Server Command (server)
server command options and behavior.Source: pgBackRest Command Docs: server
The pgBackRest server allows access to remote hosts without using the SSH protocol.
Command Options
TLS Server Address Option (--tls-server-address)
TLS server address.
IP address the server will listen on for client requests.
default: localhost
example: --tls-server-address=*
TLS Server Authorized Clients Option (--tls-server-auth)
TLS server authorized clients.
Clients are authorized on the server by verifying their certificate and checking their certificate CN (Common Name) against a list on the server configured with the tls-server-auth option.
A client CN can be authorized for as many stanzas as needed by providing a comma-separated list to the tls-server-auth option or for all stanzas by specifying tls-server-auth=client-cn=*. Wildcards may not be specified for the client CN.
example: --tls-server-auth=client-cn=stanza1,stanza2
TLS Server Certificate Authorities Option (--tls-server-ca-file)
TLS server certificate authorities.
Checks that client certificates are signed by a trusted certificate authority.
example: --tls-server-ca-file=/path/to/server.ca
TLS Server Certificate Option (--tls-server-cert-file)
TLS server certificate file.
Sent to the client to show the server identity.
example: --tls-server-cert-file=/path/to/server.crt
TLS Server Key Option (--tls-server-key-file)
TLS server key file.
Proves server certificate was sent by the owner.
example: --tls-server-key-file=/path/to/server.key
TLS Server Port Option (--tls-server-port)
TLS server port.
Port the server will listen on for client requests.
default: 8432
allowed: [1, 65535]
example: --tls-server-port=8000
General Options
Buffer Size Option (--buffer-size)
Buffer size for I/O operations.
Buffer size used for copy, compress, encrypt, and other operations. The number of buffers used depends on options and each operation may use additional memory, e.g. gz compression may use an additional 256KiB of memory.
Allowed values are 16KiB, 32KiB, 64KiB, 128KiB, 256KiB, 512KiB, 1MiB, 2MiB, 4MiB, 8MiB, and 16MiB.
default: 1MiB
example: --buffer-size=2MiB
Config Option (--config)
pgBackRest configuration file.
Use this option to specify a different configuration file than the default.
default: CFGOPTDEF_CONFIG_PATH "/" PROJECT_CONFIG_FILE
example: --config=/conf/pgbackrest/pgbackrest.conf
Config Include Path Option (--config-include-path)
Path to additional pgBackRest configuration files.
Configuration files existing in the specified location with extension .conf will be concatenated with the pgBackRest configuration file, resulting in one configuration file.
default: CFGOPTDEF_CONFIG_PATH "/" PROJECT_CONFIG_INCLUDE_PATH
example: --config-include-path=/conf/pgbackrest/conf.d
Config Path Option (--config-path)
Base path of pgBackRest configuration files.
This setting is used to override the default base path setting for the --config and --config-include-path options unless they are explicitly set on the command-line.
For example, passing only --config-path=/conf/pgbackrest results in the --config default being set to /conf/pgbackrest/pgbackrest.conf and the --config-include-path default being set to /conf/pgbackrest/conf.d.
default: CFGOPTDEF_CONFIG_PATH
example: --config-path=/conf/pgbackrest
I/O Timeout Option (--io-timeout)
I/O timeout.
Timeout, in seconds, used for connections and read/write operations.
Note that the entire read/write operation does not need to complete within this timeout but some progress must be made, even if it is only a single byte.
default: 1m
allowed: [100ms, 1h]
example: --io-timeout=120
Set Process Priority Option (--priority)
Set process priority.
Defines how much priority (i.e. niceness) will be given to the process by the kernel scheduler. Positive values decrease priority and negative values increase priority. In most case processes do not have permission to increase their priority.
allowed: [-20, 19]
example: --priority=19
Protocol Timeout Option (--protocol-timeout)
Protocol timeout.
Sets the timeout, in seconds, that the local or remote process will wait for a new message to be received on the protocol layer. This prevents processes from waiting indefinitely for a message.
NOTE: The
protocol-timeoutoption must be greater than thedb-timeoutoption.
default: 31m
allowed: [100ms, 7d]
example: --protocol-timeout=630
Keep Alive Option (--sck-keep-alive)
Keep-alive enable.
Enables keep-alive messages on socket connections.
default: y
example: --no-sck-keep-alive
Keep Alive Count Option (--tcp-keep-alive-count)
Keep-alive count.
Specifies the number of TCP keep-alive messages that can be lost before the connection is considered dead.
This option is available on systems that support the TCP_KEEPCNT socket option.
allowed: [1, 32]
example: --tcp-keep-alive-count=3
Keep Alive Idle Option (--tcp-keep-alive-idle)
Keep-alive idle time.
Specifies the amount of time (in seconds) with no network activity after which the operating system should send a TCP keep-alive message.
This option is available on systems that support the TCP_KEEPIDLE socket option.
allowed: [1, 3600]
example: --tcp-keep-alive-idle=60
Keep Alive Interval Option (--tcp-keep-alive-interval)
Keep-alive interval time.
Specifies the amount of time (in seconds) after which a TCP keep-alive message that has not been acknowledged should be retransmitted.
This option is available on systems that support the TCP_KEEPINTVL socket option.
allowed: [1, 900]
example: --tcp-keep-alive-interval=30
TLSv1.2 cipher suites Option (--tls-cipher-12)
Allowed TLSv1.2 cipher suites.
All TLS connections between the pgBackRest client and server are encrypted. By default, connections to objects stores (e.g. S3) are also encrypted.
NOTE: The absolute minimum security level for any transport connection is TLSv1.2.
The accepted cipher suites can be adjusted if need arises. The example is reasonable choice unless you have specific security requirements. If unset (the default), the default of the underlying OpenSSL library applies.
example: --tls-cipher-12=HIGH:MEDIUM:+3DES:!aNULL
TLSv1.3 cipher suites Option (--tls-cipher-13)
Allowed TLSv1.3 cipher suites.
All TLS connections between the pgBackRest client and server are encrypted. By default, connections to objects stores (e.g. S3) are also encrypted.
NOTE: The absolute minimum security level for any transport connection is TLSv1.2.
The accepted cipher suites can be adjusted if need arises. If unset (the default), the default of the underlying OpenSSL library applies.
example: --tls-cipher-13=TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256
Log Options
Console Log Level Option (--log-level-console)
Level for console logging.
The following log levels are supported:
off- No logging at all (not recommended)error- Log only errorswarn- Log warnings and errorsinfo- Log info, warnings, and errorsdetail- Log detail, info, warnings, and errorsdebug- Log debug, detail, info, warnings, and errorstrace- Log trace (very verbose debugging), debug, info, warnings, and errors
default: warn
example: --log-level-console=error
File Log Level Option (--log-level-file)
Level for file logging.
The following log levels are supported:
off- No logging at all (not recommended)error- Log only errorswarn- Log warnings and errorsinfo- Log info, warnings, and errorsdetail- Log detail, info, warnings, and errorsdebug- Log debug, detail, info, warnings, and errorstrace- Log trace (very verbose debugging), debug, info, warnings, and errors
default: info
example: --log-level-file=debug
Std Error Log Level Option (--log-level-stderr)
Level for stderr logging.
Specifies which log levels will output to stderr rather than stdout (specified by log-level-console). The timestamp and process will not be output to stderr.
The following log levels are supported:
off- No logging at all (not recommended)error- Log only errorswarn- Log warnings and errorsinfo- Log info, warnings, and errorsdetail- Log detail, info, warnings, and errorsdebug- Log debug, detail, info, warnings, and errorstrace- Log trace (very verbose debugging), debug, info, warnings, and errors
default: off
example: --log-level-stderr=error
Log Path Option (--log-path)
Path where log files are stored.
The log path provides a location for pgBackRest to store log files. Note that if log-level-file=off then no log path is required.
default: /var/log/pgbackrest
example: --log-path=/backup/db/log
Log Timestamp Option (--log-timestamp)
Enable timestamp in logging.
Enables the timestamp in console and file logging. This option is disabled in special situations such as generating documentation.
default: y
example: --no-log-timestamp
Feedback
Was this page helpful?
Thanks for the feedback! Please let us know how we can improve.
Sorry to hear that. Please let us know how we can improve.