Skip to content

Instantly share code, notes, and snippets.

@justintime

justintime/nginx-proxy.patch

Last active August 29, 2015 14:18
Show Gist options
  • Save justintime/7f604f5e1b36e476fb73 to your computer and use it in GitHub Desktop.
Save justintime/7f604f5e1b36e476fb73 to your computer and use it in GitHub Desktop.
Download ZIP
Diff of nginx 1.6.2 for CentOS6 from nginx repository
Raw
nginx-proxy.patch
From f7c4e5a1fca1ca5c158dc393a44d753b0dccc8a8 Mon Sep 17 00:00:00 2001
From: root <[email protected]>
Date: Mon, 6 Apr 2015 14:00:48 -0500
Subject: [PATCH 1/2] working
---
conf.d/default.conf | 59 +++++++++++++++++++++++++++++++++++++++++++++-----
nginx.conf | 13 ++++++++++-
2 files changed, 65 insertions(+), 7 deletions(-)
diff --git a/conf.d/default.conf b/conf.d/default.conf
index 34aeb9a..8de7683 100644
--- a/conf.d/default.conf
+++ b/conf.d/default.conf
@@ -1,16 +1,62 @@
+#
+# The default server
+#
server {
- listen 80;
- server_name localhost;
+ listen 80 default_server;
+ server_name _;
#charset koi8-r;
- #access_log /var/log/nginx/log/host.access.log main;
+
+ #access_log logs/host.access.log main;
+
+ # Load configuration files for the default server block.
+ include /etc/nginx/default.d/*.conf;
+
+ proxy_cache ae_images;
location / {
- root /usr/share/nginx/html;
- index index.html index.htm;
+ # Won't need this with our own app
+ proxy_set_header Host pics.foo.com;
+ proxy_pass http://image_servers;
+ #proxy_pass http://pics.foo.com;
+ # These only take effect if there's no expires/cache-control from the backend
+ proxy_cache_valid 200 302 10m;
+ proxy_cache_valid 404 1m;
+ # Add or append x-forwarded-for
+ proxy_set_header X-Forwarded-Proto $scheme;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ # For keepalive connections, turn this on if version >= 1.1.4
+ proxy_http_version 1.1;
+
+ # Only allow one request for each URI to the backend at a time, e.g.
+ # 200 clients ask for favico.ico at the same time, only one request hits the
+ # backend.
+ # Turn this on if version >= 1.1.12
+ proxy_cache_lock on;
+ # The amount of time the lock is placed in the above scenario.
+ #proxy_cache_lock_age 2s;
+
+ # Enable nginx to use if-modified-since and if-none-match to backend
+ # Turn this on if version >= 1.5.7
+ proxy_cache_revalidate on;
+
+ # Allow nginx to send potentially stale content when:
+ proxy_cache_use_stale error timeout invalid_header updating
+ http_500 http_502 http_503 http_504;
+ proxy_connect_timeout 5s;
+ # Replace backend error with our own:
+ proxy_intercept_errors on;
+ # TODO should we include 500's here?
+ proxy_next_upstream error timeout;
+#TODO do we need to rewrite redirects with proxy_redirect?
+
}
- #error_page 404 /404.html;
+ error_page 404 /404.html;
+ location = /404.html {
+ root /usr/share/nginx/html;
+ }
# redirect server error pages to the static page /50x.html
#
@@ -43,3 +89,4 @@ server {
#}
}
+
diff --git a/nginx.conf b/nginx.conf
index e4bad8d..0600cc0 100644
--- a/nginx.conf
+++ b/nginx.conf
@@ -15,11 +15,22 @@ http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
+ upstream image_servers {
+ server pics.foo.com weight=5;
+ server mbp.foo.com down;
+ }
+ # "One megabyte zone can store about 8 thousand keys."
+ proxy_cache_path /usr/share/nginx/data/cache levels=1:2 keys_zone=ae_images:100m max_size=2G inactive=24h;
+
+ log_format proxylog '$remote_addr - $remote_user [$time_local] "$request" '
+ '$status $body_bytes_sent "$http_referer" '
+ '"$http_user_agent" "$http_x_forwarded_for" $upstream_addr $upstream_response_time';
+
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
- access_log /var/log/nginx/access.log main;
+ access_log /var/log/nginx/access.log proxylog;
sendfile on;
#tcp_nopush on;
--
1.7.1
From ac2de3f7ee9c1868e8695102300ead1858b01e25 Mon Sep 17 00:00:00 2001
From: root <[email protected]>
Date: Thu, 9 Apr 2015 10:06:09 -0500
Subject: [PATCH 2/2] remove revalidation to test
---
conf.d/default.conf | 9 ++++++++-
nginx.conf | 4 +++-
2 files changed, 11 insertions(+), 2 deletions(-)
diff --git a/conf.d/default.conf b/conf.d/default.conf
index 8de7683..82a084b 100644
--- a/conf.d/default.conf
+++ b/conf.d/default.conf
@@ -26,6 +26,8 @@ server {
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ # Add diagnostic header
+ add_header X-Cache-Status $upstream_cache_status;
# For keepalive connections, turn this on if version >= 1.1.4
proxy_http_version 1.1;
@@ -39,7 +41,12 @@ server {
# Enable nginx to use if-modified-since and if-none-match to backend
# Turn this on if version >= 1.5.7
- proxy_cache_revalidate on;
+ #
+ # Turning this on comes with a warning, the revalidation doesn't update the expires
+ # headers on the cached item. Rather, it holds the object as valid until the
+ # invalid_time on the store expires before it revalidates again. Turning this on
+ # coupled with a high inactive time could result in serving up stale data.
+ # proxy_cache_revalidate on;
# Allow nginx to send potentially stale content when:
proxy_cache_use_stale error timeout invalid_header updating
diff --git a/nginx.conf b/nginx.conf
index 0600cc0..cefc626 100644
--- a/nginx.conf
+++ b/nginx.conf
@@ -14,6 +14,8 @@ events {
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
+ server_tokens off;
+
upstream image_servers {
server pics.foo.com weight=5;
@@ -24,7 +26,7 @@ http {
log_format proxylog '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
- '"$http_user_agent" "$http_x_forwarded_for" $upstream_addr $upstream_response_time';
+ '"$http_user_agent" "$http_x_forwarded_for" $upstream_addr $upstream_response_time $upstream_cache_status';
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
--
1.7.1
@justintime
Copy link
Author

First two requests in access.log:

1.2.3.130 - - [09/Apr/2015:09:57:13 -0500] "GET /is/image/aeo/0162_3213_064_b?fit=crop&wid=1200&hei=504&qlt=50 HTTP/1.1" 200 11745 "-" "curl/7.37.1" "-" 23.197.187.117:80 0.157 MISS
1.2.3.130 - - [09/Apr/2015:09:57:24 -0500] "GET /is/image/aeo/0162_3213_064_b?fit=crop&wid=1200&hei=504&qlt=50 HTTP/1.1" 200 11745 "-" "curl/7.37.1" "-" - - HIT

@justintime
Copy link
Author

First two requests from curl:

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 09 Apr 2015 14:57:13 GMT
Content-Type: image/jpeg
Content-Length: 11745
Connection: keep-alive
Expires: Fri, 10 Apr 2015 00:57:12 GMT
Last-Modified: Wed, 25 Mar 2015 19:01:45 GMT
ETag: "3b5418edc07747bfd25b3b98c16206b0"
X-Cache-Status: MISS

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 09 Apr 2015 14:57:24 GMT
Content-Type: image/jpeg
Content-Length: 11745
Connection: keep-alive
Expires: Fri, 10 Apr 2015 00:57:12 GMT
Last-Modified: Wed, 25 Mar 2015 19:01:45 GMT
ETag: "3b5418edc07747bfd25b3b98c16206b0"
X-Cache-Status: HIT

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment