2014-03-14 21:12:29 Lil_BEAR Looking to make your web app faster? Look no further! NGINX webinars in March focus on application delivery and acceleration — register now! nginx Core functionality english ðóññêèé 简体中文 עברית 日本語 türkçe italiano news about download security advisories documentation pgp keys faq links books support donation trac wiki nginx.com Example Configuration Directives accept_mutex accept_mutex_delay daemon debug_connection debug_points error_log env events include lock_file master_process multi_accept pcre_jit pid ssl_engine timer_resolution use user worker_aio_requests worker_connections worker_cpu_affinity worker_priority worker_processes worker_rlimit_core worker_rlimit_nofile worker_rlimit_sigpending working_directory Example Configuration user www www; worker_processes 2; error_log /var/log/nginx-error.log info; events { use kqueue; worker_connections 2048; } ... Directives syntax: accept_mutex on | off; default: accept_mutex on; context: events If accept_mutex is enabled, worker processes will accept new connections by turn. Otherwise, all worker processes will be notified about new connections, and if volume of new connections is low, some of the worker processes may just waste system resources. The use of rtsig connection processing method requires accept_mutex to be enabled. syntax: accept_mutex_delay time; default: accept_mutex_delay 500ms; context: events If accept_mutex is enabled, specifies the maximum time during which a worker process will try to restart accepting new connections if another worker process is currently accepting new connections. syntax: daemon on | off; default: daemon on; context: main Determines whether nginx should become a daemon. Mainly used during development. syntax: debug_connection address | CIDR | unix:; default: — context: events Enables debugging log for selected client connections. Other connections will use logging level set by the error_log directive. Debugged connections are specified by IPv4 or IPv6 (1.3.0, 1.2.1) address or network. A connection may also be specified using a hostname. For connections using UNIX-domain sockets (1.3.0, 1.2.1), debugging log is enabled by the “unix:” parameter. events { debug_connection 127.0.0.1; debug_connection localhost; debug_connection 192.0.2.0/24; debug_connection ::1; debug_connection 2001:0db8::/32; debug_connection unix:; ... } For this directive to work, nginx needs to be built with --with-debug, see “A debugging log”. syntax: debug_points abort | stop; default: — context: main This directive is used for debugging. When internal error is detected, e.g. the leak of sockets on restart of working processes, enabling debug_points leads to a core file creation (abort) or to stopping of a process (stop) for further analysis using a system debugger. syntax: error_log file | stderr | syslog:server=address[,parameter=value] [debug | info | notice | warn | error | crit | alert | emerg]; default: error_log logs/error.log error; context: main, http, server, location Configures logging. Several logs can be specified on the same level (1.5.2). The first parameter defines a file that will store the log. The special value stderr selects the standard error file. Logging to syslog can be configured by specifying the “syslog:” prefix. The second parameter determines the level of logging. Log levels above are listed in the order of increasing severity. Setting a certain log level will cause all messages of the specified and more severe log levels to be logged. For example, the default level error will cause error, crit, alert, and emerg messages to be logged. If this parameter is omitted then error is used. For debug logging to work, nginx needs to be built with --with-debug, see “A debugging log”. The following parameters configure logging to syslog: server=address Defines an address of a syslog server. An address can be specified as a domain name or IP address, and an optional port, or as a UNIX-domain socket path specified after the “unix:” prefix. If port is not specified, the port 514 is used. If a domain name resolves to several IP addresses, the first resolved address is used. facility=string Sets facility of syslog messages, as defined in RFC 3164. Facility can be one of “kern”, “user”, “mail”, “daemon”, “auth”, “intern”, “lpr”, “news”, “uucp”, “clock”, “authpriv”, “ftp”, “ntp”, “audit”, “alert”, “cron”, “local0”..“local7”. Default is “local7”. tag=string Sets tag of syslog messages. Default is “nginx”. Example syslog configuration: error_log syslog:server=192.168.1.1 debug; error_log syslog:server=unix:/var/log/nginx.sock; error_log syslog:server=[2001:db8::1]:12345,facility=local7,tag=nginx error; Logging to syslog is available as part of our commercial subscription. syntax: env variable[=value]; default: env TZ; context: main By default, nginx removes all environment variables inherited from its parent process except the TZ variable. This directive allows preserving some of the inherited variables, changing their values, or creating new environment variables. These variables are then: inherited during a live upgrade of an executable file; used by the ngx_http_perl_module module; used by worker processes. One should bear in mind that controlling system libraries in this way is not always possible as it is common for libraries to check variables only during initialization, well before they can be set using this directive. An exception from this is an above mentioned live upgrade of an executable file. The TZ variable is always inherited and available to the ngx_http_perl_module module, unless it is configured explicitly. Usage example: env MALLOC_OPTIONS; env PERL5LIB=/data/site/modules; env OPENSSL_ALLOW_PROXY_CERTS=1; The NGINX environment variable is used internally by nginx and should not be set directly by the user. syntax: events { ... } default: — context: main Provides the configuration file context in which the directives that affect connection processing are specified. syntax: include file | mask; default: — context: any Includes another file, or files matching the specified mask, into configuration. Included files should consist of syntactically correct directives and blocks. Usage example: include mime.types; include vhosts/*.conf; syntax: lock_file file; default: lock_file logs/nginx.lock; context: main nginx uses the locking mechanism to implement accept_mutex and serialize access to shared memory. On most systems the locks are implemented using atomic operations, and this directive is ignored. On other systems the “lock file” mechanism is used. This directive specifies a prefix for the names of lock files. syntax: master_process on | off; default: master_process on; context: main Determines whether worker processes are started. This directive is intended for nginx developers. syntax: multi_accept on | off; default: multi_accept off; context: events If multi_accept is disabled, a worker process will accept one new connection at a time. Otherwise, a worker process will accept all new connections at a time. The directive is ignored if kqueue connection processing method is used, because it reports the number of new connections waiting to be accepted. The use of rtsig connection processing method automatically enables multi_accept. syntax: pcre_jit on | off; default: pcre_jit off; context: main This directive appeared in version 1.1.12. Enables or disables the use of “just-in-time compilation” (PCRE JIT) for the regular expressions known by the time of configuration parsing. PCRE JIT can speed up processing of regular expressions significantly. The JIT is available in PCRE libraries starting from version 8.20 built with the --enable-jit configuration parameter. When the PCRE library is built with nginx (--with-pcre=), the JIT support is enabled via the --with-pcre-jit configuration parameter. syntax: pid file; default: pid nginx.pid; context: main Defines a file that will store the process ID of the main process. syntax: ssl_engine device; default: — context: main Defines the name of the hardware SSL accelerator. syntax: timer_resolution interval; default: — context: main Reduces timer resolution in worker processes, thus reducing the number of gettimeofday() system calls made. By default, gettimeofday() is called each time a kernel event is received. With reduced resolution, gettimeofday() is only called once per specified interval. Example: timer_resolution 100ms; Internal implementation of the interval depends on the method used: the EVFILT_TIMER filter if kqueue is used; timer_create() if eventport is used; setitimer() otherwise. syntax: use method; default: — context: events Specifies the connection processing method to use. There is normally no need to specify it explicitly, because nginx will by default use the most efficient method. syntax: user user [group]; default: user nobody nobody; context: main Defines user and group credentials used by worker processes. If group is omitted, a group whose name equals that of user is used. syntax: worker_aio_requests number; default: worker_aio_requests 32; context: events This directive appeared in versions 1.1.4 and 1.0.7. When using aio with the epoll connection processing method, sets the maximum number of outstanding asynchronous I/O operations for a single worker process. syntax: worker_connections number; default: worker_connections 512; context: events Sets the maximum number of simultaneous connections that can be opened by a worker process. It should be kept in mind that this number includes all connections (e.g. connections with proxied servers, among others), not only connections with clients. Another consideration is that the actual number of simultaneous connections cannot exceed the current limit on the maximum number of open files, which can be changed by worker_rlimit_nofile. syntax: worker_cpu_affinity cpumask ...; default: — context: main Binds worker processes to the sets of CPUs. Each CPU set is represented by a bitmask of allowed CPUs. There should be a separate set defined for each of the worker processes. By default, worker processes are not bound to any specific CPUs. For example, worker_processes 4; worker_cpu_affinity 0001 0010 0100 1000; binds each worker process to a separate CPU, while worker_processes 2; worker_cpu_affinity 0101 1010; binds the first worker process to CPU0/CPU2, and the second worker process to CPU1/CPU3. The second example is suitable for hyper-threading. The directive is only available on FreeBSD and Linux. syntax: worker_priority number; default: worker_priority 0; context: main Defines the scheduling priority for worker processes like it is done by the nice command: a negative number means higher priority. Allowed range normally varies from -20 to 20. Example: worker_priority -10; syntax: worker_processes number | auto; default: worker_processes 1; context: main Defines the number of worker processes. The optimal value depends on many factors including (but not limited to) the number of CPU cores, the number of hard disk drives that store data, and load pattern. When one is in doubt, setting it to the number of available CPU cores would be a good start (the value “auto” will try to autodetect it). The auto parameter is supported starting from versions 1.3.8 and 1.2.5. syntax: worker_rlimit_core size; default: — context: main Changes the limit on the largest size of a core file (RLIMIT_CORE) for worker processes. Used to increase the limit without restarting the main process. syntax: worker_rlimit_nofile number; default: — context: main Changes the limit on the maximum number of open files (RLIMIT_NOFILE) for worker processes. Used to increase the limit without restarting the main process. syntax: worker_rlimit_sigpending number; default: — context: main On systems that support rtsig connection processing method, changes the limit on the number of signals that may be queued (RLIMIT_SIGPENDING) for worker processes. Used to increase the limit without restarting the main process. syntax: working_directory directory; default: — context: main Defines the current working directory for a worker process. It is primarily used when writing a core-file, in which case a worker process should have write permission for the specified directory. |