records.config¶
The records.config file (by default, located in
/usr/local/etc/trafficserver/) is a list of configurable variables used by
the Traffic Server software. Many of the variables in the
records.config file are set automatically when you set configuration
options in Traffic Line. After you modify the
records.config file,
run the command traffic_ctl config reload to apply the changes.
When you apply changes to one node in a cluster, Traffic Server
automatically applies the changes to all other nodes in the cluster.
格式¶
每个变量都有以下格式:
SCOPE variable_name DATATYPE variable_value
where
SCOPE is related to clustering and is either CONFIG (all members of
the cluster) or LOCAL (only the local machine)
DATATYPE is one of INT (integer), STRING (string), FLOAT
(floating point).
A variable marked as Deprecated is still functional but should be avoided
as it may be removed in a future release without warning.
A variable marked as Reloadable can be updated via the command:
traffic_ctl config reload
A variable marked as Overridable can be changed on a per-remap basis using plugins
(like the Configuration Remap Plugin).
INT type configurations are expressed as any normal integer,
e.g. 32768. They can also be expressed using more human readable values
using standard prefixes, e.g. 32K. The following prefixes are supported
for all INT type configurations
KKilobytes (1024 bytes)MMegabytes (1024^2 or 1,048,576 bytes)GGigabytes (1024^3 or 1,073,741,824 bytes)TTerabytes (1024^4 or 1,099,511,627,776 bytes)
例子¶
在下面的例子中, 变量 `proxy.config.proxy_name`_ 是一个值为 my_server 的 STRING 数据类型. 它的意思是 Traffic Server 的名称是 my_server.
CONFIG proxy.config.proxy_name STRING my_server
如果服务器的名称是 that_server , 这行应该是
CONFIG proxy.config.proxy_name STRING that_server
在下面的例子中, 变量 proxy.config.arm.enabled 是 yes/no 标记. 值为 0 (zero) 禁用这个选项; 值为 1 启用这个选项.
CONFIG proxy.config.arm.enabled INT 0
在下面的例子中, 变量将集群启动超时设置成10秒.
CONFIG proxy.config.cluster.startup_timeout INT 10
最后例子配置了 64GB RAM缓存, 使用人类可以读取的前缀
CONFIG proxy.config.cache.ram_cache.size INT 64G
环境覆盖¶
Every records.config configuration variable can be overridden
by a corresponding environment variable. This can be useful in
situations where you need a static records.config but still
want to tweak one or two settings. The override variable is formed
by converting the records.config variable name to upper
case, and replacing any dot separators with an underscore.
Overriding a variable from the environment is permanent and will
not be affected by future configuration changes made in
records.config or applied with traffic_ctl.
For example, we could override the `proxy.config.product_company`_ variable like this:
$ PROXY_CONFIG_PRODUCT_COMPANY=example traffic_cop &
$ traffic_ctl config get proxy.config.product_company
配置变量¶
以下列表描述了在 records.config 文件里可以配置的变量.
系统变量¶
A value of 0 means no signal will be sent.
注解
This option only has an affect when Traffic Server has been compiled with --enable-hwloc.
Metrics Variables¶
Network¶
Unless explicitly specified in `proxy.config.http.server_ports`_ the server port will be bound to one of these addresses, selected by IP address family. The built in default is any address. This is used if no address for a family is specified. This setting is useful if most or all server ports should be bound to the same address.
注解
This is ignored for inbound transparent server ports because they must be able to accept connections on arbitrary IP addresses.
Example
Set the global default for IPv4 to 192.168.101.18 and leave the global default for IPv6 as any address.:
LOCAL proxy.local.incoming_ip_to_bind STRING 192.168.101.18
Example
Set the global default for IPv4 to 191.68.101.18 and the global default for IPv6 to fc07:192:168:101::17.:
LOCAL proxy.local.incoming_ip_to_bind STRING 192.168.101.18 [fc07:192:168:101::17]
注解
This is ignored for outbound transparent ports as the local outbound address will be the same as the client local address.
Example
Set the default local outbound IP address for IPv4 connections to 192.168.101.18.:
LOCAL proxy.local.outgoing_ip_to_bind STRING 192.168.101.18
Example
Set the default local outbound IP address to 192.168.101.17 for IPv4 and fc07:192:168:101::17 for IPv6.:
LOCAL proxy.local.outgoing_ip_to_bind STRING 192.168.101.17 [fc07:192:168:101::17]
Cluster¶
| Value | Effect |
|---|---|
| 1 | full-clustering mode |
| 2 | management-only mode |
| 3 | no clustering |
The network interface to be used for cluster communication. This has to be identical on all members of a clsuter. ToDo: Is that reasonable ?? Should this be local”
Local Manager¶
This setting specifies whether the management API should be restricted
to root processes. If this is set to 0, then on platforms that
support passing process credentials, non-root processes will be
allowed to make read-only management API calls. Any management API
calls that modify server state (eg. setting a configuration variable)
will still be restricted to root processes.
This setting is not reloadable, since it is must be applied when program:traffic_manager initializes.
Process Manager¶
Alarm Configuration¶
HTTP Engine¶
This is a list, separated by space or comma, of port descriptors. Each descriptor is a sequence of keywords and values separated by colons. Not all keywords have values, those that do are specifically noted. Keywords with values can have an optional ‘=’ character separating the keyword and value. The case of keywords is ignored. The order of keywords is irrelevant but unspecified results may occur if incompatible options are used (noted below). Options without values are idempotent. Options with values use the last (right most) value specified, except for ip-out as detailed later.
Quick reference chart.
| Name | Note | Definition |
|---|---|---|
| number | Required | The local port. |
| blind | Blind (CONNECT) port. |
|
| compress | N/I | Compressed. Not implemented. |
| ipv4 | Default | Bind to IPv4 address family. |
| ipv6 | Bind to IPv6 address family. | |
| ip-in | Value | Local inbound IP address. |
| ip-out | Value | Local outbound IP address. |
| ip-resolve | Value | IP address resolution style. |
| proto | Value | List of supported session protocols. |
| ssl | SSL terminated. | |
| tr-full | Fully transparent (inbound and outbound) | |
| tr-in | Inbound transparent. | |
| tr-out | Outbound transparent. | |
| tr-pass | Pass through enabled. |
- number
- Local IP port to bind. This is the port to which ATS clients will connect.
- blind
Accept only the
CONNECTmethod on this port.Not compatible with:
tr-in,ssl.- compress
- Compress the connection. Retained only by inertia, should be considered “not implemented”.
- ipv4
- Use IPv4. This is the default and is included primarily for completeness. This forced if the
ip-inoption is used with an IPv4 address. - ipv6
- Use IPv6. This is forced if the
ip-inoption is used with an IPv6 address. - ssl
Require SSL termination for inbound connections. SSL must be configured for this option to provide a functional server port.
Not compatible with:
blind.- proto
- Specify the session level protocols supported. These should be separated by semi-colons. For TLS proxy ports the default value is all available protocols. For non-TLS proxy ports the default is HTTP only.
- tr-full
Fully transparent. This is a convenience option and is identical to specifying both
tr-inandtr-out.Not compatible with: Any option not compatible with
tr-inortr-out.- tr-in
Inbound transparent. The proxy port will accept connections to any IP address on the port. To have IPv6 inbound transparent you must use this and the
ipv6option. This overrides :ts:cv:`proxy.local.incoming_ip_to_bind` for this port.Not compatible with:
ip-in,blind- tr-out
Outbound transparent. If ATS connects to an origin server for a transaction on this port, it will use the client’s address as its local address. This overrides :ts:cv:`proxy.local.outgoing_ip_to_bind` for this port.
Not compatible with:
ip-out,ip-resolve- tr-pass
- Transparent pass through. This option is useful only for inbound transparent proxy ports. If the parsing of the expected HTTP header fails, then the transaction is switched to a blind tunnel instead of generating an error response to the client. It effectively enables :ts:cv:`proxy.config.http.use_client_target_addr` for the transaction as there is no other place to obtain the origin server address.
- ip-in
Set the local IP address for the port. This is the address to which clients will connect. This forces the IP address family for the port. The
ipv4oripv6can be used but it is optional and is an error for it to disagree with the IP address family of this value. An IPv6 address must be enclosed in square brackets. If this option is omitted :ts:cv:`proxy.local.incoming_ip_to_bind` is used.Not compatible with:
tr-in.- ip-out
Set the local IP address for outbound connections. This is the address used by ATS locally when it connects to an origin server for transactions on this port. If this is omitted :ts:cv:`proxy.local.outgoing_ip_to_bind` is used.
This option can used multiple times, once for each IP address family. The address used is selected by the IP address family of the origin server address.
Not compatible with:
tr-out.- ip-resolve
Set the :ts:cv:`host resolution style <proxy.config.hostdb.ip_resolve>` for transactions on this proxy port.
Not compatible with:
tr-out- this option requires a value ofclient;nonewhich is forced and should not be explicitly specified.
Example
Listen on port 80 on any address for IPv4 and IPv6.:
80 80:ipv6
Example
Listen transparently on any IPv4 address on port 8080, and
transparently on port 8080 on local address fc01:10:10:1::1
(which implies ipv6).:
IPv4:tr-FULL:8080 TR-full:IP-in=[fc02:10:10:1::1]:8080
Example
Listen on port 8080 for IPv6, fully transparent. Set up an SSL port on 443. These ports will use the IP address from :ts:cv:`proxy.local.incoming_ip_to_bind`. Listen on IP address 192.168.17.1, port 80, IPv4, and connect to origin servers using the local address 10.10.10.1 for IPv4 and fc01:10:10:1::1 for IPv6.:
8080:ipv6:tr-full 443:ssl ip-in=192.168.17.1:80:ip-out=[fc01:10:10:1::1]:ip-out=10.10.10.1
Example
Listen on port 9090 for TSL enabled HTTP/2 or HTTP connections, accept no other session protocols.:
9090:proto=http2;http:ssl
Traffic Server allows tunnels only to the specified ports. Supports both wildcards (‘*’) and ranges (“0-1023”).
注解
These are the ports on the origin server, not Traffic Server :ts:cv:`proxy ports <proxy.config.http.server_ports>`.
| Value | Effect |
|---|---|
| 0 | Do not modify / set this via header |
| 1 | Update the via, with normal verbosity |
| 2 | Update the via, with higher verbosity |
| 3 | Update the via, with highest verbosity |
注解
The Via header string can be decoded with the Via Decoder Ring.
| Value | Effect |
|---|---|
| 0 | Do not modify / set this via header |
| 1 | Update the via, with normal verbosity |
| 2 | Update the via, with higher verbosity |
| 3 | Update the via, with highest verbosity |
注解
The Via header string can be decoded with the Via Decoder Ring.
Parent Proxy Configuration¶
HTTP Connection Timeouts¶
The value of 0 specifies that there is no timeout.
The default value of 0 specifies that there is no timeout.
HTTP Redirection¶
Origin Server Connect Attempts¶
Congestion Control¶
Negative Response Caching¶
Proxy User Variables¶
Security¶
Cache Control¶
RAM Cache¶
Heuristic Expiration¶
注解
These fuzzing options are marked as deprecated as of v6.2.0, and will be removed for v7.0.0. Instead, we recommend looking at the new :ts:cv:`proxy-config-http-cache-open-write-fail-action` configuration and the features around thundering heard avoidance (see cache-basics for details).
Dynamic Content & Content Negotiation¶
For example: if you specify User-agent, then Traffic Server caches
all the different user-agent versions of documents it encounters.
Customizable User Response Pages¶
DNS¶
注解
If the variable :ts:cv:`proxy.config.http.enable_url_expandomatic` is set to 1 (the default value), then you do not have to
add www. and .com to this list because Traffic Server automatically tries www. and .com after trying the values
you’ve specified.
HostDB¶
注解
For values above 200000, you must increase :ts:cv:`proxy.config.hostdb.storage_size` by at least 44 bytes per entry.
When this and :ts:cv:`proxy.config.hostdb.timed_round_robin` are both disabled (set to 0), Traffic Server always
uses the same origin server for the same client, for as long as the origin server is available. Otherwise if this is
set then IP address is rotated on every request. This setting takes precedence over
:ts:cv:`proxy.config.hostdb.timed_round_robin`.
When this and :ts:cv:`proxy.config.hostdb.strict_round_robin` are both disabled (set to 0), Traffic Server always
uses the same origin server for the same client, for as long as the origin server is available. Otherwise if this is
set to :arg:`N` the IP address is rotated if more than :arg:`N` seconds have past since the first time the
current address was used.
If this is set (non-empty) then the file is presumed to be a hosts file in the standard host file format. It is read and the entries there added to the HostDB. The file is periodically checked for a more recent modification date in which case it is reloaded. The interval is set by the value :ts:cv:`proxy.config.hostdb.host_file.interval`.
While not technically reloadable, the value is read every time the file is to be checked so that if changed the new value will be used on the next check and the file will be treated as modified.
The file is checked every this many seconds to see if it has changed. If so the HostDB is updated with the new values in the file.
This is an ordered list of keywords separated by semicolons that specify how a host name is to be resolved to an IP address. The keywords are case insensitive.
| Keyword | Meaning |
|---|---|
| ipv4 | Resolve to an IPv4 address. |
| ipv6 | Resolve to an IPv6 address. |
| client | Resolve to the same family as the client IP address. |
| none | Stop resolving. |
The order of the keywords is critical. When a host name needs to be resolved it is resolved in same order as the
keywords. If a resolution fails, the next option in the list is tried. The keyword none means to give up resolution
entirely. The keyword list has a maximum length of three keywords, more are never needed. By default there is an
implicit ipv4;ipv6 attached to the end of the string unless the keyword none appears.
Example
Use the incoming client family, then try IPv4 and IPv6.
client;ipv4;ipv6
Because of the implicit resolution this can also be expressed as just
client
Example
Resolve only to IPv4.
ipv4;none
Example
Resolve only to the same family as the client (do not permit cross family transactions).
client;none
This value is a global default that can be overridden by :ts:cv:`proxy.config.http.server_ports`.
注解
This style is used as a convenience for the administrator. During a resolution the resolution order will be
one family, then possibly the other. This is determined by changing client to ipv4 or ipv6 based on the
client IP address and then removing duplicates.
重要
This option has no effect on outbound transparent connections The local IP address used in the connection to the
origin server is determined by the client, which forces the IP address family of the address used for the origin
server. In effect, outbound transparent connections always use a resolution style of “client”.
Logging Configuration¶
注解
All files in the logging directory contribute to the space used, even if they are not log files. In collation client mode, if there is no local disk logging, or :ts:cv:`proxy.config.log.max_space_mb_for_orphan_logs` is set to a higher value than :ts:cv:`proxy.config.log.max_space_mb_for_logs`, TS will take :ts:cv:`proxy.config.log.max_space_mb_for_orphan_logs` for maximum allowed log space.
注解
When max_space_mb_for_orphan_logs is take as the maximum allowed log space in the logging system, the same rule apply to proxy.config.log.max_space_mb_for_logs also apply to proxy.config.log.max_space_mb_for_orphan_logs, ie: All files in the logging directory contribute to the space used, even if they are not log files. you may need to consider this when you enable full remote logging, and bump to the same size as proxy.config.log.max_space_mb_for_logs.
注解
The following defaults (with the format``CONFIG proxy.config.log.[format].[default]`` have been removed from records.config.
They can be accessed by editing logs_xml.config.
log_enabledINT 1- Enables (
1) or disables (0) the file format.
log_is_asciiINT 0- The log file type:
1= ASCII0= binary
log_nameSTRING [format]- The filename (ex. squid log).
log_headerSTRING NULL- The file header text (ex. squid log).
The format can be either squid (Squid),
common (Netscape Common),
extended (Netscape Extended),
or extended2 (Netscape Extended2).
| Value | Effect |
|---|---|
| 0 | Log collation is disabled. |
| 1 | This host is a log collation server. |
| 2 | This host is a collation client and sends entries using standard formats to the collation server. |
| 3 | This host is a collation client and sends entries using the traditional custom formats to the collation server. |
| 4 | This host is a collation client and sends entries that use both the standard and traditional custom formats to the collation server. |
For information on sending XML-based custom formats to the collation server,
refer to Log Formats and logs_xml.config.
注解
Although Traffic Server supports traditional custom logging, you should use the more versatile XML-based custom formats.
Diagnostic Logging Configuration¶
Example
To log debug diagnostics to both syslog and diags.log:
CONFIG proxy.config.diags.output.debug STRING SL
| Tag | Subsytem usage |
|---|---|
| dns | DNS query resolution |
| http_hdrs | Logs the headers for HTTP requests and responses |
| privileges | Privilege elevation |
| ssl | TLS termination and certificate processing |
Traffic Server plugins will typically log debug messages using theTSDebug()API, passing the plugin name as the debug tag.
Reverse Proxy¶
URL Remap Rules¶
SSL Termination¶
OCSP Stapling Configuration¶
ICP Configuration¶
HTTP/2 Configuration¶
SPDY Configuration¶
Plug-in Configuration¶
SOCKS Processor¶
Sockets¶
| Value | Effect |
|---|---|
| 0 | Decouple inbound connections and cache initialization. Connections will be accepted as soon as possible and Traffic Server will run regardless of the results of cache initialization. |
| 1 | Do not accept inbound connections until cache initialization has finished. Traffic server will run regardless of the results of cache initialization. |
| 2 | Do not accept inbound connections until cache initialization has finished and been sufficiently
successful that cache is enabled. This means at least one cache span is usable. If there are no
spans in storage.config or none of the spans can be successfully parsed and
initialized then Traffic Server will shut down. |
| 3 | Do not accept inbound connections until cache initialization has finished and been completely
successful. This requires at least one cache span in storage.config and that every
span specified is valid and successfully initialized. Any error will cause Traffic Server to shut
down. |