Vhost.xml file

The Vhost.xml configuration file defines an individual virtual host. Each virtual host directory on the server contains its own Vhost.xml file.

The Vhost.xml file contains elements that define the settings for the virtual host. These settings include aliases for the virtual host, the location of the virtual host’s application directory, limits on the resources the virtual host can use, and other parameters.

Each virtual host must have its own directory inside the adaptor directory. The name of the directory must be the actual name of the virtual host, such as streaming.adobe.com. Each defined virtual host must be mapped to a DNS (domain name server) entry or another name resolution, such as a WINS address or a hosts file, that specifies an IP address on the server computer.

Each adaptor must contain a _defaultVHost_ directory in addition to the custom virtual hosts that you define. If a client application tries to connect to a virtual host that does not exist, the server attempts to connect it to _defaultVHost_. If you are using a secure port for the adaptor that contains the virtual host, you can only define one virtual host for the adaptor, in addition to _defaultVHost_.

To see the element structure and default values in Vhost.xml, see the Vhost.xml file installed with Adobe Media Server in the RootInstall/conf/_defaultRoot_/_defaultVhost _directory.


Container element.

The elements nested within the Access container configure the Access log settings. The Access logs are located in the RootInstall\logs directory.

Contained elements


Determines whether aggregate messages are delivered from the edge cache when the virtual host is configured as an edge server. The default value is false.

If the edge server receives aggregate messages from the origin when this setting is disabled, the messages will be broken up before being cached.


 <AggregateMessages enabled="true" 

See also


The Alias element specifies the assumed name(s) of the virtual host.

An alias is an alternative short name to use when connecting to the virtual host. The Alias element lets you specify additional names to connect to this virtual host. Use the Alias element to shorten long host names, or if you want to be able to connect to this virtual host with different names.


 <Alias name="abc">abc.adobe.com</Alias>

If the name of this virtual host is “abc.adobe.com”, but you wish to connect by simply specifying “abc”, then specify the alias abc. Keep in mind that abc must still map to the same IP address as “abc.adobe.com”.

If more than one virtual host on the same adaptor has been defined with the same alias, then the first match that is found is taken. You can avoid unexpected behavior by specifying a unique alias for each virtual host.

See also


Container element.

The elements nested in this section list the alias(es) for this virtual host. You can specify an unlimited number of aliases by adding additional Alias elements. Each Alias must map to the IP address of the virtual host.

Contained elements


This element is a comma-delimited list of domains that are allowed to connect to this virtual host. The default value is all. If the Allow element is left empty, the only connections allowed are those coming from the same domain.



This example allows only connections from the adobe.com and yourcompany.com domains.


This example allows localhost connections only.


This example allows connections from all domains. Adobe does not recommend the use of all; it may create a security risk.

See also


Specifies whether overriding edge autodiscovery is allowed by specifying the rtmpd protocol. If enabled, edge autodiscovery is performed by default.



See also


Configures the virtual host as an anonymous proxy (also called an implicit or transparent proxy) or as an explicit proxy. The default value is false. Setting this element to true creates an implicit proxy to intercept the incoming URIs.

Both anonymous and explicit proxies intercept and aggregate the clients’ requests to connect to the origin server. Here are some key differences between anonymous and explicit proxies:

  • The identity (IP address and port number) of an anonymous server is hidden from the client.

  • The anonymous proxy does not change or modify the routing information in the incoming URI before connecting the client(s) to the origin server.

  • The URI for an explicit proxy specifies the edge server(s) that will intercept connection requests to the origin server.

You can create a chain of proxies by specifying them in the URI.

  • Any anonymous proxy in the chain passes on, without modification, the routing information in the URI to the next edge server in the chain.

  • The routing information in the URI for a chain of explicit proxies specifies the edge servers that are chained together to intercept connection requests to the origin server.

  • The routing information in the URI for a chain of explicit proxies specifically identifies the sequence of edge servers in the chain.

  • The URI for a chain of explicit proxies directs all clients’ connection requests through a specific sequence of edge servers before making the connection to the origin server.

  • The explicit proxy modifies the routing information in the URI by stripping off its token or identifier in the URI before passing the URI on to the next server in the chain.



See also


Specifies how often to check for and remove unused resources for application instances, such as Shared Objects, Streams, and Script engines.

The default interval is 1 minute.



See also


Specifies the Applications directory for this virtual host.

The Applications directory is the base directory where all applications for this virtual host are defined. You define an application by creating a subdirectory with the application name.

  • In Windows, the default AppsDir location is C:\Program Files\Adobe\Adobe Media Server 4\applications.

  • In Linux, the default location is /opt/adobe/ams/applications.


If you use this tag to map to a network drive, see Mapping directories to network drives for additional information.

Example 1


You can specify multiple applications directories by separating locations with a semicolon (;). You can specify two locations, each of which contains application subdirectories. If you change the default location of the AppsDir element, be sure to include a directory named admin in each directory. This ensures that the Administration Console (ams_adminConsole.swf) will be able to connect to the virtual host.

If no location is specified for this element, the applications directory is assumed to be located in the vhost directory.

Example 2

The following example shows a mapping to a network drive:


See also


Container element.

Determines whether or not to close idle clients automatically.

Set the enable attribute to true to close idle clients. If the enable attribute is omitted or set to false, the feature is disabled. The default value is false.

A client is active when it is sending or receiving data. Use AutoCloseIdleClients to specify how often the server should check for idle clients. When a client has been idle longer than the maximum idle time (60 seconds by default), the server sends a status message to the NetConnectionobject (the client). The server closes the client connection to the server and writes a message to the access log. The server also writes a message such as “Client x has been idle for y seconds” in the core and event logs.

To configure the closing of idle connections, you must enable the feature in the Server.xml file. Once you enable the feature in the Server.xml file, you can disable the feature for individual virtual hosts in the Vhost.xml files or for individual applications in Application.xml. The values defined in the Vhost.xml configuration file apply to all clients connected to the Vhost, unless values are defined in the Application.xml file. The Application.xml values override the Vhost.xml values. Subsequently, the values defined in the Server.xml configuration file apply to all clients connected to the server, unless the values are defined in the Vhost.xml file. The Vhost.xml values override the Server.xml values.


 <AutoCloseIdleClients enable="false"> 

See also


Container element.

This element enables or disables writing recorded streams to disk. Set this element on an edge server or an intermediate origin server to control the caching behavior. The contents of the cache change. This element controls whether the cached streams are written to disk, in addition to being cached in memory.

The edge server caches content locally to aid performance, especially for vod (video on demand) applications. Caching static content can reduce the overall load placed on the origin server.

The default value of the enabled attribute is false. The useAppDir attribute determines whether to separate cache subdirectories by application. The default value is true.

If a server has multiple virtual hosts, each virtual host should point to its own cache directory.

Contained elements

See also


Enables logging checkpoint events. Checkpoint events log bytes periodically from the start to the end of an event. The following are available as checkpoint events: connect-continue, play-continue, and publish-continue.

This element contains the enable attribute which you can set to true or false. Set the enable attribute to true to turn on checkpoint events in logs. The default value is false.

You must enable checkpoint events at the server level in the Server.xml file. You can disable checkpoints at the vhost and application level in the Vhost.xml and Application.xml files. You can also override the logging interval at the vhost and application levels.

Contained elements


Specifies the primary DNS suffix for this virtual host.

If a reverse DNS look up fails to return the domain as part of the host name, then this element is used as the domain suffix.

See also


Container element.

Contains elements that configure edge autodiscovery. An edge server may connect to another server that is part of a cluster. In this case, the edge server tries to determine which server in the cluster it should connect to (may or may not be the server specified in the URL).



See also


Specifies whether edge autodiscovery is enabled. If Enabled is set to true, the edge server tries to determine to which server in a cluster it should connect. The default value is false.



See also


When Flash Player connects to Adobe Media Server, it sends the server a string containing its platform and version information. You can add Key elements that map Flash Player information to keys. The keys can be any alphanumeric value. In the following example, the keys are A and B:

     <Key from="WIN 8,0,0,0" to="WIN 9,0,45,0">A</Key> 
     <Key from="WIN 6,0,0,0" to="WIN 7,9,9,9">B</Key> 
     <Key from="MAC 8,0,0,0" to="MAC 9,0,45,0">A</Key> 
     <Key from="MAC 6,0,0,0" to="MAC 7,9,9,9">B</Key> 

In the VirtualDirectory element, you map virtual directories used in URLs to physical directories containing streams. In the following example, if a client with key A requests a stream with the URL NetStream.play("vod/someMovie"), it is served the stream c:\on2\someMovie.flv. If a client with key B requests a stream with the URL NetStream.play("vod/someMovie"), it is served the stream c:\sorenson\someMovie.flv.

     <Streams key="A">vod;c:\on2</Streams>  
     <Streams key="B">vod;c:\sorenson</Streams>  

You can also set these values in a server-side script. For more information, see the Client.virtualKey and Stream.setVirtualPath() entries in the Server-Side ActionScript Language Reference.

For more information, see the “Configuring content storage” section of the Configuration and Administration Guide at www.adobe.com/go/learn_ams_content_en.

See also


This element binds an outgoing edge connection to a specific local IP address.

The LocalAddress element lets you allocate incoming and outgoing connections to different network interfaces. This strategy is useful when configuring an edge to either transparently pass on or intercept requests and responses.

If the LocalAddress element is not specified, then outgoing connections bind to the value of the INADDR_ANY Windows system variable.

See also


Container element.

Contains elements that control logging.

Contained elements


Specifies how often to log a checkpoint, in seconds. This value should be larger than the value for CheckInterval. If the value is smaller, the server logs a checkpoint every check interval. The default value is 3600 seconds (60 minutes).


Specifies the size in bytes of aggregate messages returned from the edge cache. (Aggregate messages must be enabled.) The default size is 65,536.

This setting only applies to messages retrieved from the disk cache. Aggregate messages received directly from the origin server are returned as is and their size is determined by the origin server settings for aggregate message size.



See also


Specifies the maximum number of application instances that can be loaded into this virtual host.

A chat application, for example, might require more than one instance, because each chat room represents a separate instance of the application on the server. The default number is 15,000 application instances.

A Flash SWF file defines which application instance it is connecting to by the parameters it includes with its ActionScript connect call.



See also


Specifies the maximum number of clients that can connect to this virtual host.

The maximum number of allowed connections is encoded in the license file. Connections are denied if the specified limit is exceeded. The default number is -1, which represents an unlimited number of connections.



See also


Specifies the maximum number of connections that can remotely connect to this virtual host. This number is enforced by the license key.



See also


Specifies the maximum idle time allowed, in seconds, before a client is disconnected.

The default idle time is 3600 seconds (60 minutes). If you set a value lower than 60 seconds, the server uses the value 1200 seconds (20 minutes).

A different value can be set for each virtual host. If no value is set for this element in the Vhost.xml file, the server uses the value in the Server.xml file. The value for the MaxIdleTime element in the Vhost.xml file overrides the value of the MaxIdleTime element in the Server.xml file.



See also


Specifies the maximum number of shared objects that can be created. The default number of shared objects is 50,000.



See also


Specifies the maximum allowed size of the disk cache, in gigabytes. The server does LRU (least recently used) cleanup of the cache to keep it under the maximum size. The default value is 32 gigabytes. A value of 0 disables the disk cache. A value of -1 specifies no maximum.

See also


Specifies the maximum number of streams that can be created for live streams. The default number of streams is 250,000.


This property is ignored for recorded streams.



See also


The Mode element configures whether the server runs as an origin server or as an edge server.

The Mode element can be set to local or remote. The default setting is local.

  • When the Mode element is set to local, Adobe Media Server runs its applications locally and is called an origin server.

  • When the Mode element is set to remote, the server behaves as an edge server that connects to the applications running on an origin server.

  • If the Mode element is undefined, the virtual host is evaluated as an alias for the default virtual host and assumes its configuration.



See also


Specifies the number of buckets to divide the cache into. The aggregate cache size is defined by MaxSize. Can be any value from 2 to 128; the default value is 8. More buckets mean that a smaller portion of the disk content will be deleted at any one time, but also that files will need to be moved to new buckets more often, which results in more disk activity and lower performance.

You can define the number of buckets that contain contents that can be moved with NumBucketsAtRisk.



See also


Specifies the number of buckets considered to be “at risk” of deletion. Can be any value from 0 to NumBuckets - 1; the default is NumBuckets/2. To avoid moving files too frequently at the expense of disk performance, only segments that are in the oldest NumBucketsAtRisk buckets will be moved to the newest bucket when accessed. A value of 0 means that segments, once pulled from the origin, are never moved to a newer bucket, effectively turning the cache into an LRU (least recently used) cache.

The default value of NumBuckets/2 means that only segments in the “older half” of content will be moved. The idea is that segments in the “newer half” of content are more likely to be accessed again before they are deleted, thus making it less important to move them.



See also


Specifies the physical location of the proxy cache. By default, the location is RootInstall/cache/. The value must be an absolute path. Relative paths are ignored and the server uses the default folder.

See also


Container element.

The elements nested in this section configure this virtual host as an edge server that can forward connection requests from applications running on one remote server to another server.


Whenever a virtual host is configured as an edge server, it behaves locally as a remote server.

If this virtual host is configured to run in remote mode and you want to configure the properties of an outgoing SSL connection to an upstream server, the SSL connection to upstream servers will use the default configuration specified in the SSL section of the Server.xml file.

Contained elements


The maximum amount of time, in seconds, the server waits for a response to a request from an upstream server. A request can be for metadata, content, and so on. This value -1 specifies an unlimited amount of time (no timeout). The default value is 2 seconds.

See also


Container element.

The elements in this section specify the maximum resource limits for this virtual host.

Contained elements


Instructs the edge server to forward the connection request to one server’s IP address and port number [host:port] to a different IP address and port number.

Edge servers are configured with the RouteEntry element to direct connections to another destination. The RouteTable element contains the RouteEntry elements that control where the edge server reroutes requests.

You can also add the protocol attribute to an individual RouteEntry element to specify how the edge server reroutes requests. If no protocol is specified, however, Adobe Media Server applies the protocol specified in the RouteTable element. Implicit proxies hide the routing information from the clients.

The connection syntax for this element is flexible, as demonstrated in the following examples.


This example shows how you can configure the edge to route all connections to the host foo to the host bar.

     <RouteTable protocol=""> 

Use of the wildcard character * to replace host and port.The example shows how to route connections destined for any host on any port to port 1935 on the host foo.


The example instructs the server to route connections to any host on any port to the specified host on port 1936. For example, if you were to connect to foo:1935, the connection would be routed to foo:1936.


The example instructs the server to use the values for host and port on the left side as the values for host and port on the right side, and to route connections destined for any host on any port to the same host on port 80.


The example instructs the server to route a host:port combination to null. Its effect is to reject all connections destined for foo:80.


See also


Container element.

 <RouteTable protocol="rtmp">


 <RouteTable protocol="rtmps">

The RouteEntry elements nested under the RouteTable element specify the routing information for the edge server. Administrators use these elements to route connections to the desired destination. The RouteTable element can be left empty or it can contain one or more RouteEntry elements.

The protocol attribute specifies the protocol to use for the outgoing connection. The attribute is set to "" (an empty string), rtmp for a connection that isn’t secure, or rtmps for a secure connection.

  • Specifying "" (an empty string) means preserving the security status of the incoming connection.

    • If the incoming connection was secure, then the outgoing connection will also be secure.

    • If the incoming connection was not secure, the outgoing connection will not be secure.

  • Specifying rtmp instructs the edge not to use a secure outgoing connection, even if the incoming connection was secure.

  • Specifying rtmps instructs the edge to use a secure outgoing connection, even if the incoming connection was not secure.

You can override the security status for a connection mapping by specifying a protocol attribute in a RouteEntry element. By default, Adobe Media Server applies the protocol configured in the RouteTable list unless the mapping for a particular RouteEntry element overrides it.

Contained elements


Container element.

If a virtual host is running in remote mode as an edge server and you want to configure the properties of an outgoing SSL connection to an upstream server, then you must enable this section and configure its SSL elements appropriately.

When Adobe Media Server acts as a client to make an outgoing SSL connection, the following sequence of events takes place:

  • The SSL elements in the Vhost.xml file are evaluated first.

  • If the SSL elements in the Vhost.xml file override the SSL elements in the Server.xml file, Adobe Media Server uses the SSL elements in the Vhost.xml file to configure the connection.

  • If the SSL elements in the Vhost.xml file match the SSL elements in the Server.xml file, Adobe Media Server uses the default values for SSL in the Server.xml file to configure the connection.

  • If the SSL elements in an edge’s Vhost.xml file are not present, Adobe Media Server uses the default values specified in the SSL section of Server.xml to configure the SSL connection to upstream servers.


When Adobe Media Server is running in local mode as an origin server, the SSL information in the vhost.xml file is not evaluated.

You can also override the configuration for outgoing SSL connections for an individual virtual host in Vhost.xml by copying the SSL elements in Server.xml to the corresponding SSL section in the Vhost.xml file.

For more information on the SSL elements in Server.xml, see SSL.

Contained elements


Specifies the name of a file that contains one or more CA (Certificate Authority) digital certificates in PEM (Privacy Enhanced Mail) encryption format.


Specifies the name of a directory containing CA certificates. Each file in the directory must contain only a single CA certificate. File names must be the hash with “0” as the file extension.

For Win32 only: If this element is empty, attempts are made to find CA certificates in the certs directory located at the same level as the conf directory. The Windows certificate store can be imported into this directory by running AMSMaster - console - initialize from the command line.


Specifies the suite of encryption ciphers that the server uses to secure communications.

This element is a colon-delimited list of encryption resources, such as a key-exchange algorithm, authentication method, encryption method, digest type, or one of a selected number of aliases for common groupings. Each item in the cipher list specifies the inclusion or exclusion of an algorithm or cipher. In addition, there are special keywords and prefixes. For example, the keyword ALL specifies all ciphers, and the prefix ! removes the cipher from the list.

The default cipher list instructs the server to accept all ciphers, but block those using anonymous Diffie-Hellman authentication, block low-strength ciphers, block export ciphers, block MD5 hashing, and sort ciphers by strength from highest to lowest level of encryption.


Contact Adobe Support before changing the default settings.

The cipher list consists of one or more cipher strings separated by colons. Commas or spaces are also acceptable separators, but colons are normally used.

The string of ciphers can take several different forms.

  • It can consist of a single cipher suite, such as RC4-SHA.

  • It can represent a list of cipher suites containing a certain algorithm, or cipher suites of a certain type.

    For example, SHA1 represents all cipher suites using the digest algorithm SHA1, and SSLv3 represents all SSL v3 algorithms.

  • Lists of cipher suites can be combined in a single cipher string using the + character as a logical and operation.

    For example, SHA1+DES represents all cipher suites containing the SHA1 and DES algorithms.

  • Each cipher string can be optionally preceded by the characters !, -, or +.

  • If ! is used, then the ciphers are permanently deleted from the list. The ciphers deleted can never reappear in the list even if they are explicitly stated.

  • If - is used, then the ciphers are deleted from the list, but some or all of the ciphers can be added again later.

  • If + is used, then the ciphers are moved to the end of the list. This option doesn't add any new ciphers—it just moves matching existing ones.

  • If none of these characters is present, then the string is just interpreted as a list of ciphers to be appended to the current preference list.

  • If the list includes any ciphers already present, the server does not evaluate them.

  • The cipher string @STRENGTH sorts the current cipher list in order of the length of the encryption algorithm key.

The components can be combined with the appropriate prefixes to create a list of ciphers, including only those ciphers the server is prepared to accept, in the order of preference.


This cipher string instructs the server to accept all ciphers except those using anonymous or ephemeral Diffie-Hellman key exchange.


These cipher strings instruct the server to accept only RSA key exchange and refuse export or null encryption. The server evaluates both strings as equivalent.


This cipher list instructs the server to accept all ciphers but place them in order of decreasing strength. This sequencing allows clients to negotiate for the strongest cipher that both they and the server can accept.


This string instructs the server to accept only high- and medium-strength encryption, with the high being preferred, and reject export-strength versions.


This string instructs the server to accept all ciphers but to order them so that SSLv2 ciphers come after SSLv3 ciphers.


The following is the complete list of components that the server can evaluate.

Key exchange algorithm



Key exchange


Diffie-Hellman key exchange with RSA key


Diffie-Hellman key exchange with DSA key


Ephemeral Diffie-Hellman key exchange


RSA key exchange


Ephemeral Diffie-Hellman key exchange


Anonymous Diffie-Hellman key exchange

Authentication methods



No authentication


RSA authentication


DSS authentication


Diffie-Hellman authentication

Encryption methods



No encoding


DES encoding


Triple-DES encoding


RC4 encoding


RC2 encoding


IDEA encoding


No encryption


All export ciphers (40-bit encryption)


Low-strength ciphers (no export, DES)


128-bit encryption


Triple-DES encoding

Digest types



MD5 hash function


SHA1 hash function


SHA hash function

Additional aliases



All ciphers


All SSL version 2.0 ciphers


All SSL version 3.0 ciphers


All ciphers using DSS authentication


Specifies whether the certificate returned by the server should be verified. Certificate verification is enabled by default. To disable certificate verification, specify false.


Disabling certificate verification can result in security problems.


Specifies the maximum depth of the certificate chain to accept. If a self-signed root certificate cannot be found within this depth, certificate verification fails. The default value is 9.




Specifies the virtual directory mapping for recorded streams. The Streams element enables you to specify a virtual directory for stored stream resources used by more than one application. By using a virtual directory, you specify a relative path that points to a shared directory that multiple applications can access.

You can specify multiple virtual directory mappings for streams by adding additional Streams elements—one for each virtual directory mapping.

For more information, see the “Configuring content storage” section of the Configuration and Administration Guide.


The following configuration maps all streams whose names begin with foo/ to the physical directory c:\data. The stream named foo/bar maps to the physical file c:\data\bar.flv.


If a stream is named foo/bar/x, the server tries to find a virtual directory mapping for foo/bar. If there is no virtual directory for foo/bar, the server checks for a virtual directory mapping for foo. Since a virtual directory mapping does exist for foo, the stream foo.bar maps to the file c:\data\bar\x.flv.


If the virtual directory you specify does not end with a backslash, the server adds one.

The following configuration maps streams whose paths begin with common/ to the folder C:\flashmediaserver\myapplications\shared\resources.


If the application “videoConference” refers to an item common/video/recorded/june5 and the application “collaboration” refers to common/video/recorded/june5, they both point to the same item C:\flashmediaserver\myapplications\shared\resources\video\recorded\june5\.

See also


Specifies virtual directory mappings for resources such as recorded streams.

Virtual directories let you share resources among applications. When the beginning portion of a resource’s URI matches a virtual directory, Adobe Media Server serves the resource from the physical directory. For detailed information on mapping virtual directories, see Mapping virtual directories to physical directories.

You can use the VirtualDirectory element in conjunction with the VirtualKeys element to serve content based on Flash Player version information. For more information, see VirtualKeys.


If you are mapping a virtual directory to a drive on another computer, make sure that the computer running Adobe Media Server has the right permissions to access the other computer. For more information, see Mapping directories to network drives.


For example, using the following VirtualDirectory XML, if a client called NetStream.play("vod/myVideo"), the server would play the file d:\sharedStreams\myVideo.flv:


Contained elements

See also


Root element of the Vhost.xml file.

This element contains all the configuration elements for the Vhost.xml file.


Lets you map Flash Player versions to keys. The keys are used in the VirtualDirectory element to map URLs to physical locations on a server. Use these elements to deliver streams to clients based on Flash Player version.

Contained elements



Specifies length to wait in milliseconds for edge autodiscovery. The number must be long enough to establish a TCP connection, perform a UDP broadcast, collect the UDP responses, and return an XML response. Do not set this number too low.



See also

Adobe logo

Sign in to your account