Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help
proxy-server.conf(5)		OpenStack Swift		  proxy-server.conf(5)

NAME
       proxy-server.conf  -  configuration  file for the openstack-swift proxy
       server

SYNOPSIS
       proxy-server.conf

DESCRIPTION
       This is the configuration file used by the proxy	server and other proxy
       middlewares.

       The  configuration file follows the python-pastedeploy syntax. The file
       is divided into sections, which are enclosed by square  brackets.  Each
       section will contain a certain number of	key/value parameters which are
       described later.

       Any line	that begins with a '#' symbol is ignored.

       You can find more information  about  python-pastedeploy	 configuration
       format at http://pythonpaste.org/deploy/#config-format

GLOBAL SECTION
       This  is	indicated by section named [DEFAULT]. Below are	the parameters
       that are	acceptable within this section.

       bind_ip
	      IP address the proxy server  should  bind	 to.  The  default  is
	      0.0.0.0 which will make it bind to all available addresses.

       bind_port
	      TCP port the proxy server	should bind to.	The default is 80.

       backlog
	      TCP backlog.  Maximum number of allowed pending connections. The
	      default value is 4096.

       workers
	      The number of pre-forked processes that will accept connections.
	      Zero  means  no  fork.   The default is auto which will make the
	      server try to match the number of	effective cpu cores if	python
	      multiprocessing  is available (included with most	python distri-
	      butions >= 2.6) or fallback to one.  It's	worth noting that  in-
	      dividual	workers	 will use many eventlet	co-routines to service
	      multiple concurrent requests.

       max_clients
	      Maximum number of	clients	one worker can process	simultaneously
	      (it will actually	accept(2) N + 1). Setting this to one (1) will
	      only handle one request at a time, without accepting another re-
	      quest concurrently.  The default is 1024.

       user   The  system  user	that the proxy server will run as. The default
	      is swift.

       swift_dir
	      Swift  configuration  directory.	 The   default	 is   /usr/lo-
	      cal/etc/swift.

       cert_file
	      Location	of  the	 SSL  certificate  file.  The  default path is
	      /usr/local/etc/swift/proxy.crt. This is disabled by default.

       key_file
	      Location of the SSL certificate key file.	The  default  path  is
	      /usr/local/etc/swift/proxy.key. This is disabled by default.

       log_name
	      Label used when logging. The default is swift.

       log_facility
	      Syslog log facility. The default is LOG_LOCAL0.

       log_level
	      Logging level. The default is INFO.

       log_address
	      Logging address. The default is /dev/log.

       trans_id_suffix
	      This  optional  suffix (default is empty)	that would be appended
	      to the swift transaction id allows one to	easily figure out from
	      which  cluster  that X-Trans-Id belongs to.  This	is very	useful
	      when one is managing more	than one swift cluster.

PIPELINE SECTION
       This is indicated by section name [pipeline:main]. Below	are the	param-
       eters that are acceptable within	this section.

       pipeline
	      It is used when you need apply a number of filters. It is	a list
	      of filters ended by  an  application.  The  normal  pipeline  is
	      "catch_errors healthcheck	cache ratelimit	tempauth proxy-logging
	      proxy-server".

FILTER SECTION
       Any section that	has its	name prefixed by "filter:" indicates a	filter
       section.	 Filters are used to specify configuration parameters for spe-
       cific swift middlewares.	 Below are the filters available  and  respec-
       tive acceptable parameters.

       [filter:healthcheck]

	  use	 Entry	point for paste.deploy for the healthcheck middleware.
		 This is the reference to the installed	python egg.   This  is
		 normally egg:swift#healthcheck.

	  disable_path
		 An optional filesystem	path which, if present,	will cause the
		 healthcheck URL to return "503	Service	 Unavailable"  with  a
		 body of "DISABLED BY FILE".

       [filter:tempauth]

	  use	 Entry	point  for  paste.deploy  for the tempauth middleware.
		 This is the reference to the installed	python egg.   This  is
		 normally egg:swift#tempauth.

	  set log_name
		 Label used when logging. The default is tempauth.

	  set log_facility
		 Syslog	log facility. The default is LOG_LOCAL0.

	  set log_level
		 Logging level.	The default is INFO.

	  set log_address
		 Logging address. The default is /dev/log.

	  set log_headers
		 Enables  the  ability	to log request headers.	The default is
		 False.

	  reseller_prefix
		 The reseller prefix will verify a token begins	with this pre-
		 fix  before even attempting to	validate it. Also, with	autho-
		 rization, only	Swift storage accounts with this  prefix  will
		 be  authorized	 by  this  middleware. Useful if multiple auth
		 systems are in	use for	one  Swift  cluster.  The  default  is
		 AUTH.

	  auth_prefix
		 The  auth prefix will cause requests beginning	with this pre-
		 fix to	be routed to the auth subsystem, for granting  tokens,
		 etc. The default is /auth/.

	  token_life
		 This is the time in seconds before the	token expires. The de-
		 fault is 86400.

	  user_<account>_<user>
		 Lastly, you need to list  all	the  accounts/users  you  want
		 here.	The  format  is: user_<account>_<user> = <key> [group]
		 [group] [...] [storage_url]

		 There are special groups of: .reseller_admin who can do  any-
		 thing to any account for this auth and	also .admin who	can do
		 anything within the account.

		 If neither of these groups are	specified, the user  can  only
		 access	 containers that have been explicitly allowed for them
		 by a .admin or	.reseller_admin.  The trailing optional	 stor-
		 age_url  allows  you to specify an alternate url to hand back
		 to the	user upon authentication. If not specified,  this  de-
		 faults	  to   http[s]://_ip_:_port_/v1/_reseller_prefix___ac-
		 count_	where http or https depends on	whether	 cert_file  is
		 specified in the [DEFAULT] section, <ip> and <port> are based
		 on the	[DEFAULT] section's  bind_ip  and  bind_port  (falling
		 back  to  127.0.0.1 and 8080),	<reseller_prefix> is from this
		 section, and  <account>  is  from  the	 user_<account>_<user>
		 name.

		 Here are example entries, required for	running	the tests:

		 user_admin_admin = admin .admin .reseller_admin
		 user_test_tester = testing .admin
		 user_test2_tester2 = testing2 .admin
		 user_test_tester3 = testing3

       [filter:cache]

       Caching middleware that manages caching in swift.

	  use	 Entry	point  for  paste.deploy  for the memcache middleware.
		 This is the reference to the installed	python egg.   This  is
		 normally egg:swift#memcache.

	  set log_name
		 Label used when logging. The default is memcache.

	  set log_facility
		 Syslog	log facility. The default is LOG_LOCAL0.

	  set log_level
		 Logging level.	The default is INFO.

	  set log_address
		 Logging address. The default is /dev/log.

	  set log_headers
		 Enables  the  ability	to log request headers.	The default is
		 False.

	  memcache_servers
		 If not	set in the configuration  file,	 the  value  for  mem-
		 cache_servers	will  be  read	from /usr/local/etc/swift/mem-
		 cache.conf (see memcache.conf.sample) or lacking  that	 file,
		 it  will default to 127.0.0.1:11211. You can specify multiple
		 servers     separated	    with      commas,	   as	   in:
		 10.1.2.3:11211,10.1.2.4:11211.

	  memcache_serialization_support
		 This  sets  how  memcache values are serialized and deserial-
		 ized:

		 0 = older, insecure pickle serialization
		 1 = json serialization	but pickles can	still be  read	(still
		 insecure)
		 2 = json serialization	only (secure and the default)

		 To  avoid an instant full cache flush,	existing installations
		 should	upgrade	with 0,	then set to 1 and reload,  then	 after
		 some  time (24	hours) set to 2	and reload. In the future, the
		 ability to use	pickle serialization will be removed.

		 If not	set in the configuration  file,	 the  value  for  mem-
		 cache_serialization_support   will   be  read	from  /usr/lo-
		 cal/etc/swift/memcache.conf   if   it	 exists	  (see	  mem-
		 cache.conf.sample). Otherwise,	the default value as indicated
		 above will be used.

       [filter:ratelimit]

       Rate limits requests on both an Account and  Container  level.	Limits
       are configurable.

	  use	 Entry	point  for  paste.deploy for the ratelimit middleware.
		 This is the reference to the installed	python egg.   This  is
		 normally egg:swift#ratelimit.
	  set log_name
		 Label used when logging. The default is ratelimit.
	  set log_facility
		 Syslog	log facility. The default is LOG_LOCAL0.
	  set log_level
		 Logging level.	The default is INFO.
	  set log_address
		 Logging address. The default is /dev/log.
	  set log_headers
		 Enables  the  ability	to log request headers.	The default is
		 False.
	  clock_accuracy
		 This should represent how accurate the	proxy servers'	system
		 clocks	are with each other.  1000 means that all the proxies'
		 clock are accurate to each other within  1  millisecond.   No
		 ratelimit  should  be higher than the clock accuracy. The de-
		 fault is 1000.
	  max_sleep_time_seconds
		 App will immediately return a 498 response if	the  necessary
		 sleep time ever exceeds the given max_sleep_time_seconds. The
		 default is 60 seconds.
	  log_sleep_time_seconds
		 To allow visibility into rate limiting	set this value > 0 and
		 all  sleeps greater than the number will be logged. If	set to
		 0 means disabled. The default is 0.
	  rate_buffer_seconds
		 Number	of seconds the rate counter can	drop and be allowed to
		 catch up (at a	faster than listed rate). A larger number will
		 result	in larger spikes in rate but better average  accuracy.
		 The default is	5.
	  account_ratelimit
		 If   set,   will  limit  PUT  and  DELETE  requests  to  /ac-
		 count_name/container_name. Number is in requests per  second.
		 If set	to 0 means disabled. The default is 0.
	  container_ratelimit_size
		 When  set  with container_limit_x = r:	for containers of size
		 x, limit requests per second to r. Will  limit	 PUT,  DELETE,
		 and POST requests to /a/c/o. The default is ''.

       [filter:domain_remap]

       Middleware  that	 translates container and account parts	of a domain to
       path parameters that the	proxy server  understands.  The	 container.ac-
       count.storageurl/object	   gets	    translated	   to	 container.ac-
       count.storageurl/path_root/account/container/object	 and	   ac-
       count.storageurl/path_root/container/object   gets  translated  to  ac-
       count.storageurl/path_root/account/container/object

	  use	 Entry point for paste.deploy for the domain_remap middleware.
		 This  is  the reference to the	installed python egg.  This is
		 normally egg:swift#domain_remap.
	  set log_name
		 Label used when logging. The default is domain_remap.
	  set log_address
		 Logging address. The default is /dev/log.
	  set log_headers
		 Enables the ability to	log request headers.  The  default  is
		 False.
	  storage_domain
		 The domain to be used by the middleware.
	  path_root
		 The path root value for the storage URL. The default is v1.
	  reseller_prefixes
		 Browsers  can	convert	 a  host header	to lowercase, so check
		 that reseller prefix on the account is	the correct case. This
		 is  done by comparing the items in the	reseller_prefixes con-
		 fig option to the found prefix.  If  they  match  except  for
		 case, the item	from reseller_prefixes will be used instead of
		 the found reseller prefix. The	reseller_prefixes list is  ex-
		 clusive.   If defined,	any request with an account prefix not
		 in that list will be ignored by this middleware. Defaults  to
		 'AUTH'.

       [filter:catch_errors]
	  use	 Entry point for paste.deploy for the catch_errors middleware.
		 This is the reference to the installed	python egg.   This  is
		 normally egg:swift#catch_errors.
	  set log_name
		 Label used when logging. The default is catch_errors.
	  set log_facility
		 Syslog	log facility. The default is LOG_LOCAL0.
	  set log_level
		 Logging level.	The default is INFO.
	  set log_address
		 Logging address. The default is /dev/log.
	  set log_headers
		 Enables  the  ability	to log request headers.	The default is
		 False.

       [filter:cname_lookup]

       Note: this middleware requires python-dnspython

	  use	 Entry point for paste.deploy for the cname_lookup middleware.
		 This  is  the reference to the	installed python egg.  This is
		 normally egg:swift#cname_lookup.
	  set log_name
		 Label used when logging. The default is cname_lookup.
	  set log_facility
		 Syslog	log facility. The default is LOG_LOCAL0.
	  set log_level
		 Logging level.	The default is INFO.
	  set log_address
		 Logging address. The default is /dev/log.
	  set log_headers
		 Enables the ability to	log request headers.  The  default  is
		 False.
	  storage_domain
		 The domain to be used by the middleware.
	  lookup_depth
		 How  deep  in	the  CNAME  chain  to  look for	something that
		 matches the storage domain.  The default is 1.

       [filter:staticweb]

       Note: Put staticweb just	after your auth	filter(s) in the pipeline

	  use	 Entry point for paste.deploy for  the	staticweb  middleware.
		 This  is  the reference to the	installed python egg.  This is
		 normally egg:swift#staticweb.
	  cache_timeout
		 Seconds to cache container x-container-meta-web-* header val-
		 ues. The default is 300 seconds.
	  set log_name
		 Label used when logging. The default is staticweb.
	  set log_facility
		 Syslog	log facility. The default is LOG_LOCAL0.
	  set log_level
		 Logging level.	The default is INFO.
	  set log_address
		 Logging address. The default is /dev/log.
	  set log_headers
		 Enables  the  ability	to log request headers.	The default is
		 False.
	  set access_log_name
		 Label used when logging. The default is staticweb.
	  set access_log_facility
		 Syslog	log facility. The default is LOG_LOCAL0.
	  set access_log_level
		 Logging level.	The default is INFO.

       [filter:tempurl]

       Note: Put tempurl before	slo, dlo, and your auth	filter(s) in the pipe-
       line

	  incoming_remove_headers
		 The headers to	remove from incoming requests. Simply a	white-
		 space delimited list of header	names and names	can optionally
		 end with '*' to indicate a prefix match. incoming_allow_head-
		 ers is	a list of exceptions to	these removals.
	  incoming_allow_headers
		 The headers allowed as	exceptions to incoming_remove_headers.
		 Simply	 a whitespace delimited	list of	header names and names
		 can optionally	end with '*' to	indicate a prefix match.
	  outgoing_remove_headers
		 The headers to	 remove	 from  outgoing	 responses.  Simply  a
		 whitespace  delimited	list of	header names and names can op-
		 tionally end with '*' to  indicate  a	prefix	match.	outgo-
		 ing_allow_headers is a	list of	exceptions to these removals.
	  outgoing_allow_headers
		 The headers allowed as	exceptions to outgoing_remove_headers.
		 Simply	a whitespace delimited list of header names and	 names
		 can optionally	end with '*' to	indicate a prefix match.
	  set log_level

       [filter:formpost]

       Note: Put formpost just before your auth	filter(s) in the pipeline

	  use	 Entry	point  for  paste.deploy  for the formpost middleware.
		 This is the reference to the installed	python egg.   This  is
		 normally egg:swift#formpost.

       [filter:name_check]

       Note: Just needs	to be placed before the	proxy-server in	the pipeline.

	  use	 Entry	point  for paste.deploy	for the	name_check middleware.
		 This is the reference to the installed	python egg.   This  is
		 normally egg:swift#name_check.
	  forbidden_chars
		 Characters that will not be allowed in	a name.
	  maximum_length
		 Maximum number	of characters that can be in the name.
	  forbidden_regexp
		 Python	regular	expressions of substrings that will not	be al-
		 lowed in a name.

       [filter:proxy-logging]

       Logging for the proxy server now	lives in this middleware.  If the  ac-
       cess_* variables	are not	set, logging directives	from [DEFAULT] without
       "access_" will be used.

	  use	 Entry point for paste.deploy for  the	proxy_logging  middle-
		 ware.	This  is  the  reference  to the installed python egg.
		 This is normally egg:swift#proxy_logging.
	  access_log_name
		 Label used when logging. The default is proxy-server.
	  access_log_facility
		 Syslog	log facility. The default is LOG_LOCAL0.
	  access_log_level
		 Logging level.	The default is INFO.
	  access_log_address
		 Default is /dev/log.
	  access_log_udp_host
		 If set, access_log_udp_host will override access_log_address.
		 Default is unset.
	  access_log_udp_port
		 Default is 514.
	  access_log_statsd_host
		 You  can  use	log_statsd_*  from [DEFAULT], or override them
		 here.	Default	is localhost.
	  access_log_statsd_port
		 Default is 8125.
	  access_log_statsd_default_sample_rate
		 Default is 1.
	  access_log_statsd_metric_prefix
		 Default is "" (empty-string)
	  access_log_headers
		 Default is False.
	  log_statsd_valid_http_methods
		 What HTTP methods are allowed for StatsD logging (comma-sep);
		 request  methods  not in this list will have "BAD_METHOD" for
		 the   <verb>	portion	  of   the   metric.	 Default    is
		 "GET,HEAD,POST,PUT,DELETE,COPY,OPTIONS".

APP SECTION
       This is indicated by section name [app:proxy-server]. Below are the pa-
       rameters	that are acceptable within this	section.

       use    Entry point for paste.deploy for the proxy server. This  is  the
	      reference	 to  the  installed  python  egg.   This  is  normally
	      egg:swift#proxy.

       set log_name
	      Label used when logging. The default is proxy-server.

       set log_facility
	      Syslog log facility. The default is LOG_LOCAL0.

       set log_level
	      Logging level. The default is INFO.

       set log_address
	      Logging address. The default is /dev/log.

       log_handoffs
	      Log when handoff locations are used.  Default is True.

       recheck_account_existence
	      Cache timeout in seconds to send	memcached  for	account	 exis-
	      tence. The default is 60 seconds.

       recheck_container_existence
	      Cache  timeout  in seconds to send memcached for container exis-
	      tence. The default is 60 seconds.

       object_chunk_size
	      Chunk size to read from object servers. The default is 8192.

       client_chunk_size
	      Chunk size to read from clients. The default is 8192.

       node_timeout
	      Request timeout to external services. The	default	is 10 seconds.

       client_timeout
	      Timeout to read one chunk	from a client. The default is 60  sec-
	      onds.

       conn_timeout
	      Connection timeout to external services. The default is 0.5 sec-
	      onds.

       error_suppression_interval
	      Time in seconds that must	elapse since the last error for	a node
	      to be considered no longer error limited.	The default is 60 sec-
	      onds.

       error_suppression_limit
	      Error count to consider a	node error limited. The	default	is 10.

       allow_account_management
	      Whether account PUTs and DELETEs are even	callable.  If  set  to
	      'true'  any  authorized  user may	create and delete accounts; if
	      'false' no one, even authorized, can. The	default	is false.

       object_post_as_copy
	      Set object_post_as_copy =	false to turn on fast posts where only
	      the  metadata  changes  are  stored as new and the original data
	      file is kept in place. This makes	for quicker posts;  but	 since
	      the container metadata isn't updated in this mode, features like
	      container	sync won't be able to sync posts. The default is True.

       account_autocreate
	      If set to	'true' authorized  accounts  that  do  not  yet	 exist
	      within  the Swift	cluster	will be	automatically created. The de-
	      fault is set to false.

       rate_limit_after_segment
	      Start rate-limiting object segments after	the Nth	segment	 of  a
	      segmented	object.	 The default is	10 segments.

       rate_limit_segments_per_sec
	      Once  segment  rate-limiting  kicks in for an object, limit seg-
	      ments served to N	per second.  The default is 1.

DOCUMENTATION
       More in depth documentation about the swift-proxy-server	and also Open-
       stack-Swift  as	a whole	can be found at	http://swift.openstack.org/ad-
       min_guide.html and http://swift.openstack.org

SEE ALSO
       swift-proxy-server(1)

Linux				   8/26/2011		  proxy-server.conf(5)

NAME | SYNOPSIS | DESCRIPTION | GLOBAL SECTION | PIPELINE SECTION | FILTER SECTION | APP SECTION | DOCUMENTATION | SEE ALSO

Want to link to this manual page? Use this URL:
<https://www.freebsd.org/cgi/man.cgi?query=proxy-server.conf&sektion=5&manpath=FreeBSD+12.1-RELEASE+and+Ports>

home | help