Server configuration
nevisProxy server properties are configured via the four tags Service, Core, Timer, and Server. The Qos tag defines some frequently used attributes of Apache's quality of the service module mod_qos. By setting the Qos tag parameters, you enable a basic protection against denial of service (DoS) attacks. The Qos tag is optional.
Service
The attributes in the following table are only relevant for integration purposes and are mainly documented here as a reference. If nevisProxy is installed using the delivered package, none of these parameters need to be changed. The Service section does not contain any operation-relevant parameters (e.g., scaling).
commandLine
Type: String
Usage Constraints: optional, advanced
Default: <spool_dir>/run
The attribute configures the command line arguments that will be used for starting the server. For example the argument commandLine="-X"
starts the Apache server in debug mode. With the argument NAVAJOgroup=<group-name>
the group of the initial process can be configured. If configured, a setgid(..)
call will be made. If an error occurs, an error message will be traced on stderr
but without terminating the process.
hostTemplate
Type: String
Usage Constraints: required, advanced
Default: /opt/nevisproxy/etc/host2.template
Specifies the path to the template file used for creating the host part of the generated Apache configuration file (httpd.conf). It is not recommended to change this setting.
name
Type: String
Usage Constraints: optional, advanced
Default: isi3web
The attribute 'name' is a logical name. It is reserved for future use, e.g. running several services in one carrier server. This value should not be changed.
spoolDir
Type: String
Usage Constraints: required, advanced
Default: <spool_dir>
The path of the spooldir, i.e. the directory that contains the directory 'logs' for log files and 'run' for runtime data. This value should not be changed (must not be an NFS-mounted directory).
serverTemplate
Type: String
Usage Constraints: required, advanced
Default: </opt/nevisproxy/etc/server2.template
The attribute 'serverTemplate' specifies the path to the template file used to create the server part of the generated Apache 2 configuration file. Should not be changed.
verbose
Type: boolean
Usage Constraints: optional
Default: false
The attribute 'verbose' specifies server verbosity. If set to 'true', the message of all caught exceptions is sent to the client. Should be set to 'false' in production.
crashRecoveryStrategy
Type: enum
Possible values: recover, block, kill
Usage Constraints: optional, advanced
Default: recover
Specifies what should happen after a worker crash. By default, the child process is recovered by the parent process. This is the recommended strategy for classic deployments. If block
is configured, after a worker crash every request will be blocked by 503 Service Unavailable
status code. If kill
is configured, the whole nevisproxy process (including the parent process) will be killed. This works only if the owner of the child process has the rights to kill the parent process (for example in some Kubernetes setups). If the parent cannot be killed, then the behaviour will be the same as block
. The strategies block
and kill
are mainly designed for Kubernetes setups with an automated liveness monitoring, so the given pod can be terminated normally in case of a crash. If you set block
or kill
for a classic deployment, make sure to setup an automated procedure to restart nevisProxy after a crash. Note for testing: with the strategy block
and kill
, the blocking takes place only if at least one request is in processing when the crash occurs.
Core
The attributes in the following table are only relevant for integration purposes and are mainly documented here for reference. If nevisProxy is installed using the delivered package, none of these parameters needs to be changed. The Core section does not contain any operation-relevant parameters.
workDir
Type: String
Usage Constraints: required
Default: <spool_dir>/run
The attribute workDir configures the directory for the internal files. Should not be changed (may not be an NFS-mounted directory).
Timer
Timers are used to trigger asynchronous functions like the periodic check of the session cache for expired sessions.
periodicity
Type: Integer
Unit: seconds
Default: 60
Configures the periodicity of the internal timer. A session with an absolute timeout of 2 hours would therefore have a real maximum lifetime of 2 hours and 60 seconds, in this case. Setting the value to a lower number, in turn, leads to more load.
OpenTelemetry
The OpenTelemetry configuration tag integrates the OpenTelemetry standard to export observability data to a variety of open source and commercial backends.
This tag contains the tags Trace and Metrics.
Trace
The Trace configuration tag contains the values that are used to send tracing information to the OpenTelemetry service.
ExporterType
Type: Enum
Possible values: http
Default: http
Configures the protocol used for communicating with the traces endpoint.
ExporterAddress
Type: String
Usage Constraints: required if ExporterType is set to http
Syntax: <hostname>:<port>
Target URL to which the exporter sends spans. The /v1/traces
path is automatically attached to it.
PropagateContextExtract
Type: Boolean
Usage Constraints: optional
Default: true
If present, extracts the trace context from the HTTP request header and sets it as parent for the current span.
PropagateContextInject
Type: Boolean
Usage Constraints: optional
Default: true
Injects the current context (span ID, trace ID, etc) as a HTTP header to the request.
ResourceServiceName
Type: String
Usage Constraints: optional
Default: nevisproxy
Allows the configuration of the service.name
key-value pair resource attribute.
DeploymentEnvironment
Type: String
Usage Constraints: optional
Default: not set
Allows the configuration of the deployment.environment
key-value pair resource attribute.
CaptureRequestHeaders
Type: String
Usage Constraints: optional
Default: Content-Type, Content-Length, User-Agent, Referer, Host, X-Forwarded-For
A comma-separated list of HTTP header names. HTTP client instrumentation will capture HTTP request header values for all configured header names.
CaptureResponseHeaders
Type: String
Usage Constraints: optional
Default: Content-Type, Content-Length, Content-Encoding, Location, Server, Connection, Keep-Alive, X-Forwarded-For
A comma-separated list of HTTP header names. HTTP client instrumentation will capture HTTP response header values for all configured header names.
Sampler
Type: Enum
Possible values: AlwaysOn, AlwaysOff, ParentBased:<delegate_sampler>, TraceIdRatio:<ratio>
Usage Constraints: optional
Default: AlwaysOn
Configures the available head sampling methods. Possible values are:
AlwaysOn
: Samples every trace. With high traffic in a production application it may cause significant overhead.AlwaysOff
: Samples no traces. NevisProxy still generates the spanID for internal trace ID.TraceIdRatio:<ratio>
: Samples a given fraction of traces based on the configuredratio
.ParentBased:<delegate_sampler>
: Makes the decision based on the parent of the span. If the span has a parent, the sampler flag of the parent span will decide. If there is no parent span, the delegate sampler is used, that can be any of the samplers above.
PropagateTraceparentHeader
Type: Boolean
Usage Constraints: optional
Default: false
Controls if the traceparent
header should be propagated back to the frontend with the response.
If enabled, the parameter PropagateContextExtract
has to be true
.
Metrics
The Metrics configuration tag contains the values that are used to send metrics information to the OpenTelemetry service.
ExporterType
Type: Enum
Usage Constraints: optional
Possible values: http
Default: http
Configures the protocol used for communicating with the metrics endpoint.
ExporterAddress
Type: String
Usage Constraints: required if ExporterType is set to http
Syntax: <hostname>:<port>
Target URL to which the exporter sends metrics like number of session or used memory etc. The /v1/metrics
path is automatically attached to it.
Timeout
Type: Integer
Unit: milliseconds
Usage Constraints: optional
Default: 30000
Length of time the export can run before it is cancelled.
Interval
Type: Integer
Unit: seconds
Usage Constraints: optional
Default: 60
Number of seconds for the telemetric's metric reader to initiate metric collection.
ResourceServiceName
Type: String
Usage Constraints: optional
Default: nevisproxy
Allows the configuration of the service.name
key-value pair resource attribute.
DeploymentEnvironment
Type: String
Usage Constraints: optional
Default: not set
Allows the configuration of the deployment.environment
key-value pair resource attribute.
Trace example
A request trace contains the following extra attributes:
url.full
: Request URLurl.scheme
: HTTP request schemeclient.address
: Client IP of the requestsession.id
: session ID of the requesthttp.request.method
: HTTP request methodhttp.header.request.<header_name>
: list of request headershttp.header.response.<header_name>
: list of response headershttp.response.status_code
: Status code of the responsehttp.response.events
: list of eventshttp.request.cR
: number of concurrent requestshttp.request.dTF
: Total time needed to process the frontend callhttp.request.dTP
: Total time spent in nevisProxyhttp.request.dTB
: Total time needed to process the backend call
A sample request trace:
2024-08-12T08:48:56.217Z info TracesExporter {"kind": "exporter", "data_type": "traces", "name": "logging", "resource spans": 1, "spans": 1}
2024-08-12T08:48:56.218Z info ResourceSpans #0
Resource SchemaURL:
Resource attributes:
-> telemetry.sdk.version: Str(1.16.1)
-> telemetry.sdk.name: Str(opentelemetry)
-> telemetry.sdk.language: Str(cpp)
-> service.version: Str(8.2405.0)
-> host.name: Str(localhost.localdomain)
-> service.name: Str(nevisproxy)
-> deployment.environment: Str(testing)
ScopeSpans #0
ScopeSpans SchemaURL:
InstrumentationScope nevisproxy
Span #0
Trace ID : afa1f2963d9321f770d70e745ccecda1
Parent ID :
ID : d1ddd32027068451
Name : /test/
Kind : Server
Start time : 2024-08-12 08:48:56.210154476 +0000 UTC
End time : 2024-08-12 08:48:56.211377063 +0000 UTC
Status code : Unset
Status message :
Attributes:
-> url.full: Str(https://localhost/test/)
-> url.scheme: Str(https)
-> http.request.method: Str(GET)
-> client.address: Str(10.0.2.15)
-> http.header.request.User-Agent: Str(Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/115.0)
-> http.header.request.Cookie: Str(NPSession=9442007f0100QQwl9qElSUjnTlGkr9ROmDfW3vXtQQLzcr1JEFu1BuAFVI)
-> http.header.request.Host: Str(localhost)
-> session.id: Str(<NULL>)
-> http.response.status_code: Int(200)
-> http.response.events: Str(<NULL>)
-> http.header.response.Content-Type: Str(text/html)
-> http.request.cR: Int(1)
-> http.request.dTF: Int(2)
{"kind": "exporter", "data_type": "traces", "name": "logging"}
Metrics example
The list of servlets providing metrics:
- LocalSessionStoreServlet
- MySQLSessionStoreServlet
- PostgreSQLSessionStoreServlet
- Http(s)ConnectorServlet
- Esauth4ConnectorServlet
- WebSocketServlet
- BackendConnectorServlet
While the session store servlets provide metrics about session usage:
nevisproxy.db.<db_type>.used
: number of active usersnevisproxy.db.<db_type>.timed_out
: number of timed out usersnevisproxy.db.<db_type>.deleted
: number of removed users (mysql and postgres)nevisproxy.db.<db_type>.zombies
: number of zombie entries (mysql and postgres)nevisproxy.db.local.memory.used
: used memory (only for local)nevisproxy.db.local.memory.available
: available memory (only for local)
The connectors provide metrics about their all of their configured resources availability and load:
nevisproxy.connector.http.<resource_name>.<resource_port>.reqPerSec
: Request per seconds on the given resourcenevisproxy.connector.http.<resource_name>.<resource_port>.valid
: Availability of the resourcenevisproxy.connector.http.<resource_name>.<resource_port>.load
: Load on the resourcenevisproxy.connector.http.<resource_name>.<resource_port>.<status_code>
: Number of responses with the given status code
The BackendConnectorServlet provides currently just the number of responses with the given status code.
Session store servlet metrics example
An example metrics provided by the LocalSessionStoreServlet:
2024-03-22T13:23:46.629Z info MetricsExporter {"kind": "exporter", "data_type": "metrics", "name": "logging", "resource metrics": 1, "metrics": 7, "data points": 14}
2024-03-22T13:23:46.630Z info ResourceMetrics #0
Resource SchemaURL:
Resource attributes:
-> telemetry.sdk.version: Str(1.12.0)
-> telemetry.sdk.name: Str(opentelemetry)
-> telemetry.sdk.language: Str(cpp)
-> service.version: Str(8.2405.0)
-> host.name: Str(localhost.localdomain)
-> service.name: Str(defaultInstance)
-> deployment.environment: Str(prod)
ScopeMetrics #1
ScopeMetrics SchemaURL:
InstrumentationScope LocalSessionStoreServlet
Metric #0
Descriptor:
-> Name: nevisproxy.db.local.memory.available
-> Description:
-> Unit: Bytes
-> DataType: Sum
-> IsMonotonic: false
-> AggregationTemporality: Cumulative
NumberDataPoints #0
StartTimestamp: 2024-03-22 13:22:06.61830423 +0000 UTC
Timestamp: 2024-03-22 13:23:46.623341289 +0000 UTC
Value: 1073653984
NumberDataPoints #1
Data point attributes:
-> type: Str(nevis-product-analytics)
StartTimestamp: 2024-03-22 13:22:06.61830423 +0000 UTC
Timestamp: 2024-03-22 13:23:46.623341289 +0000 UTC
Value: 1
Metric #1
Descriptor:
-> Name: nevisproxy.db.local.memory.used
-> Description:
-> Unit: Bytes
-> DataType: Sum
-> IsMonotonic: false
-> AggregationTemporality: Cumulative
NumberDataPoints #0
StartTimestamp: 2024-03-22 13:22:06.61830423 +0000 UTC
Timestamp: 2024-03-22 13:23:46.623341289 +0000 UTC
Value: 81304
NumberDataPoints #1
Data point attributes:
-> type: Str(nevis-product-analytics)
StartTimestamp: 2024-03-22 13:22:06.61830423 +0000 UTC
Timestamp: 2024-03-22 13:23:46.623341289 +0000 UTC
Value: 1
Metric #2
Descriptor:
-> Name: nevisproxy.db.local.timed_out
-> Description:
-> Unit:
-> DataType: Sum
-> IsMonotonic: false
-> AggregationTemporality: Cumulative
NumberDataPoints #0
StartTimestamp: 2024-03-22 13:22:06.61830423 +0000 UTC
Timestamp: 2024-03-22 13:23:46.623341289 +0000 UTC
Value: 0
NumberDataPoints #1
Data point attributes:
-> type: Str(nevis-product-analytics)
StartTimestamp: 2024-03-22 13:22:06.61830423 +0000 UTC
Timestamp: 2024-03-22 13:23:46.623341289 +0000 UTC
Value: 1
Metric #3
Descriptor:
-> Name: nevisproxy.db.local.used
-> Description:
-> Unit:
-> DataType: Sum
-> IsMonotonic: false
-> AggregationTemporality: Cumulative
NumberDataPoints #0
StartTimestamp: 2024-03-22 13:22:06.61830423 +0000 UTC
Timestamp: 2024-03-22 13:23:46.623341289 +0000 UTC
Value: 0
NumberDataPoints #1
Data point attributes:
-> type: Str(nevis-product-analytics)
StartTimestamp: 2024-03-22 13:22:06.61830423 +0000 UTC
Timestamp: 2024-03-22 13:23:46.623341289 +0000 UTC
Value: 1
{"kind": "exporter", "data_type": "metrics", "name": "logging"}
Connector servlet metrics example
An example metrics provided by the HttpConnectorServlet:
2024-03-22T13:23:46.629Z info MetricsExporter {"kind": "exporter", "data_type": "metrics", "name": "logging", "resource metrics": 1, "metrics": 7, "data points": 14}
2024-03-22T13:23:46.630Z info ResourceMetrics #0
Resource SchemaURL:
Resource attributes:
-> telemetry.sdk.version: Str(1.12.0)
-> telemetry.sdk.name: Str(opentelemetry)
-> telemetry.sdk.language: Str(cpp)
-> service.version: Str(8.2405.0)
-> host.name: Str(localhost.localdomain)
-> service.name: Str(defaultInstance)
-> deployment.environment: Str(testing)
ScopeMetrics #0
ScopeMetrics SchemaURL:
InstrumentationScope HttpConnectorServlet
Metric #0
Descriptor:
-> Name: nevisproxy.connector.http.localhost.8080.reqPerSec
-> Description:
-> Unit:
-> DataType: Sum
-> IsMonotonic: false
-> AggregationTemporality: Cumulative
NumberDataPoints #0
StartTimestamp: 2024-03-22 13:22:06.61830423 +0000 UTC
Timestamp: 2024-03-22 13:23:46.623301228 +0000 UTC
Value: 0.000000
NumberDataPoints #1
Data point attributes:
-> type: Str(nevis-product-analytics)
StartTimestamp: 2024-03-22 13:22:06.61830423 +0000 UTC
Timestamp: 2024-03-22 13:23:46.623301228 +0000 UTC
Value: 1.000000
Metric #1
Descriptor:
-> Name: nevisproxy.connector.http.localhost.8080.load
-> Description:
-> Unit:
-> DataType: Sum
-> IsMonotonic: false
-> AggregationTemporality: Cumulative
NumberDataPoints #0
StartTimestamp: 2024-03-22 13:22:06.61830423 +0000 UTC
Timestamp: 2024-03-22 13:23:46.623301228 +0000 UTC
Value: 0
NumberDataPoints #1
Data point attributes:
-> type: Str(nevis-product-analytics)
StartTimestamp: 2024-03-22 13:22:06.61830423 +0000 UTC
Timestamp: 2024-03-22 13:23:46.623301228 +0000 UTC
Value: 1
Metric #2
Descriptor:
-> Name: nevisproxy.connector.http.localhost.8080.valid
-> Description:
-> Unit:
-> DataType: Sum
-> IsMonotonic: false
-> AggregationTemporality: Cumulative
NumberDataPoints #0
StartTimestamp: 2024-03-22 13:22:06.61830423 +0000 UTC
Timestamp: 2024-03-22 13:23:46.623301228 +0000 UTC
Value: 1
NumberDataPoints #1
Data point attributes:
-> type: Str(nevis-product-analytics)
StartTimestamp: 2024-03-22 13:22:06.61830423 +0000 UTC
Timestamp: 2024-03-22 13:23:46.623301228 +0000 UTC
Value: 1
Server
The Server configuration tag contains the values that are used for the server part of the generated Apache configuration. The next table describes the relevant attributes. Note that all these attributes support variable replacement.
All listed parameters are directives of the Apache carrier server. They are documented in the corresponding Apache documentation: official Apache documentation.
Name | Type, Usage constraints, Default | Description |
---|---|---|
User | string required, advanced default: @PROXY_RT_USER@ | The attribute User configures the owner of the running nevisProxy process. Should not be changed, as changes may lead to permission problems. If you set this attribute yourself, make sure that the ownership of the configuration, log files, and access to the binaries are set accordingly. |
Group | string required, advanced default: @PROXY_RT_GROUP@ | The attribute Group configures the process group of the current nevisProxy process. Should not be changed, as changes may lead to permission problems. If you set this attribute yourself, make sure that the ownership of the configuration, log files, and access to the binaries are set accordingly. |
KeepAlive | enum: on, off optional, advanced default: on | The attribute KeepAlive configures the HTTP keepalive behavior of the frontend connectors of nevisProxy. If set to "on", it enables HTTP persistent connections. The thread or process remains bound to the client and cannot be used by others during the time period defined by the attribute KeepAliveTimeout. |
KeepAliveTimeout | integer [seconds] optional scaling, advanced default: 5 | Defines the number of seconds Apache HTTPD will wait for a subsequent request before closing the connection. By adding the postfix ms the timeout can be also set in milliseconds. |
MaxKeepAliveRequests | integer optional, scaling default: 100 | The attribute MaxKeepAliveRequests limits the number of requests allowed per connection when the attribute KeepAlive is "on". If it is set to "0", an unlimited number of requests is allowed. It is recommended setting a high value for maximum server performance. |
MaxClients | integer optional, scaling default: 600 | MaxClients is the old name for the attribute MaxRequestWorkers. The attribute limits the number of simultaneous requests that will be served. |
MaxRequestsPerChild | integer optional, advanced default: 0 (unlimited) | MaxRequestsPerChild is the old name for the MaxConnectionsPerChild attribute. It limits the number of connections that an individual child server process will handle. After MaxRequestsPerChild connections, the child process will die. If the value of the attribute is "0", the process will never expire. Should not be changed. |
Timeout
Type: Integer
Unit: seconds
Usage Constraints: optional, scaling
Default: 30
Amount of time the server will wait for certain events before failing a request.
LimitRequestLine
Type: Integer
Usage Constraints: optional, security
Default: 5120
Limits the size of the HTTP request line that will be accepted from the client.
LimitRequestBody
Type: Integer
Unit: byte
Usage Constraints: optional, scaling
Default: 512000
The attribute specifies the number of bytes that are allowed in a request body. It restricts the total size of the HTTP request body sent from the client. Allowed are integers from 0
(unlimited) to 2147483647
(2GB).
LimitRequestFields
Type: Integer
Usage Constraints: optional, security
Default: 50
Limits the number of HTTP request header fields that will be accepted from the client. Allowed are integers from 0
(unlimited) to 32767
.
LimitRequestFieldsize
Type: Integer
Unit: byte
Usage Constraints: optional, security
Default: 5120
Limits the size of the HTTP request header allowed from the client.
LimitRequestParameters
Type: Integer
Usage Constraints: optional, security
Default: 10000
The maximum number of parameters allowed in a request.
LogLevel
Type: Enum
Usage Constraints: optional, troubleshooting
Default: notice
The LogLevel attribute adjusts the verbosity of the messages recorded in the error logs. The directive LogLevel can be used to configure per-module log levels. Specifying a level without a module name will reset the level for all modules to that level. Specifying a level with a module name will set the level for that module only. For the available options, see the official Apache documentation.
ErrorLog
Type: String
Usage Constraints: required, advanced
Default: ""\|@PKG_HOME@/bin/bclogmgr size=1000000 archives=10 @PKG_VAR@/@PKG_INSTANCE@/logs/apache.log""
Location where the server will log errors. In the pkg default configuration, the file rotation of the error log is enabled using the bclogmgr
.
The character ”
must be escaped in XML using "
. The directory containing the logs must exist when starting the instance.
The nevisProxy user must be able to read and write in this directory. See its username and group in the <Server>
element of the navajo.xml file.
TransferLog
Type: String
Usage Constraints: optional, basic
Default: ""\|@PKG_HOME@/bin/bclogmgr size=10000000 archives=10 @PKG_VAR@/@PKG_INSTANCE@/logs/access.log""
Specifies the location of the access log file. In the pkg default configuration, the file rotation of the transfer log is enabled using the bclogmgr
.
The character ”
must be escaped in XML using "
. The directory containing the logs must exist when starting the instance. The nevisProxy user must be able to read and write in this directory.
See its username and group in the <Server>
element of the navajo.xml file. See also Enabling the Apache transfer log.
CustomLog
Type: String
Usage Constraints: optional, advanced
Default: ""\|@PKG_HOME@/bin/qslog -f ISBDUkEa -x -u @PROXY_RT_USER@ -o @PKG_VAR@/@PKG_INSTANCE@/logs/stat.log" "%h %>s %b %D %{clID}e %k %{Event}e %{dTr1B}e""
Configures an additional log facility. The character ”
must be escaped in XML using "
.
The directory containing the logs must exist when starting the instance. The nevisProxy user must be able to read and write in this directory. See its username and group in the <Server>
element of the navajo.xml file.
See also Using the Apache CustomLog.
LogFormat
Type: String
Usage Constraints: optional, advanced
Default: ""%h %l %u %t \"%r\" %>s %b %{content-length}i %T \"%{Referer}i\" \"%{User-Agent}i\" trID=%{UNIQUE_ID}e""
This attribute specifies the format of the access log file. Note: The character ”
must be escaped in XML using "
ServerName
Type: String
Syntax: [scheme://]domain-name|ip-address[:port]
Usage Constraints: basic connectivity
Default: DNS name of the machine
The attribute ServerName sets the request scheme, hostname and port that the server uses to identify itself.
ServerRoot
Type: String
Usage Constraints: required, advanced
Default: @PKG_VAR@/@PKG_INSTANCE@
The attribute ServerRoot configures the root directory of the Apache web server. Should not be changed.
ServerSignature
Type: Enum
Possible values: On, Off, EMail
Usage Constraints: optional, troubleshooting
Default: Off
Configures the Apache directive "ServerSignature". Usually this should not be changed.
ServerTokens
Type: Enum
Possible values: Major, Minor, Min[imal], Prod[uctOnly], OS, Full
Usage Constraints: optional, troubleshooting
Default: Prod
This attribute controls whether the Server response header field, which is sent back to clients, includes a description of the generic OS-type of the server as well as information about compiled-in modules. This setting applies to the entire server. It cannot be enabled or disabled on a virtualhost-by-virtualhost basis. Possible values:
Full
: Server: Apache/2.4.2 (Unix) PHP/4.2.2 MyMod/1.2Prod[uctOnly]
: Server: ApacheMajor
: Server: Apache/2Minor
: Server: Apache/2.4Min[imal]
: Server: Apache/2.4.2OS
: Server: Apache/2.4.2 (Unix)
Include
Type: String
Usage Constraints: optional, advanced
Default: not set
Use this attribute to include any additional Apache configuration fragment.
CoreDumpDirectory
Type: String
Usage Constraints: optional, troubleshooting
Default: not set
The attribute CoreDumpDirectory configures the directory to which the Apache web server writes core files.
UseCanonicalName
Type: Enum
Possible values: On, Off, DNS
Usage Constraints: optional, troubleshooting
Default: On
Configures how the server determines its own name and port. For more information, see the official Apache documentation.
ThreadStackSize
Type: Integer
Usage Constraints: optional, scaling
Default: 1048576
Defines the size in bytes of the stack used by threads handling client connection.
HttpProtocolOptions
Type: String
Usage Constraints: optional, advanced
Default: not set
Modifies restrictions on HTTP Request Messages. Syntax: [Strict|Unsafe] [RegisteredMethods|LenientMethods] [Allow0.9|Require1.0]
SSLPassPhraseDialog
Type: String
Usage Constraints: optional, advanced
Default: builtin
Configures the passphrase retriever used by mod_ssl. Only the "builtin" option is supported. For information on how the passwords for password protected keys are fetched, see the description of the bc properties bc.security.PassPhrasePolicy and bc.security.PassPhraseDialog in the chapter Low-level properties.
SSLSessionCache
Type: String
Usage Constraints: optional
Default: shmcb:@PKG_VAR@/@PKG_INSTANCE@/run/apache_shmcb
This attribute defines the TLS session cache. The following value options are available:
None
: This setting disables the global/inter-process TLS session cache. It will incur a noticeable speed penalty and may cause problems if using certain browsers, particularly if client certificates are enabled. We do not recommend this setting. Removing the parameter sets the SSLSessionCache to none.Nonenotnull
: This setting disables any global/inter-process TLS session cache. However, the setting does force OpenSSL to send a non-null session ID, to accommodate buggy clients that require one.shmcb:/path/to/datafile[(size)
: This setting makes use of a high-performance cyclic buffer (approx. (size) bytes in size) inside a shared memory segment in RAM (established via/path/to/datafile), to synchronize the local OpenSSL memory caches of the server processes. The default parameter of SSLSessionCache refers to the generated xml’s content.
SSLSessionCacheTimeout
Type: Integer
Usage Constraints: optional
Unit: seconds
Default: 300
Defines the number of seconds before an SSL session expires in the Session Cache. This directive sets the timeout in seconds for the information stored in the global/inter-process SSL Session Cache, the OpenSSL internal memory cache and for sessions resumed by TLS session resumption (RFC 5077). It can be set as low as 15 for testing, but should be set to higher values like 300 in real life.