.

proxy.config.http.normalize_ae_gzip ¶

Scope:	CONFIG
Type:	INT
Default:	1
Reloadable:	Yes

Enable (1) to normalize all Accept-Encoding: headers to one of the following:

• Accept-Encoding: gzip (if the header has gzip or x-gzip with any q) OR
• blank (for any header that does not include gzip)

This is useful for minimizing cached alternates of documents (e.g. gzip, deflate vs. deflate, gzip). Enabling this option isrecommended if your origin servers use no encodings other than gzip.

Security¶

proxy.config.http.push_method_enabled ¶

Scope:	CONFIG
Type:	INT
Default:	0
Reloadable:	Yes

Enables (1) or disables (0) the HTTP PUSH option, which allows you to deliver content directly to the cache without a userrequest.

Important

If you enable this option, then you must also specifya filtering rule in the ip_allow.config file to allow only certainmachines to push content into the cache.

proxy.config.http.max_post_size ¶

Scope:	CONFIG
Type:	INT
Default:	0
Reloadable:	Yes

This feature is disabled by default with a value of (0), any positivevalue will limit the size of post bodies. If a request is received with apost body larger than this limit the response will be terminated with413 - Request Entity Too Large and logged accordingly.

Cache Control¶

proxy.config.cache.enable_read_while_writer ¶

Scope:	CONFIG
Type:	INT
Default:	1
Reloadable:	Yes

Specifies when to enable the ability to read a cached object while anotherconnection is completing the write to cache for that same object. The goalhere is to avoid multiple origin connections for the same cacheable objectupon a cache miss. The possible values of this config are:

• 0 = never read while writing
• 1 = always read while writing
• 2 = always read while writing, but allow non-cached Range requests through to the origin

The 2 option is useful to avoid delaying requests which can not easilybe satisfied by the partially written response.

Several other configuration values need to be set for this to beusable. See Reducing Origin Server Requests.

proxy.config.cache.force_sector_size ¶

Scope:	CONFIG
Type:	INT
Default:	0
Reloadable:	Yes

Forces the use of a specific hardware sector size (512 - 8192 bytes).

proxy.config.http.cache.http ¶

Scope:	CONFIG
Type:	INT
Default:	1
Reloadable:	Yes

Enables (1) or disables (0) caching of HTTP requests.

proxy.config.http.cache.allow_empty_doc ¶

Scope:	CONFIG
Type:	INT
Default:	1
Reloadable:	Yes

Enables (1) or disables (0) caching objects that have an emptyresponse body. This is particularly useful for caching 301 or 302 responseswith a Location header but no document body. This only works if theorigin response also has a Content-Length header.

proxy.config.http.cache.ignore_client_no_cache ¶

Scope:	CONFIG
Type:	INT
Default:	1
Reloadable:	Yes

When enabled (1), Traffic Server ignores client requests to bypass the cache.

proxy.config.http.cache.ims_on_client_no_cache ¶

Scope:	CONFIG
Type:	INT
Default:	1
Reloadable:	Yes

When enabled (1), Traffic Server issues a conditional request to the origin server if an incoming request has a No-Cache header.

proxy.config.http.cache.ignore_server_no_cache ¶

Scope:	CONFIG
Type:	INT
Default:	0
Reloadable:	Yes

When enabled (1), Traffic Server ignores origin server requests to bypass the cache.

proxy.config.http.cache.cache_responses_to_cookies ¶

Scope:	CONFIG
Type:	INT
Default:	1
Reloadable:	Yes

Specifies how cookies are cached:

• 0 = do not cache any responses to cookies
• 1 = cache for any content-type
• 2 = cache only for image types
• 3 = cache for all but text content-types

proxy.config.http.cache.ignore_authentication ¶

Scope:	CONFIG
Type:	INT
Default:	0

When enabled (1), Traffic Server ignores WWW-Authentication headers in responses WWW-Authentication headers are removed andnot cached.

proxy.config.http.cache.cache_urls_that_look_dynamic ¶

Scope:	CONFIG
Type:	INT
Default:	1
Reloadable:	Yes

Enables (1) or disables (0) caching of URLs that look dynamic, i.e.: URLs that end in ``.asp`` or contain a questionmark (``?``), a semicolon (``;``), or ``cgi``. For a full list, please refer toHttpTransact::url_looks_dynamic

proxy.config.http.cache.enable_default_vary_headers ¶

Scope:	CONFIG
Type:	INT
Default:	0
Reloadable:	Yes

Enables (1) or disables (0) caching of alternate versions of HTTP objects that do not contain the Vary header.

proxy.config.http.cache.when_to_revalidate ¶

Scope:	CONFIG
Type:	INT
Default:	0
Reloadable:	Yes

Specifies when to revalidate content:

• 0 = use cache directives or heuristic (the default value)

• 1 = stale if heuristic

• 2 = always stale (always revalidate)

• 3 = never stale

• 4 = use cache directives or heuristic (0) unless the request

  has an If-Modified-Since header

If the request contains the If-Modified-Since header, thenTraffic Server always revalidates the cached content and uses theclient’s If-Modified-Since header for the proxy request.

proxy.config.http.cache.required_headers ¶

Scope:	CONFIG
Type:	INT
Default:	2
Reloadable:	Yes

The type of headers required in a request for the request to be cacheable.

• 0 = no headers required to make document cacheable
• 1 = either the Last-Modified header, or an explicit lifetime header, Expires or Cache-Control: max-age, is required
• 2 = explicit lifetime is required, Expires or Cache-Control: max-age

proxy.config.http.cache.max_stale_age ¶

Scope:	CONFIG
Type:	INT
Default:	604800
Reloadable:	Yes

The maximum age allowed for a stale response before it cannot be cached.

proxy.config.http.cache.range.lookup ¶

Scope:	CONFIG
Type:	INT
Default:	1

When enabled (1), Traffic Server looks up range requests in the cache.

proxy.config.http.cache.range.write ¶

Scope:	CONFIG
Type:	INT
Default:	0

When enabled (1), Traffic Server will attempt to write (lock) the URLto cache. This is rarely useful (at the moment), since it’ll only be ableto write to cache if the origin has ignored the Range:` header. For a usecase where you know the origin will respond with a full (``200) response,you can turn this on to allow it to be cached.

proxy.config.http.cache.ignore_accept_mismatch ¶

Scope:	CONFIG
Type:	INT
Default:	2
Reloadable:	Yes

When enabled with a value of 1, Traffic Server serves documents from cache with aContent-Type: header even if it does not match the Accept: header of therequest. If set to 2 (default), this logic only happens in the absence of aVary header in the cached response (which is the recommended and safe use).

Note

This option should only be enabled with 1 if you’re havingproblems with caching and you origin server doesn’t set the Varyheader. Alternatively, if the origin is incorrectly settingVary: Accept or doesn’t respond with 406 (Not Acceptable),you can also enable this configuration with a 1.

proxy.config.http.cache.ignore_accept_language_mismatch ¶

Scope:	CONFIG
Type:	INT
Default:	2
Reloadable:	Yes

When enabled with a value of 1, Traffic Server serves documents from cache with aContent-Language: header even if it does not match the Accept-Language:header of the request. If set to 2 (default), this logic only happens in the absence of aVary header in the cached response (which is the recommended and safe use).

Note

This option should only be enabled with 1 if you’re havingproblems with caching and you origin server doesn’t set the Varyheader. Alternatively, if the origin is incorrectly settingVary: Accept-Language or doesn’t respond with 406 (Not Acceptable),you can also enable this configuration with a 1.

proxy.config.http.cache.ignore_accept_encoding_mismatch ¶

Scope:	CONFIG
Type:	INT
Default:	2
Reloadable:	Yes

When enabled with a value of 1, Traffic Server serves documents from cache with aContent-Encoding: header even if it does not match the Accept-Encoding:header of the request. If set to 2 (default), this logic only happens in the absence of aVary header in the cached response (which is the recommended and safe use).

Note

This option should only be enabled with 1 if you’re havingproblems with caching and you origin server doesn’t set the Varyheader. Alternatively, if the origin is incorrectly settingVary: Accept-Encoding or doesn’t respond with 406 (Not Acceptable)you can also enable this configuration with a 1.

proxy.config.http.cache.ignore_accept_charset_mismatch ¶

Scope:	CONFIG
Type:	INT
Default:	2
Reloadable:	Yes

When enabled with a value of 1, Traffic Server serves documents from cache with aContent-Type: header even if it does not match the Accept-Charset: headerof the request. If set to 2 (default), this logic only happens in the absence of aVary header in the cached response (which is the recommended and safe use).

Note

This option should only be enabled with 1 if you’re havingproblems with caching and you origin server doesn’t set the Varyheader. Alternatively, if the origin is incorrectly settingVary: Accept-Charset or doesn’t respond with 406 (Not Acceptable),you can also enable this configuration with a 1.

proxy.config.http.cache.ignore_client_cc_max_age ¶

Scope:	CONFIG
Type:	INT
Default:	1
Reloadable:	Yes

When enabled (1), Traffic Server ignores any Cache-Control:max-age headers from the client. This technically violates the HTTP RFC,but avoids a problem where a client can forcefully invalidate a cached object.

proxy.config.cache.max_doc_size ¶

Scope:	CONFIG
Type:	INT
Default:	0

Specifies the maximum object size that will be cached. 0 is unlimited.

proxy.config.cache.permit.pinning ¶

Scope:	CONFIG
Type:	INT
Default:	1
Reloadable:	Yes

When enabled (1), Traffic Server will keep certain HTTP objects in the cache for a certain time as specified in cache.config.

proxy.config.cache.hit_evacuate_percent ¶

Scope:	CONFIG
Type:	INT
Default:	0

The size of the region (as a percentage of the total content storage in a cache stripe) in front of thewrite cursor that constitutes a recent access hit for evacutating the accessed object.

When an object is accessed it can be marked for evacuation, that is to be copied over the write cursor andthereby preserved from being overwritten. This is done if it is no more than a specific number of bytes in front ofthe write cursor. The number of bytes is a percentage of the total number of bytes of content storage in the cachestripe where the object is stored and that percentage is set by this variable.

By default, the feature is off (set to 0).

proxy.config.cache.hit_evacuate_size_limit ¶

Scope:	CONFIG
Type:	INT
Default:	0
Metric:	bytes

Limit the size of objects that are hit evacuated.

Objects larger than the limit are not hit evacuated. A value of 0 disables the limit.

proxy.config.cache.limits.http.max_alts ¶

Scope:	CONFIG
Type:	INT
Default:	5

The maximum number of alternates that are allowed for any given URL.Disable by setting to 0.

proxy.config.cache.target_fragment_size ¶

Scope:	CONFIG
Type:	INT
Default:	1048576

Sets the target size of a contiguous fragment of a file in the disk cache.When setting this, consider that larger numbers could waste memory on slowconnections, but smaller numbers could increase (waste) seeks.

RAM Cache¶

proxy.config.cache.ram_cache.size ¶

Scope:	CONFIG
Type:	INT
Default:	-1

By default the RAM cache size is automatically determined, based ondisk cache size; approximately 10 MB of RAM cache per GB of disk cache.Alternatively, it can be set to a fixed value such as20GB (21474836480)

proxy.config.cache.ram_cache_cutoff ¶

Scope:	CONFIG
Type:	INT
Default:	4194304

Objects greater than this size will not be kept in the RAM cache.This should be set high enough to keep objects accessed frequentlyin memory in order to improve performance.4MB (4194304)

proxy.config.cache.ram_cache.algorithm ¶

Scope:	CONFIG
Type:	INT
Default:	0

Two distinct RAM caches are supported, the default (0) being the CLFUS(Clocked Least Frequently Used by Size). As an alternative, a simplerLRU (Least Recently Used) cache is also available, by changing thisconfiguration to 1.

proxy.config.cache.ram_cache.use_seen_filter ¶

Scope:	CONFIG
Type:	INT
Default:	0

Enabling this option will filter inserts into the RAM cache to ensure thatthey have been seen at least once. For the LRU, this provides scanresistance. Note that CLFUS already requires that a document have historybefore it is inserted, so for CLFUS, setting this option means that adocument must be seen three times before it is added to the RAM cache.

proxy.config.cache.ram_cache.compress ¶

Scope:	CONFIG
Type:	INT
Default:	0

The CLFUS RAM cache also supports an optional in-memory compression.This is not to be confused with Content-Encoding: gzip compression.The RAM cache compression is intended to try to save space in the RAM,and is not visible to the User-Agent (client).

Possible values are:

• 0 = no compression
• 1 = fastlz (extremely fast, relatively low compression)
• 2 = libz (moderate speed, reasonable compression)
• 3 = liblzma (very slow, high compression)

Note

Compression runs on task threads. To use more cores for RAM cache compression, increase proxy.config.task_threads.

Heuristic Expiration¶

proxy.config.http.cache.heuristic_min_lifetime ¶

Scope:	CONFIG
Type:	INT
Default:	3600
Reloadable:	Yes

The minimum amount of time an HTTP object without an expiration date can remain fresh in the cache before isconsidered to be stale.

proxy.config.http.cache.heuristic_max_lifetime ¶

Scope:	CONFIG
Type:	INT
Default:	86400
Reloadable:	Yes

The maximum amount of time an HTTP object without an expiration date can remain fresh in the cache before isconsidered to be stale.

proxy.config.http.cache.heuristic_lm_factor ¶

Scope:	CONFIG
Type:	FLOAT
Default:	0.10
Reloadable:	Yes

The aging factor for freshness computations. Traffic Server stores an object for this percentage of the time thatelapsed since it last changed.

proxy.config.http.cache.fuzz.time ¶

Scope:	CONFIG
Type:	INT
Default:	240
Reloadable:	Yes

How often Traffic Server checks for an early refresh, during the period before the document stale time. The intervalspecified must be in seconds. See Fuzzy Revalidation

proxy.config.http.cache.fuzz.probability ¶

Scope:	CONFIG
Type:	FLOAT
Default:	0.005
Reloadable:	Yes

The probability that a refresh is made on a document during the specified fuzz time.

proxy.config.http.cache.fuzz.min_time ¶

Scope:	CONFIG
Type:	INT
Default:	0
Reloadable:	Yes

Handles requests with a TTL less than fuzz.time – it allows for different times to evaluate the probability of revalidation for small TTLs and big TTLs. Objects with small TTLs will start “rolling the revalidation dice” near the fuzz.min_time, while objects with large TTLs would start at fuzz.time. A logarithmic like function between determines the revalidation evaluation start time (which will be between fuzz.min_time and fuzz.time). As the object gets closer to expiring, the window start becomes more likely. By default this setting is not enabled, but should be enabled anytime you have objects with small TTLs. The default value is 0.

Dynamic Content & Content Negotiation¶

proxy.config.http.cache.vary_default_text ¶

Scope:	CONFIG
Type:	STRING
Default:	NULL
Reloadable:	Yes

The header on which Traffic Server varies for text documents.

For example: if you specify User-agent, then Traffic Server cachesall the different user-agent versions of documents it encounters.

proxy.config.http.cache.vary_default_images ¶

Scope:	CONFIG
Type:	STRING
Default:	NULL
Reloadable:	Yes

The header on which Traffic Server varies for images.

proxy.config.http.cache.vary_default_other ¶

Scope:	CONFIG
Type:	STRING
Default:	NULL
Reloadable:	Yes

The header on which Traffic Server varies for anything other than text and images.

proxy.config.http.cache.open_read_retry_time ¶

Scope:	CONFIG
Type:	INT
Default:	10
Reloadable:	Yes

The number of milliseconds a cacheable request will wait before requesting the object from cache if an equivalent request is in flight.

proxy.config.http.cache.max_open_read_retries ¶

Scope:	CONFIG
Type:	INT
Default:	-1
Reloadable:	Yes

The number of times to attempt fetching an object from cache if there was an equivalent request in flight.

Customizable User Response Pages¶

proxy.config.body_factory.enable_customizations ¶

Scope:	CONFIG
Type:	INT
Default:	1

Specifies whether customizable response pages are language specificor not:

• 1 = enable customizable user response pages in the default directory only
• 2 = enable language-targeted user response pages

proxy.config.body_factory.enable_logging ¶

Scope:	CONFIG
Type:	INT
Default:	0

Enables (1) or disables (0) logging for customizable response pages. When enabled, Traffic Server records a message inthe error log each time a customized response page is used or modified.

proxy.config.body_factory.template_sets_dir ¶

Scope:	CONFIG
Type:	STRING
Default:	etc/trafficserver/body_factory

The customizable response page default directory. If this is arelative path, Traffic Server resolves it relative to thePREFIX directory.

proxy.config.body_factory.response_suppression_mode ¶

Scope:	CONFIG
Type:	INT
Default:	0

Specifies when Traffic Server suppresses generated response pages:

• 0 = never suppress generated response pages
• 1 = always suppress generated response pages
• 2 = suppress response pages only for intercepted traffic

proxy.config.http_ui_enabled ¶

Scope:	CONFIG
Type:	INT
Default:	0

Specifies which http UI endpoints to allow within remap.config:

• 0 = disable all http UI endpoints
• 1 = enable only cache endpoints
• 2 = enable only stats endpoints
• 3 = enable all http UI endpoints

To enable any enpoint there needs to be an entry in remap.config whichspecifically enables it. Such a line would look like:

map / http://{stat}

The following are the cache endpoints:

• cache = UI to interact with the cache

The following are the stats endpoints:

• cache-internal = statistics about cache evacuation and volumes
• hostdb = lookups against the hostdb
• http = HTTPSM details, this endpoint is also gated by proxy.config.http.enable_http_info
• net = lookup and listing of open connections
• stat = list of all records.config options and metrics
• test = test callback page

proxy.config.http.enable_http_info ¶

Scope:	CONFIG
Type:	INT
Default:	0

Enables (1) or disables (0) access to an endpoint within proxy.config.http_ui_enabledwhich shows details about inflight transactions (HttpSM).

DNS¶

proxy.config.dns.search_default_domains ¶

Scope:	CONFIG
Type:	INT
Default:	0
Reloadable:	Yes

Enables (1) or disables (0) local domain expansion.

Traffic Server can attempt to resolve unqualified hostnames byexpanding to the local domain. For example if a client makes arequest to an unqualified host (host_x) and the Traffic Serverlocal domain is y.com , then Traffic Server will expand thehostname to host_x.y.com.

proxy.config.dns.splitDNS.enabled ¶

Scope:	CONFIG
Type:	INT
Default:	0
Reloadable:	Yes

Enables (1) or disables (0) DNS server selection. When enabled, Traffic Server refers to the splitdns.config file forthe selection specification. Refer to Configuring DNS Server Selection (Split DNS).

proxy.config.dns.url_expansions ¶

Scope:	CONFIG
Type:	STRING
Default:	NULL

Specifies a list of hostname extensions that are automatically added to the hostname after a failed lookup. For example: if you wantTraffic Server to add the hostname extension .org, then specify org as the value for this variable (Traffic Server automaticallyadds the dot (.)).

Note

If the variable proxy.config.http.enable_url_expandomatic is set to 1 (the default value), then you do not have toadd ``www.`` and ``.com`` to this list because Traffic Server automatically tries www. and .com after trying the valuesyou’ve specified.

proxy.config.dns.resolv_conf ¶

Scope:	CONFIG
Type:	STRING
Default:	/etc/resolv.conf

Allows to specify which resolv.conf file to use for finding resolvers. While the format of this file must be the same as thestandard resolv.conf file, this option allows an administrator to manage the set of resolvers in an external configuration file,without affecting how the rest of the operating system uses DNS.

proxy.config.dns.round_robin_nameservers ¶

Scope:	CONFIG
Type:	INT
Default:	1
Reloadable:	Yes

Enables (1) or disables (0) DNS server round-robin.

proxy.config.dns.nameservers ¶

Scope:	CONFIG
Type:	STRING
Default:	NULL
Reloadable:	Yes

The DNS servers.

proxy.config.srv_enabled ¶

Scope:	CONFIG
Type:	INT
Default:	0
Reloadable:	Yes

Indicates whether to use SRV records for orgin server lookup.

proxy.config.dns.dedicated_thread ¶

Scope:	CONFIG
Type:	INT
Default:	0

Create and dedicate a thread entirely for DNS processing. This is probablymost useful on system which do a significant number of DNS lookups,typically forward proxies. But even on other systems, it can avoid somecontention on the first worker thread (which otherwise takes on the burden ofall DNS lookups).

proxy.config.dns.validate_query_name ¶

Scope:	CONFIG
Type:	INT
Default:	0

When enabled (1) provides additional resilience against DNS forgery (for instancein DNS Injection attacks), particularly in forward or transparent proxies, butrequires that the resolver populates the queries section of the response properly.

HostDB¶

proxy.config.hostdb.lookup_timeout ¶

Scope:	CONFIG
Type:	INT
Default:	120
Metric:	seconds
Reloadable:	Yes

Time to wait for a DNS response in seconds.

proxy.config.hostdb.serve_stale_for ¶

Scope:	CONFIG
Type:	INT
Default:	*NONE*
Metric:	seconds
Reloadable:	Yes

The number of seconds for which to use a stale NS record while initiating abackground fetch for the new data.

If not set then stale records are not served.

proxy.config.hostdb.storage_size ¶

Scope:	CONFIG
Type:	INT
Default:	33554432
Metric:	bytes

The amount of space (in bytes) used to store hostdb.The value of this variable must be increased if you increase the size of theproxy.config.hostdb.size variable.

proxy.config.hostdb.size ¶

Scope:	CONFIG
Type:	INT
Default:	120000

The maximum number of entries that can be stored in the database.

Note

For values above 200000, you must increase proxy.config.hostdb.storage_size by at least 44 bytes per entry.

proxy.config.hostdb.ttl_mode ¶

Scope:	CONFIG
Type:	INT
Default:	0
Reloadable:	Yes

A host entry will eventually time out and be discarded. This variable controls how that time is calculated. A DNSrequest will return a TTL value and an internal value can be set with proxy.config.hostdb.timeout. Thisvariable determines which value will be used.

Value	TTL
0	The TTL from the DNS response.
1	The internal timeout value.
2	The smaller of the DNS and internal TTL values. The internal timeout value becomes a maximum TTL.
3	The larger of the DNS and internal TTL values. The internal timeout value become a minimum TTL.

proxy.config.hostdb.timeout ¶

Scope:	CONFIG
Type:	INT
Default:	1440
Metric:	minutes
Reloadable:	Yes

Internal time to live value for host DB entries, in minutes.

See proxy.config.hostdb.ttl_mode for when this value is used.

proxy.config.hostdb.strict_round_robin ¶

Scope:	CONFIG
Type:	INT
Default:	0
Reloadable:	Yes

Set host resolution to use strict round robin.

When this and proxy.config.hostdb.timed_round_robin are both disabled (set to 0), Traffic Server alwaysuses the same origin server for the same client, for as long as the origin server is available. Otherwise if this isset then IP address is rotated on every request. This setting takes precedence overproxy.config.hostdb.timed_round_robin.

proxy.config.hostdb.timed_round_robin ¶

Scope:	CONFIG
Type:	INT
Default:	0
Reloadable:	Yes

Set host resolution to use timed round robin.

When this and proxy.config.hostdb.strict_round_robin are both disabled (set to 0), Traffic Server alwaysuses the same origin server for the same client, for as long as the origin server is available. Otherwise if this isset to N the IP address is rotated if more than N seconds have past since the first time thecurrent address was used.

proxy.config.hostdb.host_file.path ¶

Scope:	CONFIG
Type:	STRING
Default:	/etc/hosts

Set the file path for an external host file.

If this is set (non-empty) then the file is presumed to be a hosts file in the standard host file format. It is read and the entries there added to the HostDB. The file is periodically checked for a more recent modification date in which case it is reloaded. The interval is set by the value proxy.config.hostdb.host_file.interval.

While not technically reloadable, the value is read every time the file is to be checked so that if changed the newvalue will be used on the next check and the file will be treated as modified.

proxy.config.hostdb.host_file.interval ¶

Scope:	CONFIG
Type:	INT
Default:	86400
Metric:	seconds
Reloadable:	Yes

Set the file changed check timer for proxy.config.hostdb.host_file.path.

The file is checked every this many seconds to see if it has changed. If so the HostDB is updated with the new values in the file.

proxy.config.hostdb.ip_resolve ¶

Scope:	CONFIG
Type:	STRING
Default:	NULL

Set the host resolution style.

This is an ordered list of keywords separated by semicolons that specify how a host name is to be resolved to an IP address. The keywords are caseinsensitive.

Keyword	Meaning
ipv4	Resolve to an IPv4 address.
ipv6	Resolve to an IPv6 address.
client	Resolve to the same family as the client IP address.
none	Stop resolving.

The order of the keywords is critical. When a host name needs to be resolved it is resolved in same order as thekeywords. If a resolution fails, the next option in the list is tried. The keyword none means to give up resolutionentirely. The keyword list has a maximum length of three keywords, more are never needed. By default there is animplicit ipv4;ipv6 attached to the end of the string unless the keyword none appears.

Example

Use the incoming client family, then try IPv4 and IPv6.

client;ipv4;ipv6

Because of the implicit resolution this can also be expressed as just

client

Example

Resolve only to IPv4.

ipv4;none

Example

Resolve only to the same family as the client (do not permit cross family transactions).

client;none

This value is a global default that can be overridden by proxy.config.http.server_ports.

Note

This style is used as a convenience for the administrator. During a resolution the resolution order will beone family, then possibly the other. This is determined by changing client to ipv4 or ipv6 based on theclient IP address and then removing duplicates.

Important

This option has no effect on outbound transparent connections The local IP address used in the connection to theorigin server is determined by the client, which forces the IP address family of the address used for the originserver. In effect, outbound transparent connections always use a resolution style of “client”.

Logging Configuration¶

proxy.config.log.logging_enabled ¶

Scope:	CONFIG
Type:	INT
Default:	3
Reloadable:	Yes

Enables and disables event logging:

• 0 = logging disabled
• 1 = log errors only
• 2 = log transactions only
• 3 = full logging (errors + transactions)

Refer to Working with Log Files.

proxy.config.log.max_secs_per_buffer ¶

Scope:	CONFIG
Type:	INT
Default:	5
Reloadable:	Yes

The maximum amount of time before data in the buffer is flushed to disk.

proxy.config.log.max_space_mb_for_logs ¶

Scope:	CONFIG
Type:	INT
Default:	25000
Metric:	megabytes
Reloadable:	Yes

The amount of space allocated to the logging directory (in MB).

Note

All files in the logging directory contribute to the space used, even if they are not log files. In collation clientmode, if there is no local disk logging, or proxy.config.log.max_space_mb_for_orphan_logs is set to a highervalue than proxy.config.log.max_space_mb_for_logs, TS will takeproxy.config.log.max_space_mb_for_orphan_logs for maximum allowed log space.

proxy.config.log.max_space_mb_for_orphan_logs ¶

Scope:	CONFIG
Type:	INT
Default:	25
Metric:	megabytes
Reloadable:	Yes

The amount of space allocated to the logging directory (in MB) if this node is acting as a collation client.

Note

When max_space_mb_for_orphan_logs is take as the maximum allowed log space in the logging system, the same rule applyto proxy.config.log.max_space_mb_for_logs also apply to proxy.config.log.max_space_mb_for_orphan_logs, ie: All filesin the logging directory contribute to the space used, even if they are not log files. you may need to consider thiswhen you enable full remote logging, and bump to the same size as proxy.config.log.max_space_mb_for_logs.

proxy.config.log.max_space_mb_headroom ¶

Scope:	CONFIG
Type:	INT
Default:	1000
Metric:	megabytes
Reloadable:	Yes

The tolerance for the log space limit (in megabytes). If the variable proxy.config.log.auto_delete_rolled_files is set to 1(enabled), then autodeletion of log files is triggered when the amount of free space available in the logging directory is less thanthe value specified here.

proxy.config.log.hostname ¶

Scope:	CONFIG
Type:	STRING
Default:	localhost
Reloadable:	Yes

The hostname of the machine running Traffic Server.

proxy.config.log.logfile_dir ¶

Scope:	CONFIG
Type:	STRING
Default:	var/log/trafficserver
Reloadable:	Yes

The path to the logging directory. This can be an absolute pathor a path relative to the PREFIX directory in which TrafficServer is installed.

Note

The directory you specify must already exist.

proxy.config.log.logfile_perm ¶

Scope:	CONFIG
Type:	STRING
Default:	rw-r–r–
Reloadable:	Yes

The log file permissions. The standard UNIX file permissions are used (owner, group, other). Permissible values are:

- no permission r read permission w write permission x execute permission

Permissions are subject to the umask settings for the Traffic Server process. This means that a umask setting of002 will not allowwrite permission for others, even if specified in the configuration file. Permissions for existing log files are not changed when theconfiguration is changed.

proxy.config.log.custom_logs_enabled ¶

Scope:	CONFIG
Type:	INT
Default:	1
Reloadable:	Yes

Enables (1) or disables (0) custom logging.

proxy.config.log.squid_log_enabled ¶

Scope:	CONFIG
Type:	INT
Default:	1
Reloadable:	Yes

Enables (1) or disables (0) the squid log file format.

proxy.config.log.squid_log_is_ascii ¶

Scope:	CONFIG
Type:	INT
Default:	0
Reloadable:	Yes

The squid log file type:

• 1 = ASCII
• 0 = binary

proxy.config.log.squid_log_name ¶

Scope:	CONFIG
Type:	STRING
Default:	squid
Reloadable:	Yes

The squid log filename.

proxy.config.log.squid_log_header ¶

Scope:	CONFIG
Type:	STRING
Default:	NULL

The squid log file header text.

proxy.config.log.common_log_enabled ¶

Scope:	CONFIG
Type:	INT
Default:	0
Reloadable:	Yes

Enables (1) or disables (0) the Netscape common log file format.

proxy.config.log.common_log_is_ascii ¶

Scope:	CONFIG
Type:	INT
Default:	1
Reloadable:	Yes

The Netscape common log file type:

• 1 = ASCII
• 0 = binary

proxy.config.log.common_log_name ¶

Scope:	CONFIG
Type:	STRING
Default:	common
Reloadable:	Yes

The Netscape common log filename.

proxy.config.log.common_log_header ¶

Scope:	CONFIG
Type:	STRING
Default:	NULL
Reloadable:	Yes

The Netscape common log file header text.

proxy.config.log.extended_log_enabled ¶

Scope:	CONFIG
Type:	INT
Default:	0
Reloadable:	Yes

Enables (1) or disables (0) the Netscape extended log file format.

proxy.config.log.extended_log_is_ascii ¶

Scope:	CONFIG
Type:	INT
Default:	0

The Netscape extended log file type:

• 1 = ASCII
• 0 = binary

proxy.config.log.extended_log_name ¶

Scope:	CONFIG
Type:	STRING
Default:	extended

The Netscape extended log filename.

proxy.config.log.extended_log_header ¶

Scope:	CONFIG
Type:	STRING
Default:	NULL
Reloadable:	Yes

The Netscape extended log file header text.

proxy.config.log.extended2_log_enabled ¶

Scope:	CONFIG
Type:	INT
Default:	0
Reloadable:	Yes

Enables (1) or disables (0) the Netscape Extended-2 log fileformat.

proxy.config.log.extended2_log_is_ascii ¶

Scope:	CONFIG
Type:	INT
Default:	1
Reloadable:	Yes

The Netscape Extended-2 log file type:

• 1 = ASCII
• 0 = binary

proxy.config.log.extended2_log_name ¶

Scope:	CONFIG
Type:	STRING
Default:	extended2
Reloadable:	Yes

The Netscape Extended-2 log filename.

proxy.config.log.extended2_log_header ¶

Scope:	CONFIG
Type:	STRING
Default:	NULL
Reloadable:	Yes

The Netscape Extended-2 log file header text.

proxy.config.log.separate_icp_logs ¶

Scope:	CONFIG
Type:	INT
Default:	0
Reloadable:	Yes

When enabled (1), configures Traffic Server to store ICP transactions in a separate log file.

• 0 = separation is disabled, all ICP transactions are recorded in the same file as HTTP transactions
• 1 = all ICP transactions are recorded in a separate log file.
• -1 = filter all ICP transactions from the default log files; ICP transactions are not logged anywhere.

proxy.config.log.separate_host_logs ¶

Scope:	CONFIG
Type:	INT
Default:	0
Reloadable:	Yes

When enabled (1), configures Traffic Server to create a separate log file for HTTP transactions for each origin server listed in thelog_hosts.config file. Refer to HTTP Host Log Splitting.

proxy.local.log.collation_mode ¶

Scope:	LOCAL
Type:	INT
Default:	0
Reloadable:	Yes

Set the log collation mode.

Value	Effect
0	collation is disabled
1	this host is a log collation server
2	this host is a collation client and sends entries using standard formats to the collation server
3	this host is a collation client and sends entries using the traditional custom formats to the collation server
4	this host is a collation client and sends entries that use both the standard and traditional custom formats to the collation server

For information on sending XML-based custom formats to the collationserver, refer to logs_xml.config.

Note

Although Traffic Server supports traditional custom logging, you should use the more versatile XML-based custom formats.

proxy.config.log.collation_host ¶

Scope:	CONFIG
Type:	STRING
Default:	NULL

The hostname of the log collation server.

proxy.config.log.collation_port ¶

Scope:	CONFIG
Type:	INT
Default:	8085
Reloadable:	Yes

The port used for communication between the collation server and client.

proxy.config.log.collation_secret ¶

Scope:	CONFIG
Type:	STRING
Default:	foobar
Reloadable:	Yes

The password used to validate logging data and prevent the exchange of unauthorized information when a collation server is being used.

proxy.config.log.collation_host_tagged ¶

Scope:	CONFIG
Type:	INT
Default:	0
Reloadable:	Yes

When enabled (1), configures Traffic Server to include the hostname of the collation client that generated the log entry in each entry.

proxy.config.log.collation_retry_sec ¶

Scope:	CONFIG
Type:	INT
Default:	5
Reloadable:	Yes

The number of seconds between collation server connection retries.

proxy.config.log.rolling_enabled ¶

Scope:	CONFIG
Type:	INT
Default:	1
Reloadable:	Yes

Specifies how log files are rolled. You can specify the following values:

• 0 = disables log file rolling

• 1 = enables log file rolling at specific intervals during the day (specified with the

  proxy.config.log.rolling_interval_sec and proxy.config.log.rolling_offset_hr variables)

• 2 = enables log file rolling when log files reach a specific size (specified with the proxy.config.log.rolling_size_mb variable)

• 3 = enables log file rolling at specific intervals during the day or when log files reach a specific size (whichever occurs first)

• 4 = enables log file rolling at specific intervals during the day when log files reach a specific size (i.e., at a specified

  time if the file is of the specified size)

proxy.config.log.rolling_interval_sec ¶

Scope:	CONFIG
Type:	INT
Default:	86400
Reloadable:	Yes

The log file rolling interval, in seconds. The minimum value is 60 (1 minute). The maximum, and default, value is 86400 seconds (one day).

Note

If you start Traffic Server within a few minutes of the next rolling time, then rolling might not occur until the next rolling time.

proxy.config.log.rolling_offset_hr ¶

Scope:	CONFIG
Type:	INT
Default:	0
Reloadable:	Yes

The file rolling offset hour. The hour of the day that starts the log rolling period.

proxy.config.log.rolling_size_mb ¶

Scope:	CONFIG
Type:	INT
Default:	10
Reloadable:	Yes

The size that log files must reach before rolling takes place.

proxy.config.log.auto_delete_rolled_files ¶

Scope:	CONFIG
Type:	INT
Default:	1
Reloadable:	Yes

Enables (1) or disables (0) automatic deletion of rolled files.

proxy.config.log.sampling_frequency ¶

Scope:	CONFIG
Type:	INT
Default:	1
Reloadable:	Yes

Configures Traffic Server to log only a sample of transactions rather than every transaction. You can specify the following values:

• 1 = log every transaction
• 2 = log every second transaction
• 3 = log every third transaction and so on...

proxy.config.http.slow.log.threshold ¶

Scope:	CONFIG
Type:	INT
Default:	0
Metric:	milliseconds
Reloadable:	Yes

If set to a non-zero value N then any connection that takes longer than N milliseconds from accept tocompletion will cause its timing stats to be written to the debugging log file. This is identifying data about the transaction and all of the transaction milestones.

Diagnostic Logging Configuration¶

proxy.config.diags.output.diag ¶

Scope:	CONFIG
Type:	STRING
Default:	E

proxy.config.diags.output.debug ¶

Scope:	CONFIG
Type:	STRING
Default:	E

proxy.config.diags.output.status ¶

Scope:	CONFIG
Type:	STRING
Default:	L

proxy.config.diags.output.note ¶

Scope:	CONFIG
Type:	STRING
Default:	L

proxy.config.diags.output.warning ¶

Scope:	CONFIG
Type:	STRING
Default:	L

proxy.config.diags.output.error ¶

Scope:	CONFIG
Type:	STRING
Default:	SL

proxy.config.diags.output.fatal ¶

Scope:	CONFIG
Type:	STRING
Default:	SL

proxy.config.diags.output.alert ¶

Scope:	CONFIG
Type:	STRING
Default:	L

proxy.config.diags.output.emergency ¶

Scope:	CONFIG
Type:	STRING
Default:	SL

The diagnosic output configuration variables control where TrafficServer should log diagnostic output. Messages at each diagnostic levelcan be directed to any combination of diagnostic destinations.Valid diagnostic message destinations are:

• ‘O’ = Log to standard output
• ‘E’ = Log to standard error
• ‘S’ = Log to syslog
• ‘L’ = Log to diags.log

Example

To log debug diagnostics to both syslog and diags.log:

CONFIG proxy.config.diags.output.debug STRING SL

proxy.config.diags.show_location ¶

Scope:	CONFIG
Type:	INT
Default:	1

Annotates diagnostic messages with the source code location.

proxy.config.diags.debug.enabled ¶

Scope:	CONFIG
Type:	INT
Default:	0

Enables logging for diagnostic messages whose log level is diag or debug.

proxy.config.diags.debug.tags ¶

Scope:	CONFIG
Type:	STRING
Default:	http.*|dns.*

Each Traffic Server diag and debug level message is annotatedwith a subsytem tag. This configuration contains a regularexpression that filters the messages based on the tag. Somecommonly used debug tags are:

Tag	Subsytem usage
dns	DNS query resolution
http_hdrs	Logs the headers for HTTP requests and responses
privileges	Privilege elevation
ssl	TLS termination and certificate processing

Traffic Server plugins will typically log debug messages usingthe TSDebug() API, passing the plugin name as the debugtag.

Reverse Proxy¶

proxy.config.reverse_proxy.enabled ¶

Scope:	CONFIG
Type:	INT
Default:	1
Reloadable:	Yes

Enables (1) or disables (0) HTTP reverse proxy.

proxy.config.header.parse.no_host_url_redirect ¶

Scope:	CONFIG
Type:	STRING
Default:	NULL
Reloadable:	Yes

The URL to which to redirect requests with no host headers (reverseproxy).

URL Remap Rules¶

proxy.config.url_remap.filename ¶

Scope:	CONFIG
Type:	STRING
Default:	remap.config

Sets the name of the remap.config file.

proxy.config.url_remap.default_to_server_pac ¶

Scope:	CONFIG
Type:	INT
Default:	0
Reloadable:	Yes

Enables (1) or disables (0) requests for a PAC file on the proxyservice port (8080 by default) to be redirected to the PACport. For this type of redirection to work, the variableproxy.config.reverse_proxy.enabled must be set to 1.

proxy.config.url_remap.default_to_server_pac_port ¶

Scope:	CONFIG
Type:	INT
Default:	-1
Reloadable:	Yes

Sets the PAC port so that PAC requests made to the Traffic Serverproxy service port are redirected this port. -1 is the defaultsetting that sets the PAC port to the autoconfiguration port (thedefault autoconfiguration port is 8083). This variable can be usedtogether with the proxy.config.url_remap.default_to_server_pacvariable to get a PAC file from a different port. You must createand run a process that serves a PAC file on this port. For example:if you create a Perl script that listens on port 9000 and writes aPAC file in response to any request, then you can set this variableto 9000. Browsers that request the PAC file from a proxy serveron port 8080 will get the PAC file served by the Perl script.

proxy.config.url_remap.remap_required ¶

Scope:	CONFIG
Type:	INT
Default:	1
Reloadable:	Yes

Set this variable to 1 if you want Traffic Server to serverequests only from origin servers listed in the mapping rules of theremap.config file. If a request does not match, then the browserwill receive an error.

proxy.config.url_remap.pristine_host_hdr ¶

Scope:	CONFIG
Type:	INT
Default:	0
Reloadable:	Yes

Set this variable to 1 if you want to retain the client hostheader in a request during remapping.

SSL Termination¶

proxy.config.ssl.SSLv2 ¶

Scope:	CONFIG
Type:	INT
Default:	0

Enables (1) or disables (0) SSLv2. Please don’t enable it.

proxy.config.ssl.SSLv3 ¶

Scope:	CONFIG
Type:	INT
Default:	0

Enables (1) or disables (0) SSLv3.

proxy.config.ssl.TLSv1 ¶

Scope:	CONFIG
Type:	INT
Default:	1

Enables (1) or disables (0) TLSv1.

proxy.config.ssl.TLSv1_1 ¶

Scope:	CONFIG
Type:	INT
Default:	1

Enables (1) or disables (0) TLS v1.1. If not specified, enabled by default. [Requires OpenSSL v1.0.1 and higher]

proxy.config.ssl.TLSv1_2 ¶

Scope:	CONFIG
Type:	INT
Default:	1

Enables (1) or disables (0) TLS v1.2. If not specified, DISABLED by default. [Requires OpenSSL v1.0.1 and higher]

proxy.config.ssl.client.certification_level ¶

Scope:	CONFIG
Type:	INT
Default:	0

Sets the client certification level:

• 0 = no client certificates are required. Traffic Server does

  not verify client certificates during the SSL handshake. Accessto Traffic Server depends on Traffic Server configuration options(such as access control lists).

• 1 = client certificates are optional. If a client has a

  certificate, then the certificate is validated. If the clientdoes not have a certificate, then the client is still allowedaccess to Traffic Server unless access is denied through otherTraffic Server configuration options.

• 2 = client certificates are required. The client must be

  authenticated during the SSL handshake. Clients without acertificate are not allowed to access Traffic Server.

proxy.config.ssl.number.threads ¶

Scope:	CONFIG
Type:	INT
Default:	0

Sets the number of SSL threads to use, this defaults to 0 (autoconfigure).

• 0 = autoconfigure, this will allow Traffic Server to determinethe appropriate number of threads
• -1 = disable, this makes ET_NET threads behave like ET_SSL threadsNote: this does not disable SSL, it simply allows another thread poolto assist in SSL tasks without dedicated SSL threads.
• >0 = Use a non-zero number of SSL threads

proxy.config.ssl.server.multicert.filename ¶

Scope:	CONFIG
Type:	STRING
Default:	ssl_multicert.config

The location of the ssl_multicert.config file, relativeto the Traffic Server configuration directory. In the followingexample, if the Traffic Server configuration directory is/etc/trafficserver, the Traffic Server SSL configuration fileand the corresponding certificates are located in/etc/trafficserver/ssl:

CONFIG proxy.config.ssl.server.multicert.filename STRING ssl/ssl_multicert.config
CONFIG proxy.config.ssl.server.cert.path STRING etc/trafficserver/ssl
CONFIG proxy.config.ssl.server.private_key.path STRING etc/trafficserver/ssl

proxy.config.ssl.server.cert.path ¶

Scope:	CONFIG
Type:	STRING
Default:	/config

The location of the SSL certificates and chains used for acceptingand validation new SSL sessions. If this is a relative path,it is appended to the Traffic Server installation PREFIX. Allcertificates and certificate chains listed inssl_multicert.config will be loaded relative to this path.

proxy.config.ssl.server.private_key.path ¶

Scope:	CONFIG
Type:	STRING
Default:	NULL

The location of the SSL certificate private keys. Change thisvariable only if the private key is not located in the SSLcertificate file. All private keys listed inssl_multicert.config will be loaded relative to thispath.

proxy.config.ssl.server.cert_chain.filename ¶

Scope:	CONFIG
Type:	STRING
Default:	NULL

The name of a file containing a global certificate chain thatshould be used with every server certificate. This file is onlyused if there are certificates defined in ssl_multicert.config.Unless this is an absolute path, it is loaded relative to thepath specified by proxy.config.ssl.server.cert.path.

proxy.config.ssl.server.dhparams_file ¶

Scope:	CONFIG
Type:	STRING
Default:	NULL

The name of a file containing a set of Diffie-Hellman key exchangeparameters. If not specified, 2048-bit DH parameters from RFC 5114 areused. These parameters are only used if a DHE (or EDH) cipher suite hasbeen selected.

proxy.config.ssl.CA.cert.path ¶

Scope:	CONFIG
Type:	STRING
Default:	NULL

The location of the certificate authority file that clientcertificates will be verified against.

proxy.config.ssl.CA.cert.filename ¶

Scope:	CONFIG
Type:	STRING
Default:	NULL

The filename of the certificate authority that client certificateswill be verified against.

proxy.config.ssl.server.ticket_key.filename ¶

Scope:	CONFIG
Type:	STRING
Default:	ssl_ticket.key

The location of the ssl_ticket.key file, relative to theproxy.config.ssl.server.cert.path directory.

proxy.config.ssl.max_record_size ¶

Scope:	CONFIG
Type:	INT
Default:	0

This configuration specifies the maximum number of bytes to writeinto a SSL record when replying over a SSL session. In somecircumstances this setting can improve response latency by reducingbuffering at the SSL layer. This setting can have a value between 0and 16383 (max TLS record size).

The default of 0 means to always write all available data intoa single SSL record.

A value of -1 means TLS record size is dynamically determined. Thestrategy employed is to use small TLS records that fit into a singleTCP segment for the first ~1 MB of data, but, increase the record size to16 KB after that to optimize throughput. The record size is reset back toa single segment after ~1 second of inactivity and the record size rampingmechanism is repeated again.

proxy.config.ssl.session_cache ¶

Scope:	CONFIG
Type:	INT
Default:	2

Enables the SSL Session Cache:- 0 = Disables the session cache entirely

• 1 = Enables the session cache using OpenSSLs implementation.

• 2 = (default) Enables the session cache using Traffic Server’s implementation.

  This implentation should perform much better than the OpenSSLimplementation.

proxy.config.ssl.session_cache.timeout ¶

Scope:	CONFIG
Type:	INT
Default:	0

This configuration specifies the lifetime of SSL session cacheentries in seconds. If it is 0, then the SSL library will usea default value, typically 300 seconds. Note: This option has no affectwhen using the Traffic Server session cache (option 2 inproxy.config.ssl.session_cache)

proxy.config.ssl.session_cache.auto_clear ¶

Scope:	CONFIG
Type:	INT
Default:	1

This will set the OpenSSL auto clear flag. Auto clear is enabled bydefault with 1 it can be disabled by changing this setting to 0.

proxy.config.ssl.session_cache.size ¶

Scope:	CONFIG
Type:	INT
Default:	102400

This configuration specifies the maximum number of entriesthe SSL session cache may contain.

proxy.config.ssl.session_cache.num_buckets ¶

Scope:	CONFIG
Type:	INT
Default:	1024

This configuration specifies the number of buckets to use with theTraffic Server SSL session cache implementation. The TS implementationis a fixed size hash map where each bucket is protected by a mutex.

proxy.config.ssl.session_cache.skip_cache_on_bucket_contention ¶

Scope:	CONFIG
Type:	INT
Default:	0

This configuration specifies the behavior of the Traffic Server SSL sessioncache implementation during lock contention on each bucket:

• 0 = (default) Don’t skip session caching when bucket lock is contented.
• 1 = Don’t use the SSL session cache for this connection during lock contention.

proxy.config.ssl.hsts_max_age ¶

Scope:	CONFIG
Type:	INT
Default:	-1

This configuration specifies the max-age value that will be usedwhen adding the Strict-Transport-Security header. The value is in seconds.A value of 0 will set the max-age value to 0 and should remove theHSTS entry from the client. A value of -1 will disable this feature andnot set the header. This option is only used for HTTPS requests and theheader will not be set on HTTP requests.

proxy.config.ssl.hsts_include_subdomains ¶

Scope:	CONFIG
Type:	INT
Default:	0

Enables (1) or disables (0) adding the includeSubdomain valueto the Strict-Transport-Security header. proxy.config.ssl.hsts_max_ageneeds to be set to a non -1 value for this configuration to take effect.

proxy.config.ssl.allow_client_renegotiation ¶

Scope:	CONFIG
Type:	INT
Default:	0

This configuration specifies whether the client is able to initiaterenegotiation of the SSL connection. The default of 0, meansthe client can’t initiate renegotiation.

proxy.config.ssl.cert.load_elevated ¶

Scope:	CONFIG
Type:	INT
Default:	0

Enables (1) or disables (0) elevation of traffic_serverprivileges during loading of SSL certificates. By enabling this, SSLcertificate files’ access rights can be restricted to help reduce thevulnerability of certificates.

This feature requires Traffic Server to be built with POSIXcapabilities enabled.

Client-Related Configuration¶

proxy.config.ssl.client.verify.server ¶

Scope:	CONFIG
Type:	INT
Default:	0

Configures Traffic Server to verify the origin server certificatewith the Certificate Authority (CA).

proxy.config.ssl.client.cert.filename ¶

Scope:	CONFIG
Type:	STRING
Default:	NULL

The filename of SSL client certificate installed on Traffic Server.

proxy.config.ssl.client.cert.path ¶

Scope:	CONFIG
Type:	STRING
Default:	/config

The location of the SSL client certificate installed on TrafficServer.

proxy.config.ssl.client.private_key.filename ¶

Scope:	CONFIG
Type:	STRING
Default:	NULL

The filename of the Traffic Server private key. Change this variableonly if the private key is not located in the Traffic Server SSLclient certificate file.

proxy.config.ssl.client.private_key.path ¶

Scope:	CONFIG
Type:	STRING
Default:	NULL

The location of the Traffic Server private key. Change this variableonly if the private key is not located in the SSL client certificatefile.

proxy.config.ssl.client.CA.cert.filename ¶

Scope:	CONFIG
Type:	STRING
Default:	NULL

The filename of the certificate authority against which the originserver will be verified.

proxy.config.ssl.client.CA.cert.path ¶

Scope:	CONFIG
Type:	STRING
Default:	NULL

Specifies the location of the certificate authority file againstwhich the origin server will be verified.

ICP Configuration¶

proxy.config.icp.enabled ¶

Scope:	CONFIG
Type:	INT
Default:	0

Sets ICP mode for hierarchical caching:

• 0 = disables ICP
• 1 = allows Traffic Server to receive ICP queries only
• 2 = allows Traffic Server to send and receive ICP queries

Refer to <admin-icp-peering>.

proxy.config.icp.icp_interface ¶

Scope:	CONFIG
Type:	STRING
Default:	your_interface

Specifies the network interface used for ICP traffic.

Note

The Traffic Server installation script detects yournetwork interface and sets this variable appropriately. If yoursystem has multiple network interfaces, check that this variablespecifies the correct interface.

proxy.config.icp.icp_port ¶

Scope:	CONFIG
Type:	INT
Default:	3130
Reloadable:	Yes

Specifies the UDP port that you want to use for ICP messages.

proxy.config.icp.query_timeout ¶

Scope:	CONFIG
Type:	INT
Default:	2
Reloadable:	Yes

Specifies the timeout used for ICP queries.

HTTP/2 Configuration¶

proxy.config.http2.enabled ¶

Scope:	CONFIG
Type:	INT
Default:	0

Enable the experimental HTTP/2 feature. This implements most of thespecifications, with the one big exception being server PUSH.

Note

This configuration will be eliminated for v6.0.0, where HTTP/2 isenabled by default and controlled via the ports configuration.

proxy.config.http2.max_concurrent_streams_in ¶

Scope:	CONFIG
Type:	INT
Default:	100
Reloadable:	Yes

The maximum number of concurrent streams per inbound connection.

Note

Reloading this value affects only new HTTP/2 connections, not theones already established.

proxy.config.http2.initial_window_size_in ¶

Scope:	CONFIG
Type:	INT
Default:	1048576
Reloadable:	Yes

The initial window size for inbound connections.

proxy.config.http2.max_frame_size ¶

Scope:	CONFIG
Type:	INT
Default:	16384
Reloadable:	Yes

Indicates the size of the largest frame payload that the sender is willingto receive.

proxy.config.http2.header_table_size ¶

Scope:	CONFIG
Type:	INT
Default:	4096
Reloadable:	Yes

The maximum size of the header compression table used to decode headerblocks.

proxy.config.http2.max_header_list_size ¶

Scope:	CONFIG
Type:	INT
Default:	4294967295
Reloadable:	Yes

This advisory setting informs a peer of the maximum size of header listthat the sender is prepared to accept blocks. The default value, which isthe unsigned int maximum value in Traffic Server, implies unlimited size.

SPDY Configuration¶

proxy.config.spdy.accept_no_activity_timeout ¶

Scope:	CONFIG
Type:	INT
Default:	30
Reloadable:	Yes

How long a SPDY connection will be kept open after an accept without any streams created.

proxy.config.spdy.no_activity_timeout_in ¶

Scope:	CONFIG
Type:	INT
Default:	30
Reloadable:	Yes

How long a stream is kept open without activity.

proxy.config.spdy.initial_window_size_in ¶

Scope:	CONFIG
Type:	INT
Default:	65536
Reloadable:	Yes

The initial window size for inbound connections.

proxy.config.spdy.max_concurrent_streams_in ¶

Scope:	CONFIG
Type:	INT
Default:	100
Reloadable:	Yes

The maximum number of concurrent streams per inbound connection.

Note

Reloading this value affects only new SPDY connections, not theones already established..

Scheduled Update Configuration¶

proxy.config.update.enabled ¶

Scope:	CONFIG
Type:	INT
Default:	0

Enables (1) or disables (0) the Scheduled Update option.

proxy.config.update.force ¶

Scope:	CONFIG
Type:	INT
Default:	0
Reloadable:	Yes

Enables (1) or disables (0) a force immediate update. Whenenabled, Traffic Server overrides the scheduling expiration time forall scheduled update entries and initiates updates until this optionis disabled.

proxy.config.update.retry_count ¶

Scope:	CONFIG
Type:	INT
Default:	10
Reloadable:	Yes

Specifies the number of times Traffic Server can retry the scheduledupdate of a URL in the event of failure.

proxy.config.update.retry_interval ¶

Scope:	CONFIG
Type:	INT
Default:	2
Reloadable:	Yes

Specifies the delay (in seconds) between each scheduled update retryfor a URL in the event of failure.

proxy.config.update.concurrent_updates ¶

Scope:	CONFIG
Type:	INT
Default:	100
Reloadable:	Yes

Specifies the maximum simultaneous update requests allowed at anytime. This option prevents the scheduled update process fromoverburdening the host.

Plug-in Configuration¶

proxy.config.plugin.plugin_dir ¶

Scope:	CONFIG
Type:	STRING
Default:	config/plugins

Specifies the location of Traffic Server plugins.

proxy.config.remap.num_remap_threads ¶

Scope:	CONFIG
Type:	INT
Default:	0

When this variable is set to 0, plugin remap callbacks areexecuted in line on network threads. If remap processing takessignificant time, this can be cause additional request latency.Setting this variable to causes remap processing to take placeon a dedicated thread pool, freeing the network threads to serviceadditional requests.

SOCKS Processor¶

proxy.config.socks.socks_needed ¶

Scope:	CONFIG
Type:	INT
Default:	0

Enables (1) or disables (0) the SOCKS processor

proxy.config.socks.socks_version ¶

Scope:	CONFIG
Type:	INT
Default:	4

Specifies the SOCKS version (4) or (5)

proxy.config.socks.socks_config_file ¶

Scope:	CONFIG
Type:	STRING
Default:	socks.config

The socks_onfig file allows you to specify ranges of IP addressesthat will not be relayed to the SOCKS server. It can also be usedto configure AUTH information for SOCKSv5 servers.

proxy.config.socks.socks_timeout ¶

Scope:	CONFIG
Type:	INT
Default:	100

The activity timeout value (in seconds) for SOCKS server connections.

proxy.config.socks.server_connect_timeout ¶

Scope:	CONFIG
Type:	INT
Default:	10

The timeout value (in seconds) for SOCKS server connection attempts.

proxy.config.socks.per_server_connection_attempts ¶

Scope:	CONFIG
Type:	INT
Default:	1

The total number of connection attempts allowed per SOCKS server,if multiple servers are used.

proxy.config.socks.connection_attempts ¶

Scope:	CONFIG
Type:	INT
Default:	4

The total number of connection attempts allowed to a SOCKS serverTraffic Server bypasses the server or fails the request

proxy.config.socks.server_retry_timeout ¶

Scope:	CONFIG
Type:	INT
Default:	300

The timeout value (in seconds) for SOCKS server connection retry attempts.

proxy.config.socks.default_servers ¶

Scope:	CONFIG
Type:	STRING
Default:	*NONE*

Default list of SOCKS servers and their ports.

proxy.config.socks.server_retry_time ¶

Scope:	CONFIG
Type:	INT
Default:	300

The amount of time allowed between connection retries to a SOCKSserver that is unavailable.

proxy.config.socks.server_fail_threshold ¶

Scope:	CONFIG
Type:	INT
Default:	2

The number of times the connection to the SOCKS server can failbefore Traffic Server considers the server unavailable.

proxy.config.socks.accept_enabled ¶

Scope:	CONFIG
Type:	INT
Default:	0

Enables (1) or disables (0) the SOCKS proxy option. As a SOCKSproxy, Traffic Server receives SOCKS traffic (usually on port1080) and forwards all requests directly to the SOCKS server.

proxy.config.socks.accept_port ¶

Scope:	CONFIG
Type:	INT
Default:	1080

Specifies the port on which Traffic Server accepts SOCKS traffic.

proxy.config.socks.http_port ¶

Scope:	CONFIG
Type:	INT
Default:	80

Specifies the port on which Traffic Server accepts HTTP proxy requestsover SOCKS connections..

Sockets¶

proxy.config.net.defer_accept ¶

Scope:	CONFIG
Type:	INT
Default:	1

default: 1 meaning on all Platforms except Linux: 45 seconds

This directive enables operating system specific optimizations for a listening socket. defer_accept holds a call to accept(2)back until data has arrived. In Linux’ special case this is up to a maximum of 45 seconds.

proxy.config.net.sock_send_buffer_size_in ¶

Scope:	CONFIG
Type:	INT
Default:	0

Sets the send buffer size for connections from the client to Traffic Server.

proxy.config.net.sock_recv_buffer_size_in ¶

Scope:	CONFIG
Type:	INT
Default:	0

Sets the receive buffer size for connections from the client to Traffic Server.

proxy.config.net.sock_option_flag_in ¶

Scope:	CONFIG
Type:	INT
Default:	0x5

Turns different options “on” for the socket handling client connections::

TCP_NODELAY  (1)
SO_KEEPALIVE (2)
SO_LINGER (4) - with a timeout of 0 seconds

Note

This is a bitmask and you need to decide what bits to set. Therefore,you must set the value to 3 if you want to enable nodelay andkeepalive options above.

proxy.config.net.sock_send_buffer_size_out ¶

Scope:	CONFIG
Type:	INT
Default:	0

Sets the send buffer size for connections from Traffic Server to the origin server.

proxy.config.net.sock_recv_buffer_size_out ¶

Scope:	CONFIG
Type:	INT
Default:	0

Sets the receive buffer size for connections from Traffic Server tothe origin server.

proxy.config.net.sock_option_flag_out ¶

Scope:	CONFIG
Type:	INT
Default:	0x1

Turns different options “on” for the origin server socket::

TCP_NODELAY  (1)
SO_KEEPALIVE (2)
SO_LINGER (4) - with a timeout of 0 seconds

Note

This is a bitmask and you need to decide what bits to set. Therefore,you must set the value to 3 if you want to enable nodelay andkeepalive options above.

When SO_LINGER is enabled, the linger timeout time is setto 0. This is useful when Traffic Server and the origin serverare co-located and large numbers of sockets are retainedin the TIME_WAIT state.

proxy.config.net.sock_mss_in ¶

Scope:	CONFIG
Type:	INT
Default:	0

Same as the command line option --accept_mss that sets the MSS for all incoming requests.

proxy.config.net.sock_packet_mark_in ¶

Scope:	CONFIG
Type:	INT
Default:	0x0

Set the packet mark on traffic destined for the client(the packets that make up a client response).

See also

Traffic Shaping

proxy.config.net.sock_packet_mark_out ¶

Scope:	CONFIG
Type:	INT
Default:	0x0

Set the packet mark on traffic destined for the origin(the packets that make up an origin request).

See also

Traffic Shaping

proxy.config.net.sock_packet_tos_in ¶

Scope:	CONFIG
Type:	INT
Default:	0x0

Set the ToS/DiffServ Field on packets sent to the client(the packets that make up a client response).

See also

Traffic Shaping

proxy.config.net.sock_packet_tos_out ¶

Scope:	CONFIG
Type:	INT
Default:	0x0

Set the ToS/DiffServ Field on packets sent to the origin(the packets that make up an origin request).

See also

Traffic Shaping

proxy.config.net.poll_timeout ¶

Scope:	CONFIG
Type:	INT
Default:	10 (or 30 on Solaris)

Same as the command line option --poll_timeout, or -t, whichspecifies the timeout used for the polling mechanism used. This timeout isalways in milliseconds (ms). This is the timeout to epoll_wait() onLinux platforms, and to kevent() on BSD type OSs. The default value is10 on all platforms.

Changing this configuration can reduce CPU usage on an idle system, sinceperiodic tasks gets processed at these intervals. On busy servers, thisoverhead is diminished, since polled events triggers morefrequently.However, increasing the setting can also introduce additional latency forcertain operations, and timed events. It’s recommended not to touch thissetting unless your CPU usage is unacceptable at idle workload. Somealternatives to this could be:

Reduce the number of worker threads (net-threads)
Reduce the number of disk (AIO) threads
Make sure accept threads are enabled

The relevant configurations for this are:

CONFIG proxy.config.exec_thread.autoconfig INT 0
CONFIG proxy.config.exec_thread.limit INT 2
CONFIG proxy.config.accept_threads INT 1
CONFIG proxy.config.cache.threads_per_disk INT 8

proxy.config.task_threads ¶

Scope:	CONFIG
Type:	INT
Default:	2

Specifies the number of task threads to run. These threads are used forvarious tasks that should be off-loaded from the normal network threads.

proxy.config.allocator.thread_freelist_size ¶

Scope:	CONFIG
Type:	INT
Default:	512

Sets the maximum number of elements that can be contained in a ProxyAllocator (per-thread)before returning the objects to the global pool

proxy.config.allocator.thread_freelist_low_watermark ¶

Scope:	CONFIG
Type:	INT
Default:	32

Sets the minimum number of items a ProxyAllocator (per-thread) will guarantee to beholding at any one time.

proxy.config.http.enabled ¶

Scope:	CONFIG
Type:	INT
Default:	1

Turn on or off support for HTTP proxying. This is rarely used, the oneexception being if you run Traffic Server with a protocol plugin, and wouldlike for it to not support HTTP requests at all.

Next Previous

---

© Copyright 2014, dev@trafficserver.apache.org.

Built with Sphinx using a theme provided by Read the Docs.