,
The Backend
section defines a regular backend. The overall
syntax, as for any section statement, is:
Backend [ "name" ] … End
Optional name argument assigns a symbolic name to the
service. That name is used to identify the backend in diagnostic
and access log messages (see ‘%{obj}N’),
metric output (see Metrics), and in poundctl
requests (see poundctl). In the absence of an assigned
name, the ordinal (0-based) number of the backend in the enclosing
Service
is used as its identifier.
The following statements can be used in a Backend
section:
IP address or host name of the backend server. If the name cannot
be resolved to a valid address, pound
will assume that it
represents a path to a Unix-domain socket.
This directive is mandatory.
Sets the port number to connect to. This directive must be present if
the Address
statement contains an IP address.
Mark this backend as disabled.
Backends can be enabled or disabled at runtime using the
poundctl
utility (see enable).
Note: not to be confused with the Disable
statement,
described below.
Sets numeric priority for this backend. Priorities are used to control probability of receiving a request for handling in case of multiple backends. See Balancer, for a detailed discussion.
Allowed values for n depend on the balancing algorithm in use. For random balancing, allowed values are 0 to 9. For IWRR, allowed values are between 0 and 100.
The following three directives set various timeout parameters for backend operations:
Sets the response timeout, i.e. time to wait for a response from the backend (in seconds). Default is 15.
Sets connection timeout, i.e. time to wait for establishing connection with the backend (in seconds).
Idle timeout for WebSocket operations, in seconds. Default value: 600 (10 minutes).
Backend servers can use HTTPS as well as plaintext HTTP. The following directives configure HTTPS backends:
This directive indicates that the remote server speaks HTTPS.
This directive specifies the name to use for server name
identification (SNI). It also rewrites the Host:
header
for this particular backend. This means you don’t have to use
SetHeader
in addition to it.
This specifies the certificate that pound
will use as a
client. The filename is the name of a file containing the
certificate, possibly a certificate chain and the signature.
This is the list of ciphers that will be accepted by the SSL
connection with the backend (for HTTPS backends); it is a string in the same format as used by the OpenSSL
functions ciphers
and SSL_CTX_set_cipher_list
.
Disable the SSL protocol proto and all earlier protocols.
Allowed values for proto are: SSLv2
, SSLv3
,
TLSv1
, TLSv1_1
, TLSv1_2
.
Note: not to be confused with the Disabled
statement,
described above.
,