Syntax: proxy_ssl_server_name on | off; Default: proxy_ssl_server_name off; Context: http, server, location This directive appeared in version 1.7.0. Enables or disables passing of the server name through TLS Server Name Indication extension (SNI, RFC 6066) when establishing a connection with the proxied HTTPS server.

Syntax: rewrite regex replacement [flag]; Default: — Context: server, location, if If the specified regular expression matches a request URI, URI is changed as specified in the replacement string. The rewrite directives are executed sequentially in order of their appearance in the configuration file. It is possible to terminate further processing of the directives using flags. If a replacement string starts with “http://”, “https://”, or “$scheme”, the processing stops

Syntax: starttls on | off | only; Default: starttls off; Context: mail, server on allow usage of the STLS command for the POP3 and the STARTTLS command for the IMAP; off deny usage of the STLS and STARTTLS commands; only require preliminary TLS transition.

Syntax: proxy_bind address [transparent] | off; Default: — Context: http, server, location This directive appeared in version 0.8.22. Makes outgoing connections to a proxied server originate from the specified local IP address with an optional port (1.11.2). Parameter value can contain variables (1.3.12). The special value off (1.3.12) cancels the effect of the proxy_bind directive inherited from the previous configuration level, which allows the system to auto-assign

Syntax: open_log_file_cache max=N [inactive=time] [min_uses=N] [valid=time];open_log_file_cache off; Default: open_log_file_cache off; Context: http, server, location Defines a cache that stores the file descriptors of frequently used logs whose names contain variables. The directive has the following parameters: max sets the maximum number of descriptors in a cache; if the cache becomes full the least recently used (LRU) descriptors are closed inactive sets the time after whi

Syntax: fastcgi_next_upstream_timeout time; Default: fastcgi_next_upstream_timeout 0; Context: http, server, location This directive appeared in version 1.7.5. Limits the time during which a request can be passed to the next server. The 0 value turns off this limitation.

Syntax: uwsgi_ignore_headers field ...; Default: — Context: http, server, location Disables processing of certain response header fields from the uwsgi server. The following fields can be ignored: “X-Accel-Redirect”, “X-Accel-Expires”, “X-Accel-Limit-Rate” (1.1.6), “X-Accel-Buffering” (1.1.6), “X-Accel-Charset” (1.1.6), “Expires”, “Cache-Control”, “Set-Cookie” (0.8.44), and “Vary” (1.7.7). If not disabled, processing of these header fields has the following effect: “X-Accel-Exp

Syntax: xslt_stylesheet stylesheet [parameter=value ...]; Default: — Context: location Defines the XSLT stylesheet and its optional parameters. A stylesheet is compiled at the configuration stage. Parameters can either be specified separately, or grouped in a single line using the “:” delimiter. If a parameter includes the “:” character, it should be escaped as “%3A”. Also, libxslt requires to enclose parameters that contain non-alphanumeric characters into single or dou

Syntax: dav_methods off | method ...; Default: dav_methods off; Context: http, server, location Allows the specified HTTP and WebDAV methods. The parameter off denies all methods processed by this module. The following methods are supported: PUT, DELETE, MKCOL, COPY, and MOVE. A file uploaded with the PUT method is first written to a temporary file, and then the file is renamed. Starting from version 0.8.9, temporary files and the persistent store can be put on different fil

Syntax: secure_link_secret word; Default: — Context: location Defines a secret word used to check authenticity of requested links. The full URI of a requested link looks as follows: /prefix/hash/link where hash is a hexadecimal representation of the MD5 hash computed for the concatenation of the link and secret word, and prefix is an arbitrary string without slashes. If the requested link passes the authenticity check, the $secure_link variable is set to the link extracted