This chapter describes the elements in the server.xml
file in alphabetical order.
This section describes the elements in the server.xml
file in alphabetical order.
The access-log
element configures the settings for the access log. This element can appear zero or more times within the server
element and zero or more times within the virtual-server
element. For more information, see Section 3.1.24, "server", and Section 3.1.37, "virtual-server".
Table 3-1 describes the subelements of access-log
.
Table 3-1 access-log
Subelements
Element | Occurrences | Description |
---|---|---|
|
0 or 1 |
Specifies whether the server writes to this access log. Default Value: |
|
0 or 1 |
The name that uniquely identifies the access log. If you specify a name, the server does not automatically write to this access log. Instead, you explicitly configure this access log in an |
|
1 |
The file name of the access log. If a relative path is used, it is relative to the server's |
|
0 or 1 |
The format of the access log entries. The default format is an extended custom log format. For more information about access log format, see Appendix B, "Using the Custom Access-Log File Format". |
The access-log-buffer
element configures the settings for access log buffering subsystem. This element can appear zero or one time within the server
element. For more information, see Section 3.1.24, "server".
Table 3-2 describes the subelements of access-log-buffer
.
Table 3-2 access-log-buffer
Subelements
Element | Occurrences | Description |
---|---|---|
|
0 or 1 |
Specifies if the file system cache access log writes. Default value: |
|
0 or 1 |
Specifies whether the server buffers the access log entries. Default value: |
|
0 or 1 |
The size (in bytes) of individual access log buffers. The value can be from 4096 to 1048576. |
|
1 |
Specifies the maximum number of access-log buffers per server. Values: 1 to 65536. |
|
0 or 1 |
Specifies the maximum number of access-log buffers per access-log file. |
|
0 or 1 |
The maximum time (in seconds) to buffer a given access log entry. The value can be from 0.001 to 3600. |
The cluster
element defines the cluster to which the server belongs. This element can appear zero or one time within the server
element. For more information, see Section 3.1.24, "server".
Table 3-3 describes the subelements of cluster
.
Element | Occurrences | Description |
---|---|---|
|
1 |
Defines the network address of an instance. The value is the |
|
1 or more |
Defines a member of the server cluster. For more information, see Section 3.1.14, "instance". |
|
0 or more |
Defines the configuration of a failover group. For more information, see Section 3.1.10, "failover-group" |
The cert
element uniquely identifies a certificate. This element can appear zero or more times within the ssl
element. For more information, see Section 3.1.26, "ssl".
Table 3-4 describes the subelements of cert
.
Element | Occurrences | Description |
---|---|---|
|
1 |
Required. Subject name of the certificate. |
|
0 or 1 |
This optional field can be specified in order to disambiguate between multiple certificates with the same subject name. This field is specified in hexadecimal and is not case-sensitive. The 0x prefix is optional. |
|
0 or 1 |
This optional field can be specified in order to disambiguate between multiple certificates with the same subject name. |
The crl
element uniquely identifies a certificate revocation list (CRL). This element can appear zero or one time within the server
element. For more information, see Section 3.1.24, "server".
Table 3-5 describes the subelements of crl
.
Element | Occurrences | Description |
---|---|---|
|
0 or 1 |
Defines whether the CRL is enabled. Default value: |
|
0 or 1 |
Defines path to the CRL. For more information, see Section 3.1.14, "instance". |
|
0 or 1 |
Defines a cache size between 0 and 2,147,483,647 bytes inclusive. Default value: |
|
0 or 1 |
Specifies whether a CRL is required when verifying peer certificates during SSL/TLS handshakes. This affects both libproxy (back-end) and client (front-end) authentication. Default value: |
The ssl3-tls-ciphers
element enables ciphers. This element can appear zero or one time within the ssl3-tls-ciphers
element. For more information, see Section 3.1.27, "ssl3-tls-ciphers".
Note that if ssl3-tls-ciphers
is not present in the configuration, the default enablement value for each of the ciphers is used. If ssl3-tls-ciphers
is present, you must include a cipher
element for each cipher that you want enabled.
Table 3-6 describes the subelements of cipher
.
Element | Occurrences | Description |
---|---|---|
|
0 or 1 |
Specifies whether |
|
0 or 1 |
Specifies whether TLS_RSA_WITH_AES_128_GCM_SHA256 cipher suite is enabled at runtime. Valid only for TLS 1.2. Default value: |
|
0 or 1 |
Specifies whether TLS_RSA_WITH_AES_256_GCM_SHA384 cipher suite is enabled at runtime. Valid only for TLS 1.2. Default value: |
|
0 or 1 |
Specifies whether TLS_RSA_WITH_AES_128_CBC_SHA256 cipher suite is enabled at runtime. Valid only for TLS 1.2. Default value: |
|
0 or 1 |
Specifies whether TLS_RSA_WITH_AES_256_CBC_SHA256 cipher suite is enabled at runtime. Valid only for TLS 1.2. Default value: |
|
0 or 1 |
Specifies whether TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 cipher suite is enabled at runtime. Valid only for TLS 1.2. Default value: |
|
0 or 1 |
Specifies whether TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 cipher suite is enabled at runtime. Valid only for TLS 1.2. Default value: |
|
0 or 1 |
Specifies whether TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 cipher suite is enabled at runtime. Valid only for TLS 1.2. Default value: |
|
0 or 1 |
Specifies whether TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 cipher suite is enabled at runtime. Valid only for TLS 1.2. Default value: |
|
0 or 1 |
Specifies whether TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 cipher suite is enabled at runtime. Valid only for TLS 1.2. Default value: |
|
0 or 1 |
Specifies whether TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 cipher suite is enabled at runtime. Valid only for TLS 1.2. Default value: |
|
0 or 1 |
Specifies whether TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 cipher suite is enabled at runtime. Valid only for TLS 1.2. Default value: |
|
0 or 1 |
Specifies whether TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 cipher suite is enabled at runtime. Valid only for TLS 1.2. Default value: |
|
0 or 1 |
Specifies whether |
|
0 or 1 |
Specifies whether |
|
0 or 1 |
Specifies whether |
|
0 or 1 |
Specifies whether |
|
0 or 1 |
Specifies whether |
|
0 or 1 |
Specifies whether |
|
0 or 1 |
Specifies whether |
|
0 or 1 |
Specifies whether |
|
0 or 1 |
Specifies whether |
|
0 or 1 |
Specifies whether |
|
0 or 1 |
Specifies whether |
|
0 or 1 |
Specifies whether |
|
0 or 1 |
Specifies whether |
|
0 or 1 |
Specifies whether |
|
0 or 1 |
Specifies whether |
|
0 or 1 |
Specifies whether |
|
0 or 1 |
Specifies whether |
|
0 or 1 |
Specifies whether |
|
0 or 1 |
Specifies whether |
The dns
element configures how the server uses the domain name system (DNS). This element can appear zero or one time within the server
element. For more information, see Section 3.1.24, "server".
Table 3-7 describes the subelements of dns
.
Element | Occurrences | Description |
---|---|---|
|
0 or 1 |
Specifies whether the server does DNS lookups. Default value: |
|
0 or 1 |
Specifies whether the server uses its own asynchronous DNS resolver, instead of the Operating System's synchronous resolver. Default value: |
|
0 or 1 |
Specifies the duration (in seconds) after which the asynchronous DNS lookups should time out. The value can be from 0.001 to 3600. |
See Also:
dns-cacheThe dns-cache
element configures the DNS cache. This element can appear zero or one time within the server
element. For more information, see Section 3.1.24, "server".
Table 3-8 describes the subelements of dns-cache
.
Table 3-8 dns-cache
Subelements
Element | Occurrences | Description |
---|---|---|
|
0 or 1 |
Specifies whether the server writes to a cache for DNS lookup results. Default value: |
|
0 or 1 |
Specifies the duration (in seconds) for which the entries must be kept in the cache. The value can be from 1 to 31536000. |
|
0 or 1 |
Specifies the maximum number of DNS lookup results to write to the cache. The value can be from 32 to 32768. |
See Also:
dnsThe event
element configures a recurring event. The element can appear zero or more times within the server
element. For more information, see Section 3.1.24, "server".
Table 3-9 describes the subelements of event
.
Element | Occurrences | Description |
---|---|---|
|
0 or 1 |
Specifies whether the event is enabled at run time. Default value: |
|
0 or more |
Configures a specific time when the event occurs. For more information, see Section 3.1.35, "time". |
|
0 or 1 |
Specifies the interval (in seconds) at which the event occurs. The value can be from 60 to 86400. |
|
0 or 1 |
Rotates the log files. Default value: |
|
0 or 1 |
Rotates the access log files. Default value: |
|
0 or more |
The command to execute to get an event to run. |
|
0 or 1 |
Dynamically reconfigures the server. Default value: |
|
0 or 1 |
Restarts the server. Default value: |
|
0 or 1 |
The description of the event. The value of this element is in text format. |
The failover-group
element defines a failover group. This element may appear zero or one time within the cluster
element. For more information, see Section 3.1.3, "cluster"
Table 3-10 describes the subelements of failover-group
.
Table 3-10 failover-group
Subelements
Element | Occurrences | Description |
---|---|---|
|
1 |
Specifies the virtual IP for the failover group. The value must be unique across failover groups in a configuration. |
|
0 or 1 |
Specifies the subnet mask for the number of bits used to identify the network. Values: positive integer and 24 (max 32) by default for IPV4. Default value: 64 (max 128) for IPV6 |
|
0 or 1 |
Specifies the router identity for the failover-group. The value must be unique across the failover-groups. It is used to identify the router group of all the participating routers for the same VIP. Values are positive integer. Range of values: 1 to 255. Default value: 255. |
|
1 or more |
Defines the instances that are part of the |
|
1 |
Specifies the hostname of the administration node where the instance has been created. It must match one of the instance or the host elements in the cluster elements. |
|
0 or 1 |
Specifies the priority value for the instance. This value identifies whether the instance is the primary or the backup for the |
|
1 |
Indicates the network interface on the node where this instance is created on which the VIP is moderated. |
The health-check
element configures the parameters that are used to determine the status of each origin-server in an origin-server pool. This element may appear zero or one time within the origin-server-pool
element. For more information, see Section 3.1.19, "origin-server-pool"
Table 3-11 describes the subelements of health-check
.
Table 3-11 health-check
Subelements
Elements | Occurrences | Description | TCP health check on HTTP servers | TCP health check on TCP servers |
---|---|---|---|---|
|
0 or 1 |
Specifies the type of connection—HTTP or TCP, or an external executable—that Oracle Traffic Director should attempt with the origin server to determine its health. Alternatively, specifies an external health check executable. TCP: Oracle Traffic Director attempts to open a TCP connection to each origin server. The success or failure of this attempt determines whether Oracle Traffic Director considers the origin server to be online or offline. EXTERNAL: Oracle Traffic Director invokes the executable specified in Default value: |
Valid |
Valid; HTTP is not a valid value for |
|
0 or 1 |
Specifies the time interval (in seconds) between successive health check operations. Default value: 30. |
Valid |
Valid |
|
0 or 1 |
Indicates the number of consecutive failures for marking a server down. It is indicated by a positive integer. The maximum possible value is 256. Default value: 3. |
Valid |
Valid |
|
0 or 1 |
Specifies the timeout value for a connection. It is indicated by a positive integer and in seconds. Default value: 5. |
Valid |
Valid |
|
0 or 1 |
Specifies the full path of an external health check executable. You must configure this parameter if the protocol is EXTERNAL |
N/A |
N/A |
|
0 or 1 |
Specifies the method used during HTTP health check operations. Default value: |
Ignored |
Ignored |
|
0 or 1 |
Specifies the URI that is used for HTTP health check operations. Default value: |
Ignored |
Ignored |
|
0 or 1 |
A modified regular expression used to specify the types of response status codes acceptable for a healthy origin server. The expression is a union of three character patterns that contain only digits or ' If the parameter is not specified, all other codes except |
Ignored |
Ignored |
|
0 or 1 |
A regular expression that is used to match the HTTP response body to determine the origin server's health. This is applicable only when protocol is HTTP. |
Ignored |
Ignored |
|
0 or 1 |
Specifies the maximum length of the response body that should match. Default value: 2048. |
Ignored |
Ignored |
|
0 or 1 |
Specifies whether the server should dynamically discover Oracle WebLogic Server cluster nodes and add them to the pool. Default value: |
Valid for HTTP Health Check |
Ignored |
The http
element configures the settings for the miscellaneous HTTP protocol options. This element can appear zero or one time within the server
element. For more information, see Section 3.1.24, "server".
Table 3-12 describes the subelements of http
.
Element | Occurrences | Description |
---|---|---|
|
0 or 1 |
Specifies the highest HTTP protocol version the server supports. The default HTTP version string is |
|
0 or 1 |
Specifies the server header information such as server software and version. The default server header is |
|
0 or 1 |
Specifies the maximum size (in bytes) of the request body content that OTD will expose using the Note: All values must specify units. |
|
0 or 1 |
Specifies the size (in bytes) of the buffer used to read HTTP request headers. The value can be from 0 to 2147483647. |
|
0 or 1 |
Indicates whether the server rejects certain malformed HTTP request headers. Default value: |
|
0 or 1 |
Specifies the maximum number of header fields in an HTTP request header. The value can be from 1 to 512. |
|
0 or 1 |
Specifies the size (in bytes) of the buffer for HTTP responses. The value can be from 0 to 2147483647. |
|
0 or 1 |
Specifies the maximum size (in bytes) of a chunked HTTP request body that the server will unchunk. The value can be from 0 to 2147483647. |
|
0 or 1 |
Specifies the maximum time (in seconds) that the server waits for a chunked HTTP request body to arrive. The value can be from 0 to 3600, or -1 for no timeout. |
|
0 or 1 |
Specifies the maximum time (in seconds) that the server waits for an individual packet. The value can be from 0 to 3600, or -1 for no timeout. |
|
0 or 1 |
Specifies the maximum time (in seconds) that the server waits for a complete HTTP request header. The value can be from 0 to 604800, or -1 for no timeout. |
|
0 or 1 |
Specifies the maximum time (in seconds) that the server waits for a complete HTTP request body. The value can be from 0 to 604800, or -1 for no timeout. |
|
0 or 1 |
Specifies whether the server replies to requests for |
|
0 or 1 |
Controls if the server includes an |
|
0 or 1 |
Specifies whether the server generates, propagates, and logs the execution context. The value of the ECID is a unique identifier that can be used to correlate individual events as being part of the same request execution flow. For example, events that are identified as being related to a particular request typically have the same ECID value. However, the format of the ECID string itself is determined by an internal mechanism that is subject to change; therefore, you should not have or place any dependencies on that format. ECID is defined as a part of the execution context. The execution context consists of ECID and RID. You may also refer to the whole execution context, which is the combination of ECID and RID, as just ECID. Default value: |
|
0 or 1 |
Enables/disables strict RFC 6455 adherence during the WebSocket upgrade request. Default value: |
The http-listener
element configures an HTTP listener. This element can appear zero or more times within the server
element. For more information, see Section 3.1.24, "server".
Table 3-13 describes the subelements of http-listener
.
Table 3-13 http-listener
Subelements
Element | Occurrences | Description |
---|---|---|
|
0 or 1 |
Specifies whether the HTTP listener is enabled to accept connection requests. Default value: |
|
1 |
Specifies the name that uniquely identifies the HTTP listener. |
|
0 or 1 |
Specifies an IP address to which to listen. The value of this element is a specific IP address or an asterisk |
|
1 |
Specifies the port to which to listen. The value of this element is the port number. |
|
0 or 1 |
Specifies the number of threads dedicated to accept connections received by this listener. The value can be from 1 to 128. |
|
1 |
Specifies the default server name. Tells the server what to put in the host name section of any URLs it sends to the client. This affects URLs the server automatically generates; it doesn't affect the URLs for directories and files stored in the server. This name should be the alias name if your server uses an alias. If a colon and port number are appended, that port will be used in URLs that the server sends to the client. Values: The value can include a scheme (for example, prefix http://) and port suffix (for example, :80) |
|
0 or 1 |
Specifies whether the server uses blocking I/O. Default value: |
|
0 or 1 |
Specifies the socket family that is used to connect to the origin server. Values: |
|
0 or 1 |
Indicates whether the server responds to SSL or non-SSL protocol mismatches in client requests. Default value: |
|
0 or 1 |
Specifies the size (in bytes) of the listen queue. The value of this element can be from 1 to 1048576. |
|
0 or 1 |
Specifies the size (in bytes) of the operating system socket receive buffer. The value of this element can be from 1 to 1048576. |
|
0 or 1 |
Specifies the size (in bytes) of the operating system socket send buffer. The value of this element can be from 1 to 1048576. |
|
1 |
Specifies the name of the virtual server that processes request that do not match a host. The value of this element is the |
|
0 or 1 |
Configures SSL/TLS. For more information, see Section 3.1.26, "ssl". |
|
0 or 1 |
Specifies the description of the HTTP listener. The value of this element must be in text format. |
|
0 or 1 |
Enables/disables blocking of the server listen socket while retaining client end points as non blocking (useful when MaxProcs > 1). Default value: |
The instance
element defines a member of a server cluster. This element can appear one or more times within the cluster
element. For more information, see Section 3.1.3, "cluster".
Table 3-14 describes the subelements of instance
.
Table 3-14 instance
Subelements
Element | Occurrences | Description |
---|---|---|
|
0 or 1 |
Specifies whether the instance is enabled at run time. Default value: |
|
1 |
The network address of the instance. The value is the host name or the IP address. |
See Also:
clusterThe keep-alive
element configures the settings for the keep-alive subsystem. This element can appear zero or one time within the server
element. For more information, see Section 3.1.24, "server".
Table 3-15 describes the subelements of keep-alive
.
Table 3-15 keep-alive
Subelements
Element | Occurrences | Description |
---|---|---|
|
0 or 1 |
Specifies whether the keep-alive subsystem is enabled at runtime. Default value: |
|
0 or 1 |
Specifies the number of keep alive subsystem threads. The value can be from 1 to 128. Default value: 1. |
|
0 or 1 |
Specifies the maximum number of concurrent keep alive connections that the server supports. The value can be from 1 to 1048576. Default value: 200. |
|
0 or 1 |
Specifies the timeout (in seconds) after which an inactive keep alive connection can be used. The value can be from 0.001 to 3600. Default value: 30 seconds. |
|
0 or 1 |
Specifies the interval (in seconds) between polls. The value can be from 0.001 to 1. Default value: .001. |
The localization
element defines a method by which the server chooses a language with which it presents information to the client. This element may appear zero or one time within the server
element, and zero or one time within the virtual-server
element. For more information, see Section 3.1.24, "server", and Section 3.1.37, "virtual-server".
Table 3-16 describes the subelement of localization
.
Table 3-16 localization
Subelements
Element | Occurrences | Description |
---|---|---|
|
0 or 1 |
The default language with which the messages and content are displayed. The value is a language tag. |
|
0 or 1 |
Specifies whether the server uses the accept-language HTTP header to negotiate the content language with clients. Default value: |
The log
element configures the logging subsystem. This element can appear zero or one time within the server
element. For more information, see Section 3.1.24, "server".
Table 3-17 describes the subelements of log
.
Element | Occurrences | Description |
---|---|---|
|
0 or 1 |
Specifies whether the server logs data that applications write to |
|
0 or 1 |
Specifies whether the server logs data that applications write to |
|
0 or 1 |
Specifies whether the server includes the virtual server name in log messages. Default value: |
|
0 or 1 |
Specifies whether the server creates a console window (Windows only). Default value: |
|
0 or 1 |
Specifies whether the server writes log messages to the console. Default value: |
|
0 or 1 |
Specifies whether the server writes log messages to |
|
0 or 1 |
This is executed after the server rotates a log file. The program is passed the post-rotation file name of the log file as an argument. A program command line, for example: |
|
0 or 1 |
Specifies the log verbosity for the server as a whole. Values: |
|
0 or 1 |
Specifies the name and location of the log file. Value: User defined name and location. Default value: |
The max-fd
element specifies a limit on the file descriptor usage of the OTD server process. The defFrom Subject Received Size Categories Suresh Warrier Re: Close the bugs Mon 6:53 PM 4 KB ault value of max-fd
element is 2 million
The origin-server-pool
element configures a pool of origin servers that are used for load balancing requests. This element may appear zero or more times within the server
element. For more information, see Section 3.1.24, "server".
Table 3-18 describes the subelements of origin-server-pool
.
Table 3-18 origin-server-pool
Subelements
Element | Occurrences | Description |
---|---|---|
|
1 |
Specifies the name by which the server pool is identified. |
|
0 or 1 |
The load-balancing method for distributing requests to the origin-server pool. Values: For more information about load-balancing methods, see the section Modifying an Origin-Server Pool in the Oracle Traffic Director Administrator's Guide. |
|
0 or 1 |
Specifies outgoing proxy SSL connections. This allows you to select the client certificate as well as ciphers. With OTD 12.2.1, it replaces the ssl-client-config SAF. For more information, see Section 3.1.26, "ssl," |
|
1 |
Indicates the kind of requests that are handled by every server in the server pool. Values: |
|
0 or 1 |
Specifies the socket family that is used to connect to the origin server. Values: |
|
0 or more |
Represents an origin server that belongs to the server pool. |
|
0 or 1 |
Specifies the health check settings for the server pool |
proxy-server |
0 or 1 |
It support for specifying a proxy server in the server pool |
The origin-server
element defines a member of a server pool. This element may appear zero or more times within the origin-server-pool
element. For more information see, Section 3.1.19, "origin-server-pool"
Table 3-19 describes the subelements of origin-server
.
Table 3-19 origin-server
Subelements
Element | Occurrences | Description |
---|---|---|
|
1 |
Specifies the host name or the IP address of the origin server. |
|
0 or 1 |
Specifies the port number of the origin server. Value: Integer. 80 is the default port if the origin server pool type is HTTP. 443 is the default port if the origin server pool type is HTTPS. |
|
0 or 1 |
Specifies the load distribution weight for the origin server. The value is an integer. Default value: 1. |
|
0 or 1 |
Specifies whether requests can be routed to the origin server. Default value: |
|
0 or 1 |
Specifies whether the origin server is a backup server. Requests are sent to the backup origin server only when none of the primary (non-backup) origin servers is available. Default value: |
|
0 or 1 |
Specifies the maximum number of concurrent connections to the server. Values: 0 to 20480. Default value: 0. The value 0 indicates no limit. |
|
0 or 1 |
The time (in seconds) that Oracle Traffic Director should take to ramp up the request sending rate to the full capacity of this origin server. Default value: Any positive integer. If |
|
0 or 1 |
Maximum limit on times a connection to the origin server can be reused for different requests. When this limit is hit, OTD voluntarily closes the connection to the origin server. The value 0 means no limit is enforced. |
|
0 or 1 |
Total bandwidth limit in byte/second enforced on request. The value 0 means no limit is enforced. |
|
0 or 1 |
Total bandwidth limit in byte/second enforced on response. The value 0 means no limit is enforced. |
|
0 or 1 |
Time in seconds before a request waiting in the queue for bandwidth is aborted. |
The property
element defines a name-value
pair. The effect of defining a property name-value
pair depends on the context in which the property element appears.
Table 3-20 describes the subelements of property
.
Table 3-20 property
Subelements
Element | Occurrences | Description |
---|---|---|
|
1 |
The name of the property. |
|
1 |
The value of the property. |
|
0 or 1 |
Specifies if the property value was encoded using the uunencode algorithm. Default value: |
|
0 or 1 |
Specifies if the property value is encrypted. Default value: |
|
0 or 1 |
The description of the property. |
See Also:
variableThe proxy-cache element configures the HTTP reverse proxy cache configuration. This element can appear zero or one time within the server
element. For more information, see Section 3.1.24, "server".
Table 3-21 describes the subelements of proxy-cache
.
Table 3-21 proxy-cache
Subelements
Element | Occurrences | Description |
---|---|---|
|
0 or 1 |
Specifies whether response caching is enabled. Default value: |
|
0 or 1 |
Specifies the maximum number (in bytes) of heap that is used for caching response objects. Values: 0 to 1099511627776 (1024 GB). Default value: 10485760 (10 MB). |
|
0 to 1 |
Specifies the maximum size of objects that should be cached. Objects larger than the specified size are not cached. Values: 0 to 214783647. Default value: 524288 (512 KB). |
|
0 to 1 |
Specifies the algorithm for cache replacement. Values:
|
|
0 to 1 |
Specifies the maximum number of entries in the cache. The range is 1 to 1073741824. Default value: 1024. |
The qos-limits element configures the Quality of Service (QoS) limits. This element may appear zero or one time within the server
element and zero or one time within the virtual-server
element. For more information, see Section 3.1.24, "server" and Section 3.1.37, "virtual-server".
Table 3-22 describes the subelements of qos-limits
.
Table 3-22 qos-limits
Subelements
Element | Occurrences | Description |
---|---|---|
|
0 or 1 |
Specifies whether the QoS limits are enforced at runtime. Default value: |
|
0 or 1 |
Specifies the maximum transfer rate (bytes/second). Range of value: 1 to 2147483647 |
|
0 or 1 |
Specifies the maximum number of concurrent connections. Range of value: 1 to 1048576 |
The server
element defines a server. This is the root element. There can be only one server
element in the server.xml
file.
Table 3-23 describes the subelements of server
.
Element | Occurrences | Description |
---|---|---|
|
0 or 1 |
The server cluster to which the server belongs. For more information, see Section 3.1.3, "cluster". |
fips |
0 or 1 |
Enables the FIPS-140 mode of operation for the security library. |
crl |
0 or 1 |
Defines a certificate. For more information, see Section 3.1.5, "crl,". |
|
0 or 1 |
Configures the logging subsystem. For more information, see Section 3.1.17, "log,". |
|
0 or 1 |
The account the server runs as (UNIX only). The value is the user account. If the server is started as |
|
0 or 1 |
The directory where the server stores its temporary files. If a relative path is used, it is relative to the server's |
|
0 or more |
Defines a variable for use in expressions, log formats, and |
|
0 or 1 |
Configures localization. For more information, see Section 3.1.16, "localization". |
|
0 or 1 |
Configures the HTTP protocol options. For more information, see Section 3.1.12, "http". |
|
0 or 1 |
Configures the HTTP keep-alive subsystem. For more information, see Section 3.1.15, "keep-alive". |
|
0 or 1 |
Configures the HTTP request processing threads. For more information, see Section 3.1.34, "thread-pool". |
|
0 or 1 |
Configures the statistics collection subsystem. For more information, see Section 3.1.29, "stats". |
|
0 or 1 |
Configures the server's use of DNS. For more information, see Section 3.1.7, "dns". |
|
0 or 1 |
Configures the DNS cache. For more information, see Section 3.1.8, "dns-cache". |
|
0 or 1 |
Configures the SSL/TLS session cache. For more information, see Section 3.1.28, "ssl-session-cache". |
|
0 or 1 |
Configures the access log buffering subsystem. For more information, see Section 3.1.2, "access-log-buffer". |
|
0 or 1 |
Configures SNMP. For more information, see Section 3.1.25, "snmp". |
|
0 or more |
Configures an HTTP access log for the server. For more information, see Section 3.1.1, "access-log". |
|
0 or more |
Configures an HTTP listener. For more information, see Section 3.1.13, "http-listener". |
|
0 or more |
Configures a virtual server. For more information, see Section 3.1.37, "virtual-server". |
|
0 or more |
Configures a recurring event. For more information, see Section 3.1.9, "event". |
|
0 or more |
Configures a pool of origin servers that are used for handling load balancing requests. For more information, see Section 3.1.19, "origin-server-pool" |
|
0 or 1 |
Defines the HTTP reverse proxy caching configuration mechanism. For more information, see Section 3.1.22, "proxy-cache" |
|
0 or 1 |
Specifies information related to QoS settings. For more information, see Section 3.1.23, "qos-limits" |
|
0 or 1 |
Configures the TCP request processing threads. For more information, see Section 3.1.33, "tcp-thread-pool" |
|
0 or 1 |
Configures TCP access log for the server. For more information, see Section 3.1.30, "tcp-access-log" |
|
0 or more |
Configures a TCP listener. For more information, see Section 3.1.31, "tcp-listener" |
|
0 or more |
Configures a TCP service. For more information, see Section 3.1.32, "tcp-proxy" |
|
0 or more |
Specifies the path to a file containing the Web Application Firewall (WAF) module rules. For more information, see Section 3.1.38, "webapp-firewall-ruleset" |
The snmp
element configures the server's SNMP subagent. This element can appear zero or one time within the server
element. For more information, see Section 3.1.24, "server".
Table 3-24 describes the subelements of snmp
.
Element | Occurrences | Description |
---|---|---|
|
0 or 1 |
Specifies whether the SNMP agent is enabled. If enabled, the SNMP subagent gathers information about the server and passes the information to the master agent. Default value: |
|
0 or 1 |
(Optional) Specifies the description of the server. The value must be in text format. |
|
0 or 1 |
(Optional) Specifies the name of the organization responsible for the server. The value must be in text format. |
|
0 or 1 |
(Optional) Specifies the location of the server. The value must be in text format. |
|
0 or 1 |
(Optional) Specifies the contact information of the person responsible for the server. The value must be in text format. |
See Also:
statsThe ssl
element configures the SSL/TLS settings. This element can appear zero or one time within the http-listener
element. For more information, see Section 3.1.13, "http-listener".
To configure outgoing proxy SSL connections, this element can appear zero or one time within the origin-server-pool
element. For more information, see Section 3.1.19, "origin-server-pool".
Table 3-25 describes the subelements of ssl
.
Element | Occurrences | Description |
---|---|---|
|
0 or 1 |
Specifies whether SSL support is enabled for the listener. Disabled by default for listeners when no |
|
0 or more |
Specifies the nickname of the certificate that the server presents to the clients. You can specify zero or one RSA certificate, and zero or one ECC certificate. |
|
0 or 1 |
Specifies whether SSL3 connections are accepted. Default value: |
numCtx |
0 or 1 |
Allows the creation of more than one NZ global context to get around NZ lock contention in high load situations. Default value: 1. |
pool-context-size |
0 or 1 |
Creates a pool to support the re-use of NZ ssl contexts, boosting performance. At creation, the pool is empty, so there is no additional startup time. Once the pool is full, new contexts are created but not reused, and performance drops. This setting should be tuned to the maximum number of expected concurrent SSL connections. Note that increasing the pool size will increase memory usage, as the contexts saved in the pool will not be freed until re-configuration or shutdown. Default value: 4096. |
|
0 or 1 |
Specifies whether TLS connections are accepted. Default value: |
|
0 or 1 |
Specifies whether TLS connections fully protect against BEAST attacks. Default value: |
|
0 or 1 |
Specifies whether TLS connections fully protect against BEAST attacks. Default value: |
|
0 or 1 |
Configures the SSL3 and TLS cipher suites. For more information, see Section 3.1.27, "ssl3-tls-ciphers". |
|
0 or 1 |
Specifies the method of client certificate authentication. The value can be |
|
0 or 1 |
Indicates the duration (in seconds) after which a client authentication handshake fails. The value can be from 0.001 to 3600. |
|
0 or 1 |
Specifies the number of characters of authentication data that the server can buffer. The value can be from 0 to 2147483647. |
validate-server-cert-hostname |
0 or 1 |
Specifies whether validate SSL certificate hostname is on or off. Applies only to outgoing connections. The remote certificate or CA must still be trusted locally in the wallet. NZ does not provide a programmatic override if the remote certicate is completely untrusted (for example, self-signed). Default value: |
wallet-location |
0 or 1 |
Allows selection of an alternate wallet for a virtual server, listener, or origin server group. If this is omitted, the wallet from the instance's config directory is omitted. This is primarily to support SNI for multi-tenant, so that each virtual server can use a different wallet. |
The ssl3-tls-ciphers
element configures SSL3 and TLS cipher suites. This element can appear zero or one time within the ssl
element. For more information, see Section 3.1.26, "ssl".
Note that if ssl3-tls-ciphers
is not present in the configuration, the default enablement value for each of the ciphers is used. If ssl3-tls-ciphers
is present, you must include a cipher
element for each cipher that you want enabled. For more information, see Section 3.1.6, "cipher".
Table 3-26 describes the subelements of ssl3-tls-ciphers
.
Table 3-26 ssl3-tls-ciphers
Subelements
Element | Occurrences | Description |
---|---|---|
|
0 or more |
Specifies a cipher to be enabled. For more information, see Section 3.1.6, "cipher". |
override-cipher-order |
0 or 1 |
This setting applies only to server-side listeners (ie. HTTPS and TCP listeners), and SNI virtual servers. If set, the server chooses a cipher in the order specified in <ssl3-tls-ciphers>. The first cipher from this list supported by the client is selected. If not set, the first cipher from the ClientHello message supported by the server is selected. Default value: |
The ssl-session-cache
element configures the SSL/TLS session cache. This element can appear zero or one time within the server
element. For more information, see Section 3.1.24, "server".
Table 3-27 describes the subelements of ssl-session-cache
.
Table 3-27 ssl-session-cache
Subelements
Element | Occurrences | Description |
---|---|---|
|
0 or 1 |
Specifies whether the server writes SSL/TLS sessions to the cache. Default value: |
|
0 or 1 |
Specifies the maximum number of SSL/TLS sessions that are written to the cache by the server. The value can be from 1 to 524288. |
|
0 or 1 |
Specifies the maximum amount of time (in seconds) a SSL/TLS session is written to the cache. The value can be from 5 to 86400. |
The stats
element configures the statistics collection subsystem. This element can appear zero or one time within the server
element. For more information, see Section 3.1.24, "server".
Table 3-28 describes the subelements of stats
.
Element | Occurrences | Description |
---|---|---|
|
0 or 1 |
Specifies whether the server collects the statistics. Default value: |
|
0 or 1 |
Specifies the interval (in seconds) at which statistics are updated. The value can be from 0.001 to 3600. |
|
0 or 1 |
Specifies whether the performance buckets used to track NSAPI function execution time are enabled at runtime. Default value: |
See Also:
snmpThe tcp-access-log
element configures the settings for the TCP access log. If the tcp-access-log
element is missing TCP access logging is disabled. For more information, see Section 3.1.24, "server".
Table 3-29 describes the subelements of tcp-access-log
.
Table 3-29 tcp-access-log
Subelements
Element | Occurrences | Description |
---|---|---|
|
0 or 1 |
Specifies whether TCP access logging is enabled. If the element is enabled, the server writes a log entry for every request received by TCP listeners. Default value: |
|
1 |
Specifies the filename of the access log file (absolute path or path relative to the server's config directory). |
The tcp-listener
element configures a TCP listener. For more information, see Section 3.1.24, "server".
Table 3-30 describes the subelements of tcp-listener
.
Table 3-30 tcp-listener
Subelements
Element | Occurrences | Description |
---|---|---|
|
0 or 1 |
Specifies whether the TCP listener is enabled to accept connection requests. Default value: |
|
1 |
Specifies the name that uniquely identifies the TCP listener. |
|
0 or 1 |
Specifies the IP address to listen. The value of this element is a specific IP address or an asterisk * to listen on all IP addresses. |
|
1 |
Specifies the port to listen. The value of this element is the port number. |
|
0 or 1 |
Specifies the socket family that is used to connect to the origin server. Values: |
|
0 or 1 |
Specifies the number of threads dedicated to accept connections received by this listener. The value can be from 1 to 128. Default value: 1 per CPU. |
|
1 |
Specifies the name of the TCP proxy that processes requests received by the listener. |
|
0 or 1 |
Specifies the size (in bytes) of the listen queue. Value: 1 to 1048576. |
|
0 or 1 |
Specifies the size (in bytes) of the operating system socket receive buffer. Value: 1 to 1048576. |
|
0 or 1 |
Specifies the size (in bytes) of the operating system socket send buffer. Value: 1 to 1048576. |
|
0 or 1 |
Configures SSL/TLS. For more information, see Section 3.1.26, "ssl". |
|
0 or 1 |
Specifies the description of the TCP listener. The value of this element must be in text format. |
|
0 or 1 |
Enables/disables blocking of the server listen socket, while retaining client end points as non-blocking (useful when MaxProcs > 1). Default value: |
The tcp-proxy
element is used to support LDAP/T3 listeners. For more information, see Section 3.1.24, "server".
Table 3-31 describes the subelements of tcp-proxy
.
Table 3-31 tcp-proxy
Subelements
Element | Occurrences | Description |
---|---|---|
|
0 or 1 |
Specifies whether the TCP service is enabled. Default value: |
|
1 |
A name that uniquely identifies the TCP proxy. |
|
0 or 1 |
Specifies the maximum timeout (in seconds) that the server waits while receiving/sending data Default value: 300 |
|
0 or 1 |
Specifies the name of a server pool that provides the TCP service. The value must be a name value from an |
The tcp-thread-pool
element configures the threads used to process WebSocket requests and requests received by TCP listeners. For more information, see Section 3.1.24, "server".
Table 3-32 describes the subelements of tcp-thread-pool
.
Table 3-32 tcp-thread-pool
Subelements
Element | Occurrences | Description |
---|---|---|
|
0 or 1 |
Specifies whether the pool is enabled. Default value: |
|
0 or 1 |
Specifies the number of TCP/WebSocket request processing threads. The value can be from 1 to 512. Default value: 1 per CPU. |
|
0 or 1 |
Specifies the maximum number of connection pairs that the server will support. The value can be from 1 to 1048576. Default value: the default value is the value of the keep-alive |
|
0 or 1 |
Specifies the idle timeout (in seconds), after which connection pairs will be closed. The value will be overridden by the tcp or WebSocket subsystem. The value can be from 0.001 to 3600. Default value: 300 seconds. |
|
0 or 1 |
Specifies the stack size (in bytes) for each thread. The value can be from 8192 to 67108864, or 0. Default value: 32768. |
|
0 or 1 |
Specifies the interval (in seconds) between polls. The value can be from 0.001 to 1. Default value: 0.010 seconds. |
|
0 or 1 |
Specifies the size of the buffer (in bytes), used by each connection for transferring data. The value can be from 1 to 1048576. Default value: 16384. |
The thread-pool
element configures the threads used to process HTTP requests. This element can appear zero or one time within the server
element. For more information, see Section 3.1.24, "server".
Table 3-33 describes the subelements of thread-pool
.
Table 3-33 thread-pool
Subelements
Element | Occurrences | Description |
---|---|---|
|
0 or 1 |
Specifies the minimum number of HTTP request processing threads. The value can be from 1 to 4096. |
|
0 or 1 |
Specifies the maximum number of HTTP request processing threads. The default value is based on the number of processors. For example, if there are 1 or 2 processors, the default value is 256. Similarly, if there are 3 or 4 processors, the default value is 512. The default value is never more than quarter of the maximum number of file descriptors available for the process. |
|
0 or 1 |
Specifies the stack size (in bytes) for HTTP request processing threads. The value can be from 8192 to 67108864. |
|
0 or 1 |
Specifies the maximum number of concurrent HTTP connections that can be queued for processing. The value can be from 1 to 1048576. |
The time
element schedules when an event occurs. This element can appear zero or more times within the event
element. For more information, see Section 3.1.9, "event".
Table 3-34 describes the subelement of time
.
Element | Occurrences | Description |
---|---|---|
|
1 |
Specifies the time when the event occurs. The value must be in the |
|
0 or 1 |
Specifies the day of the week. The value can be |
|
0 or 1 |
Specifies the day of month. The value can be from 1 to 31. |
|
0 or 1 |
Specifies the name of the month. The value can be |
The variable
element defines a variable for use in expressions, log formats, and obj.conf
parameters. This element can appear zero or more times within the server
element, and zero or more times within the virtual-server
element. For more information, see Section 3.1.24, "server", and Section 3.1.37, "virtual-server".
Table 3-35describes the subelements of variable
.
Table 3-35 List of variable
Subelements
Element | Occurrences | Description |
---|---|---|
|
1 |
Specifies the name of the variable. The value must be in text format. |
|
1 |
Specifies the value of the variable. The value must be in text format. |
|
0 or 1 |
The description of the variable. The value must be in text format. |
The virtual-server
element configures an HTTP virtual server. Each server typically has at least one virtual server. This element can appear zero or more times within the server
element. For more information, see Section 3.1.24, "server".
Table 3-36 describes the subelements of virtual-server
.
Table 3-36 virtual-server
Subelements
Element | Occurrences | Description |
---|---|---|
|
0 or 1 |
Specifies whether the virtual server is enabled at runtime. Default value: |
|
1 |
A name that uniquely identifies the virtual server. |
ssl |
0 or 1 |
Specifies SSL for a SSL is configurable for each virtual server for SNI. You can select an alternate wallet certificate and cipher suite for each
A To support non-SNI capable clients, configure OTD without including |
|
0 or more |
The name of a HTTP listener associated with one or more of the virtual server's host name. The value is the name from an |
|
0 or more |
Indicates the host name that the virtual-server services. The values can be a host name or a wildcard. For more information about wildcards, see Section A.5, "Wildcard Patterns" |
|
0 or 1 |
The canonical name of the virtual server. Requests using a different name are redirected to the canonical name. The value is a host name or URL prefix. |
|
1 |
The |
|
0 or 1 |
The name of the root |
|
0 or 1 |
Configures localization. For more information, see Section 3.1.16, "localization". |
|
0 or more |
Configures an HTTP access log for the virtual server. For more information, see Section 3.1.1, "access-log". |
|
0 or 1 |
Specifies the log file for the virtual server. The value is the log file name, for example, |
|
0 or more |
Defines an |
|
0 or 1 |
The description of the virtual server. |
|
0 or 1 RSA certificate or 1 ECC certificate |
Specifies the nickname of the certificate that the server presents to the clients. Values: zero or one for RSA and zero or one for ECC |
|
0 or 1 |
Specifies information related to QoS settings. |
|
0 or multiple |
Specifies the path to a file containing Web Application Firewall (WAF) rules or configuration. |
The webapp-firewall-ruleset
element configures the path to a web application firewall configuration file, which contains ModSecurity rules/configuration directives. The path may be an absolute path or a relative path. If a relative path is used, it is relative to the server's config
directory. The file name component may contain wildcard characters to specify multiple files within the given directory.
The webapp-firewall-ruleset
element may be present at the virtual-server
level as well as at the server
level and can appear zero or more times within the server
and virtual-server
elements. Configuration settings at the virtual-server
level take precedence over the server
level. However some configuration directives can only be specified at the server
level. The scope of these directives is considered to be Main. Similarly, scope of directives that can be specified at either server
level or virtual-server
level is considered to be Any. Note that if a directive with Main scope is specified within the virtual-server
level configuration file, then an error will be logged and the server will fail to start. For information about the scope of different directives, see the Web Application Firewall section in the Oracle Traffic Director Administrator's Guide.
Note:
For information about various web application firewall use cases, see the appendix, Web Application Firewall Examples and Use Cases in the Oracle Traffic Director Administrator's Guide.