Syntax: pcre_jit on | off; Default: pcre_jit off; Context: main This directive appeared in version 1.1.12. Enables or disables the use of “just-in-time compilation” (PCRE JIT) for the regular expressions known by the time of configuration parsing. PCRE JIT can speed up processing of regular expressions significantly. The JIT is available in PCRE libraries starting from version 8.20 built with the --enable-jit configuration parameter. When the PCRE library is built with nginx (

Syntax: multi_accept on | off; Default: multi_accept off; Context: events If multi_accept is disabled, a worker process will accept one new connection at a time. Otherwise, a worker process will accept all new connections at a time. The directive is ignored if kqueue connection processing method is used, because it reports the number of new connections waiting to be accepted.

Syntax: daemon on | off; Default: daemon on; Context: main Determines whether nginx should become a daemon. Mainly used during development.

Syntax: ssl_ecdh_curve curve; Default: ssl_ecdh_curve auto; Context: stream, server Specifies a curve for ECDHE ciphers. When using OpenSSL 1.0.2 or higher, it is possible to specify multiple curves (1.11.0), for example: ssl_ecdh_curve prime256v1:secp384r1; The special value auto (1.11.0) instructs nginx to use a list built into the OpenSSL library when using OpenSSL 1.0.2 or higher, or prime256v1 with older versions. Prior to version 1.11.0, the prime256v1 curve was used

Syntax: uwsgi_ssl_password_file file; Default: — Context: http, server, location This directive appeared in version 1.7.8. Specifies a file with passphrases for secret keys where each passphrase is specified on a separate line. Passphrases are tried in turn when loading the key.

Syntax: proxy_ssl_verify on | off; Default: proxy_ssl_verify off; Context: stream, server Enables or disables verification of the proxied server certificate.

Syntax: proxy_hide_header field; Default: — Context: http, server, location By default, nginx does not pass the header fields “Date”, “Server”, “X-Pad”, and “X-Accel-...” from the response of a proxied server to a client. The proxy_hide_header directive sets additional fields that will not be passed. If, on the contrary, the passing of fields needs to be permitted, the proxy_pass_header directive can be used.

Syntax: proxy_temp_file_write_size size; Default: proxy_temp_file_write_size 8k|16k; Context: http, server, location Limits the size of data written to a temporary file at a time, when buffering of responses from the proxied server to temporary files is enabled. By default, size is limited by two buffers set by the proxy_buffer_size and proxy_buffers directives. The maximum size of a temporary file is set by the proxy_max_temp_file_size directive.

Syntax: ssl_stapling on | off; Default: ssl_stapling off; Context: http, server This directive appeared in version 1.3.7. Enables or disables stapling of OCSP responses by the server. Example: ssl_stapling on; resolver 192.0.2.1; For the OCSP stapling to work, the certificate of the server certificate issuer should be known. If the ssl_certificate file does not contain intermediate certificates, the certificate of the server certificate issuer should be present in the ssl_trus

Syntax: ssl_crl file; Default: — Context: stream, server This directive appeared in version 1.11.8. Specifies a file with revoked certificates (CRL) in the PEM format used to verify client certificates.