diff xml/en/docs/http/ngx_http_proxy_module.xml @ 281:7142ddd2764c

Translated current version of ngx_http_proxy_module documentation into English.
author Ruslan Ermilov <ru@nginx.com>
date Tue, 27 Dec 2011 11:35:46 +0000
children 9f5ee1c6fca5
line wrap: on
line diff
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/xml/en/docs/http/ngx_http_proxy_module.xml	Tue Dec 27 11:35:46 2011 +0000
@@ -0,0 +1,988 @@
+<?xml version="1.0"?>
+<!DOCTYPE module SYSTEM "../../../../dtd/module.dtd">
+<module name="Module ngx_http_proxy_module"
+        link="/en/docs/http/ngx_http_proxy_module.html"
+        lang="en">
+<section id="summary">
+The <literal>ngx_http_proxy_module</literal> module allows to pass
+requests to another server.
+<section id="example" name="Example Configuration">
+location / {
+    proxy_pass       http://localhost:8000;
+    proxy_set_header Host      $host;
+    proxy_set_header X-Real-IP $remote_addr;
+<section id="directives" name="Directives">
+<directive name="proxy_buffer_size">
+Sets <value>size</value> of the buffer used for reading the first part
+of a response received from the proxied server.
+This part usually contains a small response header.
+By default, the buffer size is equal to the size of one
+buffer set by the <link id="proxy_buffers"/> directive.
+It can be made smaller however.
+<directive name="proxy_buffering">
+<syntax><literal>on</literal> | <literal>off</literal></syntax>
+Enables or disables buffering a response from the proxied server.
+When buffering is enabled, nginx receives a response from the proxied server
+as soon as possible, saving it into buffers set by the
+<link id="proxy_buffer_size"/> and <link id="proxy_buffers"/> directives.
+If the whole response does not fit into memory, part of it is saved to a disk.
+When buffering is disabled, a response is passed to a client synchronously,
+immediately upon receipt.
+nginx will not try to read the whole response from the proxied server.
+The maximum size of the data that nginx can receive from the server
+at a time is set by the <link id="proxy_buffer_size"/> directive.
+<directive name="proxy_buffers">
+<syntax><value>number</value> <value>size</value></syntax>
+<default>8 4k|8k</default>
+Sets the <value>number</value> and <value>size</value> of
+buffers used for reading a response from the proxied server,
+for a single connection.
+By default, the buffer size is equal to one memory page.
+This is either 4K or 8K, depending on a platform.
+<directive name="proxy_cache">
+<syntax><value>zone</value> | <literal>off</literal></syntax>
+Defines a zone used for caching.
+The same zone can be used in several places.
+The <literal>off</literal> parameter disables caching inherited
+from the previous configuration level.
+<directive name="proxy_cache_bypass">
+<syntax><value>string</value> ...</syntax>
+Defines conditions under which the answer will not be taken from a cache.
+If at least one value of the string parameters is not empty and is not
+equal to “0” then the answer will not be taken from the cache:
+proxy_cache_bypass $cookie_nocache $arg_nocache$arg_comment;
+proxy_cache_bypass $http_pragma    $http_authorization;
+Can be used along with the <link id="proxy_no_cache"/> directive.
+<directive name="proxy_cache_key">
+Defines a key for caching, for example
+proxy_cache_key "$host$request_uri $cookie_user";
+By default, the directive’s value is close to the string
+proxy_cache_key $scheme$proxy_host$uri$is_args$args;
+<directive name="proxy_cache_min_uses">
+Sets the <value>number</value> of requests after which the response
+will be cached.
+<directive name="proxy_cache_path">
+  <value>path</value>
+  [<literal>levels</literal>=<value>levels</value>]
+  <literal>keys_zone</literal>=<value>name</value>:<value>size</value>
+  [<literal>inactive</literal>=<value>time</value>]
+  [<literal>max_size</literal>=<value>size</value>]</syntax>
+Sets path and other parameters of a cache.
+Cache data are stored in files.
+Both the key and file name in a cache are a result of
+applying the MD5 function to the proxied URL.
+The <literal>levels</literal> parameter defines hierarchy levels of a cache.
+For example, in the following configuration
+proxy_cache_path /data/nginx/cache levels=1:2 keys_zone=one:10m;
+file names in a cache will look like this:
+A cached response is first written to a temporary file, then a file is renamed.
+Starting from version 0.8.9 temporary files and the cache can be put on
+different file systems but be aware that in this case a file is copied
+across two file systems instead of the cheap rename operation.
+It is thus recommended that for any given location both cache and a directory
+holding temporary files set by the <link id="proxy_temp_path"/> directive
+are put on the same file system.
+In addition, all active keys and information about data are stored
+in a shared memory zone, whose <value>name</value> and <value>size</value>
+are configured by the <literal>keys_zone</literal> parameter.
+Cached data that are not accessed during the time specified by the
+<literal>inactive</literal> parameter get removed from the cache
+regardless of their freshness.
+By default, <literal>inactive</literal> is set to 10 minutes.
+The special process “cache manager” monitors the maximum cache size set
+by the <literal>max_size</literal> parameter;
+when this size is exceeded it removes the least recently used data.
+<directive name="proxy_cache_use_stale">
+  <literal>error</literal> |
+  <literal>timeout</literal> |
+  <literal>invalid_header</literal> |
+  <literal>updating</literal> |
+  <literal>http_500</literal> |
+  <literal>http_502</literal> |
+  <literal>http_503</literal> |
+  <literal>http_504</literal> |
+  <literal>http_404</literal> |
+  <literal>off</literal>
+  ...</syntax>
+If an error occurs while working with the proxied server it is possible
+to use a stale cached response.
+This directives determines in which cases it is permitted.
+The directive’s parameters match those of the
+<link id="proxy_next_upstream"/> directive.
+Additionally, the <literal>updating</literal> parameter permits
+to use a stale cached response if it is currently being updated.
+<directive name="proxy_cache_valid">
+<syntax>[<value>code</value> ...] <value>time</value></syntax>
+Sets caching time for different response codes.
+For example, the following directives
+proxy_cache_valid 200 302 10m;
+proxy_cache_valid 404      1m;
+set 10 minutes of caching for responses with codes 200 and 302,
+and 1 minute for responses with code 404.
+If only caching <value>time</value> is specified
+proxy_cache_valid 5m;
+then only 200, 301, and 302 responses are cached.
+In addition, it can be specified to cache any answers using the
+<literal>any</literal> parameter:
+proxy_cache_valid 200 302 10m;
+proxy_cache_valid 301      1h;
+proxy_cache_valid any      1m;
+<directive name="proxy_connect_timeout">
+Defines a timeout for establishing a connection with the proxied server.
+It should be noted that this timeout cannot usually exceed 75 seconds.
+<directive name="proxy_hide_header">
+By default,
+nginx does not pass the header fields <header>Date</header>,
+<header>Server</header>, <header>X-Pad</header>, and
+<header>X-Accel-...</header> from the response of a proxied
+server to a client.
+The <literal>proxy_hide_header</literal> directive sets additional fields
+that will not be passed.
+If, on the contrary, the passing of fields needs to be enabled,
+the <link id="proxy_pass_header"/> directive can be used.
+<directive name="proxy_ignore_client_abort">
+<syntax><literal>on</literal> | <literal>off</literal></syntax>
+Determines should the connection with a proxied server be
+closed if a client closes a connection without waiting
+for an answer.
+<directive name="proxy_ignore_headers">
+<syntax><value>field</value> ...</syntax>
+Disables processing of some response header fields from the proxied server.
+The following fields can be ignored: <header>X-Accel-Redirect</header>,
+<header>X-Accel-Expires</header>, <header>X-Accel-Limit-Rate</header> (1.1.6),
+<header>X-Accel-Buffering</header> (1.1.6),
+<header>X-Accel-Charset</header> (1.1.6), <header>Expires</header>,
+<header>Cache-Control</header>, and <header>Set-Cookie</header> (0.8.44).
+<directive name="proxy_intercept_errors">
+<syntax><literal>on</literal> | <literal>off</literal></syntax>
+Determines whether proxied responses with codes greater or equal to 400
+should be passed to a client or be redirected to nginx for processing
+using the <link doc="ngx_http_core_module.xml" id="error_page"/> directive.
+<directive name="proxy_next_upstream">
+  <literal>error</literal> |
+  <literal>timeout</literal> |
+  <literal>invalid_header</literal> |
+  <literal>http_500</literal> |
+  <literal>http_502</literal> |
+  <literal>http_503</literal> |
+  <literal>http_504</literal> |
+  <literal>http_404</literal> |
+  <literal>off</literal>
+  ...</syntax>
+<default>error timeout</default>
+Specifies in which cases a request should be passed to the next server:
+<list type="tag">
+<tag-desc>an error occurred while establishing a connection with the
+server, passing it a request, or reading the response header;</tag-desc>
+<tag-desc>a timeout has occurred while establishing a connection with the
+server, passing it a request, or reading the response header;</tag-desc>
+<tag-desc>a server returned empty or invalid response;</tag-desc>
+<tag-desc>a server returned a response with the code 500;</tag-desc>
+<tag-desc>a server returned a response with the code 502;</tag-desc>
+<tag-desc>a server returned a response with the code 503;</tag-desc>
+<tag-desc>a server returned a response with the code 504;</tag-desc>
+<tag-desc>a server returned a response with the code 404;</tag-desc>
+<tag-desc>disables passing a request to the next server.</tag-desc>
+It should be understood that passing a request to the next server is
+only possible if a client was not sent anything yet.
+That is, if an error or a timeout occurs in the middle of
+transferring a response, fixing this is impossible.
+<directive name="proxy_no_cache">
+<syntax><value>string</value> ...</syntax>
+Defines conditions under which the answer will not be saved to a cache.
+If at least one value of the string parameters is not empty and is not
+equal to “0” then the answer will not be saved:
+proxy_no_cache $cookie_nocache $arg_nocache$arg_comment;
+proxy_no_cache $http_pragma    $http_authorization;
+Can be used along with the <link id="proxy_cache_bypass"/> directive.
+<directive name="proxy_pass">
+<context>if in location</context>
+Sets an address of the proxied server and a URI that maps a location.
+An address can be specified as a domain name or an address, and a port,
+for example,
+    proxy_pass http://localhost:8000/uri/;
+or as a UNIX-domain socket path:
+    proxy_pass http://unix:/tmp/backend.socket:/uri/;
+here a path is specified after the word “<literal>unix</literal>”
+and enclosed in two colons.
+If a domain name maps to several addresses, all of them will be
+used in a round-robin fashion.
+In addition, an address can be specified as a
+<link doc="ngx_http_upstream_module.xml">server group</link>.
+When passing a request to the server, part of a URI matching the location
+is replaced by a URI specified in the <literal>proxy_pass</literal> directive.
+This rule has two exceptions where a replacement location cannot be
+<list type="bullet">
+when a location is specified using a regular expression;
+if a URI is changed using the
+<link doc="ngx_http_rewrite_module.xml" id="rewrite"/> directive
+inside a proxied location, and this same configuration will be
+used to process a request (<literal>break</literal>):
+location /name/ {
+    rewrite    /name/([^/]+) /users?name=$1 break;
+    proxy_pass;
+In these cases a URI is passed without mapping.
+It can also be specified that a request URI should be passed unchanged,
+in the same form it was sent by the client, not the processed form.
+During a processing
+<list type="bullet">
+two or more adjacent slashes are replaced by one: “//” — “/”;
+links to the current directory get removed: “/./” — “/”;
+links to the parent directory get removed: “/dir/../” — “/”.
+If a URI should be passed unchanged then the server URL should be specified
+without a URI in the <literal>proxy_pass</literal> directive:
+location /some/path/ {
+    proxy_pass;
+Server name, its port, and passed URI can be specified using variables:
+    proxy_pass http://$host$uri;
+or like this:
+    proxy_pass $request;
+In this case the server name is searched among the described
+<link doc="ngx_http_upstream_module.xml">server groups</link>,
+and if not found is determined using a
+<link doc="ngx_http_core_module.xml" id="resolver"/>.
+<directive name="proxy_pass_header">
+Permits to pass <link id="proxy_hide_header">otherwise disabled</link> header
+fields from a proxied server to a client.
+<directive name="proxy_read_timeout">
+Defines a timeout for reading a response from the proxied server.
+A timeout is only set between two successive read operations,
+not for the transmission of the whole response.
+If a proxied server does not transmit anything within this time,
+a connection is closed.
+<directive name="proxy_redirect">
+<syntax><value>redirect</value> <value>replacement</value></syntax>
+Sets a text that should be changed in the header fields
+<header>Location</header> and <header>Refresh</header> of a response
+from the proxied server.
+Suppose a proxied server returned the header field
+“<literal>Location: http://localhost:8000/two/some/uri/</literal>”.
+The directive
+    proxy_redirect http://localhost:8000/two/ http://frontend/one/;
+will rewrite this string to
+“<literal>Location: http://frontend/one/some/uri/</literal>”.
+A server name may be omitted from the <value>replacement</value> string:
+    proxy_redirect http://localhost:8000/two/ /;
+then the primary server’s name and a port, if different from 80,
+will be substituted.
+The default replacement specified by the <literal>default</literal> parameter
+uses the parameters of the
+<link doc="ngx_http_core_module.xml" id="location"/> and
+<link id="proxy_pass"/> directives.
+Hence, the two configurations below are equivalent:
+location /one/ {
+    proxy_pass     http://upstream:port/two/;
+    proxy_redirect default;
+location /one/ {
+    proxy_pass     http://upstream:port/two/;
+    proxy_redirect http://upstream:port/two/ /one/;
+The <literal>default</literal> parameter is not permitted if
+<link id="proxy_pass"/> is specified using variables.
+A <value>replacement</value> string can contain variables:
+    proxy_redirect http://localhost:8000/ http://$host:$server_port/;
+A <value>redirect</value> can also contain (1.1.11) variables:
+    proxy_redirect http://$proxy_host:8000/ /;
+A directive can be specified (1.1.11) using regular expressions.
+In this case, <value>replacement</value> should either start from
+the “<literal>~</literal>” symbol for a case-sensitive matching,
+or from the “<literal>~*</literal>” symbols for case-insensitive
+A regular expression can contain named and positional captures,
+and <value>replacement</value> can reference them:
+    proxy_redirect ~^(http://[^:]+):\d+(/.+)$ $1$2;
+    proxy_redirect ~*/user/([^/]+)/(.+)$      http://$1.example.com/$2;
+There could be several <literal>proxy_redirect</literal> directives:
+    proxy_redirect default;
+    proxy_redirect http://localhost:8000/  /;
+    proxy_redirect http://www.example.com/ /;
+The <literal>off</literal> parameter cancels all
+<literal>proxy_redirect</literal> directives on the current level:
+    proxy_redirect off;
+    proxy_redirect default;
+    proxy_redirect http://localhost:8000/  /;
+    proxy_redirect http://www.example.com/ /;
+Using this directive it is also possible to add host names to relative
+redirects issued by a proxied server:
+    proxy_redirect / /;
+<directive name="proxy_send_timeout">
+Sets a timeout for transmitting a request to the proxied server.
+A timeout is only set between two successive write operations,
+not for the transmission of the whole request.
+If a proxied server does not receive anything within this time,
+a connection is closed.
+<directive name="proxy_set_header">
+<syntax><value>field</value> <value>value</value></syntax>
+<default>Host $proxy_host</default>
+<default>Connection close</default>
+Allows to redefine or append fields to the request header
+passed to the proxied server.
+A <value>value</value> can contain text, variables, and their combination.
+These directives are inherited from the previous level if and
+only if there are no
+directives defined on the current level.
+By default, only two fields are redefined:
+proxy_set_header Host       $proxy_host;
+proxy_set_header Connection close;
+An unchanged <header>Host</header> request header field can be passed like this:
+proxy_set_header Host       $http_host;
+However, if this field is not present in a client request header then
+nothing will be passed.
+In such a case it is better to use the <var>$host</var> variable&mdash;its
+value equals the server name in the <header>Host</header> request header
+field, or the primary server name if this field is not present:
+proxy_set_header Host       $host;
+In addition, a server name can be passed together with a port of the
+proxied server:
+proxy_set_header Host       $host:$proxy_port;
+If the value of a header field is an empty string then this
+field will not be passed to a proxied server:
+proxy_set_header Accept-Encoding "";
+<directive name="proxy_ssl_session_reuse">
+<syntax><literal>on</literal> | <literal>off</literal></syntax>
+Determines whether SSL sessions can be reused when working with
+the proxied server.
+If the errors
+“<literal>SSL3_GET_FINISHED:digest check failed</literal>”
+appear in the logs, try to disable session reuse.
+<directive name="proxy_store">
+    <literal>on</literal> |
+    <literal>off</literal> |
+    <value>string</value></syntax>
+Enables saving of files to a disk.
+The <literal>on</literal> parameter saves files with paths
+corresponding to the directives
+<link doc="ngx_http_core_module.xml" id="alias"/> or
+<link doc="ngx_http_core_module.xml" id="root"/>.
+The <literal>off</literal> parameter disables saving of files.
+In addition, the file name can be set explicitly using the
+<value>string</value> with variables:
+proxy_store /data/www$original_uri;
+The modification time of files is set according to the received
+<header>Last-Modified</header> response header field.
+A response is first written to a temporary file, then a file is renamed.
+Starting from version 0.8.9 temporary files and the persistent store
+can be put on different file systems but be aware that in this case
+a file is copied across two file systems instead of the cheap rename operation.
+It is thus recommended that for any given location both saved files and a
+directory holding temporary files set by the <link id="proxy_temp_path"/>
+directive are put on the same file system.
+This directive can be used to create local copies of static unchangeable
+files, e.g.:
+location /images/ {
+    root                   /data/www;
+    open_file_cache_errors off;
+    error_page             404 = /fetch$uri;
+location /fetch/ {
+    internal;
+    proxy_pass             http://backend/;
+    proxy_store            on;
+    proxy_store_access     user:rw group:rw all:r;
+    proxy_temp_path        /data/temp;
+    alias                  /data/www/;
+or like this:
+location /images/ {
+    root               /data/www;
+    error_page         404 = @fetch;
+location @fetch {
+    internal;
+    proxy_pass         http://backend;
+    proxy_store        on;
+    proxy_store_access user:rw group:rw all:r;
+    proxy_temp_path    /data/temp;
+    root               /data/www;
+<directive name="proxy_store_access">
+<syntax><value>users</value>:<value>permissions</value> ...</syntax>
+Sets access permissions for newly created files and directories, e.g.:
+proxy_store_access user:rw group:rw all:r;
+If any <literal>group</literal> or <literal>all</literal> access permissions
+are specified then <literal>user</literal> permissions may be omitted:
+proxy_store_access group:rw all:r;
+<directive name="proxy_temp_path">
+    <value>path</value>
+    [<value>level1</value>
+    [<value>level2</value>
+    [<value>level3</value>]]]</syntax>
+Defines a directory for storing temporary files
+received from another server.
+Up to three-level subdirectory hierarchy can be used underneath the specified
+For example, in the following configuration
+proxy_temp_path /spool/nginx/proxy_temp 1 2;
+a temporary file might look like this:
+<section id="variables" name="Embedded Variables">
+The <literal>ngx_http_proxy_module</literal> module supports embedded variables
+that can be used to compose headers using the
+<link id="proxy_set_header"/> directive:
+<list type="tag">
+<tag-desc>name and port of a proxied server;</tag-desc>
+<tag-desc>port of a proxied server;</tag-desc>
+<tag-desc>the <header>X-Forwarded-For</header> client request header field
+with the <var>$remote_addr</var> variable appended to it, separated by a comma.
+If the <header>X-Forwarded-For</header> field is not present in the client
+request header, the <var>$proxy_add_x_forwarded_for</var> variable is equal
+to the <var>$remote_addr</var> variable.</tag-desc>