Enables or disables the use of asynchronous file I/O (AIO) on FreeBSD and Linux.

On FreeBSD, AIO is usable starting from FreeBSD 4.3. AIO can either be linked statically into a kernel:

options VFS_AIO

kldload aio

In FreeBSD versions 5 and 6, enabling AIO statically, or dynamically when booting the kernel, will cause the entire networking subsystem to use the Giant lock that can impact overall performance negatively. This limitation has been removed in FreeBSD 6.4-STABLE in 2009, and in FreeBSD 7. However, starting from FreeBSD 5.3 it is possible to enable AIO without the penalty of running the networking subsystem under a Giant lock - for this to work, the AIO module needs to be loaded after the kernel has booted. In this case, the following message will appear in /var/log/messages

WARNING: Network stack Giant-free, but aio requires Giant.
Consider adding 'options NET_WITH_GIANT' or setting debug.mpsafenet=0

For AIO to work, sendfile needs to be disabled:

location /video/ {
    sendfile       off;
    aio            on;
    output_buffers 1 64k;
}

In addition, starting from FreeBSD 5.2.1 and nginx 0.8.12, AIO can also be used to pre-load data for sendfile():

location /video/ {
    sendfile       on;
    tcp_nopush     on;
    aio            sendfile;
}

On Linux, AIO is usable starting from kernel version 2.6.22; plus, it is also necessary to enable directio, otherwise reading will be blocking:

location /video/ {
    aio            on;
    directio       512;
    output_buffers 1 128k;
}

On Linux, directio can only be used for reading blocks that are aligned on 512-byte boundaries (or 4K for XFS). Reading of unaligned file's end is still made in blocking mode. The same holds true for byte range requests, and for FLV requests not from the beginning of a file: reading of unaligned data at the beginning and end of a file will be blocking. There is no need to turn off sendfile explicitly as it is turned off automatically when directio is used.

Defines a replacement for the specified location. For example, with the following configuration

location /i/ {
    alias /data/w3/images/;
}

The path value can contain variables.

If alias is used inside a location defined with a regular expression then such regular expression should contain captures and alias should refer to these captures (0.7.40), for example:

location ~ ^/users/(.+\.(?:gif|jpe?g|png))$ {
    alias /data/w3/images/$1;
}

When location matches the last part of the directive's value:

location /images/ {
    alias /data/w3/images/;
}

location /images/ {
    root /data/w3;
}

Determines whether nginx should save the entire client request body into a file. This directive can be used during debugging, or when using the $request_body_file variable, or the $r->request_body_file method of the http_perl module.

When set to the value on, temporary files are not removed after request processing.

The value clean will cause the temporary files left after request processing to be removed.

Determines whether nginx should save the entire client request body in a single buffer. The directive is recommended when using the $request_body variable, to save the number of copy operations involved.

Sets buffer size for reading client request body. In case request body is larger than the buffer, the whole body or only its part is written to a temporary file. By default, buffer size is equal to two memory pages. This is 8K on x86, other 32-bit platforms, and x86-64. It is usually 16K on other 64-bit platforms.

Defines a directory for storing temporary files holding client request bodies. Up to three-level subdirectory hierarchy can be used underneath the specified directory. For example, in the following configuration

client_body_temp_path /spool/nginx/client_temp 1 2;

/spool/nginx/client_temp/7/45/00000123457

Defines a timeout for reading client request body. A timeout is only set between two successive read operations, not for the transmission of the whole request body. If a client does not transmit anything within this time, the error "Request time out" (408) is returned.

Sets buffer size for reading client request header. For most requests, a buffer of 1K bytes is enough. However, if a request includes long cookies, or comes from a WAP client, it may not fit into 1K. If a request line, or a request header field do not fit entirely into this buffer then larger buffers are allocated, configured by the large_client_header_buffers directive.

Defines a timeout for reading client request header. If a client does not transmit the entire header within this time, the error "Request time out" (408) is returned.

Sets the maximum allowed size of the client request body, specified in the Content-Length request header field. If size is greater than the configured value, the "Request Entity Too Large" (413) error is returned to a client. Please be aware that browsers cannot correctly display this error.

Defines a default MIME-type of a response.

Enables the use of the O_DIRECT flag (FreeBSD, Linux), the F_NOCACHE flag (Mac OS X), or the directio() function (Solaris), when reading files that are larger than the specified size. It automatically disables (0.7.15) the use of sendfile for a given request. It could be useful for serving large files:

directio 4m;

Sets an alignment for directio. In most cases, a 512-byte alignment is enough, however, when using XFS under Linux, it needs to be increased to 4K.

Defines the URI that will be shown for the specified errors. These directives are inherited from the previous level if and only if there are no error_page directives on the current level. A URI value can contain variables.

Example:

error_page 404         /404.html;
error_page 502 503 504 /50x.html;
error_page 403         http://example.com/forbidden.html;

Furthermore, it is possible to change the response code to another, for example:

error_page 404 =200 /empty.gif;

If an error response is processed by a proxied server, or a FastCGI server, and the server may return different response codes (e.g., 200, 302, 401 or 404), it is possible to respond with a returned code:

error_page 404 = /404.php;

If there is no need to change URI during redirection it is possible to redirect error processing into a named location:

location / {
    error_page 404 = @fallback;
}

location @fallback {
    proxy_pass http://backend;
}

Specifies how to compare modification time of a response with the time in the If-Modified-Since request header:

off

the If-Modified-Since request header is ignored (0.7.34);

exact

exact match;

before

modification time of a response is less than or equal to the time in the If-Modified-Since request header.

Specifies that a given location can only be used for internal requests. For external requests, the "Not found" (404) error is returned. Internal requests are the following:

• requests redirected by the error_page directive;
• subrequests formed by the include virtual command of the http_ssi module;
• requests changed by the rewrite directive of the http_rewrite module.

Example:

error_page 404 /404.html;

location /404.html {
    internal;
}

Sets the maximum number of requests that can be made through one keep-alive connection.

The first argument sets a timeout during which a keep-alive client connection will stay open on the server side. The optional second argument sets a value in the “Keep-Alive: timeout=time” response header. Two arguments may differ.

The “Keep-Alive: timeout=” is understood by Mozilla and Konqueror. MSIE will close keep-alive connection in about 60 seconds.

Sets the maximum number and size of buffers used when reading large client request headers. A request line cannot exceed the size of one buffer, or the "Request URI too large" (414) error is returned. A request header field cannot exceed the size of one buffer as well, or the "Bad request" (400) error is returned. Buffers are allocated only on demand. By default, the buffer size is equal to one memory page size. It is either 4K or 8K, platform dependent. If after the end of request processing a connection is transitioned into the keep-alive state, these buffers are freed.

Limits allowed HTTP methods inside a location. The GET method also implies the HEAD method. Access to other methods can be limited using the http_access and http_auth_basic modules directives:

limit_except GET {
    allow 192.168.1.0/32;
    deny  all;
}

Rate limits the transmission of a response to a client. The rate is specified in bytes per second. The limit is per connection, so if a single client opens 2 connections, an overall rate will be 2x more than specified.

This directive is not applicable if one wants to rate limit a group of clients on the server level. If that is the case, the desired limit can be specified in the $limit_rate variable:

server {

    if ($slow) {
        set $limit_rate 4k;
    }

    ...
}

Sets the initial amount after which the further transmission of a response to a client will be rate limited.

Example:

location /flv/ {
    flv;
    limit_rate_after 500k;
    limit_rate       50k;
}

Sets an address and a port, on which the server will accept requests. Only one of address or port can be specified. An address may also be a hostname, for example:

listen 127.0.0.1:8000;
listen 127.0.0.1;
listen 8000;
listen *:8000;
listen localhost:8000;

listen [::]:8000;
listen [fe80::1];

If only address is given, the port 80 is used.

If directive is not present then either the *:80 is used if nginx runs with superuser privileges, or *:8000 otherwise.

The default parameter, if present, will cause the server to become the default server for the specified address:port pair. If none of the directives have the default parameter then the first server with the address:port pair will be the default server for this pair. Starting from version 0.8.21 it is possible to use the default_server parameter.

A listen directive which has the default parameter can have several additional parameters specific to system calls listen() and bind(). Starting from version 0.8.21, these parameters can be specified in any listen directive, but only once for the given address:port pair.

backlog=number

sets the backlog parameter in the listen() call. By default, backlog equals -1 on FreeBSD and 511 on other platforms.

rcvbuf=size

sets the SO_RCVBUF parameter for the listening socket.

sndbuf=size

sets the SO_SNDBUF parameter for the listening socket.

accept_filter=filter

sets the name of the accept filter. This works only on FreeBSD, acceptable values are dataready and httpready. On receipt of the SIGHUP signal, an accept filter can only be changed in recent versions of FreeBSD, starting from 6.0, 5.4-STABLE and 4.11-STABLE.

deferred

instructs to use a deferred accept() on Linux using the TCP_DEFER_ACCEPT option.

bind

specifies to make a separate bind() call for a given address:port pair. This is because nginx will only bind() to *:port if there are several listen directives with the same port but different addresses, and one of the listen directives listens on all addresses for the given port (*:port). It should be noted that in this case a getsockname() system call will be made to determine an address that accepted a connection. If parameters backlog, rcvbuf, sndbuf, accept_filter, or deferred are used then for a given address:port pair a separate bind() call will always be made.

ipv6only=on|off

this parameter (0.7.42) sets the value of the IPV6_V6ONLY parameter for the listening socket. This parameter can only be set once on start.

ssl

this parameter (0.7.14) does not relate to system calls listen() and bind(), but allows to specify that all connections accepted on this port should work in the SSL mode. This allows for a more compact configuration for the server operating in both HTTP and HTTPS modes simultaneously.

listen 80;
listen 443 default ssl;

Example:

listen 127.0.0.1 default accept_filter=dataready backlog=1024;

Sets a configuration based on a request URI. A location can either be defined by a prefix string, or by a regular expression. Regular expressions are specified by prepending them with the “~*” prefix (for case-insensitive matching), or with the “~” prefix (for case-sensitive matching). To find a location matching a given request, nginx first checks locations defined using the prefix strings (prefix locations). Amongst them, the most specific one is searched. Then regular expressions are checked, in the order of their appearance in a configuration file. A search terminates on the first match, and its corresponding configuration is used. If no match with a regular expression location is found then a configuration of the most specific prefix location is used.

For case-insensitive operating systems such as Mac OS X and Cygwin, the string matching ignores a case (0.7.7). However, comparison is limited to one-byte locales.

Regular expressions can contain captures (0.7.40) that can later be used in other directives.

If the most specific prefix location has the “^~” prefix then regular expressions are not checked.

Also, using the “=” prefix it is possible to define an exact match of URI and location. If an exact match is found, the search terminates. For example, if a “/” request happens frequently, defining “location = /” will speed up the processing of these requests, as search terminates right after the first comparison.

In versions from 0.7.1 to 0.8.41, if a request matched the prefix location without the “=” and “^~” prefixes, the search also terminated and regular expressions were not checked.

Let's illustrate the above by example:

location = / {
    [ configuration A ]
}

location / {
    [ configuration B ]
}

location ^~ /images/ {
    [ configuration C ]
}

location ~* \.(gif|jpg|jpeg)$ {
    [ configuration D ]
}

The “@” prefix defines a named location. Such a location is not used for a regular request processing, but instead used for request redirection.

Enables or disables logging of errors about not found files into the error_log.

Enables or disables logging of subrequests into the access_log.

Enables or disables compression of two or more adjacent slashes in a URI into a single slash.

Note that compression is essential for the correct prefix string and regular expressions location matching. Without it, the “//scripts/one.php” request would not match

location /scripts/ {
    ...
}

Turning the compression off can become necessary if a URI contains base64-encoded names, since base64 uses the "/" character internally. However, for security considerations, it is better to avoid turning off the compression.

If a directive is specified on the server level, which is also a default server, its value will cover all virtual servers listening on the same address and port.

Enables or disables adding of comments to responses with status greater than 400 for MSIE clients, to pad the response size to 512 bytes.

Enables or disables issuing refreshes instead of redirects, for MSIE clients.

Configures a cache that can store:

• open file descriptors, their sizes and modification times;
• directory lookups;
• file lookup errors, such as "file not found", "no read permission", and so on. Caching of errors should be enabled separately by the open_file_cache_errors directive.

The directive has the following parameters:

max

sets the maximum number of elements in the cache; on cache overflow the least recently used (LRU) elements get removed;

inactive

defines a time, after which the element gets removed from the cache if there were no accesses to it during this time; by default, it is 60 seconds;

off

disables the cache.

Example:

open_file_cache          max=1000 inactive=20s;
open_file_cache_valid    30s;
open_file_cache_min_uses 2;
open_file_cache_errors   on;

Enables or disables caching of file lookup errors by the open_file_cache.

Sets the minimum number of file accesses during the period configured by the inactive parameter of the open_file_cache directive, after which a file descriptor will remain open in the cache.

Sets a time after which open_file_cache elements should be validated.

This directive is obsolete.

Enables or disables optimization of hostname checking in name-based virtual servers. In particular, the checking affects hostnames used in redirects. If optimization is enabled, and all name-based servers listening on the same address:port pair have identical configuration, then names are not checked during request processing, and the first server name is used in redirects. In case redirects should use hostnames sent by clients, optimization needs to be disabled.

Enables or disables specifying the port in redirects issued by nginx.

Sets the amount of pre-reading when working with files, in the kernel.

On Linux, the posix_fadvise(0, 0, 0, POSIX_FADV_SEQUENTIAL) system call is used, so the size argument is ignored.

On FreeBSD, the fcntl(O_READAHEAD,size) system call is used, supported in FreeBSD 9.0-CURRENT. FreeBSD 7 needs to be patched.

Enables or disables doing several redirects using the error_page directive.

Enables or disables resetting of timed out connections. The reset is performed as follows: before closing a socket, the SO_LINGER option is set on it with a timeout value of 0. When the socket is closed, a client is sent TCP RST, and all memory occupied by this socket is freed. This avoids keeping of an already closed socket with filled buffers for a long time, in a FIN_WAIT1 state.

It should be noted that timed out keep-alive connections are still closed normally.

Sets the address of a name server, for example:

resolver 127.0.0.1;

Sets a timeout for name resolution, for example:

resolver_timeout 5s;

Sets the root directory for requests. For example, with the following configuration

location /i/ {
    root /data/w3;
}

The path value can contain variables.

A path to the file is constructed by merely adding a URI to the value of the root directive. If a URI need to be modified, the alias directive should be used.

Allows access if any of the http_access or http_auth_basic modules grant access.

location / {
    satisfy any;

    allow 192.168.1.0/32;
    deny  all;

    auth_basic           "closed site";
    auth_basic_user_file conf/htpasswd;
}

This directive was renamed to the satisfy directive.

Sets a timeout for transmitting a response to the client. A timeout is only set between two successive write operations, not for the transmission of the whole response. If a client does not receive anything within this time, a connection is closed.

Enables or disables the use of sendfile().

Sets a configuration for the virtual server. There is no clean separation between IP-based (based on the IP address) and name-based (based on the Host request header field) virtual servers. Instead, the listen directives describe all addresses and ports that should accept connections for a server, and the server_name directive lists all server names. An example configuration is provided in the Setting Up Virtual Servers document.

Sets names of the virtual server, for example:

server {
    server_name example.com www.example.com;
}

The first name becomes a primary server name. By default, the machine's hostname is used. Server names can include an asterisk (“*”) to replace the first or last part of a name:

server {
    server_name example.com *.example.com www.example.*;
}

The first two of the above mentioned names can be combined:

server {
    server_name .example.com;
}

It is also possible to use regular expressions in server names, prepending the name with a tilde (“~”):

server {
    server_name www.example.com ~^www\d+\.example\.com$;
}

Regular expressions can contain captures (0.7.40) that can later be used in other directives:

server {
    server_name ~^(www\.)?(.+)$;

    location / {
        root /sites/$2;
    }
}

server {
    server_name _;

    location / {
        root /sites/default;
    }
}

Starting from version 0.8.25, named captures in regular expressions create variables that can later be used in other directives:

server {
    server_name ~^(www\.)?(?<domain>.+)$;

    location / {
        root /sites/$domain;
    }
}

server {
    server_name _;

    location / {
        root /sites/default;
    }
}

Starting from version 0.7.11, it is possible to specify an empty name:

server {
    server_name www.example.com "";
}

The name checking order is as follows:

1. full names
2. names with the prefix mask, e.g. “*.example.com”
3. names with the suffix mask, e.g. “mail.*”
4. regular expressions

Enables or disables the use of the primary server name, specified by the server_name directive, in redirects issued by nginx. When disabled, the name from the Host request header field is used. If this field is not present, an IP address of the server is used.

Sets the maximum size of the server names hash tables. For more information, please refer to Setting Up Hashes.

Sets the bucket size for the server names hash tables. Default value depends on the size of the processor's cache line. For more information, please refer to Setting Up Hashes.

Enables or disables emitting of nginx version in error messages and in the Server response header field.

Enables or disables the use of the TCP_NODELAY option. The option is enabled only when a connection is transitioned into the keep-alive state.

Enables or disables the use of the TCP_NOPUSH socket option on FreeBSD or the TCP_CORK socket option on Linux. Opitons are enables only when sendfile is used. Enabling the option allows to

• send the response header and the beginning of a file in one packet, on Linux and FreeBSD 4.*;
• send a file in full packets.

Checks the existence of files in the specified order, and uses the first found file for request processing; the processing is performed in this location's context. It is possible to check the directory existence by specifying the slash at the end of a name, e.g. “$uri/”. If none of the files were found, an internal redirect to the uri specified by the last argument is made. As of version 0.7.51, the last argument can also be a code:

location / {
    try_files $uri $uri/index.html $uri.html =404;
}

Example when proxying Mongrel:

location / {
    try_files /system/maintenance.html
              $uri $uri/index.html $uri.html
              @mongrel;
}

location @mongrel {
    proxy_pass http://mongrel;
}

Example for Drupal/FastCGI:

location / {
    try_files $uri $uri/ @drupal;
}

location ~ \.php$ {
    try_files $uri @drupal;

    fastcgi_pass ...;

    fastcgi_param SCRIPT_FILENAME /path/to$fastcgi_script_name;
    fastcgi_param SCRIPT_NAME     $fastcgi_script_name;
    fastcgi_param QUERY_STRING    $args;

    ... other fastcgi_param's
}

location @drupal {
    fastcgi_pass ...;

    fastcgi_param SCRIPT_FILENAME /path/to/index.php;
    fastcgi_param SCRIPT_NAME     /index.php;
    fastcgi_param QUERY_STRING    q=$uri&$args;

    ... other fastcgi_param's
}

location / {
    try_files $uri $uri/ @drupal;
}

location / {
    error_page 404 = @drupal;
    log_not_found off;
}

location ~ \.php$ {
    try_files $uri @drupal;

    fastcgi_pass ...;

    fastcgi_param SCRIPT_FILENAME /path/to$fastcgi_script_name;

    ...
}

Example for Wordpress and Joomla:

location / {
    try_files $uri $uri/ @wordpress;
}

location ~ \.php$ {
    try_files $uri @wordpress;

    fastcgi_pass ...;

    fastcgi_param SCRIPT_FILENAME /path/to$fastcgi_script_name;
    ... other fastcgi_param's
}

location @wordpress {
    fastcgi_pass ...;

    fastcgi_param SCRIPT_FILENAME /path/to/index.php;
    ... other fastcgi_param's
}

Maps file name extensions to MIME types of responses. Several extensions can map to one type. The following mappings are configured by default:

types {
    text/html  html;
    image/gif  gif;
    image/jpeg jpg;
}

A sufficiently full mapping table is distributed with nginx in the conf/mime.types file.

To make a particular location emit the “application/octet-stream” MIME type for all requests, try the following:

location /download/ {
    types        { }
    default_type application/octet-stream;
}

Enables or disables the use of underscores in client request header fields.

The http_core module supports embedded variables with names matching those of the Apache Server. First of all, these are variables representing client request header fields, such as, $http_user_agent, $http_cookie, and so on. It also supports other variables:

$args

arguments in the request line

$arg_name

argument name in the request line

$binary_remote_addr

client address in a binary form, value's length is always 4 bytes

$content_length

Content-Length request header field

$content_type

Content-Type request header field

$cookie_name

the name cookie

$document_root

root directive's value for the current request

$document_uri

same as $uri

$host

Host request header field, or the server name matching a request if this field is not present

$hostname

host name

$http_name

the name request header field

$is_args

“?” if a request line has arguments, or an empty string otherwise

$limit_rate

allows for connection rate limiting

$pid

PID of the worker process

$request_method

request method, usually “GET” or “POST”

$remote_addr

client address

$remote_port

client port

$remote_user

user name supplied with the Basic authentication

$realpath_root

root directive's value for the current request, with all symbolic links resolved to real paths

$request_filename

file path for the current query, based on the root and alias directives, and the request URI

$request_body

request body

The variable's value is made available in locations processed by the proxy_pass and fastcgi_pass directives.

$request_body_file

name of a temporary file with the request body

At the end of processing, the file needs to be removed. To always write a request body to a file, client_body_in_file_only on needs be specified. When passing the name of a temporary file in a proxied request, or in a request to a FastCGI server, passing of the request body should be disabled by the proxy_pass_request_body and fastcgi_pass_request_body directives, respectively.

$request_uri

full original request URI (with arguments)

$query_string

same as $args

$scheme

request scheme, “http” or “https”

$server_protocol

request protocol, usually “HTTP/1.0” or “HTTP/1.1”

$server_addr

an address of the server which accepted a request

Computing a value of this variable usually requires one system call. To avoid a system call, the listen directives must specify addresses and use the bind parameter

$server_name

name of the server which accepted a request

$server_port

port of the server which accepted a request

$uri

current URI in request

It may differ from an original, e.g. when doing internal redirects, or when using index files.