Atom feed of this document
 

 Proxy server configuration

Find an example proxy server configuration at etc/proxy-server.conf-sample in the source code repository.

The available configuration options are:

Table 6.26. Description of configuration options for [DEFAULT] in proxy-server.conf-sample
Configuration option=Default value Description
bind_ip=0.0.0.0IP Address for server to bind to
bind_port=80Port for server to bind to
bind_timeout=30Seconds to attempt bind before giving up
backlog=4096Maximum number of allowed pending TCP connections
swift_dir=/etc/swiftSwift configuration directory
user=swiftUser to run as
workers=autoa much higher value, one can reduce the impact of slow file system operations in one request from negatively impacting other requests.
max_clients=1024Maximum number of clients one worker can process simultaneously Lowering the number of clients handled per worker, and raising the number of workers can lessen the impact that a CPU intensive, or blocking, request can have on other requests served by the same worker. If the maximum number of clients is set to one, then a given worker will not perform another call while processing, allowing other workers a chance to process it.
cert_file=/etc/swift/proxy.crtto the ssl .crt. This should be enabled for testing purposes only.
key_file=/etc/swift/proxy.keyto the ssl .key. This should be enabled for testing purposes only.
expiring_objects_container_divisor=86400No help text available for this option
log_name=swiftLabel used when logging
log_facility=LOG_LOCAL0Syslog log facility
log_level=INFOLogging level
log_headers=falseNo help text available for this option
log_address=/dev/logLocation where syslog sends the logs to
trans_id_suffix=No help text available for this option
log_custom_handlers=Comma-separated list of functions to call to setup custom log handlers.
log_udp_host=If not set, the UDB receiver for syslog is disabled.
log_udp_port=514Port value for UDB receiver, if enabled.
log_statsd_host=localhostIf not set, the StatsD feature is disabled.
log_statsd_port=8125Port value for the StatsD server.
log_statsd_default_sample_rate=1.0Defines the probability of sending a sample for any given event or timing measurement.
log_statsd_sample_rate_factor=1.0Not recommended to set this to a value less than 1.0, if frequency of logging is too high, tune the log_statsd_default_sample_rate instead.
log_statsd_metric_prefix=Value will be prepended to every metric sent to the StatsD server.
cors_allow_origin=is a list of hosts that are included with any CORS request by default and returned with the Access-Control-Allow-Origin header in addition to what the container has set. to call to setup custom log handlers. for eventlet the proxy server. For most cases, this should be `egg:swift#proxy`. request whenever it has to failover to a handoff node
client_timeout=60Timeout to read one chunk from a client external services
eventlet_debug=falseIf true, turn on debug logging for eventlet

Table 6.27. Description of configuration options for [app:proxy-server] in proxy-server.conf-sample
Configuration option=Default value Description
use=egg:swift#proxyEntry point of paste.deploy in the server
set log_name=proxy-serverLabel to use when logging
set log_facility=LOG_LOCAL0Syslog log facility
set log_level=INFOLog level
set log_address=/dev/logNo help text available for this option
log_handoffs=trueNo help text available for this option
recheck_account_existence=60Cache timeout in seconds to send memcached for account existence
recheck_container_existence=60Cache timeout in seconds to send memcached for container existence
object_chunk_size=8192Chunk size to read from object servers
client_chunk_size=8192Chunk size to read from clients
node_timeout=10Request timeout to external services
conn_timeout=0.5Connection timeout to external services
error_suppression_interval=60Time in seconds that must elapse since the last error for a node to be considered no longer error limited
error_suppression_limit=10Error count to consider a node error limited
allow_account_management=falseWhether account PUTs and DELETEs are even callable
object_post_as_copy=trueSet object_post_as_copy = false to turn on fast posts where only the metadata changes are stored anew and the original data file is kept in place. This makes for quicker posts; but since the container metadata isn't updated in this mode, features like container sync won't be able to sync posts.
account_autocreate=falseIf set to 'true' authorized accounts that do not yet exist within the Swift cluster will be automatically created.
max_containers_per_account=0If set to a positive value, trying to create a container when the account already has at least this maximum containers will result in a 403 Forbidden. Note: This is a soft limit, meaning a user might exceed the cap for recheck_account_existence before the 403s kick in.
max_containers_whitelist=is a comma separated list of account names that ignore the max_containers_per_account cap.
deny_host_headers=No help text available for this option
auto_create_account_prefix=.Prefix to use when automatically creating accounts
put_queue_depth=10No help text available for this option
rate_limit_after_segment=10Rate limit the download of large object segments after this segment is downloaded.
rate_limit_segments_per_sec=1Rate limit large object downloads at this rate. contact for a normal request. You can use '* replicas' at the end to have it use the number given times the number of replicas for the ring being used for the request. paste.deploy to use for auth. To use tempauth set to: `egg:swift#tempauth` each request
sorting_method=shuffleNo help text available for this option
timing_expiry=300No help text available for this option
allow_static_large_object=trueNo help text available for this option
max_large_object_get_time=86400No help text available for this option
request_node_count=2 * replicas* replicas Set to the number of nodes to contact for a normal request. You can use '* replicas' at the end to have it use the number given times the number of replicas for the ring being used for the request. conf file for values will only be shown to the list of swift_owners. The exact default definition of a swift_owner is headers> up to the auth system in use, but usually indicates administrative responsibilities. paste.deploy to use for auth. To use tempauth set to: `egg:swift#tempauth` each request
read_affinity=r1z1=100, r1z2=200, r2=300No help text available for this option
read_affinity=No help text available for this option
write_affinity=r1, r2No help text available for this option
write_affinity=No help text available for this option
write_affinity_node_count=2 * replicasNo help text available for this option
swift_owner_headers=x-container-read, x-container-write, x-container-sync-key, x-container-sync-to, x-account-meta-temp-url-key, x-account-meta-temp-url-key-2the sample These are the headers whose conf file for values will only be shown to the list of swift_owners. The exact default definition of a swift_owner is headers> up to the auth system in use, but usually indicates administrative responsibilities. paste.deploy to use for auth. To use tempauth set to: `egg:swift#tempauth` each request

Table 6.28. Description of configuration options for [pipeline:main] in proxy-server.conf-sample
Configuration option=Default value Description
pipeline=catch_errors healthcheck proxy-logging cache bulk slo ratelimit tempauth container-quotas account-quotas proxy-logging proxy-serverNo help text available for this option

Table 6.29. Description of configuration options for [filter:account-quotas] in proxy-server.conf-sample
Configuration option=Default value Description
use=egg:swift#account_quotasEntry point of paste.deploy in the server

Table 6.30. Description of configuration options for [filter:authtoken] in proxy-server.conf-sample
Configuration option=Default value Description
auth_host=keystonehostNo help text available for this option
auth_port=35357No help text available for this option
auth_protocol=httpNo help text available for this option
auth_uri=http://keystonehost:5000/No help text available for this option
admin_tenant_name=serviceNo help text available for this option
admin_user=swiftNo help text available for this option
admin_password=passwordNo help text available for this option
delay_auth_decision=1No help text available for this option
cache=swift.cacheNo help text available for this option

Table 6.31. Description of configuration options for [filter:cache] in proxy-server.conf-sample
Configuration option=Default value Description
use=egg:swift#memcacheEntry point of paste.deploy in the server
set log_name=cacheLabel to use when logging
set log_facility=LOG_LOCAL0Syslog log facility
set log_level=INFOLog level
set log_headers=falseIf True, log headers in each request
set log_address=/dev/logNo help text available for this option
memcache_servers=127.0.0.1:11211Comma separated list of memcached servers ip:port services
memcache_serialization_support=2No help text available for this option

Table 6.32. Description of configuration options for [filter:catch_errors] in proxy-server.conf-sample
Configuration option=Default value Description
use=egg:swift#catch_errorsEntry point of paste.deploy in the server
set log_name=catch_errorsLabel to use when logging
set log_facility=LOG_LOCAL0Syslog log facility
set log_level=INFOLog level
set log_headers=falseIf True, log headers in each request
set log_address=/dev/logNo help text available for this option

Table 6.33. Description of configuration options for [filter:healthcheck] in proxy-server.conf-sample
Configuration option=Default value Description
use=egg:swift#healthcheckEntry point of paste.deploy in the server
disable_path=No help text available for this option

Table 6.34. Description of configuration options for [filter:keystoneauth] in proxy-server.conf-sample
Configuration option=Default value Description
use=egg:swift#keystoneauthEntry point of paste.deploy in the server
operator_roles=admin, swiftoperatorNo help text available for this option

Table 6.35. Description of configuration options for [filter:list-endpoints] in proxy-server.conf-sample
Configuration option=Default value Description
use=egg:swift#list_endpointsEntry point of paste.deploy in the server
list_endpoints_path=/endpoints/No help text available for this option

Table 6.36. Description of configuration options for [filter:proxy-logging] in proxy-server.conf-sample
Configuration option=Default value Description
use=egg:swift#proxy_loggingEntry point of paste.deploy in the server
access_log_name=swiftNo help text available for this option
access_log_facility=LOG_LOCAL0No help text available for this option
access_log_level=INFONo help text available for this option
access_log_address=/dev/logNo help text available for this option
access_log_udp_host=No help text available for this option
access_log_udp_port=514No help text available for this option
access_log_statsd_host=localhostNo help text available for this option
access_log_statsd_port=8125No help text available for this option
access_log_statsd_default_sample_rate=1.0No help text available for this option
access_log_statsd_sample_rate_factor=1.0No help text available for this option
access_log_statsd_metric_prefix=No help text available for this option
access_log_headers=falseNo help text available for this option
logged with access_log_headers=True.No help text available for this option
reveal_sensitive_prefix=8192 The X-Auth-Token is sensitive data. If revealed to an unauthorised person, they can now make requests against an account until the token expires. Set reveal_sensitive_prefix to the number of characters of the token that are logged. For example reveal_sensitive_prefix=12 so only first 12 characters of the token are logged. Or, set to 0 to completely remove the token.
log_statsd_valid_http_methods=GET,HEAD,POST,PUT,DELETE,COPY,OPTIONSNo help text available for this option

Table 6.37. Description of configuration options for [filter:tempauth] in proxy-server.conf-sample
Configuration option=Default value Description
use=egg:swift#tempauthEntry point of paste.deploy in the server
set log_name=tempauthLabel to use when logging
set log_facility=LOG_LOCAL0Syslog log facility
set log_level=INFOLog level
set log_headers=falseIf True, log headers in each request
set log_address=/dev/logNo help text available for this option
reseller_prefix=AUTHThe naming scope for the auth service. Swift
auth_prefix=/auth/The HTTP request path prefix for the auth service. Swift itself reserves anything beginning with the letter `v`.
token_life=86400The number of seconds a token is valid.
allow_overrides=trueNo help text available for this option
storage_url_scheme=defaultScheme to return with storage urls: http, https, or default (chooses based on what the server is running as) This can be useful with an SSL load balancer in front of a non-SSL server.
user_admin_admin=admin .admin .reseller_adminNo help text available for this option
user_test_tester=testing .adminNo help text available for this option
user_test2_tester2=testing2 .adminNo help text available for this option
user_test_tester3=testing3No help text available for this option

Log a bug against this page


loading table of contents...