Mercurial > hg > nginx-site
view xml/en/docs/http/ngx_http_upstream_module.xml @ 3088:7b7dbaa7d777 default tip
Documented XOAUTH2 and OAUTHBEARER authentication methods.
| author | Maxim Dounin <mdounin@mdounin.ru> |
|---|---|
| date | Tue, 04 Jun 2024 18:35:21 +0300 |
| parents | 0bbf14c9fd66 |
| children |
line wrap: on
line source
<?xml version="1.0"?> <!-- Copyright (C) Igor Sysoev Copyright (C) Nginx, Inc. --> <!DOCTYPE module SYSTEM "../../../../dtd/module.dtd"> <module name="Module ngx_http_upstream_module" link="/en/docs/http/ngx_http_upstream_module.html" lang="en" rev="90"> <section id="summary"> <para> The <literal>ngx_http_upstream_module</literal> module is used to define groups of servers that can be referenced by the <link doc="ngx_http_proxy_module.xml" id="proxy_pass"/>, <link doc="ngx_http_fastcgi_module.xml" id="fastcgi_pass"/>, <link doc="ngx_http_uwsgi_module.xml" id="uwsgi_pass"/>, <link doc="ngx_http_scgi_module.xml" id="scgi_pass"/>, <link doc="ngx_http_memcached_module.xml" id="memcached_pass"/>, and <link doc="ngx_http_grpc_module.xml" id="grpc_pass"/> directives. </para> </section> <section id="example" name="Example Configuration"> <para> <example> upstream <emphasis>backend</emphasis> { server backend1.example.com weight=5; server backend2.example.com:8080; server unix:/tmp/backend3; server backup1.example.com:8080 backup; server backup2.example.com:8080 backup; } server { location / { proxy_pass http://<emphasis>backend</emphasis>; } } </example> </para> </section> <section id="directives" name="Directives"> <directive name="upstream"> <syntax block="yes"><value>name</value></syntax> <default/> <context>http</context> <para> Defines a group of servers. Servers can listen on different ports. In addition, servers listening on TCP and UNIX-domain sockets can be mixed. </para> <para> Example: <example> upstream backend { server backend1.example.com weight=5; server 127.0.0.1:8080 max_fails=3 fail_timeout=30s; server unix:/tmp/backend3; server backup1.example.com backup; } </example> </para> <para> By default, requests are distributed between the servers using a weighted round-robin balancing method. In the above example, each 7 requests will be distributed as follows: 5 requests go to <literal>backend1.example.com</literal> and one request to each of the second and third servers. If an error occurs during communication with a server, the request will be passed to the next server, and so on until all of the functioning servers will be tried. If a successful response could not be obtained from any of the servers, the client will receive the result of the communication with the last server. </para> </directive> <directive name="server"> <syntax><value>address</value> [<value>parameters</value>]</syntax> <default/> <context>upstream</context> <para> Defines the <value>address</value> and other <value>parameters</value> of a server. The address can be specified as a domain name or IP address, with an optional port, or as a UNIX-domain socket path specified after the “<literal>unix:</literal>” prefix. If a port is not specified, the port 80 is used. A domain name that resolves to several IP addresses defines multiple servers at once. </para> <para> The following parameters can be defined: <list type="tag"> <tag-name id="weight"> <literal>weight</literal>=<value>number</value> </tag-name> <tag-desc> sets the weight of the server, by default, 1. </tag-desc> <tag-name id="max_conns"> <literal>max_conns</literal>=<value>number</value> </tag-name> <tag-desc> limits the maximum <value>number</value> of simultaneous active connections to the proxied server (1.11.5). Default value is zero, meaning there is no limit. If the server group does not reside in the <link id="zone">shared memory</link>, the limitation works per each worker process. <note> If <link id="keepalive">idle keepalive</link> connections, multiple <link doc="../ngx_core_module.xml" id="worker_processes">workers</link>, and the <link id="zone">shared memory</link> are enabled, the total number of active and idle connections to the proxied server may exceed the <literal>max_conns</literal> value. </note> </tag-desc> <tag-name id="max_fails"> <literal>max_fails</literal>=<value>number</value> </tag-name> <tag-desc> sets the number of unsuccessful attempts to communicate with the server that should happen in the duration set by the <literal>fail_timeout</literal> parameter to consider the server unavailable for a duration also set by the <literal>fail_timeout</literal> parameter. By default, the number of unsuccessful attempts is set to 1. The zero value disables the accounting of attempts. What is considered an unsuccessful attempt is defined by the <link doc="ngx_http_proxy_module.xml" id="proxy_next_upstream"/>, <link doc="ngx_http_fastcgi_module.xml" id="fastcgi_next_upstream"/>, <link doc="ngx_http_uwsgi_module.xml" id="uwsgi_next_upstream"/>, <link doc="ngx_http_scgi_module.xml" id="scgi_next_upstream"/>, <link doc="ngx_http_memcached_module.xml" id="memcached_next_upstream"/>, and <link doc="ngx_http_grpc_module.xml" id="grpc_next_upstream"/> directives. </tag-desc> <tag-name id="fail_timeout"> <literal>fail_timeout</literal>=<value>time</value> </tag-name> <tag-desc> sets <list type="bullet"> <listitem> the time during which the specified number of unsuccessful attempts to communicate with the server should happen to consider the server unavailable; </listitem> <listitem> and the period of time the server will be considered unavailable. </listitem> </list> By default, the parameter is set to 10 seconds. </tag-desc> <tag-name id="backup"> <literal>backup</literal> </tag-name> <tag-desc> marks the server as a backup server. It will be passed requests when the primary servers are unavailable. <note> The parameter cannot be used along with the <link id="hash"/>, <link id="ip_hash"/>, and <link id="random"/> load balancing methods. </note> </tag-desc> <tag-name id="down"> <literal>down</literal> </tag-name> <tag-desc> marks the server as permanently unavailable. </tag-desc> </list> </para> <para> <note> If there is only a single server in a group, <literal>max_fails</literal> and <literal>fail_timeout</literal> parameters are ignored, and such a server will never be considered unavailable. </note> </para> </directive> <directive name="zone"> <syntax><value>name</value> [<value>size</value>]</syntax> <default/> <context>upstream</context> <appeared-in>1.9.0</appeared-in> <para> Defines the <value>name</value> and <value>size</value> of the shared memory zone that keeps the group’s configuration and run-time state that are shared between worker processes. Several groups may share the same zone. In this case, it is enough to specify the <value>size</value> only once. </para> </directive> <directive name="hash"> <syntax><value>key</value> [<literal>consistent</literal>]</syntax> <default/> <context>upstream</context> <appeared-in>1.7.2</appeared-in> <para> Specifies a load balancing method for a server group where the client-server mapping is based on the hashed <value>key</value> value. The <value>key</value> can contain text, variables, and their combinations. Note that adding or removing a server from the group may result in remapping most of the keys to different servers. The method is compatible with the <link url="https://metacpan.org/pod/Cache::Memcached">Cache::Memcached</link> Perl library. </para> <para> If the <literal>consistent</literal> parameter is specified, the <link url="https://www.metabrew.com/article/libketama-consistent-hashing-algo-memcached-clients">ketama</link> consistent hashing method will be used instead. The method ensures that only a few keys will be remapped to different servers when a server is added to or removed from the group. This helps to achieve a higher cache hit ratio for caching servers. The method is compatible with the <link url="https://metacpan.org/pod/Cache::Memcached::Fast">Cache::Memcached::Fast</link> Perl library with the <value>ketama_points</value> parameter set to 160. </para> </directive> <directive name="ip_hash"> <syntax/> <default/> <context>upstream</context> <para> Specifies that a group should use a load balancing method where requests are distributed between servers based on client IP addresses. The first three octets of the client IPv4 address, or the entire IPv6 address, are used as a hashing key. The method ensures that requests from the same client will always be passed to the same server except when this server is unavailable. In the latter case client requests will be passed to another server. Most probably, it will always be the same server as well. <note> IPv6 addresses are supported starting from versions 1.3.2 and 1.2.2. </note> </para> <para> If one of the servers needs to be temporarily removed, it should be marked with the <literal>down</literal> parameter in order to preserve the current hashing of client IP addresses. </para> <para> Example: <example> upstream backend { ip_hash; server backend1.example.com; server backend2.example.com; server backend3.example.com <emphasis>down</emphasis>; server backend4.example.com; } </example> </para> <para> <note> Until versions 1.3.1 and 1.2.2, it was not possible to specify a weight for servers using the <literal>ip_hash</literal> load balancing method. </note> </para> </directive> <directive name="keepalive"> <syntax><value>connections</value></syntax> <default/> <context>upstream</context> <appeared-in>1.1.4</appeared-in> <para> Activates the cache for connections to upstream servers. </para> <para> The <value>connections</value> parameter sets the maximum number of idle keepalive connections to upstream servers that are preserved in the cache of each worker process. When this number is exceeded, the least recently used connections are closed. <note> It should be particularly noted that the <literal>keepalive</literal> directive does not limit the total number of connections to upstream servers that an nginx worker process can open. The <value>connections</value> parameter should be set to a number small enough to let upstream servers process new incoming connections as well. </note> <note> When using load balancing methods other than the default round-robin method, it is necessary to activate them before the <literal>keepalive</literal> directive. </note> </para> <para> Example configuration of memcached upstream with keepalive connections: <example> upstream memcached_backend { server 127.0.0.1:11211; server 10.0.0.2:11211; keepalive 32; } server { ... location /memcached/ { set $memcached_key $uri; memcached_pass memcached_backend; } } </example> </para> <para> For HTTP, the <link doc="ngx_http_proxy_module.xml" id="proxy_http_version"/> directive should be set to “<literal>1.1</literal>” and the <header>Connection</header> header field should be cleared: <example> upstream http_backend { server 127.0.0.1:8080; keepalive 16; } server { ... location /http/ { proxy_pass http://http_backend; proxy_http_version 1.1; proxy_set_header Connection ""; ... } } </example> </para> <para> <note> Alternatively, HTTP/1.0 persistent connections can be used by passing the <header>Connection: Keep-Alive</header> header field to an upstream server, though this method is not recommended. </note> </para> <para> For FastCGI servers, it is required to set <link doc="ngx_http_fastcgi_module.xml" id="fastcgi_keep_conn"/> for keepalive connections to work: <example> upstream fastcgi_backend { server 127.0.0.1:9000; keepalive 8; } server { ... location /fastcgi/ { fastcgi_pass fastcgi_backend; fastcgi_keep_conn on; ... } } </example> </para> <para> <note> SCGI and uwsgi protocols do not have a notion of keepalive connections. </note> </para> </directive> <directive name="keepalive_requests"> <syntax><value>number</value></syntax> <default>1000</default> <context>upstream</context> <appeared-in>1.15.3</appeared-in> <para> Sets the maximum number of requests that can be served through one keepalive connection. After the maximum number of requests is made, the connection is closed. </para> <para> Closing connections periodically is necessary to free per-connection memory allocations. Therefore, using too high maximum number of requests could result in excessive memory usage and not recommended. </para> <para> <note> Prior to version 1.19.10, the default value was 100. </note> </para> </directive> <directive name="keepalive_time"> <syntax><value>time</value></syntax> <default>1h</default> <context>upstream</context> <appeared-in>1.19.10</appeared-in> <para> Limits the maximum time during which requests can be processed through one keepalive connection. After this time is reached, the connection is closed following the subsequent request processing. </para> </directive> <directive name="keepalive_timeout"> <syntax><value>timeout</value></syntax> <default>60s</default> <context>upstream</context> <appeared-in>1.15.3</appeared-in> <para> Sets a timeout during which an idle keepalive connection to an upstream server will stay open. </para> </directive> <directive name="least_conn"> <syntax/> <default/> <context>upstream</context> <appeared-in>1.3.1</appeared-in> <appeared-in>1.2.2</appeared-in> <para> Specifies that a group should use a load balancing method where a request is passed to the server with the least number of active connections, taking into account weights of servers. If there are several such servers, they are tried in turn using a weighted round-robin balancing method. </para> </directive> <directive name="random"> <syntax>[<literal>two</literal> [<value>method</value>]]</syntax> <default/> <context>upstream</context> <appeared-in>1.15.1</appeared-in> <para> Specifies that a group should use a load balancing method where a request is passed to a randomly selected server, taking into account weights of servers. </para> <para> The optional <literal>two</literal> parameter instructs nginx to randomly select <link url="https://homes.cs.washington.edu/~karlin/papers/balls.pdf">two</link> servers and then choose a server using the specified <literal>method</literal>. The default method is <literal>least_conn</literal> which passes a request to a server with the least number of active connections. </para> </directive> </section> <section id="variables" name="Embedded Variables"> <para> The <literal>ngx_http_upstream_module</literal> module supports the following embedded variables: <list type="tag"> <tag-name id="var_upstream_addr"><var>$upstream_addr</var></tag-name> <tag-desc> keeps the IP address and port, or the path to the UNIX-domain socket of the upstream server. If several servers were contacted during request processing, their addresses are separated by commas, e.g. “<literal>192.168.1.1:80, 192.168.1.2:80, unix:/tmp/sock</literal>”. If an internal redirect from one server group to another happens, initiated by <header>X-Accel-Redirect</header> or <link doc="ngx_http_core_module.xml" id="error_page"/>, then the server addresses from different groups are separated by colons, e.g. “<literal>192.168.1.1:80, 192.168.1.2:80, unix:/tmp/sock : 192.168.10.1:80, 192.168.10.2:80</literal>”. If a server cannot be selected, the variable keeps the name of the server group. </tag-desc> <tag-name id="var_upstream_bytes_received"><var>$upstream_bytes_received</var></tag-name> <tag-desc> number of bytes received from an upstream server (1.11.4). Values from several connections are separated by commas and colons like addresses in the <link id="var_upstream_addr">$upstream_addr</link> variable. </tag-desc> <tag-name id="var_upstream_bytes_sent"><var>$upstream_bytes_sent</var></tag-name> <tag-desc> number of bytes sent to an upstream server (1.15.8). Values from several connections are separated by commas and colons like addresses in the <link id="var_upstream_addr">$upstream_addr</link> variable. </tag-desc> <tag-name id="var_upstream_cache_key"><var>$upstream_cache_key</var> </tag-name> <tag-desc> the cache key being used (1.27.1). </tag-desc> <tag-name id="var_upstream_cache_status"><var>$upstream_cache_status</var> </tag-name> <tag-desc> keeps the status of accessing a response cache (0.8.3). The status can be either “<literal>MISS</literal>”, “<literal>BYPASS</literal>”, “<literal>EXPIRED</literal>”, “<literal>STALE</literal>”, “<literal>UPDATING</literal>”, “<literal>REVALIDATED</literal>”, or “<literal>HIT</literal>”. </tag-desc> <tag-name id="var_upstream_connect_time"><var>$upstream_connect_time</var> </tag-name> <tag-desc> keeps time spent on establishing a connection with the upstream server (1.9.1); the time is kept in seconds with millisecond resolution. In case of SSL, includes time spent on handshake. Times of several connections are separated by commas and colons like addresses in the <link id="var_upstream_addr">$upstream_addr</link> variable. </tag-desc> <tag-name id="var_upstream_cookie_"><var>$upstream_cookie_</var><value>name</value> </tag-name> <tag-desc> cookie with the specified <value>name</value> sent by the upstream server in the <header>Set-Cookie</header> response header field (1.7.1). Only the cookies from the response of the last server are saved. </tag-desc> <tag-name id="var_upstream_header_time"><var>$upstream_header_time</var> </tag-name> <tag-desc> keeps time spent on receiving the response header from the upstream server (1.7.10); the time is kept in seconds with millisecond resolution. Times of several responses are separated by commas and colons like addresses in the <link id="var_upstream_addr">$upstream_addr</link> variable. </tag-desc> <tag-name id="var_upstream_http_"><var>$upstream_http_</var><value>name</value></tag-name> <tag-desc> keep server response header fields. For example, the <header>Server</header> response header field is available through the <var>$upstream_http_server</var> variable. The rules of converting header field names to variable names are the same as for the variables that start with the “<link doc="ngx_http_core_module.xml" id="var_http_">$http_</link>” prefix. Only the header fields from the response of the last server are saved. </tag-desc> <tag-name id="var_upstream_queue_time"><var>$upstream_queue_time</var></tag-name> <tag-desc> keeps time the request spent in the upstream <link id="queue">queue</link> (1.13.9); the time is kept in seconds with millisecond resolution. Times of several responses are separated by commas and colons like addresses in the <link id="var_upstream_addr">$upstream_addr</link> variable. </tag-desc> <tag-name id="var_upstream_response_length"><var>$upstream_response_length</var> </tag-name> <tag-desc> keeps the length of the response obtained from the upstream server (0.7.27); the length is kept in bytes. Lengths of several responses are separated by commas and colons like addresses in the <link id="var_upstream_addr">$upstream_addr</link> variable. </tag-desc> <tag-name id="var_upstream_response_time"><var>$upstream_response_time</var> </tag-name> <tag-desc> keeps time spent on receiving the response from the upstream server; the time is kept in seconds with millisecond resolution. Times of several responses are separated by commas and colons like addresses in the <link id="var_upstream_addr">$upstream_addr</link> variable. </tag-desc> <tag-name id="var_upstream_status"><var>$upstream_status</var></tag-name> <tag-desc> keeps status code of the response obtained from the upstream server. Status codes of several responses are separated by commas and colons like addresses in the <link id="var_upstream_addr">$upstream_addr</link> variable. If a server cannot be selected, the variable keeps the <http-status code="502" text="Bad Gateway"/> status code. </tag-desc> <tag-name id="var_upstream_trailer_"><var>$upstream_trailer_</var><value>name</value></tag-name> <tag-desc> keeps fields from the end of the response obtained from the upstream server (1.13.10). </tag-desc> </list> </para> </section> </module>