Opened 3 years ago

#778 new enhancement

Immediatley expire cached responses

Reported by: jdiamond@… Owned by:
Priority: minor Milestone:
Component: nginx-core Version: 1.9.x
Keywords: Cc:
uname -a:
nginx -V: nginx version: nginx/1.9.4 built with OpenSSL 1.0.2d 9 Jul 2015 TLS SNI support enabled configure arguments: --with-cc=cl --builddir=objs.msvc8 --with-debug --prefix= --conf-path=conf/nginx.conf --pid-path=logs/nginx.pid --http-log-path=logs/access.log --error-log-path=logs/error.log --sbin-path=nginx.exe --http-client-body-temp-path=temp/client_body_temp --http-proxy-temp-path=temp/proxy_temp --http-fastcgi-temp-path=temp/fastcgi_temp --http-scgi-temp-path=temp/scgi_temp --http-uwsgi-temp-path=temp/uwsgi_temp --with-cc-opt=-DFD_SETSIZE=1024 --with-pcre=objs.msvc8/lib/pcre-8.37 --with-zlib=objs.msvc8/lib/zlib-1.2.8 --with-select_module --with-http_realip_module --with-http_addition_module --with-http_sub_module --with-http_dav_module --with-http_stub_status_module --with-http_flv_module --with-http_mp4_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_auth_request_module --with-http_random_index_module --with-http_secure_link_module --with-mail --with-stream --with-openssl=objs.msvc8/lib/openssl-1.0.2d --with-openssl-opt=no-asm --with-http_ssl_module --with-mail_ssl_module --with-stream_ssl_module --with-ipv6

Description

I'm using nginx as a reverse proxy in front of my backend servers which do authentication/authorization before executing queries to our databases.

The queries are expensive so I've configured nginx to cache the responses from that part of our API.

Since authorization is done on the backend servers and not in nginx, I've configured nginx to revalidate requests for cached URLs with proxy_cache_revalidate on.

nginx only seems to revalidate stale responses so I set proxy_cache_valid to the smallest value I could (1s).

This leaves a 1 second window open for any client to request that URL and receive the cached response directly from nginx without it being revalidated by a backend server.

Would it be possible for nginx to allow 0 second durations so that responses become immediately stale and, therefore, require revalidation before being released to any other client?

Change History (0)

Note: See TracTickets for help on using tickets.