I recently implemented Nginx HTTP content caching on our WordPress web servers to improve page load speeds and eliminate redundant, unneeded server-side page rendering. Caching the pages was relatively straightforward, but clearing the cache required a custom workaround.
Nginx comes in two versions: free and “Nginx Plus” at $2,500/year. The free version of Nginx does not offer the needed cache-clearing features of Nginx Plus, and I wasn’t comfortable paying $20,000 for 8 instances without trying to build my own solution.
Our Nginx servers run as an HTTP proxy for multiple PHP/MySQL-backed WordPress sites. The goal was to cache the dynamic PHP HTML responses in Nginx and serve the HTML pages from Nginx to avoid redundant, CPU-intensive PHP renders.
The example below shows how PHP response caching is configured for a site (other nginx configuration details are excluded for brevity). A cache named cachedemo-prod
is defined to store cached HTML files in folder /var/cache/nginx/cachedemo-prod
.
nginx.conf
fastcgi_cache_path /var/cache/nginx/cachedemo-prod levels=1:2 keys_zone=cachedemo-prod:10m max_size=100m inactive=1y use_temp_path=off;
server {
...
# Configure cache
fastcgi_cache cachedemo-prod;
fastcgi_cache_key $request_method$scheme$host$request_uri;
# Disable cached responses if admins are logged in (admin session cookie exists)
fastcgi_cache_bypass $cookie_wordpress_logged_in_abcdefg1234567890
$cookie_wordpress_sec_abcdefg1234567890;
# forward all *.php URIs to PHP service
location ~ \.php$ {
# Keep cached pages for 90 days
fastcgi_cache_valid 200 90d;
fastcgi_read_timeout 300;
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
...
}
To achieve a balance between performance benefits and minimizing configuration overhead, I simplified matters by clearing the website's entire cache when:
- Admins Change Content in WordPress (content added, modified, removed)
- Developers Deploy New Releases (CSS, HTML, JavaScript, images, etc)
While changes could be small, one CSS change may affect a header layout, which subsequently affects all pages using that header. It seemed like a fail-safe and defensive strategy to prevent stale content by invalidating all pages.
The cache is cleared by deleting all files/folders withing the specified cache folder. When one of the Cache-Clearing events occur, a trigger executes to initialize the cache-clearing script at /usr/share/nginx-clear-cache-init.sh
:
#!/bin/bash
sudo /root/scripts/nginx-clear-cache.php "$@"
nginx-clear-cache.php is called as sudo
because Nginx creates the files as root:root
and I found no way of immediately changing this behavior in Nginx’s configuration files. The script requires sudo
privileges to delete the cached files. It also requires 1 parameter indicating which cache key to clear. I decided to use a combination of HTTP hostname and explicit key name to be used for the same cache. The HTTP hostname allows more flexibility when WordPress triggers the script by dynamically passing the hostname, which indicates the environment (e.g. Prod, Stage) the application is deployed in.
Because sudo
is used and called by non-root processes (PHP and application deployment processes), the cache-clearing script must be authorized to run without requiring users to authenticate. Using the $ visudo
command, the following line was added:
ALL ALL=(ALL) NOPASSWD: /root/scripts/nginx-clear-cache.php
NOTE: This is security vulnerability if not used wisely.
Ideally, it would be better if Nginx could be configured to create cache files with permissions that do not require sudo
to be used. It would also be nice to consolidate the two cache-clearing scripts into one script that recursively calls itself as sudo
if not initiated as sudo
.