Provided by: trafficserver_5.3.0-2ubuntu2_amd64 
NAME
records.config - Traffic Server configuration file
The records.config file (by default, located in /usr/local/etc/trafficserver/) is a list
of configurable variables used by the Traffic Server software. Many of the variables in
the records.config file are set automatically when you set configuration options in
Traffic Line. After you modify the records.config file, run the command traffic_line -x to
apply the changes. When you apply changes to one node in a cluster, Traffic Server
automatically applies the changes to all other nodes in the cluster.
FORMAT
Each variable has the following format:
SCOPE variable_name DATATYPE variable_value
where
SCOPE is related to clustering and is either CONFIG (all members of the cluster) or LOCAL
(only the local machine)
DATATYPE is one of INT (integer), STRING (string), FLOAT (floating point). : A variable
marked as Deprecated is still functional but should be avoided as it may be removed in a
future release without warning.
A variable marked as Reloadable can be updated via the command:
traffic_line -x
INT type configurations are expressed as any normal integer, e.g. 32768. They can also be
expressed using more human readable values using standard prefixes, e.g. 32K. The
following prefixes are supported for all INT type configurations
• K Kilobytes (1024 bytes)
• M Megabytes (1024^2 or 1,048,576 bytes)
• G Gigabytes (1024^3 or 1,073,741,824 bytes)
• T Terabytes (1024^4 or 1,099,511,627,776 bytes)
NOTE:
Traffic Server currently writes back configurations to disk periodically, and when
doing so, will not preserve the prefixes.
EXAMPLES
In the following example, the variable proxy.config.proxy_name is a STRING datatype with
the value my_server. This means that the name of the Traffic Server proxy is my_server.
CONFIG proxy.config.proxy_name STRING my_server
If the server name should be that_server the line would be
CONFIG proxy.config.proxy_name STRING that_server
In the following example, the variable proxy.config.arm.enabled is a yes/no flag. A value
of 0 (zero) disables the option; a value of 1 enables the option.
CONFIG proxy.config.arm.enabled INT 0
In the following example, the variable sets the cluster startup timeout to 10 seconds.
CONFIG proxy.config.cluster.startup_timeout INT 10
The last examples configures a 64GB RAM cache, using a human readable prefix.
CONFIG proxy.config.cache.ram_cache.size INT 64G
ENVIRONMENT OVERRIDES
Every records.config configuration variable can be overridden by a corresponding
environment variable. This can be useful in situations where you need a static
records.config but still want to tweak one or two settings. The override variable is
formed by converting the records.config variable name to upper case, and replacing any dot
separators with an underscore.
Overriding a variable from the environment is permanent and will not be affected by future
configuration changes made in records.config or applied with traffic_line.
For example, we could override the proxy.config.product_company variable like this:
$ PROXY_CONFIG_PRODUCT_COMPANY=example traffic_cop &
$ traffic_line -r proxy.config.product_company
CONFIGURATION VARIABLES
The following list describes the configuration variables available in the records.config
file.
System Variables
proxy.config.product_company
Scope CONFIG.TP Type STRING.TP Default Apache Software Foundation.UNINDENT The name of
the organization developing Traffic Server.
proxy.config.product_vendor
Scope CONFIG.TP Type STRING.TP Default Apache.UNINDENT The name of the vendor providing
Traffic Server.
proxy.config.product_name
Scope CONFIG.TP Type STRING.TP Default Traffic Server.UNINDENT The name of the product.
proxy.config.proxy_name
Scope CONFIG.TP Type STRING.TP Default ``build_machine``.TP Reloadable Yes.UNINDENT The
name of the Traffic Server node.
proxy.config.bin_path
Scope CONFIG.TP Type STRING.TP Default bin.UNINDENT The location of the Traffic Server
bin directory.
proxy.config.proxy_binary
Scope CONFIG.TP Type STRING.TP Default traffic_server.UNINDENT The name of the executable
that runs the traffic_server process.
proxy.config.proxy_binary_opts
Scope CONFIG.TP Type STRING.TP Default -M.UNINDENT The command-line options for starting
Traffic Server.
proxy.config.manager_binary
Scope CONFIG.TP Type STRING.TP Default traffic_manager.UNINDENT The name of the
executable that runs the traffic_manager process.
proxy.config.env_prep
Scope CONFIG.TP Type STRING.TP Default *NONE*.UNINDENT The script executed before the
traffic_manager process spawns the traffic_server process.
proxy.config.config_dir
Scope CONFIG.TP Type STRING.TP Default etc/trafficserver.UNINDENT The directory that
contains Traffic Server configuration files. This is a read-only configuration
option that contains the SYSCONFDIR value specified at build time relative to the
installation prefix. The $TS_ROOT environment variable can be used alter the
installation prefix at run time.
proxy.config.syslog_facility
Scope CONFIG.TP Type STRING.TP Default LOG_DAEMON.UNINDENT The facility used to record
system log files. Refer to understanding-traffic-server-log-files.
proxy.config.cop.core_signal
Scope CONFIG.TP Type INT.TP Default 0.UNINDENT The signal sent to traffic_cop's managed
processes to stop them.
A value of 0 means no signal will be sent.
proxy.config.cop.linux_min_memfree_kb
Scope CONFIG.TP Type INT.TP Default 0.UNINDENT The minimum amount of free memory space
allowed before Traffic Server stops the traffic_server and traffic_manager
processes to prevent the system from hanging.
proxy.config.cop.linux_min_swapfree_kb
Scope CONFIG.TP Type INT.TP Default 0.UNINDENT The minimum amount of free swap space
allowed before Traffic Server stops the traffic_server and traffic_manager
processes to prevent the system from hanging. This configuration variable applies
if swap is enabled in Linux 2.2 only.
proxy.config.output.logfile
Scope CONFIG.TP Type STRING.TP Default traffic.out.UNINDENT The name and location of the
file that contains warnings, status messages, and error messages produced by the
Traffic Server processes. If no path is specified, then Traffic Server creates the
file in its logging directory.
proxy.config.snapshot_dir
Scope CONFIG.TP Type STRING.TP Default snapshots.UNINDENT The directory in which Traffic
Server stores configuration snapshots on the local system. Unless you specify an
absolute path, this directory is located in the Traffic Server SYSCONFDIR
directory.
proxy.config.exec_thread.autoconfig
Scope CONFIG.TP Type INT.TP Default 1.UNINDENT When enabled (the default, 1), Traffic
Server scales threads according to the available CPU cores. See the config option
below.
proxy.config.exec_thread.autoconfig.scale
Scope CONFIG.TP Type FLOAT.TP Default 1.5.UNINDENT Factor by which Traffic Server scales
the number of threads. The multiplier is usually the number of available CPU cores.
By default this is scaling factor is 1.5.
proxy.config.exec_thread.limit
Scope CONFIG.TP Type INT.TP Default 2.UNINDENT XXX What does this do?
proxy.config.accept_threads
Scope CONFIG.TP Type INT.TP Default 1.UNINDENT When enabled (1), runs a separate thread
for accept processing. If disabled (0), then only 1 thread can be created.
proxy.config.thread.default.stacksize
Scope CONFIG.TP Type INT.TP Default 1048576.UNINDENT The new default thread stack size,
for all threads. The original default is set at 1 MB.
proxy.config.exec_thread.affinity
Scope CONFIG.TP Type INT.TP Default 0.UNINDENT Bind threads to specific processing units.
┌──────┬──────────────────────────────────┐
│Value │ Effect │
├──────┼──────────────────────────────────┤
│0 │ assign threads to machine │
├──────┼──────────────────────────────────┤
│1 │ assign threads to NUMA nodes │
├──────┼──────────────────────────────────┤
│2 │ assign threads to sockets │
├──────┼──────────────────────────────────┤
│3 │ assign threads to cores │
├──────┼──────────────────────────────────┤
│4 │ assign threads to processing │
│ │ units │
└──────┴──────────────────────────────────┘
NOTE:
This option only has an affect when Traffic Server has been compiled with
--enable-hwloc.
proxy.config.system.file_max_pct
Scope CONFIG.TP Type FLOAT.TP Default 0.9.UNINDENT Set the maximum number of file handles
for the traffic_server process as a percentage of the the fs.file-max proc value in
Linux. The default is 90%.
proxy.config.crash_log_helper
Scope CONFIG.TP Type STRING.TP Default traffic_crashlog.UNINDENT This option directs
traffic_server to spawn a crash log helper at startup. The value should be the path
to an executable program. If the path is not absolute, it is located relative to
configured bin directory. Any user-provided program specified here must behave in
a fashion compatible with traffic_crashlog. Specifically, it must implement the
traffic_crashlog --wait behavior.
This setting not reloadable because the helper must be spawned before
traffic_server drops privilege. If this variable is set to NULL, no helper will be
spawned.
proxy.config.restart.active_client_threshold
Scope CONFIG.TP Type INT.TP Default 0
:reloadable:.UNINDENT This setting specifies the number of active client
connections for use by traffic_line --drain.
NETWORK
proxy.config.net.connections_throttle
Scope CONFIG.TP Type INT.TP Default 30000.UNINDENT The total number of client and origin
server connections that the server can handle simultaneously. This is in fact the
max number of file descriptors that the traffic_server process can have open at any
given time. Roughly 10% of these connections are reserved for origin server
connections, i.e. from the default, only ~9,000 client connections can be handled.
This should be tuned according to your memory size, and expected work load.
proxy.config.net.default_inactivity_timeout
Scope CONFIG.TP Type INT.TP Default 86400.TP Reloadable Yes.UNINDENT The connection
inactivity timeout (in seconds) to apply when Traffic Server detects that no
inactivity timeout has been applied by the HTTP state machine. When this timeout is
applied, the proxy.process.net.default_inactivity_timeout_applied metric is
incremented.
proxy.local.incoming_ip_to_bind
Scope LOCAL.TP Type STRING.TP Default 0.0.0.0 [::].UNINDENT Controls the global default
IP addresses to which to bind proxy server ports. The value is a space separated
list of IP addresses, one per supported IP address family (currently IPv4 and
IPv6).
Unless explicitly specified in proxy.config.http.server_ports the server port will
be bound to one of these addresses, selected by IP address family. The built in
default is any address. This is used if no address for a family is specified. This
setting is useful if most or all server ports should be bound to the same address.
NOTE:
This is ignored for inbound transparent server ports because they must be able to
accept connections on arbitrary IP addresses.
Example
Set the global default for IPv4 to 192.168.101.18 and leave the global default for IPv6 as
any address.:
LOCAL proxy.local.incoming_ip_to_bind STRING 192.168.101.18
Example
Set the global default for IPv4 to 191.68.101.18 and the global default for IPv6 to
fc07:192:168:101::17.:
LOCAL proxy.local.incoming_ip_to_bind STRING 192.168.101.18 [fc07:192:168:101::17]
proxy.local.outgoing_ip_to_bind
Scope LOCAL.TP Type STRING.TP Default 0.0.0.0 [::].UNINDENT This controls the global
default for the local IP address for outbound connections to origin servers. The
value is a list of space separated IP addresses, one per supported IP address
family (currently IPv4 and IPv6).
Unless explicitly specified in proxy.config.http.server_ports one of these
addresses, selected by IP address family, will be used as the local address for
outbound connections. This setting is useful if most or all of the server ports
should use the same outbound IP addresses.
NOTE:
This is ignored for outbound transparent ports as the local outbound address will be
the same as the client local address.
Example
Set the default local outbound IP address for IPv4 connections to 192.168.101.18.:
LOCAL proxy.local.outgoing_ip_to_bind STRING 192.168.101.18
Example
Set the default local outbound IP address to 192.168.101.17 for IPv4 and
fc07:192:168:101::17 for IPv6.:
LOCAL proxy.local.outgoing_ip_to_bind STRING 192.168.101.17 [fc07:192:168:101::17]
CLUSTER
proxy.local.cluster.type
Scope LOCAL.TP Type INT.TP Default 3.UNINDENT Sets the clustering mode:
┌──────┬──────────────────────┐
│Value │ Effect │
└──────┴──────────────────────┘
│1 │ full-clustering mode │
├──────┼──────────────────────┤
│2 │ management-only mode │
├──────┼──────────────────────┤
│3 │ no clustering │
└──────┴──────────────────────┘
proxy.config.cluster.ethernet_interface
Scope CONFIG.TP Type INT.TP Default eth0.UNINDENT
The network interface to be used for cluster communication. This has to be
identical on all members of a clsuter. ToDo: Is that reasonable ?? Should this be
local"
proxy.config.cluster.rsport
Scope CONFIG.TP Type INT.TP Default 8088.UNINDENT The reliable service port. The reliable
service port is used to send configuration information between the nodes in a
cluster. All nodes in a cluster must use the same reliable service port.
proxy.config.cluster.threads
Scope CONFIG.TP Type INT.TP Default 1.UNINDENT The number of threads for cluster
communication. On heavy cluster, the number should be adjusted. It is recommend
that take the thread CPU usage as a reference when adjusting.
proxy.config.clustger.ethernet_interface
Scope CONFIG.TP Type STRING.TP Default *NONE*.UNINDENT Set the interface to use for
cluster communications.
proxy.config.http.cache.cluster_cache_local
Scope CONFIG.TP Type INT.TP Default 0.UNINDENT This turns on the local caching of objects
in cluster mode. The point of this is to allow for popular or hot content to be
cached on all nodes in a cluster. Be aware that the primary way to configure this
behavior is via the cache.config configuration file using
action=cluster-cache-local directives.
This particular records.config configuration can be controlled per transaction or
per remap rule. As such, it augments the cache.config directives, since you can
turn on the local caching feature without complex regular expression matching.
This implies that turning this on in your global records.config is almost never
what you want; instead, you want to use this either via e.g. conf_remap.so
overrides for a certain remap rule, or through a custom plugin using the
appropriate APIs.
LOCAL MANAGER
proxy.config.lm.sem_id
Scope CONFIG.TP Type INT.TP Default 11452.UNINDENT The semaphore ID for the local
manager.
proxy.config.admin.autoconf_port
Scope CONFIG.TP Type INT.TP Default 8083.UNINDENT The autoconfiguration port.
proxy.config.admin.number_config_bak
Scope CONFIG.TP Type INT.TP Default 3.UNINDENT The maximum number of copies of rolled
configuration files to keep.
proxy.config.admin.user_id
Scope CONFIG.TP Type STRING.TP Default nobody.UNINDENT Option used to specify who to run
the traffic_server process as; also used to specify ownership of config and log
files.
The nonprivileged user account designated to Traffic Server.
As of version 2.1.1 if the user_id is prefixed with pound character (#) the
remaining of the string is considered to be a numeric user identifier. If the value
is set to #-1 Traffic Server will not change the user during startup.
Setting user_id to root or #0 is now forbidden to increase security. Trying to do
so, will cause the traffic_server fatal failure. However there are two ways to
bypass that restriction
• Specify -DBIG_SECURITY_HOLE in CXXFLAGS during compilation.
• Set the user_id=#-1 and start trafficserver as root.
proxy.config.admin.api.restricted
Scope CONFIG.TP Type INT.TP Default 1.UNINDENT
This setting specifies whether the management API should be restricted to root
processes. If this is set to 0, then on platforms that support passing process
credentials, non-root processes will be allowed to make read-only management API
calls. Any management API calls that modify server state (eg. setting a
configuration variable) will still be restricted to root processes.
This setting is not reloadable, since it is must be applied when
program:traffic_manager initializes.
NOTE:
In Traffic Server 6.0, the default value of proxy.config.admin.api.restricted will be
changed to 0.
PROCESS MANAGER
proxy.config.process_manager.mgmt_port
Scope CONFIG.TP Type INT.TP Default 8084.UNINDENT The port used for internal
communication between the traffic_manager and traffic_server processes.
ALARM CONFIGURATION
proxy.config.alarm_email
Scope CONFIG.TP Type STRING.TP Default *NONE*.TP Reloadable Yes.UNINDENT The address to
which the alarm script should send email.
proxy.config.alarm.bin
Scope CONFIG.TP Type STRING.TP Default example_alarm_bin.sh.TP Reloadable Yes.UNINDENT
Name of the script file that can execute certain actions when an alarm is signaled.
The script is invoked with up to 4 arguments:
• the alarm message
• the value of proxy.config.product_name
• the value of proxy.config.admin.user_id
• the value of proxy.config.alarm_email
proxy.config.alarm.abs_path
Scope CONFIG.TP Type STRING.TP Default NULL.TP Reloadable Yes.UNINDENT The absolute path
to the directory containing the alarm script. If this is not set, the script will
be located relative to proxy.config.bin_path.
proxy.config.alarm.script_runtime
Scope CONFIG.TP Type INT.TP Default 5.TP Reloadable Yes.UNINDENT The number of seconds
that Traffic Server allows the alarm script to run before aborting it.
HTTP ENGINE
proxy.config.http.server_ports
Scope CONFIG.TP Type STRING.TP Default 8080.UNINDENT Ports used for proxying HTTP
traffic.
This is a list, separated by space or comma, of port descriptors. Each descriptor
is a sequence of keywords and values separated by colons. Not all keywords have
values, those that do are specifically noted. Keywords with values can have an
optional '=' character separating the keyword and value. The case of keywords is
ignored. The order of keywords is irrelevant but unspecified results may occur if
incompatible options are used (noted below). Options without values are idempotent.
Options with values use the last (right most) value specified, except for ip-out as
detailed later.
Quick reference chart.
┌───────────┬──────────┬──────────────────────────┐
│Name │ Note │ Definition │
├───────────┼──────────┼──────────────────────────┤
│number │ Required │ The local port. │
├───────────┼──────────┼──────────────────────────┤
│blind │ │ Blind (CONNECT) port. │
├───────────┼──────────┼──────────────────────────┤
│compress │ N/I │ Compressed. Not │
│ │ │ implemented. │
├───────────┼──────────┼──────────────────────────┤
│ipv4 │ Default │ Bind to IPv4 address │
│ │ │ family. │
├───────────┼──────────┼──────────────────────────┤
│ipv6 │ │ Bind to IPv6 address │
│ │ │ family. │
├───────────┼──────────┼──────────────────────────┤
│ip-in │ Value │ Local inbound IP │
│ │ │ address. │
├───────────┼──────────┼──────────────────────────┤
│ip-out │ Value │ Local outbound IP │
│ │ │ address. │
├───────────┼──────────┼──────────────────────────┤
│ip-resolve │ Value │ IP address resolution │
│ │ │ style. │
├───────────┼──────────┼──────────────────────────┤
│proto │ Value │ List of supported │
│ │ │ session protocols. │
├───────────┼──────────┼──────────────────────────┤
│ssl │ │ SSL terminated. │
├───────────┼──────────┼──────────────────────────┤
│tr-full │ │ Fully transparent │
│ │ │ (inbound and outbound) │
├───────────┼──────────┼──────────────────────────┤
│tr-in │ │ Inbound transparent. │
├───────────┼──────────┼──────────────────────────┤
│tr-out │ │ Outbound transparent. │
├───────────┼──────────┼──────────────────────────┤
│tr-pass │ │ Pass through enabled. │
└───────────┴──────────┴──────────────────────────┘
number Local IP port to bind. This is the port to which ATS clients will connect.
blind Accept only the CONNECT method on this port.
Not compatible with: tr-in, ssl.
compress
Compress the connection. Retained only by inertia, should be considered "not
implemented".
ipv4 Use IPv4. This is the default and is included primarily for completeness. This
forced if the ip-in option is used with an IPv4 address.
ipv6 Use IPv6. This is forced if the ip-in option is used with an IPv6 address.
ssl Require SSL termination for inbound connections. SSL must be configured for this
option to provide a functional server port.
Not compatible with: blind.
proto Specify the session level protocols supported. These should be separated by
semi-colons. For TLS proxy ports the default value is all available protocols. For
non-TLS proxy ports the default is HTTP only. SPDY can be enabled on non-TLS proxy
ports but that must be done explicitly.
tr-full
Fully transparent. This is a convenience option and is identical to specifying both
tr-in and tr-out.
Not compatible with: Any option not compatible with tr-in or tr-out.
tr-in Inbound transparent. The proxy port will accept connections to any IP address on
the port. To have IPv6 inbound transparent you must use this and the ipv6 option.
This overrides proxy.local.incoming_ip_to_bind for this port.
Not compatible with: ip-in, blind
tr-out Outbound transparent. If ATS connects to an origin server for a transaction on this
port, it will use the client's address as its local address. This overrides
proxy.local.outgoing_ip_to_bind for this port.
Not compatible with: ip-out, ip-resolve
tr-pass
Transparent pass through. This option is useful only for inbound transparent proxy
ports. If the parsing of the expected HTTP header fails, then the transaction is
switched to a blind tunnel instead of generating an error response to the client.
It effectively enables proxy.config.http.use_client_target_addr for the transaction
as there is no other place to obtain the origin server address.
ip-in Set the local IP address for the port. This is the address to which clients will
connect. This forces the IP address family for the port. The ipv4 or ipv6 can be
used but it is optional and is an error for it to disagree with the IP address
family of this value. An IPv6 address must be enclosed in square brackets. If this
option is omitted proxy.local.incoming_ip_to_bind is used.
Not compatible with: tr-in.
ip-out Set the local IP address for outbound connections. This is the address used by ATS
locally when it connects to an origin server for transactions on this port. If this
is omitted proxy.local.outgoing_ip_to_bind is used.
This option can used multiple times, once for each IP address family. The address
used is selected by the IP address family of the origin server address.
Not compatible with: tr-out.
ip-resolve
Set the host resolution style for transactions on this proxy port.
Not compatible with: tr-out - this option requires a value of client;none which is
forced and should not be explicitly specified.
Example
Listen on port 80 on any address for IPv4 and IPv6.:
80 80:ipv6
Example
Listen transparently on any IPv4 address on port 8080, and transparently on port 8080 on
local address fc01:10:10:1::1 (which implies ipv6).:
IPv4:tr-FULL:8080 TR-full:IP-in=[fc02:10:10:1::1]:8080
Example
Listen on port 8080 for IPv6, fully transparent. Set up an SSL port on 443. These ports
will use the IP address from proxy.local.incoming_ip_to_bind. Listen on IP address
192.168.17.1, port 80, IPv4, and connect to origin servers using the local address
10.10.10.1 for IPv4 and fc01:10:10:1::1 for IPv6.:
8080:ipv6:tr-full 443:ssl ip-in=192.168.17.1:80:ip-out=[fc01:10:10:1::1]:ip-out=10.10.10.1
Example
Listen on port 9090 for TSL enabled SPDY or HTTP connections, accept no other session
protocols.:
9090:proto=spdy;http:ssl
proxy.config.http.connect_ports
Scope CONFIG.TP Type STRING.TP Default 443 563.UNINDENT The range of origin server ports
that can be used for tunneling via CONNECT.
Traffic Server allows tunnels only to the specified ports. Supports both wildcards
('*') and ranges ("0-1023").
NOTE:
These are the ports on the origin server, not Traffic Server proxy ports.
proxy.config.http.insert_request_via_str
Scope CONFIG.TP Type INT.TP Default 1.TP Reloadable Yes.UNINDENT Set how the Via field is
handled on a request to the origin server.
┌──────┬──────────────────────────────────┐
│Value │ Effect │
├──────┼──────────────────────────────────┤
│0 │ Do not modify / set this via │
│ │ header │
├──────┼──────────────────────────────────┤
│1 │ Update the via, with normal │
│ │ verbosity │
├──────┼──────────────────────────────────┤
│2 │ Update the via, with higher │
│ │ verbosity │
├──────┼──────────────────────────────────┤
│3 │ Update the via, with highest │
│ │ verbosity │
└──────┴──────────────────────────────────┘
NOTE:
The Via header string can be decoded with the Via Decoder Ring.
proxy.config.http.insert_response_via_str
Scope CONFIG.TP Type INT.TP Default 0.TP Reloadable Yes.UNINDENT Set how the Via field is
handled on the response to the client.
┌──────┬──────────────────────────────────┐
│Value │ Effect │
├──────┼──────────────────────────────────┤
│0 │ Do not modify / set this via │
│ │ header │
├──────┼──────────────────────────────────┤
│1 │ Update the via, with normal │
│ │ verbosity │
├──────┼──────────────────────────────────┤
│2 │ Update the via, with higher │
│ │ verbosity │
└──────┴──────────────────────────────────┘
│3 │ Update the via, with highest │
│ │ verbosity │
└──────┴──────────────────────────────────┘
NOTE:
The Via header string can be decoded with the Via Decoder Ring.
proxy.config.http.send_100_continue_response
Scope CONFIG.TP Type INT.TP Default 0.TP Reloadable Yes.UNINDENT You can specify one of
the following:
• 0 ATS buffer the request until the post body has been recieved and then send the request
to origin.
• 1 immediately return a 100 Continue from ATS without waiting for the post body
proxy.config.http.response_server_enabled
Scope CONFIG.TP Type INT.TP Default 1.TP Reloadable Yes.UNINDENT You can specify one of
the following:
• 0 no Server: header is added to the response.
• 1 the Server: header is added (see string below).
• 2 the Server: header is added only if the response from origin does not have one
already.
proxy.config.http.insert_age_in_response
Scope CONFIG.TP Type INT.TP Default 1.TP Reloadable Yes.UNINDENT This option specifies
whether Traffic Server should insert an Age header in the response. The Age field
value is the cache's estimate of the amount of time since the response was
generated or revalidated by the origin server.
• 0 no Age header is added
• 1 the Age header is added
proxy.config.http.response_server_str
Scope CONFIG.TP Type STRING.TP Default ATS/.TP Reloadable Yes.UNINDENT The Server: string
that ATS will insert in a response header (if requested, see above). Note that the
current version number is always appended to this string.
proxy.config.http.enable_url_expandomatic
Scope CONFIG.TP Type INT.TP Default 0.TP Reloadable Yes.UNINDENT Enables (1) or disables
(0) .com domain expansion. This configures the Traffic Server to resolve
unqualified hostnames by prepending with www. and appending with .com before
redirecting to the expanded address. For example: if a client makes a request to
host, then Traffic Server redirects the request to www.host.com.
proxy.config.http.chunking_enabled
Scope CONFIG.TP Type INT.TP Default 1.TP Reloadable Yes.UNINDENT Specifies whether
Traffic Sever can generate a chunked response:
• 0 Never
• 1 Always
• 2 Generate a chunked response if the server has returned HTTP/1.1 before
• 3 = Generate a chunked response if the client request is HTTP/1.1 and the origin server
has returned HTTP/1.1 before
NOTE:
If HTTP/1.1 is used, then Traffic Server can use keep-alive connections with pipelining
to origin servers. If HTTP/0.9 is used, then Traffic Server does not use keep-alive
connections to origin servers. If HTTP/1.0 is used, then Traffic Server can use
keep-alive connections without pipelining to origin servers.
proxy.config.http.send_http11_requests
Scope CONFIG.TP Type INT.TP Default 1.TP Reloadable Yes.UNINDENT Specifies when and how
Traffic Sever uses HTTP/1.1 to communicate with the origin server
• 0 Never
• 1 Always
• 2 If the server has returned HTTP/1.1 before
• 3 If the client request is HTTP/1.1 and the server has returned HTTP/1.1 before
NOTE:
If proxy.config.http.use_client_target_addr is set to 1, options 2 and 3 cause the
proxy to use the client HTTP version for upstream requests.
proxy.config.http.share_server_sessions
Scope CONFIG.TP Type INT.TP Default 2.TP Deprecated Yes.UNINDENT Enables (1) or disables
(0) the reuse of server sessions. The default (2) is similar to enabled, except it
creates a server session pool per network thread. This has the best performance
characteristics. Note that setting this parameter to (2) will not work correctly
unless the dedicated SSL threads are disabled (proxy.config.ssl.number.threads is
set to (-1)).
proxy.config.http.auth_server_session_private
Scope CONFIG.TP Type INT.TP Default 1.UNINDENT If enabled (1) anytime a request contains
a (Authorization), (Proxy-Authorization) or (Www-Authenticate) header the
connection will be closed and not reused. This marks the connection as private.
When disabled (0) the connection will be available for reuse.
proxy.config.http.server_session_sharing.match
Scope CONFIG.TP Type STRING.TP Default both.UNINDENT Enable and set the ability to re-use
server connections across client connections. The valid values are
none Do not match, do not re-use server sessions.
ip Re-use server sessions, check only that the IP address and port of the origin
server matches.
host Re-use server sessions, check only that the fully qualified domain name matches.
both Re-use server sessions, but only if the IP address and fully qualified domain name
match.
It is strongly recommended to use either none or both for this value unless you have a
specific need to use ip or host. The most common reason is virtual hosts that share an IP
address in which case performance can be enhanced if those sessions can be re-used.
However, not all web servers support requests for different virtual hosts on the same
connection so use with caution.
proxy.config.http.server_session_sharing.pool
Scope CONFIG.TP Type STRING.TP Default thread.UNINDENT Control the scope of server
session re-use if it is enabled by proxy.config.http.server_session_sharing.match.
The valid values are
global Re-use sessions from a global pool of all server sessions.
thread Re-use sessions from a per-thread pool.
proxy.config.http.attach_server_session_to_client
Scope CONFIG.TP Type INT.TP Default 0.UNINDENT Control the re-use of an server session by
a user agent (client) session.
If a user agent performs more than one HTTP transaction on its connection to
Traffic Server a server session must be obtained for the second (and subsequent)
transaction as for the first. This settings affects how that server session is
selected.
If this setting is 0 then after the first transaction the server session for that
transaction is released to the server pool (if any). When a server session is
needed for subsequent transactions one is selected from the server pool or created
if there is no suitable server session in the pool.
If this setting is not 0 then the current server session for the user agent session
is "sticky". It will be preferred to any other server session (either from the pool
or newly created). The server session will be detached from the user agent session
only if it cannot be used for the transaction. This is determined by the
proxy.config.http.server_session_sharing.match value. If the server session matches
the next transaction according to this setting then it will be used, otherwise it
will be released to the pool and a different session selected or created.
proxy.config.http.record_heartbeat
Scope CONFIG.TP Type INT.TP Default 0.TP Reloadable Yes.UNINDENT Enables (1) or disables
(0) traffic_cop heartbeat logging.
proxy.config.http.use_client_target_addr
Scope CONFIG.TP Type INT.TP Default 0.UNINDENT For fully transparent ports use the same
origin server address as the client.
This option causes Traffic Server to avoid where possible doing DNS lookups in
forward transparent proxy mode. The option is only effective if the following three
conditions are true -
• Traffic Server is in forward proxy mode.
• The proxy port is inbound transparent.
• The target URL has not been modified by either remapping or a plugin.
If any of these conditions are not true, then normal DNS processing is done for the
connection.
There are three valid values. * 0 - Disables the feature. * 1 - Enables the feature
with address verification. The Proxy does the regular DNS processing. If the
client-specified origin address is not in the set of addresses found by the Proxy, the
request continues to the client specified address, but the result is not cached. * 2 -
Enables the feature with no address verification. No DNS processing is performed. The
result is cached (if allowed otherwise). This option is vulnerable to cache poisoning if
an incorrect Host header is specified, so this option should be used with extreme caution.
See bug TS-2954 for details.
If all of these conditions are met, then the origin server IP address is retrieved from
the original client connection, rather than through HostDB or DNS lookup. In effect,
client DNS resolution is used instead of Traffic Server DNS.
This can be used to be a little more efficient (looking up the target once by the client
rather than by both the client and Traffic Server) but the primary use is when client DNS
resolution can differ from that of Traffic Server. Two known uses cases are:
1. Embedded IP addresses in a protocol with DNS load sharing. In this case, even though
Traffic Server and the client both make the same request to the same DNS resolver
chain, they may get different origin server addresses. If the address is embedded in
the protocol then the overall exchange will fail. One current example is Microsoft
Windows update, which presumably embeds the address as a security measure.
2. The client has access to local DNS zone information which is not available to Traffic
Server. There are corporate nets with local DNS information for internal servers which,
by design, is not propagated outside the core corporate network. Depending a network
topology it can be the case that Traffic Server can access the servers by IP address
but cannot resolve such addresses by name. In such as case the client supplied target
address must be used.
This solution must be considered interim. In the longer term, it should be possible to
arrange for much finer grained control of DNS lookup so that wildcard domain can be set to
use Traffic Server or client resolution. In both known use cases, marking specific domains
as client determined (rather than a single global switch) would suffice. It is possible to
do this crudely with this flag by enabling it and then use identity URL mappings to
re-disable it for specific domains.
proxy.config.http.keep_alive_enabled_in
Scope CONFIG.TP Type INT.TP Default 1.UNINDENT Enables (1) or disables (0) incoming
keep-alive connections.
proxy.config.http.keep_alive_enabled_out
Scope CONFIG.TP Type INT.TP Default 1.UNINDENT
Enables (1) or disables (0) outgoing keep-alive connections.
NOTE:
Enabling keep-alive does not automatically enable purging of keep-alive requests when
nearing the connection limit, that is controlled by
proxy.config.http.server_max_connections.
proxy.config.http.keep_alive_post_out
Scope CONFIG.TP Type INT.TP Default 1.UNINDENT Controls wether new POST requests re-use
keep-alive sessions (1) or create new connections per request (0).
proxy.config.http.send_408_post_timeout_response
Scope CONFIG.TP Type INT.TP Default 0.UNINDENT Controls wether POST timeout sends a HTTP
status 408 response (1)
proxy.config.http.disallow_post_100_continue
Scope CONFIG.TP Type INT.TP Default 0.UNINDENT Allows you to return a 405 Method Not
Supported with Posts also containing an Expect: 100-continue.
When a Post w/ Expect: 100-continue is blocked the stat
proxy.process.http.disallowed_post_100_continue will be incremented.
PARENT PROXY CONFIGURATION
proxy.config.http.parent_proxy_routing_enable
Scope CONFIG.TP Type INT.TP Default 0.TP Reloadable Yes.UNINDENT Enables (1) or disables
(0) the parent caching option. Refer to hierarchical-caching.
proxy.config.http.parent_proxy.retry_time
Scope CONFIG.TP Type INT.TP Default 300.TP Reloadable Yes.UNINDENT The amount of time
allowed between connection retries to a parent cache that is unavailable.
proxy.config.http.parent_proxy.fail_threshold
Scope CONFIG.TP Type INT.TP Default 10.TP Reloadable Yes.UNINDENT The number of times the
connection to the parent cache can fail before Traffic Server considers the parent
unavailable.
proxy.config.http.parent_proxy.total_connect_attempts
Scope CONFIG.TP Type INT.TP Default 4.TP Reloadable Yes.UNINDENT The total number of
connection attempts allowed to a parent cache before Traffic Server bypasses the
parent or fails the request (depending on the go_direct option in the parent.config
file).
proxy.config.http.parent_proxy.per_parent_connect_attempts
Scope CONFIG.TP Type INT.TP Default 2.TP Reloadable Yes.UNINDENT The total number of
connection attempts allowed per parent, if multiple parents are used.
proxy.config.http.parent_proxy.connect_attempts_timeout
Scope CONFIG.TP Type INT.TP Default 30.TP Reloadable Yes.UNINDENT The timeout value (in
seconds) for parent cache connection attempts.
proxy.config.http.forward.proxy_auth_to_parent
Scope CONFIG.TP Type INT.TP Default 0.TP Reloadable Yes.UNINDENT Configures Traffic
Server to send proxy authentication headers on to the parent cache.
proxy.config.http.no_dns_just_forward_to_parent
Scope CONFIG.TP Type INT.TP Default 0.TP Reloadable Yes.UNINDENT Don't try to resolve
DNS, forward all DNS requests to the parent. This is off (0) by default.
HTTP CONNECTION TIMEOUTS
proxy.config.http.keep_alive_no_activity_timeout_in
Scope CONFIG.TP Type INT.TP Default 115.TP Reloadable Yes.UNINDENT Specifies how long
Traffic Server keeps connections to clients open for a subsequent request after a
transaction ends. A value of 0 will disable the no activity timeout.
proxy.config.http.keep_alive_no_activity_timeout_out
Scope CONFIG.TP Type INT.TP Default 120.TP Reloadable Yes.UNINDENT Specifies how long
Traffic Server keeps connections to origin servers open for a subsequent transfer
of data after a transaction ends. A value of 0 will disable the no activity
timeout.
proxy.config.http.transaction_no_activity_timeout_in
Scope CONFIG.TP Type INT.TP Default 30.TP Reloadable Yes.UNINDENT Specifies how long
Traffic Server keeps connections to clients open if a transaction stalls.
proxy.config.http.transaction_no_activity_timeout_out
Scope CONFIG.TP Type INT.TP Default 30.TP Reloadable Yes.UNINDENT Specifies how long
Traffic Server keeps connections to origin servers open if the transaction stalls.
proxy.config.http.transaction_active_timeout_in
Scope CONFIG.TP Type INT.TP Default 900.TP Reloadable Yes.UNINDENT The maximum amount of
time Traffic Server can remain connected to a client. If the transfer to the client
is not complete before this timeout expires, then Traffic Server closes the
connection.
The value of 0 specifies that there is no timeout.
proxy.config.http.transaction_active_timeout_out
Scope CONFIG.TP Type INT.TP Default 0.TP Reloadable Yes.UNINDENT The maximum amount of
time Traffic Server waits for fulfillment of a connection request to an origin
server. If Traffic Server does not complete the transfer to the origin server
before this timeout expires, then Traffic Server terminates the connection request.
The default value of 0 specifies that there is no timeout.
proxy.config.http.accept_no_activity_timeout
Scope CONFIG.TP Type INT.TP Default 120.TP Reloadable Yes.UNINDENT The timeout interval
in seconds before Traffic Server closes a connection that has no activity.
proxy.config.http.background_fill_active_timeout
Scope CONFIG.TP Type INT.TP Default 0.TP Reloadable Yes.UNINDENT Specifies how long
Traffic Server continues a background fill before giving up and dropping the origin
server connection.
proxy.config.http.background_fill_completed_threshold
Scope CONFIG.TP Type FLOAT.TP Default 0.0.TP Reloadable Yes.UNINDENT The proportion of
total document size already transferred when a client aborts at which the proxy
continues fetching the document from the origin server to get it into the cache (a
background fill).
ORIGIN SERVER CONNECT ATTEMPTS
proxy.config.http.connect_attempts_max_retries
Scope CONFIG.TP Type INT.TP Default 6.TP Reloadable Yes.UNINDENT The maximum number of
connection retries Traffic Server can make when the origin server is not
responding. Each retry attempt lasts for
proxy.config.http.connect_attempts_timeout seconds. Once the maximum number of
retries is reached, the origin is marked dead. After this, the setting
proxy.config.http.connect_attempts_max_retries_dead_server is used to limit the
number of retry attempts to the known dead origin.
proxy.config.http.connect_attempts_max_retries_dead_server
Scope CONFIG.TP Type INT.TP Default 3.TP Reloadable Yes.UNINDENT Maximum number of
connection retries Traffic Server can make while an origin is marked dead.
Typically this value is smaller than proxy.config.http.connect_attempts_max_retries
so an error is returned to the client faster and also to reduce the load on the
dead origin. The timeout interval proxy.config.http.connect_attempts_timeout in
seconds is used with this setting.
proxy.config.http.server_max_connections
Scope CONFIG.TP Type INT.TP Default 0.TP Reloadable Yes.UNINDENT Limits the number of
socket connections across all origin servers to the value specified. To disable,
set to zero (0).
NOTE:
This value is used in determining when and if to prune active origin sessions. Without
this value set connections to origins can consume all the way up to
ts:cv:proxy.config.net.connections_throttle connections, which in turn can starve
incoming requests from available connections.
proxy.config.http.origin_max_connections
Scope CONFIG.TP Type INT.TP Default 0.TP Reloadable Yes.UNINDENT Limits the number of
socket connections per origin server to the value specified. To enable, set to one
(1).
proxy.config.http.origin_min_keep_alive_connections
Scope CONFIG.TP Type INT.TP Default 0.TP Reloadable Yes.UNINDENT As connection to an
origin server are opened, keep at least 'n' number of connections open to that
origin, even if the connection isn't used for a long time period. Useful when the
origin supports keep-alive, removing the time needed to set up a new connection
from the next request at the expense of added (inactive) connections. To enable,
set to one (1).
proxy.config.http.connect_attempts_rr_retries
Scope CONFIG.TP Type INT.TP Default 3.TP Reloadable Yes.UNINDENT The maximum number of
failed connection attempts allowed before a round-robin entry is marked as 'down'
if a server has round-robin DNS entries.
proxy.config.http.connect_attempts_timeout
Scope CONFIG.TP Type INT.TP Default 30.TP Reloadable Yes.UNINDENT The timeout value (in
seconds) for time to first byte for an origin server connection.
proxy.config.http.post_connect_attempts_timeout
Scope CONFIG.TP Type INT.TP Default 1800.TP Reloadable Yes.UNINDENT The timeout value (in
seconds) for an origin server connection when the client request is a POST or PUT
request.
proxy.config.http.down_server.cache_time
Scope CONFIG.TP Type INT.TP Default 300.TP Reloadable Yes.UNINDENT Specifies how long (in
seconds) Traffic Server remembers that an origin server was unreachable.
proxy.config.http.down_server.abort_threshold
Scope CONFIG.TP Type INT.TP Default 10.TP Reloadable Yes.UNINDENT The number of seconds
before Traffic Server marks an origin server as unavailable after a client abandons
a request because the origin server was too slow in sending the response header.
proxy.config.http.uncacheable_requests_bypass_parent
Scope CONFIG.TP Type INT.TP Default 1.UNINDENT When enabled (1), Traffic Server bypasses
the parent proxy for a request that is not cacheable.
CONGESTION CONTROL
proxy.config.http.congestion_control.enabled
Scope CONFIG.TP Type INT.TP Default 0.UNINDENT Enables (1) or disables (0) the Congestion
Control option, which configures Traffic Server to stop forwarding HTTP requests to
origin servers when they become congested. Traffic Server sends the client a
message to retry the congested origin server later. Refer to
using-congestion-control.
proxy.config.http.flow_control.enabled
Scope CONFIG.TP Type INT.TP Default 0.UNINDENT Transaction buffering / flow control is
enabled if this is set to a non-zero value. Otherwise no flow control is done.
proxy.config.http.flow_control.high_water
Scope CONFIG.TP Type INT.TP Default 0.TP Metric bytes.UNINDENT The high water mark for
transaction buffer control. External source I/O is halted when the total buffer
space in use by the transaction exceeds this value.
proxy.config.http.flow_control.low_water
Scope CONFIG.TP Type INT.TP Default 0.TP Metric bytes.UNINDENT The low water mark for
transaction buffer control. External source I/O is resumed when the total buffer
space in use by the transaction is no more than this value.
NEGATIVE RESPONSE CACHING
proxy.config.http.negative_caching_enabled
Scope CONFIG.TP Type INT.TP Default 0.TP Reloadable Yes.UNINDENT When enabled (1),
Traffic Server caches negative responses (such as 404 Not Found) when a requested
page does not exist. The next time a client requests the same page, Traffic Server
serves the negative response directly from cache. When disabled (0) Traffic Server
will only cache the response if the response has Cache-Control headers.
NOTE:
The following negative responses are cached by Traffic Server::
204 No Content
305 Use Proxy
400 Bad Request
403 Forbidden
404 Not Found
405 Method Not Allowed
500 Internal Server Error
501 Not Implemented
502 Bad Gateway
503 Service Unavailable
504 Gateway Timeout
The cache lifetime for objects cached from this setting is controlled via
proxy.config.http.negative_caching_lifetime.
proxy.config.http.negative_caching_lifetime
Scope CONFIG.TP Type INT.TP Default 1800.UNINDENT How long (in seconds) Traffic Server
keeps the negative responses valid in cache. This value only affects negative
responses that do have explicit Expires: or Cache-Control: lifetimes set by the
server.
PROXY USER VARIABLES
proxy.config.http.anonymize_remove_from
Scope CONFIG.TP Type INT.TP Default 0.TP Reloadable Yes.UNINDENT When enabled (1),
Traffic Server removes the From header to protect the privacy of your users.
proxy.config.http.anonymize_remove_referer
Scope CONFIG.TP Type INT.TP Default 0.TP Reloadable Yes.UNINDENT When enabled (1),
Traffic Server removes the Referrer header to protect the privacy of your site and
users.
proxy.config.http.anonymize_remove_user_agent
Scope CONFIG.TP Type INT.TP Default 0.TP Reloadable Yes.UNINDENT When enabled (1),
Traffic Server removes the User-agent header to protect the privacy of your site
and users.
proxy.config.http.anonymize_remove_cookie
Scope CONFIG.TP Type INT.TP Default 0.TP Reloadable Yes.UNINDENT When enabled (1),
Traffic Server removes the Cookie header to protect the privacy of your site and
users.
proxy.config.http.anonymize_remove_client_ip
Scope CONFIG.TP Type INT.TP Default 0.TP Reloadable Yes.UNINDENT When enabled (1),
Traffic Server removes Client-IP headers for more privacy.
proxy.config.http.anonymize_insert_client_ip
Scope CONFIG.TP Type INT.TP Default 1.TP Reloadable Yes.UNINDENT When enabled (1),
Traffic Server inserts Client-IP headers to retain the client IP address.
proxy.config.http.anonymize_other_header_list
Scope CONFIG.TP Type STRING.TP Default NULL.TP Reloadable Yes.UNINDENT Comma separated
list of headers Traffic Server should remove from outgoing requests.
proxy.config.http.insert_squid_x_forwarded_for
Scope CONFIG.TP Type INT.TP Default 1.TP Reloadable Yes.UNINDENT When enabled (1),
Traffic Server adds the client IP address to the X-Forwarded-For header.
proxy.config.http.normalize_ae_gzip
Scope CONFIG.TP Type INT.TP Default 1.TP Reloadable Yes.UNINDENT Enable (1) to normalize
all Accept-Encoding: headers to one of the following:
• Accept-Encoding: gzip (if the header has gzip or x-gzip with any q) OR
• blank (for any header that does not include gzip)
This is useful for minimizing cached alternates of documents (e.g. gzip, deflate vs.
deflate, gzip). Enabling this option is recommended if your origin servers use no
encodings other than gzip.
SECURITY
proxy.config.http.push_method_enabled
Scope CONFIG.TP Type INT.TP Default 0.TP Reloadable Yes.UNINDENT Enables (1) or disables
(0) the HTTP PUSH option, which allows you to deliver content directly to the cache
without a user request.
IMPORTANT:
If you enable this option, then you must also specify a filtering rule in the
ip_allow.config file to allow only certain machines to push content into the cache.
CACHE CONTROL
proxy.config.cache.enable_read_while_writer
Scope CONFIG.TP Type INT.TP Default 1.TP Reloadable Yes.UNINDENT Specifies when to enable
the ability to read a cached object while another connection is completing the
write to cache for that same object. The goal here is to avoid multiple origin
connections for the same cacheable object upon a cache miss. The possible values of
this config are:
• 0 = never read while writing
• 1 = always read while writing
• 2 = always read while writing, but allow non-cached Range requests through to the origin
The 2 option is useful to avoid delaying requests which can not easily be satisfied by the
partially written response.
Several other configuration values need to be set for this to be usable. See Reducing
Origin Server Requests.
proxy.config.cache.force_sector_size
Scope CONFIG.TP Type INT.TP Default 0.TP Reloadable Yes.UNINDENT Forces the use of a
specific hardware sector size (512 - 8192 bytes).
proxy.config.http.cache.http
Scope CONFIG.TP Type INT.TP Default 1.TP Reloadable Yes.UNINDENT Enables (1) or disables
(0) caching of HTTP requests.
proxy.config.http.cache.allow_empty_doc
Scope CONFIG.TP Type INT.TP Default 1.TP Reloadable Yes.UNINDENT Enables (1) or disables
(0) caching objects that have an empty response body. This is particularly useful
for caching 301 or 302 responses with a Location header but no document body. This
only works if the origin response also has a Content-Length header.
proxy.config.http.cache.ignore_client_no_cache
Scope CONFIG.TP Type INT.TP Default 1.TP Reloadable Yes.UNINDENT When enabled (1),
Traffic Server ignores client requests to bypass the cache.
proxy.config.http.cache.ims_on_client_no_cache
Scope CONFIG.TP Type INT.TP Default 1.TP Reloadable Yes.UNINDENT When enabled (1),
Traffic Server issues a conditional request to the origin server if an incoming
request has a No-Cache header.
proxy.config.http.cache.ignore_server_no_cache
Scope CONFIG.TP Type INT.TP Default 0.TP Reloadable Yes.UNINDENT When enabled (1),
Traffic Server ignores origin server requests to bypass the cache.
proxy.config.http.cache.cache_responses_to_cookies
Scope CONFIG.TP Type INT.TP Default 1.TP Reloadable Yes.UNINDENT Specifies how cookies
are cached:
• 0 = do not cache any responses to cookies
• 1 = cache for any content-type
• 2 = cache only for image types
• 3 = cache for all but text content-types
proxy.config.http.cache.ignore_authentication
Scope CONFIG.TP Type INT.TP Default 0.UNINDENT When enabled (1), Traffic Server ignores
WWW-Authentication headers in responses WWW-Authentication headers are removed and
not cached.
proxy.config.http.cache.cache_urls_that_look_dynamic
Scope CONFIG.TP Type INT.TP Default 1.TP Reloadable Yes.UNINDENT Enables (1) or disables
(0) caching of URLs that look dynamic, i.e.: URLs that end in ``.asp`` or contain a
question mark (``?``), a semicolon (``;``), or ``cgi``. For a full list, please
refer to HttpTransact::url_looks_dynamic
proxy.config.http.cache.enable_default_vary_headers
Scope CONFIG.TP Type INT.TP Default 0.TP Reloadable Yes.UNINDENT Enables (1) or disables
(0) caching of alternate versions of HTTP objects that do not contain the Vary
header.
proxy.config.http.cache.when_to_revalidate
Scope CONFIG.TP Type INT.TP Default 0.TP Reloadable Yes.UNINDENT Specifies when to
revalidate content:
• 0 = use cache directives or heuristic (the default value)
• 1 = stale if heuristic
• 2 = always stale (always revalidate)
• 3 = never stale
•
4 = use cache directives or heuristic (0) unless the request
has an If-Modified-Since header
If the request contains the If-Modified-Since header, then Traffic Server always
revalidates the cached content and uses the client's If-Modified-Since header for the
proxy request.
proxy.config.http.cache.required_headers
Scope CONFIG.TP Type INT.TP Default 2.TP Reloadable Yes.UNINDENT The type of headers
required in a request for the request to be cacheable.
• 0 = no headers required to make document cacheable
• 1 = either the Last-Modified header, or an explicit lifetime header, Expires or
Cache-Control: max-age, is required
• 2 = explicit lifetime is required, Expires or Cache-Control: max-age
proxy.config.http.cache.max_stale_age
Scope CONFIG.TP Type INT.TP Default 604800.TP Reloadable Yes.UNINDENT The maximum age
allowed for a stale response before it cannot be cached.
proxy.config.http.cache.range.lookup
Scope CONFIG.TP Type INT.TP Default 1.UNINDENT When enabled (1), Traffic Server looks up
range requests in the cache.
proxy.config.http.cache.range.write
Scope CONFIG.TP Type INT.TP Default 0.UNINDENT When enabled (1), Traffic Server will
attempt to write (lock) the URL to cache. This is rarely useful (at the moment),
since it'll only be able to write to cache if the origin has ignored the Range:`
header. For a use case where you know the origin will respond with a full (``200)
response, you can turn this on to allow it to be cached.
proxy.config.http.cache.ignore_accept_mismatch
Scope CONFIG.TP Type INT.TP Default 2.TP Reloadable Yes.UNINDENT When enabled with a
value of 1, Traffic Server serves documents from cache with a Content-Type: header
even if it does not match the Accept: header of the request. If set to 2 (default),
this logic only happens in the absence of a Vary header in the cached response
(which is the recommended and safe use).
NOTE:
This option should only be enabled with 1 if you're having problems with caching and
you origin server doesn't set the Vary header. Alternatively, if the origin is
incorrectly setting Vary: Accept or doesn't respond with 406 (Not Acceptable), you can
also enable this configuration with a 1.
proxy.config.http.cache.ignore_accept_language_mismatch
Scope CONFIG.TP Type INT.TP Default 2.TP Reloadable Yes.UNINDENT When enabled with a
value of 1, Traffic Server serves documents from cache with a Content-Language:
header even if it does not match the Accept-Language: header of the request. If set
to 2 (default), this logic only happens in the absence of a Vary header in the
cached response (which is the recommended and safe use).
NOTE:
This option should only be enabled with 1 if you're having problems with caching and
you origin server doesn't set the Vary header. Alternatively, if the origin is
incorrectly setting Vary: Accept-Language or doesn't respond with 406 (Not Acceptable),
you can also enable this configuration with a 1.
proxy.config.http.cache.ignore_accept_encoding_mismatch
Scope CONFIG.TP Type INT.TP Default 2.TP Reloadable Yes.UNINDENT When enabled with a
value of 1, Traffic Server serves documents from cache with a Content-Encoding:
header even if it does not match the Accept-Encoding: header of the request. If set
to 2 (default), this logic only happens in the absence of a Vary header in the
cached response (which is the recommended and safe use).
NOTE:
This option should only be enabled with 1 if you're having problems with caching and
you origin server doesn't set the Vary header. Alternatively, if the origin is
incorrectly setting Vary: Accept-Encoding or doesn't respond with 406 (Not Acceptable)
you can also enable this configuration with a 1.
proxy.config.http.cache.ignore_accept_charset_mismatch
Scope CONFIG.TP Type INT.TP Default 2.TP Reloadable Yes.UNINDENT When enabled with a
value of 1, Traffic Server serves documents from cache with a Content-Type: header
even if it does not match the Accept-Charset: header of the request. If set to 2
(default), this logic only happens in the absence of a Vary header in the cached
response (which is the recommended and safe use).
NOTE:
This option should only be enabled with 1 if you're having problems with caching and
you origin server doesn't set the Vary header. Alternatively, if the origin is
incorrectly setting Vary: Accept-Charset or doesn't respond with 406 (Not Acceptable),
you can also enable this configuration with a 1.
proxy.config.http.cache.ignore_client_cc_max_age
Scope CONFIG.TP Type INT.TP Default 1.TP Reloadable Yes.UNINDENT When enabled (1),
Traffic Server ignores any Cache-Control: max-age headers from the client. This
technically violates the HTTP RFC, but avoids a problem where a client can
forcefully invalidate a cached object.
proxy.config.cache.max_doc_size
Scope CONFIG.TP Type INT.TP Default 0.UNINDENT Specifies the maximum object size that
will be cached. 0 is unlimited.
proxy.config.cache.permit.pinning
Scope CONFIG.TP Type INT.TP Default 1.TP Reloadable Yes.UNINDENT When enabled (1),
Traffic Server will keep certain HTTP objects in the cache for a certain time as
specified in cache.config.
proxy.config.cache.hit_evacuate_percent
Scope CONFIG.TP Type INT.TP Default 0.UNINDENT The size of the region (as a percentage of
the total content storage in a cache stripe) in front of the write cursor that
constitutes a recent access hit for evacutating the accessed object.
When an object is accessed it can be marked for evacuation, that is to be copied
over the write cursor and thereby preserved from being overwritten. This is done if
it is no more than a specific number of bytes in front of the write cursor. The
number of bytes is a percentage of the total number of bytes of content storage in
the cache stripe where the object is stored and that percentage is set by this
variable.
By default, the feature is off (set to 0).
proxy.config.cache.hit_evacuate_size_limit
Scope CONFIG.TP Type INT.TP Default 0.TP Metric bytes.UNINDENT Limit the size of objects
that are hit evacuated.
Objects larger than the limit are not hit evacuated. A value of 0 disables the
limit.
proxy.config.cache.limits.http.max_alts
Scope CONFIG.TP Type INT.TP Default 5.UNINDENT The maximum number of alternates that are
allowed for any given URL. Disable by setting to 0.
proxy.config.cache.target_fragment_size
Scope CONFIG.TP Type INT.TP Default 1048576.UNINDENT Sets the target size of a contiguous
fragment of a file in the disk cache. When setting this, consider that larger
numbers could waste memory on slow connections, but smaller numbers could increase
(waste) seeks.
RAM CACHE
proxy.config.cache.ram_cache.size
Scope CONFIG.TP Type INT.TP Default -1.UNINDENT By default the RAM cache size is
automatically determined, based on disk cache size; approximately 10 MB of RAM
cache per GB of disk cache. Alternatively, it can be set to a fixed value such as
20GB (21474836480)
proxy.config.cache.ram_cache_cutoff
Scope CONFIG.TP Type INT.TP Default 4194304.UNINDENT Objects greater than this size will
not be kept in the RAM cache. This should be set high enough to keep objects
accessed frequently in memory in order to improve performance. 4MB (4194304)
proxy.config.cache.ram_cache.algorithm
Scope CONFIG.TP Type INT.TP Default 0.UNINDENT Two distinct RAM caches are supported, the
default (0) being the CLFUS (Clocked Least Frequently Used by Size). As an
alternative, a simpler LRU (Least Recently Used) cache is also available, by
changing this configuration to 1.
proxy.config.cache.ram_cache.use_seen_filter
Scope CONFIG.TP Type INT.TP Default 0.UNINDENT Enabling this option will filter inserts
into the RAM cache to ensure that they have been seen at least once. For the LRU,
this provides scan resistance. Note that CLFUS already requires that a document
have history before it is inserted, so for CLFUS, setting this option means that a
document must be seen three times before it is added to the RAM cache.
proxy.config.cache.ram_cache.compress
Scope CONFIG.TP Type INT.TP Default 0.UNINDENT The CLFUS RAM cache also supports an
optional in-memory compression. This is not to be confused with Content-Encoding:
gzip compression. The RAM cache compression is intended to try to save space in
the RAM, and is not visible to the User-Agent (client).
Possible values are:
• 0 = no compression
• 1 = fastlz (extremely fast, relatively low compression)
• 2 = libz (moderate speed, reasonable compression)
• 3 = liblzma (very slow, high compression)
NOTE:
Compression runs on task threads. To use more cores for RAM cache compression,
increase proxy.config.task_threads.
HEURISTIC EXPIRATION
proxy.config.http.cache.heuristic_min_lifetime
Scope CONFIG.TP Type INT.TP Default 3600.TP Reloadable Yes.UNINDENT The minimum amount of
time an HTTP object without an expiration date can remain fresh in the cache before
is considered to be stale.
proxy.config.http.cache.heuristic_max_lifetime
Scope CONFIG.TP Type INT.TP Default 86400.TP Reloadable Yes.UNINDENT The maximum amount
of time an HTTP object without an expiration date can remain fresh in the cache
before is considered to be stale.
proxy.config.http.cache.heuristic_lm_factor
Scope CONFIG.TP Type FLOAT.TP Default 0.10.TP Reloadable Yes.UNINDENT The aging factor
for freshness computations. Traffic Server stores an object for this percentage of
the time that elapsed since it last changed.
proxy.config.http.cache.fuzz.time
Scope CONFIG.TP Type INT.TP Default 240.TP Reloadable Yes.UNINDENT How often Traffic
Server checks for an early refresh, during the period before the document stale
time. The interval specified must be in seconds. See fuzzy-revalidation
proxy.config.http.cache.fuzz.probability
Scope CONFIG.TP Type FLOAT.TP Default 0.005.TP Reloadable Yes.UNINDENT The probability
that a refresh is made on a document during the specified fuzz time.
proxy.config.http.cache.fuzz.min_time
Scope CONFIG.TP Type INT.TP Default 0.TP Reloadable Yes.UNINDENT Handles requests with a
TTL less than fuzz.time – it allows for different times to evaluate the probability
of revalidation for small TTLs and big TTLs. Objects with small TTLs will start
"rolling the revalidation dice" near the fuzz.min_time, while objects with large
TTLs would start at fuzz.time. A logarithmic like function between determines the
revalidation evaluation start time (which will be between fuzz.min_time and
fuzz.time). As the object gets closer to expiring, the window start becomes more
likely. By default this setting is not enabled, but should be enabled anytime you
have objects with small TTLs. The default value is 0.
DYNAMIC CONTENT & CONTENT NEGOTIATION
proxy.config.http.cache.vary_default_text
Scope CONFIG.TP Type STRING.TP Default NULL.TP Reloadable Yes.UNINDENT The header on
which Traffic Server varies for text documents.
For example: if you specify User-agent, then Traffic Server caches all the
different user-agent versions of documents it encounters.
proxy.config.http.cache.vary_default_images
Scope CONFIG.TP Type STRING.TP Default NULL.TP Reloadable Yes.UNINDENT The header on
which Traffic Server varies for images.
proxy.config.http.cache.vary_default_other
Scope CONFIG.TP Type STRING.TP Default NULL.TP Reloadable Yes.UNINDENT The header on
which Traffic Server varies for anything other than text and images.
CUSTOMIZABLE USER RESPONSE PAGES
proxy.config.body_factory.enable_customizations
Scope CONFIG.TP Type INT.TP Default 1.UNINDENT Specifies whether customizable response
pages are language specific or not:
• 1 = enable customizable user response pages in the default directory only
• 2 = enable language-targeted user response pages
proxy.config.body_factory.enable_logging
Scope CONFIG.TP Type INT.TP Default 0.UNINDENT Enables (1) or disables (0) logging for
customizable response pages. When enabled, Traffic Server records a message in the
error log each time a customized response page is used or modified.
proxy.config.body_factory.template_sets_dir
Scope CONFIG.TP Type STRING.TP Default etc/trafficserver/body_factory.UNINDENT The
customizable response page default directory. If this is a relative path, Traffic
Server resolves it relative to the PREFIX directory.
proxy.config.body_factory.response_suppression_mode
Scope CONFIG.TP Type INT.TP Default 0.UNINDENT Specifies when Traffic Server suppresses
generated response pages:
• 0 = never suppress generated response pages
• 1 = always suppress generated response pages
• 2 = suppress response pages only for intercepted traffic
proxy.config.http_ui_enabled
Scope CONFIG.TP Type INT.TP Default 0.UNINDENT Specifies which http UI endpoints to allow
within remap.config:
• 0 = disable all http UI endpoints
• 1 = enable only cache endpoints
• 2 = enable only stats endpoints
• 3 = enable all http UI endpoints
To enable any enpoint there needs to be an entry in remap.config which specifically
enables it. Such a line would look like:
map / http://{stat}
The following are the cache endpoints:
• cache = UI to interact with the cache
The following are the stats endpoints:
• cache-internal = statistics about cache evacuation and volumes
• hostdb = lookups against the hostdb
• http = HTTPSM details, this endpoint is also gated by proxy.config.http.enable_http_info
• net = lookup and listing of open connections
• stat = list of all records.config options and metrics
• test = test callback page
proxy.config.http.enable_http_info
Scope CONFIG.TP Type INT.TP Default 0.UNINDENT Enables (1) or disables (0) access to an
endpoint within proxy.config.http_ui_enabled which shows details about inflight
transactions (HttpSM).
DNS
proxy.config.dns.search_default_domains
Scope CONFIG.TP Type INT.TP Default 0.TP Reloadable Yes.UNINDENT Enables (1) or disables
(0) local domain expansion.
Traffic Server can attempt to resolve unqualified hostnames by expanding to the
local domain. For example if a client makes a request to an unqualified host
(host_x) and the Traffic Server local domain is y.com , then Traffic Server will
expand the hostname to host_x.y.com.
proxy.config.dns.splitDNS.enabled
Scope CONFIG.TP Type INT.TP Default 0.TP Reloadable Yes.UNINDENT Enables (1) or disables
(0) DNS server selection. When enabled, Traffic Server refers to the
splitdns.config file for the selection specification. Refer to Configuring DNS
Server Selection (Split DNS).
proxy.config.dns.url_expansions
Scope CONFIG.TP Type STRING.TP Default NULL.UNINDENT Specifies a list of hostname
extensions that are automatically added to the hostname after a failed lookup. For
example: if you want Traffic Server to add the hostname extension .org, then
specify org as the value for this variable (Traffic Server automatically adds the
dot (.)).
NOTE:
If the variable proxy.config.http.enable_url_expandomatic is set to 1 (the default
value), then you do not have to add ``www.`` and ``.com`` to this list because Traffic
Server automatically tries www. and .com after trying the values you've specified.
proxy.config.dns.resolv_conf
Scope CONFIG.TP Type STRING.TP Default /etc/resolv.conf.UNINDENT Allows to specify which
resolv.conf file to use for finding resolvers. While the format of this file must
be the same as the standard resolv.conf file, this option allows an administrator
to manage the set of resolvers in an external configuration file, without affecting
how the rest of the operating system uses DNS.
proxy.config.dns.round_robin_nameservers
Scope CONFIG.TP Type INT.TP Default 1.TP Reloadable Yes.UNINDENT Enables (1) or disables
(0) DNS server round-robin.
proxy.config.dns.nameservers
Scope CONFIG.TP Type STRING.TP Default NULL.TP Reloadable Yes.UNINDENT The DNS servers.
proxy.config.srv_enabled
Scope CONFIG.TP Type INT.TP Default 0.TP Reloadable Yes.UNINDENT Indicates whether to use
SRV records for orgin server lookup.
proxy.config.dns.dedicated_thread
Scope CONFIG.TP Type INT.TP Default 0.UNINDENT Create and dedicate a thread entirely for
DNS processing. This is probably most useful on system which do a significant
number of DNS lookups, typically forward proxies. But even on other systems, it can
avoid some contention on the first worker thread (which otherwise takes on the
burden of all DNS lookups).
proxy.config.dns.validate_query_name
Scope CONFIG.TP Type INT.TP Default 0.UNINDENT When enabled (1) provides additional
resilience against DNS forgery (for instance in DNS Injection attacks),
particularly in forward or transparent proxies, but requires that the resolver
populates the queries section of the response properly.
HOSTDB
proxy.config.hostdb.lookup_timeout
Scope CONFIG.TP Type INT.TP Default 120.TP Metric seconds.TP Reloadable Yes.UNINDENT Time
to wait for a DNS response in seconds.
proxy.config.hostdb.serve_stale_for
Scope CONFIG.TP Type INT.TP Default *NONE*.TP Metric seconds.TP Reloadable Yes.UNINDENT
The number of seconds for which to use a stale NS record while initiating a
background fetch for the new data.
If not set then stale records are not served.
proxy.config.hostdb.storage_size
Scope CONFIG.TP Type INT.TP Default 33554432.TP Metric bytes.UNINDENT The amount of space
(in bytes) used to store hostdb. The value of this variable must be increased if
you increase the size of the proxy.config.hostdb.size variable.
proxy.config.hostdb.size
Scope CONFIG.TP Type INT.TP Default 120000.UNINDENT The maximum number of entries that
can be stored in the database.
NOTE:
For values above 200000, you must increase proxy.config.hostdb.storage_size by at least
44 bytes per entry.
proxy.config.hostdb.ttl_mode
Scope CONFIG.TP Type INT.TP Default 0.TP Reloadable Yes.UNINDENT A host entry will
eventually time out and be discarded. This variable controls how that time is
calculated. A DNS request will return a TTL value and an internal value can be set
with proxy.config.hostdb.timeout. This variable determines which value will be
used.
┌──────┬──────────────────────────────────┐
│Value │ TTL │
├──────┼──────────────────────────────────┤
│0 │ The TTL from the DNS response. │
├──────┼──────────────────────────────────┤
│1 │ The internal timeout value. │
├──────┼──────────────────────────────────┤
│2 │ The smaller of the DNS and │
│ │ internal TTL values. The │
│ │ internal timeout value becomes a │
│ │ maximum TTL. │
├──────┼──────────────────────────────────┤
│3 │ The larger of the DNS and │
│ │ internal TTL values. The │
│ │ internal timeout value become a │
│ │ minimum TTL. │
└──────┴──────────────────────────────────┘
proxy.config.hostdb.timeout
Scope CONFIG.TP Type INT.TP Default 1440.TP Metric minutes.TP Reloadable Yes.UNINDENT
Internal time to live value for host DB entries, in minutes.
See proxy.config.hostdb.ttl_mode for when this value is used.
proxy.config.hostdb.strict_round_robin
Scope CONFIG.TP Type INT.TP Default 0.TP Reloadable Yes.UNINDENT Set host resolution to
use strict round robin.
When this and proxy.config.hostdb.timed_round_robin are both disabled (set to 0),
Traffic Server always uses the same origin server for the same client, for as long
as the origin server is available. Otherwise if this is set then IP address is
rotated on every request. This setting takes precedence over
proxy.config.hostdb.timed_round_robin.
proxy.config.hostdb.timed_round_robin
Scope CONFIG.TP Type INT.TP Default 0.TP Reloadable Yes.UNINDENT Set host resolution to
use timed round robin.
When this and proxy.config.hostdb.strict_round_robin are both disabled (set to 0),
Traffic Server always uses the same origin server for the same client, for as long
as the origin server is available. Otherwise if this is set to N the IP address is
rotated if more than N seconds have past since the first time the current address
was used.
proxy.config.hostdb.host_file.path
Scope CONFIG.TP Type STRING.TP Default /etc/hosts.UNINDENT Set the file path for an
external host file.
If this is set (non-empty) then the file is presumed to be a hosts file in the
standard host file format. It is read and the entries there added to the HostDB.
The file is periodically checked for a more recent modification date in which case
it is reloaded. The interval is set by the value
proxy.config.hostdb.host_file.interval.
While not technically reloadable, the value is read every time the file is to be
checked so that if changed the new value will be used on the next check and the
file will be treated as modified.
proxy.config.hostdb.host_file.interval
Scope CONFIG.TP Type INT.TP Default 86400.TP Metric seconds.TP Reloadable Yes.UNINDENT
Set the file changed check timer for proxy.config.hostdb.host_file.path.
The file is checked every this many seconds to see if it has changed. If so the
HostDB is updated with the new values in the file.
proxy.config.hostdb.ip_resolve
Scope CONFIG.TP Type STRING.TP Default NULL.UNINDENT Set the host resolution style.
This is an ordered list of keywords separated by semicolons that specify how a host
name is to be resolved to an IP address. The keywords are case insensitive.
┌────────┬──────────────────────────────────┐
│Keyword │ Meaning │
├────────┼──────────────────────────────────┤
│ipv4 │ Resolve to an IPv4 address. │
├────────┼──────────────────────────────────┤
│ipv6 │ Resolve to an IPv6 address. │
├────────┼──────────────────────────────────┤
│client │ Resolve to the same family as │
│ │ the client IP address. │
├────────┼──────────────────────────────────┤
│none │ Stop resolving. │
└────────┴──────────────────────────────────┘
The order of the keywords is critical. When a host name needs to be resolved it is
resolved in same order as the keywords. If a resolution fails, the next option in
the list is tried. The keyword none means to give up resolution entirely. The
keyword list has a maximum length of three keywords, more are never needed. By
default there is an implicit ipv4;ipv6 attached to the end of the string unless the
keyword none appears.
Example
Use the incoming client family, then try IPv4 and IPv6.
client;ipv4;ipv6
Because of the implicit resolution this can also be expressed as just
client
Example
Resolve only to IPv4.
ipv4;none
Example
Resolve only to the same family as the client (do not permit cross family transactions).
client;none
This value is a global default that can be overridden by proxy.config.http.server_ports.
NOTE:
This style is used as a convenience for the administrator. During a resolution the
resolution order will be one family, then possibly the other. This is determined by
changing client to ipv4 or ipv6 based on the client IP address and then removing
duplicates.
IMPORTANT:
This option has no effect on outbound transparent connections The local IP address used
in the connection to the origin server is determined by the client, which forces the IP
address family of the address used for the origin server. In effect, outbound
transparent connections always use a resolution style of "client".
LOGGING CONFIGURATION
proxy.config.log.logging_enabled
Scope CONFIG.TP Type INT.TP Default 3.TP Reloadable Yes.UNINDENT Enables and disables
event logging:
• 0 = logging disabled
• 1 = log errors only
• 2 = log transactions only
• 3 = full logging (errors + transactions)
Refer to working-with-log-files.
proxy.config.log.max_secs_per_buffer
Scope CONFIG.TP Type INT.TP Default 5.TP Reloadable Yes.UNINDENT The maximum amount of
time before data in the buffer is flushed to disk.
proxy.config.log.max_space_mb_for_logs
Scope CONFIG.TP Type INT.TP Default 25000.TP Metric megabytes.TP Reloadable Yes.UNINDENT
The amount of space allocated to the logging directory (in MB).
NOTE:
All files in the logging directory contribute to the space used, even if they are not
log files. In collation client mode, if there is no local disk logging, or
proxy.config.log.max_space_mb_for_orphan_logs is set to a higher value than
proxy.config.log.max_space_mb_for_logs, TS will take
proxy.config.log.max_space_mb_for_orphan_logs for maximum allowed log space.
proxy.config.log.max_space_mb_for_orphan_logs
Scope CONFIG.TP Type INT.TP Default 25.TP Metric megabytes.TP Reloadable Yes.UNINDENT The
amount of space allocated to the logging directory (in MB) if this node is acting
as a collation client.
NOTE:
When max_space_mb_for_orphan_logs is take as the maximum allowed log space in the
logging system, the same rule apply to proxy.config.log.max_space_mb_for_logs also
apply to proxy.config.log.max_space_mb_for_orphan_logs, ie: All files in the logging
directory contribute to the space used, even if they are not log files. you may need to
consider this when you enable full remote logging, and bump to the same size as
proxy.config.log.max_space_mb_for_logs.
proxy.config.log.max_space_mb_headroom
Scope CONFIG.TP Type INT.TP Default 1000.TP Metric megabytes.TP Reloadable Yes.UNINDENT
The tolerance for the log space limit (in megabytes). If the variable
proxy.config.log.auto_delete_rolled_files is set to 1 (enabled), then autodeletion
of log files is triggered when the amount of free space available in the logging
directory is less than the value specified here.
proxy.config.log.hostname
Scope CONFIG.TP Type STRING.TP Default localhost.TP Reloadable Yes.UNINDENT The hostname
of the machine running Traffic Server.
proxy.config.log.logfile_dir
Scope CONFIG.TP Type STRING.TP Default var/log/trafficserver.TP Reloadable Yes.UNINDENT
The path to the logging directory. This can be an absolute path or a path relative
to the PREFIX directory in which Traffic Server is installed.
NOTE:
The directory you specify must already exist.
proxy.config.log.logfile_perm
Scope CONFIG.TP Type STRING.TP Default rw-r--r--.TP Reloadable Yes.UNINDENT The log file
permissions. The standard UNIX file permissions are used (owner, group, other).
Permissible values are:
- no permission r read permission w write permission x execute permission
Permissions are subject to the umask settings for the Traffic Server process. This
means that a umask setting of002 will not allow write permission for others, even
if specified in the configuration file. Permissions for existing log files are not
changed when the configuration is changed.
proxy.config.log.custom_logs_enabled
Scope CONFIG.TP Type INT.TP Default 1.TP Reloadable Yes.UNINDENT Enables (1) or disables
(0) custom logging.
proxy.config.log.squid_log_enabled
Scope CONFIG.TP Type INT.TP Default 1.TP Reloadable Yes.UNINDENT Enables (1) or disables
(0) the squid log file format.
proxy.config.log.squid_log_is_ascii
Scope CONFIG.TP Type INT.TP Default 0.TP Reloadable Yes.UNINDENT The squid log file type:
• 1 = ASCII
• 0 = binary
proxy.config.log.squid_log_name
Scope CONFIG.TP Type STRING.TP Default squid.TP Reloadable Yes.UNINDENT The squid log
filename.
proxy.config.log.squid_log_header
Scope CONFIG.TP Type STRING.TP Default NULL.UNINDENT The squid log file header text.
proxy.config.log.common_log_enabled
Scope CONFIG.TP Type INT.TP Default 0.TP Reloadable Yes.UNINDENT Enables (1) or disables
(0) the Netscape common log file format.
proxy.config.log.common_log_is_ascii
Scope CONFIG.TP Type INT.TP Default 1.TP Reloadable Yes.UNINDENT The Netscape common log
file type:
• 1 = ASCII
• 0 = binary
proxy.config.log.common_log_name
Scope CONFIG.TP Type STRING.TP Default common.TP Reloadable Yes.UNINDENT The Netscape
common log filename.
proxy.config.log.common_log_header
Scope CONFIG.TP Type STRING.TP Default NULL.TP Reloadable Yes.UNINDENT The Netscape
common log file header text.
proxy.config.log.extended_log_enabled
Scope CONFIG.TP Type INT.TP Default 0.TP Reloadable Yes.UNINDENT Enables (1) or disables
(0) the Netscape extended log file format.
proxy.config.log.extended_log_is_ascii
Scope CONFIG.TP Type INT.TP Default 0.UNINDENT The Netscape extended log file type:
• 1 = ASCII
• 0 = binary
proxy.config.log.extended_log_name
Scope CONFIG.TP Type STRING.TP Default extended.UNINDENT The Netscape extended log
filename.
proxy.config.log.extended_log_header
Scope CONFIG.TP Type STRING.TP Default NULL.TP Reloadable Yes.UNINDENT The Netscape
extended log file header text.
proxy.config.log.extended2_log_enabled
Scope CONFIG.TP Type INT.TP Default 0.TP Reloadable Yes.UNINDENT Enables (1) or disables
(0) the Netscape Extended-2 log file format.
proxy.config.log.extended2_log_is_ascii
Scope CONFIG.TP Type INT.TP Default 1.TP Reloadable Yes.UNINDENT The Netscape Extended-2
log file type:
• 1 = ASCII
• 0 = binary
proxy.config.log.extended2_log_name
Scope CONFIG.TP Type STRING.TP Default extended2.TP Reloadable Yes.UNINDENT The Netscape
Extended-2 log filename.
proxy.config.log.extended2_log_header
Scope CONFIG.TP Type STRING.TP Default NULL.TP Reloadable Yes.UNINDENT The Netscape
Extended-2 log file header text.
proxy.config.log.separate_icp_logs
Scope CONFIG.TP Type INT.TP Default 0.TP Reloadable Yes.UNINDENT When enabled (1),
configures Traffic Server to store ICP transactions in a separate log file.
• 0 = separation is disabled, all ICP transactions are recorded in the same file as HTTP
transactions
• 1 = all ICP transactions are recorded in a separate log file.
• -1 = filter all ICP transactions from the default log files; ICP transactions are not
logged anywhere.
proxy.config.log.separate_host_logs
Scope CONFIG.TP Type INT.TP Default 0.TP Reloadable Yes.UNINDENT When enabled (1),
configures Traffic Server to create a separate log file for HTTP transactions for
each origin server listed in the log_hosts.config file. Refer to HTTP Host Log
Splitting.
proxy.local.log.collation_mode
Scope LOCAL.TP Type INT.TP Default 0.TP Reloadable Yes.UNINDENT Set the log collation
mode.
┌──────┬──────────────────────────────────┐
│Value │ Effect │
├──────┼──────────────────────────────────┤
│0 │ collation is disabled │
├──────┼──────────────────────────────────┤
│1 │ this host is a log collation │
│ │ server │
├──────┼──────────────────────────────────┤
│2 │ this host is a collation client │
│ │ and sends entries using standard │
│ │ formats to the collation server │
├──────┼──────────────────────────────────┤
│3 │ this host is a collation client │
│ │ and sends entries using the │
│ │ traditional custom formats to │
│ │ the collation server │
├──────┼──────────────────────────────────┤
│4 │ this host is a collation client │
│ │ and sends entries that use both │
│ │ the standard and traditional │
│ │ custom formats to the collation │
│ │ server │
└──────┴──────────────────────────────────┘
For information on sending XML-based custom formats to the collation server, refer
to logs_xml.config.
NOTE:
Although Traffic Server supports traditional custom logging, you should use the more
versatile XML-based custom formats.
proxy.config.log.collation_host
Scope CONFIG.TP Type STRING.TP Default NULL.UNINDENT The hostname of the log collation
server.
proxy.config.log.collation_port
Scope CONFIG.TP Type INT.TP Default 8085.TP Reloadable Yes.UNINDENT The port used for
communication between the collation server and client.
proxy.config.log.collation_secret
Scope CONFIG.TP Type STRING.TP Default foobar.TP Reloadable Yes.UNINDENT The password
used to validate logging data and prevent the exchange of unauthorized information
when a collation server is being used.
proxy.config.log.collation_host_tagged
Scope CONFIG.TP Type INT.TP Default 0.TP Reloadable Yes.UNINDENT When enabled (1),
configures Traffic Server to include the hostname of the collation client that
generated the log entry in each entry.
proxy.config.log.collation_retry_sec
Scope CONFIG.TP Type INT.TP Default 5.TP Reloadable Yes.UNINDENT The number of seconds
between collation server connection retries.
proxy.config.log.rolling_enabled
Scope CONFIG.TP Type INT.TP Default 1.TP Reloadable Yes.UNINDENT Specifies how log files
are rolled. You can specify the following values:
• 0 = disables log file rolling
•
1 = enables log file rolling at specific intervals during the day (specified with the
proxy.config.log.rolling_interval_sec and proxy.config.log.rolling_offset_hr
variables)
• 2 = enables log file rolling when log files reach a specific size (specified with the
proxy.config.log.rolling_size_mb variable)
• 3 = enables log file rolling at specific intervals during the day or when log files
reach a specific size (whichever occurs first)
•
4 = enables log file rolling at specific intervals during the day when log files reach a
specific size (i.e., at a specified
time if the file is of the specified size)
proxy.config.log.rolling_interval_sec
Scope CONFIG.TP Type INT.TP Default 86400.TP Reloadable Yes.UNINDENT The log file rolling
interval, in seconds. The minimum value is 60 (1 minute). The maximum, and default,
value is 86400 seconds (one day).
NOTE:
If you start Traffic Server within a few minutes of the next rolling time, then rolling
might not occur until the next rolling time.
proxy.config.log.rolling_offset_hr
Scope CONFIG.TP Type INT.TP Default 0.TP Reloadable Yes.UNINDENT The file rolling offset
hour. The hour of the day that starts the log rolling period.
proxy.config.log.rolling_size_mb
Scope CONFIG.TP Type INT.TP Default 10.TP Reloadable Yes.UNINDENT The size that log files
must reach before rolling takes place.
proxy.config.log.auto_delete_rolled_files
Scope CONFIG.TP Type INT.TP Default 1.TP Reloadable Yes.UNINDENT Enables (1) or disables
(0) automatic deletion of rolled files.
proxy.config.log.sampling_frequency
Scope CONFIG.TP Type INT.TP Default 1.TP Reloadable Yes.UNINDENT Configures Traffic
Server to log only a sample of transactions rather than every transaction. You can
specify the following values:
• 1 = log every transaction
• 2 = log every second transaction
• 3 = log every third transaction and so on...
proxy.config.http.slow.log.threshold
Scope CONFIG.TP Type INT.TP Default 0.TP Metric milliseconds.TP Reloadable Yes.UNINDENT
If set to a non-zero value N then any connection that takes longer than N
milliseconds from accept to completion will cause its timing stats to be written to
the debugging log file. This is identifying data about the transaction and all of
the transaction milestones.
DIAGNOSTIC LOGGING CONFIGURATION
proxy.config.diags.output.diag
Scope CONFIG.TP Type STRING.TP Default E.UNINDENT
proxy.config.diags.output.debug
Scope CONFIG.TP Type STRING.TP Default E.UNINDENT
proxy.config.diags.output.status
Scope CONFIG.TP Type STRING.TP Default L.UNINDENT
proxy.config.diags.output.note
Scope CONFIG.TP Type STRING.TP Default L.UNINDENT
proxy.config.diags.output.warning
Scope CONFIG.TP Type STRING.TP Default L.UNINDENT
proxy.config.diags.output.error
Scope CONFIG.TP Type STRING.TP Default SL.UNINDENT
proxy.config.diags.output.fatal
Scope CONFIG.TP Type STRING.TP Default SL.UNINDENT
proxy.config.diags.output.alert
Scope CONFIG.TP Type STRING.TP Default L.UNINDENT
proxy.config.diags.output.emergency
Scope CONFIG.TP Type STRING.TP Default SL.UNINDENT The diagnosic output configuration
variables control where Traffic Server should log diagnostic output. Messages at
each diagnostic level can be directed to any combination of diagnostic
destinations. Valid diagnostic message destinations are:
• 'O' = Log to standard output
• 'E' = Log to standard error
• 'S' = Log to syslog
• 'L' = Log to diags.log
Example
To log debug diagnostics to both syslog and diags.log:
CONFIG proxy.config.diags.output.debug STRING SL
proxy.config.diags.show_location
Scope CONFIG.TP Type INT.TP Default 1.UNINDENT Annotates diagnostic messages with the
source code location.
proxy.config.diags.debug.enabled
Scope CONFIG.TP Type INT.TP Default 0.UNINDENT Enables logging for diagnostic messages
whose log level is diag or debug.
proxy.config.diags.debug.tags
Scope CONFIG.TP Type STRING.TP Default http.*|dns.*.UNINDENT Each Traffic Server diag and
debug level message is annotated with a subsytem tag. This configuration contains a
regular expression that filters the messages based on the tag. Some commonly used
debug tags are:
┌───────────┬──────────────────────────────────┐
│Tag │ Subsytem usage │
├───────────┼──────────────────────────────────┤
│dns │ DNS query resolution │
├───────────┼──────────────────────────────────┤
│http_hdrs │ Logs the headers for HTTP │
│ │ requests and responses │
├───────────┼──────────────────────────────────┤
│privileges │ Privilege elevation │
├───────────┼──────────────────────────────────┤
│ssl │ TLS termination and certificate │
│ │ processing │
└───────────┴──────────────────────────────────┘
Traffic Server plugins will typically log debug messages using the TSDebug() API,
passing the plugin name as the debug tag.
REVERSE PROXY
proxy.config.reverse_proxy.enabled
Scope CONFIG.TP Type INT.TP Default 1.TP Reloadable Yes.UNINDENT Enables (1) or disables
(0) HTTP reverse proxy.
proxy.config.header.parse.no_host_url_redirect
Scope CONFIG.TP Type STRING.TP Default NULL.TP Reloadable Yes.UNINDENT The URL to which
to redirect requests with no host headers (reverse proxy).
URL REMAP RULES
proxy.config.url_remap.filename
Scope CONFIG.TP Type STRING.TP Default remap.config.UNINDENT Sets the name of the
remap.config file.
proxy.config.url_remap.default_to_server_pac
Scope CONFIG.TP Type INT.TP Default 0.TP Reloadable Yes.UNINDENT Enables (1) or disables
(0) requests for a PAC file on the proxy service port (8080 by default) to be
redirected to the PAC port. For this type of redirection to work, the variable
proxy.config.reverse_proxy.enabled must be set to 1.
proxy.config.url_remap.default_to_server_pac_port
Scope CONFIG.TP Type INT.TP Default -1.TP Reloadable Yes.UNINDENT Sets the PAC port so
that PAC requests made to the Traffic Server proxy service port are redirected this
port. -1 is the default setting that sets the PAC port to the autoconfiguration
port (the default autoconfiguration port is 8083). This variable can be used
together with the proxy.config.url_remap.default_to_server_pac variable to get a
PAC file from a different port. You must create and run a process that serves a PAC
file on this port. For example: if you create a Perl script that listens on port
9000 and writes a PAC file in response to any request, then you can set this
variable to 9000. Browsers that request the PAC file from a proxy server on port
8080 will get the PAC file served by the Perl script.
proxy.config.url_remap.remap_required
Scope CONFIG.TP Type INT.TP Default 1.TP Reloadable Yes.UNINDENT Set this variable to 1
if you want Traffic Server to serve requests only from origin servers listed in the
mapping rules of the remap.config file. If a request does not match, then the
browser will receive an error.
proxy.config.url_remap.pristine_host_hdr
Scope CONFIG.TP Type INT.TP Default 0.TP Reloadable Yes.UNINDENT Set this variable to 1
if you want to retain the client host header in a request during remapping.
SSL TERMINATION
proxy.config.ssl.SSLv2
Scope CONFIG.TP Type INT.TP Default 0.UNINDENT Enables (1) or disables (0) SSLv2. Please
don't enable it.
proxy.config.ssl.SSLv3
Scope CONFIG.TP Type INT.TP Default 0.UNINDENT Enables (1) or disables (0) SSLv3.
proxy.config.ssl.TLSv1
Scope CONFIG.TP Type INT.TP Default 1.UNINDENT Enables (1) or disables (0) TLSv1.
proxy.config.ssl.TLSv1_1
Scope CONFIG.TP Type INT.TP Default 1.UNINDENT Enables (1) or disables (0) TLS v1.1. If
not specified, enabled by default. [Requires OpenSSL v1.0.1 and higher]
proxy.config.ssl.TLSv1_2
Scope CONFIG.TP Type INT.TP Default 1.UNINDENT Enables (1) or disables (0) TLS v1.2. If
not specified, DISABLED by default. [Requires OpenSSL v1.0.1 and higher]
proxy.config.ssl.client.certification_level
Scope CONFIG.TP Type INT.TP Default 0.UNINDENT Sets the client certification level:
•
0 = no client certificates are required. Traffic Server does
not verify client certificates during the SSL handshake. Access to Traffic Server
depends on Traffic Server configuration options (such as access control lists).
•
1 = client certificates are optional. If a client has a
certificate, then the certificate is validated. If the client does not have a
certificate, then the client is still allowed access to Traffic Server unless
access is denied through other Traffic Server configuration options.
•
2 = client certificates are required. The client must be
authenticated during the SSL handshake. Clients without a certificate are not
allowed to access Traffic Server.
proxy.config.ssl.number.threads
Scope CONFIG.TP Type INT.TP Default 0.UNINDENT Sets the number of SSL threads to use,
this defaults to 0 (autoconfigure).
• 0 = autoconfigure, this will allow Traffic Server to determine the appropriate number of
threads
• -1 = disable, this makes ET_NET threads behave like ET_SSL threads Note: this does not
disable SSL, it simply allows another thread pool to assist in SSL tasks without
dedicated SSL threads.
• >0 = Use a non-zero number of SSL threads
proxy.config.ssl.server.multicert.filename
Scope CONFIG.TP Type STRING.TP Default ssl_multicert.config.UNINDENT The location of the
ssl_multicert.config file, relative to the Traffic Server configuration directory.
In the following example, if the Traffic Server configuration directory is
/etc/trafficserver, the Traffic Server SSL configuration file and the corresponding
certificates are located in /etc/trafficserver/ssl:
CONFIG proxy.config.ssl.server.multicert.filename STRING ssl/ssl_multicert.config
CONFIG proxy.config.ssl.server.cert.path STRING etc/trafficserver/ssl
CONFIG proxy.config.ssl.server.private_key.path STRING etc/trafficserver/ssl
proxy.config.ssl.server.cert.path
Scope CONFIG.TP Type STRING.TP Default /config.UNINDENT The location of the SSL
certificates and chains used for accepting and validation new SSL sessions. If this
is a relative path, it is appended to the Traffic Server installation PREFIX. All
certificates and certificate chains listed in ssl_multicert.config will be loaded
relative to this path.
proxy.config.ssl.server.private_key.path
Scope CONFIG.TP Type STRING.TP Default NULL.UNINDENT The location of the SSL certificate
private keys. Change this variable only if the private key is not located in the
SSL certificate file. All private keys listed in ssl_multicert.config will be
loaded relative to this path.
proxy.config.ssl.server.cert_chain.filename
Scope CONFIG.TP Type STRING.TP Default NULL.UNINDENT The name of a file containing a
global certificate chain that should be used with every server certificate. This
file is only used if there are certificates defined in ssl_multicert.config.
Unless this is an absolute path, it is loaded relative to the path specified by
proxy.config.ssl.server.cert.path.
proxy.config.ssl.server.dhparams_file
Scope CONFIG.TP Type STRING.TP Default NULL.UNINDENT The name of a file containing a set
of Diffie-Hellman key exchange parameters. If not specified, 2048-bit DH parameters
from RFC 5114 are used. These parameters are only used if a DHE (or EDH) cipher
suite has been selected.
proxy.config.ssl.CA.cert.path
Scope CONFIG.TP Type STRING.TP Default NULL.UNINDENT The location of the certificate
authority file that client certificates will be verified against.
proxy.config.ssl.CA.cert.filename
Scope CONFIG.TP Type STRING.TP Default NULL.UNINDENT The filename of the certificate
authority that client certificates will be verified against.
proxy.config.ssl.server.ticket_key.filename
Scope CONFIG.TP Type STRING.TP Default ssl_ticket.key.UNINDENT The location of the
ssl_ticket.key file, relative to the proxy.config.ssl.server.cert.path directory.
proxy.config.ssl.max_record_size
Scope CONFIG.TP Type INT.TP Default 0.UNINDENT This configuration specifies the maximum
number of bytes to write into a SSL record when replying over a SSL session. In
some circumstances this setting can improve response latency by reducing buffering
at the SSL layer. This setting can have a value between 0 and 16383 (max TLS record
size).
The default of 0 means to always write all available data into a single SSL record.
A value of -1 means TLS record size is dynamically determined. The strategy
employed is to use small TLS records that fit into a single TCP segment for the
first ~1 MB of data, but, increase the record size to 16 KB after that to optimize
throughput. The record size is reset back to a single segment after ~1 second of
inactivity and the record size ramping mechanism is repeated again.
proxy.config.ssl.session_cache
Scope CONFIG.TP Type INT.TP Default 2.UNINDENT Enables the SSL Session Cache: - 0 =
Disables the session cache entirely
• 1 = Enables the session cache using OpenSSLs implementation.
•
2 = (default) Enables the session cache using Traffic Server's implementation.
This implentation should perform much better than the OpenSSL implementation.
proxy.config.ssl.session_cache.timeout
Scope CONFIG.TP Type INT.TP Default 0.UNINDENT This configuration specifies the lifetime
of SSL session cache entries in seconds. If it is 0, then the SSL library will use
a default value, typically 300 seconds. Note: This option has no affect when using
the Traffic Server session cache (option 2 in proxy.config.ssl.session_cache)
proxy.config.ssl.session_cache.auto_clear
Scope CONFIG.TP Type INT.TP Default 1.UNINDENT This will set the OpenSSL auto clear flag.
Auto clear is enabled by default with 1 it can be disabled by changing this setting
to 0.
proxy.config.ssl.session_cache.size
Scope CONFIG.TP Type INT.TP Default 102400.UNINDENT This configuration specifies the
maximum number of entries the SSL session cache may contain.
proxy.config.ssl.session_cache.num_buckets
Scope CONFIG.TP Type INT.TP Default 1024.UNINDENT This configuration specifies the number
of buckets to use with the Traffic Server SSL session cache implementation. The TS
implementation is a fixed size hash map where each bucket is protected by a mutex.
proxy.config.ssl.session_cache.skip_cache_on_bucket_contention
Scope CONFIG.TP Type INT.TP Default 0.UNINDENT This configuration specifies the behavior
of the Traffic Server SSL session cache implementation during lock contention on
each bucket:
• 0 = (default) Don't skip session caching when bucket lock is contented.
• 1 = Don't use the SSL session cache for this connection during lock contention.
proxy.config.ssl.hsts_max_age
Scope CONFIG.TP Type INT.TP Default -1.UNINDENT This configuration specifies the max-age
value that will be used when adding the Strict-Transport-Security header. The
value is in seconds. A value of 0 will set the max-age value to 0 and should
remove the HSTS entry from the client. A value of -1 will disable this feature and
not set the header. This option is only used for HTTPS requests and the header
will not be set on HTTP requests.
proxy.config.ssl.hsts_include_subdomains
Scope CONFIG.TP Type INT.TP Default 0.UNINDENT Enables (1) or disables (0) adding the
includeSubdomain value to the Strict-Transport-Security header.
proxy.config.ssl.hsts_max_age needs to be set to a non -1 value for this
configuration to take effect.
proxy.config.ssl.allow_client_renegotiation
Scope CONFIG.TP Type INT.TP Default 0.UNINDENT This configuration specifies whether the
client is able to initiate renegotiation of the SSL connection. The default of 0,
means the client can't initiate renegotiation.
proxy.config.ssl.cert.load_elevated
Scope CONFIG.TP Type INT.TP Default 0.UNINDENT Enables (1) or disables (0) elevation of
traffic_server privileges during loading of SSL certificates. By enabling this,
SSL certificate files' access rights can be restricted to help reduce the
vulnerability of certificates.
This feature requires Traffic Server to be built with POSIX capabilities enabled.
Client-Related Configuration
proxy.config.ssl.client.verify.server
Scope CONFIG.TP Type INT.TP Default 0.UNINDENT Configures Traffic Server to verify the
origin server certificate with the Certificate Authority (CA).
proxy.config.ssl.client.cert.filename
Scope CONFIG.TP Type STRING.TP Default NULL.UNINDENT The filename of SSL client
certificate installed on Traffic Server.
proxy.config.ssl.client.cert.path
Scope CONFIG.TP Type STRING.TP Default /config.UNINDENT The location of the SSL client
certificate installed on Traffic Server.
proxy.config.ssl.client.private_key.filename
Scope CONFIG.TP Type STRING.TP Default NULL.UNINDENT The filename of the Traffic Server
private key. Change this variable only if the private key is not located in the
Traffic Server SSL client certificate file.
proxy.config.ssl.client.private_key.path
Scope CONFIG.TP Type STRING.TP Default NULL.UNINDENT The location of the Traffic Server
private key. Change this variable only if the private key is not located in the SSL
client certificate file.
proxy.config.ssl.client.CA.cert.filename
Scope CONFIG.TP Type STRING.TP Default NULL.UNINDENT The filename of the certificate
authority against which the origin server will be verified.
proxy.config.ssl.client.CA.cert.path
Scope CONFIG.TP Type STRING.TP Default NULL.UNINDENT Specifies the location of the
certificate authority file against which the origin server will be verified.
ICP CONFIGURATION
proxy.config.icp.enabled
Scope CONFIG.TP Type INT.TP Default 0.UNINDENT Sets ICP mode for hierarchical caching:
• 0 = disables ICP
• 1 = allows Traffic Server to receive ICP queries only
• 2 = allows Traffic Server to send and receive ICP queries
Refer to <admin-icp-peering>.
proxy.config.icp.icp_interface
Scope CONFIG.TP Type STRING.TP Default your_interface.UNINDENT Specifies the network
interface used for ICP traffic.
NOTE:
The Traffic Server installation script detects your network interface and sets this
variable appropriately. If your system has multiple network interfaces, check that this
variable specifies the correct interface.
proxy.config.icp.icp_port
Scope CONFIG.TP Type INT.TP Default 3130.TP Reloadable Yes.UNINDENT Specifies the UDP
port that you want to use for ICP messages.
proxy.config.icp.query_timeout
Scope CONFIG.TP Type INT.TP Default 2.TP Reloadable Yes.UNINDENT Specifies the timeout
used for ICP queries.
HTTP/2 CONFIGURATION
proxy.config.http2.enabled
Scope CONFIG.TP Type INT.TP Default 0.UNINDENT Enable the experimental HTTP/2 feature.
This implements most of the specifications, with the one big exception being server
PUSH.
NOTE:
This configuration will be eliminated for v6.0.0, where HTTP/2 is enabled by default
and controlled via the ports configuration.
proxy.config.http2.max_concurrent_streams_in
Scope CONFIG.TP Type INT.TP Default 100.TP Reloadable Yes.UNINDENT The maximum number of
concurrent streams per inbound connection.
NOTE:
Reloading this value affects only new HTTP/2 connections, not the ones already
established.
proxy.config.http2.initial_window_size_in
Scope CONFIG.TP Type INT.TP Default 65536.TP Reloadable Yes.UNINDENT The initial window
size for inbound connections.
proxy.config.http2.max_frame_size
Scope CONFIG.TP Type INT.TP Default 16384.TP Reloadable Yes.UNINDENT Indicates the size
of the largest frame payload that the sender is willing to receive.
proxy.config.http2.header_table_size
Scope CONFIG.TP Type INT.TP Default 4096.TP Reloadable Yes.UNINDENT The maximum size of
the header compression table used to decode header blocks.
proxy.config.http2.max_header_list_size
Scope CONFIG.TP Type INT.TP Default 4294967295.TP Reloadable Yes.UNINDENT This advisory
setting informs a peer of the maximum size of header list that the sender is
prepared to accept blocks. The default value, which is the unsigned int maximum
value in Traffic Server, implies unlimited size.
SPDY CONFIGURATION
proxy.config.spdy.accept_no_activity_timeout
Scope CONFIG.TP Type INT.TP Default 30.TP Reloadable Yes.UNINDENT How long a SPDY
connection will be kept open after an accept without any streams created.
proxy.config.spdy.no_activity_timeout_in
Scope CONFIG.TP Type INT.TP Default 30.TP Reloadable Yes.UNINDENT How long a stream is
kept open without activity.
proxy.config.spdy.initial_window_size_in
Scope CONFIG.TP Type INT.TP Default 65536.TP Reloadable Yes.UNINDENT The initial window
size for inbound connections.
proxy.config.spdy.max_concurrent_streams_in
Scope CONFIG.TP Type INT.TP Default 100.TP Reloadable Yes.UNINDENT The maximum number of
concurrent streams per inbound connection.
NOTE:
Reloading this value affects only new SPDY connections, not the ones already
established..
SCHEDULED UPDATE CONFIGURATION
proxy.config.update.enabled
Scope CONFIG.TP Type INT.TP Default 0.UNINDENT Enables (1) or disables (0) the Scheduled
Update option.
proxy.config.update.force
Scope CONFIG.TP Type INT.TP Default 0.TP Reloadable Yes.UNINDENT Enables (1) or disables
(0) a force immediate update. When enabled, Traffic Server overrides the scheduling
expiration time for all scheduled update entries and initiates updates until this
option is disabled.
proxy.config.update.retry_count
Scope CONFIG.TP Type INT.TP Default 10.TP Reloadable Yes.UNINDENT Specifies the number of
times Traffic Server can retry the scheduled update of a URL in the event of
failure.
proxy.config.update.retry_interval
Scope CONFIG.TP Type INT.TP Default 2.TP Reloadable Yes.UNINDENT Specifies the delay (in
seconds) between each scheduled update retry for a URL in the event of failure.
proxy.config.update.concurrent_updates
Scope CONFIG.TP Type INT.TP Default 100.TP Reloadable Yes.UNINDENT Specifies the maximum
simultaneous update requests allowed at any time. This option prevents the
scheduled update process from overburdening the host.
PLUG-IN CONFIGURATION
proxy.config.plugin.plugin_dir
Scope CONFIG.TP Type STRING.TP Default config/plugins.UNINDENT Specifies the location of
Traffic Server plugins.
proxy.config.remap.num_remap_threads
Scope CONFIG.TP Type INT.TP Default 0.UNINDENT When this variable is set to 0, plugin
remap callbacks are executed in line on network threads. If remap processing takes
significant time, this can be cause additional request latency. Setting this
variable to causes remap processing to take place on a dedicated thread pool,
freeing the network threads to service additional requests.
SOCKETS
proxy.config.net.defer_accept
Scope CONFIG.TP Type INT.TP Default 1.UNINDENT default: 1 meaning on all Platforms except
Linux: 45 seconds
This directive enables operating system specific optimizations for a listening
socket. defer_accept holds a call to accept(2) back until data has arrived. In
Linux' special case this is up to a maximum of 45 seconds.
proxy.config.net.sock_send_buffer_size_in
Scope CONFIG.TP Type INT.TP Default 0.UNINDENT Sets the send buffer size for connections
from the client to Traffic Server.
proxy.config.net.sock_recv_buffer_size_in
Scope CONFIG.TP Type INT.TP Default 0.UNINDENT Sets the receive buffer size for
connections from the client to Traffic Server.
proxy.config.net.sock_option_flag_in
Scope CONFIG.TP Type INT.TP Default 0x0.UNINDENT Turns different options "on" for the
socket handling client connections::
TCP_NODELAY (1)
SO_KEEPALIVE (2)
SO_LINGER (4) - with a timeout of 0 seconds
NOTE:
This is a bitmask and you need to decide what bits to set. Therefore, you must set the
value to 3 if you want to enable nodelay and keepalive options above.
proxy.config.net.sock_send_buffer_size_out
Scope CONFIG.TP Type INT.TP Default 0.UNINDENT Sets the send buffer size for connections
from Traffic Server to the origin server.
proxy.config.net.sock_recv_buffer_size_out
Scope CONFIG.TP Type INT.TP Default 0.UNINDENT Sets the receive buffer size for
connections from Traffic Server to the origin server.
proxy.config.net.sock_option_flag_out
Scope CONFIG.TP Type INT.TP Default 0x1.UNINDENT Turns different options "on" for the
origin server socket::
TCP_NODELAY (1)
SO_KEEPALIVE (2)
SO_LINGER (4) - with a timeout of 0 seconds
NOTE:
This is a bitmask and you need to decide what bits to set. Therefore, you must set the
value to 3 if you want to enable nodelay and keepalive options above.
When SO_LINGER is enabled, the linger timeout time is set to 0. This is useful when
ATS and origin server were installed This is useful when Traffic Server and the
origin server are co-located and large numbers of sockets are retained in the
TIME_WAIT state.
proxy.config.net.sock_mss_in
Scope CONFIG.TP Type INT.TP Default 0.UNINDENT Same as the command line option
--accept_mss that sets the MSS for all incoming requests.
proxy.config.net.sock_packet_mark_in
Scope CONFIG.TP Type INT.TP Default 0x0.UNINDENT Set the packet mark on traffic destined
for the client (the packets that make up a client response).
SEE ALSO:
Traffic Shaping
proxy.config.net.sock_packet_mark_out
Scope CONFIG.TP Type INT.TP Default 0x0.UNINDENT Set the packet mark on traffic destined
for the origin (the packets that make up an origin request).
SEE ALSO:
Traffic Shaping
proxy.config.net.sock_packet_tos_in
Scope CONFIG.TP Type INT.TP Default 0x0.UNINDENT Set the ToS/DiffServ Field on packets
sent to the client (the packets that make up a client response).
SEE ALSO:
Traffic Shaping
proxy.config.net.sock_packet_tos_out
Scope CONFIG.TP Type INT.TP Default 0x0.UNINDENT Set the ToS/DiffServ Field on packets
sent to the origin (the packets that make up an origin request).
SEE ALSO:
Traffic Shaping
proxy.config.net.poll_timeout
Scope CONFIG.TP Type INT.TP Default 10 (or 30 on Solaris).UNINDENT Same as the command
line option --poll_timeout, or -t, which specifies the timeout used for the polling
mechanism used. This timeout is always in milliseconds (ms). This is the timeout to
epoll_wait() on Linux platforms, and to kevent() on BSD type OSs. The default value
is 10 on all platforms.
Changing this configuration can reduce CPU usage on an idle system, since periodic
tasks gets processed at these intervals. On busy servers, this overhead is
diminished, since polled events triggers morefrequently. However, increasing the
setting can also introduce additional latency for certain operations, and timed
events. It's recommended not to touch this setting unless your CPU usage is
unacceptable at idle workload. Some alternatives to this could be:
Reduce the number of worker threads (net-threads)
Reduce the number of disk (AIO) threads
Make sure accept threads are enabled
The relevant configurations for this are:
CONFIG proxy.config.exec_thread.autoconfig INT 0
CONFIG proxy.config.exec_thread.limit INT 2
CONFIG proxy.config.accept_threads INT 1
CONFIG proxy.config.cache.threads_per_disk INT 8
proxy.config.task_threads
Scope CONFIG.TP Type INT.TP Default 2.UNINDENT Specifies the number of task threads to
run. These threads are used for various tasks that should be off-loaded from the
normal network threads.
proxy.config.allocator.thread_freelist_size
Scope CONFIG.TP Type INT.TP Default 512.UNINDENT Sets the maximum number of elements that
can be contained in a ProxyAllocator (per-thread) before returning the objects to
the global pool
proxy.config.allocator.thread_freelist_low_watermark
Scope CONFIG.TP Type INT.TP Default 32.UNINDENT Sets the minimum number of items a
ProxyAllocator (per-thread) will guarantee to be holding at any one time.
proxy.config.http.enabled
Scope CONFIG.TP Type INT.TP Default 1.UNINDENT Turn on or off support for HTTP proxying.
This is rarely used, the one exception being if you run Traffic Server with a
protocol plugin, and would like for it to not support HTTP requests at all.
COPYRIGHT
2014, dev@trafficserver.apache.org