Default config for NGINX reverse proxy cache with Apache.

nginx-pcache-default.conf

#fix 504 gateway timeouts, can go in nginx.conf
proxy_connect_timeout 600;
proxy_send_timeout 600;
proxy_read_timeout 600;
send_timeout 600;

#set the location of the cached files, zone, name, size (100 MB) and how long to cache for 600 minutes
proxy_cache_path /var/run/proxy-cache levels=1:2 keys_zone=WORDPRESS:10m max_size=100m
inactive=600m;
proxy_cache_key $scheme$host$request_uri;

#prevent header too large errors
proxy_buffers 256 16k;
proxy_buffer_size 32k;

#httpoxy exploit protection
proxy_set_header Proxy "";

server {
listen 443 default;

 ssl on;
 ssl_certificate /srv/certificates/cert.crt;
 ssl_certificate_key /srv/certificates/private.key;
 ssl_session_timeout 5m;
 ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
 ssl_ciphers "HIGH:!aNULL:!MD5 or HIGH:!aNULL:!MD5:!3DES";
 ssl_prefer_server_ciphers on;

access_log /var/log/nginx/proxy-access.log;
error_log /var/log/nginx/proxy-error.log;
add_header X-Cache $upstream_cache_status;

set $do_not_cache '';
set $bypass '';

#security for bypass (put your external ip here)
if ($remote_addr ~ "^(127.0.0.1|XXX.XXX.XXX.XXX)$") {
set $bypass $http_secret_header;
}

if ($http_cookie ~* "comment_author_|wordpress_(?!test_cookie)|wp-postpass_" ) {
set $do_not_cache 1;
}

location / {
proxy_set_header Host $host;
proxy_redirect off;
proxy_cache WORDPRESS;
proxy_cache_revalidate on;
proxy_ignore_headers Expires Cache-Control;
proxy_cache_use_stale error timeout invalid_header updating http_500 http_502 http_503 http_504;
proxy_cache_bypass $bypass $do_not_cache;
proxy_no_cache $do_not_cache;
proxy_cache_valid 200 301 302 500m;
proxy_cache_valid 404 1m;

#can rename PURGE to whatever you want, should restrict it to back-end server requests for security
#proxy_cache_purge PURGE from 127.0.0.1 XXX.XXX.XXX.XXX;
proxy_pass https://127.0.0.1:8443;
}

location ~ /purge(/.*) {
allow 127.0.0.1;
allow 130.211.71.194;
deny all;
#proxy_cache_purge WORDPRESS $scheme$host$1;
}
}