jamesbjackson/nginx_logging.conf

## nginx_logging.conf
log_format main_json escape=json '{'
      '"msec": "$msec", ' # request unixtime in seconds with a milliseconds resolution
      '"connection": "$connection", ' # connection serial number
      '"connection_requests": "$connection_requests", ' # number of requests made in connection
      '"request_id": "$request_id", ' # the unique request id
      '"request_length": "$request_length", ' # request length (including headers and body)
      '"remote_addr": "$remote_addr", ' # client IP
      '"remote_user": "$remote_user", ' # client HTTP username
      '"remote_port": "$remote_port", ' # client port
      '"date_gmt": "$date_gmt", ' # current time in GMT. The format is set by the config command with the timefmt parameter
      '"time_local": "$time_local", ' # current time in the local time zone. The format is set by the config command with the timefmt parameter
      '"time_iso8601": "$time_iso8601", ' # local time in the ISO 8601 standard format
      '"request": "$request", ' # full path no arguments if the request
      '"request_uri": "$request_uri", ' # full path and arguments if the request
      '"args": "$args", ' # args
      '"content_length": "$content_length", ' # “Content-Length” request header field
      '"content_type": "$content_type", ' # Content-Type” request header field
      '"sent_http_content_type": "$sent_http_content_type", ' # Content-Type” response header field
      '"status": "$status", ' # response status code
      '"body_bytes_sent": "$body_bytes_sent", ' # the number of body bytes exclude headers sent to a client
      '"bytes_sent": "$bytes_sent", ' # the number of bytes sent to a client
      '"http_accept": "$http_accept", ' # HTTP accept
      '"http_referer": "$http_referer", ' # HTTP referer
      '"http_user_agent": "$http_user_agent", ' # user agent
      '"http_x_forwarded_for": "$http_x_forwarded_for", ' # http_x_forwarded_for
      '"host": "$host", ' # in this order of precedence: host name from the request line, or host name from the “Host” request header field, or the server name matching a request
      '"http_host": "$http_host", ' # the request Host: header
      '"request_time": "$request_time", ' # request processing time in seconds with msec resolution
      '"upstream": "$upstream_addr", ' # upstream backend server for proxied requests
      '"upstream_connect_time": "$upstream_connect_time", ' # upstream handshake time incl. TLS
      '"upstream_header_time": "$upstream_header_time", ' # time spent receiving upstream headers
      '"upstream_response_time": "$upstream_response_time", ' # time spend receiving upstream body
      '"upstream_response_length": "$upstream_response_length", ' # upstream response length
      '"upstream_cache_status": "$upstream_cache_status", ' # cache HIT/MISS where applicable
      '"request_method": "$request_method", ' # request method
      '"server_protocol": "$server_protocol", ' # request protocol, like HTTP/1.1 or HTTP/2.0
      '"gzip_ratio": "$gzip_ratio"' # achieved compression ratio, computed as the ratio between the original and compressed response sizes
    '}';

access_log  logs/access.log main_json;


$ancient_browser            equals the value set by the ancient_browser_value directive, if a browser was identified as ancient
$arg_                       argument in the request line
$args                       arguments in the request line
$binary_remote_addr         client address in a binary form, value’s length is always 4 bytes for IPv4 addresses or 16 bytes for IPv6 addresses
$body_bytes_sent            number of bytes sent to a client, not counting the response header; this variable is compatible with the “%B” parameter of the mod_log_config Apache module
$bytes_sent                 number of bytes sent to a client (1.3.8, 1.2.5)
$connection                 connection serial number (1.3.8, 1.2.5)
$connection_requests        current number of requests made through a connection (1.3.8, 1.2.5)
$connections_active         same as the Active connections value
$connections_reading        same as the Reading value
$connections_waiting        same as the Waiting value
$connections_writing        same as the Writing value
$content_length             “Content-Length” request header field
$content_type               “Content-Type” request header field
$cookie_                    the named cookie
$date_gmt                   current time in GMT. The format is set by the config command with the timefmt parameter
$date_local                 current time in the local time zone. The format is set by the config command with the timefmt parameter
$document_root              root or alias directive’s value for the current request
$document_uri               same as $uri
$fastcgi_path_info          the value of the second capture set by the fastcgi_split_path_info directive. This variable can be used to set the PATH_INFO parameter
$fastcgi_script_name        request URI or, if a URI ends with a slash, request URI with an index file name configured by the fastcgi_index directive appended to it. This variable can be used to set the SCRIPT_FILENAME and PATH_TRANSLATED parameters that determine the script name in PHP. For example, for the “/info/” request with the following directives
                                fastcgi_index index.php;
                                fastcgi_param SCRIPT_FILENAME /home/www/scripts/php$fastcgi_script_name;
                            the SCRIPT_FILENAME parameter will be equal to “/home/www/scripts/php/info/index.php”
$geoip_area_code            telephone area code (US only)
$geoip_city                 city name, for example, “Moscow”, “Washington”
$geoip_city_continent_code  two-letter continent code, for example, “EU”, “NA”
$geoip_city_country_code    two-letter country code, for example, “RU”, “US”
$geoip_city_country_code3   three-letter country code, for example, “RUS”, “USA”
$geoip_city_country_name    country name, for example, “Russian Federation”, “United States”
$geoip_country_code         two-letter country code, for example, “RU”, “US”
$geoip_country_code3        three-letter country code, for example, “RUS”, “USA”
$geoip_country_name         country name, for example, “Russian Federation”, “United States”
$geoip_dma_code             DMA region code in US (also known as “metro code”), according to the geotargeting in Google AdWords API
$geoip_latitude             latitude
$geoip_longitude            longitude
$geoip_org                  organization name, for example, “The University of Melbourne”
$geoip_postal_code          postal code
$geoip_region               two-symbol country region code (region, territory, state, province, federal land and the like), for example, “48”, “DC”
$geoip_region_name          country region name (region, territory, state, province, federal land and the like), for example, “Moscow City”, “District of Columbia”
$gzip_ratio                 achieved compression ratio, computed as the ratio between the original and compressed response sizes
$host                       in this order of precedence: host name from the request line, or host name from the “Host” request header field, or the server name matching a request
$hostname                   host name
$http2                      negotiated protocol identifier: “h2” for HTTP/2 over TLS, “h2c” for HTTP/2 over cleartext TCP, or an empty string otherwise
$http_                      arbitrary request header field; the last part of the variable name is the field name converted to lower case with dashes replaced by underscores. Examples: $http_referer, $http_user_agent
$https                      “on” if connection operates in SSL mode, or an empty string otherwise
$invalid_referer            Empty string, if the “Referer” request header field value is considered valid, otherwise “1”
$is_args                    “?” if a request line has arguments, or an empty string otherwise
$limit_rate                 setting this variable enables response rate limiting; see limit_rate
$memcached_key              Defines a key for obtaining response from a memcached server
$modern_browser             equals the value set by the modern_browser_value directive, if a browser was identified as modern
$msec                       current time in seconds with the milliseconds resolution (1.3.9, 1.2.6)
$msie                       equals “1” if a browser was identified as MSIE of any version
$nginx_version              nginx version
$pid                        PID of the worker process
$pipe                       “p” if request was pipelined, “.” otherwise (1.3.12, 1.2.7)
$proxy_add_x_forwarded_for  the “X-Forwarded-For” client request header field with the $remote_addr variable appended to it, separated by a comma. If the “X-Forwarded-For” field is not present in the client request header, the $proxy_add_x_forwarded_for variable is equal to the $remote_addr variable
$proxy_host                 name and port of a proxied server as specified in the proxy_pass directive
$proxy_port                 port of a proxied server as specified in the proxy_pass directive, or the protocol’s default port
$proxy_protocol_addr        client address from the PROXY protocol header, or an empty string otherwise (1.5.12). the PROXY protocol must be previously enabled by setting the proxy_protocol parameter in the listen directive.
$proxy_protocol_port        client port from the PROXY protocol header, or an empty string otherwise (1.11.0). the PROXY protocol must be previously enabled by setting the proxy_protocol parameter in the listen directive.
$query_string               same as $args
$realip_remote_addr         keeps the original client address (1.9.7)
$realip_remote_port         keeps the original client port (1.11.0)
$realpath_root              an absolute pathname corresponding to the root or alias directive’s value for the current request, with all symbolic links resolved to real paths
$remote_addr                client address
$remote_port                client port
$remote_user                user name supplied with the Basic authentication
$request                    full original request line
$request_body               request bod. The variable’s value is made available in locations processed by the proxy_pass, fastcgi_pass, uwsgi_pass, and scgi_pass directives.
$request_body_file          name of a temporary file with the request body. At the end of processing, the file needs to be removed. To always write the request body to a file, client_body_in_file_only needs to be enabled. When the name of a temporary file is passed in a proxied request or in a request to a FastCGI/uwsgi/SCGI server, passing the request body should be disabled by the proxy_pass_request_body off, fastcgi_pass_request_body off, uwsgi_pass_request_body off, or scgi_pass_request_body off directives, respectively.
$request_completion         “OK” if a request has completed, or an empty string otherwise
$request_filename           file path for the current request, based on the root or alias directives, and the request URI
$request_id                 unique request identifier generated from 16 random bytes, in hexadecimal (1.11.0)
$request_length             request length (including request line, header, and request body) (1.3.12, 1.2.7)
$request_method             request method, usually “GET” or “POST”
$request_time               request processing time in seconds with a milliseconds resolution (1.3.9, 1.2.6); time elapsed since the first bytes were read from the client
$request_uri                full original request URI (with arguments)
$scheme                     request scheme, “http” or “https”
$secure_link                The status of a link check. The specific value depends on the selected operation mode
$secure_link_expires        The lifetime of a link passed in a request; intended to be used only in the secure_link_md5 directive
$sent_http_                 arbitrary response header field; the last part of the variable name is the field name converted to lower case with dashes replaced by underscores
$server_addr                an address of the server which accepted a request. Computing a value of this variable usually requires one system call. To avoid a system call, the listen directives must specify addresses and use the bind parameter.
$server_name                name of the server which accepted a request
$server_port                port of the server which accepted a request
$server_protocol            request protocol, usually “HTTP/1.0”, “HTTP/1.1”, or “HTTP/2.0”
$session_log_binary_id      current session ID in binary form (16 bytes)
$session_log_id             current session ID
$slice_range                the current slice range in HTTP byte range format, for example, bytes=0-1048575
$spdy                       SPDY protocol version for SPDY connections, or an empty string otherwise
$spdy_request_priority      request priority for SPDY connections, or an empty string otherwise
$ssl_cipher                 returns the string of ciphers used for an established SSL connection
$ssl_client_cert            returns the client certificate in the PEM format for an established SSL connection, with each line except the first prepended with the tab character; this is intended for the use in the proxy_set_header directive
$ssl_client_fingerprint     returns the SHA1 fingerprint of the client certificate for an established SSL connection (1.7.1)
$ssl_client_i_dn            returns the “issuer DN” string of the client certificate for an established SSL connection
$ssl_client_raw_cert        returns the client certificate in the PEM format for an established SSL connection
$ssl_client_s_dn            returns the “subject DN” string of the client certificate for an established SSL connection
$ssl_client_serial          returns the serial number of the client certificate for an established SSL connection
$ssl_client_verify          returns the result of client certificate verification: “SUCCESS”, “FAILED”, and “NONE” if a certificate was not present
$ssl_protocol               returns the protocol of an established SSL connection
$ssl_server_name            returns the server name requested through SNI (1.7.0)
$ssl_session_id             returns the session identifier of an established SSL connection
$ssl_session_reused         returns “r” if an SSL session was reused, or “.” otherwise (1.5.11)
$status                     response status (1.3.2, 1.2.2)
$tcpinfo_rtt,
$tcpinfo_rttvar,
$tcpinfo_snd_cwnd,
$tcpinfo_rcv_space          information about the client TCP connection; available on systems that support the TCP_INFO socket option
$time_iso8601               local time in the ISO 8601 standard format (1.3.12, 1.2.7)
$time_local                 local time in the Common Log Format (1.3.12, 1.2.7)
$uid_got                    The cookie name and received client identifier
$uid_reset                  If the variable is set to a non-empty string that is not “0”, the client identifiers are reset. The special value “log” additionally leads to the output of messages about the reset identifiers to the error_log
$uid_set                    The cookie name and sent client identifier
$upstream_addr              keeps the IP address and port, or the path to the UNIX-domain socket of the upstream server. If several servers were contacted during request processing, their addresses are separated by commas, e.g. “192.168.1.1:80, 192.168.1.2:80, unix:/tmp/sock”. If an internal redirect from one server group to another happens, initiated by “X-Accel-Redirect” or error_page, then the server addresses from different groups are separated by colons, e.g. “192.168.1.1:80, 192.168.1.2:80, unix:/tmp/sock : 192.168.10.1:80, 192.168.10.2:80”
$upstream_cache_status      keeps the status of accessing a response cache (0.8.3). The status can be either “MISS”, “BYPASS”, “EXPIRED”, “STALE”, “UPDATING”, “REVALIDATED”, or “HIT”
$upstream_connect_time      time spent on establishing a connection with an upstream server
$upstream_cookie_           cookie with the specified name sent by the upstream server in the “Set-Cookie” response header field (1.7.1). Only the cookies from the response of the last server are saved
$upstream_header_time       time between establishing a connection and receiving the first byte of the response header from the upstream server
$upstream_http_             keep server response header fields. For example, the “Server” response header field is available through the $upstream_http_server variable. The rules of converting header field names to variable names are the same as for the variables that start with the “$http_” prefix. Only the header fields from the response of the last server are saved
$upstream_response_length   keeps the length of the response obtained from the upstream server (0.7.27); the length is kept in bytes. Lengths of several responses are separated by commas and colons like addresses in the $upstream_addr variable
$upstream_response_time     time between establishing a connection and receiving the last byte of the response body from the upstream server
$upstream_status            keeps status code of the response obtained from the upstream server. Status codes of several responses are separated by commas and colons like addresses in the $upstream_addr variable
$uri                        current URI in request, normalized. The value of $uri may change during request processing, e.g. when doing internal redirects, or when using index files.
	log_format main_json escape=json '{'
	'"msec": "$msec", ' # request unixtime in seconds with a milliseconds resolution
	'"connection": "$connection", ' # connection serial number
	'"connection_requests": "$connection_requests", ' # number of requests made in connection
	'"request_id": "$request_id", ' # the unique request id
	'"request_length": "$request_length", ' # request length (including headers and body)
	'"remote_addr": "$remote_addr", ' # client IP
	'"remote_user": "$remote_user", ' # client HTTP username
	'"remote_port": "$remote_port", ' # client port
	'"date_gmt": "$date_gmt", ' # current time in GMT. The format is set by the config command with the timefmt parameter
	'"time_local": "$time_local", ' # current time in the local time zone. The format is set by the config command with the timefmt parameter
	'"time_iso8601": "$time_iso8601", ' # local time in the ISO 8601 standard format
	'"request": "$request", ' # full path no arguments if the request
	'"request_uri": "$request_uri", ' # full path and arguments if the request
	'"args": "$args", ' # args
	'"content_length": "$content_length", ' # “Content-Length” request header field
	'"content_type": "$content_type", ' # Content-Type” request header field
	'"sent_http_content_type": "$sent_http_content_type", ' # Content-Type” response header field
	'"status": "$status", ' # response status code
	'"body_bytes_sent": "$body_bytes_sent", ' # the number of body bytes exclude headers sent to a client
	'"bytes_sent": "$bytes_sent", ' # the number of bytes sent to a client
	'"http_accept": "$http_accept", ' # HTTP accept
	'"http_referer": "$http_referer", ' # HTTP referer
	'"http_user_agent": "$http_user_agent", ' # user agent
	'"http_x_forwarded_for": "$http_x_forwarded_for", ' # http_x_forwarded_for
	'"host": "$host", ' # in this order of precedence: host name from the request line, or host name from the “Host” request header field, or the server name matching a request
	'"http_host": "$http_host", ' # the request Host: header
	'"request_time": "$request_time", ' # request processing time in seconds with msec resolution
	'"upstream": "$upstream_addr", ' # upstream backend server for proxied requests
	'"upstream_connect_time": "$upstream_connect_time", ' # upstream handshake time incl. TLS
	'"upstream_header_time": "$upstream_header_time", ' # time spent receiving upstream headers
	'"upstream_response_time": "$upstream_response_time", ' # time spend receiving upstream body
	'"upstream_response_length": "$upstream_response_length", ' # upstream response length
	'"upstream_cache_status": "$upstream_cache_status", ' # cache HIT/MISS where applicable
	'"request_method": "$request_method", ' # request method
	'"server_protocol": "$server_protocol", ' # request protocol, like HTTP/1.1 or HTTP/2.0
	'"gzip_ratio": "$gzip_ratio"' # achieved compression ratio, computed as the ratio between the original and compressed response sizes
	'}';

	access_log logs/access.log main_json;


	$ancient_browser equals the value set by the ancient_browser_value directive, if a browser was identified as ancient
	$arg_ argument in the request line
	$args arguments in the request line
	$binary_remote_addr client address in a binary form, value’s length is always 4 bytes for IPv4 addresses or 16 bytes for IPv6 addresses
	$body_bytes_sent number of bytes sent to a client, not counting the response header; this variable is compatible with the “%B” parameter of the mod_log_config Apache module
	$bytes_sent number of bytes sent to a client (1.3.8, 1.2.5)
	$connection connection serial number (1.3.8, 1.2.5)
	$connection_requests current number of requests made through a connection (1.3.8, 1.2.5)
	$connections_active same as the Active connections value
	$connections_reading same as the Reading value
	$connections_waiting same as the Waiting value
	$connections_writing same as the Writing value
	$content_length “Content-Length” request header field
	$content_type “Content-Type” request header field
	$cookie_ the named cookie
	$date_gmt current time in GMT. The format is set by the config command with the timefmt parameter
	$date_local current time in the local time zone. The format is set by the config command with the timefmt parameter
	$document_root root or alias directive’s value for the current request
	$document_uri same as $uri
	$fastcgi_path_info the value of the second capture set by the fastcgi_split_path_info directive. This variable can be used to set the PATH_INFO parameter
	$fastcgi_script_name request URI or, if a URI ends with a slash, request URI with an index file name configured by the fastcgi_index directive appended to it. This variable can be used to set the SCRIPT_FILENAME and PATH_TRANSLATED parameters that determine the script name in PHP. For example, for the “/info/” request with the following directives
	fastcgi_index index.php;
	fastcgi_param SCRIPT_FILENAME /home/www/scripts/php$fastcgi_script_name;
	the SCRIPT_FILENAME parameter will be equal to “/home/www/scripts/php/info/index.php”
	$geoip_area_code telephone area code (US only)
	$geoip_city city name, for example, “Moscow”, “Washington”
	$geoip_city_continent_code two-letter continent code, for example, “EU”, “NA”
	$geoip_city_country_code two-letter country code, for example, “RU”, “US”
	$geoip_city_country_code3 three-letter country code, for example, “RUS”, “USA”
	$geoip_city_country_name country name, for example, “Russian Federation”, “United States”
	$geoip_country_code two-letter country code, for example, “RU”, “US”
	$geoip_country_code3 three-letter country code, for example, “RUS”, “USA”
	$geoip_country_name country name, for example, “Russian Federation”, “United States”
	$geoip_dma_code DMA region code in US (also known as “metro code”), according to the geotargeting in Google AdWords API
	$geoip_latitude latitude
	$geoip_longitude longitude
	$geoip_org organization name, for example, “The University of Melbourne”
	$geoip_postal_code postal code
	$geoip_region two-symbol country region code (region, territory, state, province, federal land and the like), for example, “48”, “DC”
	$geoip_region_name country region name (region, territory, state, province, federal land and the like), for example, “Moscow City”, “District of Columbia”
	$gzip_ratio achieved compression ratio, computed as the ratio between the original and compressed response sizes
	$host in this order of precedence: host name from the request line, or host name from the “Host” request header field, or the server name matching a request
	$hostname host name
	$http2 negotiated protocol identifier: “h2” for HTTP/2 over TLS, “h2c” for HTTP/2 over cleartext TCP, or an empty string otherwise
	$http_ arbitrary request header field; the last part of the variable name is the field name converted to lower case with dashes replaced by underscores. Examples: $http_referer, $http_user_agent
	$https “on” if connection operates in SSL mode, or an empty string otherwise
	$invalid_referer Empty string, if the “Referer” request header field value is considered valid, otherwise “1”
	$is_args “?” if a request line has arguments, or an empty string otherwise
	$limit_rate setting this variable enables response rate limiting; see limit_rate
	$memcached_key Defines a key for obtaining response from a memcached server
	$modern_browser equals the value set by the modern_browser_value directive, if a browser was identified as modern
	$msec current time in seconds with the milliseconds resolution (1.3.9, 1.2.6)
	$msie equals “1” if a browser was identified as MSIE of any version
	$nginx_version nginx version
	$pid PID of the worker process
	$pipe “p” if request was pipelined, “.” otherwise (1.3.12, 1.2.7)
	$proxy_add_x_forwarded_for the “X-Forwarded-For” client request header field with the $remote_addr variable appended to it, separated by a comma. If the “X-Forwarded-For” field is not present in the client request header, the $proxy_add_x_forwarded_for variable is equal to the $remote_addr variable
	$proxy_host name and port of a proxied server as specified in the proxy_pass directive
	$proxy_port port of a proxied server as specified in the proxy_pass directive, or the protocol’s default port
	$proxy_protocol_addr client address from the PROXY protocol header, or an empty string otherwise (1.5.12). the PROXY protocol must be previously enabled by setting the proxy_protocol parameter in the listen directive.
	$proxy_protocol_port client port from the PROXY protocol header, or an empty string otherwise (1.11.0). the PROXY protocol must be previously enabled by setting the proxy_protocol parameter in the listen directive.
	$query_string same as $args
	$realip_remote_addr keeps the original client address (1.9.7)
	$realip_remote_port keeps the original client port (1.11.0)
	$realpath_root an absolute pathname corresponding to the root or alias directive’s value for the current request, with all symbolic links resolved to real paths
	$remote_addr client address
	$remote_port client port
	$remote_user user name supplied with the Basic authentication
	$request full original request line
	$request_body request bod. The variable’s value is made available in locations processed by the proxy_pass, fastcgi_pass, uwsgi_pass, and scgi_pass directives.
	$request_body_file name of a temporary file with the request body. At the end of processing, the file needs to be removed. To always write the request body to a file, client_body_in_file_only needs to be enabled. When the name of a temporary file is passed in a proxied request or in a request to a FastCGI/uwsgi/SCGI server, passing the request body should be disabled by the proxy_pass_request_body off, fastcgi_pass_request_body off, uwsgi_pass_request_body off, or scgi_pass_request_body off directives, respectively.
	$request_completion “OK” if a request has completed, or an empty string otherwise
	$request_filename file path for the current request, based on the root or alias directives, and the request URI
	$request_id unique request identifier generated from 16 random bytes, in hexadecimal (1.11.0)
	$request_length request length (including request line, header, and request body) (1.3.12, 1.2.7)
	$request_method request method, usually “GET” or “POST”
	$request_time request processing time in seconds with a milliseconds resolution (1.3.9, 1.2.6); time elapsed since the first bytes were read from the client
	$request_uri full original request URI (with arguments)
	$scheme request scheme, “http” or “https”
	$secure_link The status of a link check. The specific value depends on the selected operation mode
	$secure_link_expires The lifetime of a link passed in a request; intended to be used only in the secure_link_md5 directive
	$sent_http_ arbitrary response header field; the last part of the variable name is the field name converted to lower case with dashes replaced by underscores
	$server_addr an address of the server which accepted a request. Computing a value of this variable usually requires one system call. To avoid a system call, the listen directives must specify addresses and use the bind parameter.
	$server_name name of the server which accepted a request
	$server_port port of the server which accepted a request
	$server_protocol request protocol, usually “HTTP/1.0”, “HTTP/1.1”, or “HTTP/2.0”
	$session_log_binary_id current session ID in binary form (16 bytes)
	$session_log_id current session ID
	$slice_range the current slice range in HTTP byte range format, for example, bytes=0-1048575
	$spdy SPDY protocol version for SPDY connections, or an empty string otherwise
	$spdy_request_priority request priority for SPDY connections, or an empty string otherwise
	$ssl_cipher returns the string of ciphers used for an established SSL connection
	$ssl_client_cert returns the client certificate in the PEM format for an established SSL connection, with each line except the first prepended with the tab character; this is intended for the use in the proxy_set_header directive
	$ssl_client_fingerprint returns the SHA1 fingerprint of the client certificate for an established SSL connection (1.7.1)
	$ssl_client_i_dn returns the “issuer DN” string of the client certificate for an established SSL connection
	$ssl_client_raw_cert returns the client certificate in the PEM format for an established SSL connection
	$ssl_client_s_dn returns the “subject DN” string of the client certificate for an established SSL connection
	$ssl_client_serial returns the serial number of the client certificate for an established SSL connection
	$ssl_client_verify returns the result of client certificate verification: “SUCCESS”, “FAILED”, and “NONE” if a certificate was not present
	$ssl_protocol returns the protocol of an established SSL connection
	$ssl_server_name returns the server name requested through SNI (1.7.0)
	$ssl_session_id returns the session identifier of an established SSL connection
	$ssl_session_reused returns “r” if an SSL session was reused, or “.” otherwise (1.5.11)
	$status response status (1.3.2, 1.2.2)
	$tcpinfo_rtt,
	$tcpinfo_rttvar,
	$tcpinfo_snd_cwnd,
	$tcpinfo_rcv_space information about the client TCP connection; available on systems that support the TCP_INFO socket option
	$time_iso8601 local time in the ISO 8601 standard format (1.3.12, 1.2.7)
	$time_local local time in the Common Log Format (1.3.12, 1.2.7)
	$uid_got The cookie name and received client identifier
	$uid_reset If the variable is set to a non-empty string that is not “0”, the client identifiers are reset. The special value “log” additionally leads to the output of messages about the reset identifiers to the error_log
	$uid_set The cookie name and sent client identifier
	$upstream_addr keeps the IP address and port, or the path to the UNIX-domain socket of the upstream server. If several servers were contacted during request processing, their addresses are separated by commas, e.g. “192.168.1.1:80, 192.168.1.2:80, unix:/tmp/sock”. If an internal redirect from one server group to another happens, initiated by “X-Accel-Redirect” or error_page, then the server addresses from different groups are separated by colons, e.g. “192.168.1.1:80, 192.168.1.2:80, unix:/tmp/sock : 192.168.10.1:80, 192.168.10.2:80”
	$upstream_cache_status keeps the status of accessing a response cache (0.8.3). The status can be either “MISS”, “BYPASS”, “EXPIRED”, “STALE”, “UPDATING”, “REVALIDATED”, or “HIT”
	$upstream_connect_time time spent on establishing a connection with an upstream server
	$upstream_cookie_ cookie with the specified name sent by the upstream server in the “Set-Cookie” response header field (1.7.1). Only the cookies from the response of the last server are saved
	$upstream_header_time time between establishing a connection and receiving the first byte of the response header from the upstream server
	$upstream_http_ keep server response header fields. For example, the “Server” response header field is available through the $upstream_http_server variable. The rules of converting header field names to variable names are the same as for the variables that start with the “$http_” prefix. Only the header fields from the response of the last server are saved
	$upstream_response_length keeps the length of the response obtained from the upstream server (0.7.27); the length is kept in bytes. Lengths of several responses are separated by commas and colons like addresses in the $upstream_addr variable
	$upstream_response_time time between establishing a connection and receiving the last byte of the response body from the upstream server
	$upstream_status keeps status code of the response obtained from the upstream server. Status codes of several responses are separated by commas and colons like addresses in the $upstream_addr variable
	$uri current URI in request, normalized. The value of $uri may change during request processing, e.g. when doing internal redirects, or when using index files.