summaryrefslogtreecommitdiffstats
path: root/examples/rgw-cache/nginx-default.conf
diff options
context:
space:
mode:
Diffstat (limited to 'examples/rgw-cache/nginx-default.conf')
-rw-r--r--examples/rgw-cache/nginx-default.conf136
1 files changed, 136 insertions, 0 deletions
diff --git a/examples/rgw-cache/nginx-default.conf b/examples/rgw-cache/nginx-default.conf
new file mode 100644
index 000000000..ddde70539
--- /dev/null
+++ b/examples/rgw-cache/nginx-default.conf
@@ -0,0 +1,136 @@
+#config cache size and path to the cache directory, you should make sure that the user that is running nginx have permissions to access the cache directory
+#max_size means that Nginx will not cache more than 20G, It should be tuned to a larger number if the /data/cache is bigger
+proxy_cache_path /data/cache levels=2:2:2 keys_zone=mycache:999m max_size=20G inactive=1d use_temp_path=off;
+upstream rgws {
+ # List of all rgws (ips or resolvable names)
+ server rgw1:8000 max_fails=2 fail_timeout=5s;
+ server rgw2:8000 max_fails=2 fail_timeout=5s;
+ server rgw3:8000 max_fails=2 fail_timeout=5s;
+}
+server {
+ listen 80;
+ server_name cacher;
+ location /authentication {
+ internal;
+ client_max_body_size 0;
+ proxy_pass http://rgws$request_uri;
+ proxy_pass_request_body off;
+ proxy_set_header Host $host;
+ # setting x-rgw-auth allow the RGW the ability to only authorize the request without fetching the obj data
+ proxy_set_header x-rgw-auth "yes";
+ proxy_set_header Authorization $http_authorization;
+ proxy_http_version 1.1;
+ proxy_method $request_method;
+ # Do not convert HEAD requests into GET requests
+ proxy_cache_convert_head off;
+ error_page 404 = @outage;
+ proxy_intercept_errors on;
+ if ($request_uri = "/") {
+ return 200;
+ }
+ # URI included with question mark is not being cached
+ if ($request_uri ~* (\?)) {
+ return 200;
+ }
+ if ($request_method = "PUT") {
+ return 200;
+ }
+ if ($request_method = "POST") {
+ return 200;
+ }
+ if ($request_method = "HEAD") {
+ return 200;
+ }
+ if ($request_method = "COPY") {
+ return 200;
+ }
+ if ($request_method = "DELETE") {
+ return 200;
+ }
+ if ($http_if_match) {
+ return 200;
+ }
+ if ($http_authorization !~* "aws4_request") {
+ return 200;
+ }
+ }
+ location @outage{
+ return 403;
+ }
+ location / {
+ auth_request /authentication;
+ proxy_pass http://rgws;
+ set $authvar '';
+ # if $do_not_cache is not empty the request would not be cached, this is relevant for list op for example
+ set $do_not_cache '';
+ # the IP or name of the RGWs
+ rewrite_by_lua_file /etc/nginx/nginx-lua-file.lua;
+ #proxy_set_header Authorization $http_authorization;
+ # my cache configured at the top of the file
+ proxy_cache mycache;
+ proxy_cache_lock_timeout 0s;
+ proxy_cache_lock_age 1000s;
+ proxy_http_version 1.1;
+ set $date $aws_auth_date;
+ # Getting 403 if this header not set
+ proxy_set_header Host $host;
+ # Cache all 200 OK's for 1 day
+ proxy_cache_valid 200 206 1d;
+ # Use stale cache file in all errors from upstream if we can
+ proxy_cache_use_stale updating;
+ proxy_cache_background_update on;
+ # Try to check if etag have changed, if yes, do not re-fetch from rgw the object
+ proxy_cache_revalidate on;
+ # Lock the cache so that only one request can populate it at a time
+ proxy_cache_lock on;
+ # prevent convertion of head requests to get requests
+ proxy_cache_convert_head off;
+ # Listing all buckets should not be cached
+ if ($request_uri = "/") {
+ set $do_not_cache "no";
+ set $date $http_x_amz_date;
+ }
+ # URI including question mark are not supported to prevent bucket listing cache
+ if ($request_uri ~* (\?)) {
+ set $do_not_cache "no";
+ set $date $http_x_amz_date;
+ }
+ # Only aws4 requests are being cached - As the aws auth module supporting only aws v2
+ if ($http_authorization !~* "aws4_request") {
+ set $date $http_x_amz_date;
+ }
+ if ($request_method = "PUT") {
+ set $date $http_x_amz_date;
+ }
+ if ($request_method = "POST") {
+ set $date $http_x_amz_date;
+ }
+ if ($request_method = "HEAD") {
+ set $do_not_cache "no";
+ set $date $http_x_amz_date;
+ }
+ if ($request_method = "COPY") {
+ set $do_not_cache "no";
+ set $date $http_x_amz_date;
+ }
+ if ($http_if_match) {
+ #set $do_not_cache "no";
+ set $date $http_x_amz_date;
+ set $myrange $http_range;
+ }
+ if ($request_method = "DELETE") {
+ set $do_not_cache "no";
+ set $date $http_x_amz_date;
+ }
+ proxy_set_header if_match $http_if_match;
+ proxy_set_header Range $myrange;
+ # Use the original x-amz-date if the aws auth module didn't create one
+ proxy_set_header x-amz-date $date;
+ proxy_set_header X-Amz-Cache $authvar;
+ proxy_no_cache $do_not_cache;
+ proxy_set_header Authorization $awsauthfour;
+ # This is on which content the nginx to use for hashing the cache keys
+ proxy_cache_key "$request_uri$request_method$request_body$myrange";
+ client_max_body_size 0;
+ }
+}