From f7c4e5a1fca1ca5c158dc393a44d753b0dccc8a8 Mon Sep 17 00:00:00 2001 From: root Date: Mon, 6 Apr 2015 14:00:48 -0500 Subject: [PATCH 1/2] working --- conf.d/default.conf | 59 +++++++++++++++++++++++++++++++++++++++++++++----- nginx.conf | 13 ++++++++++- 2 files changed, 65 insertions(+), 7 deletions(-) diff --git a/conf.d/default.conf b/conf.d/default.conf index 34aeb9a..8de7683 100644 --- a/conf.d/default.conf +++ b/conf.d/default.conf @@ -1,16 +1,62 @@ +# +# The default server +# server { - listen 80; - server_name localhost; + listen 80 default_server; + server_name _; #charset koi8-r; - #access_log /var/log/nginx/log/host.access.log main; + + #access_log logs/host.access.log main; + + # Load configuration files for the default server block. + include /etc/nginx/default.d/*.conf; + + proxy_cache ae_images; location / { - root /usr/share/nginx/html; - index index.html index.htm; + # Won't need this with our own app + proxy_set_header Host pics.foo.com; + proxy_pass http://image_servers; + #proxy_pass http://pics.foo.com; + # These only take effect if there's no expires/cache-control from the backend + proxy_cache_valid 200 302 10m; + proxy_cache_valid 404 1m; + # Add or append x-forwarded-for + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + # For keepalive connections, turn this on if version >= 1.1.4 + proxy_http_version 1.1; + + # Only allow one request for each URI to the backend at a time, e.g. + # 200 clients ask for favico.ico at the same time, only one request hits the + # backend. + # Turn this on if version >= 1.1.12 + proxy_cache_lock on; + # The amount of time the lock is placed in the above scenario. + #proxy_cache_lock_age 2s; + + # Enable nginx to use if-modified-since and if-none-match to backend + # Turn this on if version >= 1.5.7 + proxy_cache_revalidate on; + + # Allow nginx to send potentially stale content when: + proxy_cache_use_stale error timeout invalid_header updating + http_500 http_502 http_503 http_504; + proxy_connect_timeout 5s; + # Replace backend error with our own: + proxy_intercept_errors on; + # TODO should we include 500's here? + proxy_next_upstream error timeout; +#TODO do we need to rewrite redirects with proxy_redirect? + } - #error_page 404 /404.html; + error_page 404 /404.html; + location = /404.html { + root /usr/share/nginx/html; + } # redirect server error pages to the static page /50x.html # @@ -43,3 +89,4 @@ server { #} } + diff --git a/nginx.conf b/nginx.conf index e4bad8d..0600cc0 100644 --- a/nginx.conf +++ b/nginx.conf @@ -15,11 +15,22 @@ http { include /etc/nginx/mime.types; default_type application/octet-stream; + upstream image_servers { + server pics.foo.com weight=5; + server mbp.foo.com down; + } + # "One megabyte zone can store about 8 thousand keys." + proxy_cache_path /usr/share/nginx/data/cache levels=1:2 keys_zone=ae_images:100m max_size=2G inactive=24h; + + log_format proxylog '$remote_addr - $remote_user [$time_local] "$request" ' + '$status $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for" $upstream_addr $upstream_response_time'; + log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; - access_log /var/log/nginx/access.log main; + access_log /var/log/nginx/access.log proxylog; sendfile on; #tcp_nopush on; -- 1.7.1 From ac2de3f7ee9c1868e8695102300ead1858b01e25 Mon Sep 17 00:00:00 2001 From: root Date: Thu, 9 Apr 2015 10:06:09 -0500 Subject: [PATCH 2/2] remove revalidation to test --- conf.d/default.conf | 9 ++++++++- nginx.conf | 4 +++- 2 files changed, 11 insertions(+), 2 deletions(-) diff --git a/conf.d/default.conf b/conf.d/default.conf index 8de7683..82a084b 100644 --- a/conf.d/default.conf +++ b/conf.d/default.conf @@ -26,6 +26,8 @@ server { proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + # Add diagnostic header + add_header X-Cache-Status $upstream_cache_status; # For keepalive connections, turn this on if version >= 1.1.4 proxy_http_version 1.1; @@ -39,7 +41,12 @@ server { # Enable nginx to use if-modified-since and if-none-match to backend # Turn this on if version >= 1.5.7 - proxy_cache_revalidate on; + # + # Turning this on comes with a warning, the revalidation doesn't update the expires + # headers on the cached item. Rather, it holds the object as valid until the + # invalid_time on the store expires before it revalidates again. Turning this on + # coupled with a high inactive time could result in serving up stale data. + # proxy_cache_revalidate on; # Allow nginx to send potentially stale content when: proxy_cache_use_stale error timeout invalid_header updating diff --git a/nginx.conf b/nginx.conf index 0600cc0..cefc626 100644 --- a/nginx.conf +++ b/nginx.conf @@ -14,6 +14,8 @@ events { http { include /etc/nginx/mime.types; default_type application/octet-stream; + server_tokens off; + upstream image_servers { server pics.foo.com weight=5; @@ -24,7 +26,7 @@ http { log_format proxylog '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' - '"$http_user_agent" "$http_x_forwarded_for" $upstream_addr $upstream_response_time'; + '"$http_user_agent" "$http_x_forwarded_for" $upstream_addr $upstream_response_time $upstream_cache_status'; log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' -- 1.7.1