9.11.4.1 Backend

The Backend section defines a regular backend. The overall syntax, as for any section statement, is:

Backend [ "name" ]
  …
End

Optional name argument assigns a symbolic name to the service. That name is used to identify the backend in diagnostic and access log messages (see ‘%{obj}N’), metric output (see Metrics), and in poundctl requests (see poundctl). In the absence of an assigned name, the ordinal (0-based) number of the backend in the enclosing Service is used as its identifier.

The following statements can be used in a Backend section:

Backend directive: Address IP

IP address or host name of the backend server. If the name cannot be resolved to a valid address, pound will assume that it represents a path to a Unix-domain socket.

This directive is mandatory.

Backend directive: Port n

Sets the port number to connect to. This directive must be present if the Address statement contains an IP address.

Backend directive: Disabled bool

Mark this backend as disabled.

Backends can be enabled or disabled at runtime using the poundctl utility (see enable).

Note: not to be confused with the Disable statement, described below.

Backend directive: Priority n

Sets numeric priority for this backend. Priorities are used to control probability of receiving a request for handling in case of multiple backends. See Balancer, for a detailed discussion.

Allowed values for n depend on the balancing algorithm in use. For random balancing, allowed values are 0 to 9. For IWRR, allowed values are between 0 and 100.

The following three directives set various timeout parameters for backend operations:

Backend directive: TimeOut n

Sets the response timeout, i.e. time to wait for a response from the backend (in seconds). Default is 15.

Backend directive: ConnTO n

Sets connection timeout, i.e. time to wait for establishing connection with the backend (in seconds).

Backend directive: WSTimeOut n

Idle timeout for WebSocket operations, in seconds. Default value: 600 (10 minutes).

Backend servers can use HTTPS as well as plaintext HTTP. The following directives configure HTTPS backends:

Backend directive: HTTPS

This directive indicates that the remote server speaks HTTPS.

Backend directive: ServerName "name"

This directive specifies the name to use for server name identification (SNI). It also rewrites the Host: header for this particular backend. This means you don’t have to use SetHeader in addition to it.

Backend directive: Cert "filename"

This specifies the certificate that pound will use as a client. The filename is the name of a file containing the certificate, possibly a certificate chain and the signature.

Backend directive: Ciphers "cipherlist"

This is the list of ciphers that will be accepted by the SSL connection with the backend (for HTTPS backends); it is a string in the same format as used by the OpenSSL functions ciphers and SSL_CTX_set_cipher_list.

Backend directive: Disable proto

Disable the SSL protocol proto and all earlier protocols. Allowed values for proto are: SSLv2, SSLv3, TLSv1, TLSv1_1, TLSv1_2.

Note: not to be confused with the Disabled statement, described above.