Core Module#
The module provides essential functionality and configuration directives
necessary for the basic operation of the server,
and handles critical tasks such as managing worker processes,
configuring event-driven models,
and processing incoming connections and requests.
It includes key directives for setting up the main process, error
logging, and controlling the behavior of the server at a low level. When Note There is no need to enable If accept_mutex is enabled,
this directive specifies the maximum time
a worker process will wait
to continue accepting new connections
while another worker process is already handling new connections. Determines whether Angie should run as a daemon.
This is primarily used during development. Enables debugging logs for specific client connections.
Other connections will use the logging level
set by the error_log directive.
You can specify connections by IPv4 or IPv6 address, network, or hostname.
For connections using UNIX domain sockets,
use the Note For this directive to work,
Angie must be built with debugging log enabled. This directive is used for debugging. When an internal error occurs,
such as a socket leak during worker process restarts,
enabling By default,
Angie removes all environment variables inherited from its parent process
except for the These variables are then: inherited during a
live upgrade of an executable file used by the Perl module available to worker processes Note that controlling system libraries in this way may not always be effective,
as libraries often check variables only during initialization,
which occurs before this directive takes effect.
The Example: Note The Default main, http, mail, stream, server, location Configures logging,
allowing multiple logs to be specified at the same configuration level.
If a log file is not explicitly defined at the The first parameter specifies the file to store the log.
The special value The second parameter sets the logging level, which can be one of the following:
Setting Levels Captured If this parameter is omitted,
Note For the Provides the configuration file context for directives
that affect connection processing. Includes another file, or files that match the specified mask,
into the configuration.
The included files must contain syntactically correct directives and blocks. Example: Loads a dynamic module from the specified file.
If a relative path is provided, it is interpreted based on the
Example: Default main Angie uses a locking mechanism to implement accept_mutex
and serialize access to shared memory.
On most systems, locks are managed using atomic operations,
making this directive unnecessary.
On certain systems, however, an alternative lock file mechanism is used.
This directive sets a prefix for lock file names. Determines whether worker processes are started.
This directive is intended for Angie developers. A worker process will accept all new connections simultaneously. A worker process will accept one new connection at a time. Note This directive is ignored
if the kqueue connection processing method is used,
as it provides the number of new connections ready to be accepted. Enables or disables "just-in-time compilation" (PCRE JIT)
for regular expressions known at the time of configuration parsing. PCRE JIT can significantly accelerate regular expression processing. Note JIT is available in PCRE libraries from version 8.20,
provided they are built with the Default main Specifies the file that will store the ID of the Angie main process.
The file is created atomically, which ensures its contents are always correct.
The Note If the file setting is modified during reconfiguration
but points to a symlink of the previous PID file,
the file will not be recreated. Specifies the name of the hardware SSL accelerator. If enabled, SSL objects (SSL certificates, secret keys, trusted CA certificates,
CRL lists) are inherited across configuration reloads. SSL objects loaded from files are inherited if their modification time and file
index have not changed since the previous configuration load. Secret keys
specified as SSL objects loaded from variables cannot be inherited. Example: Default main Defines the name and parameters of a thread pool
used for multi-threaded reading and sending of files
without blocking worker processes. The If all threads in the pool are busy executing tasks, new tasks wait in a queue.
The Reduces timer resolution in worker processes,
thus reducing the number of Example: Internal implementation of the interval depends on the method used: Specifies the method to use for connection processing.
There is normally no need to specify it explicitly,
because Angie will by default use the most efficient method. Defines user and group credentials used by worker processes
(see also build parameters).
If group is omitted, a group whose name equals that of user is used. When using aio with the epoll connection processing method,
sets the maximum number of outstanding asynchronous I/O operations
for a single worker process. Sets the maximum number of simultaneous connections that can be opened by a worker process. It should be kept in mind that this number includes all connections
(e.g. connections with proxied servers, among others),
not only connections with clients.
Another consideration is that the actual number of simultaneous connections
cannot exceed the current limit on the maximum number of open files,
which can be changed by worker_rlimit_nofile. Binds worker processes to the sets of CPUs.
Each CPU set is represented by a bitmask of allowed CPUs.
There should be a separate set defined for each of the worker processes.
By default, worker processes are not bound to any specific CPUs. For example: This configuration binds each worker process to a separate CPU. Alternatively: This binds the first worker process to CPU0 and CPU2,
and the second worker process to CPU1 and CPU3.
This setup is suitable for hyper-threading. The special value The optional mask parameter can be used to limit the CPUs
available for automatic binding: Note The directive is only available on FreeBSD and Linux. Defines the scheduling priority for worker processes like it is done
by the nice command: a negative number
means higher priority.
Allowed range normally varies from -20 to 20. Example: Defines the number of worker processes. The optimal value depends on many factors including (but not limited to)
the number of CPU cores, the number of hard disk drives that store data,
and load pattern.
When one is in doubt, setting it to the number of available CPU cores
would be a good start (the value " Changes the limit on the largest size of a core file ( Changes the limit on the maximum number of open files ( Configures a timeout in seconds for a graceful shutdown of worker processes.
When the specified time expires,
Angie will try to close all the connections currently open
to facilitate shutdown. Graceful shutdown is initiated by sending a QUIT signal to the main process, which instructs worker processes
to stop accepting new connections and allows existing connections to complete.
Worker processes continue to handle active requests until they finish,
then shut down gracefully. If connections remain open
longer than Defines the current working directory for a worker process.
It is primarily used when writing a core file,
in which case a worker process should have write permission for the
specified directory.Configuration Example#
user www www;
worker_processes 2;
error_log /var/log/error.log info;
events {
use kqueue; worker_connections 2048;
}
Directives#
accept_mutex#
accept_mutex is enabled,
worker processes will accept new connections in turn.
Without this setting, all worker processes are notified of new connections,
which can lead to inefficient use of system resources
if the volume of new connections is low.accept_mutex on systems
that support the EPOLLEXCLUSIVE flag
or when using the reuseport directive.accept_mutex_delay#
daemon#
debug_connection#
unix: parameter to enable debugging logs.events {
debug_connection 127.0.0.1;
debug_connection localhost;
debug_connection 192.0.2.0/24;
debug_connection ::1;
debug_connection 2001:0db8::/32;
debug_connection unix:;
# ...
}
debug_points#
debug_points will either create a core file (abort)
or stop the process (stop) for further analysis with a system debugger.env#
TZ variable.
This directive allows you to preserve some inherited variables,
modify their values, or create new environment variables.TZ variable is always inherited
and accessible to the Perl module
unless explicitly configured otherwise.env MALLOC_OPTIONS;
env PERL5LIB=/data/site/modules;
env OPENSSL_ALLOW_PROXY_CERTS=1;
ANGIE environment variable is used internally by Angie
and should not be set directly by the user.error_log#
error_log file [level];error_log logs/error.log error;
(the path depends on the --error-log-path build option)main configuration level,
the default file will be used.stderr selects the standard error stream.
To configure logging to syslog,
use the "syslog:" prefix.
To log to a cyclic memory buffer,
use the "memory:" prefix followed by the buffer size;
this is typically used for debugging.debug, info, notice, warn, error,
crit, alert, or emerg.
These levels are listed in order of increasing severity.
Setting a log level will capture messages of equal and higher severity:debugdebug, info, notice, warn, error,
crit, alert, emerginfoinfo, notice, warn, error,
crit, alert, emergnoticenotice, warn, error,
crit, alert, emergwarnwarn, error, crit, alert, emergerrorerror, crit, alert, emergcritcrit, alert, emergalertalert, emergemergemergerror is used as the default logging level.debug logging level to work,
Angie must be built with debugging log enabled.events#
include#
include mime.types;
include vhosts/*.conf;
load_module#
--prefix build option. To verify the path:$ sudo angie -V
load_module modules/ngx_mail_module.so;
lock_file#
lock_file file;lock_file logs/angie.lock;
(the path depends on the --lock-path build option)master_process#
multi_accept#
onoffpcre_jit#
--enable-jit configuration option.
When Angie is built with the PCRE library (--with-pcre=),
JIT support is enabled using the --with-pcre-jit option.pid#
pid file | off;pid logs/angie.pid;
(the path depends on the --pid-path build option)off setting disables the creation of this file.ssl_engine#
ssl_object_cache_inheritable#
engine:name:id are never inherited, while secret keys
specified as data:value are always inherited.ssl_object_cache_inheritable on;
http {
server {
ssl_certificate example.com.crt;
ssl_certificate_key example.com.key;
}
}
thread_pool#
thread_pool name threads=number [max_queue=number];thread_pool default threads=32 max_queue=65536;threads parameter defines the number of threads in the pool.max_queue parameter limits the number of tasks
allowed to be waiting in the queue.
By default, up to 65536 tasks can be in the queue.
When the queue overflows, the task is completed with an error.timer_resolution#
gettimeofday() system calls.
By default, gettimeofday() is called each time a kernel event is received.
With reduced resolution, gettimeofday() is only called once per specified interval.timer_resolution 100ms;
use#
user#
worker_aio_requests#
worker_connections#
worker_cpu_affinity#
worker_processes 4;
worker_cpu_affinity 0001 0010 0100 1000;
worker_processes 2;
worker_cpu_affinity 0101 1010;
auto
allows binding worker processes automatically to available CPUs:worker_processes auto;
worker_cpu_affinity auto;
worker_cpu_affinity auto 01010101;
worker_priority#
worker_priority -10;
worker_processes#
auto" will try to autodetect it).worker_rlimit_core#
RLIMIT_CORE)
for worker processes.
Used to increase the limit without restarting the main process.worker_rlimit_nofile#
RLIMIT_NOFILE)
for worker processes.
Used to increase the limit without restarting the main process.worker_shutdown_timeout#
worker_shutdown_timeout, Angie will forcibly close these
connections to complete the shutdown.
Also, client keep-alive connections are closed only if they have been
idle for at least the time specified by lingering_timeout.working_directory#
Content