Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help
VINYLD(1)		    General Commands Manual		     VINYLD(1)

NAME
       vinyld -	HTTP accelerator daemon

SYNOPSIS
       vinyld [-a    [name=][listen_address[,PROTO|,option=value,...]]	   [-b
	      [host[:port]|path]] [-C] [-d] [-E	extension]  [-F]  [-f  config]
	      [-h type[,options]] [-I clifile] [-i identity] [-j jail[,jailop-
	      tions]]  [-l  vsl]  [-M address:port] [-n	workdir] [-P file] [-p
	      param=value]  [-r	 param[,param...]]    [-S   secret-file]   [-s
	      [name=]kind[,options]]  [-T  address[:port]]  [-t	 TTL] [-V] [-W
	      waiter]

       vinyld [-x parameter|vsl|cli|builtin|optstring]

       vinyld [-?]

DESCRIPTION
       The vinyld daemon accepts HTTP requests from clients, passes them on to
       a backend server	and caches the returned	documents  to  better  satisfy
       future requests for the same document.

OPTIONS
   Basic options
       -a <[name=][listen_address[,PROTO|,option=value,...]]>
	      Generic  syntax  to  accept client requests on a listen_address.
	      See below	for details.

	      Name is referenced in logs and available to vcl as local.socket.
	      If name is not specified,	a with	a  numerical  sequence	("a0",
	      "a1", etc.) is used.

	      Any  arguments  after  the listen_address	separated by comma are
	      taken as either an acceptor option=value pair if containing a =,
	      or as a PROTO(col) selection otherwise.

	      Valid options depend on the acceptor type, see below.

	      PROTO can	be "HTTP" (the default)	or "PROXY".   Both  version  1
	      and 2 of the proxy protocol can be used.

	      Multiple -a arguments are	allowed.

	      If  no  -a  argument is given, the default -a :80	will listen on
	      all IPv4 and IPv6	interfaces.

       -a <[name=][ip_address][:port][,PROTO]>
	      The ip_address can be a host name	("localhost"),	an  IPv4  dot-
	      ted-quad	("127.0.0.1")  or  an  IPv6 address enclosed in	square
	      brackets ("[::1]")

	      The port can be a	port number (80), a service name (http), or  a
	      port  range  (80-81). Port ranges	are inclusive and cannot over-
	      lap. If port is not specified, port 80 (http) is used.

	      At least one of ip_address or port is required.

       -a <[name=][path][,PROTO][,user=name][,group=name][,mode=octal]>
	      (VCL4.1 and higher)

	      Accept connections on a Unix domain socket.  Path	 must  be  ab-
	      solute  ("/path/to/listen.sock")	or "@" followed	by the name of
	      an abstract socket ("@myvinyld").

	      The user,	group and mode sub-arguments may be  used  to  specify
	      the  permissions	of  the	 socket	file --	use names for user and
	      group, and a 3-digit octal value for mode.  These	 sub-arguments
	      do not apply to abstract sockets.

       -b <[host[:port]|path]>
	      Use  the specified host as backend server. If port is not	speci-
	      fied, the	default	is 8080.

	      If the value of -b begins	with /,	it is interpreted as  the  ab-
	      solute path of a Unix domain socket to which vinyld connects. In
	      that  case, the value of -b must satisfy the conditions required
	      for the .path field of a backend declaration, see	vcl(7).	 Back-
	      ends with	Unix socket addresses may only be used with  VCL  ver-
	      sions >= 4.1.

	      -b can be	used only once,	and not	together with f.

       -f config
	      Use  the specified VCL configuration file	instead	of the builtin
	      default.	See vcl(7) for details on VCL syntax.

	      If a single -f option is used, then the VCL instance loaded from
	      the file is named	"boot" and immediately becomes active. If more
	      than one -f option is used, the VCL instances are	named "boot0",
	      "boot1" and so forth, in the order corresponding to the -f argu-
	      ments, and the last one is named "boot", which becomes active.

	      Either -b	or one or more -f options must be specified,  but  not
	      both,  and  they	cannot	both be	left out, unless -d is used to
	      start vinyld in debugging	mode. If the empty string is specified
	      as the sole -f option, then vinyld starts	without	 starting  the
	      worker  process, and the management process will accept CLI com-
	      mands.  You can also combine an empty -f option with an initial-
	      ization script (-I option) and the child process will be started
	      if there is an active VCL	at the end of the initialization.

	      When used	with a relative	file name, config is searched  in  the
	      vcl_path.	 It is possible	to set this path prior to using	-f op-
	      tions with a -p option. During startup, vinyld doesn't  complain
	      about unsafe VCL paths: unlike the vinyl-cli(7) that could later
	      be accessed remotely, starting vinyld requires local privileges.

       -n workdir
	      Runtime directory	for the	shared memory, compiled	VCLs etc.

	      In  performance  critical	applications, this directory should be
	      on a RAM backed filesystem.

	      When running multiple  vinyld  instances,	 separate  directories
	      need to be used.

	      The  default is taken from the VINYL_DEFAULT_N environment vari-
	      able.

	      Relative paths will be appended to /usr/local/vinyl-cache.

	      If neither VINYL_DEFAULT_N nor -n	 are  present,	the  value  is
	      /usr/local/vinyl-cache/vinyld.

	      Note: These defaults may be distribution specific.

   Documentation options
       For these options, vinyld prints	information to standard	output and ex-
       its.  When  a -x	option is used,	it must	be the only option (it outputs
       documentation in	reStructuredText, aka RST).

       -?
	  Print	the usage message.

       -x parameter
	      Print documentation of the runtime parameters (-p	options),  see
	      List of Parameters.

       -x vsl Print  documentation of the tags used in the Vinyld Cache	shared
	      memory log, see vsl(7).

       -x cli Print  documentation  of	the  command   line   interface,   see
	      vinyl-cli(7).

       -x builtin
	      Print the	contents of the	default	VCL program builtin.vcl.

       -x optstring
	      Print the	optstring parameter to getopt(3) to help writing wrap-
	      per scripts.

   Operations options
       -F     Do  not fork, run	in the foreground. Only	one of -F or -d	can be
	      specified, and -F	cannot be used together	with -C.

       -T <address[:port]>
	      Offer a management interface on the specified address and	 port.
	      See  vinyl-cli(7)	 for documentation of the management commands.
	      To disable the management	interface use none.

       -M <address:port>
	      Connect to this port  and	 offer	the  command  line  interface.
	      Think  of	 it as a reverse shell.	When running with -M and there
	      is no backend defined the	child process  (the  cache)  will  not
	      start initially.

       -P file
	      Write the	PID of the process to the specified file.

       -i identity
	      Specify  the identity of the Vinyl Cache server. This can	be ac-
	      cessed using server.identity from	VCL.

	      The server identity is used for the  received-by	field  of  Via
	      headers  generated by Vinyl Cache. For this reason, it must be a
	      valid token as defined by	the HTTP grammar.

	      If not specified the output of gethostname(3) is used, in	 which
	      case the syntax is assumed to be correct.

       -I clifile
	      Execute the management commands in the file given	as clifile be-
	      fore the worker process starts, see CLI Command File.

       -E extension
	      Load  the	 named extension. Extensions are modules (VMODs) which
	      can modify vinyld	behavior outside VCL, for  example  by	adding
	      storage- or protocol implementations. Extensions are always also
	      VMODs, even if they do not provide any functionality to VCL, but
	      in most cases they will.

	      Any VMOD can be loaded as	an extension, in which case it is sim-
	      ply  pre-loaded  at  startup and prevented from ever getting un-
	      loaded.

	      If extension contains any	slashes	/, it is taken as  an  abslute
	      path.   Otherwise,  for extention	ext, a vmod_ext.so is searched
	      for in vmod_path.

	      vinyld startup fails if loading the extension fails for any rea-
	      son.

   Tuning options
       -t TTL Specifies	the default time to live  (TTL)	 for  cached  objects.
	      This is a	shortcut for specifying	the default_ttl	run-time para-
	      meter.

       -p <param=value>
	      Set the parameter	specified by param to the specified value, see
	      List of Parameters for details. This option can be used multiple
	      times to specify multiple	parameters.

       -s <[name=]type[,options]>
	      Use the specified	storage	backend. See Storage Backend section.

	      This option can be used multiple times to	specify	multiple stor-
	      age  files. Name is referenced in	logs, VCL, statistics, etc. If
	      name is not specified, "s0", "s1"	and so forth is	used.

       -l <vsl>
	      Specifies	size of	the space for the VSL records,	shorthand  for
	      -p  vsl_space=<vsl>.  Scaling  suffixes  like 'K'	and 'M'	can be
	      used up to (G)igabytes. See vsl_space for	more information.

   Security options
       -r <param[,param...]>
	      Make the listed parameters read only. This gives the system  ad-
	      ministrator  a  way  to  limit  what the Vinyl Cache CLI can do.
	      Consider making parameters  such	as  cc_command,	 vcc_allow_in-
	      line_c  and vmod_path read only as these can potentially be used
	      to escalate privileges from the CLI.

       -S secret-file
	      Path to a	file containing	a secret used for  authorizing	access
	      to the management	port. To disable authentication	use none.

	      If this argument is not provided,	a secret drawn from the	system
	      PRNG  will  be  written to a file	called _.secret	in the working
	      directory	(see opt_n) with default ownership and permissions  of
	      the user having started vinyld.

	      Thus,  users wishing to delegate control over vinyld will	proba-
	      bly want to create a custom secret file with appropriate permis-
	      sions (ie. readable by a unix group to delegate control to).

       -j <jail[,jailoptions]>
	      Specify the jailing mechanism to use. See	Jail section.

   Advanced, development and debugging options
       -d     Enables debugging	mode: The parent process  runs	in  the	 fore-
	      ground  with  a  CLI  connection	on stdin/stdout, and the child
	      process must be started explicitly with a	CLI command. Terminat-
	      ing the parent process will also terminate the child.

	      Only one of -d or	-F can be specified, and -d cannot be used to-
	      gether with -C.

       -C     Print VCL	code compiled to C language and	exit. Specify the  VCL
	      file to compile with the -f option. Either -f or -b must be used
	      with -C, and -C cannot be	used with -F or	-d.

       -V     Display  the  version number and exit. This must be the only op-
	      tion.

       -h <type[,options]>
	      Specifies	the hash algorithm. See	Hash Algorithm section	for  a
	      list of supported	algorithms.

       -W waiter
	      Specifies	the waiter type	to use.

   Hash	Algorithm
       The following hash algorithms are available:

       -h critbit
	      self-scaling tree	structure. The default hash algorithm in Vinyl
	      Cache  2.1  and  onwards.	 In comparison to a more traditional B
	      tree the critbit tree is	almost	completely  lockless.  Do  not
	      change this unless you are certain what you're doing.

       -h simple_list
	      A	 simple	 doubly-linked	list.	Not recommended	for production
	      use.

       -h <classic[,buckets]>
	      A	standard hash table. The hash key is the CRC32 of the object's
	      URL modulo the size of the hash table.  Each table entry	points
	      to a list	of elements which share	the same hash key. The buckets
	      parameter	 specifies  the	 number	 of entries in the hash	table.
	      The default is 16383.

   Storage Backend
       Multiple	storage	backends (where	the cached and in-flight  objects  are
       held)  can be defined, and VCL can pilot	which store is used by setting
       the beresp.storage variable (see	man vcl-var for	more information).

       The argument format to define storage backends is:

       -s <[name]=kind[,options]>
	      If name is omitted, vinyld will name storages sN,	starting  with
	      s0 and incrementing N for	every new storage.

	      For kind and options see details below.

       Storages	can be used in vcl as storage.name, so,	for example if myStor-
       age was defined by -s myStorage=malloc,5G, it could be used in VCL like
       so:

	  set beresp.storage = storage.myStorage;

       A  special  name	 is  Transient	which  is  the default storage for un-
       cacheable  objects  as  resulting  from	 a   pass,   hit-for-miss   or
       hit-for-pass.

       If no -s	options	are given, the default is:

	  -s default,100m

       If  no  Transient storage is defined, the default is an unbound default
       storage as if defined as:

	  -s Transient=default

       The following storage types and options are available:

       -s <default[,size]>
	      The default storage type resolves	to umem	 where	available  and
	      malloc otherwise.

       -s <malloc[,size]>
	      malloc is	a memory based backend.

       -s <umem[,size]>
	      umem is a	storage	backend	which is more efficient	than malloc on
	      platforms	where it is available.

	      See the section on umem in chapter Storage backends of The Vinyl
	      Users Guide for details.

       -s <file,path[,size[,granularity[,advice]]]>
	      The file backend stores data in a	file on	disk. The file will be
	      accessed	using  mmap.  Note  that this storage provide no cache
	      persistence.

	      The path is mandatory. If	path points to a directory,  a	tempo-
	      rary  file will be created in that directory and immediately un-
	      linked. If path points to	a non-existing file, the file will  be
	      created.

	      If  size	is omitted, and	path points to an existing file	with a
	      size greater than	zero, the size of that file will be  used.  If
	      not, an error is reported.

	      Granularity sets the allocation block size. Defaults to the sys-
	      tem page size or the filesystem block size, whichever is larger.

	      Advice  tells  the  kernel how vinyld expects to use this	mapped
	      region so	that the kernel	can choose the appropriate  read-ahead
	      and  caching  techniques.	Possible values	are normal, random and
	      sequential,  corresponding  to  MADV_NORMAL,   MADV_RANDOM   and
	      MADV_SEQUENTIAL  madvise()  advice  argument,  respectively. De-
	      faults to	random.

       -s <persistent,path,size>
	      Persistent storage. vinyld will store objects in	a  file	 in  a
	      manner  that  will secure	the survival of	most of	the objects in
	      the event	of a planned or	unplanned shutdown of vinyld. The per-
	      sistent storage backend has multiple issues  with	 it  and  will
	      likely be	removed	from a future version of Vinyl Cache

   Jail
       Vinyl  Cache  jails are a generalization	over various platform specific
       methods to reduce the privileges	of vinyld  processes.  They  may  have
       specific	options. Available jails are:

       -j <solaris[,worker=`privspec`]>
	      Reduce  privileges(5)  for vinyld	and sub-processes to the mini-
	      mally required set. Only available on platforms which  have  the
	      setppriv(2) call.

	      The  optional  worker  argument  can  be	used  to pass a	privi-
	      lege-specification (see ppriv(1))	by which to extend the	effec-
	      tive set of the vinyld worker process. While extended privileges
	      may  be required by custom vmods,	not using the worker option is
	      always more secure.

	      Example to grant basic privileges	to the worker process:

		 -j solaris,worker=basic

       -j <linux[,transparent_hugepage=`thp_setting`][,`unixjailoption`...]>
	      Default on Linux	platforms,  it	extends	 the  UNIX  jail  with
	      Linux-specific mechanisms:

	      	It warns when workdir is not on	a tmpfs.

	      	It  tries  to  keep the	process	dumpable after dropping	privi-
		leges.

	      	It adds	control	over the transparent hugepage (THP) setting.

	      thp_setting can take these values:

	      	ignore:	Do nothing

	      	enable:	Enable THP (see	Note below)

	      	disable: Disable THP

	      	try-disable (default): Try to  disable,	 ignore	 failure  (but
		emit a warning)

	      Note:  Technically,  enable is "disable the disable", so it does
	      not necessarily enable THP. The setting names have  been	chosen
	      to avoid a confusing double negation.

       -j <unix[,user=`user`][,ccgroup=`group`][,workuser=`user`]>
	      Default  on  all	other platforms	when vinyld is started with an
	      effective	uid of 0 ("as root").

	      With the unix jail mechanism activated, vinyld will switch to an
	      alternative user for subprocesses	and change the	effective  uid
	      of the master process whenever possible.

	      The  optional  user argument specifies which alternative user to
	      use. It defaults to vinyl.

	      The optional ccgroup argument specifies a	group to add to	vinyld
	      subprocesses requiring access to a c-compiler. There is  no  de-
	      fault.

	      The  optional workuser argument specifies	an alternative user to
	      use for the worker process. It defaults to vcache.

	      The users	given for the user and workuser	arguments need to have
	      the same primary ("login") group.

	      For users	migrating from Varnish Cache, shell  commands  similar
	      to the following may be used to remove the previous default user
	      and group:

		 userdel varnish || true
		 userdel vcache	|| true
		 userdel varnishlog || true # to remove	reference to varnish group
		 groupdel varnish || true

	      To  set  up  a  system  for  the default users with a group name
	      vinyl, shell commands similar to these may be used:

		 groupadd vinyl
		 useradd -g vinyl -d /nonexistent -s /bin/false	\
		   -c "Vinyl Cache Daemon User"	vinyl
		 useradd -g vinyl -d /nonexistent -s /bin/false	\
		   -c "Vinyl Cache Worker User"	vcache
		 useradd -g vinyl -d /nonexistent -s /bin/false	\
		   -c "Vinyl Log User" vinyllog

	      Note that	the vinyllog user is not required and only  added  be-
	      cause,  by convention, it	may be used to run vinyllog, vinylncsa
	      and other	VSM/VSL	based tools.

       -j none
	      last resort jail choice: With jail mechanism none,  vinyld  will
	      run all processes	with the privileges it was started with.

   Management Interface
       If  the	-T option was specified, vinyld	will offer a command-line man-
       agement interface on the	specified address and port.   The  recommended
       way  of	connecting to the command-line management interface is through
       vinyladm(1).

       The commands available are documented in	vinyl-cli(7).

   CLI Command File
       The -I option makes it possible to run  arbitrary  management  commands
       when  vinyld is launched, before	the worker process is started. In par-
       ticular,	this is	the way	to load	configurations,	apply labels to	 them,
       and make	a VCL instance active that uses	those labels on	startup:

	  vcl.load panic /etc/vinyl-cache/panic.vcl
	  vcl.load siteA0 /etc/vinyl-cache/siteA.vcl
	  vcl.load siteB0 /etc/vinyl-cache/siteB.vcl
	  vcl.load siteC0 /etc/vinyl-cache/siteC.vcl
	  vcl.label siteA siteA0
	  vcl.label siteB siteB0
	  vcl.label siteC siteC0
	  vcl.load main	/etc/vinyl-cache/main.vcl
	  vcl.use main

       Every  line in the file,	including the last line, must be terminated by
       a newline or carriage return  or	 is  otherwise	considered  truncated,
       which is	a fatal	error.

       If  a  command in the file is prefixed with '-',	failure	will not abort
       the startup.

       Note that it is necessary to include an explicit	vcl.use	command	to se-
       lect which VCL should be	the active VCL when  relying  on  CLI  Command
       File to load the	configurations at startup.

RUN TIME PARAMETERS
       Runtime parameters can either be	set during startup with	the -p command
       line  option  for  vinyld(1)  or	through	the CLI	using the param.set or
       param.reset commands. They can be locked	during	startup	 with  the  -r
       command line option.

   Run Time Parameter Units
       There  are different types of parameters	that may accept	a list of spe-
       cific values, or	optionally take	a unit suffix.

   bool
       A boolean parameter accepts the values on and off.

       It will also recognize the following values:

        yes and no

        true and false

        enable	and disable

   bytes
       A bytes parameter requires one of the following units suffixes:

        b (bytes)

        k (kibibytes, 1024 bytes)

        m (mebibytes, 1024 kibibytes)

        g (gibibytes, 1024 mebibytes)

        t (tebibytes, 1024 gibibytes)

        p (pebibytes, 1024 tebibytes)

       Multiplicator units may be appended with	an extra b. For	example	32k is
       equivalent to 32kb. Bytes units are case-insensitive.

   seconds
       A duration parameter may	accept the following units suffixes:

        ms (milliseconds)

        s (seconds)

        m (minutes)

        h (hours)

        d (days)

        w (weeks)

        y (years)

       If the parameter	is a timeout or	a deadline, a value of	"never"	 (when
       allowed)	disables the effect of the parameter.

   Run Time Parameter Flags
       Runtime	parameters  are	marked with shorthand flags to avoid repeating
       the same	text over and over in the table	 below.	 The  meaning  of  the
       flags are:

        experimental

	 We  have  no solid information	about good/bad/optimal values for this
	 parameter. Feedback with experience and observations  are  most  wel-
	 come.

        delayed

	 This  parameter  can  be changed on the fly, but will not take	effect
	 immediately.

        restart

	 The worker process must be stopped and	restarted, before this parame-
	 ter takes effect.

        reload

	 The VCL programs must be reloaded for this parameter to take effect.

        wizard

	 Do not	touch unless you really	know what you're doing.

        only_root

	 Only works if vinyld is running as root.

   Default Value Exceptions on 32 bit Systems
       Be aware	that on	32 bit systems,	certain	default	or maximum values  are
       reduced	relative  to  the values listed	below, in order	to conserve VM
       space:

        workspace_client: 24k

        workspace_backend: 20k

        http_resp_size: 8k

        http_req_size:	12k

        gzip_buffer: 4k

        vsl_buffer: 4k

        vsl_space: 1G (maximum)

        thread_pool_stack: 64k

   List	of Parameters
       This text is produced from the same text	you will find in  the  CLI  if
       you use the param.show command:

   accept_filter
       NB:  This  parameter depends on a feature which is not available	on all
       platforms.

	   Units: bool

	   Default: on	(if your platform supports accept filters)

	   Flags: must_restart

       Enable kernel accept-filters. This may require a	kernel	module	to  be
       loaded to have an effect	when enabled.

       Enabling	 accept_filter	may prevent some requests to reach Vinyl Cache
       in the first place. Malformed requests may go  unnoticed	 and  not  in-
       crease the client_req_400 counter. GET or HEAD requests with a body may
       be blocked altogether.

   acceptor_sleep_decay
	   Default: 0.9

	   Minimum: 0

	   Maximum: 1

	   Flags: experimental

       If we run out of	resources, such	as file	descriptors or worker threads,
       the  acceptor  will sleep between accepts.  This	parameter (multiplica-
       tively) reduce the sleep	duration for each successful accept. (ie:  0.9
       = reduce	by 10%)

   acceptor_sleep_incr
	   Units: seconds

	   Default: 0.000

	   Minimum: 0.000

	   Maximum: 1.000

	   Flags: experimental

       If we run out of	resources, such	as file	descriptors or worker threads,
       the  acceptor  will  sleep between accepts.  This parameter control how
       much longer we sleep, each time we fail to accept a new connection.

   acceptor_sleep_max
	   Units: seconds

	   Default: 0.050

	   Minimum: 0.000

	   Maximum: 10.000

	   Flags: experimental

       If we run out of	resources, such	as file	descriptors or worker threads,
       the acceptor will sleep between accepts.	  This	parameter  limits  how
       long it can sleep between attempts to accept new	connections.

   auto_restart
	   Units: bool

	   Default: on

       Automatically restart the child/worker process if it dies.

   backend_idle_timeout
	   Units: seconds

	   Default: 60.000

	   Minimum: 1.000

       Timeout before we close unused backend connections.

   backend_local_error_holddown
	   Units: seconds

	   Default: 10.000

	   Minimum: 0.000

	   Flags: experimental

       When  connecting	 to backends, certain error codes (EADDRNOTAVAIL, EAC-
       CESS, EPERM) signal a local resource shortage  or  configuration	 issue
       for  which retrying connection attempts may worsen the situation	due to
       the complexity of the operations	involved in the	kernel.	 This  parame-
       ter prevents repeated connection	attempts for the configured duration.

   backend_remote_error_holddown
	   Units: seconds

	   Default: 0.250

	   Minimum: 0.000

	   Flags: experimental

       When connecting to backends, certain error codes	(ECONNREFUSED, ENETUN-
       REACH) signal fundamental connection issues such	as the backend not ac-
       cepting	connections  or	routing	problems for which repeated connection
       attempts	are considered useless This parameter prevents	repeated  con-
       nection attempts	for the	configured duration.

   backend_wait_limit
	   Default: 0

	   Minimum: 0

	   Flags: experimental

       Maximum	number	of  transactions  that can queue waiting for a backend
       connection to become available.	This default of	0  (zero)  means  that
       there  is  no transaction queueing. VCL can override this default value
       for each	backend.

       Note that this feature must be used  with  caution,  as	it  can	 cause
       threads to pile up and increase response	times.

   backend_wait_timeout
	   Units: seconds

	   Default: 0.000

	   Minimum: 0.000

	   Flags: timeout, experimental

       When  a	backend	 has  no  connections available	for a transaction, the
       transaction can be queued (see backend_wait_limit) to wait for  a  con-
       nection.	  This	is the default time that the transaction will wait be-
       fore giving up. VCL can override	this default value for each backend.

       It is strongly advised to never set this	higher than a couple  of  sec-
       onds.

   ban_any_variant
	   Units: checks

	   Default: 0

	   Minimum: 0

       Maximum	number	of  possibly  non  matching  variants that we evaluate
       against the ban list during a lookup.  Setting this  to	0  means  that
       only  the  matching  variants will be evaluated against the current ban
       list.

   ban_cutoff
	   Units: bans

	   Default: 0

	   Minimum: 0

	   Flags: experimental

       Expurge long tail content from the cache	to keep	the number of bans be-
       low this	value. 0 disables.

       When this parameter is set to a non-zero	value, the ban lurker  contin-
       ues  to	work  the ban list as usual top	to bottom, but when it reaches
       the ban_cutoff-th ban, it treats	all objects as if they matched	a  ban
       and  expunges  them  from  cache.  As  actively used objects get	tested
       against the ban list at request time and	thus are likely	to be  associ-
       ated with bans near the top of the ban list, with ban_cutoff, least re-
       cently accessed objects (the "long tail") are removed.

       This  parameter is a safety net to avoid	bad response times due to bans
       being tested at lookup time. Setting a cutoff trades response time  for
       cache   efficiency.   The   recommended	 value	 is   proportional  to
       rate(bans_lurker_tests_tested) /	n_objects  while  the  ban  lurker  is
       working,	 which is the number of	bans the system	can sustain. The addi-
       tional latency due to request ban testing is in the order of ban_cutoff
       /      rate(bans_lurker_tests_tested).	   For	    example,	   for
       rate(bans_lurker_tests_tested) =	2M/s and a tolerable latency of	100ms,
       a good value for	ban_cutoff may be 200K.

   ban_dups
	   Units: bool

	   Default: on

       Eliminate older identical bans when a new ban is	added.	This saves CPU
       cycles  by not comparing	objects	to identical bans.  This is a waste of
       time if you have	many bans which	are never identical.

   ban_lurker_age
	   Units: seconds

	   Default: 60.000

	   Minimum: 0.000

       The ban lurker will ignore bans until they are this old.	 When a	ban is
       added, the active traffic will be tested	against	it as part  of	object
       lookup.	Because	many applications issue	bans in	bursts,	this parameter
       holds the ban-lurker off	until the rush is over.	 This should be	set to
       the approximate time which a ban-burst takes.

   ban_lurker_batch
	   Default: 1000

	   Minimum: 1

       The ban lurker sleeps ${ban_lurker_sleep} after examining this many ob-
       jects.  Use this	to pace	the ban-lurker if it eats too many resources.

   ban_lurker_holdoff
	   Units: seconds

	   Default: 0.010

	   Minimum: 0.000

	   Flags: experimental

       How  long  the  ban lurker sleeps when giving way to lookup due to lock
       contention.

   ban_lurker_sleep
	   Units: seconds

	   Default: 0.010

	   Minimum: 0.000

       How long	the ban	lurker sleeps after examining ${ban_lurker_batch}  ob-
       jects.	Use this to pace the ban-lurker	if it eats too many resources.
       A value of zero will disable the	ban lurker entirely.

   between_bytes_timeout
	   Units: seconds

	   Default: 60.000

	   Minimum: 0.000

	   Flags: timeout

       We only wait for	this many seconds  between  bytes  received  from  the
       backend	before	giving	up  the	fetch.	VCL values, per	backend	or per
       backend request take precedence.	 This  parameter  does	not  apply  to
       pipe'ed requests.

   cc_command
       NB:  The	 actual	 default value for this	parameter depends on the Vinyl
       Cache build environment and options.

	   Default: exec $CC $CFLAGS %w -shared -o %o %s

	   Flags: must_reload

       The command used	for compiling the C source code	to a  dlopen(3)	 load-
       able object. The	following expansions can be used:

        %s: the source	file name

        %o: the output	file name

        %w: the cc_warnings parameter

        %d: the raw default cc_command

        %D: the expanded default cc_command

        %n: the working directory (-n option)

        %%: a percent sign

       Unknown	percent	 expansion  sequences are ignored, and to avoid	future
       incompatibilities percent characters should be escaped  with  a	double
       percent sequence.

       The %d and %D expansions	allow passing the parameter's default value to
       a wrapper script	to perform additional processing.

   cc_warnings
       NB:  The	 actual	 default value for this	parameter depends on the Vinyl
       Cache build environment and options.

	   Default: -Wall -Werror

	   Flags: must_reload

       Warnings	used when compiling the	C source code with the cc_command  pa-
       rameter.	 By  default, VCL is compiled with the same set	of warnings as
       Vinyl Cache itself.

   cli_limit
	   Units: bytes

	   Default: 64k

	   Minimum: 128b

	   Maximum: 99999999b

       Maximum size of CLI response.  If the response exceeds this limit,  the
       response	 code  will be 201 instead of 200 and the last line will indi-
       cate the	truncation.

   cli_timeout
	   Units: seconds

	   Default: 60.000

	   Minimum: 0.000

	   Flags: timeout

       Timeout for the child's replies to CLI requests.

   clock_skew
	   Units: seconds

	   Default: 10

	   Minimum: 0

       How much	clockskew we are willing to accept between the backend and our
       own clock.

   clock_step
	   Units: seconds

	   Default: 1.000

	   Minimum: 0.000

       How much	observed clock step we are willing to accept before we panic.

   connect_timeout
	   Units: seconds

	   Default: 3.500

	   Minimum: 0.000

	   Flags: timeout

       Default connection timeout for backend connections. We only try to con-
       nect to the backend for this many seconds before	 giving	 up.  VCL  can
       override	this default value for each backend and	backend	request.

   critbit_cooloff
	   Units: seconds

	   Default: 180.000

	   Minimum: 60.000

	   Maximum: 254.000

	   Flags: wizard

       How long	the critbit hasher keeps deleted objheads on the cooloff list.

   debug
	   Default: none

       Enable/Disable various kinds of debugging.

	  none	 Disable all debugging

       Use +/- prefix to set/reset individual bits:

	  req_state
		 VSL Request state engine

	  workspace
		 VSL Workspace operations

	  waitinglist
		 VSL Waitinglist events

	  syncvsl
		 Make VSL synchronous

	  hashedge
		 Edge cases in Hash

	  vclrel Rapid VCL release

	  lurker VSL Ban lurker

	  esi_chop
		 Chop ESI fetch	to bits

	  flush_head
		 Flush after http1 head

	  vtc_mode
		 Vinyltest Mode

	  witness
		 Emit WITNESS lock records

	  vsm_keep
		 Keep the VSM file on restart

	  slow_acceptor
		 Slow down Acceptor

	  h2_nocheck
		 Disable various H2 checks

	  vmod_so_keep
		 Keep copied VMOD libraries

	  processors
		 Fetch/Deliver processors

	  protocol
		 Protocol debugging

	  vcl_keep
		 Keep VCL C and	so files

	  lck	 Additional lock statistics

   default_grace
	   Units: seconds

	   Default: 10s

	   Minimum: 0.000

	   Flags: obj_sticky

       Default grace period.  We will deliver an object	this long after	it has
       expired,	provided another thread	is attempting to get a new copy.

   default_keep
	   Units: seconds

	   Default: 0s

	   Minimum: 0.000

	   Flags: obj_sticky

       Default	keep  period.  We will keep a useless object around this long,
       making it available for conditional backend fetches.  That  means  that
       the object will be removed from the cache at the	end of ttl+grace+keep.

   default_ttl
	   Units: seconds

	   Default: 2m

	   Minimum: 0.000

	   Flags: obj_sticky

       The TTL assigned	to objects if neither the backend nor the VCL code as-
       signs one.

   experimental
	   Default: none

       Enable/Disable experimental features.

	  none	 Disable all experimental features

       Use +/- prefix to set/reset individual bits:

	  drop_pools
		 Drop thread pools

   feature
	   Default: none,+https_scheme,+validate_headers,+vcl_req_reset

       Enable/Disable various minor features.

	  default
		 Set default value (deprecated:	use param.reset)

	  none	 Disable all features.

       Use +/- prefix to enable/disable	individual feature:

	  http2	 Enable	HTTP/2 protocol	support.

	  short_panic
		 Short panic message.

	  no_coredump
		 No coredumps.	Must be	set before child process starts.

	  https_scheme
		 Extract host from full	URI in the HTTP/1 request line,	if the
		 scheme	is https.

	  http_date_postel
		 Tolerate non compliant	timestamp headers like Date, Last-Mod-
		 ified,	Expires	etc.

	  esi_ignore_https
		 Convert <esi:include src"https://... to http://...

	  esi_disable_xml_check
		 Allow ESI processing on non-XML ESI bodies

	  esi_ignore_other_elements
		 Ignore	XML syntax errors in ESI bodies.

	  esi_remove_bom
		 Ignore	UTF-8 BOM in ESI bodies.

	  esi_include_onerror
		 Parse the onerror attribute of	<esi:include> tags.

	  wait_silo
		 Wait  for  persistent silos to	completely load	before serving
		 requests.

	  validate_headers
		 Validate all header set operations to conform to RFC9110 sec-
		 tion 5.5.

	  busy_stats_rate
		 Make busy workers comply with thread_stats_rate.

	  trace	 Enable	VCL tracing by	default	 (enable  (be)req.trace).  Re-
		 quired	for tracing vcl_init / vcl_fini

	  vcl_req_reset
		 Stop processing client	VCL once the client is gone. When this
		 happens MAIN.req_reset	is incremented.

   fetch_chunksize
	   Units: bytes

	   Default: 16k

	   Minimum: 4k

	   Flags: experimental

       The  default  chunksize used by fetcher.	This should be bigger than the
       majority	of objects with	short TTLs.   Internal	limits	in  the	 stor-
       age_file	module makes increases above 128kb a dubious idea.

   fetch_maxchunksize
	   Units: bytes

	   Default: 0.25G

	   Minimum: 64k

	   Flags: experimental

       The  maximum chunksize we attempt to allocate from storage. Making this
       too large may cause delays and storage fragmentation.

   first_byte_timeout
	   Units: seconds

	   Default: 60.000

	   Minimum: 0.000

	   Flags: timeout

       Default timeout for receiving first byte	from backend. We only wait for
       this many seconds for the first byte before giving up.  VCL  can	 over-
       ride this default value for each	backend	and backend request.  This pa-
       rameter does not	apply to pipe'ed requests.

   gzip_buffer
	   Units: bytes

	   Default: 32k

	   Minimum: 2k

	   Flags: experimental

       Size  of	 malloc	 buffer	used for gzip processing.  Size	of buffer used
       for gzip	processing.  These buffers are used for	in-transit  data,  for
       instance	 gunzip'ed  data  being	sent to	a client. Making this space to
       small results in	more overhead, writes to sockets etc,  making  it  too
       big  is	probably  just	a waste	of memory.  Gzip buffers are allocated
       from Transient storage.

   gzip_level
	   Default: 6

	   Minimum: 0

	   Maximum: 9

       Gzip compression	level: 0=debug,	1=fast,	9=best

   gzip_memlevel
	   Default: 8

	   Minimum: 1

	   Maximum: 9

       Gzip memory level 1=slow/least, 9=fast/most compression.	 Memory	impact
       is 1=1k,	2=2k, ... 9=256k.

   h2_header_table_size
	   Units: bytes

	   Default: 4k

	   Minimum: 0b

       HTTP2 header table size.	 This is the size that will be	used  for  the
       HPACK dynamic decoding table.

       The  value  of this parameter defines SETTINGS_HEADER_TABLE_SIZE	in the
       initial SETTINGS	frame sent to the client when a	new HTTP2  session  is
       established.

   h2_initial_window_size
	   Units: bytes

	   Default: 65535b

	   Minimum: 65535b

	   Maximum: 2147483647b

       HTTP2 initial flow control window size.

       The value of this parameter defines SETTINGS_INITIAL_WINDOW_SIZE	in the
       initial	SETTINGS  frame	sent to	the client when	a new HTTP2 session is
       established.

   h2_max_concurrent_streams
	   Units: streams

	   Default: 100

	   Minimum: 0

       HTTP2 Maximum number of concurrent streams.  This is the	number of  re-
       quests  that  can be active at the same time for	a single HTTP2 connec-
       tion.

       The value of this parameter defines SETTINGS_MAX_CONCURRENT_STREAMS  in
       the  initial SETTINGS frame sent	to the client when a new HTTP2 session
       is established.

   h2_max_frame_size
	   Units: bytes

	   Default: 16k

	   Minimum: 16k

	   Maximum: 16777215b

       HTTP2 maximum per frame payload size we are willing to accept.

       The value of this parameter defines SETTINGS_MAX_FRAME_SIZE in the ini-
       tial SETTINGS frame sent	to the client when a new HTTP2 session is  es-
       tablished.

   h2_max_header_list_size
	   Units: bytes

	   Default: 0b

	   Minimum: 0b

	   Maximum: 2147483647b

       HTTP2  maximum  size  of	an uncompressed	header list. This parameter is
       not mapped to SETTINGS_MAX_HEADER_LIST_SIZE  in	the  initial  SETTINGS
       frame, the http_req_size	parameter is instead.

       The  http_req_size  advises  HTTP2  clients of the maximum size for the
       header list. Exceeding http_req_size results in a  reset	 stream	 after
       processing  the	HPACK  block to	preserve the connection, but exceeding
       h2_max_header_list_size results in the HTTP2 connection going away  im-
       mediately.

       If  h2_max_header_list_size  is lower than http_req_size, it has	no ef-
       fect, except  for  the  special	value  zero  interpreted  as  150%  of
       http_req_size.

   h2_rapid_reset
	   Units: seconds

	   Default: 1.000

	   Minimum: 0.000

	   Flags: delayed, experimental

       The  upper  threshold for how soon an http/2 RST_STREAM frame has to be
       parsed after a HEADERS frame for	it to be treated as suspect  and  sub-
       jected  to  the	rate  limits  specified	 by  h2_rapid_reset_limit  and
       h2_rapid_reset_period.  Changes to this parameter  affect  the  default
       for new HTTP2 sessions. vmod_h2(3) can be used to adjust	it from	VCL.

   h2_rapid_reset_limit
	   Default: 100

	   Minimum: 0

	   Flags: delayed, experimental

       HTTP2  RST  Allowance.	Specifies the maximum number of	allowed	stream
       resets issued by	a client over a	time period before the	connection  is
       closed.	 Setting  this	parameter to 0 disables	the limit.  Changes to
       this parameter affect the default for new  HTTP2	 sessions.  vmod_h2(3)
       can be used to adjust it	from VCL.

   h2_rapid_reset_period
	   Units: seconds

	   Default: 60.000

	   Minimum: 1.000

	   Flags: delayed, experimental, wizard

       HTTP2  sliding  window  duration	 for h2_rapid_reset_limit.  Changes to
       this parameter affect the default for new  HTTP2	 sessions.  vmod_h2(3)
       can be used to adjust it	from VCL.

   h2_rx_window_increment
	   Units: bytes

	   Default: 1M

	   Minimum: 1M

	   Maximum: 1G

	   Flags: wizard

       HTTP2 Receive Window Increments.	 How big credits we send in WINDOW_UP-
       DATE frames Only	affects	incoming request bodies	(ie: POST, PUT etc.)

   h2_rx_window_low_water
	   Units: bytes

	   Default: 10M

	   Minimum: 65535b

	   Maximum: 1G

	   Flags: wizard

       HTTP2  Receive  Window  low  water  mark.  We try to keep the window at
       least this big Only affects incoming  request  bodies  (ie:  POST,  PUT
       etc.)

   h2_rxbuf_storage
	   Default: Transient

	   Flags: must_restart

       The  name  of the storage backend that HTTP/2 receive buffers should be
       allocated from.

   h2_window_timeout
	   Units: seconds

	   Default: 5.000

	   Minimum: 0.000

	   Flags: timeout, wizard

       HTTP2 time limit	without	window credits.	How long a stream may wait for
       the client to credit the	window and allow for more DATA	frames	to  be
       sent.

   http1_iovs
	   Units: struct iovec	(=16 bytes)

	   Default: 64

	   Minimum: 5

	   Maximum: 1024

	   Flags: wizard

       Number  of  io  vectors to allocate for HTTP1 protocol transmission.  A
       HTTP1 header needs 7 + 2	per HTTP header	field.	Allocated  from	 work-
       space_thread.   This  parameter affects only io vectors used for	client
       delivery.  For backend fetches, the maximum number of io	vectors	(up to
       IOV_MAX)	 is allocated from available workspace_thread memory.

   http_gzip_support
	   Units: bool

	   Default: on

       Enable gzip support. When enabled Vinyl Cache request compressed	ob-
       jects from the backend and store	them compressed. If a client does not
       support gzip encoding Vinyl Cache will uncompress compressed objects on
       demand. Vinyl Cache will	also rewrite the Accept-Encoding header	of
       clients indicating support for gzip to:
	      Accept-Encoding: gzip

       Clients that do not support gzip	will have their	Accept-Encoding	header
       removed.	For more information on	how gzip is implemented	please see the
       chapter on gzip in the Vinyl Cache reference.

       When  gzip  support  is	disabled  the  variables  beresp.do_gzip   and
       beresp.do_gunzip	have no	effect in VCL.

   http_max_hdr
	   Units: header lines

	   Default: 64

	   Minimum: 32

	   Maximum: 65535

       Maximum	  number    of	  HTTP	  header    lines    we	   allow    in
       {req|resp|bereq|beresp}.http (obj.http is autosized to the exact	number
       of headers).  Cheap, ~20	bytes, in terms	 of  workspace	memory.	  Note
       that the	first line occupies five header	lines.

   http_range_support
	   Units: bool

	   Default: on

       Enable support for HTTP Range headers.

   http_req_hdr_len
	   Units: bytes

	   Default: 8k

	   Minimum: 40b

       Maximum	length	of  any	HTTP client request header we will allow.  The
       limit is	inclusive its continuation lines.

   http_req_overflow_status
	   Units: HTTP	status code or 0 to disable

	   Default: 0

	   Minimum: 400

	   Maximum: 500

       HTTP status code	to be returned if http_req_size	is exceeded.  The  de-
       fault  value of 0 closes	the connection silently	without	sending	a HTTP
       response.  Note that there is no	standard  HTTP	status	which  exactly
       matches	the  implementation  of	 http_req_size.	414 applies to the URL
       only, while 413 applies to the request body. 400	is probably the	 least
       incorrect  alternative  value to	sending	no response at all (0).	It can
       also be seen as an internal error on the	Vinyl Cache side due  to  con-
       figured limits, so 500 is also allowed.

   http_req_size
	   Units: bytes

	   Default: 32k

	   Minimum: 0.25k

       Maximum	number of bytes	of HTTP	client request we will deal with. This
       is a limit on all bytes up to the double	blank line which ends the HTTP
       request.	The memory for the request is allocated	from the client	 work-
       space  (param:  workspace_client) and this parameter limits how much of
       that the	request	is allowed to take up.

       For HTTP2 clients, it is	advertised as MAX_HEADER_LIST_SIZE in the ini-
       tial SETTINGS frame.

   http_resp_hdr_len
	   Units: bytes

	   Default: 8k

	   Minimum: 40b

       Maximum length of any HTTP backend response header we will allow.   The
       limit is	inclusive its continuation lines.

   http_resp_size
	   Units: bytes

	   Default: 32k

	   Minimum: 0.25k

       Maximum	number	of  bytes  of HTTP backend response we will deal with.
       This is a limit on all bytes up to the double blank line	which ends the
       HTTP response.  The memory for the response is allocated	from the back-
       end workspace (param: workspace_backend)	and this parameter limits  how
       much of that the	response is allowed to take up.

   idle_send_timeout
	   Units: seconds

	   Default: 60.000

	   Minimum: 0.000

	   Maximum: 3600.000

	   Flags: timeout, delayed

       Send  timeout  for individual pieces of data on client connections. May
       get extended if 'send_timeout' applies.

       When this timeout is hit, the session is	closed.

       See the man page	for setsockopt(2) or socket(7) under  SO_SNDTIMEO  for
       more information.

   listen_depth
	   Units: connections

	   Default: 1024

	   Minimum: 0

	   Flags: must_restart

       Listen queue depth.

   lru_interval
	   Units: seconds

	   Default: 2.000

	   Minimum: 0.000

	   Flags: experimental

       Grace  period  before object moves on LRU list.	Objects	are only moved
       to the front of the LRU list if they have not been moved	there  already
       inside this timeout period.  This reduces the amount of lock operations
       necessary for LRU list access.

   max_esi_depth
	   Units: levels

	   Default: 5

	   Minimum: 0

       Maximum depth of	esi:include processing.

   max_restarts
	   Units: restarts

	   Default: 4

	   Minimum: 0

	   Flags: delayed

       Upper limit on how many times a request can restart.

   max_retries
	   Units: retries

	   Default: 4

	   Minimum: 0

	   Flags: delayed

       Upper limit on how many times a backend fetch can retry.

   max_vcl
	   Default: 100

	   Minimum: 0

       Threshold of loaded VCL programs.  (VCL labels are not counted.)	 Para-
       meter max_vcl_handling determines behaviour.

   max_vcl_handling
	   Default: 1

	   Minimum: 0

	   Maximum: 2

       Behaviour when attempting to exceed max_vcl loaded VCL.

        0 - Ignore max_vcl parameter.

        1 - Issue warning.

        2 - Refuse loading VCLs.

   nuke_limit
	   Units: allocations

	   Default: 50

	   Minimum: 0

	   Flags: experimental

       Maximum number of objects we attempt to nuke in order to	make space for
       a object	body.

   panic_buffer
	   Units: bytes

	   Default: 64k

	   Minimum: 4k

	   Maximum: 10M

	   Flags: must_restart

       Size of the panic message buffer.  The panic buffer is allocated	in the
       working	directory  as  memory shared between the management and	worker
       process,	so sufficient working directory	space should be	accounted  for
       if  this	value is adjusted. Panic messages are truncated	to the config-
       ured size.

   pcre2_depth_limit
	   Default: 20

	   Minimum: 1

       The  recursion  depth-limit  for	 the  internal	match	logic	in   a
       pcre2_match().

       (See: pcre2_set_depth_limit() in	pcre2 docs.)

       This  puts an upper limit on the	amount of stack	used by	PCRE2 for cer-
       tain classes of regular expressions.

       We have set the default value low in order to prevent crashes,  at  the
       cost of possible	regexp matching	failures.

       Matching	failures will show up in the log as VCL_Error messages.

   pcre2_jit_compilation
	   Units: bool

	   Default: on

       Use the pcre2 JIT compiler if available.

   pcre2_match_limit
	   Default: 10000

	   Minimum: 1

       The  limit  for	the  number  of	 calls	to the internal	match logic in
       pcre2_match().

       (See: pcre2_set_match_limit() in	pcre2 docs.)

       This parameter limits how much CPU time regular expression matching can
       soak up.

   ping_interval
	   Units: seconds

	   Default: 3

	   Minimum: 0

	   Flags: must_restart

       Interval	between	pings from parent to child.  Zero will disable pinging
       entirely, which makes it	possible to attach a debugger to the child.

   pipe_sess_max
	   Units: connections

	   Default: 0

	   Minimum: 0

       Maximum number of sessions dedicated to pipe transactions.

   pipe_task_deadline
	   Units: seconds

	   Default: 0.000

	   Minimum: 0.000

	   Flags: timeout

       Deadline	for PIPE sessions. Regardless of activity in either  direction
       after this many seconds,	the session is closed.

   pipe_timeout
	   Units: seconds

	   Default: 60.000

	   Minimum: 0.000

	   Flags: timeout

       Idle timeout for	PIPE sessions. If nothing have been received in	either
       direction for this many seconds,	the session is closed.

   pool_req
	   Default: 10,100,10

       Parameters for per worker pool request memory pool.

       The three numbers are:

	  min_pool
		 minimum size of free pool.

	  max_pool
		 maximum size of free pool.

	  max_age
		 max age of free element.

   pool_sess
	   Default: 10,100,10

       Parameters for per worker pool session memory pool.

       The three numbers are:

	  min_pool
		 minimum size of free pool.

	  max_pool
		 maximum size of free pool.

	  max_age
		 max age of free element.

   pool_vbo
	   Default: 10,100,10

       Parameters for backend object fetch memory pool.

       The three numbers are:

	  min_pool
		 minimum size of free pool.

	  max_pool
		 maximum size of free pool.

	  max_age
		 max age of free element.

   prefer_ipv6
	   Units: bool

	   Default: off

       Prefer  IPv6  address  when connecting to backends which	have both IPv4
       and IPv6	addresses.

   rush_exponent
	   Units: requests per	request

	   Default: 3

	   Minimum: 1

	   Flags: experimental

       How many	parked request we start	for each completed request on the  ob-
       ject.   NB:  Even  with	the implicit delay of delivery,	this parameter
       controls	an exponential increase	in number of worker threads.  A	 value
       of  1 will instead serialize requests resumption	and is only useful for
       testing purposes.

   send_timeout
	   Units: seconds

	   Default: 600.000

	   Minimum: 0.000

	   Flags: timeout, delayed

       Total timeout for ordinary HTTP1	responses. Does	not apply to some  in-
       ternally	generated errors and pipe mode.

       When  'idle_send_timeout'  is  hit while	sending	an HTTP1 response, the
       timeout is extended unless the total time already taken for sending the
       response	in its entirety	exceeds	this many seconds.

       When this timeout is hit, the session is	closed

   shortlived
	   Units: seconds

	   Default: 10.000

	   Minimum: 0.000

       Objects created with (ttl+grace+keep) shorter than this are always  put
       in transient storage.

   sigsegv_handler
	   Units: bool

	   Default: on

	   Flags: must_restart

       Install	a signal handler which tries to	dump debug information on seg-
       mentation faults, bus errors and	abort signals.

   startup_timeout
	   Units: seconds

	   Default: 0.000

	   Minimum: 0.000

	   Flags: timeout

       Alternative  timeout  for  the  initial	worker	process	 startup.   If
       cli_timeout is longer than startup_timeout, it is used instead.

   syslog_cli_traffic
	   Units: bool

	   Default: on

       Log all CLI traffic to syslog(LOG_INFO).

   tcp_fastopen
       NB:  This  parameter depends on a feature which is not available	on all
       platforms.

	   Units: bool

	   Default: off

	   Flags: must_restart

       Enable TCP Fast Open extension.

   tcp_keepalive_intvl
       NB: This	parameter depends on a feature which is	not available  on  all
       platforms.

	   Units: seconds

	   Default: platform dependent

	   Minimum: 1.000

	   Maximum: 100.000

	   Flags: experimental

       The  number  of seconds between TCP keep-alive probes. Ignored for Unix
       domain sockets.

   tcp_keepalive_probes
       NB: This	parameter depends on a feature which is	not available  on  all
       platforms.

	   Units: probes

	   Default: platform dependent

	   Minimum: 1

	   Maximum: 100

	   Flags: experimental

       The  maximum  number  of	TCP keep-alive probes to send before giving up
       and killing the connection if no	response is obtained  from  the	 other
       end. Ignored for	Unix domain sockets.

   tcp_keepalive_time
       NB:  This  parameter depends on a feature which is not available	on all
       platforms.

	   Units: seconds

	   Default: platform dependent

	   Minimum: 1.000

	   Maximum: 7200.000

	   Flags: experimental

       The number of seconds a connection needs	to be idle before  TCP	begins
       sending out keep-alive probes. Ignored for Unix domain sockets.

   thread_pool_add_delay
	   Units: seconds

	   Default: 0.000

	   Minimum: 0.000

	   Flags: experimental

       Wait at least this long after creating a	thread.

       Some (buggy) systems may	need a short (sub-second) delay	between	creat-
       ing   threads.	Set  this  to  a  few  milliseconds  if	 you  see  the
       'threads_failed'	counter	grow too much.

       Setting this too	high results in	insufficient worker threads.

   thread_pool_destroy_delay
	   Units: seconds

	   Default: 1.000

	   Minimum: 0.010

	   Flags: delayed, experimental

       Wait this long after destroying a thread.

       This controls the decay of thread pools when idle(-ish).

   thread_pool_fail_delay
	   Units: seconds

	   Default: 0.200

	   Minimum: 0.010

	   Flags: experimental

       Wait at least this long after a failed thread creation before trying to
       create another thread.

       Failure to create a worker thread is often a  sign  that	  the  end  is
       near,  because the process is running out of some resource.  This delay
       tries to	not rush the end on needlessly.

       If thread creation failures are a problem, check	 that  thread_pool_max
       is not too high.

       It  may	also help to increase thread_pool_timeout and thread_pool_min,
       to reduce the rate at which treads are destroyed	and later recreated.

   thread_pool_max
	   Units: threads

	   Default: 5000

	   Minimum: thread_pool_min

	   Flags: delayed

       The maximum number of worker threads in each pool.

       Do not set this higher than you have to,	since  excess  worker  threads
       soak  up	 RAM and CPU and generally just	get in the way of getting work
       done.

   thread_pool_min
	   Units: threads

	   Default: 100

	   Minimum: 5

	   Maximum: thread_pool_max

	   Flags: delayed

       The minimum number of worker threads in each pool.

       Increasing this may help	ramp up	faster from  low  load	situations  or
       when threads have expired.

       Technical  minimum  is 5	threads, but this parameter is strongly	recom-
       mended to be at least 10

   thread_pool_reserve
	   Units: threads

	   Default: 0 (auto-tune: 5% of thread_pool_min)

	   Maximum: 95% of thread_pool_min

	   Flags: delayed

       The number of worker threads reserved for vital tasks in	each pool.

       Tasks may require other tasks to	complete (for example, client requests
       may require backend requests, http2 sessions require streams, which re-
       quire requests).	This reserve is	to ensure that lower priority tasks do
       not prevent higher priority tasks from running even under high load.

       The effective value is at least 5  (the	number	of  internal  priority
       classes), irrespective of this parameter.

   thread_pool_stack
	   Units: bytes

	   Default: 80k

	   Minimum: sysconf(_SC_THREAD_STACK_MIN)

	   Flags: delayed

       Worker thread stack size.  This will likely be rounded up to a multiple
       of 4k (or whatever the page_size	might be) by the kernel.

       The  required  stack  size  is  primarily  driven  by  the depth	of the
       call-tree. The most common relevant determining factors in Vinyl	 Cache
       core  code are GZIP (un)compression, ESI	processing and regular expres-
       sion matches. VMODs may also require significant	amounts	of  additional
       stack.  The nesting depth of VCL	subs is	another	factor,	although typi-
       cally not predominant.

       The stack size is per thread, so	the maximum total memory required  for
       worker  thread  stacks  is  in  the  order  of  size  =	thread_pools x
       thread_pool_max x thread_pool_stack.

       Thus, in	particular for setups with many	 threads,  keeping  the	 stack
       size  at	 a minimum helps reduce	the amount of memory required by Vinyl
       Cache.

       On the other hand, thread_pool_stack must be  large  enough  under  all
       circumstances,  otherwise  Vinyl	 Cache will crash due to a stack over-
       flow. Usually, a	stack overflow	manifests  itself  as  a  segmentation
       fault (aka segfault / SIGSEGV) with the faulting	address	being near the
       stack pointer (sp).

       Unless  stack usage can be reduced, thread_pool_stack must be increased
       when a stack overflow occurs. Setting it	 in  150%-200%	increments  is
       recommended until stack overflows cease to occur.

   thread_pool_timeout
	   Units: seconds

	   Default: 300.000

	   Minimum: 10.000

	   Flags: delayed, experimental

       Thread idle threshold.

       Threads in excess of thread_pool_min, which have	been idle for at least
       this long, will be destroyed.

   thread_pool_watchdog
	   Units: seconds

	   Default: 60.000

	   Minimum: 0.100

	   Flags: experimental

       Thread queue stuck watchdog.

       If  no queued work have been released for this long, the	worker process
       panics itself.

   thread_pools
	   Units: pools

	   Default: 2

	   Minimum: 1

	   Maximum: 32

	   Flags: delayed, experimental

       Number of worker	thread pools.

       Increasing the number of	worker pools decreases lock  contention.  Each
       worker  pool  also  has a thread	accepting new connections, so for very
       high rates of incoming new connections on systems with many cores,  in-
       creasing	the worker pools may be	required.

       Too  many pools waste CPU and RAM resources, and	more than one pool for
       each CPU	is most	likely detrimental to performance.

       Can be increased	on the fly, but	decreases require a  restart  to  take
       effect, unless the drop_pools experimental debug	flag is	set.

   thread_queue_limit
	   Units: requests

	   Default: 20

	   Minimum: 0

	   Flags: experimental

       Permitted request queue length per thread-pool.

       This  sets  the number of requests we will queue, waiting for an	avail-
       able thread.  Above this	limit sessions	will  be  dropped  instead  of
       queued.

   thread_stats_rate
	   Units: requests

	   Default: 10

	   Minimum: 0

	   Flags: experimental

       Worker  threads	accumulate  statistics,	and dump these into the	global
       stats counters if the  lock  is	free  when  they  finish  a  job  (re-
       quest/fetch etc.)  This parameters defines the maximum number of	jobs a
       worker  thread  may handle, before it is	forced to dump its accumulated
       stats into the global counters.

   timeout_idle
	   Units: seconds

	   Default: 5.000

	   Minimum: 0.000

	   Maximum: 3600.000

       Idle timeout for	client connections.

       A connection is considered idle until we	have received the full request
       headers.

       This parameter is particularly relevant for  HTTP1  keepalive   connec-
       tions  which are	closed unless the next request is received before this
       timeout is reached.

   timeout_linger
	   Units: seconds

	   Default: 0.050

	   Minimum: 0.000

	   Flags: experimental

       How long	the worker thread lingers on an	idle session before handing it
       over to the waiter.  When sessions are reused, as much as half  of  all
       reuses  happen  within  the first 100 msec of the previous request com-
       pleting.	 Setting this too high results in  worker  threads  not	 doing
       anything	 for  their keep, setting it too low just means	that more ses-
       sions take a detour around the waiter.

   transit_buffer
	   Units: bytes

	   Default: 0b

	   Minimum: 0b

       The number of bytes which Vinyl Cache buffers for  uncacheable  backend
       streaming  fetches  -  in other words, how many bytes Vinyl Cache reads
       from the	backend	ahead of what has been sent to	the  client.   A  zero
       value means no limit, the object	is fetched as fast as possible.

       When  dealing with slow clients,	setting	this parameter to non-zero can
       prevent large uncacheable objects from being stored in  full  when  the
       intent  is  to  simply  stream  them to the client. As a	result,	a slow
       client transaction holds	onto a backend connection until	the end	of the
       delivery.

       This  parameter	is  the	 default  to  the  VCL	variable  beresp.tran-
       sit_buffer, which can be	used to	control	the transit buffer per backend
       request.

   uncacheable_ttl
	   Units: seconds

	   Default: 2m

	   Minimum: 0.000

	   Flags: obj_sticky

       The TTL assigned	to uncacheable objects by the built-in VCL.

   vary_notice
	   Units: variants

	   Default: 10

	   Minimum: 1

       How many	variants need to be evaluated to log a Notice that there might
       be too many variants.

   vcc_allow_inline_c
       Deprecated alias	for the	vcc_feature parameter.

   vcc_err_unref
       Deprecated alias	for the	vcc_feature parameter.

   vcc_feature
	   Default: none,+err_unref,+unsafe_path

       Enable/Disable various VCC behaviors.

	  default
		 Set default value (deprecated:	use param.reset)

	  none	 Disable all behaviors.

       Use +/- prefix to enable/disable	individual behavior:

	  err_unref
		 Unreferenced VCL objects result in error.

	  allow_inline_c
		 Allow inline C	code in	VCL.

	  unsafe_path
		 Allow	'/'  in	 vmod  & include paths.	Allow 'import ... from
		 ...'.

   vcc_unsafe_path
       Deprecated alias	for the	vcc_feature parameter.

   vcl_cooldown
	   Units: seconds

	   Default: 600.000

	   Minimum: 1.000

       How long	a VCL is kept warm after being	replaced  as  the  active  VCL
       (granularity approximately 30 seconds).

   vcl_path
       NB:  The	 actual	 default value for this	parameter depends on the Vinyl
       Cache build environment and options.

	   Default: ${sysconfdir}/vinyl-cache:${datadir}/vinyl-cache/vcl

       Directory (or colon separated list of directories) from which  relative
       VCL filenames (vcl.load and include) are	to be found.  By default Vinyl
       Cache  searches	VCL  files in both the system configuration and	shared
       data directories	to allow packages to drop their	VCL files in  a	 stan-
       dard  location where relative includes would work. Includes using +glob
       cannot be searched in vcl_path.

   vmod_path
       NB: The actual default value for	this parameter depends	on  the	 Vinyl
       Cache build environment and options.

	   Default: ${libdir}/vinyl-cache/vmods

       Directory  (or  colon separated list of directories) where VMODs	are to
       be found.

   vsl_buffer
	   Units: bytes

	   Default: 16k

	   Minimum: vsl_reclen	+ 12 bytes

       Bytes of	(req-/backend-)workspace dedicated to buffering	 VSL  records.
       When this parameter is adjusted,	most likely workspace_client and work-
       space_backend will have to be adjusted by the same amount.

       Setting	this too high costs memory, setting it too low will cause more
       VSL flushes and likely increase lock-contention on the VSL mutex.

   vsl_mask
	   Default:	   all,-Debug,-ObjProtocol,-ObjStatus,-ObjReason,-Obj-
	    Header,-ExpKill,-WorkThread,-Hash,-VfpAcct,-H2RxHdr,-H2Rx-
	    Body,-H2TxHdr,-H2TxBody,-VdpAcct,-ReqTarget

       Mask individual VSL messages from being logged.

	  all	 Enable	all tags

	  default
		 Set default value (deprecated:	use param.reset)

       Use  +/-	 prefix	in front of VSL	tag name to unmask/mask	individual VSL
       messages. See vsl(7) for	possible values.

   vsl_reclen
	   Units: bytes

	   Default: 255b

	   Minimum: 16b

	   Maximum: vsl_buffer	- 12 bytes

       Maximum number of bytes in SHM log record.

   vsl_space
	   Units: bytes

	   Default: 80M

	   Minimum: 1M

	   Maximum: 4G

	   Flags: must_restart

       The amount of space to allocate for the VSL fifo	buffer in the VSM mem-
       ory segment.  If	you make this too small, vinyl{ncsa|log} etc will  not
       be able to keep up.  Making it too large	just costs memory resources.

   vsm_free_cooldown
	   Units: seconds

	   Default: 60.000

	   Minimum: 10.000

	   Maximum: 600.000

       How  long VSM memory is kept warm after a deallocation (granularity ap-
       proximately 2 seconds).

   workspace_backend
	   Units: bytes

	   Default: 96k

	   Minimum: 1k

	   Flags: delayed

       Bytes of	HTTP protocol workspace	for backend HTTP req/resp.  If	larger
       than 4k,	use a multiple of 4k for VM efficiency.

   workspace_client
	   Units: bytes

	   Default: 96k

	   Minimum: 9k

	   Flags: delayed

       Bytes of	HTTP protocol workspace	for clients HTTP req/resp.  Use	a mul-
       tiple  of  4k for VM efficiency.	 For HTTP/2 compliance this must be at
       least 20k, in order to receive fullsize (=16k) frames from the  client.
       That  usually  happens only in POST/PUT bodies.	For other traffic-pat-
       terns smaller values work just fine.

   workspace_session
	   Units: bytes

	   Default: 0.75k

	   Minimum: 384b

	   Flags: delayed

       Allocation size for session structure and workspace.	The  workspace
       is primarily used for TCP connection addresses.	If larger than 4k, use
       a multiple of 4k	for VM efficiency.

   workspace_thread
	   Units: bytes

	   Default: 2k

	   Minimum: 0.25k

	   Maximum: 8k

	   Flags: delayed

       Bytes  of  auxiliary  workspace per thread.  This workspace is used for
       certain temporary data structures during	 the  operation	 of  a	worker
       thread.	 One  use  is for the IO-vectors used during delivery. Setting
       this parameter too low may increase the number  of  writev()  syscalls,
       setting	 it  too  high	just  wastes  space.   ~0.1k  +	 UIO_MAXIOV  *
       sizeof(struct iovec) (typically = ~16k for  64bit)  is  considered  the
       maximum	sensible value under any known circumstances (excluding	exotic
       vmod use).

EXIT CODES
       Vinyl Cache and bundled tools will, in most cases, exit with one	of the
       following codes

        0 OK

        1 Some	error which could be system-dependent and/or transient

        2 Serious configuration / parameter error - retrying  with  the  same
	 configuration / parameters is most likely useless

       The vinyld master process may also OR its exit code

        with 0x20 when	the vinyld child process died,

        with  0x40  when  the vinyld child process was	terminated by a	signal
	 and

        with 0x80 when	a core was dumped.

SEE ALSO
        vinyllog(1)

        vinylhist(1)

        vinylncsa(1)

        vinylstat(1)

        vinyltop(1)

        vinyl-cli(7)

        vcl(7)

HISTORY
       The vinyld daemon was developed by  Poul-Henning	 Kamp  in  cooperation
       with Verdens Gang AS and	Redpill-Linpro

       This manual page	was written by Dag-Erling Smrgrav with updates by Stig
       Sandbeck	Mathisen < <ssm@debian.org> >, Nils Goroll and others.

COPYRIGHT
       This document is	licensed under the same	licence	as Vinyl Cache itself.
       See LICENCE for details.

        Copyright (c) 2007-2015 Varnish Software AS

								     VINYLD(1)

Want to link to this manual page? Use this URL:
<https://man.freebsd.org/cgi/man.cgi?query=vinyld&sektion=1&manpath=FreeBSD+Ports+15.1.quarterly>

home | help