The following is a comprehensive list of all global and per-virtual server configuration parameters.
|
|
|
|
| Name |
Description |
Default
(when not present) |
| controlport |
Integer: the port on which this instance of the web server receives
control messages (from the admin server). |
9080 |
| controlallow |
String: comma seperated list of IP masks (eg 192.111.1.0/24) of machines
from which control requests to the web server are allowed |
127.0.0.1 |
| uid |
Integer: the default uid which zeus.web children and runners are
given. Can also be a valid username which is mapped back to uid |
0 |
| gid |
Integer: the default gid which zeus.web children and runners are
given. Can also be a valid groupname which is mapped back to gid |
0 |
| balancer!enabled |
Boolean: set when the web server is a back-end server behind a Zeus Load
Balancer |
no |
| errlevel |
Integer: Severity of error messages to log: FATAL, SERIOUS,
DOS, SSL, WARN and INFO. INFO would be level 6 and is the least
serious. Messages with a severity level larger than the value
of errlevel will not be logged. |
6 |
|
|
| Name |
Description |
Default
(when not present) |
|
|
| tuning!modules!stats!enabled |
Boolean: whether to enable statistics reporting (ie statd) |
yes |
| tuning!modules!stats!days_to_archive |
Integer: Days to keep stats data before archiving it (using tar +
compress). Zero means never archive. |
7 |
| tuning!modules!stats!archive_dir |
String: directory to archive stats to (blank means silently delete old
stats) |
<blank> |
| |
|
|
| tuning!modules!nsapi!enabled |
Boolean: whether to enable the nsapi runner (zeus.nsapi) |
yes |
| tuning!modules!nsapi!maxthreads |
Integer: The maximum number of threads (workers) that the NSAPI runner (zeus.nsapi) will spawn |
128 |
| |
|
|
| tuning!modules!isapi!enabled |
Boolean: whether to enable the isapi runner (zeus.isapi) |
yes |
| tuning!modules!isapi!external!uid |
Integer: user id which isapi runner should run as |
0 |
| tuning!modules!isapi!external!gid |
Integer: group id which isapi runner should run as |
0 |
| tuning!modules!isapi!external!minthreads |
Integer: sets the minimum number of threads that the ISAPI runner will
spawn (unimplemented) |
1 |
| tuning!modules!isapi!external!maxthreads |
Integer: sets the maximum number of threads that the ISAPI runner will
spawn |
128 |
| tuning!modules!isapi!external!maxqsize |
Integer: the maximum queue size for the ISAPI worker thread pool |
128*4 |
| tuning!modules!isapi!external!stacksize |
Integer: (unimplemented) |
-1 |
| |
|
|
| tuning!num_cgid |
Integer: number of zeus.cgid processes to run |
1 |
| |
|
|
| tuning!modules!ssld!library |
String: the name of the crypto library with which to run. If this is
not present, then do not run the ssl runner. |
<blank> |
| tuning!modules!ssld!libdir |
String: any additions to zeus.ssld's LD_LIBRARY_PATH. |
<blank> |
| tuning!modules!ssld!nworkers |
Integer: number of threads in the ssl thread pool (0 means accept
compile-time default, 128 at time of writing) |
0 |
| tuning!modules!ssld!queuelen |
Integer: queue length for the ssl thread pool (0 means accept
compile-time default, 128*4 at time of writing) |
0 |
| |
|
|
| tuning!modules!perl!external!uid |
Integer: user id which the perl runner should run as |
<same as web server> |
| tuning!modules!perl!external!gid |
Integer: group id which the perl runner should run as |
<same as web server> |
| tuning!modules!perl!external!minidleprocs |
Integer: sets the minimum number of idle processes that the perl
runner will keep around |
2 |
| tuning!modules!perl!external!maxprocs |
Integer: sets the maximum number of processes that the perl
runner will spawn |
128 |
| tuning!modules!perl!external!restartmaxconnections |
Integer: sets the maximum number of processes that each perl
process will handle before respawning |
200 |
| |
|
|
| tuning!runners!low_port |
Integer: minimum port number that the external ISAPI/NSAPI
runners will attempt to bind to |
19700 |
| tuning!runners!high_port |
Integer: maximum port number that the external ISAPI/NSAPI
runners will attempt to bind to |
19800 |
| tuning!runners!listenq |
Integer: listen queue size for external NSAPI/ISAPI runners |
256 |
|
|
| Name |
Description |
Default
(when not present) |
| tuning!listen_queue_size |
Size of the TCP listen queue |
256 |
| tuning!so_rbuff_size |
Size of the server socket buffer (so_rbuff_size) (bytes) |
<unset> |
| tuning!so_wbuff_size |
Size of the socket write buffer (bytes) |
<unset> |
| tuning!so_nagle_off |
Boolean: disable nagle on each request |
yes |
| tuning!multiple_accept |
Boolean: do multiple accept() calls upon a read bit on the server socket
from a poll()/select() |
yes |
| tuning!maxaccept |
Maximum number of accept() calls per server socket per
poll()/select() |
32 |
| tuning!unique_bind |
Force each child process to bind to a unique IP address, and not to each interface |
no |
| tuning!bind_any |
Boolean: have server sockets bind to IPADDR_ANY (mutually exclusive to
unique_bind) |
yes |
| tuning!admin!bind_any |
Boolean: have admin server socket (normally hostname:9090) bind to
IPADDR_ANY. If disabled, admin server binds to value of bindaddr in
<ZEUSHOME>/admin/website |
yes |
| tuning!use_poll |
Boolean: use poll() instead of select() |
yes |
| tuning!use_devpoll |
Boolean: use the /dev/poll device instead of select() |
no |
| tuning!maxfds |
Integer: Maximum number of file descriptors to set by setrlimit() (zero means
as many as are available) |
0 |
| tuning!max_connections |
Integer: Maximum number of concurrent connections allowed, after which
the web server will not accept any more connections. A value of -1
means no limits, a value of 0 means the system will choose a sensible
limit. A positive number indicates a user-specified choice. |
0 |
| tuning!delay_accept_on_start |
Boolean: If set to yes, the web server will not accept connections
whilst it is being started. This avoids a request being unable
to find a virtual server which has not yet been started. |
yes |
|
|
| Name |
Description |
Default
(when not present) |
| tuning!cache_files |
Size of the web server file cache (number of files) |
8011 |
| tuning!cache_small_file |
Maximum size of a 'small' file (bytes) (system page size) |
4096 |
| tuning!cache_large_file |
Minimum size of a 'large' file (bytes) |
1048577 |
| tuning!cache_stat_expire |
Time for which the response of a stat() call is cached (seconds) |
17 |
| tuning!cache_max_bytes |
Maximum size to reserve for cached files (bytes) (0 = no limit) |
33554432 |
| tuning!cache_flush_interval |
Time after which unaccessed files are flushed from the cache
(seconds) |
120 |
| tuning!cache_cooling_time |
Integer: any file modified in the last 'n' seconds is not cached |
120 |
| tuning!cache_max_filename_length |
Integer: filenames greater than this length aren't cached (Zero is
no limit) |
256 |
|
|
| Name |
Description |
Default
(when not present) |
| tuning!ssl_diskcache |
Boolean: use 2nd level on-disk cache for storing SSL session
information |
no (if tuning!num_children = 1)
yes (if tuning!num_children > 1) |
| tuning!ssl_diskcache_clean |
Integer: how regularly should the SSL diskcache be scanned for
expired entries (seconds) |
300 |
| tuning!ssl_diskcache_expiry |
Integer: how long should entries in the SSL disk cache remain
before expiry (seconds) |
1800 |
| tuning!ssl_diskcache_mmap |
Boolean: Whether the SSL cache should use
shared memory. If set to No, this will use the
traditional disk based SSL cache. |
yes |
| tuning!ssl_diskcache_size |
Integer: the number of SSL sessions to cache in the SSL shared memory
cahce (does not apply to the on-disk version) |
2047 |
| tuning!ssl_diskcache_location |
Directory: on-disk location for the SSL disk cache (only applies to the
on-disk version) |
$ZEUSHOME/web/ssl_cache |
| tuning!support_ssl2 |
Boolean: Whether to support SSLv2 |
yes |
| tuning!support_ssl3 |
Boolean: Whether to support SSLv3 |
yes |
| tuning!support_tls1 |
Boolean: Whether to support TLS v1.0 |
yes |
| tuning!ssl_keepalive |
Boolean: Whether to keepalive SSL connections |
yes |
| tuning!ssl_sessioncache_size |
Integer: Size of ssl session cache. Should be prime |
199 |
| tuning!ssl_sessioncache_expiry |
Integer: Number of seconds cache data are valid for |
24*60*60 (24 hours) |
| tuning!ssl_cbuff_size |
Integer: the size in bytes of the SSL circular buffer. This buffer
is filled each time data is written with the RC4 enciphered data.
Increasing the size of this buffer means that multiple SSL records can
be written in a single write() system call, if a previous write()
failed to write all of its data. 16404 is the maximum size of an
SSL record. |
16404 |
| tuning!ssl3_ciphers |
String: colon separated list of SSL ciphers to support. For the list
of supported ciphers, use <ZEUSHOME>/web/bin/zeus.web -s |
16404 |
|
|
| Name |
Description |
Default
(when not present) |
| tuning!accelerator!nca!enabled |
Boolean: enable NCA (Network Cache Accelerator) support on Solaris
|
no |
| tuning!accelerator!frca!enabled |
Boolean: enable FRCA (Fast Response Cache Accelerator) support on AIX
|
no |
| tuning!accelerator!frca!log!enabled |
Boolean: enable FRCA access log |
no |
| tuning!accelerator!frca!log!filename |
Location of FRCA access log file |
<unset> |
| tuning!accelerator!frca!log!format |
FRCA log format; must be one of "CLF", "ECLF", "V-CLF", "V-ECLF" |
CLF |
| tuning!accelerator!frca!minsize |
Integer: minimum file size for files in the FRCA kernel cache |
32768 |
| tuning!accelerator!frca!maxsize |
Integer: maximum file size for files in the FRCA kernel cache |
2147483647 (2Gb) |
|
Note: these tunables are normally found in dynamic.cfg, and managed by the
Zeus Administration Server.
The Service Protection System is present in Zeus Web Server version 4.1 and
later. |
| Name |
Description |
Default
(when not present) |
| tuning!dos!enabled |
Boolean: enable the service protection system |
no |
| tuning!dos!testing |
Boolean: if set, do not act on the rules, only log the effects |
no |
| tuning!dos!debug |
Boolean: emit verbose error log messages |
no |
| tuning!dos!min_connections |
Integer: minimum number of simultaneous connections 'guaranteed' to be allowed from
each IP address. Should be at least 4, for web clients that routinely make
concurrent connections |
4 |
| tuning!dos!max_1_connections |
Integer: maximum number of simultaneous connections allowed from a single IP address |
30 |
| tuning!dos!max_10_connections |
Integer: maximum number of simultaneous connections allowed from the 10 most active
IP addresses |
200 |
| tuning!dos!max_25_connections |
Integer: maximum number of simultaneous connections allowed from the 10 most active
IP addresses |
400 |
| tuning!dos!max_header_length |
Integer: maximum length of an individual HTTP header |
4096 |
| tuning!dos!max_url_length |
Integer: maximum length of the HTTP request URL |
4096 |
| tuning!dos!reject_binary |
Boolean: reject requests with URLs or headers which contain binary (<32) data |
no |
| tuning!dos!check_rfc2396 |
Boolean: apply strict URL conformance tests against the URL specification
in RFC2396 |
no |
| tuning!dos!case_sensitive |
Boolean: apply case sensitive matches in the SPS rules |
no |
| tuning!dos!<rulenum>!matches |
String or regular expression for rule <rulenum> to match |
<unset> |
| tuning!dos!<rulenum>!type |
Type of rule <rulenum>: "path", "uri", "query" or "header" |
<unset> |
| tuning!dos!<rulenum>!header |
If rule number <rulenum> has type "header", specifies the name of the header the rule applies to |
<unset> |
| tuning!dos!<rulenum>!cooked |
Boolean: if yes, rule number <rulenum> applies to the URL-unescaped version of the
request; if no, applies to the raw request |
no |
| tuning!dos!<rulenum>!disabled |
Boolean: if set to yes, this rule is disabled |
no |
| tuning!dos!send_error_page |
Boolean: if yes, return an error page rather than immediately closing the connection |
no (yes if balancer!enabled = yes) |
| tuning!dos!linger_sockets |
Integer: number of sockets to allow in error page lingering state |
10 |
| tuning!dos!linger_time |
Integer: timeout for error page lingering sockets (seconds) |
2 |
|
|
| Name |
Description |
Default
(when not present) |
| tuning!num_children |
Number of child zeus.web processes to run independent of the number of
CPUs (the default, however, is set to 1 per CPU initially) |
1 |
| tuning!timeout |
Timeout for client transfers (seconds) |
120 |
| tuning!check_symlinks |
Configure symlink checking (0 = no symlink checking; 1 = always deny symlinked files; 2 = allow if owner of symlink is owner of destination) |
0 |
| tuning!dns_resolv.conf |
String: The name of the resolv.conf file used when starting asynchronous DNS |
/etc/resolv.conf |
| tuning!dns_hosts |
String: The name of the hosts file used when starting asynchronous DNS |
<blank> |
| tuning!dnscache |
Integer: size of the DNS cache |
10867 |
| tuning!dnscache_expire |
Integer: Maximum time before DNS entries expire from the internal cache |
12 * 60 * 60 (=12 hours) |
| tuning!limit_requestheader |
Integer: maximum size of content header |
102400 |
| tuning!limit_requestbody |
Integer: maximum size of content body (zero means no limit) |
0 |
| tuning!cbuff_size |
Integer: Cbuff size |
8192 |
| tuning!socket_opt |
Boolean: Socket optimizations active |
yes |
| tuning!ca_dir |
String: Directory containing certificates |
<ZEUSHOME>/etc/CAs |
| tuning!accept_mutex |
Boolean: Whether to use a mutex around a socket's accept |
no |
| tuning!ldap_timeout |
Integer: Timeout (in seconds) for an LDAP query |
5 |
| tuning!child_priority |
Integer: Priority we should run our workers at |
-2 |
| tuning!grandchild_priority |
Integer: Priority CGIs etc. get run at |
1 |
| tuning!crypt_cache_size |
Integer: Size of crypt() cache |
1001 |
| tuning!hash_cache_size |
Integer: Size of PEM-encoded MD5 cache |
1001 |
| tuning!pipeline_readahead |
Integer: max bytes of subsequent requests we will accumulate before
ditching the pipeline |
32768 |
| tuning!connection_poolsize |
Integer: the number of pre-allocated connection objects to keep
about |
100 |
| tuning!connection_pooluse |
Integer: the number of times we use a pooled connection before throwing
it away |
100 |
| tuning!port_offset |
Integer: offset for load-balanced back-end web server (only has effect
in a clustered environment) |
0 |
| tuning!limit_cgiheader |
Integer: This is the maximum number of bytes which can be used by headers generated by CGI scripts (in total). |
4096 bytes |
| tuning!case_sensitive |
Boolean: whether or not the underlying file system is case sensitive.
This tunable is used by the access and content negotiation modules and causes
them to perform case insensitive matches on the URL if the underlying
filesystem is case insensitive |
yes (no on MacOSX) |
| tuning!clientfirst_optimise |
Boolean: on supported platforms (Linux, FreeBSD4), enables socket
optimizations that arrange that a connection is not accept()ed
until there is data ready to be read |
no |
| tuning!configfile_perms |
Octal: permissions of website and other configuration files stored locally
by the webserver |
600 (octal) |
| tuning!dynamicvs!verbose_startstop |
Boolean: log starting and stopping of dynamic virtual servers to the
error log (dynamic virtual server support required) |
no |
| tuning!limit_pipeline_readahead |
Integer: limit the amount of forward data we read in a keepalive
connection while processing the current connection
|
32768 |
| tuning!max_byteranges_per_request |
Integer: The maximum number of byteranges permitted in a single request |
500 |
| tuning!max_upstream_keepalive_connections |
Integer: The maximum number of connections that should be in keepalive
state to upstream content generators |
100 |
| tuning!max_upstream_keepalive_time |
Integer: The timeout for upstream keepalive connections (seconds) |
10 |
| tuning!minimal_headers |
Boolean: if yes, return the minimal set of headers to the client |
no |
| tuning!parentadmin_timeout |
Integer: timeout for new, unauthorized admin control connections (seconds) |
10 |
| tuning!syslog!enabled |
Boolean: enable logging to the syslog service as well as the error log files |
no |
| tuning!counters_enabled |
Boolean: enable or disable the real time monitoring counters |
yes |
| tuning!rpc_retry_limit |
Integer: how many RPC connect retry attempts to make before returning
502 Bad Gateway. Use 0 for no retry. |
3 |
| tuning!rpc_retry_delay |
Integer: how long to wait between RPC retries (in milliseconds) |
3000 |
|
|
| Name |
Description |
Default
(when not present) |
| tuning!modules!cgi!cleansize |
Number of file descriptors to close before exec |
unimplemented |
| tuning!modules!cgi!defaultuid |
Integer: default uid with which CGIs will be run |
65534 |
| tuning!modules!cgi!defaultgid |
Integer: default gid with which CGIs will be run |
65534 |
| tuning!modules!cgi!logstderr |
Boolean: log to stderr instead of client |
yes |
| tuning!modules!cgi!minuid |
Integer: minimum uid with which CGIs can run |
100 (0 in versions earlier than 4.3) |
| tuning!modules!cgi!mingid |
Integer: minimum gid with which CGIs can run |
100 (0 in versions earlier than 4.3) |
| tuning!modules!cgi!strict_jail |
Boolean: if yes, enforce the policy the CGI scripts must reside
within the chroot jail |
yes |
|
|
| Name |
Description |
Default
(when not present) |
| tuning!modules!gzip!complex_cache |
Boolean: Whether to use the complex gzip cache hashing algorithms |
yes |
| tuning!modules!htaccess!display_errors |
Boolean: display verbose error messages when an htaccess file contains a syntax error |
no |
| tuning!rewrite!max_rules_per_run |
Integer: global setting for the maximum number of rewrite commands
that will be run on a single request |
1000 |
| tuning!dirlist!filename_length |
Integer: the number of characters used for displaying
filenames in directory listings. |
30 |
| tuning!modules!rewrite!max_recursion |
Integer: defines the maximum depth to which rewrite scripts can recurse |
10 |
| tuning!modules!rewrite!per_vs_cache_size |
Integer: defines the maximum number of compiled scripts a
virtual server will cache (excluding the vsconfig script
which is always cached) |
100 |
| tuning!modules!rewrite!max_host_header_rewrites |
Integer: defines the maximum number of host header rewrites allowed. |
10 |
|
|
|
|
| Name |
Description |
Default
(when not present) |
| errloglevel |
Integer: the minimum level of error which gets logged (higher is more
serious) |
<maximum logging> |
| ip_name |
Server address (URL) of the virtual server |
<user_specified> |
| port |
port on which the virtual server listens |
80 |
| comment |
Server comment (URL encoded) |
<blank> |
| docroot |
virtual server's filesystem document root |
<blank> |
| creationdate |
date on which server was created (unixtime) |
<unixtime> |
| webmaster |
Webmaster e-mail address. If unset, the admin server makes a guess
based on webmaster@<hostname>, having stripped off the www. prefix |
<unset> |
| dnslookup |
Boolean: enable reverse DNS lookup |
no |
| errlog |
Filepath location of the error logfile |
<ZEUSHOME>/web/log/errors |
| aliases |
Space-separated list of soft-virtual server aliases |
<blank> |
| bindaddr |
Space-separated list of explicit bind addresses for virtual server |
<blank> |
| bindport |
Space-separated list of explicit bind ports for virtual server |
<blank> |
|
|
| Name |
Description |
Default
(when not present) |
| modules!access!enabled |
Boolean: enable access module |
no |
| modules!access!verbose |
Boolean: log access trace information to the web server error log |
no |
| modules!access!conf_version |
Integer: a version number: if this is incremented then the access module
is reloaded (unimplemented) |
<unset> |
| modules!access!users!<user> |
Password of the user <user> (encrypted) |
<unset> |
| modules!access!groups!<group> |
Establish group <group> |
<unset> |
| modules!access!groups!<group>!<user> |
Add user <user> to group <group> |
<unset> |
| modules!access!rules!<rule_number>!type |
Type of rule (allow or deny) |
<unset> |
| modules!access!rules!<rule_number>!hosts |
String: hostname(s) that rule <rule_number> affects optionally
according to a regular expression prefixed by a "~" |
<unset> |
| modules!access!rules!<rule_number>!ips |
String: IP address(es) that rule <rule_number> affects optionally
according to a regular expression prefixed by a "~" |
<unset> |
| modules!access!rules!<rule_number>!<group> |
Group <group> that rule <rule_number> affects |
<none> |
| modules!access!rules!<rule_number>!url |
String: url (prefix) for this rule optionally according to a regular
expression prefixed by a "~" |
<unset> |
| modules!access!rules!<rule_number>!<user> |
User <user> that rule <rule_number> affects |
<none> |
| modules!access!rules!<rule_number>!realm |
The realm used for rule <rule_number> |
The rule URL |
| modules!access!rules!<rule_number>!methods |
Comma separated list of the HTTP methods this rule is applied to |
All methods |
| modules!access!rules!<rule_number>!disabled |
If set to 'yes', rule <rule_number> is disabled. This is a
quick alternative to deleting the rule. |
no |
| modules!access!ldap!enabled |
Boolean: use an LDAP database for the access module |
no |
| modules!access!ldap!binddn |
Distinguished name of the LDAP object to bind as |
<unset> |
| modules!access!ldap!passwd |
Password of the LDAP binddn object |
<unset> |
| modules!access!ldap!ttl |
Integer: ttl for LDAP cache (seconds) |
120 |
| modules!access!ldap!group_url |
LDAP URL used to return group data for a given user ($u) |
<unset> |
| modules!access!ldap!user_url |
LDAP URL used to return password data for a given user ($u) |
<unset> |
| modules!access!nsswitch!enabled |
Boolean: use the operating system lookup service (nsswitch) for
authenticating users and groups in the access module |
no |
| modules!access!nsswitch!ttl |
Integer: ttl for nsswitch cache (seconds) |
120 |
|
Note: several of the advanced limiting and logging tunables need the
zeus.cgi CGI runner to be enabled
|
| Name |
Description |
Default
(when not present) |
| modules!cgi!enabled |
Boolean: enable the CGI module |
no |
| modules!cgi!allowanywhere |
Allow CGI scripts to be run from any docroot location |
no |
| modules!cgi!allowcmd |
Boolean: allow the SSI exec command |
no |
| modules!cgi!ulimitas |
Maximum address space per CGI (bytes, 0 indicates unlimited) |
0 |
| modules!cgi!ulimitcpu |
Maximum CPU time per CGI (seconds, 0 indicates unlimited) |
0 |
| modules!cgi!ulimitdata |
Maximum data segments per CGI (bytes, 0 indicates unlimited) |
0 |
| modules!cgi!ulimitnproc |
Maximum number of processes available to CGI user (0 indicates
unlimited) |
0 |
| modules!cgi!ulimittime |
Integer: maximum clock time for CGI scripts |
<unset> |
| modules!cgi!limitcgi |
Integer: maximum number of CGIs which can run concurrently
in this virtual server; 0 is unlimited |
0 |
| modules!cgi!limitsubserver |
Boolean: If yes, apply the limitcgi limit individually
to each subserver website rather than to the entire virtual server |
no |
| modules!cgi!autoid |
User and group for CGI to run as (0 = user specified; 1 = file owner,
2 = docroot owner) |
0 |
| modules!cgi!uid |
User for CGI to run as (when autoid = 0) |
<unset> |
| modules!cgi!gid |
Group for CGI to run as (when autoid = 0) |
<unset> |
| modules!cgi!priority |
Integer: priority to give CGI runner processes |
Value of tuning!grandchild_priority |
| modules!cgi!chroot |
Boolean: run CGI scripts chrooted |
no |
| modules!cgi!chroot_dirs!<dir> |
Chroot to filesystem directory <dir> before executing CGI |
<unset> |
| modules!cgi!logenabled |
Boolean: If yes, place CGI error output in the CGI error log rather
than the error log |
no |
| modules!cgi!logfile |
Location of the CGI error log. Several percent('%')-expansions are
supported - see the documentation |
<unset> |
| modules!cgi!logid |
Integer: If 1, write the log file as the owner of the website docroot,
otherwise as the running user of the CGI script. |
0 |
| modules!cgi!logsize |
Maximum size of the CGI error log (in Kb); 0 is unlimited. If the file
exceeds this size, it is truncated |
0 |
