Movatterモバイル変換

Core functionality

Example Configuration
Directives
     accept_mutex
     accept_mutex_delay
     daemon
     debug_connection
     debug_points
     env
     error_log
     events
     include
     load_module
     lock_file
     master_process
     multi_accept
     pcre_jit
     pid
     ssl_engine
     ssl_object_cache_inheritable
     stall_threshold
     thread_pool
     timer_resolution
     use
     user
     worker_aio_requests
     worker_connections
     worker_cpu_affinity
     worker_priority
     worker_processes
     worker_rlimit_core
     worker_rlimit_nofile
     worker_shutdown_timeout
     working_directory

Example Configuration

user www www;worker_processes 2;error_log /var/log/nginx-error.log info;events {    use kqueue;    worker_connections 2048;}...

Directives

Syntax:	`accept_mutexon \|off;`
Default:	accept_mutex off;
Context:	`events`

Ifaccept_mutex is enabled,worker processes will accept new connections by turn.Otherwise, all worker processes will be notified about new connections,and if volume of new connections is low, some of the worker processesmay just waste system resources.

There is no need to enableaccept_mutexon systems that support theEPOLLEXCLUSIVE flag (1.11.3) orwhen usingreuseport.

Prior to version 1.11.3, the default value wason.

Syntax:	`accept_mutex_delaytime;`
Default:	accept_mutex_delay 500ms;
Context:	`events`

Ifaccept_mutex is enabled, specifies the maximum timeduring which a worker process will try to restart accepting newconnections if another worker process is currently acceptingnew connections.

Syntax:	`daemonon \|off;`
Default:	daemon on;
Context:	`main`

Determines whether nginx should become a daemon.Mainly used during development.

Syntax:	`debug_connectionaddress \|CIDR \|unix:;`
Default:	—
Context:	`events`

Enables debugging log for selected client connections.Other connections will use logging level set by theerror_log directive.Debugged connections are specified by IPv4 or IPv6 (1.3.0, 1.2.1)address or network.A connection may also be specified using a hostname.For connections using UNIX-domain sockets (1.3.0, 1.2.1),debugging log is enabled by the “unix:” parameter.

events {    debug_connection 127.0.0.1;    debug_connection localhost;    debug_connection 192.0.2.0/24;    debug_connection ::1;    debug_connection 2001:0db8::/32;    debug_connection unix:;    ...}

For this directive to work, nginx needs tobe built with--with-debug,see “A debugging log”.

Syntax:	`debug_pointsabort \|stop;`
Default:	—
Context:	`main`

This directive is used for debugging.

When internal error is detected, e.g. the leak of sockets onrestart of working processes, enablingdebug_pointsleads to a core file creation (abort)or to stopping of a process (stop) for furtheranalysis using a system debugger.

Syntax:	`envvariable[=value];`
Default:	env TZ;
Context:	`main`

By default, nginx removes all environment variables inheritedfrom its parent process except the TZ variable.This directive allows preserving some of the inherited variables,changing their values, or creating new environment variables.These variables are then:

inherited during alive upgradeof an executable file;
used by thengx_http_perl_module module;
used by worker processes.One should bear in mind that controlling system libraries in this wayis not always possible as it is common for libraries to checkvariables only during initialization, well before they can be setusing this directive.An exception from this is an above mentionedlive upgradeof an executable file.

The TZ variable is always inherited and available to thengx_http_perl_modulemodule, unless it is configured explicitly.

Usage example:

env MALLOC_OPTIONS;env PERL5LIB=/data/site/modules;env OPENSSL_ALLOW_PROXY_CERTS=1;

The NGINX environment variable is used internally by nginxand should not be set directly by the user.

Syntax:	`error_logfile [level];`
Default:	error_log logs/error.log error;
Context:	`main`,`http`,`mail`,`stream`,`server`,`location`

Configures logging.Several logs can be specified on the same configuration level (1.5.2).If on themain configuration level writing a log to a fileis not explicitly defined, the default file will be used.

The first parameter defines afile that will store the log.The special valuestderr selects the standard error file.Logging tosyslog can be configured by specifyingthe “syslog:” prefix.Logging to acyclic memory buffercan be configured by specifying the “memory:” prefix andbuffersize, and is generally used for debugging (1.7.11).

The second parameter determines thelevel of logging,and can be one of the following:debug,info,notice,warn,error,crit,alert, oremerg.Log levels above are listed in the order of increasing severity.Setting a certain log level will cause all messages ofthe specified and more severe log levels to be logged.For example, the default levelerror willcauseerror,crit,alert, andemerg messagesto be logged.If this parameter is omitted thenerror is used.

Fordebug logging to work, nginx needs tobe built with--with-debug,see “A debugging log”.

The directive can be specified on thestream levelstarting from version 1.7.11,and on themail levelstarting from version 1.9.0.

Syntax:	`events { ... }`
Default:	—
Context:	`main`

Provides the configuration file context in which the directives thataffect connection processing are specified.

Syntax:	`includefile \|mask;`
Default:	—
Context:	`any`

Includes anotherfile, or files matching thespecifiedmask, into configuration.Included files should consist ofsyntactically correct directives and blocks.

Usage example:

include mime.types;include vhosts/*.conf;

Syntax:	`load_modulefile;`
Default:	—
Context:	`main`

This directive appeared in version 1.9.11.

Loads a dynamic module.

Example:

load_module modules/ngx_mail_module.so;

Syntax:	`lock_filefile;`
Default:	lock_file logs/nginx.lock;
Context:	`main`

nginx uses the locking mechanism to implementaccept_mutexand serialize access to shared memory.On most systems the locks are implemented using atomic operations,and this directive is ignored.On other systems the “lock file” mechanism is used.This directive specifies a prefix for the names of lock files.

Syntax:	`master_processon \|off;`
Default:	master_process on;
Context:	`main`

Determines whether worker processes are started.This directive is intended for nginx developers.

Syntax:	`multi_accepton \|off;`
Default:	multi_accept off;
Context:	`events`

Ifmulti_accept is disabled, a worker processwill accept one new connection at a time.Otherwise, a worker processwill accept all new connections at a time.

The directive is ignored ifkqueueconnection processing method is used, because it reportsthe number of new connections waiting to be accepted.

Syntax:	`pcre_jiton \|off;`
Default:	pcre_jit off;
Context:	`main`

This directive appeared in version 1.1.12.

Enables or disables the use of “just-in-time compilation” (PCRE JIT)for the regular expressions known by the time of configuration parsing.

PCRE JIT can speed up processing of regular expressions significantly.

The JIT is available in PCRE libraries starting from version 8.20built with the--enable-jit configuration parameter.When the PCRE library is built with nginx (--with-pcre=),the JIT support is enabled via the--with-pcre-jit configuration parameter.

Syntax:	`pidfile;`
Default:	pid logs/nginx.pid;
Context:	`main`

Defines afile that will store the process ID of the main process.

Syntax:	`ssl_enginedevice;`
Default:	—
Context:	`main`

Defines the name of the hardware SSL accelerator.

The module may be dynamically loaded by OpenSSL during configuration testing.

Syntax:	`ssl_object_cache_inheritableon \|off;`
Default:	ssl_object_cache_inheritable on;
Context:	`main`

This directive appeared in version 1.27.4.

If enabled, SSL objects(SSL certificates, secret keys, trusted CA certificates, CRL lists)will be inherited across configuration reloads.

SSL objects loaded from a file are inheritedif the modification time and file index has not been changedsince the previous configuration load.Secret keys specified asengine:name:id are never inherited.Secret keys specified asdata:value are always inherited.

SSL objects loaded from variables cannot be inherited.

Example:

ssl_object_cache_inheritable on;http {    ...    server {        ...        ssl_certificate     example.com.crt;        ssl_certificate_key example.com.key;    }}

Syntax:	`stall_thresholdtime;`
Default:	stall_threshold 1000ms;
Context:	`events`

This directive appeared in version 1.29.0.

Allows overriding the default time threshold for the event loop iterationbefore a stall is reported.By default, a stall is reportedwhen an event loop iteration exceeds1000ms.If thetimer_resolution directive is enabled,the time threshold will be ignored.

This directive is available as part of ourcommercial subscription.

Syntax:	`thread_poolnamethreads=number [max_queue=number];`
Default:	thread_pool default threads=32 max_queue=65536;
Context:	`main`

This directive appeared in version 1.7.11.

Defines thename and parameters of a thread poolused for multi-threaded reading and sending of fileswithout blockingworker processes.

Thethreads parameterdefines the number of threads in the pool.

In the event that all threads in the pool are busy,a new task will wait in the queue.Themax_queue parameter limits the numberof tasks allowed to be waiting in the queue.By default, up to 65536 tasks can wait in the queue.When the queue overflows, the task is completed with an error.

Syntax:	`timer_resolutioninterval;`
Default:	—
Context:	`main`

Reduces timer resolution in worker processes, thus reducing thenumber ofgettimeofday() system calls made.By default,gettimeofday() is called each timea kernel event is received.With reduced resolution,gettimeofday() is onlycalled once per specifiedinterval.

Example:

timer_resolution 100ms;

Internal implementation of the interval depends on the method used:

theEVFILT_TIMER filter ifkqueue is used;
timer_create() ifeventport is used;
setitimer() otherwise.

Syntax:	`usemethod;`
Default:	—
Context:	`events`

Specifies theconnection processingmethod to use.There is normally no need to specify it explicitly, because nginx willby default use the most efficient method.

Syntax:	`useruser [group];`
Default:	user nobody nobody;
Context:	`main`

Definesuser andgroupcredentials used by worker processes.Ifgroup is omitted, a group whose name equalsthat ofuser is used.

Syntax:	`worker_aio_requestsnumber;`
Default:	worker_aio_requests 32;
Context:	`events`

This directive appeared in versions 1.1.4 and 1.0.7.

When usingaiowith theepollconnection processing method, sets the maximumnumber ofoutstanding asynchronous I/O operationsfor a single worker process.

Syntax:	`worker_connectionsnumber;`
Default:	worker_connections 512;
Context:	`events`

Sets the maximum number of simultaneous connections thatcan be opened by a worker process.

It should be kept in mind that this number includes all connections(e.g. connections with proxied servers, among others),not only connections with clients.Another consideration is that the actual number of simultaneousconnections cannot exceed the current limit onthe maximum number of open files, which can be changed byworker_rlimit_nofile.

Syntax:	`worker_cpu_affinitycpumask ...;` `worker_cpu_affinityauto [cpumask];`
Default:	—
Context:	`main`

Binds worker processes to the sets of CPUs.Each CPU set is represented by a bitmask of allowed CPUs.There should be a separate set defined for each of the worker processes.By default, worker processes are not bound to any specific CPUs.

For example,

worker_processes    4;worker_cpu_affinity 0001 0010 0100 1000;

binds each worker process to a separate CPU, while

worker_processes    2;worker_cpu_affinity 0101 1010;

binds the first worker process to CPU0/CPU2,and the second worker process to CPU1/CPU3.The second example is suitable for hyper-threading.

The special valueauto (1.9.10) allowsbinding worker processes automatically to available CPUs:

worker_processes auto;worker_cpu_affinity auto;

The optional mask parameter can be used to limit the CPUsavailable for automatic binding:

worker_cpu_affinity auto 01010101;

The directive is only available on FreeBSD and Linux.

Syntax:	`worker_prioritynumber;`
Default:	worker_priority 0;
Context:	`main`

Defines the scheduling priority for worker processes like it isdone by thenice command: a negativenumbermeans higher priority.Allowed range normally varies from -20 to 20.

Example:

worker_priority -10;

Syntax:	`worker_processesnumber \|auto;`
Default:	worker_processes 1;
Context:	`main`

Defines the number of worker processes.

The optimal value depends on many factors including (but notlimited to) the number of CPU cores, the number of hard diskdrives that store data, and load pattern.When one is in doubt, setting it to the number of available CPU coreswould be a good start (the value “auto”will try to autodetect it).

Theauto parameter is supported starting fromversions 1.3.8 and 1.2.5.

Syntax:	`worker_rlimit_coresize;`
Default:	—
Context:	`main`

Changes the limit on the largest size of a core file(RLIMIT_CORE) for worker processes.Used to increase the limit without restarting the main process.

Syntax:	`worker_rlimit_nofilenumber;`
Default:	—
Context:	`main`

Changes the limit on the maximum number of open files(RLIMIT_NOFILE) for worker processes.Used to increase the limit without restarting the main process.

Syntax:	`worker_shutdown_timeouttime;`
Default:	—
Context:	`main`

This directive appeared in version 1.11.11.

Configures a timeout for a graceful shutdown of worker processes.When thetime expires,nginx will try to close all the connections currently opento facilitate shutdown.

Syntax:	`working_directorydirectory;`
Default:	—
Context:	`main`

Defines the current working directory for a worker process.It is primarily used when writing a core-file, in which casea worker process should have write permission for thespecified directory.