view docs/html/http/ngx_http_core_module.html @ 4182:75d2388bd6b9

Tweaked error messages.
author Ruslan Ermilov <>
date Fri, 07 Oct 2011 07:57:24 +0000
parents dc1fa52222b4
line wrap: on
line source

<html><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><title>HTTP Core Module</title></head><body><center><h3>HTTP Core Module</h3></center><a name="directives"></a><center><h4>Directives</h4></center><hr><a name="aio"></a><strong>syntax</strong>:
        <code>on</code> |
        <code>off</code> |
      <code>aio off</code><br><strong>context</strong>:
      <code>http</code>, <code>server</code>, <code>location</code><br><strong>appeared in version</strong>:
Enables or disables the use of asynchronous file I/O (AIO)
on FreeBSD and Linux.
On FreeBSD, AIO is usable starting from FreeBSD 4.3.
AIO can either be linked statically into a kernel:
options VFS_AIO
or loaded dynamically as a kernel loadable module:
kldload aio
In FreeBSD versions 5 and 6, enabling AIO statically, or dynamically
when booting the kernel, will cause the entire networking subsystem
to use the Giant lock that can impact overall performance negatively.
This limitation has been removed in FreeBSD 6.4-STABLE in 2009, and in
FreeBSD 7.
However, starting from FreeBSD 5.3 it is possible to enable AIO
without the penalty of running the networking subsystem under a
Giant lock - for this to work, the AIO module needs to be loaded
after the kernel has booted.
In this case, the following message will appear in
WARNING: Network stack Giant-free, but aio requires Giant.
Consider adding 'options NET_WITH_GIANT' or setting debug.mpsafenet=0
and can safely be ignored.

The requirement to use the Giant lock with AIO is related to the
fact that FreeBSD supports asynchronous calls
when working with sockets.
However, since nginx only uses AIO for disk I/O, no problems should arise.
For AIO to work,
<a href="#sendfile">sendfile</a>
needs to be disabled:
location /video/ {
    sendfile       off;
    aio            on;
    output_buffers 1 64k;
In addition, starting from FreeBSD 5.2.1 and nginx 0.8.12, AIO can
also be used to pre-load data for <code>sendfile()</code>:
location /video/ {
    sendfile       on;
    tcp_nopush     on;
    aio            sendfile;
In this configuration, <code>sendfile()</code> is called with
the <code>SF_NODISKIO</code> flag which causes it not to
block on disk I/O and instead report back when the data are not in
memory; nginx then initiates an asynchronous data load by reading
one byte. The FreeBSD kernel then loads the first 128K bytes
of a file into memory, however next reads will only load data
in 16K chunks. This can be tuned using the
<a href="#read_ahead">read_ahead</a>
On Linux, AIO is usable starting from kernel version 2.6.22;
plus, it is also necessary to enable
<a href="#directio">directio</a>,
otherwise reading will be blocking:
location /video/ {
    aio            on;
    directio       512;
    output_buffers 1 128k;
On Linux,
<a href="#directio">directio</a>
can only be used for reading blocks that are aligned on 512-byte
boundaries (or 4K for XFS).
Reading of unaligned file's end is still made in blocking mode.
The same holds true for byte range requests, and for FLV requests
not from the beginning of a file: reading of unaligned data at the
beginning and end of a file will be blocking.
There is no need to turn off
<a href="#sendfile">sendfile</a>
explicitly as it is turned off automatically when
<a href="#directio">directio</a>
is used.
</p><hr><a name="alias"></a><strong>syntax</strong>:
         <code>alias <code><i>path</i></code></code><br><strong>default</strong>:
Defines a replacement for the specified location.
For example, with the following configuration
location /i/ {
    alias /data/w3/images/;
the request of
&ldquo;<code>/i/top.gif</code>&rdquo; will be responded
with the file
The <code><i>path</i></code> value can contain variables.
If <code>alias</code> is used inside a location defined
with a regular expression then such regular expression should
contain captures and <code>alias</code> should refer to
these captures (0.7.40), for example:
location ~ ^/users/(.+\.(?:gif|jpe?g|png))$ {
    alias /data/w3/images/$1;
When location matches the last part of the directive's value:
location /images/ {
    alias /data/w3/images/;
it is better to use the
<a href="#root">root</a>
directive instead:
location /images/ {
    root /data/w3;
</pre></blockquote></p><hr><a name="client_body_in_file_only"></a><strong>syntax</strong>:
        <code>on</code> |
        <code>clean</code> |
      <code>client_body_in_file_only off</code><br><strong>context</strong>:
      <code>http</code>, <code>server</code>, <code>location</code><br><p>
Determines whether nginx should save the entire client request body
into a file.
This directive can be used during debugging, or when using the
variable, or the
<a href="ngx_http_perl_module.html#methods">$r-&gt;request_body_file</a>
method of the module
<a href="ngx_http_perl_module.html">ngx_http_perl_module</a>.
When set to the value <code>on</code>, temporary files are not
removed after request processing.
The value <code>clean</code> will cause the temporary files
left after request processing to be removed.
</p><hr><a name="client_body_in_single_buffer"></a><strong>syntax</strong>:
         <code>client_body_in_single_buffer <code>on</code> | <code>off</code></code><br><strong>default</strong>:
      <code>client_body_in_single_buffer off</code><br><strong>context</strong>:
      <code>http</code>, <code>server</code>, <code>location</code><br><p>
Determines whether nginx should save the entire client request body
in a single buffer.
The directive is recommended when using the
variable, to save the number of copy operations involved.
</p><hr><a name="client_body_buffer_size"></a><strong>syntax</strong>:
         <code>client_body_buffer_size <code><i>size</i></code></code><br><strong>default</strong>:
      <code>client_body_buffer_size 8k/16k</code><br><strong>context</strong>:
      <code>http</code>, <code>server</code>, <code>location</code><br><p>
Sets buffer size for reading client request body.
In case request body is larger than the buffer,
the whole body or only its part is written to a temporary file.

By default, buffer size is equal to two memory pages.
This is 8K on x86, other 32-bit platforms, and x86-64.
It is usually 16K on other 64-bit platforms.
</p><hr><a name="client_body_temp_path"></a><strong>syntax</strong>:
      <code>client_body_temp_path client_body_temp</code><br><strong>context</strong>:
      <code>http</code>, <code>server</code>, <code>location</code><br><p>
Defines a directory for storing temporary files holding client request bodies.
Up to three-level subdirectory hierarchy can be used underneath the specified
For example, in the following configuration
client_body_temp_path /spool/nginx/client_temp 1 2;
a temporary file might look like this:
</pre></blockquote></p><hr><a name="client_body_timeout"></a><strong>syntax</strong>:
         <code>client_body_timeout <code><i>time</i></code></code><br><strong>default</strong>:
      <code>client_body_timeout 60</code><br><strong>context</strong>:
      <code>http</code>, <code>server</code>, <code>location</code><br><p>
Defines a timeout for reading client request body.
A timeout is only set between two successive read operations,
not for the transmission of the whole request body.
If a client does not transmit anything within this time,
the client error
408 (Request Time-out)
is returned.
</p><hr><a name="client_header_buffer_size"></a><strong>syntax</strong>:
         <code>client_header_buffer_size <code><i>size</i></code></code><br><strong>default</strong>:
      <code>client_header_buffer_size 1k</code><br><strong>context</strong>:
      <code>http</code>, <code>server</code><br><p>
Sets buffer size for reading client request header.
For most requests, a buffer of 1K bytes is enough.
However, if a request includes long cookies, or comes from a WAP client,
it may not fit into 1K.
If a request line, or a request header field do not fit entirely into
this buffer then larger buffers are allocated, configured by the
<a href="#large_client_header_buffers">large_client_header_buffers</a>
</p><hr><a name="client_header_timeout"></a><strong>syntax</strong>:
         <code>client_header_timeout <code><i>time</i></code></code><br><strong>default</strong>:
      <code>client_header_timeout 60</code><br><strong>context</strong>:
      <code>http</code>, <code>server</code><br><p>
Defines a timeout for reading client request header.
If a client does not transmit the entire header within this time,
the client error
408 (Request Time-out)
is returned.
</p><hr><a name="client_max_body_size"></a><strong>syntax</strong>:
         <code>client_max_body_size <code><i>size</i></code></code><br><strong>default</strong>:
      <code>client_max_body_size 1m</code><br><strong>context</strong>:
      <code>http</code>, <code>server</code>, <code>location</code><br><p>
Sets the maximum allowed size of the client request body,
specified in the
request header field.
If it exceeds the configured value, the client error
413 (Request Entity Too Large)
is returned.
Please be aware that
<a href="/web/upload.html">browsers cannot correctly display
this error</a>.
</p><hr><a name="default_type"></a><strong>syntax</strong>:
         <code>default_type <code><i>mime-type</i></code></code><br><strong>default</strong>:
      <code>default_type text/plain</code><br><strong>context</strong>:
      <code>http</code>, <code>server</code>, <code>location</code><br><p>
Defines a default MIME-type of a response.
</p><hr><a name="directio"></a><strong>syntax</strong>:
         <code>directio <code><i>size</i></code> | <code>off</code></code><br><strong>default</strong>:
      <code>directio off</code><br><strong>context</strong>:
      <code>http</code>, <code>server</code>, <code>location</code><br><strong>appeared in version</strong>:
Enables the use of
the <code>O_DIRECT</code> flag (FreeBSD, Linux),
the <code>F_NOCACHE</code> flag (Mac OS X),
or the <code>directio()</code> function (Solaris),
when reading files that are larger than the specified <code><i>size</i></code>.
It automatically disables (0.7.15) the use of
<a href="#sendfile">sendfile</a>
for a given request.
It could be useful for serving large files:
directio 4m;
or when using <a href="#aio">aio</a> on Linux.
</p><hr><a name="directio_alignment"></a><strong>syntax</strong>:
         <code>directio_alignment <code><i>size</i></code></code><br><strong>default</strong>:
      <code>directio_alignment 512</code><br><strong>context</strong>:
      <code>http</code>, <code>server</code>, <code>location</code><br><strong>appeared in version</strong>:
Sets an alignment for
<a href="#directio">directio</a>.
In most cases, a 512-byte alignment is enough, however, when
using XFS under Linux, it needs to be increased to 4K.
</p><hr><a name="error_page"></a><strong>syntax</strong>:
        <code><i>code</i></code> ...
      <code>http</code>, <code>server</code>, <code>location</code>, <code>if in location</code><br><p>
Defines the URI that will be shown for the specified errors.
These directives are inherited from the previous level if and
only if there are no
directives on
the current level.
A URI value can contain variables.
error_page 404         /404.html;
error_page 502 503 504 /50x.html;
error_page 403;
Furthermore, it is possible to change the response code to another, for example:
error_page 404 =200 /empty.gif;
If an error response is processed by a proxied server, or a FastCGI server,
and the server may return different response codes (e.g., 200, 302, 401
or 404), it is possible to respond with a returned code:
error_page 404 = /404.php;
If there is no need to change URI during redirection it is possible to redirect
error processing into a named location:
location / {
    error_page 404 = @fallback;

location @fallback {
    proxy_pass http://backend;
</pre></blockquote></p><hr><a name="if_modified_since"></a><strong>syntax</strong>:
        <code>off</code> |
        <code>exact</code> |
      <code>if_modified_since exact</code><br><strong>context</strong>:
      <code>http</code>, <code>server</code>, <code>location</code><br><strong>appeared in version</strong>:
Specifies how to compare modification time of a response
with the time in the
request header:

<dl compact><dt><code>off</code></dt><dd>
<code>If-Modified-Since</code> request header is ignored (0.7.34);
exact match;
modification time of a response is
less than or equal to the time in the <code>If-Modified-Since</code>
request header.
</dd></dl></p><hr><a name="internal"></a><strong>syntax</strong>:
Specifies that a given location can only be used for internal requests.
For external requests, the client error
404 (Not Found)
is returned.
Internal requests are the following:

requests redirected by the <a href="#error_page">error_page</a> directive;
subrequests formed by the
<code>include virtual</code>
command of the module
<a href="ngx_http_ssi_module.html">ngx_http_ssi_module</a>;
requests changed by the
<a href="ngx_http_rewrite_module.html#rewrite">rewrite</a>
directive of the module
<a href="ngx_http_rewrite_module.html">ngx_http_rewrite_module</a>.
error_page 404 /404.html;

location /404.html {
</pre></blockquote></p><hr><a name="keepalive_requests"></a><strong>syntax</strong>:
         <code>keepalive_requests <code><i>number</i></code></code><br><strong>default</strong>:
      <code>keepalive_requests 100</code><br><strong>context</strong>:
      <code>http</code>, <code>server</code>, <code>location</code><br><strong>appeared in version</strong>:
Sets the maximum number of requests that can be
made through one keep-alive connection.
</p><hr><a name="keepalive_timeout"></a><strong>syntax</strong>:
      <code>keepalive_timeout 75</code><br><strong>context</strong>:
      <code>http</code>, <code>server</code>, <code>location</code><br><p>
The first argument sets a timeout during which a keep-alive
client connection will stay open on the server side.
The optional second argument sets a value in the
&ldquo;<code>Keep-Alive: timeout=<code><i>time</i></code></code>&rdquo;
response header.
Two arguments may differ.
&ldquo;<code>Keep-Alive: timeout=</code>&rdquo;
is understood by Mozilla and Konqueror.
MSIE will close keep-alive connection in about 60 seconds.
</p><hr><a name="large_client_header_buffers"></a><strong>syntax</strong>:
         <code>large_client_header_buffers <code><i>number size</i></code></code><br><strong>default</strong>:
      <code>large_client_header_buffers 4 4k/8k</code><br><strong>context</strong>:
      <code>http</code>, <code>server</code><br><p>
Sets the maximum <code><i>number</i></code> and <code><i>size</i></code> of
buffers used when reading large client request headers.
A request line cannot exceed the size of one buffer, or the client error
414 (Request-URI Too Large)
is returned.
A request header field cannot exceed the size of one buffer as well, or the
client error
400 (Bad Request)
is returned.
Buffers are allocated only on demand.
By default, the buffer size is equal to one memory page size.
It is either 4K or 8K, platform dependent.
If after the end of request processing a connection is transitioned
into the keep-alive state, these buffers are freed.
</p><hr><a name="limit_except"></a><strong>syntax</strong>:
         <code>limit_except <code><i>method</i></code> ... { ... }</code><br><strong>default</strong>:
Limits allowed HTTP methods inside a location.
The GET method also implies the HEAD method.
Access to other methods can be limited using the
<a href="ngx_http_access_module.html">ngx_http_access_module</a>
<a href="ngx_http_auth_basic_module.html">ngx_http_auth_basic_module</a>
modules directives:
limit_except GET {
    deny  all;
Please note that this will limit access to all methods
<strong>except</strong> GET and HEAD.
</p><hr><a name="limit_rate"></a><strong>syntax</strong>:
         <code>limit_rate <code><i>rate</i></code></code><br><strong>default</strong>:
      <code>http</code>, <code>server</code>, <code>location</code>, <code>if in location</code><br><p>
Rate limits the transmission of a response to a client.
The <code><i>rate</i></code> is specified in bytes per second.

The limit is per connection, so if a single client opens 2 connections,
an overall rate will be 2x more than specified.
This directive is not applicable if one wants to rate limit
a group of clients on the
<a href="#server">server</a>
If that is the case, the desired limit can be specified in the
server {

    if ($slow) {
        set $limit_rate 4k;

</pre></blockquote></p><hr><a name="limit_rate_after"></a><strong>syntax</strong>:
         <code>limit_rate_after <code><i>size</i></code></code><br><strong>default</strong>:
      <code>http</code>, <code>server</code>, <code>location</code>, <code>if in location</code><br><strong>appeared in version</strong>:
Sets the initial amount after which the further transmission
of a response to a client will be rate limited.
location /flv/ {
    limit_rate_after 500k;
    limit_rate       50k;
</pre></blockquote></p><hr><a name="listen"></a><strong>syntax</strong>:
        [<code>default</code> | <code>default_server</code>
</code><br><code>       </code><code>listen
        [<code>default</code> | <code>default_server</code>
      <code>listen *:80 | *:8000</code><br><strong>context</strong>:
Sets an <code><i>address</i></code> and a <code><i>port</i></code>, on which
the server will accept requests.
Only one of <code><i>address</i></code> or <code><i>port</i></code> can be
An <code><i>address</i></code> may also be a hostname, for example:
listen 8000;
listen *:8000;
listen localhost:8000;
IPv6 addresses (0.7.36) are specified in square brackets:
listen [::]:8000;
listen [fe80::1];
If only <code><i>address</i></code> is given, the port 80 is used.
If directive is not present then either the <code>*:80</code> is used
if nginx runs with superuser privileges, or <code>*:8000</code> otherwise.
The <code>default</code> parameter, if present,
will cause the server to become the default server for the specified
<code><i>address</i></code>:<code><i>port</i></code> pair.
If none of the directives have the <code>default</code>
parameter then the first server with the
<code><i>address</i></code>:<code><i>port</i></code> pair will be
the default server for this pair.
Starting from version 0.8.21 it is possible to use the
A <code>listen</code> directive which has the <code>default</code>
parameter can have several additional parameters specific to system calls
<code>listen()</code> and <code>bind()</code>.
Starting from version 0.8.21, these parameters can be specified in any
<code>listen</code> directive, but only once for the given
<code><i>address</i></code>:<code><i>port</i></code> pair.
<dl compact><dt><code>backlog</code>=<code><i>number</i></code></dt><dd>
sets the <code>backlog</code> parameter in the
<code>listen()</code> call.
By default, <code>backlog</code> equals -1 on FreeBSD
and 511 on other platforms.
sets the <code>SO_RCVBUF</code> parameter for the listening socket.
sets the <code>SO_SNDBUF</code> parameter for the listening socket.
sets the name of the accept filter.
This works only on FreeBSD, acceptable values are <code>dataready</code>
and <code>httpready</code>.
On receipt of the <code>SIGHUP</code> signal, an accept filter can only be
changed in recent versions of FreeBSD, starting from 6.0, 5.4-STABLE
and 4.11-STABLE.
instructs to use a deferred <code>accept()</code> on Linux
using the <code>TCP_DEFER_ACCEPT</code> option.
specifies to make a separate <code>bind()</code> call for a given
<code><i>address</i></code>:<code><i>port</i></code> pair.
This is because nginx will only <code>bind()</code> to
if there are several <code>listen</code> directives with
the same port but different addresses, and one of the
<code>listen</code> directives listens on all addresses
for the given port (<code>*</code>:<code><i>port</i></code>).
It should be noted that in this case a <code>getsockname()</code>
system call will be made to determine an address that accepted a
If parameters <code>backlog</code>, <code>rcvbuf</code>,
<code>sndbuf</code>, <code>accept_filter</code>, or
<code>deferred</code> are used then for a given
<code><i>address</i></code>:<code><i>port</i></code> pair
a separate <code>bind()</code> call will always be made.
this parameter (0.7.42) sets the value of the <code>IPV6_V6ONLY</code>
parameter for the listening socket.
This parameter can only be set once on start.
this parameter (0.7.14) does not relate to system calls
<code>listen()</code> and <code>bind()</code>, but allows to
specify that all connections accepted on this port should work in
the SSL mode.
This allows for a more compact configuration for the server operating
in both HTTP and HTTPS modes simultaneously.
listen 80;
listen 443 default ssl;
listen default accept_filter=dataready backlog=1024;
</pre></blockquote></p><hr><a name="location"></a><strong>syntax</strong>:
         <code>location [
        <code>=</code> |
	<code>~</code> |
	<code>~*</code> |
	<code>^~</code> |
	] <code><i>uri</i></code>
{ ... }</code><br><strong>default</strong>:
Sets a configuration based on a request URI.
A location can either be defined by a prefix string, or by a regular expression.
Regular expressions are specified by prepending them with the
&ldquo;<code>~*</code>&rdquo; prefix (for case-insensitive matching), or with the
&ldquo;<code>~</code>&rdquo; prefix (for case-sensitive matching).
To find a location matching a given request, nginx first checks
locations defined using the prefix strings (prefix locations).
Amongst them, the most specific one is searched.
Then regular expressions are checked, in the order of their appearance
in a configuration file.
A search terminates on the first match, and its corresponding
configuration is used.
If no match with a regular expression location is found then a
configuration of the most specific prefix location is used.
For case-insensitive operating systems such as Mac OS X and Cygwin,
the string matching ignores a case (0.7.7).
However, comparison is limited to one-byte locales.
Regular expressions can contain captures (0.7.40) that can later
be used in other directives.
If the most specific prefix location has the &ldquo;<code>^~</code>&rdquo; prefix
then regular expressions are not checked.
Also, using the &ldquo;<code>=</code>&rdquo; prefix it is possible to define
an exact match of URI and location.
If an exact match is found, the search terminates.
For example, if a &ldquo;<code>/</code>&rdquo; request happens frequently,
defining &ldquo;<code>location = /</code>&rdquo; will speed up the processing
of these requests, as search terminates right after the first
In versions from 0.7.1 to 0.8.41, if a request matched the prefix
location without the &ldquo;<code>=</code>&rdquo; and &ldquo;<code>^~</code>&rdquo;
prefixes, the search also terminated and regular expressions were
not checked.
Let's illustrate the above by example:
location = / {
    [ configuration A ]

location / {
    [ configuration B ]

location ^~ /images/ {
    [ configuration C ]

location ~* \.(gif|jpg|jpeg)$ {
    [ configuration D ]
The &ldquo;<code>/</code>&rdquo; request will match configuration A,
the &ldquo;<code>/documents/document.html</code>&rdquo; request will match
configuration B,
the &ldquo;<code>/images/1.gif</code>&rdquo; request will match configuration C, and
the &ldquo;<code>/documents/1.jpg</code>&rdquo; request will match configuration D.
The &ldquo;<code>@</code>&rdquo; prefix defines a named location.
Such a location is not used for a regular request processing, but instead
used for request redirection.
</p><hr><a name="log_not_found"></a><strong>syntax</strong>:
         <code>log_not_found <code>on</code> | <code>off</code></code><br><strong>default</strong>:
      <code>log_not_found on</code><br><strong>context</strong>:
      <code>http</code>, <code>server</code>, <code>location</code><br><p>
Enables or disables logging of errors about not found files into the
<a href="../ngx_core_module.html#error_log">error_log</a>.
</p><hr><a name="log_subrequest"></a><strong>syntax</strong>:
         <code>log_subrequest <code>on</code> | <code>off</code></code><br><strong>default</strong>:
      <code>log_subrequest off</code><br><strong>context</strong>:
      <code>http</code>, <code>server</code>, <code>location</code><br><p>
Enables or disables logging of subrequests into the
<a href="ngx_http_log_module.html#access_log">access_log</a>.
</p><hr><a name="merge_slashes"></a><strong>syntax</strong>:
         <code>merge_slashes <code>on</code> | <code>off</code></code><br><strong>default</strong>:
      <code>merge_slashes on</code><br><strong>context</strong>:
      <code>http</code>, <code>server</code><br><p>
Enables or disables compression of two or more adjacent slashes
in a URI into a single slash.
Note that compression is essential for the correct prefix string
and regular expressions location matching.
Without it, the &ldquo;<code>//scripts/one.php</code>&rdquo; request would not match
location /scripts/ {
and might be processed as a static file,
so it gets converted to &ldquo;<code>/scripts/one.php</code>&rdquo;.
Turning the compression <code>off</code> can become necessary if a URI
contains base64-encoded names, since base64 uses the "/" character internally.
However, for security considerations, it is better to avoid turning off
the compression.
If a directive is specified on the
<a href="#server">server</a>
level, which is also a default server, its value will cover
all virtual servers listening on the same address and port.
</p><hr><a name="msie_padding"></a><strong>syntax</strong>:
         <code>msie_padding <code>on</code> | <code>off</code></code><br><strong>default</strong>:
      <code>msie_padding on</code><br><strong>context</strong>:
      <code>http</code>, <code>server</code>, <code>location</code><br><p>
Enables or disables adding of comments to responses with status
greater than 400 for MSIE clients, to pad the response size to 512 bytes.
</p><hr><a name="msie_refresh"></a><strong>syntax</strong>:
         <code>msie_refresh <code>on</code> | <code>off</code></code><br><strong>default</strong>:
      <code>msie_refresh off</code><br><strong>context</strong>:
      <code>http</code>, <code>server</code>, <code>location</code><br><p>
Enables or disables issuing refreshes instead of redirects, for MSIE clients.
</p><hr><a name="open_file_cache"></a><strong>syntax</strong>:
[<code>inactive</code>=<code><i>time</i></code>] |
      <code>open_file_cache off</code><br><strong>context</strong>:
      <code>http</code>, <code>server</code>, <code>location</code><br><p>
Configures a cache that can store:
open file descriptors, their sizes and modification times;
directory lookups;
file lookup errors, such as "file not found", "no read permission",
and so on.
Caching of errors should be enabled separately by the
<a href="#open_file_cache_errors">open_file_cache_errors</a>
The directive has the following parameters:
<dl compact><dt><code>max</code></dt><dd>
sets the maximum number of elements in the cache;
on cache overflow the least recently used (LRU) elements get removed;
defines a time, after which the element gets removed from the cache
if there were no accesses to it during this time;
by default, it is 60 seconds;
disables the cache.
open_file_cache          max=1000 inactive=20s;
open_file_cache_valid    30s;
open_file_cache_min_uses 2;
open_file_cache_errors   on;
</pre></blockquote></p><hr><a name="open_file_cache_errors"></a><strong>syntax</strong>:
         <code>open_file_cache_errors <code>on</code> | <code>off</code></code><br><strong>default</strong>:
      <code>open_file_cache_errors off</code><br><strong>context</strong>:
      <code>http</code>, <code>server</code>, <code>location</code><br><p>
Enables or disables caching of file lookup errors by the
<a href="#open_file_cache">open_file_cache</a>.
</p><hr><a name="open_file_cache_min_uses"></a><strong>syntax</strong>:
         <code>open_file_cache_min_uses <code><i>number</i></code></code><br><strong>default</strong>:
      <code>open_file_cache_min_uses 1</code><br><strong>context</strong>:
      <code>http</code>, <code>server</code>, <code>location</code><br><p>
Sets the minimum <code><i>number</i></code> of file accesses during
the period configured by the <code>inactive</code> parameter
of the <a href="#open_file_cache">open_file_cache</a> directive,
after which a file descriptor will remain open in the cache.
</p><hr><a name="open_file_cache_valid"></a><strong>syntax</strong>:
         <code>open_file_cache_valid <code><i>time</i></code></code><br><strong>default</strong>:
      <code>open_file_cache_valid 60</code><br><strong>context</strong>:
      <code>http</code>, <code>server</code>, <code>location</code><br><p>
Sets a time after which
<a href="#open_file_cache">open_file_cache</a>
elements should be validated.
</p><hr><a name="optimize_server_names"></a><strong>syntax</strong>:
         <code>optimize_server_names <code>on</code> | <code>off</code></code><br><strong>default</strong>:
      <code>optimize_server_names on</code><br><strong>context</strong>:
      <code>http</code>, <code>server</code><br><p>
This directive is obsolete.
Enables or disables optimization of hostname checking in name-based
virtual servers.
In particular, the checking affects hostnames used in redirects.
If optimization is enabled, and all name-based servers listening on
the same address:port pair have identical configuration, then
names are not checked during request processing, and the first
server name is used in redirects.
In case redirects should use hostnames sent by clients,
optimization needs to be disabled.
</p><hr><a name="port_in_redirect"></a><strong>syntax</strong>:
         <code>port_in_redirect <code>on</code> | <code>off</code></code><br><strong>default</strong>:
      <code>port_in_redirect on</code><br><strong>context</strong>:
      <code>http</code>, <code>server</code>, <code>location</code><br><p>
Enables or disables specifying the port in redirects issued by nginx.
</p><hr><a name="read_ahead"></a><strong>syntax</strong>:
         <code>read_ahead <code><i>size</i></code></code><br><strong>default</strong>:
      <code>read_ahead 0</code><br><strong>context</strong>:
      <code>http</code>, <code>server</code>, <code>location</code><br><p>
Sets the amount of pre-reading when working with files, in the kernel.
On Linux, the
<code>posix_fadvise(0, 0, 0, POSIX_FADV_SEQUENTIAL)</code>
system call is used, so the <code><i>size</i></code> argument is ignored.
On FreeBSD, the
system call is used, supported in FreeBSD 9.0-CURRENT.
FreeBSD 7 needs to be
<a href="">patched</a>.
</p><hr><a name="recursive_error_pages"></a><strong>syntax</strong>:
         <code>recursive_error_pages <code>on</code> | <code>off</code></code><br><strong>default</strong>:
      <code>recursive_error_pages off</code><br><strong>context</strong>:
      <code>http</code>, <code>server</code>, <code>location</code><br><p>
Enables or disables doing several redirects using the
<a href="#error_page">error_page</a>
</p><hr><a name="reset_timedout_connection"></a><strong>syntax</strong>:
        <code>on</code> | <code>off</code></code><br><strong>default</strong>:
      <code>reset_timedout_connection off</code><br><strong>context</strong>:
      <code>http</code>, <code>server</code>, <code>location</code><br><p>
Enables or disables resetting of timed out connections.
The reset is performed as follows: before closing a socket, the
option is set on it with a timeout value of 0.
When the socket is closed, a client is sent TCP RST, and all memory
occupied by this socket is freed.
This avoids keeping of an already closed socket with filled buffers
for a long time, in a FIN_WAIT1 state.
It should be noted that timed out keep-alive connections are still
closed normally.
</p><hr><a name="resolver"></a><strong>syntax</strong>:
         <code>resolver <code><i>address</i></code></code><br><strong>default</strong>:
      <code>http</code>, <code>server</code>, <code>location</code><br><p>
Sets the <code><i>address</i></code> of a name server, for example:
</pre></blockquote></p><hr><a name="resolver_timeout"></a><strong>syntax</strong>:
         <code>resolver_timeout <code><i>time</i></code></code><br><strong>default</strong>:
      <code>resolver_timeout 30s</code><br><strong>context</strong>:
      <code>http</code>, <code>server</code>, <code>location</code><br><p>
Sets a timeout for name resolution, for example:
resolver_timeout 5s;
</pre></blockquote></p><hr><a name="root"></a><strong>syntax</strong>:
         <code>root <code><i>path</i></code></code><br><strong>default</strong>:
      <code>root html</code><br><strong>context</strong>:
      <code>http</code>, <code>server</code>, <code>location</code>, <code>if in location</code><br><p>
Sets the root directory for requests.
For example, with the following configuration
location /i/ {
    root /data/w3;
</pre></blockquote>&ldquo;<code>/i/top.gif</code>&rdquo; will be responded
with the file
The <code><i>path</i></code> value can contain variables.
A path to the file is constructed by merely adding a URI to the value
of the <code>root</code> directive.
If a URI need to be modified, the
<a href="#alias">alias</a> directive should be used.
</p><hr><a name="satisfy"></a><strong>syntax</strong>:
         <code>satisfy <code>all</code> | <code>any</code></code><br><strong>default</strong>:
      <code>satisfy all</code><br><strong>context</strong>:
Allows access if any of the
<a href="ngx_http_access_module.html">ngx_http_access_module</a>
or <a href="ngx_http_auth_basic_module.html">ngx_http_auth_basic_module</a>
modules grant access.
location / {
    satisfy any;

    deny  all;

    auth_basic           "closed site";
    auth_basic_user_file conf/htpasswd;
</pre></blockquote></p><hr><a name="satisfy_any"></a><strong>syntax</strong>:
         <code>satisfy_any <code>on</code> | <code>off</code></code><br><strong>default</strong>:
      <code>satisfy_any off</code><br><strong>context</strong>:
This directive was renamed to the <a href="#satisfy">satisfy</a> directive.
</p><hr><a name="send_timeout"></a><strong>syntax</strong>:
         <code>send_timeout <code><i>time</i></code></code><br><strong>default</strong>:
      <code>send_timeout 60</code><br><strong>context</strong>:
      <code>http</code>, <code>server</code>, <code>location</code><br><p>
Sets a timeout for transmitting a response to the client.
A timeout is only set between two successive write operations,
not for the transmission of the whole response.
If a client does not receive anything within this time,
a connection is closed.
</p><hr><a name="sendfile"></a><strong>syntax</strong>:
         <code>sendfile <code>on</code> | <code>off</code></code><br><strong>default</strong>:
      <code>sendfile off</code><br><strong>context</strong>:
      <code>http</code>, <code>server</code>, <code>location</code><br><p>
Enables or disables the use of
</p><hr><a name="server"></a><strong>syntax</strong>:
         <code>server { ... }</code><br><strong>default</strong>:
Sets a configuration for the virtual server.
There is no clean separation between IP-based (based on the IP address)
and name-based (based on the <code>Host</code> request header field)
virtual servers.
Instead, the <a href="#listen">listen</a> directives describe all
addresses and ports that should accept connections for a server, and the
<a href="#server_name">server_name</a> directive lists all server names.
An example configuration is provided in the
<a href="../virtual_hosts.html">
Setting Up Virtual Servers</a> document.
</p><hr><a name="server_name"></a><strong>syntax</strong>:
         <code>server_name <code><i>name</i></code> ...</code><br><strong>default</strong>:
      <code>server_name hostname</code><br><strong>context</strong>:
Sets names of the virtual server, for example:
server {
The first name becomes a primary server name.
By default, the machine's hostname is used.
Server names can include an asterisk (&ldquo;<code>*</code>&rdquo;)
to replace the first or last part of a name:
server {
    server_name * www.example.*;
The first two of the above mentioned names can be combined:
server {
It is also possible to use regular expressions in server names,
prepending the name with a tilde (&ldquo;<code>~</code>&rdquo;):
server {
    server_name ~^www\d+\.example\.com$;
Regular expressions can contain captures (0.7.40) that can later
be used in other directives:
server {
    server_name ~^(www\.)?(.+)$;

    location / {
        root /sites/$2;

server {
    server_name _;

    location / {
        root /sites/default;
Starting from version 0.8.25, named captures in regular expressions create
variables that can later be used in other directives:
server {
    server_name ~^(www\.)?(?&lt;domain&gt;.+)$;

    location / {
        root /sites/$domain;

server {
    server_name _;

    location / {
        root /sites/default;
Starting from version 0.7.11, it is possible to specify an empty name:
server {
    server_name "";
It allows this server to process requests without the <code>Host</code>
header, instead of the default server for the given address:port pair.
The name checking order is as follows:
full names
names with the prefix mask, e.g. &ldquo;<code>*</code>&rdquo;</li><li>
names with the suffix mask, e.g. &ldquo;<code>mail.*</code>&rdquo;</li><li>
regular expressions
</li></ol></p><hr><a name="server_name_in_redirect"></a><strong>syntax</strong>:
         <code>server_name_in_redirect <code>on</code> | <code>off</code></code><br><strong>default</strong>:
      <code>server_name_in_redirect on</code><br><strong>context</strong>:
      <code>http</code>, <code>server</code>, <code>location</code><br><p>
Enables or disables the use of the primary server name, specified by the
<a href="#server_name">server_name</a>
directive, in redirects issued by nginx.
When disabled, the name from the <code>Host</code> request header field
is used.
If this field is not present, an IP address of the server is used.
</p><hr><a name="server_names_hash_max_size"></a><strong>syntax</strong>:
         <code>server_names_hash_max_size <code><i>size</i></code></code><br><strong>default</strong>:
      <code>server_names_hash_max_size 512</code><br><strong>context</strong>:
Sets the maximum <code><i>size</i></code> of the server names hash tables.
For more information, please refer to
<a href="../hash.html">Setting Up Hashes</a>.
</p><hr><a name="server_names_hash_bucket_size"></a><strong>syntax</strong>:
         <code>server_names_hash_bucket_size <code><i>size</i></code></code><br><strong>default</strong>:
      <code>server_names_hash_bucket_size 32/64/128</code><br><strong>context</strong>:
Sets the bucket size for the server names hash tables.
Default value depends on the size of the processor's cache line.
For more information, please refer to
<a href="../hash.html">Setting Up Hashes</a>.
</p><hr><a name="server_tokens"></a><strong>syntax</strong>:
         <code>server_tokens <code>on</code> | <code>off</code></code><br><strong>default</strong>:
      <code>server_tokens on</code><br><strong>context</strong>:
      <code>http</code>, <code>server</code>, <code>location</code><br><p>
Enables or disables emitting of nginx version in error messages and in the
<code>Server</code> response header field.
</p><hr><a name="tcp_nodelay"></a><strong>syntax</strong>:
         <code>tcp_nodelay <code>on</code> | <code>off</code></code><br><strong>default</strong>:
      <code>tcp_nodelay on</code><br><strong>context</strong>:
      <code>http</code>, <code>server</code>, <code>location</code><br><p>
Enables or disables the use of the <code>TCP_NODELAY</code> option.
The option is enabled only when a connection is transitioned into the
keep-alive state.
</p><hr><a name="tcp_nopush"></a><strong>syntax</strong>:
         <code>tcp_nopush <code>on</code> | <code>off</code></code><br><strong>default</strong>:
      <code>tcp_nopush off</code><br><strong>context</strong>:
      <code>http</code>, <code>server</code>, <code>location</code><br><p>
Enables or disables the use of
the <code>TCP_NOPUSH</code> socket option on FreeBSD
or the <code>TCP_CORK</code> socket option on Linux.
Opitons are enables only when <a href="#sendfile">sendfile</a> is used.
Enabling the option allows to
send the response header and the beginning of a file in one packet,
on Linux and FreeBSD 4.*;
send a file in full packets.
</li></ul></p><hr><a name="try_files"></a><strong>syntax</strong>:
        <code><i>file</i></code> ...
	<code><i>uri</i></code></code><br><code>       </code><code>try_files
        <code><i>file</i></code> ...
Checks the existence of files in the specified order, and uses
the first found file for request processing; the processing
is performed in this location's context.
It is possible to check the directory existence by specifying
the slash at the end of a name, e.g. &ldquo;<code>$uri/</code>&rdquo;.
If none of the files were found, an internal redirect to the
<code><i>uri</i></code> specified by the last argument is made.
As of version 0.7.51, the last argument can also be a
location / {
    try_files $uri $uri/index.html $uri.html =404;
Example when proxying Mongrel:
location / {
    try_files /system/maintenance.html
              $uri $uri/index.html $uri.html

location @mongrel {
    proxy_pass http://mongrel;
Example for Drupal/FastCGI:
location / {
    try_files $uri $uri/ @drupal;

location ~ \.php$ {
    try_files $uri @drupal;

    fastcgi_pass ...;

    fastcgi_param SCRIPT_FILENAME /path/to$fastcgi_script_name;
    fastcgi_param SCRIPT_NAME     $fastcgi_script_name;
    fastcgi_param QUERY_STRING    $args;

    ... other fastcgi_param's

location @drupal {
    fastcgi_pass ...;

    fastcgi_param SCRIPT_FILENAME /path/to/index.php;
    fastcgi_param SCRIPT_NAME     /index.php;
    fastcgi_param QUERY_STRING    q=$uri&amp;$args;

    ... other fastcgi_param's
In the following example,
location / {
    try_files $uri $uri/ @drupal;
the <code>try_files</code> directive is equivalent to
location / {
    error_page 404 = @drupal;
    log_not_found off;
And here,
location ~ \.php$ {
    try_files $uri @drupal;

    fastcgi_pass ...;

    fastcgi_param SCRIPT_FILENAME /path/to$fastcgi_script_name;

</pre></blockquote><code>try_files</code> checks the existence of the PHP file
before passing the request to the FastCGI server.
Example for Wordpress and Joomla:
location / {
    try_files $uri $uri/ @wordpress;

location ~ \.php$ {
    try_files $uri @wordpress;

    fastcgi_pass ...;

    fastcgi_param SCRIPT_FILENAME /path/to$fastcgi_script_name;
    ... other fastcgi_param's

location @wordpress {
    fastcgi_pass ...;

    fastcgi_param SCRIPT_FILENAME /path/to/index.php;
    ... other fastcgi_param's
</pre></blockquote></p><hr><a name="types"></a><strong>syntax</strong>:
         <code>types { ... }</code><br><strong>default</strong>:
      <code>see below</code><br><strong>context</strong>:
      <code>http</code>, <code>server</code>, <code>location</code><br><p>
Maps file name extensions to MIME types of responses.
Several extensions can map to one type.
The following mappings are configured by default:
types {
    text/html  html;
    image/gif  gif;
    image/jpeg jpg;
A sufficiently full mapping table is distributed with nginx in the
<code>conf/mime.types</code> file.
To make a particular location emit the
MIME type for all requests, try the following:
location /download/ {
    types        { }
    default_type application/octet-stream;
</pre></blockquote></p><hr><a name="underscores_in_headers"></a><strong>syntax</strong>:
         <code>underscores_in_headers <code>on</code> | <code>off</code></code><br><strong>default</strong>:
      <code>underscores_in_headers off</code><br><strong>context</strong>:
      <code>http</code>, <code>server</code><br><p>
Enables or disables the use of underscores in client request header fields.
</p><a name="variables"></a><center><h4>Embedded Variables</h4></center><p>
The module <code>ngx_http_core_module</code> supports embedded variables with
names matching those of the Apache Server.
First of all, these are variables representing client request header
fields, such as, <code>$http_user_agent</code>, <code>$http_cookie</code>,
and so on.
It also supports other variables:
<dl compact><dt><code>$args</code></dt><dd>
arguments in the request line
argument <code><i>name</i></code> in the request line
client address in a binary form, value's length is always 4 bytes
</dd><dt><code>$content_length</code></dt><dd><code>Content-Length</code> request header field
</dd><dt><code>$content_type</code></dt><dd><code>Content-Type</code> request header field
the <code><i>name</i></code> cookie
</dd><dt><code>$document_root</code></dt><dd><a href="#root">root</a> directive's value for the current request
same as <code>$uri</code></dd><dt><code>$host</code></dt><dd><code>Host</code> request header field,
or the server name matching a request if this field is not present
host name
the <code><i>name</i></code> request header field
</dd><dt><code>$is_args</code></dt><dd>&ldquo;<code>?</code>&rdquo; if a request line has arguments,
or an empty string otherwise
allows for connection rate limiting
PID of the worker process
request method, usually
&ldquo;<code>GET</code>&rdquo; or &ldquo;<code>POST</code>&rdquo;</dd><dt><code>$remote_addr</code></dt><dd>
client address
client port
user name supplied with the Basic authentication
</dd><dt><code>$realpath_root</code></dt><dd><a href="#root">root</a> directive's value
for the current request, with all symbolic links resolved to real paths
file path for the current query, based on the
<a href="#root">root</a> and <a href="#alias">alias</a>
directives, and the request URI
request body
The variable's value is made available in locations
processed by the
<a href="ngx_http_proxy_module.html#proxy_pass">proxy_pass</a>
<a href="ngx_http_fastcgi_module.html#fastcgi_pass">fastcgi_pass</a>
name of a temporary file with the request body
At the end of processing, the file needs to be removed.
To always write a request body to a file,
<a href="#client_body_in_file_only">client_body_in_file_only on</a>
needs be specified.
When passing the name of a temporary file in a proxied request,
or in a request to a FastCGI server,
passing of the request body should be disabled by the
<a href="ngx_http_proxy_module.html#proxy_pass_request_body">proxy_pass_request_body</a>
<a href="ngx_http_fastcgi_module.html#fastcgi_pass_request_body">fastcgi_pass_request_body</a>
directives, respectively.
full original request URI (with arguments)
same as <code>$args</code></dd><dt><code>$scheme</code></dt><dd>
request scheme, &ldquo;<code>http</code>&rdquo; or &ldquo;<code>https</code>&rdquo;</dd><dt><code>$server_protocol</code></dt><dd>
request protocol, usually
an address of the server which accepted a request
Computing a value of this variable usually requires one system call.
To avoid a system call, the <code>listen</code> directives
must specify addresses and use the <code>bind</code> parameter
name of the server which accepted a request
port of the server which accepted a request
current URI in request
It may differ from an original, e.g. when doing internal redirects,
or when using index files.