robinwl/cache_params

## cache_params
proxy_cache_bypass $cookie_nocache $arg_nocache$arg_comment; # Defines conditions under which the response will not be taken from a cache. If at least one value of the string parameters is not empty and is not equal to “0” then the response will not be taken from the cache.
proxy_cache_bypass $http_pragma    $http_authorization;

proxy_cache_key $scheme$proxy_host$request_uri; # Defines a key for caching.

proxy_cache_lock on; # When enabled, only one request at a time will be allowed to populate a new cache element identified according to the proxy_cache_key directive by passing a request to a proxied server.

proxy_cache_methods GET HEAD; # If the client request method is listed in this directive then the response will be cached. “GET” and “HEAD” methods are always added to the list, though it is recommended to specify them explicitly.

proxy_cache_min_uses 1; # Sets the number of requests after which the response will be cached.

proxy_cache_revalidate off; # Enables revalidation of expired cache items using conditional requests with the “If-Modified-Since” and “If-None-Match” header fields.

proxy_cache_use_stale timeout invalid_header http_500 http_502 http_503 http_504; # Determines in which cases a stale cached response can be used when an error occurs during communication with the proxied server.

proxy_connect_timeout 120s; # Defines a timeout for establishing a connection with a proxied server.

## cache_zone_one
##
# Cache one
##
proxy_cache_path /var/cache/nginx/one keys_zone=one:50m
		 loader_threshold=300 loader_files=200;

proxy_cache_valid 200 302 4w; # Sets caching time for different response codes.
proxy_cache_valid 404    10m;

## cache_zone_two
##
# Cache two
##
proxy_cache_path /var/cache/nginx/two keys_zone=two:50m
		 loader_threshold=300 loader_files=200;

proxy_cache_valid 200 302 10m; # Sets caching time for different response codes.
proxy_cache_valid 404      1m;

## links
http://nginx.com/resources/admin-guide/serving-static-content/
http://nginx.com/resources/admin-guide/caching/
http://nginx.org/en/docs/http/ngx_http_proxy_module.html
http://nginx.org/en/docs/http/ngx_http_upstream_module.html
https://serversforhackers.com/nginx-caching/
https://www.digitalocean.com/community/tutorials/understanding-nginx-server-and-location-block-selection-algorithms
https://www.digitalocean.com/community/tutorials/how-to-set-up-nginx-load-balancing
https://doc.owncloud.org/server/8.1/admin_manual/installation/nginx_configuration.html
http://wiki.nginx.org/FullExample
https://serversforhackers.com/nginx-caching/

## nginx version
nginx version: nginx/1.6.2
built by gcc 4.8.2 (Ubuntu 4.8.2-19ubuntu1)
TLS SNI support enabled
configure arguments: --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx --group=nginx --with-http_ssl_module --with-http_realip_module --with-http_addition_module --with-http_sub_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_random_index_module --with-http_secure_link_module --with-http_stub_status_module --with-http_auth_request_module --with-mail --with-mail_ssl_module --with-file-aio --with-http_spdy_module --with-cc-opt='-g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2' --with-ld-opt='-Wl,-Bsymbolic-functions -Wl,-z,relro -Wl,--as-needed' --with-ipv6

## nginx.conf
user                 nginx www-data;
worker_processes     1;
worker_rlimit_nofile 70000;

error_log  /var/log/nginx/error.log warn;
pid        /var/run/nginx.pid;


events {
    worker_connections  1024;
}


http {
    include   /etc/nginx/cache_zone_one;
    include	  /etc/nginx/cache_zone_two;
    include	  /etc/nginx/cache_params;

    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    client_max_body_size 1024M;

    keepalive_timeout  65;

    gzip  on;

    server_tokens off;
    include /etc/nginx/conf.d/*.conf;
}

## owncloud.conf
##
# Upstream: define groups of servers that can be referenced later on
##
upstream owncloud-backend {
  server 127.0.0.1:8080;
}

##
# HTTP => HTTPS rewrite
##
server {
    listen      80;
    server_name owncloud.xxx.xx;
    rewrite     ^ https://$server_name$request_uri? permanent;
}

##
# Main server
##
server {

  ##
  # Basic config
  ##
  listen      443 ssl spdy;
  server_name owncloud.xxx.xx;

  root        /var/www/owncloud;
  index       index.html index.htm;

  ##
  # Logging
  ##
  access_log /var/log/nginx/owncloud-access.log;
  error_log  /var/log/nginx/owncloud-error.log;

  ##
  # Proxy configuration
  ##
  include /etc/nginx/proxy_params;

  ##
  # TLS: https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html
  ##
  ssl_certificate           /etc/nginx/ssl/owncloud.xxx.xx.crt;
  ssl_certificate_key       /etc/nginx/ssl/owncloud.xxx.xx.key;
  ssl_dhparam               /etc/nginx/ssl/dhparam-4096.pem;
  ssl_prefer_server_ciphers on;
  ssl_ciphers               'AES128+EECDH:AES128+EDH:!aNULL';
  ssl_protocols             TLSv1.2 TLSv1.1 TLSv1;
  ssl_session_cache         shared:SSL:10m;
  ssl_session_timeout       10m;
  ssl_stapling              on;
  ssl_stapling_verify       on;
  ssl_buffer_size           1400;

  spdy_headers_comp         0;
  keepalive_timeout         70;
  resolver                  8.8.8.8 8.8.4.4 valid=86400;
  resolver_timeout          10;

  ##
  # Miscellaneous security
  ##
  server_tokens off;

  add_header    Strict-Transport-Security max-age=63072000;
  add_header    X-Frame-Options DENY;
  add_header    X-Content-Type-Options nosniff;
  add_header    X-XSS-Protection "1; mode=block";
  add_header    X-Content-Type-Options nosniff;
  add_header    X-Frame-Options SAMEORIGIN;

  ##
  # Routes
  ##
  location / {
    #add_header X-Match "root";
    proxy_pass http://owncloud-backend;
  }

  location ~ \.php {
    #add_header X-Match "php";
    proxy_pass http://owncloud-backend;
  }

  ##
  # Static content
  ##
  location ~* \.(?:jpg|jpeg|gif|bmp|ico|png|css|js|swf|svg)$ {
    #add_header X-Match "static";
    root    /var/www/owncloud;
    expires 30d;
  }

  ##
  # Cacheable content for cache group one
  ##
  location =/index.php/core/preview.png {
    #add_header X-Match "preview";
    add_header X-Cache "1";
    add_header X-Cache-Upstream "$upstream_cache_status";
    proxy_cache one;
    proxy_pass http://owncloud-backend;
  }

  ##
  # Cacheable content for cache group two
  ##
  #location =/index.php/cachale.php {
    #add_header X-Cache "2";
    #add_header X-Cache-Upstream "$upstream_cache_status";
    #proxy_cache two;
    #proxy_pass http://owncloud-backend;
  #}

  ##
  # Gzip
  ##
  gzip            on;
  gzip_disable    "msie6";
  gzip_vary       on;
  gzip_types      text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;
  gzip_buffers    16 8k;
  gzip_comp_level 6;
  gzip_proxied    any;

  ##
  # Open file cache
  ##
  open_file_cache          max=10000 inactive=5m;
  open_file_cache_valid    2h;
  open_file_cache_min_uses 1;
  open_file_cache_errors   on;

  ##
  # Uploads: https://doc.owncloud.org/server/8.1/admin_manual/installation/nginx_configuration.html
  ##
  client_max_body_size 10G;
  fastcgi_buffers      64 4K;

  ##
  # Deny some requests
  ##
  location ~ /\.ht {
    deny all;
  }

}

## proxy_params
proxy_set_header    X-Real-IP  $remote_addr;
proxy_set_header    X-Forwarded-For $remote_addr;
proxy_set_header    Host $host;
proxy_read_timeout  120s;
	proxy_cache_bypass $cookie_nocache $arg_nocache$arg_comment; # Defines conditions under which the response will not be taken from a cache. If at least one value of the string parameters is not empty and is not equal to “0” then the response will not be taken from the cache.
	proxy_cache_bypass $http_pragma $http_authorization;

	proxy_cache_key $scheme$proxy_host$request_uri; # Defines a key for caching.

	proxy_cache_lock on; # When enabled, only one request at a time will be allowed to populate a new cache element identified according to the proxy_cache_key directive by passing a request to a proxied server.

	proxy_cache_methods GET HEAD; # If the client request method is listed in this directive then the response will be cached. “GET” and “HEAD” methods are always added to the list, though it is recommended to specify them explicitly.

	proxy_cache_min_uses 1; # Sets the number of requests after which the response will be cached.

	proxy_cache_revalidate off; # Enables revalidation of expired cache items using conditional requests with the “If-Modified-Since” and “If-None-Match” header fields.

	proxy_cache_use_stale timeout invalid_header http_500 http_502 http_503 http_504; # Determines in which cases a stale cached response can be used when an error occurs during communication with the proxied server.

	proxy_connect_timeout 120s; # Defines a timeout for establishing a connection with a proxied server.
	##
	# Cache one
	##
	proxy_cache_path /var/cache/nginx/one keys_zone=one:50m
	loader_threshold=300 loader_files=200;

	proxy_cache_valid 200 302 4w; # Sets caching time for different response codes.
	proxy_cache_valid 404 10m;
	##
	# Cache two
	##
	proxy_cache_path /var/cache/nginx/two keys_zone=two:50m
	loader_threshold=300 loader_files=200;

	proxy_cache_valid 200 302 10m; # Sets caching time for different response codes.
	proxy_cache_valid 404 1m;
	http://nginx.com/resources/admin-guide/serving-static-content/
	http://nginx.com/resources/admin-guide/caching/
	http://nginx.org/en/docs/http/ngx_http_proxy_module.html
	http://nginx.org/en/docs/http/ngx_http_upstream_module.html
	https://serversforhackers.com/nginx-caching/
	https://www.digitalocean.com/community/tutorials/understanding-nginx-server-and-location-block-selection-algorithms
	https://www.digitalocean.com/community/tutorials/how-to-set-up-nginx-load-balancing
	https://doc.owncloud.org/server/8.1/admin_manual/installation/nginx_configuration.html
	http://wiki.nginx.org/FullExample
	https://serversforhackers.com/nginx-caching/
	nginx version: nginx/1.6.2
	built by gcc 4.8.2 (Ubuntu 4.8.2-19ubuntu1)
	TLS SNI support enabled
	configure arguments: --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx --group=nginx --with-http_ssl_module --with-http_realip_module --with-http_addition_module --with-http_sub_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_random_index_module --with-http_secure_link_module --with-http_stub_status_module --with-http_auth_request_module --with-mail --with-mail_ssl_module --with-file-aio --with-http_spdy_module --with-cc-opt='-g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2' --with-ld-opt='-Wl,-Bsymbolic-functions -Wl,-z,relro -Wl,--as-needed' --with-ipv6
	user nginx www-data;
	worker_processes 1;
	worker_rlimit_nofile 70000;

	error_log /var/log/nginx/error.log warn;
	pid /var/run/nginx.pid;


	events {
	worker_connections 1024;
	}


	http {
	include /etc/nginx/cache_zone_one;
	include /etc/nginx/cache_zone_two;
	include /etc/nginx/cache_params;

	include /etc/nginx/mime.types;
	default_type application/octet-stream;

	log_format main '$remote_addr - $remote_user [$time_local] "$request" '
	'$status $body_bytes_sent "$http_referer" '
	'"$http_user_agent" "$http_x_forwarded_for"';

	access_log /var/log/nginx/access.log main;

	sendfile on;
	#tcp_nopush on;

	client_max_body_size 1024M;

	keepalive_timeout 65;

	gzip on;

	server_tokens off;
	include /etc/nginx/conf.d/*.conf;
	}
	##
	# Upstream: define groups of servers that can be referenced later on
	##
	upstream owncloud-backend {
	server 127.0.0.1:8080;
	}

	##
	# HTTP => HTTPS rewrite
	##
	server {
	listen 80;
	server_name owncloud.xxx.xx;
	rewrite ^ https://$server_name$request_uri? permanent;
	}

	##
	# Main server
	##
	server {

	##
	# Basic config
	##
	listen 443 ssl spdy;
	server_name owncloud.xxx.xx;

	root /var/www/owncloud;
	index index.html index.htm;

	##
	# Logging
	##
	access_log /var/log/nginx/owncloud-access.log;
	error_log /var/log/nginx/owncloud-error.log;

	##
	# Proxy configuration
	##
	include /etc/nginx/proxy_params;

	##
	# TLS: https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html
	##
	ssl_certificate /etc/nginx/ssl/owncloud.xxx.xx.crt;
	ssl_certificate_key /etc/nginx/ssl/owncloud.xxx.xx.key;
	ssl_dhparam /etc/nginx/ssl/dhparam-4096.pem;
	ssl_prefer_server_ciphers on;
	ssl_ciphers 'AES128+EECDH:AES128+EDH:!aNULL';
	ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
	ssl_session_cache shared:SSL:10m;
	ssl_session_timeout 10m;
	ssl_stapling on;
	ssl_stapling_verify on;
	ssl_buffer_size 1400;

	spdy_headers_comp 0;
	keepalive_timeout 70;
	resolver 8.8.8.8 8.8.4.4 valid=86400;
	resolver_timeout 10;

	##
	# Miscellaneous security
	##
	server_tokens off;

	add_header Strict-Transport-Security max-age=63072000;
	add_header X-Frame-Options DENY;
	add_header X-Content-Type-Options nosniff;
	add_header X-XSS-Protection "1; mode=block";
	add_header X-Content-Type-Options nosniff;
	add_header X-Frame-Options SAMEORIGIN;

	##
	# Routes
	##
	location / {
	#add_header X-Match "root";
	proxy_pass http://owncloud-backend;
	}

	location ~ \.php {
	#add_header X-Match "php";
	proxy_pass http://owncloud-backend;
	}

	##
	# Static content
	##
	location ~* \.(?:jpg\|jpeg\|gif\|bmp\|ico\|png\|css\|js\|swf\|svg)$ {
	#add_header X-Match "static";
	root /var/www/owncloud;
	expires 30d;
	}

	##
	# Cacheable content for cache group one
	##
	location =/index.php/core/preview.png {
	#add_header X-Match "preview";
	add_header X-Cache "1";
	add_header X-Cache-Upstream "$upstream_cache_status";
	proxy_cache one;
	proxy_pass http://owncloud-backend;
	}

	##
	# Cacheable content for cache group two
	##
	#location =/index.php/cachale.php {
	#add_header X-Cache "2";
	#add_header X-Cache-Upstream "$upstream_cache_status";
	#proxy_cache two;
	#proxy_pass http://owncloud-backend;
	#}

	##
	# Gzip
	##
	gzip on;
	gzip_disable "msie6";
	gzip_vary on;
	gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;
	gzip_buffers 16 8k;
	gzip_comp_level 6;
	gzip_proxied any;

	##
	# Open file cache
	##
	open_file_cache max=10000 inactive=5m;
	open_file_cache_valid 2h;
	open_file_cache_min_uses 1;
	open_file_cache_errors on;

	##
	# Uploads: https://doc.owncloud.org/server/8.1/admin_manual/installation/nginx_configuration.html
	##
	client_max_body_size 10G;
	fastcgi_buffers 64 4K;

	##
	# Deny some requests
	##
	location ~ /\.ht {
	deny all;
	}

	}
	proxy_set_header X-Real-IP $remote_addr;
	proxy_set_header X-Forwarded-For $remote_addr;
	proxy_set_header Host $host;
	proxy_read_timeout 120s;