-
-
Save rycee/cd902316ddf94894dacecab409191ef1 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| http { | |
| server { | |
| listen 0.0.0.0:80 ; | |
| listen [::]:80 ; | |
| server_name foo; | |
| location / { | |
| root /srv/www/nix-cache-cache; | |
| expires max; | |
| add_header Cache-Control $nix_cache_cache_header always; | |
| # Ask the upstream server if a file isn't available | |
| # locally. | |
| error_page 404 = @fallback; | |
| # Don't bother logging the above 404. | |
| log_not_found off; | |
| } | |
| location = /nix-cache-info { | |
| proxy_pass $upstream_endpoint; | |
| # Default is HTTP/1, keepalive is only enabled in HTTP/1.1. | |
| proxy_http_version 1.1; | |
| # Remove the Connection header if the client sends it, it could | |
| # be "close" to close a keepalive connection | |
| proxy_set_header Connection ""; | |
| # Needed for CloudFront. | |
| proxy_ssl_server_name on; | |
| proxy_set_header Host $proxy_host; | |
| proxy_cache nix_cache_cache; | |
| proxy_cache_valid 200 302 60m; | |
| proxy_cache_valid 404 1m; | |
| expires max; | |
| add_header Cache-Control $nix_cache_cache_header always; | |
| } | |
| location @fallback { | |
| proxy_pass $upstream_endpoint; | |
| # Default is HTTP/1, keepalive is only enabled in HTTP/1.1. | |
| proxy_http_version 1.1; | |
| # Remove the Connection header if the client sends it, it could | |
| # be "close" to close a keepalive connection | |
| proxy_set_header Connection ""; | |
| # Needed for CloudFront. | |
| proxy_ssl_server_name on; | |
| proxy_set_header Host $proxy_host; | |
| proxy_cache nix_cache_cache; | |
| proxy_cache_valid 200 302 60m; | |
| proxy_cache_valid 404 1m; | |
| expires max; | |
| add_header Cache-Control $nix_cache_cache_header always; | |
| } | |
| proxy_redirect off; | |
| proxy_connect_timeout 90; | |
| proxy_send_timeout 90; | |
| proxy_read_timeout 90; | |
| # Using a variable for the upstream endpoint to ensure that it is | |
| # resolved at runtime as opposed to once when the config file is loaded | |
| # and then cached forever (we don't want that): | |
| # see https://tenzer.dk/nginx-with-dynamic-upstreams/ | |
| # This fixes errors like | |
| # | |
| # nginx: [emerg] host not found in upstream "upstream.example.com" | |
| # | |
| # when the upstream host is not reachable for a short time when | |
| # nginx is started. | |
| resolver 127.0.0.1 ipv6=off valid=10s; | |
| set $upstream_endpoint https://cache.nixos.org; | |
| } | |
| proxy_cache_path /var/cache/nix-cache-cache | |
| levels=1:2 | |
| keys_zone=nix_cache_cache:100m | |
| max_size=10g | |
| inactive=365d | |
| use_temp_path=off; | |
| # Cache only success status codes; in particular we don't want | |
| # to cache 404s. See https://serverfault.com/a/690258/128321. | |
| map $status $nix_cache_cache_header { | |
| 200 "public"; | |
| 302 "public"; | |
| default "no-cache"; | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment