Alter.Org.UA
 << Back Home RU ru   Donate Donate

Setting up caching nginx reverse proxy

Intro

I've already written about server-side cache control. Nginx with default settings drops cache-control headers ETag and Cache-Control passed between web-server (e.g. apache) and web-client. Dynamic content update doesn't work in such case. Also we would like to handle static files by nginx without reising load on main web-server. Please find complete config below

Settings

Apache

Move web-server to local network interface and different port. It would not be available from external network.

httpd.conf, apache.conf
#Listen *:80
Listen 127.0.0.1:8000

#Listen *:443
Listen 127.0.0.1:8443
Nginx

Declare web services and user ports in main config. Ipv6 sipport is enabled by additional listen option. ALso it worth redirecting http clients to https (see rewrite option).

nginx.conf
    # cache settings
    proxy_cache_path /var/nginx levels=1:2 keys_zone=my_cache:10m max_size=1g 
                 inactive=60m use_temp_path=off;

    # HTTP
    server {
        #ipv6 support
        listen [::]:80;
        listen       80;
        #server_name  my.site.net;
        # here we allow ALL server names for virtual hosts support
        server_name  ~^.*$;

        # force redirect to https
        #rewrite ^ https://$http_host$request_uri? permanent;

        #access_log  /dev/null;
        access_log  /var/log/my-nginx.log;
        include my-cached-site.conf;
    }

    # HTTPS
    server {
        #ipv6 support
        listen [::]:443 ssl;
        listen       443 ssl;
        #server_name  my.site.net;
        server_name  ~^.*$;

        include https.conf;

        #access_log  /dev/null;
        access_log  /var/log/my-nginx.log;
        include my-cached-site.conf;
    }

    ssl_certificate      /etc/ssl/apache/my_site.crt;
    ssl_certificate_key  /etc/ssl/apache/my_site.key;

    ssl_ciphers  HIGH:!aNULL:!MD5;
    ssl_prefer_server_ciphers  on;

Handling of different sections of the site is same for both HTTP and HTTPS, so keep these settings in common include file. Here comes root directory settings for static content, filters, cache control directives and rules for dynamic content selection and passing it to cache/web-server. Note, order of location doesn't play role. Nginx selects best matching. Also note, that regular expressions are not allowed for proxy. Read more about location directive at www.digitalocean.com and www.keycdn.com

my-cached-site.conf
	root /var/www/my_site/;
#	index index.php index.html;

        # deny what user should not see
        location ^~ /.ht {
            deny  all;
            return 404;
        }

        # forward dynamic content to cache/apache
        location / {
            proxy_pass http://127.0.0.1:80/;
            include cache-proxy_pass.conf;
        }
        location /images/img.php {
            proxy_pass http://127.0.0.1:80/;
            include cache-proxy_pass.conf;
        }

        # handle static content with proper cache settings
        location /css/ {
	  expires 1M;
	  access_log /dev/null;
	  add_header Cache-Control "public";
        }
        location /js/ {
	  access_log /dev/null;
	  add_header Cache-Control "public";
        }

        location /images/ {
	  expires 1y;
	  access_log /dev/null;
	  add_header Cache-Control "public";
        }

        location ~* \.(xml|m3u|ico)$ {
	  expires 1d;
	  access_log /dev/null;
	  add_header Cache-Control "public";
        }

Disable gzip since it is incompatible with cache control and pass headers between web-server (apache) and client. proxy_set_header - from client, proxy_pass_header - to client.

my-cached-site.conf
    # gzip is not compatible with cache-control/etag
    gzip off;
    proxy_cache alfa_cache;
    proxy_buffering on;
    proxy_cache_revalidate on;
    proxy_cache_min_uses 3;
    proxy_cache_use_stale error timeout updating http_500 http_502
                               http_503 http_504;

    proxy_set_header Host      $host;
    proxy_set_header X-Real-IP       $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header If-None-Match $http_if_none_match;
    proxy_set_header If-Modified-Since $http_if_modified_since;

    proxy_pass_header Set-Cookie;
    proxy_pass_header ETag;
    proxy_pass_header Cache-Control;

2018.05.31

See also:




FB or mail alterX@alter.org.ua (remove X)   Share
<< Back designed by Alter aka Alexander A. Telyatnikov powered by Apache+PHP under FBSD © 2002-2018