ceph/examples/rgw-cache/nginx-default.conf

   1 #config cache size and path to the cache directory, you should make sure that the user that is running nginx have permissions to access the cache directory
   2 #max_size means that Nginx will not cache more than 20G, It should be tuned to a larger number if the /data/cache is bigger
   3 proxy_cache_path /data/cache levels=2:2:2 keys_zone=mycache:999m max_size=20G inactive=1d use_temp_path=off;
   4 upstream rgws {
   5     # List of all rgws (ips or resolvable names)
   6     server rgw1:8000 max_fails=2 fail_timeout=5s;
   7     server rgw2:8000 max_fails=2 fail_timeout=5s;
   8     server rgw3:8000 max_fails=2 fail_timeout=5s;
   9 }
  10 server {
  11     listen       80;
  12     server_name  cacher;
  13     location /authentication {
  14         internal;
  15         client_max_body_size 0;
  16         proxy_pass http://rgws$request_uri;
  17         proxy_pass_request_body off;
  18         proxy_set_header Host $host;
  19         # setting x-rgw-auth allow the RGW the ability to only authorize the request without fetching the obj data
  20         proxy_set_header x-rgw-auth "yes";
  21         proxy_set_header Authorization $http_authorization;
  22         proxy_http_version 1.1;
  23         proxy_method $request_method;
  24         # Do not convert HEAD requests into GET requests
  25         proxy_cache_convert_head off;
  26         error_page 404 = @outage;
  27         proxy_intercept_errors on;
  28         if ($request_uri = "/") {
  29             return 200;
  30         }
  31         # URI included with question mark is not being cached
  32         if ($request_uri ~* (\?)) {
  33             return 200;
  34         }
  35         if ($request_method = "PUT") {
  36             return 200;
  37         }
  38         if ($request_method = "POST") {
  39             return 200;
  40         }
  41         if ($request_method = "HEAD") {
  42             return 200;
  43         }
  44         if ($request_method = "COPY") {
  45             return 200;
  46         }
  47         if ($request_method = "DELETE") {
  48             return 200;
  49         }
  50         if ($http_if_match) {
  51             return 200;
  52         }
  53         if ($http_authorization !~* "aws4_request") {
  54             return 200;
  55         }
  56     }
  57     location @outage{
  58         return 403;
  59     }
  60     location / {
  61         auth_request /authentication;
  62         proxy_pass http://rgws;
  63         set $authvar '';
  64         # if $do_not_cache is not empty the request would not be cached, this is relevant for list op for example
  65         set $do_not_cache '';
  66         # the IP or name of the RGWs
  67         rewrite_by_lua_file /etc/nginx/nginx-lua-file.lua;
  68         #proxy_set_header Authorization $http_authorization;
  69         # my cache configured at the top of the file
  70         proxy_cache mycache;
  71         proxy_cache_lock_timeout 0s;
  72         proxy_cache_lock_age 1000s;
  73         proxy_http_version 1.1;
  74         set $date $aws_auth_date;
  75         # Getting 403 if this header not set
  76         proxy_set_header Host $host;
  77         # Cache all 200 OK's for 1 day
  78         proxy_cache_valid 200 206 1d;
  79         # Use stale cache file in all errors from upstream if we can
  80         proxy_cache_use_stale updating;
  81         proxy_cache_background_update on;
  82         # Try to check if etag have changed, if yes, do not re-fetch from rgw the object
  83         proxy_cache_revalidate on;
  84         # Lock the cache so that only one request can populate it at a time
  85         proxy_cache_lock on;
  86         # prevent conversion of head requests to get requests
  87         proxy_cache_convert_head off;
  88         # Listing all buckets should not be cached
  89         if ($request_uri = "/") {
  90             set $do_not_cache "no";
  91             set $date $http_x_amz_date;
  92         }
  93         # URI including question mark are not supported to prevent bucket listing cache
  94         if ($request_uri ~* (\?)) {
  95             set $do_not_cache "no";
  96             set $date $http_x_amz_date;
  97         }
  98         # Only aws4 requests are being cached - As the aws auth module supporting only aws v2
  99         if ($http_authorization !~* "aws4_request") {
 100             set $date $http_x_amz_date;
 101         }
 102         if ($request_method = "PUT") {
 103             set $date $http_x_amz_date;
 104         }
 105         if ($request_method = "POST") {
 106             set $date $http_x_amz_date;
 107         }
 108         if ($request_method = "HEAD") {
 109             set $do_not_cache "no";
 110             set $date $http_x_amz_date;
 111         }
 112         if ($request_method = "COPY") {
 113             set $do_not_cache "no";
 114             set $date $http_x_amz_date;
 115         }
 116         if ($http_if_match) {
 117             #set $do_not_cache "no";
 118             set $date $http_x_amz_date;
 119             set $myrange $http_range;
 120         }
 121         if ($request_method = "DELETE") {
 122             set $do_not_cache "no";
 123             set $date $http_x_amz_date;
 124         }
 125         proxy_set_header if_match $http_if_match;
 126         proxy_set_header Range $myrange;
 127         # Use the original x-amz-date if the aws auth module didn't create one
 128         proxy_set_header x-amz-date $date;
 129         proxy_set_header X-Amz-Cache $authvar;
 130         proxy_no_cache $do_not_cache;
 131         proxy_set_header Authorization $awsauthfour;
 132         # This is on which content the nginx to use for hashing the cache keys
 133         proxy_cache_key "$request_uri$request_method$request_body$myrange";
 134         client_max_body_size 0;
 135     }
 136 }