-
Notifications
You must be signed in to change notification settings - Fork 0
/
nginx-proxy-cache.conf
86 lines (62 loc) · 2.58 KB
/
nginx-proxy-cache.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
# Smart Nginx config for Symfony Flex
# ToDo : Replace Apache with Ngninx completely & use FastCGI Cache & cache static files longer
# [1] Nginx do not play with dashes in cookie' names well, so we'll use the hack:
# http://www.ur-ban.com/2012/03/18/logging-nginx-cookies-with-dashes/
# [2] Nginx [if] statement very limited and dangerous, so we'll use [map] hack instead:
# https://www.nginx.com/resources/wiki/start/topics/depth/ifisevil/
# Global proxy cache zone named [all] with 128Mb keys in shared memory and max size of 2Gb on disk
# Unfortunately , Nginx do not support in-memory cache. But benchmarking shows it works on par with Varnish
proxy_cache_path /var/nginx/cache levels=1:2 keys_zone=all:128m max_size=2g inactive=1d use_temp_path=off;
map $http_cookie $x_symfony_auth {
default '';
~X-Symfony-Auth=(?<value>[^\;]+) $value;
}
map $x_symfony_auth $cache {
true off;
default all;
}
upstream apache {
server 127.0.0.1:8080;
keepalive 32;
}
server {
listen 80;
proxy_buffering on;
proxy_http_version 1.1; # Always upgrade to HTTP/1.1
proxy_set_header Connection ""; # Enable keepalives
proxy_set_header Accept-Encoding ""; # Optimize encoding
proxy_set_header Host $host;
add_header X-Proxy-Cache $cache always;
add_header X-Help $x_symfony_auth;
location / {
proxy_pass http://apache;
if ($cache = "all") {
set $not_expected_headers 'Set-Cookie';
}
proxy_cache $cache; # $cache holds the NAME of cache from [proxy_cache_path]
add_header X-Proxy-Cache $cache always;
proxy_cache_revalidate on;
proxy_cache_background_update on;
proxy_cache_lock on;
proxy_cache_valid any 5m;
#proxy_hide_header "Set-Cookie"; # It breaks too many things
#proxy_hide_header $not_expected_headers; # Do not work, throws error while reading config
proxy_ignore_headers "Cache-Control" "Expires" "Vary"; # We can't just ignore "Set-Cookie" cause it's dangerous
}
# Do not cache admin, profile and other sensitive links
location /admin {
proxy_cache off;
proxy_pass http://apache;
add_header X-Proxy-Cache "off" always;
}
location /profile {
proxy_cache off;
proxy_pass http://apache;
add_header X-Proxy-Cache "off" always;
}
location ~* ^\/(register|login|logout|confirm-code|forgot-password|confirmRestoreCode|change-password)$ {
proxy_cache off;
proxy_pass http://apache;
add_header X-Proxy-Cache "off" always;
}
}