-
-
Save wsaribeiro/e308d3edcb1f79d0bc91 to your computer and use it in GitHub Desktop.
NGINX caching
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# vim:ff=unix:ts=2:sw=2:ai:expandtab | |
# Cache location setup - this should be the NAS | |
proxy_cache_path /var/cache/nginx | |
levels=1:2 | |
keys_zone=bundle-cache:8M | |
max_size=100000M | |
inactive=3M | |
loader_threshold=330 | |
loader_files=1000; | |
# We want to keep the log of redirects | |
rewrite_log on; | |
server { | |
listen 443 ssl default_server; | |
ssl on; | |
ssl_certificate foo; | |
ssl_certificate_key bar; | |
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; | |
ssl_prefer_server_ciphers on; | |
ssl_ciphers "ciphers"; | |
ssl_stapling on; | |
ssl_stapling_verify on; | |
resolver 8.8.4.4 8.8.8.8; | |
add_header Strict-Transport-Security "max-age=2628000; includeSubDomains"; | |
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
proxy_set_header X-Forwarded-Proto $scheme; | |
root /roots; | |
# Bypass the Rails app completely for bundles,content, and signatures since we know | |
# where the nginx path is for accessing those resources | |
location ~* ^/s3cache/(.*)$ { | |
set $master_s3_fqdn somewhere.com; | |
# If the client is not on the internal IP range (10.0.1-9.*), | |
# redirect to real S3 location | |
if ($remote_addr !~ "^99\.0\.[1-9]\.[0-9]{1,3}$") { | |
rewrite ^/s3cache/(.*)$ $scheme://$master_s3_fqdn/$1 last; | |
} | |
# Forward the correct url | |
rewrite ^/s3cache/(.*)$ /$1 break; | |
expires 6M; | |
# Define the proxy target | |
proxy_http_version 1.1; | |
proxy_pass $scheme://$master_s3_fqdn; | |
proxy_set_header Host "$master_s3_fqdn"; | |
# Strip headers | |
proxy_set_header Authorization ''; | |
proxy_hide_header X-Amz-Cf-Id; | |
proxy_hide_header Via; | |
proxy_hide_header Set-Cookie; | |
proxy_hide_header X-Cache; | |
# Strip and ignore other headers | |
proxy_ignore_headers Set-Cookie Expires Cache-Control X-Accel-Expires X-Accel-Limit-Rate X-Accel-Buffering; | |
# Lets us know if we hit cache or not | |
add_header X-Cache "$upstream_cache_status from proxy"; | |
# Cache if needed | |
proxy_store off; | |
proxy_cache bundle-cache; | |
proxy_cache_lock on; | |
proxy_cache_lock_timeout 30m; | |
proxy_cache_key "$request_uri"; | |
proxy_cache_valid 200 301 302 6M; | |
proxy_cache_use_stale error timeout invalid_header updating; | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment