NGX_NUM_WKR_PRC
OpenResty® NGINX core configurations.
Specifies the number of worker processes. The value "auto" uses the number of available CPU cores.
Default: auto
|
No
|
|
NGX_PID_FILE
Defines a file that stores the process ID of the main process.
Default: openresty.pid
|
No
|
|
NGX_WKR_CPU_AFFINITY
Binds the worker processes to the sets of CPUs. The value "auto" binds worker processes automatically to the available CPUs.
Default: auto
|
No
|
|
NGX_WKR_PRIORITY
Defines the scheduling priority for worker processes like it’s done by the nice command. A negative number means higher priority.
The allowed range varies from -20 to 20.
Default: 0
|
No
|
|
NGX_NUM_RLIMIT
Changes the limit on the maximum number of open files (RLIMIT_NOFILE) for worker processes. Used to increase the limit without
restarting the main process.
Default: 102400
|
No
|
|
NGX_MULTI_ACCEPT
If multi_accept is disabled, a worker process accepts one new connection at a time. Otherwise, a worker process accepts all
new connections at a time.
Default: on
|
No
|
|
NGX_NUM_WKR_CONN
Specifies the maximum number of simultaneous connections that can be opened by a worker process.
Default: 10240
|
No
|
|
NGX_SEND_FILE
Enables or disables the use of sendfile.
|
No
|
No
|
NGX_TCP_NOPUSH
Enables or disables the use of the TCP_NOPUSH socket option on FreeBSD or the TCP_CORK socket option on Linux. The options
are enabled only when the sendfile is used.
Default: on
|
No
|
|
NGX_MAP_HASH_BUCKET_SIZE
Specifies the bucket size for the map variables hash tables.
Default: 128
|
No
|
|
NGX_SERVERNAMES_HASH_BUCKET_SIZE
Specifies the bucket size for the server names hash tables.
Default: 512
|
No
|
|
NGX_JWT_EXPIRY
Specifies the JWT token expiry in seconds as configured in the IdS host.
Token cache expiry time in reverse-proxy. Reverse-proxy keeps the cached token for 2 hours for the default configuration of
1-hour access token expiry time configured in IdS.
Default: 7200
|
No
|
|
NGX_IDS_PUBLIC_KEY_POLL_INTERVAL
Specifies the IdS public key poll frequency in seconds.
The frequency at which reverse-proxy polls the ids to get the public key value. The default is once in 5 minutes.
Default: 300
|
No
|
|
NGX_CLIENT_LOCK_THRESHOLD
If the threshold to detect DoS attacks is crossed in the specified interval, the client IP is blocked for the specified duration.
Default: 5
|
No
|
|
NGX_CLIENT_LOCK_DURATION
Specifies the request authorization failure threshold over a given interval for a source IP.
Default: 30
|
No
|
|
NGX_CLIENT_BLOCK_DURATION
Specifies the duration of blocking (in seconds) for clients to avoid brute force attacks.
The block duration for the client IP is 30 minutes.
Default: 1800
|
No
|
|
NGX_SYSLOG_SVR_PORT
Specifies the port for the syslog server.
Default: 514
|
No
|
Usually the syslog server listens on 514, if the syslog server is configured to listen on some other port then this can be
changed.
|
NGX_LOG_FILE
Specifies the OpenResty® logging file.
Default: access.log
|
No
|
|
NGX_LOG_FORMAT
Specifies the OpenResty® NGINX access log format name as specified in logging.conf.
Default: info
|
No
|
Not recommended to change on a production system. You can change it to the debug format in LAB setup for more detailed logging.
|
NGX_LOG_BUFFER
Specifies the OpenResty® NGINX access log buffer size. When this buffer is full or the flush interval is reached, the system
writes the logs to the disk.
Default: 16k
|
No
|
|
NGX_LOG_FLUSH_INTERVAL
Specifies the OpenResty® NGINX access log flush interval. Logs are written to the disk after this interval is reached or the
log buffer is full.
Default: 30s
|
No
|
Not recommended changing on production servers.
For a LAB system, you can reduce this value to 1 to 5s so you can check the access.log file updates immediately.
|
NGX_PROXY_CACHE_LOCK
Only one request at a time can populate a new cache element identified according to the proxy_cache_key directive by passing a request to the server, which is enabled with reverse-proxy. Other requests of the same cache element
either wait for a response to appear in the cache or the cache lock for this element to be released, up to the time set by
the NGX_PROXY_CACHE_LOCK_TIMEOUT value.
Default: on
|
No
|
|
NGX_PROXY_CACHE_LOCK_TIMEOUT
Specifies the timeout for NGX_PROXY_CACHE_LOCK. When the time expires, the request is passed to the server, which is enabled
with reverse-proxy; however, the response isn't cached.
Default: 30s
|
No
|
|
NGX_PROXY_CACHE_LOCK_AGE
If the last request passed to the server, which is enabled with reverse-proxy, for populating a new cache element hasn’t completed
for the specified time, one more request passes to the server, which is enabled with reverse-proxy.
Default: 5s
|
No
|
|
NGX_PROXY_CACHE_BACKGROUND_UPDATE
Allows starting a background sub request to update an expired cache item, while a stale cached response is returned to the
client.
Default: on
|
No
|
|
NGX_PROXY_CACHE_REVALIDATE
Enables revalidation of expired cache items using conditional requests with the “If-Modified-Since” and “If-None-Match” header
fields.
Default: on
|
No
|
|
NGX_PROXY_CACHE_VALID
Specifies the caching time for 200, 301, and 302 responses.
Default: 24h
|
No
|
|
NGX_VARIABLES_HASH_BUCKET_SIZE
Specifies the bucket size for the variables hash table.
Default: 128
|
No
|
|
NGX_KEEPALIVE_TIMEOUT
Specifies a timeout during which a keep-alive client connection stays open on the server side. The zero value disables keep-alive
client connections.
Default: 20s
|
No
|
|
NGX_SEND_TIMEOUT
Specifies a timeout for transmitting a response to the client. The timeout is set only between two successive write operations,
not for the transmission of the whole response.
Default: 10s
|
No
|
|
NGX_CLIENT_HEADER_TIMEOUT
Specifies the timeout for reading the client request header.
Default: 10s
|
No
|
|
NGX_CLIENT_BODY_TIMEOUT
Specifies a timeout for the reading the client request body. The timeout is set only for a period between two successive read
operations, not for the transmission of the whole request body.
Default: 10s
|
No
|
|
NGX_RESET_TIMEDOUT_CONNECTION
Enables or disables resetting timed out connections and connections closed with the non-standard code 444.
Default: on
|
No
|
|
NGX_CLIENT_HEADER_BUFFER_SIZE
Specifies the buffer size for reading the client request header.
Default: 4K
|
No
|
|
NGX_CLIENT_BODY_BUFFER_SIZE
Specifies the buffer size for reading the client request body.
Default: 2k
|
No
|
|
NGX_CLIENT_MAX_BODY_SIZE
Specifies the maximum allowed size of the client request body.
Default: 15m
|
No
|
|
NGX_LARGE_CLIENT_HEADER_BUFFER_NUM
Specifies the maximum number of buffers used for reading a large client request header. Buffers are allocated only on demand.
Default: 2
|
No
|
|
NGX_LARGE_CLIENT_HEADER_BUFFER_SIZE
Specifies the maximum size of buffers used for reading a large client request header. A request line can’t exceed the size
of one buffer. Buffers are allocated only on demand.
Default: 8K
|
No
|
|
NGX_UNDERSCORES_IN_HEADERS
Enables or disables the use of underscores in client request header fields.
Default: on
|
No
|
|
NGX_KEEPALIVE_REQUESTS
Specifies the maximum number of requests that are served through one keep-alive connection.
After the maximum number of requests are made, the connection is closed.
Default: 500
|
No
|
|
NGX_HTTP2_MAX_CONCURRENT_STREAMS
Specifies the maximum number of concurrent HTTP/2 streams in a connection.
Default: 150
|
No
|
|
NGX_SERVER_TOKENS
Enables or disables emitting NGINX version on error pages and in the “Server” response header field.
Default: off
|
No
|
|
NGX_LIMIT_CONN_DRY_RUN
Enables the dry-run mode for limiting HTTP connections. In this mode, the number of connections isn’t limited. However, in
the shared memory zone, the number of excessive connections is considered as usual.
Default: off
|
No
|
On a production system, this should be always "off".
If the system is running in lab mode, you can toggle this "on" to avoid rate limiting.
|
NGX_LIMIT_REQ_DRY_RUN
Enables the dry-run mode for limiting HTTP requests. In this mode, the number of connections isn’t limited, however, in the
shared memory zone, the number of excessive connections is considered as usual.
Default: off
|
No
|
On a production setup, this should be always "off".
If the system is running in lab mode, you can toggle this "on" to avoid rate limiting.
|
NGX_LIMIT_CONN_LOG_LEVEL
Specifies the desired logging level for cases when the server limits the number of connections.
Default: error
|
No
|
|
NGX_LIMIT_REQ_LOG_LEVEL
Specifies the desired logging level for cases when the server refuses to process requests due to rate exceeding, or delays
request processing.
Default: error
|
No
|
|
NGX_LIMIT_REQ_STATUS
Specifies the status code to return in response to rejected requests due to HTTP request rate limits.
This is the standard HTTP error code for rate-limiting errors.
Default: 429
|
No
|
|
NGX_LIMIT_CONN_STATUS
Specifies the status code to return in response to rejected requests due to HTTP connection rate limits.
Default: 503
|
No
|
Error code returned when the connection limits are reached.
|
NGX_CHAT_REQUEST_RATE_LIMIT
Specifies the HTTP request rate limit for chat access.
Default: 30r/s
|
No
|
|
NGX_IDS_REQUEST_RATE_LIMIT
Specifies the HTTP request rate limit for IdS access.
Default: 5r/s
|
No
|
|
NGX_FIN_REQUEST_RATE_LIMIT
Specifies the HTTP request rate limit for Finesse access.
Default: 45r/s
|
No
|
|
NGX_FIN_CLIENT_LOG_REQUEST_RATE_LIMIT
Specifies the HTTP request rate limit for Finesse client log requests.
Default: 5r/s
|
No
|
|
NGX_FIN_SSO_VALVE_REQUEST_RATE_LIMIT
Specifies the HTTP request rate limit for Finesse SSO valve requests.
Default: 5r/s
|
No
|
|
NGX_CUIC_REQUEST_RATE_LIMIT
Specifies the HTTP request rate limit for CUIC access.
Default: 50r/s
|
No
|
|
NGX_CUIC_HISTORICAL_REPORT_REQUEST_RATE_LIMIT
Specifies the HTTP request rate limit for CUIC historical report requests.
Default: 16r/s
|
No
|
|
NGX_CUIC_REALTIME_REPORT_REQUEST_RATE_LIMIT
Specifies the HTTP request rate limit for CUIC realtime report requests.
Default: 48r/s
|
No
|
|
NGX_CUIC_REPORT_EXECUTION_REQUEST_RATE_LIMIT
Specifies the HTTP request rate limit for CUIC report execution requests.
Default: 12r/s
|
No
|
|
NGX_LIVEDATA_REQUEST_RATE_LIMIT
Specifies the HTTP request rate limit for livedata access.
Default: 25r/s
|
No
|
|
NGX_CLOUDCONNECT_DR_TASK_REQUEST_RATE_LIMIT
Specifies the HTTP request rate limit for DR API task request access.
Default: 100r/s
|
No
|
|
NGX_CLOUDCONNECT_USER_SYNC_CALLBACK_REQUEST_RATE_LIMIT
Specifies the HTTP request rate limit for user sync callback request access.
Default: 5r/m
|
No
|
|
NGX_PRXY_STATIC_FILES_PORT
Specifies the OpenResty® static content configuration. The reverse-proxy port is used to serve static files under the HTML
directory.
Default: 10000
|
No |
This location serves the proxy-map information. You can change the port number if necessary.
|
NGX_PRXY_STATUS_IP
Specifies the reverse-proxy IP used to access OpenResty® NGINX stats over the "/reverseproxy_status" endpoint
Internal request is accessible from only the host system.
Default: 127.0.0.1
|
No |
|
NGX_PRXY_STATUS_PORT
Specifies the reverse-proxy port used to access OpenResty® NGINX stats over the "/reverseproxy_status" endpoint.
Default: 10001
|
No
|
|
NGX_USERTIMERTHREAD_SHRD_DICT_SIZE
Specifies the LUA shared dictionary sizes used by reverse-proxy internally.
Default: 100k
|
No
|
|
NGX_USERLIST_SHRD_DICT_SIZE
Specifies the LUA shared dictionary sizes used by reverse-proxy internally.
Default: 50m
|
No
|
|
NGX_CREDENTIALSSTORE_SHRD_DICT_SIZE
Specifies the LUA shared dictionary sizes used by reverse-proxy internally.
Default: 100m
|
No
|
|
NGX_USERCOUNT_SHRD_DICT_SIZE
Specifies the LUA shared dictionary sizes used by reverse-proxy internally.
Default: 100k
|
No
|
|
NGX_CLIENTSTORAGE_SHRD_DICT_SIZE
Specifies the LUA shared dictionary sizes used by reverse-proxy internally.
Default: 100m
|
No
|
|
NGX_BLOCKINGRESOURCES_SHRD_DICT_SIZE
Specifies the LUA shared dictionary sizes used by reverse-proxy internally.
Default: 100m
|
No
|
|
NGX_TOKENCACHE_SHRD_DICT_SIZE
Specifies the LUA shared dictionary sizes used by reverse-proxy internally.
Default: 10m
|
No
|
|
NGX_IPSTORE_SHRD_DICT_SIZE
Specifies the LUA shared dictionary sizes used by reverse-proxy internally.
Default: 10m
|
No
|
|
NGX_DESKTOPURLLIST_SHRD_DICT_SIZE
Specifies the LUA shared dictionary sizes used by reverse-proxy internally.
Default: 10m
|
No
|
|
NGX_DESKTOPURLCOUNT_SHRD_DICT_SIZE
Specifies the LUA shared dictionary sizes used by reverse-proxy internally.
Default: 100k
|
No
|
|
NGX_THIRDPARTYGADGETURLLIST_SHRD_DICT_SIZE
Specifies the LUA shared dictionary sizes used by reverse-proxy internally.
Default: 100m
|
No
|
|
NGX_THIRDPARTYGADGETURLCOUNT_SHRD_DICT_SIZE
Specifies the LUA shared dictionary sizes used by reverse-proxy internally.
Default: 100k
|
No
|
|
NGX_CORSHEADERSSTORE_SHRD_DICT_SIZE
Specifies the LUA shared dictionary sizes used by reverse-proxy internally.
Default: 100k
|
No
|
|
NGX_TIMERTHREADSSTORE_SHRD_DICT_SIZE
Specifies the LUA shared dictionary sizes used by reverse-proxy internally.
Default: 100k
|
No
|
|
NGX_ALTERNATE_HOSTS_SHRD_DICT_SIZE
Specifies the LUA shared dictionary sizes used by reverse-proxy internally.
Default: 100k
|
No
|
|