Syntax: sub_filter string replacement; Default: — Context: http, server, location Sets a string to replace and a replacement string. The string to replace is matched ignoring the case. The string to replace (1.9.4) and replacement string can contain variables. Several sub_filter directives can be specified on one configuration level (1.9.4). These directives are inherited from the previous level if and only if there are no sub_filter directives defined on the current level.

Syntax: proxy_ssl_session_reuse on | off; Default: proxy_ssl_session_reuse on; Context: http, server, location Determines whether SSL sessions can be reused when working with the proxied server. If the errors “SSL3_GET_FINISHED:digest check failed” appear in the logs, try disabling session reuse.

Syntax: proxy_pass_error_message on | off; Default: proxy_pass_error_message off; Context: mail, server Indicates whether to pass the error message obtained during the authentication on the backend to the client. Usually, if the authentication in nginx is a success, the backend cannot return an error. If it nevertheless returns an error, it means some internal error has occurred. In such case the backend message can contain information that should not be shown to the client. Howe

Syntax: load_module file; Default: — Context: main This directive appeared in version 1.9.11. Loads a dynamic module. Example: load_module modules/ngx_mail_module.so;

Syntax: uwsgi_pass [protocol://]address; Default: — Context: location, if in location Sets the protocol and address of a uwsgi server. As a protocol, “uwsgi” or “suwsgi” (secured uwsgi, uwsgi over SSL) can be specified. The address can be specified as a domain name or IP address, and a port: uwsgi_pass localhost:9000; uwsgi_pass uwsgi://localhost:9000; uwsgi_pass suwsgi://[2001:db8::1]:9090; or as a UNIX-domain socket path: uwsgi_pass unix:/tmp/uwsgi.socket; If a domain nam

Syntax: proxy_cache zone | off; Default: proxy_cache off; Context: http, server, location Defines a shared memory zone used for caching. The same zone can be used in several places. Parameter value can contain variables (1.7.9). The off parameter disables caching inherited from the previous configuration level.

Syntax: resolver address ... [valid=time] [ipv6=on|off]; Default: — Context: http, server, location Configures name servers used to resolve names of upstream servers into addresses, for example: resolver 127.0.0.1 [::1]:5353; An address can be specified as a domain name or IP address, and an optional port (1.3.1, 1.2.2). If port is not specified, the port 53 is used. Name servers are queried in a round-robin fashion. Before version 1.1.7, only a single name serve

Syntax: ssl_verify_client on | off | optional | optional_no_ca; Default: ssl_verify_client off; Context: stream, server This directive appeared in version 1.11.8. Enables verification of client certificates. The verification result is stored in the $ssl_client_verify variable. If an error has occurred during the client certificate verification or a client has not presented the required certificate, the connection is closed. The optional parameter requests the client cer

Syntax: server_name name ...; Default: server_name ""; Context: server Sets names of a virtual server, for example: server { server_name example.com www.example.com; } The first name becomes the primary server name. Server names can include an asterisk (“*”) replacing the first or last part of a name: server { server_name example.com *.example.com www.example.*; } Such names are called wildcard names. The first two of the names mentioned above can be combined in

Syntax: proxy_ssl_trusted_certificate file; Default: — Context: http, server, location This directive appeared in version 1.7.0. Specifies a file with trusted CA certificates in the PEM format used to verify the certificate of the proxied HTTPS server.