Provided by: trafficserver_7.1.2+ds-3_amd64 
NAME
records.config - the records.config file (by default, located in /usr/local/etc/trafficserver/) is a list
of configurable variables used by the Traffic Server software. Many of the variables in records.config
are set automatically when you set configuration options with traffic_ctl config set. After you modify
records.config, run the command traffic_ctl config reload to apply the changes. When you apply changes to
one node in a cluster, Traffic Server automatically applies the changes to all other nodes in the cluster
FORMAT
Each variable has the following format:
SCOPE variable_name DATATYPE variable_value
Scope
All variables are defined within a scope, which is related to clustering, and determines the level at
which the variable is applied. The value for SCOPE must be one of:
┌────────┬─────────────────────────────┐
│ Scope │ Description │
├────────┼─────────────────────────────┤
│ CONFIG │ All members of the cluster. │
├────────┼─────────────────────────────┤
│ LOCAL │ Only the local machine. │
└────────┴─────────────────────────────┘
Data Type
A variable's type is defined by the DATATYPE and must be one of:
┌────────┬───────────────────────────────────────┐
│ Type │ Description │
├────────┼───────────────────────────────────────┤
│ FLOAT │ Floating point, expressed as a │
│ │ decimal number without units or │
│ │ exponents. │
├────────┼───────────────────────────────────────┤
│ INT │ Integers, expressed with or without │
│ │ unit prefixes (as described below). │
├────────┼───────────────────────────────────────┤
│ STRING │ String of characters up to the first │
│ │ newline. No quoting necessary. │
└────────┴───────────────────────────────────────┘
Values
The variable_value must conform to the variable's type. For STRING, this is simply any character data
until the first newline.
For integer (INT) variables, values are expressed as any normal integer, e.g. 32768. They can also be
expressed using more human readable values using standard unit prefixes, e.g. 32K. The following prefixes
are supported for all INT type configurations:
┌────────┬─────────────┬──────────────────────────────┐
│ Prefix │ Description │ Equivalent in Bytes │
├────────┼─────────────┼──────────────────────────────┤
│ K │ Kilobytes │ 1,024 bytes │
├────────┼─────────────┼──────────────────────────────┤
│ M │ Megabytes │ 1,048,576 bytes (10242) │
├────────┼─────────────┼──────────────────────────────┤
│ G │ Gigabytes │ 1,073,741,824 bytes (10243) │
├────────┼─────────────┼──────────────────────────────┤
│ T │ Terabytes │ 1,099,511,627,776 bytes │
│ │ │ (10244) │
└────────┴─────────────┴──────────────────────────────┘
IMPORTANT:
Unless proxy.config.disable_configuration_modification is enabled, Traffic Server writes
configurations back to disk periodically. When doing so, the unit prefixes are not preserved.
Floating point variables (FLOAT) must be expressed as a regular decimal number. Unit prefixes are not
supported, nor are alternate notations (scientific, exponent, etc.).
Additional Attributes
Deprecated
A variable marked as Deprecated is still functional but should be avoided as it may be removed in a
future release without warning.
Reloadable
A variable marked as Reloadable can be updated via the command:
traffic_ctl config reload
This updates configuration parameters without restarting Traffic Server or interrupting the processing of
requests.
Overridable
A variable marked as Overridable can be changed on a per-remap basis using plugins (like the
admin-plugins-conf-remap), affecting operations within the current transaction only.
EXAMPLES
In the following example, the variable proxy.config.proxy_name is a STRING datatype with the value
my_server. This means that the name of the Traffic Server proxy is my_server.
CONFIG proxy.config.proxy_name STRING my_server
If the server name should be that_server the line would be
CONFIG proxy.config.proxy_name STRING that_server
In the following example, the variable proxy.config.arm.enabled is a yes/no flag. A value of 0 (zero)
disables the option; a value of 1 enables the option.
CONFIG proxy.config.arm.enabled INT 0
In the following example, the variable sets the cluster startup timeout to 10 seconds.
CONFIG proxy.config.cluster.startup_timeout INT 10
The last examples configures a 64GB RAM cache, using a human readable prefix.
CONFIG proxy.config.cache.ram_cache.size INT 64G
ENVIRONMENT OVERRIDES
Every records.config configuration variable can be overridden by a corresponding environment variable.
This can be useful in situations where you need a static records.config but still want to tweak one or
two settings. The override variable is formed by converting the records.config variable name to upper
case, and replacing any dot separators with an underscore.
Overriding a variable from the environment is permanent and will not be affected by future configuration
changes made in records.config or applied with traffic_ctl.
For example, we could override the proxy.config.product_company variable like this:
$ PROXY_CONFIG_PRODUCT_COMPANY=example traffic_cop &
$ traffic_ctl config get proxy.config.product_company
CONFIGURATION VARIABLES
The following list describes the configuration variables available in the records.config file.
System Variables
proxy.config.product_company
Scope CONFIG.TP Type STRING.TP Default Apache Software Foundation.UNINDENT The name of the organization
developing Traffic Server.
proxy.config.product_vendor
Scope CONFIG.TP Type STRING.TP Default Apache.UNINDENT The name of the vendor providing Traffic Server.
proxy.config.product_name
Scope CONFIG.TP Type STRING.TP Default Traffic Server.UNINDENT The name of the product.
proxy.config.proxy_name
Scope CONFIG.TP Type STRING.TP Default build_machine.TP Reloadable Yes.UNINDENT The name of the Traffic
Server node.
proxy.config.bin_path
Scope CONFIG.TP Type STRING.TP Default bin.UNINDENT The location of the Traffic Server bin directory.
proxy.config.proxy_binary
Scope CONFIG.TP Type STRING.TP Default traffic_server.UNINDENT The name of the executable that runs the
traffic_server process.
proxy.config.proxy_binary_opts
Scope CONFIG.TP Type STRING.TP Default -M.UNINDENT The command-line options for starting Traffic Server.
proxy.config.manager_binary
Scope CONFIG.TP Type STRING.TP Default traffic_manager.UNINDENT The name of the executable that runs the
traffic_manager process.
proxy.config.env_prep
Scope CONFIG.TP Type STRING.TP Default *NONE*.UNINDENT The script executed before the traffic_manager
process spawns the traffic_server process.
proxy.config.config_dir
Scope CONFIG.TP Type STRING.TP Default etc/trafficserver.UNINDENT The directory that contains Traffic
Server configuration files. This is a read-only configuration option that contains the SYSCONFDIR
value specified at build time relative to the installation prefix. The $TS_ROOT environment
variable can be used alter the installation prefix at run time.
proxy.config.syslog_facility
Scope CONFIG.TP Type STRING.TP Default LOG_DAEMON.UNINDENT The facility used to record system log files.
Refer to admin-logging-understanding for more in-depth discussion of the contents and
interpretations of log files.
proxy.config.cop.core_signal
Scope CONFIG.TP Type INT.TP Default 0.UNINDENT The signal sent to traffic_cop's managed processes to
stop them.
A value of 0 means no signal will be sent.
proxy.config.cop.linux_min_memfree_kb
Scope CONFIG.TP Type INT.TP Default 0.UNINDENT The minimum amount of free memory space allowed before
Traffic Server stops the traffic_server and traffic_manager processes to prevent the system from
hanging.
proxy.config.cop.linux_min_swapfree_kb
Scope CONFIG.TP Type INT.TP Default 0.UNINDENT The minimum amount of free swap space allowed before
Traffic Server stops the traffic_server and traffic_manager processes to prevent the system from
hanging. This configuration variable applies if swap is enabled in Linux 2.2 only.
proxy.config.cop.init_sleep_time
Scope CONFIG.TP Type INT.TP Default 0.UNINDENT The minimum amount of addtional duration allowed before
Traffic Server detects that the traffic_server is not responsive and attempts a restart during
startup. This configuration variable allows Traffic Server a longer init time to load potentially
large configuration files such as remap config. Note that this applies only during startup of
Traffic Server and does not apply to the run time heartbeat checking.
proxy.config.cop.active_health_checks
Scope CONFIG.TP Type INT.TP Default 3.UNINDENT Specifies which, if any, of traffic_server and
traffic_manager that traffic_cop is allowed to kill in the event of failed health checks. The
possible values are:
─────────────────────────────────────────────────
Value Description
─────────────────────────────────────────────────
0 traffic_cop is not allowed to kill
any processes.
─────────────────────────────────────────────────
1 Only traffic_manager can be killed on
failed health checks.
─────────────────────────────────────────────────
2 Only traffic_server can be killed on
failed health checks.
─────────────────────────────────────────────────
3 traffic_server and traffic_manager
can be killed on failures (default).
┌───────┬───────────────────────────────────────┐
│ │ │
proxy.config.output.logfile │ │ │
│ │ │
--
NETWORK
proxy.config.net.connections_throttle
Scope CONFIG.TP Type INT.TP Default 30000.UNINDENT The total number of client and origin server
connections that the server can handle simultaneously. This is in fact the max number of file
descriptors that the traffic_server process can have open at any given time. Roughly 10% of these
connections are reserved for origin server connections, i.e. from the default, only ~9,000 client
connections can be handled. This should be tuned according to your memory size, and expected work
load.
proxy.config.net.default_inactivity_timeout
Scope CONFIG.TP Type INT.TP Default 86400.TP Reloadable Yes.UNINDENT The connection inactivity timeout
(in seconds) to apply when Traffic Server detects that no inactivity timeout has been applied by
the HTTP state machine. When this timeout is applied, the
proxy.process.net.default_inactivity_timeout_applied metric is incremented.
See admin-performance-timeouts for more discussion on Traffic Server timeouts.
proxy.config.net.inactivity_check_frequency
Scope CONFIG.TP Type INT.TP Default 1.UNINDENT How frequent (in seconds) to check for inactive
connections. If you deal with a lot of concurrent connections, increasing this setting can reduce
pressure on the system.
proxy.local.incoming_ip_to_bind
Scope LOCAL.TP Type STRING.TP Default 0.0.0.0 [::].UNINDENT Controls the global default IP addresses to
which to bind proxy server ports. The value is a space separated list of IP addresses, one per
supported IP address family (currently IPv4 and IPv6).
Unless explicitly specified in proxy.config.http.server_ports, the server port will be bound to
one of these addresses, selected by IP address family. The built in default is any address. This
is used if no address for a family is specified. This setting is useful if most or all server
ports should be bound to the same address.
NOTE:
This is ignored for inbound transparent server ports because they must be able to accept connections
on arbitrary IP addresses.
Example
Set the global default for IPv4 to 192.168.101.18 and leave the global default for IPv6 as any address:
LOCAL proxy.local.incoming_ip_to_bind STRING 192.168.101.18
Example
Set the global default for IPv4 to 191.68.101.18 and the global default for IPv6 to fc07:192:168:101::17:
LOCAL proxy.local.incoming_ip_to_bind STRING 192.168.101.18 [fc07:192:168:101::17]
proxy.local.outgoing_ip_to_bind
Scope LOCAL.TP Type STRING.TP Default 0.0.0.0 [::].UNINDENT This controls the global default for the
local IP address for outbound connections to origin servers. The value is a list of space
separated IP addresses, one per supported IP address family (currently IPv4 and IPv6).
Unless explicitly specified in proxy.config.http.server_ports, one of these addresses, selected by
IP address family, will be used as the local address for outbound connections. This setting is
useful if most or all of the server ports should use the same outbound IP addresses.
NOTE:
This is ignored for outbound transparent ports as the local outbound address will be the same as the
client local address.
Example
Set the default local outbound IP address for IPv4 connections to 192.168.101.18.:
LOCAL proxy.local.outgoing_ip_to_bind STRING 192.168.101.18
Example
Set the default local outbound IP address to 192.168.101.17 for IPv4 and fc07:192:168:101::17 for IPv6.:
LOCAL proxy.local.outgoing_ip_to_bind STRING 192.168.101.17 [fc07:192:168:101::17]
proxy.config.net.event_period
Scope CONFIG.TP Type INT.TP Default 10.UNINDENT How often, in milli-seconds, to schedule IO event
processing. This is unlikely to be necessary to tune, and we discourage setting it to a value
smaller than 10ms (on Linux).
proxy.config.net.accept_period
Scope CONFIG.TP Type INT.TP Default 10.UNINDENT How often, in milli-seconds, to schedule accept()
processing. This is unlikely to be necessary to tune, and we discourage setting it to a value
smaller than 10ms (on Linux).
proxy.config.net.retry_delay
Scope CONFIG.TP Type INT.TP Default 10.TP Reloadable Yes.UNINDENT How long to wait until we retry
various events that would otherwise block the network processing threads (e.g. locks). We
discourage setting this to a value smaller than 10ms (on Linux).
proxy.config.net.throttle_delay
Scope CONFIG.TP Type INT.TP Default 50.TP Reloadable Yes.UNINDENT When we trigger a throttling scenario,
this how long our accept() are delayed.
CLUSTER
proxy.local.cluster.type
Scope LOCAL.TP Type INT.TP Default 3.UNINDENT Sets the clustering mode:
─────────────────────────────────
Value Effect
─────────────────────────────────
1 Full-clustering mode.
─────────────────────────────────
2 Management-only mode.
─────────────────────────────────
3 No clustering.
┌───────┬───────────────────────┐
│ │ │
proxy.config.cluster.ethernet_interface│ │ │
│ │ │
--
LOCAL MANAGER │ │ │
proxy.config.admin.synthetic_port │ │ │
│ │ │
--
PROCESS MANAGER
proxy.config.process_manager.mgmt_port
Scope CONFIG.TP Type INT.TP Default 8084.UNINDENT The port used for internal communication between
traffic_manager and traffic_server processes.
ALARM CONFIGURATION
proxy.config.alarm_email
Scope CONFIG.TP Type STRING.TP Default *NONE*.TP Reloadable Yes.UNINDENT The address to which the alarm
script should send email.
proxy.config.alarm.bin
Scope CONFIG.TP Type STRING.TP Default example_alarm_bin.sh.TP Reloadable Yes.UNINDENT Name of the
script file that can execute certain actions when an alarm is signaled. The script is invoked with
up to 4 arguments:
• The alarm message.
• The value of proxy.config.product_name.
• The value of proxy.config.admin.user_id.
• The value of proxy.config.alarm_email.
proxy.config.alarm.abs_path
Scope CONFIG.TP Type STRING.TP Default NULL.TP Reloadable Yes.UNINDENT The absolute path to the
directory containing the alarm script. If this is not set, the script will be located relative to
proxy.config.bin_path.
proxy.config.alarm.script_runtime
Scope CONFIG.TP Type INT.TP Default 5.TP Reloadable Yes.UNINDENT The number of seconds that Traffic
Server allows the alarm script to run before aborting it.
HTTP ENGINE
proxy.config.http.server_ports
Scope CONFIG.TP Type STRING.TP Default 8080 8080:ipv6.UNINDENT Ports used for proxying HTTP traffic.
This is a list, separated by space or comma, of port descriptors. Each descriptor is a sequence
of keywords and values separated by colons. Not all keywords have values, those that do are
specifically noted. Keywords with values can have an optional = character separating the keyword
and value. The case of keywords is ignored. The order of keywords is irrelevant but unspecified
results may occur if incompatible options are used (noted below). Options without values are
idempotent. Options with values use the last (right most) value specified, except for ip-out as
detailed later.
Quick reference chart:
───────────────────────────────────────────────────────────────
Name Note Definition
───────────────────────────────────────────────────────────────
number Required The local port.
───────────────────────────────────────────────────────────────
blind Blind (CONNECT) port.
───────────────────────────────────────────────────────────────
compress Not Implemented Compressed.
───────────────────────────────────────────────────────────────
ipv4 Default Bind to IPv4 address family.
───────────────────────────────────────────────────────────────
ipv6 Bind to IPv6 address family.
───────────────────────────────────────────────────────────────
ip-in Value Local inbound IP address.
───────────────────────────────────────────────────────────────
ip-out Value Local outbound IP address.
───────────────────────────────────────────────────────────────
ip-resolve Value IP address resolution style.
───────────────────────────────────────────────────────────────
proto Value List of supported session
protocols.
───────────────────────────────────────────────────────────────
ssl SSL terminated.
───────────────────────────────────────────────────────────────
tr-full Fully transparent (inbound
and outbound)
───────────────────────────────────────────────────────────────
tr-in Inbound transparent.
───────────────────────────────────────────────────────────────
tr-out Outbound transparent.
───────────────────────────────────────────────────────────────
tr-pass Pass through enabled.
┌────────────┬─────────────────┬──────────────────────────────┐
│ │ │ │
--
PARENT PROXY CONFIGURATION
proxy.config.http.parent_proxy_routing_enable
Scope CONFIG.TP Type INT.TP Default 0.TP Reloadable Yes.UNINDENT Enables (1) or disables (0) the parent
caching option. Refer to admin-hierarchical-caching.
proxy.config.http.parent_proxy.retry_time
Scope CONFIG.TP Type INT.TP Default 300.TP Reloadable Yes.TP Overridable Yes.UNINDENT The amount of time
allowed between connection retries to a parent cache that is unavailable.
proxy.config.http.parent_proxy.fail_threshold
Scope CONFIG.TP Type INT.TP Default 10.TP Reloadable Yes.TP Overridable Yes.UNINDENT The number of times
the connection to the parent cache can fail before Traffic Server considers the parent
unavailable.
proxy.config.http.parent_proxy.total_connect_attempts
Scope CONFIG.TP Type INT.TP Default 4.TP Reloadable Yes.TP Overridable Yes.UNINDENT The total number of
connection attempts for a specific transaction allowed to a parent cache before Traffic Server
bypasses the parent or fails the request (depending on the go_direct option in the parent.config
file). The number of parents tried is proxy.config.http.parent_proxy.fail_threshold /
proxy.config.http.parent_proxy.total_connect_attempts
proxy.config.http.parent_proxy.per_parent_connect_attempts
Scope CONFIG.TP Type INT.TP Default 2.TP Reloadable Yes.TP Overridable Yes.UNINDENT The total number of
connection attempts allowed per parent for a specific transaction, if multiple parents are used.
proxy.config.http.parent_proxy.connect_attempts_timeout
Scope CONFIG.TP Type INT.TP Default 30.TP Reloadable Yes.TP Overridable Yes.UNINDENT The timeout value
(in seconds) for parent cache connection attempts.
See admin-performance-timeouts for more discussion on Traffic Server timeouts.
proxy.config.http.parent_proxy.mark_down_hostdb
Scope CONFIG.TP Type INT.TP Default 0.TP Reloadable Yes.TP Overridable Yes.UNINDENT Enables (1) or
disables (0) marking parent proxies down in hostdb when a connection error is detected. Normally
parent selection manages parent proxies and will mark them as unavailable as needed. But when
parents are defined in dns with multiple ip addresses, it may be useful to mark the failing ip
down in hostdb. In this case you would enable these updates.
proxy.config.http.forward.proxy_auth_to_parent
Scope CONFIG.TP Type INT.TP Default 0.TP Reloadable Yes.TP Overridable Yes.UNINDENT Configures Traffic
Server to send proxy authentication headers on to the parent cache.
proxy.config.http.no_dns_just_forward_to_parent
Scope CONFIG.TP Type INT.TP Default 0.TP Reloadable Yes.UNINDENT Don't try to resolve DNS, forward all
DNS requests to the parent. This is off (0) by default.
proxy.local.http.parent_proxy.disable_connect_tunneling
Scope CONFIG.TP Type INT.TP Default 0.UNINDENT
HTTP CONNECTION TIMEOUTS
proxy.config.http.keep_alive_no_activity_timeout_in
Scope CONFIG.TP Type INT.TP Default 120.TP Reloadable Yes.TP Overridable Yes.UNINDENT Specifies how long
Traffic Server keeps connections to clients open for a subsequent request after a transaction
ends. A value of 0 will disable the no activity timeout.
See admin-performance-timeouts for more discussion on Traffic Server timeouts.
proxy.config.http.keep_alive_no_activity_timeout_out
Scope CONFIG.TP Type INT.TP Default 120.TP Reloadable Yes.TP Overridable Yes.UNINDENT Specifies how long
Traffic Server keeps connections to origin servers open for a subsequent transfer of data after a
transaction ends. A value of 0 will disable the no activity timeout.
See admin-performance-timeouts for more discussion on Traffic Server timeouts.
proxy.config.http.transaction_no_activity_timeout_in
Scope CONFIG.TP Type INT.TP Default 30.TP Reloadable Yes.TP Overridable Yes.UNINDENT Specifies how long
Traffic Server keeps connections to clients open if a transaction stalls.
See admin-performance-timeouts for more discussion on Traffic Server timeouts.
proxy.config.http.transaction_no_activity_timeout_out
Scope CONFIG.TP Type INT.TP Default 30.TP Reloadable Yes.TP Overridable Yes.UNINDENT Specifies how long
Traffic Server keeps connections to origin servers open if the transaction stalls.
See admin-performance-timeouts for more discussion on Traffic Server timeouts.
proxy.config.websocket.no_activity_timeout
Scope CONFIG.TP Type INT.TP Default 600.TP Reloadable Yes.TP Overridable Yes.UNINDENT Specifies how long
Traffic Server keeps connections open if a websocket stalls.
See admin-performance-timeouts for more discussion on Traffic Server timeouts.
proxy.config.websocket.active_timeout
Scope CONFIG.TP Type INT.TP Default 3600.TP Reloadable Yes.TP Overridable Yes.UNINDENT The maximum
amount of time Traffic Server keeps websocket connections open.
See admin-performance-timeouts for more discussion on Traffic Server timeouts.
proxy.config.http.transaction_active_timeout_in
Scope CONFIG.TP Type INT.TP Default 900.TP Reloadable Yes.TP Overridable Yes.UNINDENT The maximum amount
of time Traffic Server can remain connected to a client. If the transfer to the client is not
complete before this timeout expires, then Traffic Server closes the connection.
The value of 0 specifies that there is no timeout.
See admin-performance-timeouts for more discussion on Traffic Server timeouts.
proxy.config.http.transaction_active_timeout_out
Scope CONFIG.TP Type INT.TP Default 0.TP Reloadable Yes.TP Overridable Yes.UNINDENT The maximum amount
of time Traffic Server waits for fulfillment of a connection request to an origin server. If
Traffic Server does not complete the transfer to the origin server before this timeout expires,
then Traffic Server terminates the connection request.
The default value of 0 specifies that there is no timeout.
See admin-performance-timeouts for more discussion on Traffic Server timeouts.
proxy.config.http.accept_no_activity_timeout
Scope CONFIG.TP Type INT.TP Default 120.TP Reloadable Yes.UNINDENT The timeout interval in seconds
before Traffic Server closes a connection that has no activity.
See admin-performance-timeouts for more discussion on Traffic Server timeouts.
proxy.config.http.background_fill_active_timeout
Scope CONFIG.TP Type INT.TP Default 0.TP Reloadable Yes.TP Overridable Yes.UNINDENT Specifies how long
Traffic Server continues a background fill before giving up and dropping the origin server
connection.
See admin-performance-timeouts for more discussion on Traffic Server timeouts.
proxy.config.http.background_fill_completed_threshold
Scope CONFIG.TP Type FLOAT.TP Default 0.0.TP Reloadable Yes.TP Overridable Yes.UNINDENT The proportion
of total document size already transferred when a client aborts at which the proxy continues
fetching the document from the origin server to get it into the cache (a background fill).
HTTP REDIRECTION
proxy.config.http.redirection_enabled
Scope CONFIG.TP Type INT.TP Default 0.TP Reloadable Yes.TP Overridable Yes.UNINDENT This setting
indicates whether Trafficserver does a redirect follow location on receiving a 3XX Redirect
response from the Origin server. The redirection attempt is transparent to the client and the
client is served the final response from the redirected-to location.
proxy.config.http.number_of_redirections
Scope CONFIG.TP Type INT.TP Default 1.TP Reloadable Yes.TP Overridable Yes.UNINDENT This setting
determines the maximum number of times Trafficserver does a redirect follow location on receiving
a 3XX Redirect response for a given client request.
proxy.config.http.redirect_host_no_port
Scope CONFIG.TP Type INT.TP Default 1.UNINDENT This setting enables Trafficserver to not include the
port in the Host header in the redirect follow request for default/standard ports (e.g. 80 for
HTTP and 443 for HTTPS). Note that the port is still included in the Host header if it's
non-default.
proxy.config.http.redirect_use_orig_cache_key
Scope CONFIG.TP Type INT.TP Default 0.TP Reloadable Yes.TP Overridable Yes.UNINDENT This setting enables
Trafficserver to allow using original request cache key (for example, set using a TS API) during a
3xx redirect follow. The default behavior (0) is to use the URL specified by Location header in
the 3xx response as the cache key.
ORIGIN SERVER CONNECT ATTEMPTS
proxy.config.http.connect_attempts_max_retries
Scope CONFIG.TP Type INT.TP Default 3.TP Reloadable Yes.TP Overridable Yes.UNINDENT The maximum number
of connection retries Traffic Server can make when the origin server is not responding. Each
retry attempt lasts for proxy.config.http.connect_attempts_timeout seconds. Once the maximum
number of retries is reached, the origin is marked dead. After this, the setting
proxy.config.http.connect_attempts_max_retries_dead_server is used to limit the number of retry
attempts to the known dead origin.
proxy.config.http.connect_attempts_max_retries_dead_server
Scope CONFIG.TP Type INT.TP Default 1.TP Reloadable Yes.TP Overridable Yes.UNINDENT Maximum number of
connection retries Traffic Server can make while an origin is marked dead. Typically this value
is smaller than proxy.config.http.connect_attempts_max_retries so an error is returned to the
client faster and also to reduce the load on the dead origin. The timeout interval
proxy.config.http.connect_attempts_timeout in seconds is used with this setting.
proxy.config.http.server_max_connections
Scope CONFIG.TP Type INT.TP Default 0.TP Reloadable Yes.UNINDENT Limits the number of socket connections
across all origin servers to the value specified. To disable, set to zero (0).
This value is used in determining when and if to prune active origin sessions. Without this value
set, connections to origins can consume all the way up to
ts:cv:proxy.config.net.connections_throttle connections, which in turn can starve incoming
requests from available connections.
proxy.config.http.origin_max_connections
Scope CONFIG.TP Type INT.TP Default 0.TP Reloadable Yes.TP Overridable Yes.UNINDENT Limits the number of
socket connections per origin server to the value specified. To enable, set to one (1).
proxy.config.http.origin_max_connections_queue
Scope CONFIG.TP Type INT.TP Default -1.TP Reloadable Yes.TP Overridable Yes.UNINDENT Limits the number
of requests to be queued when the proxy.config.http.origin_max_connections is reached. When
disabled (-1) requests are will wait indefinitely for an available connection. When set to 0 all
requests past the proxy.config.http.origin_max_connections will immediately fail. When set to >0
ATS will queue that many requests to go to the origin, any additional requests past the limit will
immediately fail.
proxy.config.http.origin_min_keep_alive_connections
Scope CONFIG.TP Type INT.TP Default 0.TP Reloadable Yes.UNINDENT As connection to an origin server are
opened, keep at least 'n' number of connections open to that origin, even if the connection isn't
used for a long time period. Useful when the origin supports keep-alive, removing the time needed
to set up a new connection from the next request at the expense of added (inactive) connections.
To enable, set to one (1).
proxy.config.http.connect_attempts_rr_retries
Scope CONFIG.TP Type INT.TP Default 3.TP Reloadable Yes.TP Overridable Yes.UNINDENT The maximum number
of failed connection attempts allowed before a round-robin entry is marked as 'down' if a server
has round-robin DNS entries.
proxy.config.http.connect_attempts_timeout
Scope CONFIG.TP Type INT.TP Default 30.TP Reloadable Yes.TP Overridable Yes.UNINDENT The timeout value
(in seconds) for time to first byte for an origin server connection.
See admin-performance-timeouts for more discussion on Traffic Server timeouts.
proxy.config.http.post_connect_attempts_timeout
Scope CONFIG.TP Type INT.TP Default 1800.TP Reloadable Yes.TP Overridable Yes.UNINDENT The timeout value
(in seconds) for an origin server connection when the client request is a POST or PUT request.
See admin-performance-timeouts for more discussion on Traffic Server timeouts.
proxy.config.http.post.check.content_length.enabled
Scope CONFIG.TP Type INT.TP Default 1.UNINDENT Enables (1) or disables (0) checking the Content-Length:
Header for a POST request.
proxy.config.http.down_server.cache_time
Scope CONFIG.TP Type INT.TP Default 60.TP Reloadable Yes.TP Overridable Yes.UNINDENT Specifies how long
(in seconds) Traffic Server remembers that an origin server was unreachable.
proxy.config.http.down_server.abort_threshold
Scope CONFIG.TP Type INT.TP Default 10.TP Reloadable Yes.TP Overridable Yes.UNINDENT The number of
seconds before Traffic Server marks an origin server as unavailable after a client abandons a
request because the origin server was too slow in sending the response header.
proxy.config.http.uncacheable_requests_bypass_parent
Scope CONFIG.TP Type INT.TP Default 1.TP Reloadable Yes.TP Overridable Yes.UNINDENT When enabled (1),
Traffic Server bypasses the parent proxy for a request that is not cacheable.
CONGESTION CONTROL
proxy.config.http.congestion_control.enabled
Scope CONFIG.TP Type INT.TP Default 0.UNINDENT Enables (1) or disables (0) the Congestion Control
option, which configures Traffic Server to stop forwarding HTTP requests to origin servers when
they become congested. Traffic Server sends the client a message to retry the congested origin
server later. Refer to using-congestion-control.
proxy.config.http.flow_control.enabled
Scope CONFIG.TP Type INT.TP Default 0.TP Overridable Yes.UNINDENT Transaction buffering / flow control
is enabled if this is set to a non-zero value. Otherwise no flow control is done.
proxy.config.http.flow_control.high_water
Scope CONFIG.TP Type INT.TP Default 0.TP Units bytes.TP Overridable Yes.UNINDENT The high water mark for
transaction buffer control. External source I/O is halted when the total buffer space in use by
the transaction exceeds this value.
proxy.config.http.flow_control.low_water
Scope CONFIG.TP Type INT.TP Default 0.TP Units bytes.TP Overridable Yes.UNINDENT The low water mark for
transaction buffer control. External source I/O is resumed when the total buffer space in use by
the transaction is no more than this value.
proxy.config.http.websocket.max_number_of_connections
Scope CONFIG.TP Type INT.TP Default -1.TP Reloadable Yes.UNINDENT When enabled >= (0), Traffic Server
will enforce a maximum number of simultaneous websocket connections.
NEGATIVE RESPONSE CACHING
proxy.config.http.negative_caching_enabled
Scope CONFIG.TP Type INT.TP Default 0.TP Reloadable Yes.TP Overridable Yes.UNINDENT When enabled (1),
Traffic Server caches negative responses (such as 404 Not Found) when a requested page does not
exist. The next time a client requests the same page, Traffic Server serves the negative response
directly from cache.
When disabled (0), Traffic Server will only cache the response if the response has Cache-Control
headers.
The following negative responses are cached by Traffic Server:
┌────────────────────┬───────────────────────┐
│ HTTP Response Code │ Description │
├────────────────────┼───────────────────────┤
│ 204 │ No Content │
├────────────────────┼───────────────────────┤
│ 305 │ Use Proxy │
├────────────────────┼───────────────────────┤
│ 400 │ Bad Request │
├────────────────────┼───────────────────────┤
│ 403 │ Forbidden │
├────────────────────┼───────────────────────┤
│ 404 │ Not Found │
├────────────────────┼───────────────────────┤
│ 405 │ Method Not Allowed │
├────────────────────┼───────────────────────┤
│ 500 │ Internal Server Error │
├────────────────────┼───────────────────────┤
│ 501 │ Not Implemented │
├────────────────────┼───────────────────────┤
│ 502 │ Bad Gateway │
├────────────────────┼───────────────────────┤
│ 503 │ Service Unavailable │
├────────────────────┼───────────────────────┤
│ 504 │ Gateway Timeout │
└────────────────────┴───────────────────────┘
The cache lifetime for objects cached from this setting is controlled via
proxy.config.http.negative_caching_lifetime.
proxy.config.http.negative_caching_lifetime
Scope CONFIG.TP Type INT.TP Default 1800.TP Overridable Yes.UNINDENT How long (in seconds) Traffic
Server keeps the negative responses valid in cache. This value only affects negative responses
that do NOT have explicit Expires: or Cache-Control: lifetimes set by the server.
proxy.config.http.negative_revalidating_enabled
Scope CONFIG.TP Type INT.TP Default 0.UNINDENT Enables (1) or disables (0) forcing revalidation of
cached documents when Traffic Server receives a negative (5xx only) response from the origin
server.
proxy.config.http.negative_revalidating_lifetime
Scope CONFIG.TP Type INT.TP Default 1800.UNINDENT How long, in seconds, to consider a stale cached
document valid if during the revalidation attempt Traffic Server receives a negative (5xx only)
response from the origin server.
PROXY USER VARIABLES
proxy.config.http.anonymize_remove_from
Scope CONFIG.TP Type INT.TP Default 0.TP Reloadable Yes.TP Overridable Yes.UNINDENT When enabled (1),
Traffic Server removes the From header to protect the privacy of your users.
proxy.config.http.anonymize_remove_referer
Scope CONFIG.TP Type INT.TP Default 0.TP Reloadable Yes.UNINDENT When enabled (1), Traffic Server
removes the Referrer header to protect the privacy of your site and users.
proxy.config.http.anonymize_remove_user_agent
Scope CONFIG.TP Type INT.TP Default 0.TP Reloadable Yes.TP Overridable Yes.UNINDENT When enabled (1),
Traffic Server removes the User-agent header to protect the privacy of your site and users.
proxy.config.http.anonymize_remove_cookie
Scope CONFIG.TP Type INT.TP Default 0.TP Reloadable Yes.TP Overridable Yes.UNINDENT When enabled (1),
Traffic Server removes the Cookie header to protect the privacy of your site and users.
proxy.config.http.anonymize_remove_client_ip
Scope CONFIG.TP Type INT.TP Default 0.TP Reloadable Yes.TP Overridable Yes.UNINDENT When enabled (1),
Traffic Server removes Client-IP headers for more privacy.
proxy.config.http.insert_client_ip
Scope CONFIG.TP Type INT.TP Default 1.TP Reloadable Yes.TP Overridable Yes.UNINDENT When enabled (1),
Traffic Server inserts Client-IP headers to retain the client IP address.
proxy.config.http.anonymize_other_header_list
Scope CONFIG.TP Type STRING.TP Default NULL.TP Reloadable Yes.UNINDENT Comma separated list of headers
Traffic Server should remove from outgoing requests.
proxy.config.http.insert_squid_x_forwarded_for
Scope CONFIG.TP Type INT.TP Default 1.TP Reloadable Yes.TP Overridable Yes.UNINDENT When enabled (1),
Traffic Server adds the client IP address to the X-Forwarded-For header.
proxy.config.http.normalize_ae_gzip
Scope CONFIG.TP Type INT.TP Default 1.TP Reloadable Yes.TP Overridable Yes.UNINDENT Enable (1) to
normalize all Accept-Encoding: headers to one of the following:
• Accept-Encoding: gzip (if the header has gzip or x-gzip with any q) OR
• blank (for any header that does not include gzip)
This is useful for minimizing cached alternates of documents (e.g. gzip, deflate vs. deflate, gzip).
Enabling this option is recommended if your origin servers use no encodings other than gzip.
SECURITY
proxy.config.http.push_method_enabled
Scope CONFIG.TP Type INT.TP Default 0.TP Reloadable Yes.UNINDENT Enables (1) or disables (0) the HTTP
PUSH option, which allows you to deliver content directly to the cache without a user request.
IMPORTANT:
If you enable this option, then you must also specify a filtering rule in the ip_allow.config file to
allow only certain machines to push content into the cache.
proxy.config.http.max_post_size
Scope CONFIG.TP Type INT.TP Default 0.TP Reloadable Yes.UNINDENT This feature is disabled by default
with a value of (0), any positive value will limit the size of post bodies. If a request is
received with a post body larger than this limit the response will be terminated with 413 -
Request Entity Too Large and logged accordingly.
CACHE CONTROL
proxy.config.cache.enable_read_while_writer
Scope CONFIG.TP Type INT.TP Default 1.TP Reloadable Yes.UNINDENT Specifies when to enable the ability to
read a cached object while another connection is completing the write to cache for that same
object. The goal here is to avoid multiple origin connections for the same cacheable object upon a
cache miss. The possible values of this config are:
┌───────┬───────────────────────────────────────┐
│ Value │ Description │
├───────┼───────────────────────────────────────┤
│ 0 │ Never read while writing. │
├───────┼───────────────────────────────────────┤
│ 1 │ Always read while writing. │
├───────┼───────────────────────────────────────┤
│ 2 │ Always read while writing, but allow │
│ │ non-cached Range requests through to │
│ │ the origin server. │
└───────┴───────────────────────────────────────┘
The 2 option is useful to avoid delaying requests which can not easily be satisfied by the
partially written response.
Several other configuration values need to be set for this to be usable. See
admin-configuration-reducing-origin-requests.
proxy.config.cache.read_while_writer.max_retries
Scope CONFIG.TP Type INT.TP Default 10.TP Reloadable Yes.UNINDENT Specifies how many retries
trafficserver attempts to trigger read_while_writer on failing to obtain the write VC mutex or
until the first fragment is downloaded for the object being downloaded. The retry duration is
specified using the setting proxy.config.cache.read_while_writer_retry.delay
proxy.config.cache.read_while_writer_retry.delay
Scope CONFIG.TP Type INT.TP Default 50.TP Reloadable Yes.UNINDENT Specifies the delay in msec,
trafficserver waits to reattempt read_while_writer on failing to obtain the write VC mutex or
until the first fragment is downloaded for the object being downloaded. Note that trafficserver
implements a progressive delay in reattempting, by doubling the configured duration from the third
reattempt onwards.
proxy.config.cache.force_sector_size
Scope CONFIG.TP Type INT.TP Default 0.TP Reloadable Yes.UNINDENT Forces the use of a specific hardware
sector size, e.g. 4096, for all disks.
SSDs and "advanced format” drives claim a sector size of 512; however, it is safe to force a
higher size than the hardware supports natively as we count atomicity in 512 byte increments.
4096-sized drives formatted for Windows will have partitions aligned on 63 512-byte sector
boundaries, so they will be unaligned. There are workarounds, but you need to do some research on
your particular drive. Some drives have a one-time option to switch the partition boundary, while
others might require reformatting or repartitioning.
To be safe in Linux, you could just use the entire drive: /dev/sdb instead of /dev/sdb1 and
Traffic Server will do the right thing. Misaligned partitions on Linux are auto-detected.
For example: If /sys/block/sda/sda1/alignment_offset is non-zero, ATS will offset reads/writes to
that disk by that alignment. If Linux knows about any existing partition misalignments, ATS will
compensate.
Partitions formatted to support hardware sector size of more than 512 (e.g. 4096) will result in
all objects stored in the cache to be integral multiples of 4096 bytes, which will result in some
waste for small files.
proxy.config.http.cache.http
Scope CONFIG.TP Type INT.TP Default 1.TP Reloadable Yes.TP Overridable Yes.UNINDENT Enables (1) or
disables (0) caching of HTTP requests.
proxy.config.http.cache.generation
Scope CONFIG.TP Type INT.TP Default -1.TP Reloadable Yes.TP Overridable Yes.UNINDENT If set to a value
other than -1, the value if this configuration option is combined with the cache key at cache
lookup time. Changing this value has the effect of an instantaneous, zero-cost cache purge since
it will cause all subsequent cache keys to change. Since this is an overrideable configuration, it
can be used to purge the entire cache, or just a specific remap.config rule.
proxy.config.http.cache.allow_empty_doc
Scope CONFIG.TP Type INT.TP Default 1.TP Reloadable Yes.TP Deprecated Yes.UNINDENT Enables (1) or
disables (0) caching objects that have an empty response body. This is particularly useful for
caching 301 or 302 responses with a Location header but no document body. This only works if the
origin response also has a Content-Length header.
proxy.config.http.doc_in_cache_skip_dns
Scope CONFIG.TP Type INT.TP Default 1.TP Reloadable Yes.TP Overridable Yes.UNINDENT When enabled (1), do
not perform origin server DNS resolution if a fresh copy of the requested document is available in
the cache. This setting has no effect if HTTP caching is disabled or if there are IP based ACLs
configured.
Note that plugins, particularly authorization plugins, which use the TS_HTTP_OS_DNS_HOOK hook may
require this configuration variable to be disabled (0) in order to function properly. This will
ensure that the hook will be evaluated and plugin execution will occur even when there is a fresh
copy of the requested object in the cache (which would normally allow the DNS lookup to be
skipped, thus eliminating the hook evaluation).
The downside is that the performance gain by skipping otherwise unnecessary DNS lookups is lost.
Because the variable is overridable, you may retain this performance benefit for portions of your
cache which do not require the use of TS_HTTP_OS_DNS_HOOK plugins, by ensuring that the setting is
first disabled within only the relevant transactions. Refer to the documentation on
admin-plugins-conf-remap for more information.
proxy.config.http.cache.ignore_client_no_cache
Scope CONFIG.TP Type INT.TP Default 1.TP Reloadable Yes.TP Overridable Yes.UNINDENT When enabled (1),
Traffic Server ignores client requests to bypass the cache.
proxy.config.http.cache.ims_on_client_no_cache
Scope CONFIG.TP Type INT.TP Default 1.TP Reloadable Yes.TP Overridable Yes.UNINDENT When enabled (1),
Traffic Server issues a conditional request to the origin server if an incoming request has a
No-Cache header.
proxy.config.http.cache.ignore_server_no_cache
Scope CONFIG.TP Type INT.TP Default 0.TP Reloadable Yes.TP Overridable Yes.UNINDENT When enabled (1),
Traffic Server ignores origin server requests to bypass the cache.
proxy.config.http.cache.cache_responses_to_cookies
Scope CONFIG.TP Type INT.TP Default 1.TP Reloadable Yes.TP Overridable Yes.UNINDENT Specifies how
cookies are cached:
┌───────┬───────────────────────────────────────┐
│ Value │ Description │
├───────┼───────────────────────────────────────┤
│ 0 │ Do not cache any responses to │
│ │ cookies. │
├───────┼───────────────────────────────────────┤
│ 1 │ Cache for any content-type. │
├───────┼───────────────────────────────────────┤
│ 2 │ Cache only for image types. │
├───────┼───────────────────────────────────────┤
│ 3 │ Cache for all but text content-types. │
├───────┼───────────────────────────────────────┤
│ 4 │ Cache for all but text content-types; │
│ │ except origin server response without │
│ │ Set-Cookie or with Cache-Control: │
│ │ public. │
└───────┴───────────────────────────────────────┘
proxy.config.http.cache.ignore_authentication
Scope CONFIG.TP Type INT.TP Default 0.TP Overridable Yes.UNINDENT When enabled (1), Traffic Server
ignores WWW-Authentication headers in responses WWW-Authentication headers are removed and not
cached.
proxy.config.http.cache.cache_urls_that_look_dynamic
Scope CONFIG.TP Type INT.TP Default 1.TP Reloadable Yes.TP Overridable Yes.UNINDENT Enables (1) or
disables (0) caching of URLs that look dynamic, i.e.: URLs that end in .asp or contain a question
mark (?), a semicolon (;), or cgi. For a full list, please refer to
HttpTransact::url_looks_dynamic
proxy.config.http.cache.enable_default_vary_headers
Scope CONFIG.TP Type INT.TP Default 0.TP Reloadable Yes.UNINDENT Enables (1) or disables (0) caching of
alternate versions of HTTP objects that do not contain the Vary header.
proxy.config.http.cache.when_to_revalidate
Scope CONFIG.TP Type INT.TP Default 0.TP Reloadable Yes.TP Overridable Yes.UNINDENT Specifies when to
revalidate content:
─────────────────────────────────────────────────
│ Value │ Description │
├───────┼───────────────────────────────────────┤
│ 0 │ Use cache directives or heuristic │
│ │ (the default value). │
├───────┼───────────────────────────────────────┤
│ 1 │ Stale if heuristic. │
├───────┼───────────────────────────────────────┤
│ 2 │ Always stale (always revalidate). │
├───────┼───────────────────────────────────────┤
│ 3 │ Never stale. │
├───────┼───────────────────────────────────────┤
│ 4 │ Use cache directives or heuristic (0) │
│ │ unless the request has an │
│ │ If-Modified-Since header. │
└───────┴───────────────────────────────────────┘
If the request contains the If-Modified-Since header, then Traffic Server always revalidates the
cached content and uses the client's If-Modified-Since header for the proxy request.
proxy.config.http.cache.required_headers
Scope CONFIG.TP Type INT.TP Default 2.TP Reloadable Yes.TP Overridable Yes.UNINDENT The type of headers
required in a request for the request to be cacheable.
┌───────┬───────────────────────────────────────┐
│ Value │ Description │
├───────┼───────────────────────────────────────┤
│ 0 │ No headers required to make document │
│ │ cacheable. │
├───────┼───────────────────────────────────────┤
│ 1 │ Either the Last-Modified header, or │
│ │ an explicit lifetime header (Expires │
│ │ or Cache-Control: max-age) is │
│ │ required. │
├───────┼───────────────────────────────────────┤
│ 2 │ Explicit lifetime is required, from │
│ │ either Expires or Cache-Control: │
│ │ max-age. │
└───────┴───────────────────────────────────────┘
proxy.config.http.cache.max_stale_age
Scope CONFIG.TP Type INT.TP Default 604800.TP Reloadable Yes.TP Overridable Yes.UNINDENT The maximum age
allowed for a stale response before it cannot be cached.
proxy.config.http.cache.range.lookup
Scope CONFIG.TP Type INT.TP Default 1.TP Overridable Yes.UNINDENT When enabled (1), Traffic Server looks
up range requests in the cache.
proxy.config.http.cache.range.write
Scope CONFIG.TP Type INT.TP Default 0.TP Overridable Yes.UNINDENT When enabled (1), Traffic Server will
attempt to write (lock) the URL to cache. This is rarely useful (at the moment), since it'll only
be able to write to cache if the origin has ignored the Range: header. For a use case where you
know the origin will respond with a full (200) response, you can turn this on to allow it to be
cached.
proxy.config.http.cache.ignore_accept_mismatch
Scope CONFIG.TP Type INT.TP Default 2.TP Reloadable Yes.UNINDENT When enabled with a value of 1, Traffic
Server serves documents from cache with a Content-Type: header even if it does not match the
Accept: header of the request. If set to 2 (default), this logic only happens in the absence of a
Vary header in the cached response (which is the recommended and safe use).
NOTE:
This option should only be enabled with 1 if you're having problems with caching and you origin server
doesn't set the Vary header. Alternatively, if the origin is incorrectly setting Vary: Accept or
doesn't respond with 406 (Not Acceptable), you can also enable this configuration with a 1.
proxy.config.http.cache.ignore_accept_language_mismatch
Scope CONFIG.TP Type INT.TP Default 2.TP Reloadable Yes.UNINDENT When enabled with a value of 1, Traffic
Server serves documents from cache with a Content-Language: header even if it does not match the
Accept-Language: header of the request. If set to 2 (default), this logic only happens in the
absence of a Vary header in the cached response (which is the recommended and safe use).
NOTE:
This option should only be enabled with 1 if you're having problems with caching and you origin server
doesn't set the Vary header. Alternatively, if the origin is incorrectly setting Vary: Accept-Language
or doesn't respond with 406 (Not Acceptable), you can also enable this configuration with a 1.
proxy.config.http.cache.ignore_accept_encoding_mismatch
Scope CONFIG.TP Type INT.TP Default 2.TP Reloadable Yes.UNINDENT When enabled with a value of 1, Traffic
Server serves documents from cache with a Content-Encoding: header even if it does not match the
Accept-Encoding: header of the request. If set to 2 (default), this logic only happens in the
absence of a Vary header in the cached response (which is the recommended and safe use).
NOTE:
This option should only be enabled with 1 if you're having problems with caching and you origin server
doesn't set the Vary header. Alternatively, if the origin is incorrectly setting Vary: Accept-Encoding
or doesn't respond with 406 (Not Acceptable) you can also enable this configuration with a 1.
proxy.config.http.cache.ignore_accept_charset_mismatch
Scope CONFIG.TP Type INT.TP Default 2.TP Reloadable Yes.UNINDENT When enabled with a value of 1, Traffic
Server serves documents from cache with a Content-Type: header even if it does not match the
Accept-Charset: header of the request. If set to 2 (default), this logic only happens in the
absence of a Vary header in the cached response (which is the recommended and safe use).
NOTE:
This option should only be enabled with 1 if you're having problems with caching and you origin server
doesn't set the Vary header. Alternatively, if the origin is incorrectly setting Vary: Accept-Charset
or doesn't respond with 406 (Not Acceptable), you can also enable this configuration with a 1.
proxy.config.http.cache.ignore_client_cc_max_age
Scope CONFIG.TP Type INT.TP Default 1.TP Reloadable Yes.TP Overridable Yes.UNINDENT When enabled (1),
Traffic Server ignores any Cache-Control: max-age headers from the client. This technically
violates the HTTP RFC, but avoids a problem where a client can forcefully invalidate a cached
object.
proxy.config.cache.max_doc_size
Scope CONFIG.TP Type INT.TP Default 0.UNINDENT Specifies the maximum object size that will be cached. 0
is unlimited.
proxy.config.cache.min_average_object_size
Scope CONFIG.TP Type INT.TP Default 8000.UNINDENT Specifies the lower boundary of average object sizes
in the cache and is used in determining the number of directory buckets to allocate for the
in-memory cache directory.
proxy.config.cache.permit.pinning
Scope CONFIG.TP Type INT.TP Default 0.TP Reloadable Yes.UNINDENT When enabled (1), Traffic Server will
keep certain HTTP objects in the cache for a certain time as specified in cache.config.
proxy.config.cache.hit_evacuate_percent
Scope CONFIG.TP Type INT.TP Default 0.UNINDENT The size of the region (as a percentage of the total
content storage in a cache stripe) in front of the write cursor that constitutes a recent access
hit for evacutating the accessed object.
When an object is accessed it can be marked for evacuation, that is to be copied over the write
cursor and thereby preserved from being overwritten. This is done if it is no more than a specific
number of bytes in front of the write cursor. The number of bytes is a percentage of the total
number of bytes of content storage in the cache stripe where the object is stored and that
percentage is set by this variable.
By default, the feature is off (set to 0).
proxy.config.cache.hit_evacuate_size_limit
Scope CONFIG.TP Type INT.TP Default 0.TP Units bytes.UNINDENT Limit the size of objects that are hit
evacuated.
Objects larger than the limit are not hit evacuated. A value of 0 disables the limit.
proxy.config.cache.limits.http.max_alts
Scope CONFIG.TP Type INT.TP Default 5.UNINDENT The maximum number of alternates that are allowed for any
given URL. Disable by setting to 0.
proxy.config.cache.target_fragment_size
Scope CONFIG.TP Type INT.TP Default 1048576.UNINDENT Sets the target size of a contiguous fragment of a
file in the disk cache. When setting this, consider that larger numbers could waste memory on
slow connections, but smaller numbers could increase (waste) seeks.
proxy.config.cache.alt_rewrite_max_size
Scope CONFIG.TP Type INT.TP Default 4096.UNINDENT Configures the size, in bytes, of an alternate that
will be considered small enough to trigger a rewrite of the resident alt fragment within a write
vector. For further details on cache write vectors, refer to the developer documentation for
CacheVC.
RAM CACHE
proxy.config.cache.ram_cache.size
Scope CONFIG.TP Type INT.TP Default -1.UNINDENT By default the RAM cache size is automatically
determined, based on disk cache size; approximately 10 MB of RAM cache per GB of disk cache.
Alternatively, it can be set to a fixed value such as 20GB (21474836480)
proxy.config.cache.ram_cache_cutoff
Scope CONFIG.TP Type INT.TP Default 4194304.UNINDENT Objects greater than this size will not be kept in
the RAM cache. This should be set high enough to keep objects accessed frequently in memory in
order to improve performance. 4MB (4194304)
proxy.config.cache.ram_cache.algorithm
Scope CONFIG.TP Type INT.TP Default 1.UNINDENT Two distinct RAM caches are supported, the default (0)
being the CLFUS (Clocked Least Frequently Used by Size). As an alternative, a simpler LRU (Least
Recently Used) cache is also available, by changing this configuration to 1.
proxy.config.cache.ram_cache.use_seen_filter
Scope CONFIG.TP Type INT.TP Default 1.UNINDENT Enabling this option will filter inserts into the RAM
cache to ensure that they have been seen at least once. For the LRU, this provides scan
resistance. Note that CLFUS already requires that a document have history before it is inserted,
so for CLFUS, setting this option means that a document must be seen three times before it is
added to the RAM cache.
proxy.config.cache.ram_cache.compress
Scope CONFIG.TP Type INT.TP Default 0.UNINDENT The CLFUS RAM cache also supports an optional in-memory
compression. This is not to be confused with Content-Encoding: gzip compression. The RAM cache
compression is intended to try to save space in the RAM, and is not visible to the User-Agent
(client).
Possible values are:
┌───────┬───────────────────────────────────────┐
│ Value │ Description │
├───────┼───────────────────────────────────────┤
│ 0 │ No compression │
├───────┼───────────────────────────────────────┤
│ 1 │ Fastlz (extremely fast, relatively │
│ │ low compression) │
├───────┼───────────────────────────────────────┤
│ 2 │ Libz (moderate speed, reasonable │
│ │ compression) │
├───────┼───────────────────────────────────────┤
│ 3 │ Liblzma (very slow, high compression) │
└───────┴───────────────────────────────────────┘
Compression runs on task threads. To use more cores for RAM cache compression, increase
proxy.config.task_threads.
HEURISTIC EXPIRATION
proxy.config.http.cache.heuristic_min_lifetime
Scope CONFIG.TP Type INT.TP Default 3600.TP Reloadable Yes.TP Overridable Yes.UNINDENT The minimum
amount of time, in seconds, an HTTP object without an expiration date can remain fresh in the
cache before is considered to be stale.
proxy.config.http.cache.heuristic_max_lifetime
Scope CONFIG.TP Type INT.TP Default 86400.TP Reloadable Yes.TP Overridable Yes.UNINDENT The maximum
amount of time, in seconds, an HTTP object without an expiration date can remain fresh in the
cache before is considered to be stale.
proxy.config.http.cache.heuristic_lm_factor
Scope CONFIG.TP Type FLOAT.TP Default 0.10.TP Reloadable Yes.TP Overridable Yes.UNINDENT The aging
factor for freshness computations. Traffic Server stores an object for this percentage of the time
that elapsed since it last changed.
proxy.config.http.cache.guaranteed_min_lifetime
Scope CONFIG.TP Type INT.TP Default 0.TP Reloadable Yes.TP Overridable Yes.UNINDENT Establishes a
guaranteed minimum lifetime boundary for freshness heuristics. When heuristics are used, and the
proxy.config.http.cache.heuristic_lm_factor aging factor is applied, the final minimum age
calculated will never be lower than the value in this variable.
proxy.config.http.cache.guaranteed_max_lifetime
Scope CONFIG.TP Type INT.TP Default 31536000.TP Reloadable Yes.TP Overridable Yes.UNINDENT Establishes a
guaranteed maximum lifetime boundary for freshness heuristics. When heuristics are used, and the
proxy.config.http.cache.heuristic_lm_factor aging factor is applied, the final maximum age
calculated will never be higher than the value in this variable.
proxy.config.http.cache.fuzz.time
Scope CONFIG.TP Type INT.TP Default 0.TP Reloadable Yes.TP Overridable Yes.TP Deprecated Yes.UNINDENT
How often Traffic Server checks for an early refresh, during the period before the document stale
time. The interval specified must be in seconds.
NOTE:
Previous versions of Apache Traffic Server defaulted this to 240s. This feature is deprecated as of
ATS v6.2.0.
proxy.config.http.cache.fuzz.probability
Scope CONFIG.TP Type FLOAT.TP Default 0.0.TP Reloadable Yes.TP Overridable Yes.TP Deprecated
Yes.UNINDENT The probability that a refresh is made on a document during the fuzz time specified
in proxy.config.http.cache.fuzz.time.
NOTE:
Previous versions of Apache Traffic Server defaulted this to 0.005 (0.5%). This feature is deprecated
as of ATS v6.2.0
proxy.config.http.cache.fuzz.min_time
Scope CONFIG.TP Type INT.TP Default 0.TP Reloadable Yes.TP Overridable Yes.TP Deprecated Yes.UNINDENT
Handles requests with a TTL less than proxy.config.http.cache.fuzz.time. It allows for different
times to evaluate the probability of revalidation for small TTLs and big TTLs. Objects with small
TTLs will start "rolling the revalidation dice" near the fuzz.min_time, while objects with large
TTLs would start at fuzz.time. A logarithmic-like function between determines the revalidation
evaluation start time (which will be between fuzz.min_time and fuzz.time). As the object gets
closer to expiring, the window start becomes more likely. By default this setting is not enabled,
but should be enabled any time you have objects with small TTLs.
NOTE:
These fuzzing options are marked as deprecated as of v6.2.0, and will be removed for v7.0.0. Instead,
we recommend looking at the new proxy.config.http.cache.open_write_fail_action configuration and the
features around thundering heard avoidance (see http-proxy-caching for details).
DYNAMIC CONTENT & CONTENT NEGOTIATION
proxy.config.http.cache.vary_default_text
Scope CONFIG.TP Type STRING.TP Default NULL.TP Reloadable Yes.UNINDENT The header on which Traffic
Server varies for text documents.
For example: if you specify User-agent, then Traffic Server caches all the different user-agent
versions of documents it encounters.
proxy.config.http.cache.vary_default_images
Scope CONFIG.TP Type STRING.TP Default NULL.TP Reloadable Yes.UNINDENT The header on which Traffic
Server varies for images.
proxy.config.http.cache.vary_default_other
Scope CONFIG.TP Type STRING.TP Default NULL.TP Reloadable Yes.UNINDENT The header on which Traffic
Server varies for anything other than text and images.
proxy.config.http.cache.open_read_retry_time
Scope CONFIG.TP Type INT.TP Default 10.TP Reloadable Yes.UNINDENT
The number of milliseconds a cacheable request will wait before requesting the object from cache if an
equivalent request is in flight.
proxy.config.http.cache.max_open_read_retries
Scope CONFIG.TP Type INT.TP Default -1.TP Reloadable Yes.TP Overridable Yes.UNINDENT
The number of times to attempt fetching an object from cache if there was an equivalent request in
flight.
proxy.config.http.cache.max_open_write_retries
Scope CONFIG.TP Type INT.TP Default 1.TP Reloadable Yes.TP Overridable Yes.UNINDENT
The number of times to attempt a cache open write upon failure to get a write lock.
proxy.config.http.cache.open_write_fail_action
Scope CONFIG.TP Type INT.TP Default 0.TP Reloadable Yes.TP Overridable Yes.UNINDENT
This setting indicates the action taken on failing to obtain the cache open write lock on either a
cache miss or a cache hit stale. This typically happens when there is more than one request to the
same cache object simultaneously. During such a scenario, all but one (which goes to the origin)
request is served either a stale copy or an error depending on this setting.
──────────────────────────────────────────────────
Value Description
──────────────────────────────────────────────────
0 Default. Disable cache and go to
origin server.
──────────────────────────────────────────────────
1 Return a 502 error on a cache miss.
──────────────────────────────────────────────────
2 Serve stale if object's age is under
proxy.config.http.cache.max_stale_age.
Otherwise, go to origin server.
──────────────────────────────────────────────────
3 Return a 502 error on a cache miss or
serve stale on a cache revalidate if
object's age is under
proxy.config.http.cache.max_stale_age.
Otherwise, go to origin server.
──────────────────────────────────────────────────
4 Return a 502 error on either a cache
miss or on a revalidation.
┌───────┬────────────────────────────────────────┐
│ │ │
CUSTOMIZABLE USER RESPONSE PAGES │ │ │
--
DNS │ │ │
--
HOSTDB │ │ │
--
LOGGING CONFIGURATION
proxy.config.log.logging_enabled
Scope CONFIG.TP Type INT.TP Default 3.TP Reloadable Yes.UNINDENT Enables and disables event logging:
┌───────┬───────────────────────────────────────┐
│ Value │ Effect │
├───────┼───────────────────────────────────────┤
│ 0 │ Logging disabled. │
├───────┼───────────────────────────────────────┤
│ 1 │ Log errors only. │
├───────┼───────────────────────────────────────┤
│ 2 │ Log transactions only. │
├───────┼───────────────────────────────────────┤
│ 3 │ Dull logging (errors and │
│ │ transactions). │
└───────┴───────────────────────────────────────┘
Refer to admin-logging for more information on event logging.
proxy.config.log.max_secs_per_buffer
Scope CONFIG.TP Type INT.TP Default 5.TP Reloadable Yes.UNINDENT The maximum amount of time before data
in the buffer is flushed to disk.
proxy.config.log.max_space_mb_for_logs
Scope CONFIG.TP Type INT.TP Default 25000.TP Units megabytes.TP Reloadable Yes.UNINDENT The amount of
space allocated to the logging directory (in MB). The headroom amount specified by
proxy.config.log.max_space_mb_headroom is taken from this space allocation.
NOTE:
All files in the logging directory contribute to the space used, even if they are not log files. In
collation client mode, if there is no local disk logging, or
proxy.config.log.max_space_mb_for_orphan_logs is set to a higher value than
proxy.config.log.max_space_mb_for_logs, Traffic Server will take
proxy.config.log.max_space_mb_for_orphan_logs for maximum allowed log space.
proxy.config.log.max_space_mb_for_orphan_logs
Scope CONFIG.TP Type INT.TP Default 25.TP Units megabytes.TP Reloadable Yes.UNINDENT The amount of space
allocated to the logging directory (in MB) if this node is acting as a collation client.
NOTE:
When max_space_mb_for_orphan_logs is take as the maximum allowed log space in the logging system, the
same rule apply to proxy.config.log.max_space_mb_for_logs also apply to
proxy.config.log.max_space_mb_for_orphan_logs, ie: All files in the logging directory contribute to
the space used, even if they are not log files. you may need to consider this when you enable full
remote logging, and bump to the same size as proxy.config.log.max_space_mb_for_logs.
proxy.config.log.max_space_mb_headroom
Scope CONFIG.TP Type INT.TP Default 1000.TP Units megabytes.TP Reloadable Yes.UNINDENT The tolerance for
the log space limit (in megabytes). If the variable proxy.config.log.auto_delete_rolled_files is
set to 1 (enabled), then autodeletion of log files is triggered when the amount of free space
available in the logging directory is less than the value specified here.
proxy.config.log.hostname
Scope CONFIG.TP Type STRING.TP Default localhost.TP Reloadable Yes.UNINDENT The hostname of the machine
running Traffic Server.
proxy.config.log.logfile_dir
Scope CONFIG.TP Type STRING.TP Default var/log/trafficserver.TP Reloadable Yes.UNINDENT The path to the
logging directory. This can be an absolute path or a path relative to the PREFIX directory in
which Traffic Server is installed.
NOTE:
The directory you specify must already exist.
proxy.config.log.logfile_perm
Scope CONFIG.TP Type STRING.TP Default rw-r--r--.TP Reloadable Yes.UNINDENT The log file permissions.
The standard UNIX file permissions are used (owner, group, other). Permissible values are:
┌───────┬─────────────────────┐
│ Value │ Description │
├───────┼─────────────────────┤
│ - │ No permissions. │
├───────┼─────────────────────┤
│ r │ Read permission. │
├───────┼─────────────────────┤
│ w │ Write permission. │
├───────┼─────────────────────┤
│ x │ Execute permission. │
└───────┴─────────────────────┘
Permissions are subject to the umask settings for the Traffic Server process. This means that a
umask setting of 002 will not allow write permission for others, even if specified in the
configuration file. Permissions for existing log files are not changed when the configuration is
modified.
proxy.local.log.collation_mode
Scope LOCAL.TP Type INT.TP Default 0.TP Reloadable Yes.UNINDENT Set the log collation mode.
┌───────┬───────────────────────────────────────┐
│ Value │ Effect │
├───────┼───────────────────────────────────────┤
│ 0 │ Log collation is disabled. │
├───────┼───────────────────────────────────────┤
│ 1 │ This host is a log collation server. │
├───────┼───────────────────────────────────────┤
│ 2 │ This host is a collation client and │
│ │ sends entries using standard formats │
│ │ to the collation server. │
├───────┼───────────────────────────────────────┤
│ 3 │ This host is a collation client and │
│ │ sends entries using the traditional │
│ │ custom formats to the collation │
│ │ server. │
├───────┼───────────────────────────────────────┤
│ 4 │ This host is a collation client and │
│ │ sends entries that use both the │
│ │ standard and traditional custom │
│ │ formats to the collation server. │
└───────┴───────────────────────────────────────┘
For information on sending custom formats to the collation server, refer to
admin-logging-collating-custom-formats and logging.config.
NOTE:
Although Traffic Server supports traditional custom logging, you should use the more versatile
XML-based custom formats.
proxy.config.log.collation_host
Scope CONFIG.TP Type STRING.TP Default NULL.UNINDENT The hostname of the log collation server.
proxy.config.log.collation_port
Scope CONFIG.TP Type INT.TP Default 8085.TP Reloadable Yes.UNINDENT The port used for communication
between the collation server and client.
proxy.config.log.collation_secret
Scope CONFIG.TP Type STRING.TP Default foobar.TP Reloadable Yes.UNINDENT The password used to validate
logging data and prevent the exchange of unauthorized information when a collation server is being
used.
proxy.config.log.collation_host_tagged
Scope CONFIG.TP Type INT.TP Default 0.TP Reloadable Yes.UNINDENT When enabled (1), configures Traffic
Server to include the hostname of the collation client that generated the log entry in each entry.
proxy.config.log.collation_retry_sec
Scope CONFIG.TP Type INT.TP Default 5.TP Reloadable Yes.UNINDENT The number of seconds between collation
server connection retries.
proxy.config.log.collation_host_timeout
Scope CONFIG.TP Type INT.TP Default 86390.UNINDENT The number of seconds before inactivity time-out
events for the host side. This setting over-rides the default set with
proxy.config.net.default_inactivity_timeout for log collation connections.
The default is set for 10s less on the host side to help prevent any possible race conditions. If
the host disconnects first, the client will see the disconnect before its own time-out and
re-connect automatically. If the client does not see the disconnect, i.e., connection is
"locked-up" for some reason, it will disconnect when it reaches its own time-out and then
re-connect automatically.
proxy.config.log.collation_client_timeout
Scope CONFIG.TP Type INT.TP Default 86400.UNINDENT The number of seconds before inactivity time-out
events for the client side. This setting over-rides the default set with
proxy.config.net.default_inactivity_timeout for log collation connections.
proxy.config.log.rolling_enabled
Scope CONFIG.TP Type INT.TP Default 1.TP Reloadable Yes.UNINDENT Specifies how log files are rolled. You
can specify the following values:
─────────────────────────────────────────────────
Value Description
─────────────────────────────────────────────────
0 Disables log file rolling.
─────────────────────────────────────────────────
1 Enables log file rolling at specific
intervals during the day (specified
with the
proxy.config.log.rolling_interval_sec
and
proxy.config.log.rolling_offset_hr
variables).
─────────────────────────────────────────────────
2 Enables log file rolling when log
files reach a specific size
(specified with
proxy.config.log.rolling_size_mb).
─────────────────────────────────────────────────
3 Enables log file rolling at specific
intervals during the day or when log
files reach a specific size
(whichever occurs first).
─────────────────────────────────────────────────
4 Enables log file rolling at specific
intervals during the day when log
files reach a specific size (i.e. at
a specified time if the file is of
the specified size).
┌───────┬───────────────────────────────────────┐
│ │ │
--
DIAGNOSTIC LOGGING CONFIGURATION │ │ │
proxy.config.diags.output.diag │ │ │
│ │ │
Scope CONFIG.TP Type STRING.TP│Default│E.UNINDENT │
│ │ │
proxy.config.diags.output.debug
Scope CONFIG.TP Type STRING.TP Default E.UNINDENT
proxy.config.diags.output.status
Scope CONFIG.TP Type STRING.TP Default L.UNINDENT
proxy.config.diags.output.note
Scope CONFIG.TP Type STRING.TP Default L.UNINDENT
proxy.config.diags.output.warning
Scope CONFIG.TP Type STRING.TP Default L.UNINDENT
proxy.config.diags.output.error
Scope CONFIG.TP Type STRING.TP Default SL.UNINDENT
proxy.config.diags.output.fatal
Scope CONFIG.TP Type STRING.TP Default SL.UNINDENT
proxy.config.diags.output.alert
Scope CONFIG.TP Type STRING.TP Default L.UNINDENT
proxy.config.diags.output.emergency
Scope CONFIG.TP Type STRING.TP Default SL.UNINDENT The diagnosic output configuration variables control
where Traffic Server should log diagnostic output. Messages at each diagnostic level can be
directed to any combination of diagnostic destinations. Valid diagnostic message destinations
are:
┌───────┬─────────────────────────┐
│ Value │ Description │
├───────┼─────────────────────────┤
│ O │ Log to standard output. │
├───────┼─────────────────────────┤
│ E │ Log to standard error. │
├───────┼─────────────────────────┤
│ S │ Log to syslog. │
├───────┼─────────────────────────┤
│ L │ Log to diags.log. │
└───────┴─────────────────────────┘
Example
To log debug diagnostics to both syslog and diags.log:
CONFIG proxy.config.diags.output.debug STRING SL
proxy.config.diags.show_location
Scope CONFIG.TP Type INT.TP Default 1.UNINDENT Annotates diagnostic messages with the source code
location. Set to 1 to enable for Debug() messages only. Set to 2 to enable for all messages.
proxy.config.diags.debug.enabled
Scope CONFIG.TP Type INT.TP Default 0.UNINDENT Enables logging for diagnostic messages whose log level
is diag or debug.
proxy.config.diags.debug.tags
Scope CONFIG.TP Type STRING.TP Default http.*|dns.*.UNINDENT Each Traffic Server diag and debug level
message is annotated with a subsytem tag. This configuration contains a regular expression that
filters the messages based on the tag. Some commonly used debug tags are:
┌────────────┬───────────────────────────────────────┐
│ Tag │ Subsytem usage │
├────────────┼───────────────────────────────────────┤
│ dns │ DNS query resolution │
├────────────┼───────────────────────────────────────┤
│ http_hdrs │ Logs the headers for HTTP requests │
│ │ and responses │
├────────────┼───────────────────────────────────────┤
│ privileges │ Privilege elevation │
├────────────┼───────────────────────────────────────┤
│ ssl │ TLS termination and certificate │
│ │ processing │
└────────────┴───────────────────────────────────────┘
Traffic Server plugins will typically log debug messages using the TSDebug() API, passing the
plugin name as the debug tag.
proxy.config.diags.logfile.rolling_enabled
Scope CONFIG.TP Type INT.TP Default 0.TP Reloadable Yes.UNINDENT Specifies how the diagnostics log is
rolled. You can specify the following values:
┌───────┬───────────────────────────────────────────────────┐
│ Value │ Description │
├───────┼───────────────────────────────────────────────────┤
│ 0 │ Disables diagnostics log rolling. │
├───────┼───────────────────────────────────────────────────┤
│ 1 │ Enables diagnostics log rolling at │
│ │ specific intervals (specified with │
│ │ proxy.config.diags.logfile.rolling_interval_sec). │
│ │ The "clock" starts ticking on Traffic │
│ │ Server startup. │
├───────┼───────────────────────────────────────────────────┤
│ 2 │ Enables diagnostics log rolling when the │
│ │ diagnostics log reaches a specific size │
│ │ (specified with │
│ │ proxy.config.diags.logfile.rolling_size_mb). │
├───────┼───────────────────────────────────────────────────┤
│ 3 │ Enables diagnostics log rolling at specific │
│ │ intervals or when the diagnostics log reaches a │
│ │ specific size (whichever occurs first). │
└───────┴───────────────────────────────────────────────────┘
proxy.config.diags.logfile.rolling_interval_sec
Scope CONFIG.TP Type INT.TP Default 3600.TP Units seconds.TP Reloadable Yes.UNINDENT Specifies how often
the diagnostics log is rolled, in seconds. The timer starts on Traffic Server bootup.
proxy.config.diags.logfile.rolling_size_mb
Scope CONFIG.TP Type INT.TP Default 100.TP Units megabytes.TP Reloadable Yes.UNINDENT Specifies at what
size to roll the diagnostics log at.
REVERSE PROXY
proxy.config.reverse_proxy.enabled
Scope CONFIG.TP Type INT.TP Default 1.TP Reloadable Yes.UNINDENT Enables (1) or disables (0) HTTP
reverse proxy.
proxy.config.header.parse.no_host_url_redirect
Scope CONFIG.TP Type STRING.TP Default NULL.TP Reloadable Yes.UNINDENT The URL to which to redirect
requests with no host headers (reverse proxy).
URL REMAP RULES
proxy.config.url_remap.filename
Scope CONFIG.TP Type STRING.TP Default remap.config.UNINDENT Sets the name of the remap.config file.
proxy.config.url_remap.remap_required
Scope CONFIG.TP Type INT.TP Default 1.TP Reloadable Yes.UNINDENT Set this variable to 1 if you want
Traffic Server to serve requests only from origin servers listed in the mapping rules of the
remap.config file. If a request does not match, then the browser will receive an error.
proxy.config.url_remap.pristine_host_hdr
Scope CONFIG.TP Type INT.TP Default 0.TP Reloadable Yes.TP Overridable Yes.UNINDENT Set this variable to
1 if you want to retain the client host header in a request during remapping.
SSL TERMINATION
proxy.config.ssl.server.cipher_suite
Scope CONFIG.TP Type STRING.TP Default <see notes>.UNINDENT Configures the set of encryption, digest,
authentication, and key exchange algorithms provided by OpenSSL which Traffic Server will use for
SSL connections. For the list of algorithms and instructions on constructing an appropriately
formatting cipher_suite string, see OpenSSL Ciphers.
The current default, included in the records.config.default example configuration is:
ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-DSS-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
proxy.config.ssl.TLSv1
Scope CONFIG.TP Type INT.TP Default 1.UNINDENT Enables (1) or disables (0) TLSv1.
proxy.config.ssl.TLSv1_1
Scope CONFIG.TP Type INT.TP Default 1.UNINDENT Enables (1) or disables (0) TLS v1.1. If not specified,
enabled by default. [Requires OpenSSL v1.0.1 and higher]
proxy.config.ssl.TLSv1_2
Scope CONFIG.TP Type INT.TP Default 1.UNINDENT Enables (1) or disables (0) TLS v1.2. If not specified,
enabled by default. [Requires OpenSSL v1.0.1 and higher]
proxy.config.ssl.client.certification_level
Scope CONFIG.TP Type INT.TP Default 0.UNINDENT Sets the client certification level:
┌───────┬───────────────────────────────────────┐
│ Value │ Description │
├───────┼───────────────────────────────────────┤
│ 0 │ Client certificates are ignored. │
│ │ Traffic Server does not verify client │
│ │ certificates during the SSL │
│ │ handshake. Access to Traffic Server │
│ │ depends on Traffic Server │
│ │ configuration options (such as access │
│ │ control lists). │
├───────┼───────────────────────────────────────┤
│ 1 │ Client certificates are optional. If │
│ │ a client has a certificate, then the │
│ │ certificate is validated. If the │
│ │ client does not have a certificate, │
│ │ then the client is still allowed │
│ │ access to Traffic Server unless │
│ │ access is denied through other │
│ │ Traffic Server configuration options. │
├───────┼───────────────────────────────────────┤
│ 2 │ Client certificates are required. The │
│ │ client must be authenticated during │
│ │ the SSL handshake. Clients without a │
│ │ certificate are not allowed to access │
│ │ Traffic Server. │
└───────┴───────────────────────────────────────┘
proxy.config.ssl.server.multicert.filename
Scope CONFIG.TP Type STRING.TP Default ssl_multicert.config.UNINDENT The location of the
ssl_multicert.config file, relative to the Traffic Server configuration directory. In the
following example, if the Traffic Server configuration directory is /etc/trafficserver, the
Traffic Server SSL configuration file and the corresponding certificates are located in
/etc/trafficserver/ssl:
CONFIG proxy.config.ssl.server.multicert.filename STRING ssl/ssl_multicert.config
CONFIG proxy.config.ssl.server.cert.path STRING etc/trafficserver/ssl
CONFIG proxy.config.ssl.server.private_key.path STRING etc/trafficserver/ssl
proxy.config.ssl.server.cert.path
Scope CONFIG.TP Type STRING.TP Default /config.UNINDENT The location of the SSL certificates and chains
used for accepting and validation new SSL sessions. If this is a relative path, it is appended to
the Traffic Server installation PREFIX. All certificates and certificate chains listed in
ssl_multicert.config will be loaded relative to this path.
proxy.config.ssl.server.private_key.path
Scope CONFIG.TP Type STRING.TP Default NULL.UNINDENT The location of the SSL certificate private keys.
Change this variable only if the private key is not located in the SSL certificate file. All
private keys listed in ssl_multicert.config will be loaded relative to this path.
proxy.config.ssl.server.cert_chain.filename
Scope CONFIG.TP Type STRING.TP Default NULL.UNINDENT The name of a file containing a global certificate
chain that should be used with every server certificate. This file is only used if there are
certificates defined in ssl_multicert.config. Unless this is an absolute path, it is loaded
relative to the path specified by proxy.config.ssl.server.cert.path.
proxy.config.ssl.server.dhparams_file
Scope CONFIG.TP Type STRING.TP Default NULL.UNINDENT The name of a file containing a set of
Diffie-Hellman key exchange parameters. If not specified, 2048-bit DH parameters from RFC 5114 are
used. These parameters are only used if a DHE (or EDH) cipher suite has been selected.
proxy.config.ssl.CA.cert.path
Scope CONFIG.TP Type STRING.TP Default NULL.UNINDENT The location of the certificate authority file that
client certificates will be verified against.
proxy.config.ssl.CA.cert.filename
Scope CONFIG.TP Type STRING.TP Default NULL.UNINDENT The filename of the certificate authority that
client certificates will be verified against.
proxy.config.ssl.server.ticket_key.filename
Scope CONFIG.TP Type STRING.TP Default ssl_ticket.key.UNINDENT The filename of the default and global
ticket key for SSL sessions. The location is relative to the proxy.config.ssl.server.cert.path
directory. One way to generate this would be to run head -c48 /dev/urandom | openssl enc -base64 |
head -c48 > file.ticket. Also note that OpenSSL session tickets are sensitive to the version of
the ca-certificates.
proxy.config.ssl.max_record_size
Scope CONFIG.TP Type INT.TP Default 0.UNINDENT This configuration specifies the maximum number of bytes
to write into a SSL record when replying over a SSL session. In some circumstances this setting
can improve response latency by reducing buffering at the SSL layer. This setting can have a value
between 0 and 16383 (max TLS record size).
The default of 0 means to always write all available data into a single SSL record.
A value of -1 means TLS record size is dynamically determined. The strategy employed is to use
small TLS records that fit into a single TCP segment for the first ~1 MB of data, but, increase
the record size to 16 KB after that to optimize throughput. The record size is reset back to a
single segment after ~1 second of inactivity and the record size ramping mechanism is repeated
again.
proxy.config.ssl.session_cache
Scope CONFIG.TP Type INT.TP Default 2.UNINDENT Enables the SSL session cache:
┌───────┬───────────────────────────────────────┐
│ Value │ Description │
├───────┼───────────────────────────────────────┤
│ 0 │ Disables the session cache entirely. │
├───────┼───────────────────────────────────────┤
│ 1 │ Enables the session cache using │
│ │ OpenSSL's implementation. │
├───────┼───────────────────────────────────────┤
│ 2 │ Default. Enables the session cache │
│ │ using Traffic Server's │
│ │ implementation. This implentation │
│ │ should perform much better than the │
│ │ OpenSSL implementation. │
└───────┴───────────────────────────────────────┘
proxy.config.ssl.session_cache.timeout
Scope CONFIG.TP Type INT.TP Default 0.UNINDENT This configuration specifies the lifetime of SSL session
cache entries in seconds. If it is 0, then the SSL library will use a default value, typically 300
seconds. Note: This option has no affect when using the Traffic Server session cache (option 2 in
proxy.config.ssl.session_cache)
See admin-performance-timeouts for more discussion on Traffic Server timeouts.
proxy.config.ssl.session_cache.auto_clear
Scope CONFIG.TP Type INT.TP Default 1.UNINDENT This will set the OpenSSL auto clear flag. Auto clear is
enabled by default with 1 it can be disabled by changing this setting to 0.
proxy.config.ssl.session_cache.size
Scope CONFIG.TP Type INT.TP Default 102400.UNINDENT This configuration specifies the maximum number of
entries the SSL session cache may contain.
proxy.config.ssl.session_cache.num_buckets
Scope CONFIG.TP Type INT.TP Default 256.UNINDENT This configuration specifies the number of buckets to
use with the Traffic Server SSL session cache implementation. The TS implementation is a fixed
size hash map where each bucket is protected by a mutex.
proxy.config.ssl.session_cache.skip_cache_on_bucket_contention
Scope CONFIG.TP Type INT.TP Default 0.UNINDENT This configuration specifies the behavior of the Traffic
Server SSL session cache implementation during lock contention on each bucket:
┌───────┬───────────────────────────────────────┐
│ Value │ Description │
├───────┼───────────────────────────────────────┤
│ 0 │ Default. Don't skip session caching │
│ │ when bucket lock is contented. │
├───────┼───────────────────────────────────────┤
│ 1 │ Disable the SSL session cache for a │
│ │ connection during lock contention. │
└───────┴───────────────────────────────────────┘
proxy.config.ssl.hsts_max_age
Scope CONFIG.TP Type INT.TP Default -1.TP Overridable Yes.UNINDENT This configuration specifies the
max-age value that will be used when adding the Strict-Transport-Security header. The value is in
seconds. A value of 0 will set the max-age value to 0 and should remove the HSTS entry from the
client. A value of -1 will disable this feature and not set the header. This option is only used
for HTTPS requests and the header will not be set on HTTP requests.
proxy.config.ssl.hsts_include_subdomains
Scope CONFIG.TP Type INT.TP Default 0.TP Overridable Yes.UNINDENT Enables (1) or disables (0) adding the
includeSubdomain value to the Strict-Transport-Security header. proxy.config.ssl.hsts_max_age
needs to be set to a non -1 value for this configuration to take effect.
proxy.config.ssl.allow_client_renegotiation
Scope CONFIG.TP Type INT.TP Default 0.UNINDENT This configuration specifies whether the client is able
to initiate renegotiation of the SSL connection. The default of 0, means the client can't
initiate renegotiation.
proxy.config.ssl.cert.load_elevated
Scope CONFIG.TP Type INT.TP Default 0.UNINDENT Enables (1) or disables (0) elevation of traffic_server
privileges during loading of SSL certificates. By enabling this, SSL certificate files' access
rights can be restricted to help reduce the vulnerability of certificates.
This feature requires Traffic Server to be built with POSIX capabilities enabled.
proxy.config.ssl.handshake_timeout_in
Scope CONFIG.TP Type INT.TP Default 0.UNINDENT When enabled this limits the total duration for the
server side SSL handshake.
See admin-performance-timeouts for more discussion on Traffic Server timeouts.
proxy.config.ssl.wire_trace_enabled
Scope CONFIG.TP Type INT.TP Default 0.UNINDENT When enabled this turns on wire tracing of SSL
connections that meet the conditions specified by wire_trace_percentage, wire_trace_addr and
wire_trace_server_name.
proxy.config.ssl.wire_trace_percentage
Scope CONFIG.TP Type INT.TP Default 0.UNINDENT This specifies the percentage of traffic meeting the
other wire_trace conditions to be traced.
proxy.config.ssl.wire_trace_addr
Scope CONFIG.TP Type STRING.TP Default NULL.UNINDENT This specifies the client IP for which wire_traces
should be printed.
proxy.config.ssl.wire_trace_server_name
Scope CONFIG.TP Type STRING.TP Default NULL.UNINDENT This specifies the server name for which
wire_traces should be printed. This only works if traffic_server is built with TS_USE_TLS_SNI flag
set to true.
Client-Related Configuration
proxy.config.ssl.client.verify.server
Scope CONFIG.TP Type INT.TP Default 0.TP Reloadable Yes.TP Overridable Yes.UNINDENT Configures Traffic
Server to verify the origin server certificate with the Certificate Authority (CA).
proxy.config.ssl.client.cert.filename
Scope CONFIG.TP Type STRING.TP Default NULL.UNINDENT The filename of SSL client certificate installed on
Traffic Server.
proxy.config.ssl.client.cert.path
Scope CONFIG.TP Type STRING.TP Default /config.UNINDENT The location of the SSL client certificate
installed on Traffic Server.
proxy.config.ssl.client.private_key.filename
Scope CONFIG.TP Type STRING.TP Default NULL.UNINDENT The filename of the Traffic Server private key.
Change this variable only if the private key is not located in the Traffic Server SSL client
certificate file.
proxy.config.ssl.client.private_key.path
Scope CONFIG.TP Type STRING.TP Default NULL.UNINDENT The location of the Traffic Server private key.
Change this variable only if the private key is not located in the SSL client certificate file.
proxy.config.ssl.client.CA.cert.filename
Scope CONFIG.TP Type STRING.TP Default NULL.UNINDENT The filename of the certificate authority against
which the origin server will be verified.
proxy.config.ssl.client.CA.cert.path
Scope CONFIG.TP Type STRING.TP Default NULL.UNINDENT Specifies the location of the certificate authority
file against which the origin server will be verified.
OCSP STAPLING CONFIGURATION
proxy.config.ssl.ocsp.enabled
Scope CONFIG.TP Type INT.TP Default 0.UNINDENT Enable OCSP stapling.
┌───────┬───────────────────────────────────────┐
│ Value │ Description │
├───────┼───────────────────────────────────────┤
│ 0 │ Disables OCSP Stapling. │
├───────┼───────────────────────────────────────┤
│ 1 │ Allows Traffic Server to request SSL │
│ │ certificate revocation status from an │
│ │ OCSP responder. │
└───────┴───────────────────────────────────────┘
proxy.config.ssl.ocsp.cache_timeout
Scope CONFIG.TP Type INT.TP Default 3600.UNINDENT Number of seconds before an OCSP response expires in
the stapling cache.
See admin-performance-timeouts for more discussion on Traffic Server timeouts.
proxy.config.ssl.ocsp.request_timeout
Scope CONFIG.TP Type INT.TP Default 10.UNINDENT Timeout (in seconds) for queries to OCSP responders.
See admin-performance-timeouts for more discussion on Traffic Server timeouts.
proxy.config.ssl.ocsp.update_period
Scope CONFIG.TP Type INT.TP Default 60.UNINDENT Update period (in seconds) for stapling caches.
HTTP/2 CONFIGURATION
proxy.config.http2.max_concurrent_streams_in
Scope CONFIG.TP Type INT.TP Default 100.TP Reloadable Yes.UNINDENT The maximum number of concurrent
streams per inbound connection.
NOTE:
Reloading this value affects only new HTTP/2 connections, not the ones already established.
proxy.config.http2.min_concurrent_streams_in
Scope CONFIG.TP Type INT.TP Default 10.TP Reloadable Yes.UNINDENT The minimum number of concurrent
streams per inbound connection. This is used when proxy.config.http2.max_active_streams_in is set
larger than 0.
proxy.config.http2.max_active_streams_in
Scope CONFIG.TP Type INT.TP Default 0.TP Reloadable Yes.UNINDENT Limits the maximum number of connection
wide active streams. When connection wide active streams are larger than this value,
SETTINGS_MAX_CONCURRENT_STREAMS will be reduced to proxy.config.http2.min_concurrent_streams_in.
To disable, set to zero (0).
proxy.config.http2.initial_window_size_in
Scope CONFIG.TP Type INT.TP Default 1048576.TP Reloadable Yes.UNINDENT The initial window size for
inbound connections.
proxy.config.http2.max_frame_size
Scope CONFIG.TP Type INT.TP Default 16384.TP Reloadable Yes.UNINDENT Indicates the size of the largest
frame payload that the sender is willing to receive.
proxy.config.http2.header_table_size
Scope CONFIG.TP Type INT.TP Default 4096.TP Reloadable Yes.UNINDENT The maximum size of the header
compression table used to decode header blocks.
proxy.config.http2.max_header_list_size
Scope CONFIG.TP Type INT.TP Default 4294967295.TP Reloadable Yes.UNINDENT This advisory setting informs
a peer of the maximum size of header list that the sender is prepared to accept blocks. The
default value, which is the unsigned int maximum value in Traffic Server, implies unlimited size.
proxy.config.http2.stream_priority_enabled
Scope CONFIG.TP Type INT.TP Default 0.TP Reloadable Yes.UNINDENT Enable the experimental HTTP/2 Stream
Priority feature.
proxy.config.http2.push_diary_size
Scope CONFIG.TP Type INT.TP Default 256.TP Reloadable Yes.UNINDENT Indicates the maximum number of
HTTP/2 server pushes that are remembered per HTTP/2 connection to avoid duplicate pushes on the
same connection. If the maximum number is reached, new entries are not remembered.
PLUG-IN CONFIGURATION
proxy.config.plugin.plugin_dir
Scope CONFIG.TP Type STRING.TP Default config/plugins.UNINDENT Specifies the location of Traffic Server
plugins.
proxy.config.remap.num_remap_threads
Scope CONFIG.TP Type INT.TP Default 0.UNINDENT When this variable is set to 0, plugin remap callbacks
are executed in line on network threads. If remap processing takes significant time, this can be
cause additional request latency. Setting this variable to causes remap processing to take place
on a dedicated thread pool, freeing the network threads to service additional requests.
SOCKS PROCESSOR
proxy.config.socks.socks_needed
Scope CONFIG.TP Type INT.TP Default 0.UNINDENT Enables (1) or disables (0) the SOCKS processor
proxy.config.socks.socks_version
Scope CONFIG.TP Type INT.TP Default 4.UNINDENT Specifies the SOCKS version (4) or (5)
proxy.config.socks.socks_config_file
Scope CONFIG.TP Type STRING.TP Default socks.config.UNINDENT The socks_onfig file allows you to specify
ranges of IP addresses that will not be relayed to the SOCKS server. It can also be used to
configure AUTH information for SOCKSv5 servers.
proxy.config.socks.socks_timeout
Scope CONFIG.TP Type INT.TP Default 100.UNINDENT The activity timeout value (in seconds) for SOCKS
server connections.
See admin-performance-timeouts for more discussion on Traffic Server timeouts.
proxy.config.socks.server_connect_timeout
Scope CONFIG.TP Type INT.TP Default 10.UNINDENT The timeout value (in seconds) for SOCKS server
connection attempts.
See admin-performance-timeouts for more discussion on Traffic Server timeouts.
proxy.config.socks.per_server_connection_attempts
Scope CONFIG.TP Type INT.TP Default 1.UNINDENT The total number of connection attempts allowed per SOCKS
server, if multiple servers are used.
proxy.config.socks.connection_attempts
Scope CONFIG.TP Type INT.TP Default 4.UNINDENT The total number of connection attempts allowed to a
SOCKS server Traffic Server bypasses the server or fails the request
proxy.config.socks.server_retry_timeout
Scope CONFIG.TP Type INT.TP Default 300.UNINDENT The timeout value (in seconds) for SOCKS server
connection retry attempts.
See admin-performance-timeouts for more discussion on Traffic Server timeouts.
proxy.config.socks.default_servers
Scope CONFIG.TP Type STRING.TP Default *NONE*.UNINDENT Default list of SOCKS servers and their ports.
proxy.config.socks.server_retry_time
Scope CONFIG.TP Type INT.TP Default 300.UNINDENT The amount of time allowed between connection retries
to a SOCKS server that is unavailable.
proxy.config.socks.server_fail_threshold
Scope CONFIG.TP Type INT.TP Default 2.UNINDENT The number of times the connection to the SOCKS server
can fail before Traffic Server considers the server unavailable.
proxy.config.socks.accept_enabled
Scope CONFIG.TP Type INT.TP Default 0.UNINDENT Enables (1) or disables (0) the SOCKS proxy option. As a
SOCKS proxy, Traffic Server receives SOCKS traffic (usually on port 1080) and forwards all
requests directly to the SOCKS server.
proxy.config.socks.accept_port
Scope CONFIG.TP Type INT.TP Default 1080.UNINDENT Specifies the port on which Traffic Server accepts
SOCKS traffic.
proxy.config.socks.http_port
Scope CONFIG.TP Type INT.TP Default 80.UNINDENT Specifies the port on which Traffic Server accepts HTTP
proxy requests over SOCKS connections..
SOCKETS
proxy.config.net.defer_accept
Scope CONFIG.TP Type INT.TP Default 1.UNINDENT default: 1 meaning on all Platforms except Linux: 45
seconds
This directive enables operating system specific optimizations for a listening socket.
defer_accept holds a call to accept(2) back until data has arrived. In Linux' special case this is
up to a maximum of 45 seconds.
proxy.config.net.listen_backlog
Scope CONFIG.TP Type INT.TP Default -1
:reloadable:.UNINDENT This directive sets the maximum number of pending connections. If it is
set to -1, Traffic Server will automatically set this to a platform-specific maximum.
proxy.config.net.tcp_congestion_control_in
Scope CONFIG.TP Type STRING.TP Default "".UNINDENT This directive will override the congestion control
algorithm for incoming connections (accept sockets). On linux the allowed values are typically
specified in a space separated list in /proc/sys/net/ipv4/tcp_allowed_congestion_control
proxy.config.net.tcp_congestion_control_out
Scope CONFIG.TP Type STRING.TP Default "".UNINDENT This directive will override the congestion control
algorithm for outgoing connections (connect sockets). On linux the allowed values are typically
specified in a space separated list in /proc/sys/net/ipv4/tcp_allowed_congestion_control
proxy.config.net.sock_send_buffer_size_in
Scope CONFIG.TP Type INT.TP Default 0.UNINDENT Sets the send buffer size for connections from the client
to Traffic Server.
proxy.config.net.sock_recv_buffer_size_in
Scope CONFIG.TP Type INT.TP Default 0.UNINDENT Sets the receive buffer size for connections from the
client to Traffic Server.
proxy.config.net.sock_option_flag_in
Scope CONFIG.TP Type INT.TP Default 0x5.UNINDENT Turns different options "on" for the socket handling
client connections::
TCP_NODELAY (1)
SO_KEEPALIVE (2)
SO_LINGER (4) - with a timeout of 0 seconds
TCP_FASTOPEN (8)
NOTE:
This is a bitmask and you need to decide what bits to set. Therefore, you must set the value to 3 if
you want to enable nodelay and keepalive options above.
NOTE:
To allow TCP Fast Open for client sockets on Linux, bit 2 of the net.ipv4.tcp_fastopen sysctl must be
set.
proxy.config.net.sock_send_buffer_size_out
Scope CONFIG.TP Type INT.TP Default 0.TP Overridable Yes.UNINDENT Sets the send buffer size for
connections from Traffic Server to the origin server.
proxy.config.net.sock_recv_buffer_size_out
Scope CONFIG.TP Type INT.TP Default 0.TP Overridable Yes.UNINDENT Sets the receive buffer size for
connections from Traffic Server to the origin server.
proxy.config.net.sock_option_flag_out
Scope CONFIG.TP Type INT.TP Default 0x1.TP Overridable Yes.UNINDENT Turns different options "on" for the
origin server socket::
TCP_NODELAY (1)
SO_KEEPALIVE (2)
SO_LINGER (4) - with a timeout of 0 seconds
TCP_FASTOPEN (8)
NOTE:
This is a bitmask and you need to decide what bits to set. Therefore, you must set the value to 3 if
you want to enable nodelay and keepalive options above.
When SO_LINGER is enabled, the linger timeout time is set to 0. This is useful when Traffic Server and
the origin server are co-located and large numbers of sockets are retained in the TIME_WAIT state.
NOTE:
To allow TCP Fast Open for server sockets on Linux, bit 1 of the net.ipv4.tcp_fastopen sysctl must be
set.
proxy.config.net.sock_mss_in
Scope CONFIG.TP Type INT.TP Default 0.UNINDENT Same as the command line option --accept_mss that sets
the MSS for all incoming requests.
proxy.config.net.sock_packet_mark_in
Scope CONFIG.TP Type INT.TP Default 0x0.UNINDENT Set the packet mark on traffic destined for the client
(the packets that make up a client response).
SEE ALSO:
Traffic Shaping
proxy.config.net.sock_packet_mark_out
Scope CONFIG.TP Type INT.TP Default 0x0.TP Overridable Yes.UNINDENT Set the packet mark on traffic
destined for the origin (the packets that make up an origin request).
SEE ALSO:
Traffic Shaping
proxy.config.net.sock_packet_tos_in
Scope CONFIG.TP Type INT.TP Default 0x0.UNINDENT Set the ToS/DiffServ Field on packets sent to the
client (the packets that make up a client response).
SEE ALSO:
Traffic Shaping
proxy.config.net.sock_packet_tos_out
Scope CONFIG.TP Type INT.TP Default 0x0.TP Overridable Yes.UNINDENT Set the ToS/DiffServ Field on
packets sent to the origin (the packets that make up an origin request).
SEE ALSO:
Traffic Shaping
proxy.config.net.poll_timeout
Scope CONFIG.TP Type INT.TP Default 10 (or 30 on Solaris).UNINDENT Same as the command line option
--poll_timeout, or -t, which specifies the timeout used for the polling mechanism used. This
timeout is always in milliseconds (ms). This is the timeout to epoll_wait() on Linux platforms,
and to kevent() on BSD type OSs. The default value is 10 on all platforms.
Changing this configuration can reduce CPU usage on an idle system, since periodic tasks gets
processed at these intervals. On busy servers, this overhead is diminished, since polled events
triggers morefrequently. However, increasing the setting can also introduce additional latency
for certain operations, and timed events. It's recommended not to touch this setting unless your
CPU usage is unacceptable at idle workload. Some alternatives to this could be:
Reduce the number of worker threads (net-threads)
Reduce the number of disk (AIO) threads
Make sure accept threads are enabled
The relevant configurations for this are:
CONFIG proxy.config.exec_thread.autoconfig INT 0
CONFIG proxy.config.exec_thread.limit INT 2
CONFIG proxy.config.accept_threads INT 1
CONFIG proxy.config.cache.threads_per_disk INT 8
See admin-performance-timeouts for more discussion on Traffic Server timeouts.
proxy.config.task_threads
Scope CONFIG.TP Type INT.TP Default 2.UNINDENT Specifies the number of task threads to run. These
threads are used for various tasks that should be off-loaded from the normal network threads.
proxy.config.allocator.thread_freelist_size
Scope CONFIG.TP Type INT.TP Default 512.UNINDENT Sets the maximum number of elements that can be
contained in a ProxyAllocator (per-thread) before returning the objects to the global pool
proxy.config.allocator.thread_freelist_low_watermark
Scope CONFIG.TP Type INT.TP Default 32.UNINDENT Sets the minimum number of items a ProxyAllocator
(per-thread) will guarantee to be holding at any one time.
proxy.config.allocator.hugepages
Scope CONFIG.TP Type INT.TP Default 0.UNINDENT Enable (1) the use of huge pages on supported platforms.
(Currently only Linux)
You must also enable hugepages at the OS level. In a modern linux Kernel this can be done by
setting /proc/sys/vm/nr_overcommit_hugepages to a sufficiently large value. It is reasonable to
use (system memory/hugepage size) because these pages are only created on demand.
For more information on the implications of enabling huge pages, see Wikipedia
<http://en.wikipedia.org/wiki/Page_%28computer_memory%29#Page_size_trade-off>_.
proxy.config.allocator.dontdump_iobuffers
Scope CONFIG.TP Type INT.TP Default 1.UNINDENT Enable (1) the exclusion of IO buffers from core files
when ATS crashes on supported platforms. (Currently only linux). IO buffers are allocated with
the MADV_DONTDUMP with madvise() on linux platforms that support MADV_DONTDUMP. Enabled by
default.
proxy.config.http.enabled
Scope CONFIG.TP Type INT.TP Default 1.UNINDENT Turn on or off support for HTTP proxying. This is rarely
used, the one exception being if you run Traffic Server with a protocol plugin, and would like for
it to not support HTTP requests at all.
proxy.config.http.wait_for_cache
Scope CONFIG.TP Type INT.TP Default 0.UNINDENT Accepting inbound connections and starting the cache are
independent operations in Traffic Server. This variable controls the relative timing of these
operations and Traffic Server dependency on cache because if cache is required then inbound
connection accepts should be deferred until the validity of the cache requirement is determined.
Cache initialization failure will be logged in diags.log.
┌───────┬───────────────────────────────────────┐
│ Value │ Description │
├───────┼───────────────────────────────────────┤
│ 0 │ Decouple inbound connections and │
│ │ cache initialization. Connections │
│ │ will be accepted as soon as possible │
│ │ and Traffic Server will run │
│ │ regardless of the results of cache │
│ │ initialization. │
├───────┼───────────────────────────────────────┤
│ 1 │ Do not accept inbound connections │
│ │ until cache initialization has │
│ │ finished. Traffic Server will run │
│ │ regardless of the results of cache │
│ │ initialization. │
├───────┼───────────────────────────────────────┤
│ 2 │ Do not accept inbound connections │
│ │ until cache initialization has │
│ │ finished and been sufficiently │
│ │ successful that cache is enabled. │
│ │ This means at least one cache span is │
│ │ usable. If there are no spans in │
│ │ storage.config or none of the spans │
│ │ can be successfully parsed and │
│ │ initialized then Traffic Server will │
│ │ shut down. │
├───────┼───────────────────────────────────────┤
│ 3 │ Do not accept inbound connections │
│ │ until cache initialization has │
│ │ finished and been completely │
│ │ successful. This requires at least │
│ │ one cache span in storage.config and │
│ │ that every span specified is valid │
│ │ and successfully initialized. Any │
│ │ error will cause Traffic Server to │
│ │ shut down. │
└───────┴───────────────────────────────────────┘
COPYRIGHT
2018, dev@trafficserver.apache.org
7.1 Feb 16, 2018 RECORDS.CONFIG(5)