[ceph.git] / ceph / examples / rgw-cache / nginx-noprefetch.conf

#config cache size and path to the cache directory, you should make sure that the user that is running nginx have permissions to access the cache directory
#max_size means that Nginx will not cache more than 20G, It should be tuned to a larger number if the /data/cache is bigger
proxy_cache_path /data/cache levels=2:2:2 keys_zone=mycache:999m max_size=20G inactive=1d use_temp_path=off;
upstream rgws {
    # List of all rgws (ips or resolvable names)
    server rgw1:8000 max_fails=2 fail_timeout=5s;
    server rgw2:8000 max_fails=2 fail_timeout=5s;
    server rgw3:8000 max_fails=2 fail_timeout=5s;
}
server {
    listen       80;
    server_name  cacher;
    location /authentication {
        internal;
        client_max_body_size 0;
        proxy_pass http://rgws$request_uri;
        proxy_pass_request_body off;
        proxy_set_header Host $host;
        # setting x-rgw-auth allow the RGW the ability to only authorize the request without fetching the obj data 
        proxy_set_header x-rgw-auth "yes";
        proxy_set_header Authorization $http_authorization;
        proxy_http_version 1.1;
        proxy_method $request_method;
        # Do not convert HEAD requests into GET requests
        proxy_cache_convert_head off;
        error_page 404 = @outage;
        proxy_intercept_errors on;
        if ($request_uri = "/") {
            return 200;
        }
        # URI included with question mark is not being cached
        if ($request_uri ~* (\?)) {
            return 200;
        }
        if ($request_method = "PUT") {
            return 200;
        }
        if ($request_method = "POST") {
            return 200;
        }
        if ($request_method = "HEAD") {
            return 200;
        }
        if ($request_method = "COPY") {
            return 200;
        }
        if ($request_method = "DELETE") {
            return 200;
        }
        if ($http_if_match) {
            return 200;
        }
        if ($http_authorization !~* "aws4_request") {
            return 200;
        }
    }
    location @outage{
        return 403;
    }
    location / {
        auth_request /authentication;
        proxy_pass http://rgws;
        # if $do_not_cache is not empty the request would not be cached, this is relevant for list op for example
        set $do_not_cache '';
        # the IP or name of the RGWs
        #proxy_set_header Authorization $http_authorization;
        # my cache configured at the top of the file
        proxy_cache mycache;
        proxy_cache_lock_timeout 0s;
        proxy_cache_lock_age 1000s;
        proxy_http_version 1.1;
        # Getting 403 if this header not set
        proxy_set_header Host $host;
        # Cache all 200 OK's for 1 day
        proxy_cache_valid 200 206 1d;
        # Use stale cache file in all errors from upstream if we can
        proxy_cache_use_stale updating;
        proxy_cache_background_update on;
        # Try to check if etag have changed, if yes, do not re-fetch from rgw the object
        proxy_cache_revalidate on;
        # Lock the cache so that only one request can populate it at a time
        proxy_cache_lock on;
        # prevent convertion of head requests to get requests
        proxy_cache_convert_head off;
        # Listing all buckets should not be cached 
        if ($request_uri = "/") {
            set $do_not_cache "no";
        }
        # URI including question mark are not supported to prevent bucket listing cache
        if ($request_uri ~* (\?)) {
            set $do_not_cache "no";
        }
        # Use the original x-amz-date if the aws auth module didn't create one 
        proxy_no_cache $do_not_cache;
        proxy_set_header Authorization $http_authorization;
        proxy_set_header Range $http_range;
        # This is on which content the nginx to use for hashing the cache keys 
        proxy_cache_key "$request_uri$request_method$request_body$http_range";
        client_max_body_size 0;
    }
}
Commit	Line	Data
f6b5b4d7 TL	1	#config cache size and path to the cache directory, you should make sure that the user that is running nginx have permissions to access the cache directory
	2	#max_size means that Nginx will not cache more than 20G, It should be tuned to a larger number if the /data/cache is bigger
	3	proxy_cache_path /data/cache levels=2:2:2 keys_zone=mycache:999m max_size=20G inactive=1d use_temp_path=off;
	4	upstream rgws {
	5	# List of all rgws (ips or resolvable names)
	6	server rgw1:8000 max_fails=2 fail_timeout=5s;
	7	server rgw2:8000 max_fails=2 fail_timeout=5s;
	8	server rgw3:8000 max_fails=2 fail_timeout=5s;
	9	}
	10	server {
	11	listen 80;
	12	server_name cacher;
	13	location /authentication {
f67539c2 TL	14	internal;
f67539c2 TL	15	client_max_body_size 0;
f6b5b4d7	16	proxy_pass http://rgws$request_uri;
f67539c2	17	proxy_pass_request_body off;
f6b5b4d7 TL	18	proxy_set_header Host $host;
	19	# setting x-rgw-auth allow the RGW the ability to only authorize the request without fetching the obj data
	20	proxy_set_header x-rgw-auth "yes";
f67539c2 TL	21	proxy_set_header Authorization $http_authorization;
	22	proxy_http_version 1.1;
	23	proxy_method $request_method;
f6b5b4d7	24	# Do not convert HEAD requests into GET requests
f67539c2 TL	25	proxy_cache_convert_head off;
	26	error_page 404 = @outage;
	27	proxy_intercept_errors on;
	28	if ($request_uri = "/") {
f6b5b4d7 TL	29	return 200;
	30	}
	31	# URI included with question mark is not being cached
f67539c2 TL	32	if ($request_uri ~* (\?)) {
	33	return 200;
	34	}
	35	if ($request_method = "PUT") {
	36	return 200;
	37	}
	38	if ($request_method = "POST") {
	39	return 200;
	40	}
	41	if ($request_method = "HEAD") {
	42	return 200;
	43	}
	44	if ($request_method = "COPY") {
	45	return 200;
	46	}
	47	if ($request_method = "DELETE") {
	48	return 200;
	49	}
	50	if ($http_if_match) {
	51	return 200;
	52	}
	53	if ($http_authorization !~* "aws4_request") {
	54	return 200;
f6b5b4d7 TL	55	}
	56	}
	57	location @outage{
f67539c2	58	return 403;
f6b5b4d7 TL	59	}
f6b5b4d7 TL	60	location / {
f6b5b4d7 TL	61	auth_request /authentication;
	62	proxy_pass http://rgws;
	63	# if $do_not_cache is not empty the request would not be cached, this is relevant for list op for example
	64	set $do_not_cache '';
	65	# the IP or name of the RGWs
	66	#proxy_set_header Authorization $http_authorization;
	67	# my cache configured at the top of the file
	68	proxy_cache mycache;
	69	proxy_cache_lock_timeout 0s;
	70	proxy_cache_lock_age 1000s;
	71	proxy_http_version 1.1;
	72	# Getting 403 if this header not set
	73	proxy_set_header Host $host;
	74	# Cache all 200 OK's for 1 day
	75	proxy_cache_valid 200 206 1d;
	76	# Use stale cache file in all errors from upstream if we can
	77	proxy_cache_use_stale updating;
	78	proxy_cache_background_update on;
	79	# Try to check if etag have changed, if yes, do not re-fetch from rgw the object
	80	proxy_cache_revalidate on;
	81	# Lock the cache so that only one request can populate it at a time
	82	proxy_cache_lock on;
	83	# prevent convertion of head requests to get requests
	84	proxy_cache_convert_head off;
	85	# Listing all buckets should not be cached
f67539c2 TL	86	if ($request_uri = "/") {
f67539c2 TL	87	set $do_not_cache "no";
f6b5b4d7 TL	88	}
f6b5b4d7 TL	89	# URI including question mark are not supported to prevent bucket listing cache
f67539c2	90	if ($request_uri ~* (\?)) {
f6b5b4d7 TL	91	set $do_not_cache "no";
	92	}
	93	# Use the original x-amz-date if the aws auth module didn't create one
	94	proxy_no_cache $do_not_cache;
	95	proxy_set_header Authorization $http_authorization;
	96	proxy_set_header Range $http_range;
	97	# This is on which content the nginx to use for hashing the cache keys
	98	proxy_cache_key "$request_uri$request_method$request_body$http_range";
f67539c2	99	client_max_body_size 0;
f6b5b4d7 TL	100	}
f6b5b4d7 TL	101	}