nginx指令

Directives（指令）

Syntax（语法）:	aio on | off | threads[=pool];
Default:	aio off;
Context:	http, server, location

This directive appeared in version 0.8.11.

指令出现在版本0.8、11版本

Enables or disables the use of asynchronous file I/O (AIO)
on FreeBSD and Linux:

启用或者禁用异步文件的进出在Linux服务器上

location /video/ {
    aio            on;
    output_buffers 1 64k; 出口缓冲区
}

On FreeBSD, AIO can be used starting from FreeBSD 4.3. AIO can either be linked statically into a kernel:

在免费图形界面，异步输入输出可以在高于免费图形界面4.3.  异步输入输出可以被静态的连接成一个核

options VFS_AIO

or loaded dynamically as a kernel loadable module:

或者加载动态的像一个核心的可下载的模型

kldload aio

On Linux, AIO can be used starting from kernel version 2.6.22. Also, it is necessary to enable directio, or otherwise reading will be blocking:

在Linux上异步的输出输出从kernel2.6.22版本开始被使用。同时，很有必要禁用方向，否者读取下边的块

location /video/ {
    aio            on;
    directio       512;
    output_buffers 1 128k;
}

On Linux, directio can only be used for reading blocks that are aligned on 512-byte boundaries (or 4K for XFS).

在Linux上，方向静静被用着快

File’s unaligned end is read in blocking mode. The same holds true for byte range requests and for FLV requests not from the beginning of a file: reading of unaligned data at the beginning and end of a file will be blocking.

When both AIO and sendfile are enabled on Linux, AIO is used for files that are larger than or equal to the size specified in the directio directive, while sendfile is used for files of smaller sizes or when directio is disabled.

location /video/ {
    sendfile       on;
    aio            on;
    directio       8m;
}

Finally, files can be read and sent using multi-threading (1.7.11), without blocking a worker process:

location /video/ {
    sendfile       on;
    aio            threads;
}

Read and send file operations are offloaded to threads of the specified pool. If the pool name is omitted, the pool with the name “default” is used. The pool name can also be set with variables:

aio threads=pool$disk;

By default, multi-threading is disabled, it should be enabled with the --with-threads configuration parameter. Currently, multi-threading is compatible only with the epoll, kqueue, and eventport methods. Multi-threaded sending of files is only supported on Linux.

See also the sendfile directive.

Syntax:	aio_write on | off;
Default:	aio_write off;
Context:	http, server, location

This directive appeared in version 1.9.13.

If aio is enabled, specifies whether it is used for writing files.
Currently, this only works when using
aio threads
and is limited to writing temporary files
with data received from proxied servers.

Syntax:	alias path;
Default:	—
Context:	location

Defines a replacement for the specified location.
For example, with the following configuration

location /i/ {
    alias /data/w3/images/;
}

on request of “/i/top.gif”, the file /data/w3/images/top.gif will be sent.

The path value can contain variables, except $document_root and $realpath_root.

If alias is used inside a location defined with a regular expression then such regular expression should contain captures and alias should refer to these captures (0.7.40), for example:

location ~ ^/users/(.+\.(?:gif|jpe?g|png))$ {
    alias /data/w3/images/$1;
}

When location matches the last part of the directive’s value:

location /images/ {
    alias /data/w3/images/;
}

it is better to use the root directive instead:

location /images/ {
    root /data/w3;
}

Syntax:	chunked_transfer_encoding on | off;
Default:	chunked_transfer_encoding on;
Context:	http, server, location

Allows disabling chunked transfer encoding in HTTP/1.1.
It may come in handy when using a software failing to support
chunked encoding despite the standard’s requirement.

Syntax:	client_body_buffer_size size;
Default:	client_body_buffer_size 8k|16k;
Context:	http, server, location

Sets buffer size for reading client request body.
In case the request body is larger than the buffer,
the whole body or only its part is written to a
temporary file.
By default, buffer size is equal to two memory pages.
This is 8K on x86, other 32-bit platforms, and x86-64.
It is usually 16K on other 64-bit platforms.

Syntax:	client_body_in_file_only on | clean | off;
Default:	client_body_in_file_only off;
Context:	http, server, location

Determines whether nginx should save the entire client request body
into a file.
This directive can be used during debugging, or when using the
$request_body_file
variable, or the
$r->request_body_file
method of the module
ngx_http_perl_module.

When set to the value on, temporary files are not
removed after request processing.

The value clean will cause the temporary files
left after request processing to be removed.

Syntax:	client_body_in_single_buffer on | off;
Default:	client_body_in_single_buffer off;
Context:	http, server, location

Determines whether nginx should save the entire client request body
in a single buffer.
The directive is recommended when using the
$request_body
variable, to save the number of copy operations involved.

Syntax:	client_body_temp_path path [level1 [level2 [level3]]];
Default:	client_body_temp_path client_body_temp;
Context:	http, server, location

Defines a directory for storing temporary files holding client request bodies.
Up to three-level subdirectory hierarchy can be used under the specified
directory.
For example, in the following configuration

client_body_temp_path /spool/nginx/client_temp 1 2;

a path to a temporary file might look like this:

/spool/nginx/client_temp/7/45/00000123457

Syntax:	client_body_timeout time;
Default:	client_body_timeout 60s;
Context:	http, server, location

Defines a timeout for reading client request body.
The timeout is set only for a period between two successive read operations,
not for the transmission of the whole request body.
If a client does not transmit anything within this time, the
408 (Request Time-out)
error is returned to the client.

Syntax:	client_header_buffer_size size;
Default:	client_header_buffer_size 1k;
Context:	http, server

Sets buffer size for reading client request header.
For most requests, a buffer of 1K bytes is enough.
However, if a request includes long cookies, or comes from a WAP client,
it may not fit into 1K.
If a request line or a request header field does not fit into
this buffer then larger buffers, configured by the
large_client_header_buffers directive,
are allocated.

Syntax:	client_header_timeout time;
Default:	client_header_timeout 60s;
Context:	http, server

Defines a timeout for reading client request header.
If a client does not transmit the entire header within this time, the
408 (Request Time-out)
error is returned to the client.

Syntax:	client_max_body_size size;
Default:	client_max_body_size 1m;
Context:	http, server, location

Sets the maximum allowed size of the client request body,
specified in the
“Content-Length”
request header field.
If the size in a request exceeds the configured value, the
413 (Request Entity Too Large)
error is returned to the client.
Please be aware that
browsers cannot correctly display
this error.
Setting size to 0 disables checking of client
request body size.

Syntax:	connection_pool_size size;
Default:	connection_pool_size 256|512;
Context:	http, server

Allows accurate tuning of per-connection memory allocations.
This directive has minimal impact on performance
and should not generally be used.
By default, the size is equal to
256 bytes on 32-bit platforms and 512 bytes on 64-bit platforms.

Prior to version 1.9.8, the default value was 256 on all platforms.

Syntax:	default_type mime-type;
Default:	default_type text/plain;
Context:	http, server, location

Defines the default MIME type of a response.
Mapping of file name extensions to MIME types can be set
with the types directive.

Syntax:	directio size | off;
Default:	directio off;
Context:	http, server, location

This directive appeared in version 0.7.7.

Enables the use of
the O_DIRECT flag (FreeBSD, Linux),
the F_NOCACHE flag (Mac OS X),
or the directio() function (Solaris),
when reading files that are larger than or equal to
the specified size.
The directive automatically disables (0.7.15) the use of
sendfile
for a given request.
It can be useful for serving large files:

directio 4m;

or when using aio on Linux.

Syntax:	directio_alignment size;
Default:	directio_alignment 512;
Context:	http, server, location

This directive appeared in version 0.8.11.

Sets the alignment for
directio.
In most cases, a 512-byte alignment is enough.
However, when using XFS under Linux, it needs to be increased to 4K.

Syntax:	disable_symlinks off; disable_symlinks on | if_not_owner [from=part];
Default:	disable_symlinks off;
Context:	http, server, location

This directive appeared in version 1.1.15.

Determines how symbolic links should be treated when opening files:

off

Symbolic links in the pathname are allowed and not checked.
This is the default behavior.

on

If any component of the pathname is a symbolic link,
access to a file is denied.

if_not_owner

Access to a file is denied if any component of the pathname
is a symbolic link, and the link and object that the link
points to have different owners.

from=part

When checking symbolic links
(parameters on and if_not_owner),
all components of the pathname are normally checked.
Checking of symbolic links in the initial part of the pathname
may be avoided by specifying additionally the
from=part parameter.
In this case, symbolic links are checked only from
the pathname component that follows the specified initial part.
If the value is not an initial part of the pathname checked, the whole
pathname is checked as if this parameter was not specified at all.
If the value matches the whole file name,
symbolic links are not checked.
The parameter value can contain variables.

Example:

disable_symlinks on from=$document_root;

This directive is only available on systems that have the openat() and fstatat() interfaces. Such systems include modern versions of FreeBSD, Linux, and Solaris.

Parameters on and if_not_owner add a processing overhead.

On systems that do not support opening of directories only for search, to use these parameters it is required that worker processes have read permissions for all directories being checked.

The ngx_http_autoindex_module, ngx_http_random_index_module, and ngx_http_dav_module modules currently ignore this directive.

Syntax:	error_page code ... [=[response]] uri;
Default:	—
Context:	http, server, location, if in location

Defines the URI that will be shown for the specified errors.
error_page directives are inherited from the previous
level only if there are no error_page
directives defined on the current level.
A uri value can contain variables.

Example:

error_page 404             /404.html;
error_page 500 502 503 504 /50x.html;

Furthermore, it is possible to change the response code to another using the “=response” syntax, for example:

error_page 404 =200 /empty.gif;

If an error response is processed by a proxied server or a FastCGI/uwsgi/SCGI server, and the server may return different response codes (e.g., 200, 302, 401 or 404), it is possible to respond with the code it returns:

error_page 404 = /404.php;

It is also possible to use redirects for error processing:

error_page 403      http://example.com/forbidden.html;
error_page 404 =301 http://example.com/notfound.html;

In this case, by default, the response code 302 is returned to the client. It can only be changed to one of the redirect status codes (301, 302, 303, and 307).

If there is no need to change URI during internal redirection it is possible to pass error processing into a named location:

location / {
    error_page 404 = @fallback;
}

location @fallback {
    proxy_pass http://backend;
}

If uri processing leads to an error, the status code of the last occurred error is returned to the client.

Syntax:	etag on | off;
Default:	etag on;
Context:	http, server, location

This directive appeared in version 1.3.3.

Enables or disables automatic generation of the “ETag”
response header field for static resources.

Syntax:	http { ... }
Default:	—
Context:	main

Provides the configuration file context in which the HTTP server directives
are specified.

Syntax:	if_modified_since off | exact | before;
Default:	if_modified_since exact;
Context:	http, server, location

This directive appeared in version 0.7.24.

Specifies how to compare modification time of a response
with the time in the
“If-Modified-Since”
request header field:

off

the
“If-Modified-Since” request header field is ignored (0.7.34);

exact

exact match;

before

modification time of a response is
less than or equal to the time in the “If-Modified-Since”
request header field.

Syntax:	ignore_invalid_headers on | off;
Default:	ignore_invalid_headers on;
Context:	http, server

Controls whether header fields with invalid names should be ignored.
Valid names are composed of English letters, digits, hyphens, and possibly
underscores (as controlled by the underscores_in_headers
directive).

If the directive is specified on the server level,
its value is only used if a server is a default one.
The value specified also applies to all virtual servers
listening on the same address and port.

Syntax:	internal;
Default:	—
Context:	location

Specifies that a given location can only be used for internal requests.
For external requests, the client error
404 (Not Found)
is returned.
Internal requests are the following:

• requests redirected by the
  error_page,
  index,
  random_index, and
  try_files directives;
• requests redirected by the “X-Accel-Redirect”
  response header field from an upstream server;
• subrequests formed by the
  “include virtual”
  command of the
  ngx_http_ssi_module
  module and by the
  ngx_http_addition_module
  module directives;
• requests changed by the
  rewrite directive.

Example:

error_page 404 /404.html;

location /404.html {
    internal;
}

There is a limit of 10 internal redirects per request to prevent request processing cycles that can occur in incorrect configurations. If this limit is reached, the error 500 (Internal Server Error) is returned. In such cases, the “rewrite or internal redirection cycle” message can be seen in the error log.

Syntax:	keepalive_disable none | browser ...;
Default:	keepalive_disable msie6;
Context:	http, server, location

Disables keep-alive connections with misbehaving browsers.
The browser parameters specify which
browsers will be affected.
The value msie6 disables keep-alive connections
with old versions of MSIE, once a POST request is received.
The value safari disables keep-alive connections
with Safari and Safari-like browsers on Mac OS X and Mac OS X-like
operating systems.
The value none enables keep-alive connections
with all browsers.

Prior to version 1.1.18, the value safari matched
all Safari and Safari-like browsers on all operating systems, and
keep-alive connections with them were disabled by default.

Syntax:	keepalive_requests number;
Default:	keepalive_requests 100;
Context:	http, server, location

This directive appeared in version 0.8.0.

Sets the maximum number of requests that can be
served through one keep-alive connection.
After the maximum number of requests are made, the connection is closed.

Syntax:	keepalive_timeout timeout [header_timeout];
Default:	keepalive_timeout 75s;
Context:	http, server, location

The first parameter sets a timeout during which a keep-alive
client connection will stay open on the server side.
The zero value disables keep-alive client connections.
The optional second parameter sets a value in the
“Keep-Alive: timeout=time”
response header field.
Two parameters may differ.

The
“Keep-Alive: timeout=time”
header field is recognized by Mozilla and Konqueror.
MSIE closes keep-alive connections by itself in about 60 seconds.

Syntax:	large_client_header_buffers number size;
Default:	large_client_header_buffers 4 8k;
Context:	http, server

Sets the maximum number and size of
buffers used for reading large client request header.
A request line cannot exceed the size of one buffer, or the
414 (Request-URI Too Large)
error is returned to the client.
A request header field cannot exceed the size of one buffer as well, or the
400 (Bad Request)
error is returned to the client.
Buffers are allocated only on demand.
By default, the buffer size is equal to 8K bytes.
If after the end of request processing a connection is transitioned
into the keep-alive state, these buffers are released.

Syntax:	limit_except method ... { ... }
Default:	—
Context:	location

Limits allowed HTTP methods inside a location.
The method parameter can be one of the following:
GET,
HEAD,
POST,
PUT,
DELETE,
MKCOL,
COPY,
MOVE,
OPTIONS,
PROPFIND,
PROPPATCH,
LOCK,
UNLOCK,
or
PATCH.
Allowing the GET method makes the
HEAD method also allowed.
Access to other methods can be limited using the
ngx_http_access_module
and
ngx_http_auth_basic_module
modules directives:

limit_except GET {
    allow 192.168.1.0/32;
    deny  all;
}

Please note that this will limit access to all methods except GET and HEAD.

Syntax:	limit_rate rate;
Default:	limit_rate 0;
Context:	http, server, location, if in location

Limits the rate of response transmission to a client.
The rate is specified in bytes per second.
The zero value disables rate limiting.

The limit is set per a request, and so if a client simultaneously opens
two connections, the overall rate will be twice as much
as the specified limit.

Rate limit can also be set in the $limit_rate variable.
It may be useful in cases where rate should be limited
depending on a certain condition:

server {

    if ($slow) {
        set $limit_rate 4k;
    }

    ...
}

Rate limit can also be set in the “X-Accel-Limit-Rate” header field of a proxied server response. This capability can be disabled using the proxy_ignore_headers, fastcgi_ignore_headers, uwsgi_ignore_headers, and scgi_ignore_headers directives.

Syntax:	limit_rate_after size;
Default:	limit_rate_after 0;
Context:	http, server, location, if in location

This directive appeared in version 0.8.0.

Sets the initial amount after which the further transmission
of a response to a client will be rate limited.

Example:

location /flv/ {
    flv;
    limit_rate_after 500k;
    limit_rate       50k;
}

Syntax:	lingering_close off | on | always;
Default:	lingering_close on;
Context:	http, server, location

This directive appeared in versions 1.1.0 and 1.0.6.

Controls how nginx closes client connections.

The default value “on” instructs nginx to
wait for and
process additional data from a client
before fully closing a connection, but only
if heuristics suggests that a client may be sending more data.

The value “always” will cause nginx to unconditionally
wait for and process additional client data.

The value “off” tells nginx to never wait for
more data and close the connection immediately.
This behavior breaks the protocol and should not be used under normal
circumstances.

Syntax:	lingering_time time;
Default:	lingering_time 30s;
Context:	http, server, location

When lingering_close is in effect,
this directive specifies the maximum time during which nginx
will process (read and ignore) additional data coming from a client.
After that, the connection will be closed, even if there will be
more data.

Syntax:	lingering_timeout time;
Default:	lingering_timeout 5s;
Context:	http, server, location

When lingering_close is in effect, this directive specifies
the maximum waiting time for more client data to arrive.
If data are not received during this time, the connection is closed.
Otherwise, the data are read and ignored, and nginx starts waiting
for more data again.
The “wait-read-ignore” cycle is repeated, but no longer than specified by the
lingering_time directive.

Syntax:	listen address[:port] [default_server] [ssl] [http2 | spdy] [proxy_protocol] [setfib=number] [fastopen=number] [backlog=number] [rcvbuf=size] [sndbuf=size] [accept_filter=filter] [deferred] [bind] [ipv6only=on|off] [reuseport] [so_keepalive=on|off|[keepidle]:[keepintvl]:[keepcnt]]; listen port [default_server] [ssl] [http2 | spdy] [proxy_protocol] [setfib=number] [fastopen=number] [backlog=number] [rcvbuf=size] [sndbuf=size] [accept_filter=filter] [deferred] [bind] [ipv6only=on|off] [reuseport] [so_keepalive=on|off|[keepidle]:[keepintvl]:[keepcnt]]; listen unix:path [default_server] [ssl] [http2 | spdy] [proxy_protocol] [backlog=number] [rcvbuf=size] [sndbuf=size] [accept_filter=filter] [deferred] [bind] [so_keepalive=on|off|[keepidle]:[keepintvl]:[keepcnt]];
Default:	listen *:80 | *:8000;
Context:	server

Sets the address and port for IP,
or the path for a UNIX-domain socket on which
the server will accept requests.
Both address and port,
or only address or only port can be specified.
An address may also be a hostname, for example:

listen 127.0.0.1:8000;
listen 127.0.0.1;
listen 8000;
listen *:8000;
listen localhost:8000;

IPv6 addresses (0.7.36) are specified in square brackets:

listen [::]:8000;
listen [::1];

UNIX-domain sockets (0.8.21) are specified with the “unix:” prefix:

listen unix:/var/run/nginx.sock;

If only address is given, the port 80 is used.

If the directive is not present then either *:80 is used if nginx runs with the superuser privileges, or *:8000 otherwise.

The default_server parameter, if present, will cause the server to become the default server for the specified address:port pair. If none of the directives have the default_server parameter then the first server with the address:port pair will be the default server for this pair.

In versions prior to 0.8.21 this parameter is named simply default.

The ssl parameter (0.7.14) allows specifying that all connections accepted on this port should work in SSL mode. This allows for a more compact configuration for the server that handles both HTTP and HTTPS requests.

The http2 parameter (1.9.5) configures the port to accept HTTP/2 connections. Normally, for this to work the ssl parameter should be specified as well, but nginx can also be configured to accept HTTP/2 connections without SSL.

The spdy parameter (1.3.15-1.9.4) allows accepting SPDY connections on this port. Normally, for this to work the ssl parameter should be specified as well, but nginx can also be configured to accept SPDY connections without SSL.

The proxy_protocol parameter (1.5.12) allows specifying that all connections accepted on this port should use the PROXY protocol.

The listen directive can have several additional parameters specific to socket-related system calls. These parameters can be specified in any listen directive, but only once for a given address:port pair.

In versions prior to 0.8.21, they could only be specified in the listen directive together with the default parameter.

setfib=number

this parameter (0.8.44) sets the associated routing table, FIB (the SO_SETFIB option) for the listening socket. This currently works only on FreeBSD.

fastopen=number

enables “TCP Fast Open” for the listening socket (1.5.8) and limits the maximum length for the queue of connections that have not yet completed the three-way handshake.

Do not enable this feature unless the server can handle receiving the same SYN packet with data more than once.

backlog=number

sets the backlog parameter in the listen() call that limits the maximum length for the queue of pending connections. By default, backlog is set to -1 on FreeBSD, DragonFly BSD, and Mac OS X, and to 511 on other platforms.

rcvbuf=size

sets the receive buffer size (the SO_RCVBUF option) for the listening socket.

sndbuf=size

sets the send buffer size (the SO_SNDBUF option) for the listening socket.

accept_filter=filter

sets the name of accept filter (the SO_ACCEPTFILTER option) for the listening socket that filters incoming connections before passing them to accept(). This works only on FreeBSD and NetBSD 5.0+. Possible values are dataready and httpready.

deferred

instructs to use a deferred accept() (the TCP_DEFER_ACCEPT socket option) on Linux.

bind

instructs to make a separate bind() call for a given address:port pair. This is useful because if there are several listen directives with the same port but different addresses, and one of the listen directives listens on all addresses for the given port (*:port), nginx will bind() only to *:port. It should be noted that the getsockname() system call will be made in this case to determine the address that accepted the connection. If the setfib, backlog, rcvbuf, sndbuf, accept_filter, deferred, ipv6only, or so_keepalive parameters are used then for a given address:port pair a separate bind() call will always be made.

ipv6only=on|off

this parameter (0.7.42) determines (via the IPV6_V6ONLY socket option) whether an IPv6 socket listening on a wildcard address [::] will accept only IPv6 connections or both IPv6 and IPv4 connections. This parameter is turned on by default. It can only be set once on start.

Prior to version 1.3.4, if this parameter was omitted then the operating system’s settings were in effect for the socket.

reuseport

this parameter (1.9.1) instructs to create an individual listening socket for each worker process (using the SO_REUSEPORT socket option), allowing a kernel to distribute incoming connections between worker processes. This currently works only on Linux 3.9+ and DragonFly BSD.

Inappropriate use of this option may have its security implications.

so_keepalive=on|off|[keepidle]:[keepintvl]:[keepcnt]

this parameter (1.1.11) configures the “TCP keepalive” behavior for the listening socket. If this parameter is omitted then the operating system’s settings will be in effect for the socket. If it is set to the value “on”, the SO_KEEPALIVE option is turned on for the socket. If it is set to the value “off”, the SO_KEEPALIVE option is turned off for the socket. Some operating systems support setting of TCP keepalive parameters on a per-socket basis using the TCP_KEEPIDLE, TCP_KEEPINTVL, and TCP_KEEPCNT socket options. On such systems (currently, Linux 2.4+, NetBSD 5+, and FreeBSD 9.0-STABLE), they can be configured using the keepidle, keepintvl, and keepcnt parameters. One or two parameters may be omitted, in which case the system default setting for the corresponding socket option will be in effect. For example,

so_keepalive=30m::10

will set the idle timeout (TCP_KEEPIDLE) to 30 minutes, leave the probe interval (TCP_KEEPINTVL) at its system default, and set the probes count (TCP_KEEPCNT) to 10 probes.

Example:

listen 127.0.0.1 default_server accept_filter=dataready backlog=1024;

Syntax:	location [ = | ~ | ~* | ^~ ] uri { ... } location @name { ... }
Default:	—
Context:	server, location

Sets configuration depending on a request URI.

The matching is performed against a normalized URI,
after decoding the text encoded in the “%XX” form,
resolving references to relative path components “.”
and “..”, and possible
compression of two or more
adjacent slashes into a single slash.

A location can either be defined by a prefix string, or by a regular expression.
Regular expressions are specified with the preceding
“~*” modifier (for case-insensitive matching), or the
“~” modifier (for case-sensitive matching).
To find location matching a given request, nginx first checks
locations defined using the prefix strings (prefix locations).
Among them, the location with the longest matching
prefix is selected and remembered.
Then regular expressions are checked, in the order of their appearance
in the configuration file.
The search of regular expressions terminates on the first match,
and the corresponding configuration is used.
If no match with a regular expression is found then the
configuration of the prefix location remembered earlier is used.

location blocks can be nested, with some exceptions
mentioned below.

For case-insensitive operating systems such as Mac OS X and Cygwin,
matching with prefix strings ignores a case (0.7.7).
However, comparison is limited to one-byte locales.

Regular expressions can contain captures (0.7.40) that can later
be used in other directives.

If the longest matching prefix location has the “^~” modifier
then regular expressions are not checked.

Also, using the “=” modifier it is possible to define
an exact match of URI and location.
If an exact match is found, the search terminates.
For example, if a “/” request happens frequently,
defining “location = /” will speed up the processing
of these requests, as search terminates right after the first
comparison.
Such a location cannot obviously contain nested locations.

In versions from 0.7.1 to 0.8.41, if a request matched the prefix
location without the “=” and “^~”
modifiers, the search also terminated and regular expressions were
not checked.

Let’s illustrate the above by an example:

location = / {
    [ configuration A ]
}

location / {
    [ configuration B ]
}

location /documents/ {
    [ configuration C ]
}

location ^~ /images/ {
    [ configuration D ]
}

location ~* \.(gif|jpg|jpeg)$ {
    [ configuration E ]
}

The “/” request will match configuration A, the “/index.html” request will match configuration B, the “/documents/document.html” request will match configuration C, the “/images/1.gif” request will match configuration D, and the “/documents/1.jpg” request will match configuration E.

The “@” prefix defines a named location. Such a location is not used for a regular request processing, but instead used for request redirection. They cannot be nested, and cannot contain nested locations.

If a location is defined by a prefix string that ends with the slash character, and requests are processed by one of proxy_pass, fastcgi_pass, uwsgi_pass, scgi_pass, or memcached_pass, then the special processing is performed. In response to a request with URI equal to this string, but without the trailing slash, a permanent redirect with the code 301 will be returned to the requested URI with the slash appended. If this is not desired, an exact match of the URI and location could be defined like this:

location /user/ {
    proxy_pass http://user.example.com;
}

location = /user {
    proxy_pass http://login.example.com;
}

Syntax:	log_not_found on | off;
Default:	log_not_found on;
Context:	http, server, location

Enables or disables logging of errors about not found files into
error_log.

Syntax:	log_subrequest on | off;
Default:	log_subrequest off;
Context:	http, server, location

Enables or disables logging of subrequests into
access_log.

Syntax:	max_ranges number;
Default:	—
Context:	http, server, location

This directive appeared in version 1.1.2.

Limits the maximum allowed number of ranges in byte-range requests.
Requests that exceed the limit are processed as if there were no
byte ranges specified.
By default, the number of ranges is not limited.
The zero value disables the byte-range support completely.

Syntax:	merge_slashes on | off;
Default:	merge_slashes on;
Context:	http, server

Enables or disables compression of two or more adjacent slashes
in a URI into a single slash.

Note that compression is essential for the correct matching of prefix string
and regular expression locations.
Without it, the “//scripts/one.php” request would not match

location /scripts/ {
    ...
}

and might be processed as a static file. So it gets converted to “/scripts/one.php”.

Turning the compression off can become necessary if a URI contains base64-encoded names, since base64 uses the “/” character internally. However, for security considerations, it is better to avoid turning the compression off.

If the directive is specified on the server level, its value is only used if a server is a default one. The value specified also applies to all virtual servers listening on the same address and port.

Syntax:	msie_padding on | off;
Default:	msie_padding on;
Context:	http, server, location

Enables or disables adding comments to responses for MSIE clients with status
greater than 400 to increase the response size to 512 bytes.

Syntax:	msie_refresh on | off;
Default:	msie_refresh off;
Context:	http, server, location

Enables or disables issuing refreshes instead of redirects for MSIE clients.

Syntax:	open_file_cache off; open_file_cache max=N [inactive=time];
Default:	open_file_cache off;
Context:	http, server, location

Configures a cache that can store:

• open file descriptors, their sizes and modification times;
• information on existence of directories;
• file lookup errors, such as “file not found”, “no read permission”,
  and so on.

  Caching of errors should be enabled separately by the
  open_file_cache_errors
  directive.

The directive has the following parameters:

max

sets the maximum number of elements in the cache;
on cache overflow the least recently used (LRU) elements are removed;

inactive

defines a time after which an element is removed from the cache
if it has not been accessed during this time;
by default, it is 60 seconds;

off

disables the cache.

Example:

open_file_cache          max=1000 inactive=20s;
open_file_cache_valid    30s;
open_file_cache_min_uses 2;
open_file_cache_errors   on;

Syntax:	open_file_cache_errors on | off;
Default:	open_file_cache_errors off;
Context:	http, server, location

Enables or disables caching of file lookup errors by
open_file_cache.

Syntax:	open_file_cache_min_uses number;
Default:	open_file_cache_min_uses 1;
Context:	http, server, location

Sets the minimum number of file accesses during
the period configured by the inactive parameter
of the open_file_cache directive, required for a file
descriptor to remain open in the cache.

Syntax:	open_file_cache_valid time;
Default:	open_file_cache_valid 60s;
Context:	http, server, location

Sets a time after which
open_file_cache
elements should be validated.

Syntax:	output_buffers number size;
Default:	output_buffers 2 32k;
Context:	http, server, location

Sets the number and size of the
buffers used for reading a response from a disk.

Prior to version 1.9.5, the default value was 1 32k.

Syntax:	port_in_redirect on | off;
Default:	port_in_redirect on;
Context:	http, server, location

Enables or disables specifying the port in redirects issued by nginx.

The use of the primary server name in redirects is controlled by
the server_name_in_redirect directive.

Syntax:	postpone_output size;
Default:	postpone_output 1460;
Context:	http, server, location

If possible, the transmission of client data will be postponed until
nginx has at least size bytes of data to send.
The zero value disables postponing data transmission.

Syntax:	read_ahead size;
Default:	read_ahead 0;
Context:	http, server, location

Sets the amount of pre-reading for the kernel when working with file.

On Linux, the
posix_fadvise(0, 0, 0, POSIX_FADV_SEQUENTIAL)
system call is used, and so the size parameter is ignored.

On FreeBSD, the
fcntl(O_READAHEAD,
size)
system call, supported since FreeBSD 9.0-CURRENT, is used.
FreeBSD 7 has to be
patched.

Syntax:	recursive_error_pages on | off;
Default:	recursive_error_pages off;
Context:	http, server, location

Enables or disables doing several redirects using the
error_page
directive.
The number of such redirects is limited.

Syntax:	request_pool_size size;
Default:	request_pool_size 4k;
Context:	http, server

Allows accurate tuning of per-request memory allocations.
This directive has minimal impact on performance
and should not generally be used.

Syntax:	reset_timedout_connection on | off;
Default:	reset_timedout_connection off;
Context:	http, server, location

Enables or disables resetting timed out connections.
The reset is performed as follows.
Before closing a socket, the
SO_LINGER
option is set on it with a timeout value of 0.
When the socket is closed, TCP RST is sent to the client, and all memory
occupied by this socket is released.
This helps avoid keeping an already closed socket with filled buffers
in a FIN_WAIT1 state for a long time.

It should be noted that timed out keep-alive connections are
closed normally.

Syntax:	resolver address ... [valid=time] [ipv6=on|off];
Default:	—
Context:	http, server, location

Configures name servers used to resolve names of upstream servers
into addresses, for example:

resolver 127.0.0.1 [::1]:5353;

An address can be specified as a domain name or IP address, and an optional port (1.3.1, 1.2.2). If port is not specified, the port 53 is used. Name servers are queried in a round-robin fashion.

Before version 1.1.7, only a single name server could be configured. Specifying name servers using IPv6 addresses is supported starting from versions 1.3.1 and 1.2.2.

By default, nginx will look up both IPv4 and IPv6 addresses while resolving. If looking up of IPv6 addresses is not desired, the ipv6=off parameter can be specified.

Resolving of names into IPv6 addresses is supported starting from version 1.5.8.

By default, nginx caches answers using the TTL value of a response. An optional valid parameter allows overriding it:

resolver 127.0.0.1 [::1]:5353 valid=30s;

Before version 1.1.9, tuning of caching time was not possible, and nginx always cached answers for the duration of 5 minutes.

To prevent DNS spoofing, it is recommended configuring DNS servers in a properly secured trusted local network.

Syntax:	resolver_timeout time;
Default:	resolver_timeout 30s;
Context:	http, server, location

Sets a timeout for name resolution, for example:

resolver_timeout 5s;

Syntax:	root path;
Default:	root html;
Context:	http, server, location, if in location

Sets the root directory for requests.
For example, with the following configuration

location /i/ {
    root /data/w3;
}

The /data/w3/i/top.gif file will be sent in response to the “/i/top.gif” request.

The path value can contain variables, except $document_root and $realpath_root.

A path to the file is constructed by merely adding a URI to the value of the root directive. If a URI has to be modified, the alias directive should be used.

Syntax:	satisfy all | any;
Default:	satisfy all;
Context:	http, server, location

Allows access if all (all) or at least one
(any) of the
ngx_http_access_module,
ngx_http_auth_basic_module,
ngx_http_auth_request_module,
or
ngx_http_auth_jwt_module
modules allow access.

Example:

location / {
    satisfy any;

    allow 192.168.1.0/32;
    deny  all;

    auth_basic           "closed site";
    auth_basic_user_file conf/htpasswd;
}

Syntax:	send_lowat size;
Default:	send_lowat 0;
Context:	http, server, location

If the directive is set to a non-zero value, nginx will try to minimize
the number of send operations on client sockets by using either
NOTE_LOWAT flag of the
kqueue method
or the SO_SNDLOWAT socket option.
In both cases the specified size is used.

This directive is ignored on Linux, Solaris, and Windows.

Syntax:	send_timeout time;
Default:	send_timeout 60s;
Context:	http, server, location

Sets a timeout for transmitting a response to the client.
The timeout is set only between two successive write operations,
not for the transmission of the whole response.
If the client does not receive anything within this time,
the connection is closed.

Syntax:	sendfile on | off;
Default:	sendfile off;
Context:	http, server, location, if in location

Enables or disables the use of
sendfile().

Starting from nginx 0.8.12 and FreeBSD 5.2.1,
aio can be used to pre-load data
for sendfile():

location /video/ {
    sendfile       on;
    tcp_nopush     on;
    aio            on;
}

In this configuration, sendfile() is called with the SF_NODISKIO flag which causes it not to block on disk I/O, but, instead, report back that the data are not in memory. nginx then initiates an asynchronous data load by reading one byte. On the first read, the FreeBSD kernel loads the first 128K bytes of a file into memory, although next reads will only load data in 16K chunks. This can be changed using the read_ahead directive.

Before version 1.7.11, pre-loading could be enabled with aio sendfile;.

Syntax:	sendfile_max_chunk size;
Default:	sendfile_max_chunk 0;
Context:	http, server, location

When set to a non-zero value, limits the amount of data that can be
transferred in a single sendfile() call.
Without the limit, one fast connection may seize the worker process entirely.

Syntax:	server { ... }
Default:	—
Context:	http

Sets configuration for a virtual server.
There is no clear separation between IP-based (based on the IP address)
and name-based (based on the “Host” request header field)
virtual servers.
Instead, the listen directives describe all
addresses and ports that should accept connections for the server, and the
server_name directive lists all server names.
Example configurations are provided in the
“How nginx processes a request” document.

Syntax:	server_name name ...;
Default:	server_name "";
Context:	server

Sets names of a virtual server, for example:

server {
    server_name example.com www.example.com;
}

The first name becomes the primary server name.

Server names can include an asterisk (“*”) replacing the first or last part of a name:

server {
    server_name example.com *.example.com www.example.*;
}

Such names are called wildcard names.

The first two of the names mentioned above can be combined in one:

server {
    server_name .example.com;
}

It is also possible to use regular expressions in server names, preceding the name with a tilde (“~”):

server {
    server_name www.example.com ~^www\d+\.example\.com$;
}

Regular expressions can contain captures (0.7.40) that can later be used in other directives:

server {
    server_name ~^(www\.)?(.+)$;

    location / {
        root /sites/$2;
    }
}

server {
    server_name _;

    location / {
        root /sites/default;
    }
}

Named captures in regular expressions create variables (0.8.25) that can later be used in other directives:

server {
    server_name ~^(www\.)?(?<domain>.+)$;

    location / {
        root /sites/$domain;
    }
}

server {
    server_name _;

    location / {
        root /sites/default;
    }
}

If the directive’s parameter is set to “$hostname” (0.9.4), the machine’s hostname is inserted.

It is also possible to specify an empty server name (0.7.11):

server {
    server_name www.example.com "";
}

It allows this server to process requests without the “Host” header field — instead of the default server — for the given address:port pair. This is the default setting.

Before 0.8.48, the machine’s hostname was used by default.

During searching for a virtual server by name, if the name matches more than one of the specified variants, (e.g. both a wildcard name and regular expression match), the first matching variant will be chosen, in the following order of priority:

1. the exact name
2. the longest wildcard name starting with an asterisk, e.g. “*.example.com”
3. the longest wildcard name ending with an asterisk, e.g. “mail.*”
4. the first matching regular expression (in order of appearance in the configuration file)

Detailed description of server names is provided in a separate Server names document.

Syntax:	server_name_in_redirect on | off;
Default:	server_name_in_redirect off;
Context:	http, server, location

Enables or disables the use of the primary server name, specified by the
server_name
directive, in redirects issued by nginx.
When the use of the primary server name is disabled, the name from the
“Host” request header field is used.
If this field is not present, the IP address of the server is used.

The use of a port in redirects is controlled by
the port_in_redirect directive.

Syntax:	server_names_hash_bucket_size size;
Default:	server_names_hash_bucket_size 32|64|128;
Context:	http

Sets the bucket size for the server names hash tables.
The default value depends on the size of the processor’s cache line.
The details of setting up hash tables are provided in a separate
document.

Syntax:	server_names_hash_max_size size;
Default:	server_names_hash_max_size 512;
Context:	http

Sets the maximum size of the server names hash tables.
The details of setting up hash tables are provided in a separate
document.

Syntax:	server_tokens on | off | string;
Default:	server_tokens on;
Context:	http, server, location

Enables or disables emitting nginx version in error messages and in the
“Server” response header field.

Additionally, as part of our
commercial subscription,
starting from version 1.9.13
the signature in error messages and
the “Server” response header field value
can be set explicitly using the string with variables.
An empty string disables the emission of the “Server” field.

Syntax:	tcp_nodelay on | off;
Default:	tcp_nodelay on;
Context:	http, server, location

Enables or disables the use of the TCP_NODELAY option.
The option is enabled only when a connection is transitioned into the
keep-alive state.

Syntax:	tcp_nopush on | off;
Default:	tcp_nopush off;
Context:	http, server, location

Enables or disables the use of
the TCP_NOPUSH socket option on FreeBSD
or the TCP_CORK socket option on Linux.
The options are enabled only when sendfile is used.
Enabling the option allows

• sending the response header and the beginning of a file in one packet,
  on Linux and FreeBSD 4.*;
• sending a file in full packets.

Syntax:	try_files file ... uri; try_files file ... =code;
Default:	—
Context:	server, location

Checks the existence of files in the specified order and uses
the first found file for request processing; the processing
is performed in the current context.
The path to a file is constructed from the
file parameter
according to the
root and alias directives.
It is possible to check directory’s existence by specifying
a slash at the end of a name, e.g. “$uri/”.
If none of the files were found, an internal redirect to the
uri specified in the last parameter is made.
For example:

location /images/ {
    try_files $uri /images/default.gif;
}

location = /images/default.gif {
    expires 30s;
}

The last parameter can also point to a named location, as shown in examples below. Starting from version 0.7.51, the last parameter can also be a code:

location / {
    try_files $uri $uri/index.html $uri.html =404;
}

Example in proxying Mongrel:

location / {
    try_files /system/maintenance.html
              $uri $uri/index.html $uri.html
              @mongrel;
}

location @mongrel {
    proxy_pass http://mongrel;
}

Example for Drupal/FastCGI:

location / {
    try_files $uri $uri/ @drupal;
}

location ~ \.php$ {
    try_files $uri @drupal;

    fastcgi_pass ...;

    fastcgi_param SCRIPT_FILENAME /path/to$fastcgi_script_name;
    fastcgi_param SCRIPT_NAME     $fastcgi_script_name;
    fastcgi_param QUERY_STRING    $args;

    ... other fastcgi_param's
}

location @drupal {
    fastcgi_pass ...;

    fastcgi_param SCRIPT_FILENAME /path/to/index.php;
    fastcgi_param SCRIPT_NAME     /index.php;
    fastcgi_param QUERY_STRING    q=$uri&$args;

    ... other fastcgi_param's
}

In the following example,

location / {
    try_files $uri $uri/ @drupal;
}

the try_files directive is equivalent to

location / {
    error_page 404 = @drupal;
    log_not_found off;
}

And here,

location ~ \.php$ {
    try_files $uri @drupal;

    fastcgi_pass ...;

    fastcgi_param SCRIPT_FILENAME /path/to$fastcgi_script_name;

    ...
}

try_files checks the existence of the PHP file before passing the request to the FastCGI server.

Example for Wordpress and Joomla:

location / {
    try_files $uri $uri/ @wordpress;
}

location ~ \.php$ {
    try_files $uri @wordpress;

    fastcgi_pass ...;

    fastcgi_param SCRIPT_FILENAME /path/to$fastcgi_script_name;
    ... other fastcgi_param's
}

location @wordpress {
    fastcgi_pass ...;

    fastcgi_param SCRIPT_FILENAME /path/to/index.php;
    ... other fastcgi_param's
}

Syntax:	types { ... }
Default:	types { text/html html; image/gif gif; image/jpeg jpg; }
Context:	http, server, location

Maps file name extensions to MIME types of responses.
Extensions are case-insensitive.
Several extensions can be mapped to one type, for example:

types {
    application/octet-stream bin exe dll;
    application/octet-stream deb;
    application/octet-stream dmg;
}

A sufficiently full mapping table is distributed with nginx in the conf/mime.types file.

To make a particular location emit the “application/octet-stream” MIME type for all requests, the following configuration can be used:

location /download/ {
    types        { }
    default_type application/octet-stream;
}

Syntax:	types_hash_bucket_size size;
Default:	types_hash_bucket_size 64;
Context:	http, server, location

Sets the bucket size for the types hash tables.
The details of setting up hash tables are provided in a separate
document.

Prior to version 1.5.13,
the default value depended on the size of the processor’s cache line.

Syntax:	types_hash_max_size size;
Default:	types_hash_max_size 1024;
Context:	http, server, location

Sets the maximum size of the types hash tables.
The details of setting up hash tables are provided in a separate
document.

Syntax:	underscores_in_headers on | off;
Default:	underscores_in_headers off;
Context:	http, server

Enables or disables the use of underscores in client request header fields.
When the use of underscores is disabled, request header fields whose names
contain underscores are
marked as invalid and become subject to the
ignore_invalid_headers directive.

If the directive is specified on the server level,
its value is only used if a server is a default one.
The value specified also applies to all virtual servers
listening on the same address and port.

Syntax:	variables_hash_bucket_size size;
Default:	variables_hash_bucket_size 64;
Context:	http

Sets the bucket size for the variables hash table.
The details of setting up hash tables are provided in a separate
document.

Syntax:	variables_hash_max_size size;
Default:	variables_hash_max_size 1024;
Context:	http

Sets the maximum size of the variables hash table.
The details of setting up hash tables are provided in a separate
document.

Prior to version 1.5.13, the default value was 512.

Embedded Variables

The ngx_http_core_module module supports embedded variables
with names matching the Apache Server variables.
First of all, these are variables representing client request header
fields, such as $http_user_agent, $http_cookie,
and so on.
Also there are other variables:

$arg_name

argument name in the request line

$args

arguments in the request line

$binary_remote_addr

client address in a binary form, value’s length is always 4 bytes
for IPv4 addresses or 16 bytes for IPv6 addresses

$body_bytes_sent

number of bytes sent to a client, not counting the response header;
this variable is compatible with the “%B” parameter of the
mod_log_config
Apache module

$bytes_sent

number of bytes sent to a client (1.3.8, 1.2.5)

$connection

connection serial number (1.3.8, 1.2.5)

$connection_requests

current number of requests made through a connection (1.3.8, 1.2.5)

$content_length

“Content-Length” request header field

$content_type

“Content-Type” request header field

$cookie_name

the name cookie

$document_root

root or alias directive’s value
for the current request

$document_uri

same as $uri

$host

in this order of precedence:
host name from the request line, or
host name from the “Host” request header field, or
the server name matching a request

$hostname

host name

$http_name

arbitrary request header field;
the last part of a variable name is the field name converted
to lower case with dashes replaced by underscores

$https

“on”
if connection operates in SSL mode,
or an empty string otherwise

$is_args

“?” if a request line has arguments,
or an empty string otherwise

$limit_rate

setting this variable enables response rate limiting;
see limit_rate

$msec

current time in seconds with the milliseconds resolution (1.3.9, 1.2.6)

$nginx_version

nginx version

$pid

PID of the worker process

$pipe

“p” if request was pipelined, “.”
otherwise (1.3.12, 1.2.7)

$proxy_protocol_addr

client address from the PROXY protocol header, or an empty string otherwise
(1.5.12)

The PROXY protocol must be previously enabled by setting the
proxy_protocol parameter
in the listen directive.

$proxy_protocol_port

client port from the PROXY protocol header, or an empty string otherwise
(1.11.0)

The PROXY protocol must be previously enabled by setting the
proxy_protocol parameter
in the listen directive.

$query_string

same as $args

$realpath_root

an absolute pathname corresponding to the
root or alias directive’s value
for the current request,
with all symbolic links resolved to real paths

$remote_addr

client address

$remote_port

client port

$remote_user

user name supplied with the Basic authentication

$request

full original request line

$request_body

request body

The variable’s value is made available in locations
processed by the
proxy_pass,
fastcgi_pass,
uwsgi_pass,
and
scgi_pass
directives when the request body was read to
a memory buffer.

$request_body_file

name of a temporary file with the request body

At the end of processing, the file needs to be removed.
To always write the request body to a file,
client_body_in_file_only needs to be enabled.
When the name of a temporary file is passed in a proxied request
or in a request to a FastCGI/uwsgi/SCGI server,
passing the request body should be disabled by the
proxy_pass_request_body off,
fastcgi_pass_request_body off,
uwsgi_pass_request_body off, or
scgi_pass_request_body off
directives, respectively.

$request_completion

“OK” if a request has completed,
or an empty string otherwise

$request_filename

file path for the current request, based on the
root or alias
directives, and the request URI

$request_id

unique request identifier
generated from 16 random bytes, in hexadecimal (1.11.0)

$request_length

request length (including request line, header, and request body)
(1.3.12, 1.2.7)

$request_method

request method, usually
“GET” or “POST”

$request_time

request processing time in seconds with a milliseconds resolution
(1.3.9, 1.2.6);
time elapsed since the first bytes were read from the client

$request_uri

full original request URI (with arguments)

$scheme

request scheme, “http” or “https”

$sent_http_name

arbitrary response header field;
the last part of a variable name is the field name converted
to lower case with dashes replaced by underscores

$server_addr

an address of the server which accepted a request

Computing a value of this variable usually requires one system call.
To avoid a system call, the listen directives
must specify addresses and use the bind parameter.

$server_name

name of the server which accepted a request

$server_port

port of the server which accepted a request

$server_protocol

request protocol, usually
“HTTP/1.0”,
“HTTP/1.1”,
or
“HTTP/2.0”

$status

response status (1.3.2, 1.2.2)

$tcpinfo_rtt,
$tcpinfo_rttvar,
$tcpinfo_snd_cwnd,
$tcpinfo_rcv_space

information about the client TCP connection; available on systems
that support the TCP_INFO socket option

$time_iso8601

local time in the ISO 8601 standard format (1.3.12, 1.2.7)

$time_local

local time in the Common Log Format (1.3.12, 1.2.7)

$uri

current URI in request, normalized

The value of $uri may change during request processing,
e.g. when doing internal redirects, or when using index files.