]>
Commit | Line | Data |
---|---|---|
f6b5b4d7 TL |
1 | #config cache size and path to the cache directory, you should make sure that the user that is running nginx have permissions to access the cache directory |
2 | #max_size means that Nginx will not cache more than 20G, It should be tuned to a larger number if the /data/cache is bigger | |
3 | proxy_cache_path /data/cache levels=2:2:2 keys_zone=mycache:999m max_size=20G inactive=1d use_temp_path=off; | |
4 | upstream rgws { | |
5 | # List of all rgws (ips or resolvable names) | |
6 | server rgw1:8000 max_fails=2 fail_timeout=5s; | |
7 | server rgw2:8000 max_fails=2 fail_timeout=5s; | |
8 | server rgw3:8000 max_fails=2 fail_timeout=5s; | |
9 | } | |
10 | server { | |
11 | listen 80; | |
12 | server_name cacher; | |
13 | location /authentication { | |
f67539c2 TL |
14 | internal; |
15 | client_max_body_size 0; | |
f6b5b4d7 | 16 | proxy_pass http://rgws$request_uri; |
f67539c2 | 17 | proxy_pass_request_body off; |
f6b5b4d7 TL |
18 | proxy_set_header Host $host; |
19 | # setting x-rgw-auth allow the RGW the ability to only authorize the request without fetching the obj data | |
20 | proxy_set_header x-rgw-auth "yes"; | |
f67539c2 TL |
21 | proxy_set_header Authorization $http_authorization; |
22 | proxy_http_version 1.1; | |
23 | proxy_method $request_method; | |
f6b5b4d7 | 24 | # Do not convert HEAD requests into GET requests |
f67539c2 TL |
25 | proxy_cache_convert_head off; |
26 | error_page 404 = @outage; | |
27 | proxy_intercept_errors on; | |
28 | if ($request_uri = "/") { | |
f6b5b4d7 TL |
29 | return 200; |
30 | } | |
31 | # URI included with question mark is not being cached | |
f67539c2 TL |
32 | if ($request_uri ~* (\?)) { |
33 | return 200; | |
34 | } | |
35 | if ($request_method = "PUT") { | |
36 | return 200; | |
37 | } | |
38 | if ($request_method = "POST") { | |
39 | return 200; | |
40 | } | |
41 | if ($request_method = "HEAD") { | |
42 | return 200; | |
43 | } | |
44 | if ($request_method = "COPY") { | |
45 | return 200; | |
46 | } | |
47 | if ($request_method = "DELETE") { | |
48 | return 200; | |
49 | } | |
50 | if ($http_if_match) { | |
51 | return 200; | |
52 | } | |
53 | if ($http_authorization !~* "aws4_request") { | |
54 | return 200; | |
f6b5b4d7 TL |
55 | } |
56 | } | |
57 | location @outage{ | |
f67539c2 | 58 | return 403; |
f6b5b4d7 TL |
59 | } |
60 | location / { | |
f6b5b4d7 TL |
61 | auth_request /authentication; |
62 | proxy_pass http://rgws; | |
63 | # if $do_not_cache is not empty the request would not be cached, this is relevant for list op for example | |
64 | set $do_not_cache ''; | |
65 | # the IP or name of the RGWs | |
66 | #proxy_set_header Authorization $http_authorization; | |
67 | # my cache configured at the top of the file | |
68 | proxy_cache mycache; | |
69 | proxy_cache_lock_timeout 0s; | |
70 | proxy_cache_lock_age 1000s; | |
71 | proxy_http_version 1.1; | |
72 | # Getting 403 if this header not set | |
73 | proxy_set_header Host $host; | |
74 | # Cache all 200 OK's for 1 day | |
75 | proxy_cache_valid 200 206 1d; | |
76 | # Use stale cache file in all errors from upstream if we can | |
77 | proxy_cache_use_stale updating; | |
78 | proxy_cache_background_update on; | |
79 | # Try to check if etag have changed, if yes, do not re-fetch from rgw the object | |
80 | proxy_cache_revalidate on; | |
81 | # Lock the cache so that only one request can populate it at a time | |
82 | proxy_cache_lock on; | |
83 | # prevent convertion of head requests to get requests | |
84 | proxy_cache_convert_head off; | |
85 | # Listing all buckets should not be cached | |
f67539c2 TL |
86 | if ($request_uri = "/") { |
87 | set $do_not_cache "no"; | |
f6b5b4d7 TL |
88 | } |
89 | # URI including question mark are not supported to prevent bucket listing cache | |
f67539c2 | 90 | if ($request_uri ~* (\?)) { |
f6b5b4d7 TL |
91 | set $do_not_cache "no"; |
92 | } | |
93 | # Use the original x-amz-date if the aws auth module didn't create one | |
94 | proxy_no_cache $do_not_cache; | |
95 | proxy_set_header Authorization $http_authorization; | |
96 | proxy_set_header Range $http_range; | |
97 | # This is on which content the nginx to use for hashing the cache keys | |
98 | proxy_cache_key "$request_uri$request_method$request_body$http_range"; | |
f67539c2 | 99 | client_max_body_size 0; |
f6b5b4d7 TL |
100 | } |
101 | } |