Proxy server configuration

Icehouse - Icehouse - Icehouse - Icehouse - Icehouse - Icehouse - Icehouse - Icehouse -

Sample proxy server configuration file

Find an example proxy server configuration at etc/proxy-server.conf-sample in the source code repository.

The available configuration options are:

Table 8.33. Description of configuration options for `[DEFAULT]` in `proxy-server.conf-sample`
Configuration option = Default value	Description
bind_ip = 0.0.0.0	IP Address for server to bind to
bind_port = 80	Port for server to bind to
bind_timeout = 30	Seconds to attempt bind before giving up
backlog = 4096	Maximum number of allowed pending TCP connections
swift_dir = /etc/swift	Swift configuration directory
user = swift	User to run as
expose_info = true	Enables exposing configuration settings via HTTP GET /info.
admin_key = secret_admin_key	to use for admin calls that are HMAC signed. Default is empty, which will disable admin calls to /info. the proxy server. For most cases, this should be `egg:swift#proxy`. request whenever it has to failover to a handoff node
disallowed_sections = container_quotas, tempurl	No help text available for this option.
workers = auto	a much higher value, one can reduce the impact of slow file system operations in one request from negatively impacting other requests.
max_clients = 1024	Maximum number of clients one worker can process simultaneously Lowering the number of clients handled per worker, and raising the number of workers can lessen the impact that a CPU intensive, or blocking, request can have on other requests served by the same worker. If the maximum number of clients is set to one, then a given worker will not perform another call while processing, allowing other workers a chance to process it.
cert_file = /etc/swift/proxy.crt	to the ssl .crt. This should be enabled for testing purposes only.
key_file = /etc/swift/proxy.key	to the ssl .key. This should be enabled for testing purposes only.
expiring_objects_container_divisor = 86400	No help text available for this option.
expiring_objects_account_name = expiring_objects	No help text available for this option.
log_name = swift	Label used when logging
log_facility = LOG_LOCAL0	Syslog log facility
log_level = INFO	Logging level
log_headers = false	No help text available for this option.
log_address = /dev/log	Location where syslog sends the logs to
trans_id_suffix =	No help text available for this option.
log_custom_handlers =	Comma-separated list of functions to call to setup custom log handlers.
log_udp_host =	If not set, the UDB receiver for syslog is disabled.
log_udp_port = 514	Port value for UDB receiver, if enabled.
log_statsd_host = localhost	If not set, the StatsD feature is disabled.
log_statsd_port = 8125	Port value for the StatsD server.
log_statsd_default_sample_rate = 1.0	Defines the probability of sending a sample for any given event or timing measurement.
log_statsd_sample_rate_factor = 1.0	Not recommended to set this to a value less than 1.0, if frequency of logging is too high, tune the log_statsd_default_sample_rate instead.
log_statsd_metric_prefix =	Value will be prepended to every metric sent to the StatsD server.
cors_allow_origin =	is a list of hosts that are included with any CORS request by default and returned with the Access-Control-Allow-Origin header in addition to what the container has set. to call to setup custom log handlers. for eventlet the proxy server. For most cases, this should be `egg:swift#proxy`. request whenever it has to failover to a handoff node
client_timeout = 60	Timeout to read one chunk from a client external services
eventlet_debug = false	If true, turn on debug logging for eventlet

Table 8.34. Description of configuration options for `[app:proxy-server]` in `proxy-server.conf-sample`
Configuration option = Default value	Description
use = egg:swift#proxy	Entry point of paste.deploy in the server
set log_name = proxy-server	Label to use when logging
set log_facility = LOG_LOCAL0	Syslog log facility
set log_level = INFO	Log level
set log_address = /dev/log	Location where syslog sends the logs to
log_handoffs = true	No help text available for this option.
recheck_account_existence = 60	Cache timeout in seconds to send memcached for account existence
recheck_container_existence = 60	Cache timeout in seconds to send memcached for container existence
object_chunk_size = 8192	Chunk size to read from object servers
client_chunk_size = 8192	Chunk size to read from clients
node_timeout = 10	Request timeout to external services
recoverable_node_timeout = node_timeout	Request timeout to external services for requests that, on failure, can be recovered from. For example, object GET. from a client external services
conn_timeout = 0.5	Connection timeout to external services
post_quorum_timeout = 0.5	No help text available for this option.
error_suppression_interval = 60	Time in seconds that must elapse since the last error for a node to be considered no longer error limited
error_suppression_limit = 10	Error count to consider a node error limited
allow_account_management = false	Whether account PUTs and DELETEs are even callable
object_post_as_copy = true	Set object_post_as_copy = false to turn on fast posts where only the metadata changes are stored anew and the original data file is kept in place. This makes for quicker posts; but since the container metadata isn't updated in this mode, features like container sync won't be able to sync posts.
account_autocreate = false	If set to 'true' authorized accounts that do not yet exist within the Swift cluster will be automatically created.
max_containers_per_account = 0	If set to a positive value, trying to create a container when the account already has at least this maximum containers will result in a 403 Forbidden. Note: This is a soft limit, meaning a user might exceed the cap for recheck_account_existence before the 403s kick in.
max_containers_whitelist =	is a comma separated list of account names that ignore the max_containers_per_account cap.
deny_host_headers =	No help text available for this option.
auto_create_account_prefix = .	Prefix to use when automatically creating accounts
put_queue_depth = 10	No help text available for this option.
sorting_method = shuffle	No help text available for this option.
timing_expiry = 300	No help text available for this option.
max_large_object_get_time = 86400	No help text available for this option.
request_node_count = 2 * replicas	* replicas Set to the number of nodes to contact for a normal request. You can use '* replicas' at the end to have it use the number given times the number of replicas for the ring being used for the request. conf file for values will only be shown to the list of swift_owners. The exact default definition of a swift_owner is headers> up to the auth system in use, but usually indicates administrative responsibilities. paste.deploy to use for auth. To use tempauth set to: `egg:swift#tempauth` each request
read_affinity = r1z1=100, r1z2=200, r2=300	No help text available for this option.
read_affinity =	No help text available for this option.
write_affinity = r1, r2	No help text available for this option.
write_affinity =	No help text available for this option.
write_affinity_node_count = 2 * replicas	No help text available for this option.
swift_owner_headers = x-container-read, x-container-write, x-container-sync-key, x-container-sync-to, x-account-meta-temp-url-key, x-account-meta-temp-url-key-2, x-account-access-control	the sample These are the headers whose conf file for values will only be shown to the list of swift_owners. The exact default definition of a swift_owner is headers> up to the auth system in use, but usually indicates administrative responsibilities. paste.deploy to use for auth. To use tempauth set to: `egg:swift#tempauth` each request

Table 8.35. Description of configuration options for `[pipeline:main]` in `proxy-server.conf-sample`
Configuration option = Default value	Description
pipeline = catch_errors gatekeeper healthcheck proxy-logging cache container_sync bulk tempurl slo dlo ratelimit tempauth container-quotas account-quotas proxy-logging proxy-server	No help text available for this option.

Table 8.36. Description of configuration options for `[filter:account-quotas]` in `proxy-server.conf-sample`
Configuration option = Default value	Description
use = egg:swift#account_quotas	Entry point of paste.deploy in the server

Table 8.37. Description of configuration options for `[filter:authtoken]` in `proxy-server.conf-sample`
Configuration option = Default value	Description
auth_host = keystonehost	No help text available for this option.
auth_port = 35357	No help text available for this option.
auth_protocol = http	No help text available for this option.
auth_uri = http://keystonehost:5000/	No help text available for this option.
admin_tenant_name = service	No help text available for this option.
admin_user = swift	No help text available for this option.
admin_password = password	No help text available for this option.
delay_auth_decision = 1	No help text available for this option.
cache = swift.cache	No help text available for this option.
include_service_catalog = False	No help text available for this option.

Table 8.38. Description of configuration options for `[filter:cache]` in `proxy-server.conf-sample`
Configuration option = Default value	Description
use = egg:swift#memcache	Entry point of paste.deploy in the server
set log_name = cache	Label to use when logging
set log_facility = LOG_LOCAL0	Syslog log facility
set log_level = INFO	Log level
set log_headers = false	If True, log headers in each request
set log_address = /dev/log	Location where syslog sends the logs to
memcache_servers = 127.0.0.1:11211	Comma separated list of memcached servers ip:port services
memcache_serialization_support = 2	No help text available for this option.
memcache_max_connections = 2	Max number of connections to each memcached server per worker services

Table 8.39. Description of configuration options for `[filter:catch_errors]` in `proxy-server.conf-sample`
Configuration option = Default value	Description
use = egg:swift#catch_errors	Entry point of paste.deploy in the server
set log_name = catch_errors	Label to use when logging
set log_facility = LOG_LOCAL0	Syslog log facility
set log_level = INFO	Log level
set log_headers = false	If True, log headers in each request
set log_address = /dev/log	Location where syslog sends the logs to

Table 8.40. Description of configuration options for `[filter:dlo]` in `proxy-server.conf-sample`
Configuration option = Default value	Description
use = egg:swift#dlo	Entry point of paste.deploy in the server
rate_limit_after_segment = 10	Rate limit the download of large object segments after this segment is downloaded.
rate_limit_segments_per_sec = 1	Rate limit large object downloads at this rate. contact for a normal request. You can use '* replicas' at the end to have it use the number given times the number of replicas for the ring being used for the request. paste.deploy to use for auth. To use tempauth set to: `egg:swift#tempauth` each request
max_get_time = 86400	No help text available for this option.

Table 8.41. Description of configuration options for `[filter:gatekeeper]` in `proxy-server.conf-sample`
Configuration option = Default value	Description
use = egg:swift#gatekeeper	Entry point of paste.deploy in the server
set log_name = gatekeeper	Label to use when logging
set log_facility = LOG_LOCAL0	Syslog log facility
set log_level = INFO	Log level
set log_headers = false	If True, log headers in each request
set log_address = /dev/log	Location where syslog sends the logs to

Table 8.42. Description of configuration options for `[filter:healthcheck]` in `proxy-server.conf-sample`
Configuration option = Default value	Description
use = egg:swift#healthcheck	Entry point of paste.deploy in the server
disable_path =	No help text available for this option.

Table 8.43. Description of configuration options for `[filter:keystoneauth]` in `proxy-server.conf-sample`
Configuration option = Default value	Description
use = egg:swift#keystoneauth	Entry point of paste.deploy in the server
operator_roles = admin, swiftoperator	No help text available for this option.
reseller_admin_role = ResellerAdmin	No help text available for this option.

Table 8.44. Description of configuration options for `[filter:list-endpoints]` in `proxy-server.conf-sample`
Configuration option = Default value	Description
use = egg:swift#list_endpoints	Entry point of paste.deploy in the server
list_endpoints_path = /endpoints/	No help text available for this option.

Table 8.45. Description of configuration options for `[filter:proxy-logging]` in `proxy-server.conf-sample`
Configuration option = Default value	Description
use = egg:swift#proxy_logging	Entry point of paste.deploy in the server
access_log_name = swift	No help text available for this option.
access_log_facility = LOG_LOCAL0	No help text available for this option.
access_log_level = INFO	No help text available for this option.
access_log_address = /dev/log	No help text available for this option.
access_log_udp_host =	No help text available for this option.
access_log_udp_port = 514	No help text available for this option.
access_log_statsd_host = localhost	No help text available for this option.
access_log_statsd_port = 8125	No help text available for this option.
access_log_statsd_default_sample_rate = 1.0	No help text available for this option.
access_log_statsd_sample_rate_factor = 1.0	No help text available for this option.
access_log_statsd_metric_prefix =	No help text available for this option.
access_log_headers = false	No help text available for this option.
access_log_headers_only =	No help text available for this option.
logged with access_log_headers = True.	No help text available for this option.
reveal_sensitive_prefix = 8192	The X-Auth-Token is sensitive data. If revealed to an unauthorised person, they can now make requests against an account until the token expires. Set reveal_sensitive_prefix to the number of characters of the token that are logged. For example reveal_sensitive_prefix = 12 so only first 12 characters of the token are logged. Or, set to 0 to completely remove the token.
log_statsd_valid_http_methods = GET,HEAD,POST,PUT,DELETE,COPY,OPTIONS	No help text available for this option.

Table 8.46. Description of configuration options for `[filter:tempauth]` in `proxy-server.conf-sample`
Configuration option = Default value	Description
use = egg:swift#tempauth	Entry point of paste.deploy in the server
set log_name = tempauth	Label to use when logging
set log_facility = LOG_LOCAL0	Syslog log facility
set log_level = INFO	Log level
set log_headers = false	If True, log headers in each request
set log_address = /dev/log	Location where syslog sends the logs to
reseller_prefix = AUTH	The naming scope for the auth service. Swift
auth_prefix = /auth/	The HTTP request path prefix for the auth service. Swift itself reserves anything beginning with the letter `v`.
token_life = 86400	The number of seconds a token is valid.
allow_overrides = true	No help text available for this option.
storage_url_scheme = default	Scheme to return with storage urls: http, https, or default (chooses based on what the server is running as) This can be useful with an SSL load balancer in front of a non-SSL server.
user_admin_admin = admin .admin .reseller_admin	No help text available for this option.
user_test_tester = testing .admin	No help text available for this option.
user_test2_tester2 = testing2 .admin	No help text available for this option.
user_test_tester3 = testing3	No help text available for this option.

Questions? Discuss on ask.openstack.org
Found an error? Report a bug against this page

Legal notices