Find an example proxy server configuration at
etc/proxy-server.conf-sample in
the source code repository.
The available configuration options are:
| Configuration option=Default value | Description |
| bind_ip=0.0.0.0 | IP Address for server to bind to |
| bind_port=80 | Port for server to bind to |
| bind_timeout=30 | Seconds to attempt bind before giving up |
| backlog=4096 | Maximum number of allowed pending TCP connections |
| swift_dir=/etc/swift | Swift configuration directory |
| user=swift | User to run as |
| workers=auto | a much higher value, one can reduce the impact of slow file system operations in one request from negatively impacting other requests. |
| max_clients=1024 | Maximum number of clients one worker can process simultaneously Lowering the number of clients handled per worker, and raising the number of workers can lessen the impact that a CPU intensive, or blocking, request can have on other requests served by the same worker. If the maximum number of clients is set to one, then a given worker will not perform another call while processing, allowing other workers a chance to process it. |
| cert_file=/etc/swift/proxy.crt | to the ssl .crt. This should be enabled for testing purposes only. |
| key_file=/etc/swift/proxy.key | to the ssl .key. This should be enabled for testing purposes only. |
| expiring_objects_container_divisor=86400 | No help text available for this option |
| log_name=swift | Label used when logging |
| log_facility=LOG_LOCAL0 | Syslog log facility |
| log_level=INFO | Logging level |
| log_headers=false | No help text available for this option |
| log_address=/dev/log | Location where syslog sends the logs to |
| trans_id_suffix= | No help text available for this option |
| log_custom_handlers= | Comma-separated list of functions to call to setup custom log handlers. |
| log_udp_host= | If not set, the UDB receiver for syslog is disabled. |
| log_udp_port=514 | Port value for UDB receiver, if enabled. |
| log_statsd_host=localhost | If not set, the StatsD feature is disabled. |
| log_statsd_port=8125 | Port value for the StatsD server. |
| log_statsd_default_sample_rate=1.0 | Defines the probability of sending a sample for any given event or timing measurement. |
| log_statsd_sample_rate_factor=1.0 | Not recommended to set this to a value less than 1.0, if frequency of logging is too high, tune the log_statsd_default_sample_rate instead. |
| log_statsd_metric_prefix= | Value will be prepended to every metric sent to the StatsD server. |
| cors_allow_origin= | is a list of hosts that are included with any CORS request by default and returned with the Access-Control-Allow-Origin header in addition to what the container has set. to call to setup custom log handlers. for eventlet the proxy server. For most cases, this should be `egg:swift#proxy`. request whenever it has to failover to a handoff node |
| client_timeout=60 | Timeout to read one chunk from a client external services |
| eventlet_debug=false | If true, turn on debug logging for eventlet |
| Configuration option=Default value | Description |
| use=egg:swift#proxy | Entry point of paste.deploy in the server |
| set log_name=proxy-server | Label to use when logging |
| set log_facility=LOG_LOCAL0 | Syslog log facility |
| set log_level=INFO | Log level |
| set log_address=/dev/log | No help text available for this option |
| log_handoffs=true | No help text available for this option |
| recheck_account_existence=60 | Cache timeout in seconds to send memcached for account existence |
| recheck_container_existence=60 | Cache timeout in seconds to send memcached for container existence |
| object_chunk_size=8192 | Chunk size to read from object servers |
| client_chunk_size=8192 | Chunk size to read from clients |
| node_timeout=10 | Request timeout to external services |
| conn_timeout=0.5 | Connection timeout to external services |
| error_suppression_interval=60 | Time in seconds that must elapse since the last error for a node to be considered no longer error limited |
| error_suppression_limit=10 | Error count to consider a node error limited |
| allow_account_management=false | Whether account PUTs and DELETEs are even callable |
| object_post_as_copy=true | Set object_post_as_copy = false to turn on fast posts where only the metadata changes are stored anew and the original data file is kept in place. This makes for quicker posts; but since the container metadata isn't updated in this mode, features like container sync won't be able to sync posts. |
| account_autocreate=false | If set to 'true' authorized accounts that do not yet exist within the Swift cluster will be automatically created. |
| max_containers_per_account=0 | If set to a positive value, trying to create a container when the account already has at least this maximum containers will result in a 403 Forbidden. Note: This is a soft limit, meaning a user might exceed the cap for recheck_account_existence before the 403s kick in. |
| max_containers_whitelist= | is a comma separated list of account names that ignore the max_containers_per_account cap. |
| deny_host_headers= | No help text available for this option |
| auto_create_account_prefix=. | Prefix to use when automatically creating accounts |
| put_queue_depth=10 | No help text available for this option |
| rate_limit_after_segment=10 | Rate limit the download of large object segments after this segment is downloaded. |
| rate_limit_segments_per_sec=1 | Rate limit large object downloads at this rate. contact for a normal request. You can use '* replicas' at the end to have it use the number given times the number of replicas for the ring being used for the request. paste.deploy to use for auth. To use tempauth set to: `egg:swift#tempauth` each request |
| sorting_method=shuffle | No help text available for this option |
| timing_expiry=300 | No help text available for this option |
| allow_static_large_object=true | No help text available for this option |
| max_large_object_get_time=86400 | No help text available for this option |
| request_node_count=2 * replicas | * replicas Set to the number of nodes to contact for a normal request. You can use '* replicas' at the end to have it use the number given times the number of replicas for the ring being used for the request. conf file for values will only be shown to the list of swift_owners. The exact default definition of a swift_owner is headers> up to the auth system in use, but usually indicates administrative responsibilities. paste.deploy to use for auth. To use tempauth set to: `egg:swift#tempauth` each request |
| read_affinity=r1z1=100, r1z2=200, r2=300 | No help text available for this option |
| read_affinity= | No help text available for this option |
| write_affinity=r1, r2 | No help text available for this option |
| write_affinity= | No help text available for this option |
| write_affinity_node_count=2 * replicas | No help text available for this option |
| swift_owner_headers=x-container-read, x-container-write, x-container-sync-key, x-container-sync-to, x-account-meta-temp-url-key, x-account-meta-temp-url-key-2 | the sample These are the headers whose conf file for values will only be shown to the list of swift_owners. The exact default definition of a swift_owner is headers> up to the auth system in use, but usually indicates administrative responsibilities. paste.deploy to use for auth. To use tempauth set to: `egg:swift#tempauth` each request |
| Configuration option=Default value | Description |
| pipeline=catch_errors healthcheck proxy-logging cache bulk slo ratelimit tempauth container-quotas account-quotas proxy-logging proxy-server | No help text available for this option |
| Configuration option=Default value | Description |
| use=egg:swift#account_quotas | Entry point of paste.deploy in the server |
| Configuration option=Default value | Description |
| auth_host=keystonehost | No help text available for this option |
| auth_port=35357 | No help text available for this option |
| auth_protocol=http | No help text available for this option |
| auth_uri=http://keystonehost:5000/ | No help text available for this option |
| admin_tenant_name=service | No help text available for this option |
| admin_user=swift | No help text available for this option |
| admin_password=password | No help text available for this option |
| delay_auth_decision=1 | No help text available for this option |
| cache=swift.cache | No help text available for this option |
| Configuration option=Default value | Description |
| use=egg:swift#memcache | Entry point of paste.deploy in the server |
| set log_name=cache | Label to use when logging |
| set log_facility=LOG_LOCAL0 | Syslog log facility |
| set log_level=INFO | Log level |
| set log_headers=false | If True, log headers in each request |
| set log_address=/dev/log | No help text available for this option |
| memcache_servers=127.0.0.1:11211 | Comma separated list of memcached servers ip:port services |
| memcache_serialization_support=2 | No help text available for this option |
| Configuration option=Default value | Description |
| use=egg:swift#catch_errors | Entry point of paste.deploy in the server |
| set log_name=catch_errors | Label to use when logging |
| set log_facility=LOG_LOCAL0 | Syslog log facility |
| set log_level=INFO | Log level |
| set log_headers=false | If True, log headers in each request |
| set log_address=/dev/log | No help text available for this option |
| Configuration option=Default value | Description |
| use=egg:swift#healthcheck | Entry point of paste.deploy in the server |
| disable_path= | No help text available for this option |
| Configuration option=Default value | Description |
| use=egg:swift#keystoneauth | Entry point of paste.deploy in the server |
| operator_roles=admin, swiftoperator | No help text available for this option |
| Configuration option=Default value | Description |
| use=egg:swift#list_endpoints | Entry point of paste.deploy in the server |
| list_endpoints_path=/endpoints/ | No help text available for this option |
| Configuration option=Default value | Description |
| use=egg:swift#proxy_logging | Entry point of paste.deploy in the server |
| access_log_name=swift | No help text available for this option |
| access_log_facility=LOG_LOCAL0 | No help text available for this option |
| access_log_level=INFO | No help text available for this option |
| access_log_address=/dev/log | No help text available for this option |
| access_log_udp_host= | No help text available for this option |
| access_log_udp_port=514 | No help text available for this option |
| access_log_statsd_host=localhost | No help text available for this option |
| access_log_statsd_port=8125 | No help text available for this option |
| access_log_statsd_default_sample_rate=1.0 | No help text available for this option |
| access_log_statsd_sample_rate_factor=1.0 | No help text available for this option |
| access_log_statsd_metric_prefix= | No help text available for this option |
| access_log_headers=false | No help text available for this option |
| logged with access_log_headers=True. | No help text available for this option |
| reveal_sensitive_prefix=8192 | The X-Auth-Token is sensitive data. If revealed to an unauthorised person, they can now make requests against an account until the token expires. Set reveal_sensitive_prefix to the number of characters of the token that are logged. For example reveal_sensitive_prefix=12 so only first 12 characters of the token are logged. Or, set to 0 to completely remove the token. |
| log_statsd_valid_http_methods=GET,HEAD,POST,PUT,DELETE,COPY,OPTIONS | No help text available for this option |
| Configuration option=Default value | Description |
| use=egg:swift#tempauth | Entry point of paste.deploy in the server |
| set log_name=tempauth | Label to use when logging |
| set log_facility=LOG_LOCAL0 | Syslog log facility |
| set log_level=INFO | Log level |
| set log_headers=false | If True, log headers in each request |
| set log_address=/dev/log | No help text available for this option |
| reseller_prefix=AUTH | The naming scope for the auth service. Swift |
| auth_prefix=/auth/ | The HTTP request path prefix for the auth service. Swift itself reserves anything beginning with the letter `v`. |
| token_life=86400 | The number of seconds a token is valid. |
| allow_overrides=true | No help text available for this option |
| storage_url_scheme=default | Scheme to return with storage urls: http, https, or default (chooses based on what the server is running as) This can be useful with an SSL load balancer in front of a non-SSL server. |
| user_admin_admin=admin .admin .reseller_admin | No help text available for this option |
| user_test_tester=testing .admin | No help text available for this option |
| user_test2_tester2=testing2 .admin | No help text available for this option |
| user_test_tester3=testing3 | No help text available for this option |
