<liclass="toctree-l2"><aclass="reference internal"href="package_README.html#client-server-and-proxy-programs">Client, Server and Proxy programs</a></li>
<liclass="toctree-l2"><aclass="reference internal"href="package_README.html#libnghttp2-asio-high-level-http-2-c-library">libnghttp2_asio: High level HTTP/2 C++ library</a></li>
<liclass="toctree-l2"><aclass="reference internal"href="nghttpx-howto.html#specifying-additional-ca-certificate">Specifying additional CA certificate</a></li>
<spanid="cmdoption--backend"></span><ttclass="descname">-b</tt><ttclass="descclassname"></tt><ttclass="descclassname">, </tt><ttclass="descname">--backend</tt><ttclass="descclassname">=<HOST,PORT></tt><aclass="headerlink"href="#cmdoption-b"title="Permalink to this definition">¶</a></dt>
<spanid="cmdoption--frontend"></span><ttclass="descname">-f</tt><ttclass="descclassname"></tt><ttclass="descclassname">, </tt><ttclass="descname">--frontend</tt><ttclass="descclassname">=<HOST,PORT></tt><aclass="headerlink"href="#cmdoption-f"title="Permalink to this definition">¶</a></dt>
<dd><p>Set frontend host and port. If <HOST> is '*', it
<ttclass="descname">--backlog</tt><ttclass="descclassname">=<N></tt><aclass="headerlink"href="#cmdoption--backlog"title="Permalink to this definition">¶</a></dt>
<ttclass="descname">--backend-ipv4</tt><ttclass="descclassname"></tt><aclass="headerlink"href="#cmdoption--backend-ipv4"title="Permalink to this definition">¶</a></dt>
<ttclass="descname">--backend-ipv6</tt><ttclass="descclassname"></tt><aclass="headerlink"href="#cmdoption--backend-ipv6"title="Permalink to this definition">¶</a></dt>
<ttclass="descname">--backend-http-proxy-uri</tt><ttclass="descclassname">=<URI></tt><aclass="headerlink"href="#cmdoption--backend-http-proxy-uri"title="Permalink to this definition">¶</a></dt>
<dd><p>Specify proxy URI in the form
<aclass="reference external"href="http:/">http:/</a>/[<USER>:<PASS>@]<PROXY>:<PORT>. If a proxy
requires authentication, specify <USER> and <PASS>.
Note that they must be properly percent-encoded. This
proxy is used when the backend connection is HTTP/2.
First, make a CONNECT request to the proxy and it
connects to the backend on behalf of nghttpx. This
forms tunnel. After that, nghttpx performs SSL/TLS
handshake with the downstream through the tunnel. The
timeouts when connecting and making CONNECT request can
be specified by <aclass="reference internal"href="#cmdoption--backend-read-timeout"><emclass="xref std std-option">--backend-read-timeout</em></a> and
<spanid="cmdoption--workers"></span><ttclass="descname">-n</tt><ttclass="descclassname"></tt><ttclass="descclassname">, </tt><ttclass="descname">--workers</tt><ttclass="descclassname">=<N></tt><aclass="headerlink"href="#cmdoption-n"title="Permalink to this definition">¶</a></dt>
<ttclass="descname">--read-rate</tt><ttclass="descclassname">=<SIZE></tt><aclass="headerlink"href="#cmdoption--read-rate"title="Permalink to this definition">¶</a></dt>
<dd><p>Set maximum average read rate on frontend connection.
Setting 0 to this option means read rate is unlimited.</p>
<ttclass="descname">--read-burst</tt><ttclass="descclassname">=<SIZE></tt><aclass="headerlink"href="#cmdoption--read-burst"title="Permalink to this definition">¶</a></dt>
<dd><p>Set maximum read burst size on frontend connection.
<ttclass="descname">--write-rate</tt><ttclass="descclassname">=<SIZE></tt><aclass="headerlink"href="#cmdoption--write-rate"title="Permalink to this definition">¶</a></dt>
<dd><p>Set maximum average write rate on frontend connection.
Setting 0 to this option means write rate is unlimited.</p>
<ttclass="descname">--write-burst</tt><ttclass="descclassname">=<SIZE></tt><aclass="headerlink"href="#cmdoption--write-burst"title="Permalink to this definition">¶</a></dt>
<dd><p>Set maximum write burst size on frontend connection.
Setting 0 to this option means write burst size is
<ttclass="descname">--worker-read-rate</tt><ttclass="descclassname">=<SIZE></tt><aclass="headerlink"href="#cmdoption--worker-read-rate"title="Permalink to this definition">¶</a></dt>
<dd><p>Set maximum average read rate on frontend connection per
worker. Setting 0 to this option means read rate is
<ttclass="descname">--worker-read-burst</tt><ttclass="descclassname">=<SIZE></tt><aclass="headerlink"href="#cmdoption--worker-read-burst"title="Permalink to this definition">¶</a></dt>
<dd><p>Set maximum read burst size on frontend connection per
worker. Setting 0 to this option means read burst size
<ttclass="descname">--worker-write-rate</tt><ttclass="descclassname">=<SIZE></tt><aclass="headerlink"href="#cmdoption--worker-write-rate"title="Permalink to this definition">¶</a></dt>
<dd><p>Set maximum average write rate on frontend connection
per worker. Setting 0 to this option means write rate
<ttclass="descname">--worker-write-burst</tt><ttclass="descclassname">=<SIZE></tt><aclass="headerlink"href="#cmdoption--worker-write-burst"title="Permalink to this definition">¶</a></dt>
<dd><p>Set maximum write burst size on frontend connection per
worker. Setting 0 to this option means write burst size
<ttclass="descname">--worker-frontend-connections</tt><ttclass="descclassname">=<N></tt><aclass="headerlink"href="#cmdoption--worker-frontend-connections"title="Permalink to this definition">¶</a></dt>
<dd><p>Set maximum number of simultaneous connections frontend
<ttclass="descname">--backend-http2-connections-per-worker</tt><ttclass="descclassname">=<N></tt><aclass="headerlink"href="#cmdoption--backend-http2-connections-per-worker"title="Permalink to this definition">¶</a></dt>
<dd><p>Set maximum number of HTTP/2 connections per worker.
The default value is 0, which means the number of
backend addresses specified by <aclass="reference internal"href="#cmdoption-b"><emclass="xref std std-option">-b</em></a> option.</p>
<ttclass="descname">--backend-http1-connections-per-host</tt><ttclass="descclassname">=<N></tt><aclass="headerlink"href="#cmdoption--backend-http1-connections-per-host"title="Permalink to this definition">¶</a></dt>
<dd><p>Set maximum number of backend concurrent HTTP/1
connections per host. This option is meaningful when <aclass="reference internal"href="#cmdoption-s"><emclass="xref std std-option">-s</em></a>
option is used. To limit the number of connections per
<ttclass="descname">--backend-http1-connections-per-frontend</tt><ttclass="descclassname">=<N></tt><aclass="headerlink"href="#cmdoption--backend-http1-connections-per-frontend"title="Permalink to this definition">¶</a></dt>
<dd><p>Set maximum number of backend concurrent HTTP/1
connections per frontend. This option is only used for
default mode. 0 means unlimited. To limit the number
of connections per host for HTTP/2 or SPDY proxy mode
(-s option), use <aclass="reference internal"href="#cmdoption--backend-http1-connections-per-host"><emclass="xref std std-option">--backend-http1-connections-per-host</em></a>.</p>
<ttclass="descname">--rlimit-nofile</tt><ttclass="descclassname">=<N></tt><aclass="headerlink"href="#cmdoption--rlimit-nofile"title="Permalink to this definition">¶</a></dt>
<dd><p>Set maximum number of open files (RLIMIT_NOFILE) to <N>.
If 0 is given, nghttpx does not set the limit.</p>
<ttclass="descname">--backend-request-buffer</tt><ttclass="descclassname">=<SIZE></tt><aclass="headerlink"href="#cmdoption--backend-request-buffer"title="Permalink to this definition">¶</a></dt>
<dd><p>Set buffer size used to store backend request.</p>
<ttclass="descname">--backend-response-buffer</tt><ttclass="descclassname">=<SIZE></tt><aclass="headerlink"href="#cmdoption--backend-response-buffer"title="Permalink to this definition">¶</a></dt>
<dd><p>Set buffer size used to store backend response.</p>
<ttclass="descname">--frontend-http2-read-timeout</tt><ttclass="descclassname">=<DURATION></tt><aclass="headerlink"href="#cmdoption--frontend-http2-read-timeout"title="Permalink to this definition">¶</a></dt>
<ttclass="descname">--frontend-read-timeout</tt><ttclass="descclassname">=<DURATION></tt><aclass="headerlink"href="#cmdoption--frontend-read-timeout"title="Permalink to this definition">¶</a></dt>
<ttclass="descname">--frontend-write-timeout</tt><ttclass="descclassname">=<DURATION></tt><aclass="headerlink"href="#cmdoption--frontend-write-timeout"title="Permalink to this definition">¶</a></dt>
<ttclass="descname">--stream-read-timeout</tt><ttclass="descclassname">=<DURATION></tt><aclass="headerlink"href="#cmdoption--stream-read-timeout"title="Permalink to this definition">¶</a></dt>
<ttclass="descname">--stream-write-timeout</tt><ttclass="descclassname">=<DURATION></tt><aclass="headerlink"href="#cmdoption--stream-write-timeout"title="Permalink to this definition">¶</a></dt>
<ttclass="descname">--backend-read-timeout</tt><ttclass="descclassname">=<DURATION></tt><aclass="headerlink"href="#cmdoption--backend-read-timeout"title="Permalink to this definition">¶</a></dt>
<ttclass="descname">--backend-write-timeout</tt><ttclass="descclassname">=<DURATION></tt><aclass="headerlink"href="#cmdoption--backend-write-timeout"title="Permalink to this definition">¶</a></dt>
<ttclass="descname">--backend-keep-alive-timeout</tt><ttclass="descclassname">=<DURATION></tt><aclass="headerlink"href="#cmdoption--backend-keep-alive-timeout"title="Permalink to this definition">¶</a></dt>
<ttclass="descname">--listener-disable-timeout</tt><ttclass="descclassname">=<DURATION></tt><aclass="headerlink"href="#cmdoption--listener-disable-timeout"title="Permalink to this definition">¶</a></dt>
<ttclass="descname">--ciphers</tt><ttclass="descclassname">=<SUITE></tt><aclass="headerlink"href="#cmdoption--ciphers"title="Permalink to this definition">¶</a></dt>
<dd><p>Set allowed cipher list. The format of the string is
<spanid="cmdoption--insecure"></span><ttclass="descname">-k</tt><ttclass="descclassname"></tt><ttclass="descclassname">, </tt><ttclass="descname">--insecure</tt><ttclass="descclassname"></tt><aclass="headerlink"href="#cmdoption-k"title="Permalink to this definition">¶</a></dt>
<dd><p>Don't verify backend server's certificate if <aclass="reference internal"href="#cmdoption-p"><emclass="xref std std-option">-p</em></a>,
<aclass="reference internal"href="#cmdoption--client"><emclass="xref std std-option">--client</em></a> or <aclass="reference internal"href="#cmdoption--http2-bridge"><emclass="xref std std-option">--http2-bridge</em></a> are given and
<aclass="reference internal"href="#cmdoption--backend-no-tls"><emclass="xref std std-option">--backend-no-tls</em></a> is not given.</p>
<ttclass="descname">--cacert</tt><ttclass="descclassname">=<PATH></tt><aclass="headerlink"href="#cmdoption--cacert"title="Permalink to this definition">¶</a></dt>
<dd><p>Set path to trusted CA certificate file if <aclass="reference internal"href="#cmdoption-p"><emclass="xref std std-option">-p</em></a>, <aclass="reference internal"href="#cmdoption--client"><emclass="xref std std-option">--client</em></a>
or <aclass="reference internal"href="#cmdoption--http2-bridge"><emclass="xref std std-option">--http2-bridge</em></a> are given and <aclass="reference internal"href="#cmdoption--backend-no-tls"><emclass="xref std std-option">--backend-no-tls</em></a> is not
given. The file must be in PEM format. It can contain
multiple certificates. If the linked OpenSSL is
configured to load system wide certificates, they are
<ttclass="descname">--private-key-passwd-file</tt><ttclass="descclassname">=<PATH></tt><aclass="headerlink"href="#cmdoption--private-key-passwd-file"title="Permalink to this definition">¶</a></dt>
<dd><p>Path to file that contains password for the server's
private key. If none is given and the private key is
password protected it'll be requested interactively.</p>
<ttclass="descname">--subcert</tt><ttclass="descclassname">=<KEYPATH>:<CERTPATH></tt><aclass="headerlink"href="#cmdoption--subcert"title="Permalink to this definition">¶</a></dt>
<dd><p>Specify additional certificate and private key file.
nghttpx will choose certificates based on the hostname
<ttclass="descname">--backend-tls-sni-field</tt><ttclass="descclassname">=<HOST></tt><aclass="headerlink"href="#cmdoption--backend-tls-sni-field"title="Permalink to this definition">¶</a></dt>
<dd><p>Explicitly set the content of the TLS SNI extension.
<ttclass="descname">--dh-param-file</tt><ttclass="descclassname">=<PATH></tt><aclass="headerlink"href="#cmdoption--dh-param-file"title="Permalink to this definition">¶</a></dt>
<dd><p>Path to file that contains DH parameters in PEM format.
<ttclass="descname">--npn-list</tt><ttclass="descclassname">=<LIST></tt><aclass="headerlink"href="#cmdoption--npn-list"title="Permalink to this definition">¶</a></dt>
<dd><p>Comma delimited list of ALPN protocol identifier sorted
in the order of preference. That means most desirable
protocol comes first. This is used in both ALPN and
NPN. The parameter must be delimited by a single comma
only and any white spaces are treated as a part of
<ttclass="descname">--verify-client</tt><ttclass="descclassname"></tt><aclass="headerlink"href="#cmdoption--verify-client"title="Permalink to this definition">¶</a></dt>
<ttclass="descname">--verify-client-cacert</tt><ttclass="descclassname">=<PATH></tt><aclass="headerlink"href="#cmdoption--verify-client-cacert"title="Permalink to this definition">¶</a></dt>
<dd><p>Path to file that contains CA certificates to verify
client certificate. The file must be in PEM format. It
can contain multiple certificates.</p>
</dd></dl>
<dlclass="option">
<dtid="cmdoption--client-private-key-file">
<ttclass="descname">--client-private-key-file</tt><ttclass="descclassname">=<PATH></tt><aclass="headerlink"href="#cmdoption--client-private-key-file"title="Permalink to this definition">¶</a></dt>
<dd><p>Path to file that contains client private key used in
<ttclass="descname">--client-cert-file</tt><ttclass="descclassname">=<PATH></tt><aclass="headerlink"href="#cmdoption--client-cert-file"title="Permalink to this definition">¶</a></dt>
<dd><p>Path to file that contains client certificate used in
<ttclass="descname">--tls-proto-list</tt><ttclass="descclassname">=<LIST></tt><aclass="headerlink"href="#cmdoption--tls-proto-list"title="Permalink to this definition">¶</a></dt>
<dd><p>Comma delimited list of SSL/TLS protocol to be enabled.
The following protocols are available: TLSv1.2, TLSv1.1
and TLSv1.0. The name matching is done in
case-insensitive manner. The parameter must be
delimited by a single comma only and any white spaces
<ttclass="descname">--tls-ticket-key-file</tt><ttclass="descclassname">=<PATH></tt><aclass="headerlink"href="#cmdoption--tls-ticket-key-file"title="Permalink to this definition">¶</a></dt>
<dd><p>Path to file that contains 48 bytes random data to
construct TLS session ticket parameters. This options
can be used repeatedly to specify multiple ticket
parameters. If several files are given, only the first
key is used to encrypt TLS session tickets. Other keys
are accepted but server will issue new session ticket
with first key. This allows session key rotation.
Please note that key rotation does not occur
automatically. User should rearrange files or change
options values and restart nghttpx gracefully. If
opening or reading given file fails, all loaded keys are
discarded and it is treated as if none of this option is
given. If this option is not given or an error occurred
while opening or reading a file, key is generated
automatically and renewed every 12hrs. At most 2 keys
are stored in memory.</p>
</dd></dl>
<dlclass="option">
<dtid="cmdoption--tls-ctx-per-worker">
<ttclass="descname">--tls-ctx-per-worker</tt><ttclass="descclassname"></tt><aclass="headerlink"href="#cmdoption--tls-ctx-per-worker"title="Permalink to this definition">¶</a></dt>
<dd><p>Create OpenSSL's SSL_CTX per worker, so that no internal
locking is required. This may improve scalability with
multi threaded configuration. If this option is
enabled, session ID is no longer shared accross SSL_CTX
objects, which means session ID generated by one worker
is not acceptable by another worker. On the other hand,
session ticket key is shared across all worker threads.</p>
<spanid="cmdoption--http2-max-concurrent-streams"></span><ttclass="descname">-c</tt><ttclass="descclassname"></tt><ttclass="descclassname">, </tt><ttclass="descname">--http2-max-concurrent-streams</tt><ttclass="descclassname">=<N></tt><aclass="headerlink"href="#cmdoption-c"title="Permalink to this definition">¶</a></dt>
<dd><p>Set the maximum number of the concurrent streams in one
<ttclass="descname">--frontend-http2-window-bits</tt><ttclass="descclassname">=<N></tt><aclass="headerlink"href="#cmdoption--frontend-http2-window-bits"title="Permalink to this definition">¶</a></dt>
<dd><p>Sets the per-stream initial window size of HTTP/2 SPDY
frontend connection. For HTTP/2, the size is 2**<N>-1.
<ttclass="descname">--frontend-http2-connection-window-bits</tt><ttclass="descclassname">=<N></tt><aclass="headerlink"href="#cmdoption--frontend-http2-connection-window-bits"title="Permalink to this definition">¶</a></dt>
<dd><p>Sets the per-connection window size of HTTP/2 and SPDY
frontend connection. For HTTP/2, the size is
2**<N>-1. For SPDY, the size is 2**<N>.</p>
<ttclass="descname">--frontend-no-tls</tt><ttclass="descclassname"></tt><aclass="headerlink"href="#cmdoption--frontend-no-tls"title="Permalink to this definition">¶</a></dt>
<ttclass="descname">--backend-http2-window-bits</tt><ttclass="descclassname">=<N></tt><aclass="headerlink"href="#cmdoption--backend-http2-window-bits"title="Permalink to this definition">¶</a></dt>
<dd><p>Sets the initial window size of HTTP/2 backend
<ttclass="descname">--backend-http2-connection-window-bits</tt><ttclass="descclassname">=<N></tt><aclass="headerlink"href="#cmdoption--backend-http2-connection-window-bits"title="Permalink to this definition">¶</a></dt>
<dd><p>Sets the per-connection window size of HTTP/2 backend
<ttclass="descname">--backend-no-tls</tt><ttclass="descclassname"></tt><aclass="headerlink"href="#cmdoption--backend-no-tls"title="Permalink to this definition">¶</a></dt>
<ttclass="descname">--http2-no-cookie-crumbling</tt><ttclass="descclassname"></tt><aclass="headerlink"href="#cmdoption--http2-no-cookie-crumbling"title="Permalink to this definition">¶</a></dt>
<ttclass="descname">--padding</tt><ttclass="descclassname">=<N></tt><aclass="headerlink"href="#cmdoption--padding"title="Permalink to this definition">¶</a></dt>
<dd><p>Add at most <N> bytes to a HTTP/2 frame payload as
padding. Specify 0 to disable padding. This option is
meant for debugging purpose and not intended to enhance
<ttclass="descname">--no-server-push</tt><ttclass="descclassname"></tt><aclass="headerlink"href="#cmdoption--no-server-push"title="Permalink to this definition">¶</a></dt>
<dd><p>Disable HTTP/2 server push. Server push is only
supported by default mode and HTTP/2 frontend. SPDY
<dd><p>Accept HTTP/2, SPDY and HTTP/1.1 over SSL/TLS. If
<aclass="reference internal"href="#cmdoption--frontend-no-tls"><emclass="xref std std-option">--frontend-no-tls</em></a> is used, accept HTTP/2 and HTTP/1.1.
The incoming HTTP/1.1 connection can be upgraded to
<spanid="cmdoption--http2-proxy"></span><ttclass="descname">-s</tt><ttclass="descclassname"></tt><ttclass="descclassname">, </tt><ttclass="descname">--http2-proxy</tt><ttclass="descclassname"></tt><aclass="headerlink"href="#cmdoption-s"title="Permalink to this definition">¶</a></dt>
<ttclass="descname">--http2-bridge</tt><ttclass="descclassname"></tt><aclass="headerlink"href="#cmdoption--http2-bridge"title="Permalink to this definition">¶</a></dt>
<dd><p>Like default mode, but communicate with the backend in
HTTP/2 over SSL/TLS. Thus the incoming all connections
are converted to HTTP/2 connection and relayed to the
backend. See <aclass="reference internal"href="#cmdoption--backend-http-proxy-uri"><emclass="xref std std-option">--backend-http-proxy-uri</em></a> option if you are
behind the proxy and want to connect to the outside
<ttclass="descname">--client</tt><ttclass="descclassname"></tt><aclass="headerlink"href="#cmdoption--client"title="Permalink to this definition">¶</a></dt>
<dd><p>Accept HTTP/2 and HTTP/1.1 without SSL/TLS. The
incoming HTTP/1.1 connection can be upgraded to HTTP/2
connection through HTTP Upgrade. The protocol to the
backend is HTTP/2. To use nghttpx as a forward proxy,
use <aclass="reference internal"href="#cmdoption-p"><emclass="xref std std-option">-p</em></a> option instead.</p>
<spanid="cmdoption--client-proxy"></span><ttclass="descname">-p</tt><ttclass="descclassname"></tt><ttclass="descclassname">, </tt><ttclass="descname">--client-proxy</tt><ttclass="descclassname"></tt><aclass="headerlink"href="#cmdoption-p"title="Permalink to this definition">¶</a></dt>
<dd><p>Like <aclass="reference internal"href="#cmdoption--client"><emclass="xref std std-option">--client</em></a> option, but it also requires the request
path from frontend must be an absolute URI, suitable for
<spanid="cmdoption--log-level"></span><ttclass="descname">-L</tt><ttclass="descclassname"></tt><ttclass="descclassname">, </tt><ttclass="descname">--log-level</tt><ttclass="descclassname">=<LEVEL></tt><aclass="headerlink"href="#cmdoption-L"title="Permalink to this definition">¶</a></dt>
<dd><p>Set the severity level of log output. <LEVEL> must be
<ttclass="descname">--accesslog-file</tt><ttclass="descclassname">=<PATH></tt><aclass="headerlink"href="#cmdoption--accesslog-file"title="Permalink to this definition">¶</a></dt>
<dd><p>Set path to write access log. To reopen file, send USR1
signal to nghttpx.</p>
</dd></dl>
<dlclass="option">
<dtid="cmdoption--accesslog-syslog">
<ttclass="descname">--accesslog-syslog</tt><ttclass="descclassname"></tt><aclass="headerlink"href="#cmdoption--accesslog-syslog"title="Permalink to this definition">¶</a></dt>
<dd><p>Send access log to syslog. If this option is used,
<aclass="reference internal"href="#cmdoption--accesslog-file"><emclass="xref std std-option">--accesslog-file</em></a> option is ignored.</p>
</dd></dl>
<dlclass="option">
<dtid="cmdoption--accesslog-format">
<ttclass="descname">--accesslog-format</tt><ttclass="descclassname">=<FORMAT></tt><aclass="headerlink"href="#cmdoption--accesslog-format"title="Permalink to this definition">¶</a></dt>
<dd><p>Specify format string for access log. The default
format is combined format. The following variables are
available:</p>
<ulclass="simple">
<li>$remote_addr: client IP address.</li>
<li>$time_local: local time in Common Log format.</li>
<li>$time_iso8601: local time in ISO 8601 format.</li>
<li>$request: HTTP request line.</li>
<li>$status: HTTP response status code.</li>
<li>$body_bytes_sent: the number of bytes sent to client
as response body.</li>
<li>$http_<VAR>: value of HTTP request header <VAR> where
'_' in <VAR> is replaced with '-'.</li>
<li>$remote_port: client port.</li>
<li>$server_port: server port.</li>
<li>$request_time: request processing time in seconds with
milliseconds resolution.</li>
<li>$pid: PID of the running process.</li>
<li>$alpn: ALPN identifier of the protocol which generates
the response. For HTTP/1, ALPN is always http/1.1,
<ttclass="descname">--errorlog-file</tt><ttclass="descclassname">=<PATH></tt><aclass="headerlink"href="#cmdoption--errorlog-file"title="Permalink to this definition">¶</a></dt>
<dd><p>Set path to write error log. To reopen file, send USR1
<ttclass="descname">--errorlog-syslog</tt><ttclass="descclassname"></tt><aclass="headerlink"href="#cmdoption--errorlog-syslog"title="Permalink to this definition">¶</a></dt>
<dd><p>Send error log to syslog. If this option is used,
<aclass="reference internal"href="#cmdoption--errorlog-file"><emclass="xref std std-option">--errorlog-file</em></a> option is ignored.</p>
<ttclass="descname">--syslog-facility</tt><ttclass="descclassname">=<FACILITY></tt><aclass="headerlink"href="#cmdoption--syslog-facility"title="Permalink to this definition">¶</a></dt>
<dd><p>Set syslog facility to <FACILITY>.</p>
<ttclass="descname">--add-x-forwarded-for</tt><ttclass="descclassname"></tt><aclass="headerlink"href="#cmdoption--add-x-forwarded-for"title="Permalink to this definition">¶</a></dt>
<dd><p>Append X-Forwarded-For header field to the downstream
<ttclass="descname">--strip-incoming-x-forwarded-for</tt><ttclass="descclassname"></tt><aclass="headerlink"href="#cmdoption--strip-incoming-x-forwarded-for"title="Permalink to this definition">¶</a></dt>
<dd><p>Strip X-Forwarded-For header field from inbound client
<ttclass="descname">--no-via</tt><ttclass="descclassname"></tt><aclass="headerlink"href="#cmdoption--no-via"title="Permalink to this definition">¶</a></dt>
<dd><p>Don't append to Via header field. If Via header field
<ttclass="descname">--no-location-rewrite</tt><ttclass="descclassname"></tt><aclass="headerlink"href="#cmdoption--no-location-rewrite"title="Permalink to this definition">¶</a></dt>
<dd><p>Don't rewrite location header field on <aclass="reference internal"href="#cmdoption--http2-bridge"><emclass="xref std std-option">--http2-bridge</em></a>,
<aclass="reference internal"href="#cmdoption--client"><emclass="xref std std-option">--client</em></a> and default mode. For <aclass="reference internal"href="#cmdoption--http2-proxy"><emclass="xref std std-option">--http2-proxy</em></a> and
<aclass="reference internal"href="#cmdoption--client-proxy"><emclass="xref std std-option">--client-proxy</em></a> mode, location header field will not be
<ttclass="descname">--no-host-rewrite</tt><ttclass="descclassname"></tt><aclass="headerlink"href="#cmdoption--no-host-rewrite"title="Permalink to this definition">¶</a></dt>
<dd><p>Don't rewrite host and :authority header fields on
<aclass="reference internal"href="#cmdoption--http2-bridge"><emclass="xref std std-option">--http2-bridge</em></a>, <aclass="reference internal"href="#cmdoption--client"><emclass="xref std std-option">--client</em></a> and default mode. For
<aclass="reference internal"href="#cmdoption--http2-proxy"><emclass="xref std std-option">--http2-proxy</em></a> and <aclass="reference internal"href="#cmdoption--client-proxy"><emclass="xref std std-option">--client-proxy</em></a> mode, these headers
will not be altered regardless of this option.</p>
<ttclass="descname">--altsvc</tt><ttclass="descclassname">=<PROTOID,PORT[,HOST,[ORIGIN]]></tt><aclass="headerlink"href="#cmdoption--altsvc"title="Permalink to this definition">¶</a></dt>
<dd><p>Specify protocol ID, port, host and origin of
alternative service. <HOST> and <ORIGIN> are optional.
They are advertised in alt-svc header field or HTTP/2
ALTSVC frame. This option can be used multiple times to
<ttclass="descname">--add-response-header</tt><ttclass="descclassname">=<HEADER></tt><aclass="headerlink"href="#cmdoption--add-response-header"title="Permalink to this definition">¶</a></dt>
<dd><p>Specify additional header field to add to response
header set. This option just appends header field and
won't replace anything already set. This option can be
used several times to specify multiple header fields.
<ttclass="descname">--frontend-http2-dump-request-header</tt><ttclass="descclassname">=<PATH></tt><aclass="headerlink"href="#cmdoption--frontend-http2-dump-request-header"title="Permalink to this definition">¶</a></dt>
<dd><p>Dumps request headers received by HTTP/2 frontend to the
file denoted in <PATH>. The output is done in HTTP/1
header field format and each header block is followed by
an empty line. This option is not thread safe and MUST
NOT be used with option <aclass="reference internal"href="#cmdoption-n"><emclass="xref std std-option">-n</em></a><N>, where <N>>= 2.</p>
<ttclass="descname">--frontend-http2-dump-response-header</tt><ttclass="descclassname">=<PATH></tt><aclass="headerlink"href="#cmdoption--frontend-http2-dump-response-header"title="Permalink to this definition">¶</a></dt>
<dd><p>Dumps response headers sent from HTTP/2 frontend to the
file denoted in <PATH>. The output is done in HTTP/1
header field format and each header block is followed by
an empty line. This option is not thread safe and MUST
NOT be used with option <aclass="reference internal"href="#cmdoption-n"><emclass="xref std std-option">-n</em></a><N>, where <N>>= 2.</p>
<spanid="cmdoption--frontend-frame-debug"></span><ttclass="descname">-o</tt><ttclass="descclassname"></tt><ttclass="descclassname">, </tt><ttclass="descname">--frontend-frame-debug</tt><ttclass="descclassname"></tt><aclass="headerlink"href="#cmdoption-o"title="Permalink to this definition">¶</a></dt>
<dd><p>Print HTTP/2 frames in frontend to stderr. This option
is not thread safe and MUST NOT be used with option
<aclass="reference internal"href="#cmdoption-n"><emclass="xref std std-option">-n</em></a>=N, where N >= 2.</p>
<spanid="cmdoption--daemon"></span><ttclass="descname">-D</tt><ttclass="descclassname"></tt><ttclass="descclassname">, </tt><ttclass="descname">--daemon</tt><ttclass="descclassname"></tt><aclass="headerlink"href="#cmdoption-D"title="Permalink to this definition">¶</a></dt>
<dd><p>Run in a background. If <aclass="reference internal"href="#cmdoption-D"><emclass="xref std std-option">-D</em></a> is used, the current working
<ttclass="descname">--pid-file</tt><ttclass="descclassname">=<PATH></tt><aclass="headerlink"href="#cmdoption--pid-file"title="Permalink to this definition">¶</a></dt>
<ttclass="descname">--user</tt><ttclass="descclassname">=<USER></tt><aclass="headerlink"href="#cmdoption--user"title="Permalink to this definition">¶</a></dt>
<dd><p>Run this program as <USER>. This option is intended to
<ttclass="descname">--conf</tt><ttclass="descclassname">=<PATH></tt><aclass="headerlink"href="#cmdoption--conf"title="Permalink to this definition">¶</a></dt>
<spanid="cmdoption--version"></span><ttclass="descname">-v</tt><ttclass="descclassname"></tt><ttclass="descclassname">, </tt><ttclass="descname">--version</tt><ttclass="descclassname"></tt><aclass="headerlink"href="#cmdoption-v"title="Permalink to this definition">¶</a></dt>
<spanid="cmdoption--help"></span><ttclass="descname">-h</tt><ttclass="descclassname"></tt><ttclass="descclassname">, </tt><ttclass="descname">--help</tt><ttclass="descclassname"></tt><aclass="headerlink"href="#cmdoption-h"title="Permalink to this definition">¶</a></dt>
<h2>FILES<aclass="headerlink"href="#files"title="Permalink to this headline">¶</a></h2>
<dlclass="docutils">
<dt><em>/etc/nghttpx/nghttpx.conf</em></dt>
<dd><pclass="first">The default configuration file path nghttpx searches at startup.
The configuration file path can be changed using <aclass="reference internal"href="#cmdoption--conf"><emclass="xref std std-option">--conf</em></a>
option.</p>
<p>Those lines which are staring <ttclass="docutils literal"><spanclass="pre">#</span></tt> are treated as comment.</p>
<p>The option name in the configuration file is the long command-line
option name with leading <ttclass="docutils literal"><spanclass="pre">--</span></tt> stripped (e.g., <ttclass="docutils literal"><spanclass="pre">frontend</span></tt>). Put
<ttclass="docutils literal"><spanclass="pre">=</span></tt> between option name and value. Don't put extra leading or
trailing spaces.</p>
<p>The options which do not take argument in the command-line <em>take</em>
argument in the configuration file. Specify <ttclass="docutils literal"><spanclass="pre">yes</span></tt> as an argument
(e.g., <ttclass="docutils literal"><spanclass="pre">http2-proxy=yes</span></tt>). If other string is given, it is
ignored.</p>
<p>To specify private key and certificate file which are given as
positional arguments in commnad-line, use <ttclass="docutils literal"><spanclass="pre">private-key-file</span></tt> and
<pclass="last"><aclass="reference internal"href="#cmdoption--conf"><emclass="xref std std-option">--conf</em></a> option cannot be used in the configuration file and
will be ignored if specified.</p>
</dd>
</dl>
</div>
<divclass="section"id="signals">
<h2>SIGNALS<aclass="headerlink"href="#signals"title="Permalink to this headline">¶</a></h2>
<dlclass="docutils">
<dt>SIGQUIT</dt>
<dd>Shutdown gracefully. First accept pending connections and stop
accepting connection. After all connections are handled, nghttpx
exits.</dd>
<dt>SIGUSR1</dt>
<dd>Reopen log files.</dd>
<dt>SIGUSR2</dt>
<dd>Fork and execute nghttpx. It will execute the binary in the same
path with same command-line arguments and environment variables.
After new process comes up, sending SIGQUIT to the original process
<h2>SERVER PUSH<aclass="headerlink"href="#server-push"title="Permalink to this headline">¶</a></h2>
<p>nghttpx supports HTTP/2 server push in default mode. nghttpx looks
for Link header field (<aclass="reference external"href="http://tools.ietf.org/html/rfc5988">RFC 5988</a>) in response headers from
backend server and extracts URI-reference with parameter
<ttclass="docutils literal"><spanclass="pre">rel=preload</span></tt> (see <aclass="reference external"href="http://w3c.github.io/preload/#interoperability-with-http-link-header">preload</a>)
and pushes those URIs to the frontend client. Here is a sample Link
<p>Currently, the following restrictions are applied for server push:</p>
<olclass="arabic simple">
<li>URI-reference must not contain authority. If it exists, it is not
pushed. <ttclass="docutils literal"><spanclass="pre">/fonts/font.woff</span></tt> and <ttclass="docutils literal"><spanclass="pre">css/theme.css</span></tt> are eligible to
be pushed. <ttclass="docutils literal"><spanclass="pre">https://example.org/fonts/font.woff</span></tt> and
<ttclass="docutils literal"><spanclass="pre">//example.org/css/theme.css</span></tt> are not.</li>
<li>The associated stream must have method "GET" or "POST". The
associated stream's status code must be 200.</li>
</ol>
<p>These limitations may be loosened in the future release.</p>
</div>
<divclass="section"id="unix-domain-socket">
<h2>UNIX DOMAIN SOCKET<aclass="headerlink"href="#unix-domain-socket"title="Permalink to this headline">¶</a></h2>
<p>nghttpx supports UNIX domain socket with a filename for both frontend
and backend connections.</p>
<p>Please note that current nghttpx implementation does not delete a
socket with a filename. And on start up, if nghttpx detects that the
specified socket already exists in the file system, nghttpx first
deletes it. However, if SIGUSR2 is used to execute new binary and
both old and new configurations use same filename, new binary does not
Built with <ahref="http://sphinx-doc.org/">Sphinx</a> using a <ahref="https://github.com/snide/sphinx_rtd_theme">theme</a> provided by <ahref="https://readthedocs.org">Read the Docs</a>.