This chapter describes the elements in the server.xml
file in alphabetical order.
This section describes the elements in the server.xml
file in alphabetical order.
The access-log
element configures the settings for the access log. This element can appear zero or more times within the server
element and zero or more times within the virtual-server
element. For more information, see Section 3.1.22, "server", and Section 3.1.36, "virtual-server".
Table 3-1 describes the subelements of access-log
.
Table 3-1 access-log
Subelements
Element | Occurrences | Description |
---|---|---|
|
0 or 1 |
Specifies whether the server writes to this access log. Default Value: |
|
0 or 1 |
The name that uniquely identifies the access log. If you specify a name, the server does not automatically write to this access log. Instead, you explicitly configure this access log in an |
|
1 |
The file name of the access log. If a relative path is used, it is relative to the server's |
|
0 or 1 |
The format of the access log entries. The default format is an extended custom log format. For more information about access log format, see Appendix B, "Using the Custom Access-Log File Format". |
See Also:
The access-log-buffer
element configures the settings for access log buffering subsystem. This element can appear zero or one time within the server
element. For more information, see Section 3.1.22, "server".
Table 3-2 describes the subelements of access-log-buffer
.
Table 3-2 access-log-buffer
Subelements
Element | Occurrences | Description |
---|---|---|
|
0 or 1 |
Specifies if the file system cache access log writes. Default value: |
|
0 or 1 |
Specifies whether the server buffers the access log entries. Default value: |
|
0 or 1 |
The size (in bytes) of individual access log buffers. The value can be from 4096 to 1048576. |
|
1 |
Specifies the maximum number of access-log buffers per server. Values: 1 to 65536. |
|
0 or 1 |
Specifies the maximum number of access-log buffers per access-log file. |
|
0 or 1 |
The maximum time (in seconds) to buffer a given access log entry. The value can be from 0.001 to 3600. |
See Also:
The cluster
element defines the cluster to which the server belongs. This element can appear zero or one time within the server
element. For more information, see Section 3.1.22, "server".
Table 3-3 describes the subelements of cluster
.
Element | Occurrences | Description |
---|---|---|
|
1 |
Defines the network address of an instance. The value is the |
|
1 or more |
Defines a member of the server cluster. For more information, see Section 3.1.11, "instance". |
|
0 or more |
Defines the configuration of a failover group. For more information, see Section 3.1.7, "failover-group" |
The dns
element configures how the server uses the domain name system (DNS). This element can appear zero or one time within the server
element. For more information, see Section 3.1.22, "server".
Table 3-4 describes the subelements of dns
.
Element | Occurrences | Description |
---|---|---|
|
0 or 1 |
Specifies whether the server does DNS lookups. Default value: |
|
0 or 1 |
Specifies whether the server uses its own asynchronous DNS resolver, instead of the Operating System's synchronous resolver. Default value: |
|
0 or 1 |
Specifies the duration (in seconds) after which the asynchronous DNS lookups should time out. The value can be from 0.001 to 3600. |
See Also:
The dns-cache
element configures the DNS cache. This element can appear zero or one time within the server
element. For more information, see Section 3.1.22, "server".
Table 3-5 describes the subelements of dns-cache
.
Table 3-5 dns-cache
Subelements
Element | Occurrences | Description |
---|---|---|
|
0 or 1 |
Specifies whether the server writes to a cache for DNS lookup results. Default value: |
|
0 or 1 |
Specifies the duration (in seconds) for which the entries must be kept in the cache. The value can be from 1 to 31536000. |
|
0 or 1 |
Specifies the maximum number of DNS lookup results to write to the cache. The value can be from 32 to 32768. |
See Also:
The event
element configures a recurring event. The element can appear zero or more times within the server
element. For more information, see Section 3.1.22, "server".
Table 3-6 describes the subelements of event
.
Element | Occurrences | Description |
---|---|---|
|
0 or 1 |
Specifies whether the event is enabled at run time. Default value: |
|
0 or more |
Configures a specific time when the event occurs. For more information, see Section 3.1.33, "time". |
|
0 or 1 |
Specifies the interval (in seconds) at which the event occurs. The value can be from 60 to 86400. |
|
0 or 1 |
Rotates the log files. Default value: |
|
0 or 1 |
Rotates the access log files. Default value: |
|
0 or more |
The command to execute to get an event to run. |
|
0 or 1 |
Dynamically reconfigures the server. Default value: |
|
0 or 1 |
Restarts the server. Default value: |
|
0 or 1 |
The description of the event. The value of this element is in text format. |
See Also:
The failover-group
element defines a failover group. This element may appear zero or one time within the cluster
element. For more information, see Section 3.1.3, "cluster"
Table 3-7 describes the subelements of failover-group
.
Table 3-7 failover-group
Subelements
Element | Occurrences | Description |
---|---|---|
|
1 |
Specifies the virtual IP for the failover group. The value must be unique across failover groups in a configuration. |
|
0 or 1 |
Specifies the subnet mask for the number of bits used to identify the network. Values: positive integer and 24 (max 32) by default for IPV4. Default value: 64 (max 128) for IPV6 |
|
0 or 1 |
Specifies the router identity for the failover-group. The value must be unique across the failover-groups. It is used to identify the router group of all the participating routers for the same VIP. Values are positive integer. Range of values: 1 to 255. Default value: 255. |
|
1 or more |
Defines the instances that are part of the |
|
1 |
Specifies the hostname of the administration node where the instance has been created. It must match one of the instance or the host elements in the cluster elements. |
|
0 or 1 |
Specifies the priority value for the instance. This value identifies whether the instance is the primary or the backup for the |
|
1 |
Indicates the network interface on the node where this instance is created on which the VIP is moderated. |
The health-check
element configures the parameters that are used to determine the status of each origin-server in an origin-server pool. This element may appear zero or one time within the origin-server-pool
element. For more information, see Section 3.1.15, "origin-server-pool"
Table 3-8 describes the subelements of health-check
.
Table 3-8 health-check
Subelements
Elements | Occurrences | Description | TCP health check on HTTP servers | TCP health check on TCP servers |
---|---|---|---|---|
|
0 or 1 |
Specifies the type of connection—HTTP or TCP—that Oracle Traffic Director should attempt with the origin server to determine its health. TCP: Oracle Traffic Director attempts to open a TCP connection to each origin server. The success or failure of this attempt determines whether Oracle Traffic Director considers the origin server to be online or offline. Default value: |
Valid |
Valid; HTTP is not a valid value for |
|
0 or 1 |
Specifies the time interval (in seconds) between successive health check operations. Default value: 30. |
Valid |
Valid |
|
0 or 1 |
Indicates the number of consecutive failures for marking a server down. It is indicated by a positive integer. The maximum possible value is 256. Default value: 3. |
Valid |
Valid |
|
0 or 1 |
Specifies the timeout value for a connection. It is indicated by a positive integer and in seconds. Default value: 5. |
Valid |
Valid |
|
0 or 1 |
Specifies the method that is used during HTTP health check operations. Default value: |
Ignored |
Ignored |
|
0 or 1 |
Specifies the URI that is used for HTTP health check operations. Default value: |
Ignored |
Ignored |
|
0 or 1 |
Indicates a modified regular expression that is used to specify what type of response status codes are acceptable for a healthy origin server. The expression is a union of three character patterns that contain only digits or ' Also, if the parameter is not specified, all other codes except |
Ignored |
Ignored |
|
0 or 1 |
A regular expression that is used to match the HTTP response body to determine the origin server's health. This is applicable only when protocol is HTTP. |
Ignored |
Ignored |
|
0 or 1 |
Specifies the maximum length of the response body that should match. Default value: 2048. |
Ignored |
Ignored |
|
0 or 1 |
Specifies if the server should dynamically discover Oracle WebLogic Server cluster nodes and add them to the pool. Default value: |
Valid for HTTP Health Check |
Ignored |
The http
element configures the settings for the miscellaneous HTTP protocol options. This element can appear zero or one time within the server
element. For more information, see Section 3.1.22, "server".
Table 3-9 describes the subelements of http
.
Element | Occurrences | Description |
---|---|---|
|
0 or 1 |
Specifies the highest HTTP protocol version the server supports. The default HTTP version string is |
|
0 or 1 |
Specifies the server header information such as server software and version. The default server header is |
|
0 or 1 |
Specifies the maximum size (in bytes) of the request body content that OTD will expose using the $body variable in obj.conf. The value can be from 0 to 2147483647. Default value: 1024. Note: All values must specify units. |
|
0 or 1 |
Specifies the size (in bytes) of the buffer used to read HTTP request headers. The value can be from 0 to 2147483647. |
|
0 or 1 |
Indicates whether the server rejects certain malformed HTTP request headers. Default value: |
|
0 or 1 |
Specifies the maximum number of header fields in an HTTP request header. The value can be from 1 to 512. |
|
0 or 1 |
Specifies the size (in bytes) of the buffer for HTTP responses. The value can be from 0 to 2147483647. |
|
0 or 1 |
Specifies the maximum size (in bytes) of a chunked HTTP request body that the server will unchunk. The value can be from 0 to 2147483647. |
|
0 or 1 |
Specifies the maximum time (in seconds) that the server waits for a chunked HTTP request body to arrive. The value can be from 0 to 3600, or -1 for no timeout. |
|
0 or 1 |
Specifies the maximum time (in seconds) that the server waits for an individual packet. The value can be from 0 to 3600, or -1 for no timeout. |
|
0 or 1 |
Specifies the maximum time (in seconds) that the server waits for a complete HTTP request header. The value can be from 0 to 604800, or -1 for no timeout. |
|
0 or 1 |
Specifies the maximum time (in seconds) that the server waits for a complete HTTP request body. The value can be from 0 to 604800, or -1 for no timeout. |
|
0 or 1 |
Specifies whether the server replies to requests for |
|
0 or 1 |
Controls if the server includes an |
|
0 or 1 |
Specifies whether the server generates, propagates, and logs the execution context. The value of the ECID is a unique identifier that can be used to correlate individual events as being part of the same request execution flow. For example, events that are identified as being related to a particular request typically have the same ECID value. However, the format of the ECID string itself is determined by an internal mechanism that is subject to change; therefore, you should not have or place any dependencies on that format. ECID is defined as a part of the execution context. The execution context consists of ECID and RID. You may also refer to the whole execution context, which is the combination of ECID and RID, as just ECID. Default value: |
|
0 or 1 |
Enables/disables strict RFC 6455 adherence during the WebSocket upgrade request. Default value: |
See Also:
The http-listener
element configures an HTTP listener. This element can appear zero or more times within the server
element. For more information, see Section 3.1.22, "server".
Table 3-10 describes the subelements of http-listener
.
Table 3-10 http-listener
Subelements
Element | Occurrences | Description |
---|---|---|
|
0 or 1 |
Specifies whether the HTTP listener is enabled to accept connection requests. Default value: |
|
1 |
Specifies the name that uniquely identifies the HTTP listener. |
|
0 or 1 |
Specifies an IP address to listen. The value of this element is a specific IP address or an asterisk |
|
1 |
Specifies the port to listen. The value of this element is the port number. |
|
0 or 1 |
Specifies the number of threads dedicated to accept connections received by this listener. The value can be from 1 to 128. |
|
1 |
Specifies the default server name. Tells the server what to put in the host name section of any URLs it sends to the client. This affects URLs the server automatically generates; it doesn't affect the URLs for directories and files stored in the server. This name should be the alias name if your server uses an alias. If a colon and port number are appended, that port will be used in URLs that the server sends to the client. Values: The value can include a scheme (for example, prefix http://) and port suffix (for example, :80) |
|
0 or 1 |
Specifies whether the server uses blocking I/O. Default value: |
|
0 or 1 |
Specifies the socket family that is used to connect to the origin server. Values: |
|
0 or 1 |
Indicates whether the server responds to SSL or non-SSL protocol mismatches in client requests. Default value: |
|
0 or 1 |
Specifies the size (in bytes) of the listen queue. The value of this element can be from 1 to 1048576. |
|
0 or 1 |
Specifies the size (in bytes) of the operating system socket receive buffer. The value of this element can be from 1 to 1048576. |
|
0 or 1 |
Specifies the size (in bytes) of the operating system socket send buffer. The value of this element can be from 1 to 1048576. |
|
1 |
Specifies the name of the virtual server that processes request that do not match a host. The value of this element is the |
|
0 or 1 |
Configures SSL/TLS. For more information, see Section 3.1.24, "ssl". |
|
0 or 1 |
Specifies the description of the HTTP listener. The value of this element must be in text format. |
|
0 or 1 |
Enables/disables blocking of the server listen socket while retaining client end points as non blocking (useful when MaxProcs > 1). Default value: |
See Also:
The instance
element defines a member of a server cluster. This element can appear one or more times within the cluster
element. For more information, see Section 3.1.3, "cluster".
Table 3-11 describes the subelements of instance
.
Table 3-11 instance
Subelements
Element | Occurrences | Description |
---|---|---|
|
0 or 1 |
Specifies whether the instance is enabled at run time. Default value: |
|
1 |
The network address of the instance. The value is the host name or the IP address. |
See Also:
The keep-alive
element configures the settings for the keep-alive subsystem. This element can appear zero or one time within the server
element. For more information, see Section 3.1.22, "server".
Table 3-12 describes the subelements of keep-alive
.
Table 3-12 keep-alive
Subelements
Element | Occurrences | Description |
---|---|---|
|
0 or 1 |
Specifies whether the keep-alive subsystem is enabled at runtime. Default value: |
|
0 or 1 |
Specifies the number of keep alive subsystem threads. The value can be from 1 to 128. Default value: 1. |
|
0 or 1 |
Specifies the maximum number of concurrent keep alive connections that the server supports. The value can be from 1 to 1048576. Default value: 200. |
|
0 or 1 |
Specifies the timeout (in seconds) after which an inactive keep alive connection can be used. The value can be from 0.001 to 3600. Default value: 30 seconds. |
|
0 or 1 |
Specifies the interval (in seconds) between polls. The value can be from 0.001 to 1. Default value: .001. |
See Also:
The localization
element defines a method by which the server chooses a language with which it presents information to the client. This element may appear zero or one time within the server
element, and zero or one time within the virtual-server
element. For more information, see Section 3.1.22, "server", and Section 3.1.36, "virtual-server".
Table 3-13 describes the subelement of localization
.
Table 3-13 localization
Subelements
Element | Occurrences | Description |
---|---|---|
|
0 or 1 |
The default language with which the messages and content are displayed. The value is a language tag. |
|
0 or 1 |
Specifies whether the server uses the accept-language HTTP header to negotiate the content language with clients. Default value: |
The log
element configures the logging subsystem. This element can appear zero or one time within the server
element. For more information, see Section 3.1.22, "server".
Table 3-14 describes the subelements of log
.
Element | Occurrences | Description |
---|---|---|
|
0 or 1 |
Specifies whether the server logs data that applications write to |
|
0 or 1 |
Specifies whether the server logs data that applications write to |
|
0 or 1 |
Specifies whether the server includes the virtual server name in log messages. Default value: |
|
0 or 1 |
Specifies if the server creates a console window (Windows only). Default value: |
|
0 or 1 |
Specifies whether the server writes log messages to the console. Default value: |
|
0 or 1 |
Specifies whether the server writes log messages to |
|
0 or 1 |
This is executed after the server rotates a log file. The program is passed the post-rotation file name of the log file as an argument. A program command line, for example: |
|
0 or 1 |
Specifies the log verbosity for the server as a whole. Values: |
|
0 or 1 |
Specifies the name and location of the log file. Value: User defined name and location. Default value: |
See Also:
The origin-server-pool
element configures a pool of origin servers that are used for load balancing requests. This element may appear zero or more times within the server
element. For more information, see Section 3.1.22, "server".
Table 3-15 describes the subelements of origin-server-pool
.
Table 3-15 origin-server-pool
Subelements
Element | Occurrences | Description |
---|---|---|
|
1 |
Specifies the name by which the server pool is identified. |
|
0 or 1 |
The load-balancing method that should be used for distributing requests to the origin-server pool. Values: For more information about the various load-balancing methods, see the section Modifying an Origin-Server Pool in the Oracle Traffic Director Administrator's Guide. |
|
1 |
Indicates the kind of requests that are handled by every server in the server pool. Values: |
|
0 or 1 |
Specifies the socket family that is used to connect to the origin server. Values: |
|
0 or more |
Represents an origin server that belongs to the server pool. |
|
0 or 1 |
Specifies the health check settings for the sever pool |
The origin-server
element defines a member of a server pool. This element may appear zero or more times within the origin-server-pool
element. For more information see, Section 3.1.15, "origin-server-pool"
Table 3-16 describes the subelements of origin-server
.
Table 3-16 origin-server
Subelements
Element | Occurrences | Description |
---|---|---|
|
1 |
Specifies the host name or the IP address of the origin server. |
|
0 or 1 |
Specifies the port number of the origin server. Value: Integer. 80 is the default port if the origin server pool type is HTTP. 443 is the default port if the origin server pool type is HTTPS. |
|
0 or 1 |
Specifies the load distribution weight for the origin server. The value is an integer. Default value: 1. |
|
0 or 1 |
Specifies whether requests can be routed to the origin server. Default value: |
|
0 or 1 |
Specifies whether the origin sever is a backup server. Requests will be sent to the backup origin server only when none of the primary (non-backup) origin servers is available. Default value: |
|
0 or 1 |
Specifies the maximum number of concurrent connections to the server. Values: 0 to 20480. Default value: 0. The value 0 indicates no limit. |
|
0 or 1 |
The time (in seconds) that Oracle Traffic Director should take to ramp up the request sending rate to the full capacity of this origin server. Default value: Any positive integer. If |
The pkcs11
element configures the PKCS #11 subsystem. This element may appear zero or one time within the server
element. For more information, see Section 3.1.22, "server".
Table 3-17 describes the subelements of pkcs11
.
Element | Occurrences | Description |
---|---|---|
|
0 or 1 |
Specifies whether the server initializes PKCS #11 tokens, prompting for personal identification numbers (PINs) as necessary. Default value: |
|
0 or 1 |
Specifies the directory that contains dynamically updated CRL files. The value is the name of the directory. If a relative path is used, it is relative to the server's |
|
0 or more |
Configures a PKCS #11 token. For more information, see Section 3.1.34, "token". |
See Also:
The pkcs11 bypass
element instructs the NSS to bypass the PKCS#11 layer during SSL/TLS processing, thereby improving performance.
During startup, the server automatically verifies each token, holding a server key, to assess if they support PKCS#11 bypass. If the tokens support bypass in the current configuration the PKCS#11 layer is bypassed; otherwise the bypass is disabled. Thus, the server automatically takes advantage of the performance benefits of pkcs11 bypass
whenever possible.
In certain unique circumstances, you can disable PKCS#11 bypass manually by using the server.xml
element <allow-bypass>
.
<pkcs11> <enabled>1</enabled> <allow-bypass>0</allow-bypass> </pkcs11>
The property
element defines a name-value
pair. The effect of defining a property name-value
pair depends on the context in which the property element appears.
Table 3-18 describes the subelements of property
.
Table 3-18 property
Subelements
Element | Occurrences | Description |
---|---|---|
|
1 |
The name of the property. |
|
1 |
The value of the property. |
|
0 or 1 |
Specifies if the property value was encoded using the uunencode algorithm. Default value: |
|
0 or 1 |
Specifies if the property value is encrypted. Default value: |
|
0 or 1 |
The description of the property. |
See Also:
The proxy-cache element configures the HTTP reverse proxy cache configuration. This element can appear zero or one time within the server
element. For more information, see Section 3.1.22, "server".
Table 3-19 describes the subelements of proxy-cache
.
Table 3-19 proxy-cache
Subelements
Element | Occurrences | Description |
---|---|---|
|
0 or 1 |
Specifies whether response caching is enabled. Default value: |
|
0 or 1 |
Specifies the maximum number (in bytes) of heap that is used for caching response objects. Values: 0 to 1099511627776 (1024 GB). Default value: 10485760 (10 MB). |
|
0 to 1 |
Specifies the maximum size of objects that should be cached. Objects larger than the specified size are not cached. Values: 0 to 214783647. Default value: 524288 (512 KB). |
|
0 to 1 |
Specifies the algorithm for cache replacement. Values:
|
|
0 to 1 |
Specifies the maximum number of entries in the cache. The range is 1 to 1073741824. Default value: 1024. |
The qos-limits element configures the QoS limits. This element may appear zero or one time within the server
element and zero or one time within the virtual-server
element. For more information, see Section 3.1.22, "server" and Section 3.1.36, "virtual-server".
Table 3-20 describes the subelements of qos-limits
.
Table 3-20 qos-limits
Subelements
Element | Occurrences | Description |
---|---|---|
|
0 or 1 |
Specifies whether the QoS limits are enforced at runtime. Default value: |
|
0 or 1 |
Specifies the maximum transfer rate (bytes/second). Range of value: 1 to 2147483647 |
|
0 or 1 |
Specifies the maximum number of concurrent connections. Range of value: 1 to 1048576 |
The server
element defines a server. This is the root element, and there can be only one server
element in the server.xml
file.
Table 3-21 describes the subelements of server
.
Element | Occurrences | Description |
---|---|---|
|
0 or 1 |
The server cluster to which the server belongs. For more information, see Section 3.1.3, "cluster". |
|
0 or 1 |
Configures the logging subsystem. For more information, see Section 3.1.14, "log,". |
|
0 or 1 |
The account the server runs as (UNIX only). The value is the user account. If the server is started as |
|
0 or 1 |
The directory where the server stores its temporary files. If a relative path is used, it is relative to the server's |
|
0 or more |
Defines a variable for use in expressions, log formats, and |
|
0 or 1 |
Configures localization. For more information, see Section 3.1.13, "localization". |
|
0 or 1 |
Configures the HTTP protocol options. For more information, see Section 3.1.9, "http". |
|
0 or 1 |
Configures the HTTP keep-alive subsystem. For more information, see Section 3.1.12, "keep-alive". |
|
0 or 1 |
Configures the HTTP request processing threads. For more information, see Section 3.1.32, "thread-pool". |
|
0 or 1 |
Configures the PKCS #11 subsystem. For more information, see Section 3.1.17, "pkcs11". |
|
0 or 1 |
Configures the statistics collection subsystem. For more information, see Section 3.1.27, "stats". |
|
0 or 1 |
Configures the server's use of DNS. For more information, see Section 3.1.4, "dns". |
|
0 or 1 |
Configures the DNS cache. For more information, see Section 3.1.5, "dns-cache". |
|
0 or 1 |
Configures the SSL/TLS session cache. For more information, see Section 3.1.26, "ssl-session-cache". |
|
0 or 1 |
Configures the access log buffering subsystem. For more information, see Section 3.1.2, "access-log-buffer". |
|
0 or 1 |
Configures SNMP. For more information, see Section 3.1.23, "snmp". |
|
0 or more |
Configures an HTTP access log for the server. For more information, see Section 3.1.1, "access-log". |
|
0 or more |
Configures an HTTP listener. For more information, see Section 3.1.10, "http-listener". |
|
0 or more |
Configures a virtual server. For more information, see Section 3.1.36, "virtual-server". |
|
0 or more |
Configures a recurring event. For more information, see Section 3.1.6, "event". |
|
0 or more |
Configures a pool of origin servers that are used for handling load balancing requests. For more information, see Section 3.1.15, "origin-server-pool" |
|
0 or 1 |
Defines the HTTP reverse proxy caching configuration mechanism. For more information, see Section 3.1.20, "proxy-cache" |
|
0 or 1 |
Specifies information related to QoS settings. For more information, see Section 3.1.21, "qos-limits" |
|
0 or 1 |
Configures the TCP request processing threads. For more information, see Section 3.1.31, "tcp-thread-pool" |
|
0 or 1 |
Configures TCP access log for the server. For more information, see Section 3.1.28, "tcp-access-log" |
|
0 or more |
Configures a TCP listener. For more information, see Section 3.1.29, "tcp-listener" |
|
0 or more |
Configures a TCP service. For more information, see Section 3.1.30, "tcp-proxy" |
|
0 or more |
Specifies the path to a file containing the Web Application Firewall (WAF) module rules. For more information, see Section 3.1.37, "webapp-firewall-ruleset" |
The snmp
element configures the server's SNMP subagent. This element can appear zero or one time within the server
element. For more information, see Section 3.1.22, "server".
Table 3-22 describes the subelements of snmp
.
Element | Occurrences | Description |
---|---|---|
|
0 or 1 |
Specifies whether the SNMP agent is enabled. If enabled, the SNMP subagent gathers information about the server and passes the information to the master agent. Default value: |
|
0 or 1 |
(Optional) Specifies the description of the server. The value must be in text format. |
|
0 or 1 |
(Optional) Specifies the name of the organization responsible for the server. The value must be in text format. |
|
0 or 1 |
(Optional) Specifies the location of the server. The value must be in text format. |
|
0 or 1 |
(Optional) Specifies the contact information of the person responsible for the server. The value must be in text format. |
See Also:
The ssl
element configures the SSL/TLS settings. This element can appear zero or one time within the http-listener
element. For more information, see Section 3.1.10, "http-listener".
Table 3-23 describes the subelements of ssl
.
Element | Occurrences | Description |
---|---|---|
|
0 or 1 |
Specifies whether SSL support is enabled for the listener. Default value: |
|
0 or more |
Specifies the nickname of the certificate that the server presents to the clients. You can specify zero or one RSA certificate, and zero or one ECC certificate. |
|
0 or 1 |
Specifies whether SSL3 connections are accepted. Default value: |
|
0 or 1 |
Specifies whether TLS connections are accepted. Default value: |
|
0 or 1 |
Specifies whether the server detects and blocks TLS version rollback attacks. Default value: |
|
0 or 1 |
Configures the SSL3 and TLS cipher suites. For more information, see Section 3.1.25, "ssl3-tls-ciphers". |
|
0 or 1 |
Specifies the method of client certificate authentication. The value can be |
|
0 or 1 |
Indicates the duration (in seconds) after which a client authentication handshake fails. The value can be from 0.001 to 3600. |
|
0 or 1 |
Specifies the number of characters of authentication data that the server can buffer. The value can be from 0 to 2147483647. |
|
0 or 1 |
Specifies whether TLS session Ticket Extension feature is enabled. Default value: |
|
0 or 1 |
Server Name Indication (SNI) is a feature that improves the SSL and TLS protocols. It permits the client to request the domain name before the certificate is committed to by the server. This is essential for using TLS in virtual hosting mode. Default value:
|
See Also:
The ssl3-tls-ciphers
element configures SSL3 and TLS cipher suites. This element can appear zero or one time within the ssl
element. For more information, see Section 3.1.24, "ssl".
Table 3-24 describes the subelements of ssl3-tls-ciphers
.
Table 3-24 ssl3-tls-ciphers
Subelements
Element | Occurrences | Description |
---|---|---|
|
0 or 1 |
Specifies whether |
|
0 or 1 |
Specifies whether |
|
0 or 1 |
Specifies whether |
|
0 or 1 |
Specifies whether |
|
0 or 1 |
Specifies whether |
|
0 or 1 |
Specifies whether |
|
0 or 1 |
Specifies whether |
|
0 or 1 |
Specifies whether |
|
0 or 1 |
Specifies whether |
|
0 or 1 |
Specifies whether |
|
0 or 1 |
Specifies whether |
|
0 or 1 |
Specifies whether |
|
0 or 1 |
Specifies whether |
|
0 or 1 |
Specifies whether |
|
0 or 1 |
Specifies whether |
|
0 or 1 |
Specifies whether |
|
0 or 1 |
Specifies whether |
|
0 or 1 |
Specifies whether |
|
0 or 1 |
Specifies whether |
|
0 or 1 |
Specifies whether |
|
0 or 1 |
Specifies whether |
|
0 or 1 |
Specifies whether |
|
0 or 1 |
Specifies whether |
|
0 or 1 |
Specifies whether |
|
0 or 1 |
Specifies whether |
|
0 or 1 |
Specifies whether |
|
0 or 1 |
Specifies whether |
|
0 or 1 |
Specifies whether |
|
0 or 1 |
Specifies whether |
|
0 or 1 |
Specifies whether |
|
0 or 1 |
Specifies whether |
|
0 or 1 |
Specifies whether |
|
0 or 1 |
Specifies whether cipher suite is enabled or not. The cipher suite is implicitly disabled if this element is omitted. The cipher suite is enabled if the element is present while the value is not specified. Default value: |
|
0 or 1 |
Specifies whether cipher suite is enabled or not. The cipher suite is implicitly disabled if this element is omitted. The cipher suite is enabled if the element is present while the value is not specified. Default value: |
|
0 or 1 |
Specifies whether cipher suite is enabled or not. The cipher suite is implicitly disabled if this element is omitted. The cipher suite is enabled if the element is present while the value is not specified. Default value: |
See Also:
The ssl-session-cache
element configures the SSL/TLS session cache. This element can appear zero or one time within the server
element. For more information, see Section 3.1.22, "server".
Table 3-25 describes the subelements of ssl-session-cache
.
Table 3-25 ssl-session-cache
Subelements
Element | Occurrences | Description |
---|---|---|
|
0 or 1 |
Specifies whether the server writes SSL/TLS sessions to the cache. Default value: |
|
0 or 1 |
Specifies the maximum number of SSL/TLS sessions that are written to the cache by the server. The value can be from 1 to 524288. |
|
0 or 1 |
Specifies the maximum amount of time (in seconds) a SSL/TLS session is written to the cache. The value can be from 5 to 86400. |
See Also:
The stats
element configures the statistics collection subsystem. This element can appear zero or one time within the server
element. For more information, see Section 3.1.22, "server".
Table 3-26 describes the subelements of stats
.
Element | Occurrences | Description |
---|---|---|
|
0 or 1 |
Specifies whether the server collects the statistics. Default value: |
|
0 or 1 |
Specifies the interval (in seconds) at which statistics are updated. The value can be from 0.001 to 3600. |
|
0 or 1 |
Specifies whether the performance buckets used to track NSAPI function execution time are enabled at runtime. Default value: |
See Also:
The tcp-access-log
element configures the settings for the TCP access log. If the tcp-access-log
element is missing TCP access logging is disabled. For more information, see Section 3.1.22, "server".
Table 3-27 describes the subelements of tcp-access-log
.
Table 3-27 tcp-access-log
Subelements
Element | Occurrences | Description |
---|---|---|
|
0 or 1 |
Specifies whether TCP access logging is enabled. If the element is enabled, the server writes a log entry for every request received by TCP listeners. Default value: |
|
1 |
Specifies the filename of the access log file (absolute path or path relative to the server's config directory). |
See Also:
The tcp-listener
element configures a TCP listener. For more information, see Section 3.1.22, "server".
Table 3-28 describes the subelements of tcp-listener
.
Table 3-28 tcp-listener
Subelements
Element | Occurrences | Description |
---|---|---|
|
0 or 1 |
Specifies whether the TCP listener is enabled to accept connection requests. Default value: |
|
1 |
Specifies the name that uniquely identifies the TCP listener. |
|
0 or 1 |
Specifies the IP address to listen. The value of this element is a specific IP address or an asterisk * to listen on all IP addresses. |
|
1 |
Specifies the port to listen. The value of this element is the port number. |
|
0 or 1 |
Specifies the socket family that is used to connect to the origin server. Values: |
|
0 or 1 |
Specifies the number of threads dedicated to accept connections received by this listener. The value can be from 1 to 128. Default value: 1 per CPU. |
|
1 |
Specifies the name of the TCP proxy that processes requests received by the listener. |
|
0 or 1 |
Specifies the size (in bytes) of the listen queue. Value: 1 to 1048576. |
|
0 or 1 |
Specifies the size (in bytes) of the operating system socket receive buffer. Value: 1 to 1048576. |
|
0 or 1 |
Specifies the size (in bytes) of the operating system socket send buffer. Value: 1 to 1048576. |
|
0 or 1 |
Configures SSL/TLS. For more information, see Section 3.1.24, "ssl". |
|
0 or 1 |
Specifies the description of the TCP listener. The value of this element must be in text format. |
|
0 or 1 |
Enables/disables blocking of the server listen socket, while retaining client end points as non-blocking (useful when MaxProcs > 1). Default value: |
See Also:
The tcp-proxy
element is used to support LDAP/T3 listeners. For more information, see Section 3.1.22, "server".
Table 3-29 describes the subelements of tcp-proxy
.
Table 3-29 tcp-proxy
Subelements
Element | Occurrences | Description |
---|---|---|
|
0 or 1 |
Specifies whether the TCP service is enabled. Default value: |
|
1 |
A name that uniquely identifies the TCP proxy. |
|
0 or 1 |
Specifies the maximum timeout (in seconds) that the server waits while receiving/sending data Default value: 300 |
|
0 or 1 |
Specifies the name of a server pool that provides the TCP service. The value must be a name value from an |
See Also:
The tcp-thread-pool
element configures the threads used to process WebSocket requests and requests received by TCP listeners. For more information, see Section 3.1.22, "server".
Table 3-30 describes the subelements of tcp-thread-pool
.
Table 3-30 tcp-thread-pool
Subelements
Element | Occurrences | Description |
---|---|---|
|
0 or 1 |
Specifies whether the pool is enabled. Default value: |
|
0 or 1 |
Specifies the number of TCP/WebSocket request processing threads. The value can be from 1 to 512. Default value: 1 per CPU. |
|
0 or 1 |
Specifies the maximum number of connection pairs that the server will support. The value can be from 1 to 1048576. Default value: 200. |
|
0 or 1 |
Specifies the idle timeout (in seconds), after which connection pairs will be closed. The value will be overridden by the tcp or WebSocket subsystem. The value can be from 0.001 to 3600. Default value: 300 seconds. |
|
0 or 1 |
Specifies the stack size (in bytes) for each thread. The value can be from 8192 to 67108864, or 0. Default value: 32768. |
|
0 or 1 |
Specifies the interval (in seconds) between polls. The value can be from 0.001 to 1. Default value: 0.010 seconds. |
|
0 or 1 |
Specifies the size of the buffer (in bytes), used by each connection for transferring data. The value can be from 1 to 1048576. Default value: 16384. |
See Also:
The thread-pool
element configures the threads used to process HTTP requests. This element can appear zero or one time within the server
element. For more information, see Section 3.1.22, "server".
Table 3-31 describes the subelements of thread-pool
.
Table 3-31 thread-pool
Subelements
Element | Occurrences | Description |
---|---|---|
|
0 or 1 |
Specifies the minimum number of HTTP request processing threads. The value can be from 1 to 4096. |
|
0 or 1 |
Specifies the maximum number of HTTP request processing threads. The default value is based on the number of processors. For example, if there are 1 or 2 processors, the default value is 256. Similarly, if there are 3 or 4 processors, the default value is 512. The default value is never more than quarter of the maximum number of file descriptors available for the process. |
|
0 or 1 |
Specifies the stack size (in bytes) for HTTP request processing threads. The value can be from 8192 to 67108864. |
|
0 or 1 |
Specifies the maximum number of concurrent HTTP connections that can be queued for processing. The value can be from 1 to 1048576. |
See Also:
The time
element schedules when an event occurs. This element can appear zero or more times within the event
element. For more information, see Section 3.1.6, "event".
Table 3-32 describes the subelement of time
.
Element | Occurrences | Description |
---|---|---|
|
1 |
Specifies the time when the event occurs. The value must be in the |
|
0 or 1 |
Specifies the day of the week. The value can be |
|
0 or 1 |
Specifies the day of month. The value can be from 1 to 31. |
|
0 or 1 |
Specifies the name of the month. The value can be |
The token
element configures a PKCS #11 token. This element can appear zero or more times within the pks11
element. For more information, see Section 3.1.17, "pkcs11".
Table 3-33 describes the subelements of token
.
Element | Occurrences | Description |
---|---|---|
|
0 or 1 |
Specifies whether the server initializes this PKCS #11 token, prompting for a PIN if necessary. Default value: |
|
1 |
The name of the token. The server's built-in token is named |
|
0 or 1 |
The PIN required to initialize the token. |
|
0 or 1 |
Specifies whether the property value is encoded or not. Default value: |
The variable
element defines a variable for use in expressions, log formats, and obj.conf
parameters. This element can appear zero or more times within the server
element, and zero or more times within the virtual-server
element. For more information, see Section 3.1.22, "server", and Section 3.1.36, "virtual-server".
Table 3-34 describes the subelements of variable
.
Table 3-34 List of variable
Subelements
Element | Occurrences | Description |
---|---|---|
|
1 |
Specifies the name of the variable. The value must be in text format. |
|
1 |
Specifies the value of the variable. The value must be in text format. |
|
0 or 1 |
The description of the variable. The value must be in text format. |
The virtual-server
element configures an HTTP virtual server. Each server typically has at least one virtual server. This element can appear zero or more times within the server
element. For more information, see Section 3.1.22, "server".
Table 3-35 describes the subelements of virtual-server
.
Table 3-35 virtual-server
Subelements
Element | Occurrences | Description |
---|---|---|
|
0 or 1 |
Specifies whether the virtual server is enabled at runtime. Default value: |
|
1 |
A name that uniquely identifies the virtual server. |
|
0 or more |
The name of a HTTP listener associated with one or more of the virtual server's host name. The value is the name from an |
|
0 or more |
Indicates the host name that the virtual-server services. The values can be a host name or a wildcard. For more information about wildcards, see Section A.5, "Wildcard Patterns" |
|
0 or 1 |
The canonical name of the virtual server. Requests using a different name are redirected to the canonical name. The value is a host name or URL prefix. |
|
1 |
The |
|
0 or 1 |
The name of the root |
|
0 or 1 |
Configures localization. For more information, see Section 3.1.13, "localization". |
|
0 or more |
Configures an HTTP access log for the virtual server. For more information, see Section 3.1.1, "access-log". |
|
0 or 1 |
Specifies the log file for the virtual server. The value is the log file name, for example, |
|
0 or more |
Defines an |
|
0 or 1 |
The description of the virtual server. |
|
0 or 1 RSA certificate or 1 ECC certificate |
Specifies the nickname of the certificate that the server presents to the clients. Values: zero or one for RSA and zero or one for ECC |
|
0 or 1 |
Specifies information related to QoS settings. |
|
0 or multiple |
Specifies the path to a file containing Web Application Firewall (WAF) rules or configuration. |
See Also:
The webapp-firewall-ruleset
element configures the path to a web application firewall configuration file, which contains ModSecurity rules/configuration directives. The path may be an absolute path or a relative path. If a relative path is used, it is relative to the server's config
directory. The file name component may contain wildcard characters to specify multiple files within the given directory.
The webapp-firewall-ruleset
element may be present at the virtual-server
level as well as at the server
level and can appear zero or more times within the server
and virtual-server
elements. Configuration settings at the virtual-server
level take precedence over the server
level. However some configuration directives can only be specified at the server
level. The scope of these directives is considered to be Main. Similarly, scope of directives that can be specified at either server
level or virtual-server
level is considered to be Any. Note that if a directive with Main scope is specified within the virtual-server
level configuration file, then an error will be logged and the server will fail to start. For information about the scope of different directives, see the Web Application Firewall section in the Oracle Traffic Director Administrator's Guide.
Note:
For information about various web application firewall use cases, see the appendix, Web Application Firewall Examples and Use Cases in the Oracle Traffic Director Administrator's Guide.