commit: nginx cache rework

eotk

@@ -524,7 +524,7 @@ case "$cmd" in
 
         Print building OnionBalance configurations...
         (
-            echo LOG_LEVEL: debug
+            echo LOG_LEVEL: info
             echo TOR_ADDRESS: $tor_address
             echo TOR_PORT: $tor_port
             echo REFRESH_INTERVAL: 600

lib.d/do-configure.pl

@@ -343,6 +343,7 @@ sub DoProject {
 
 # in-template settings
 
+&SetEnv("nginx_cache_min_uses", 2);
 &SetEnv("nginx_cache_size", "16m");
 &SetEnv("nginx_cache_seconds", 0);
 &SetEnv("nginx_hello_onion", 1);
@@ -372,6 +373,9 @@ sub DoProject {
 &SetEnv("block_location", "");
 &SetEnv("block_location_re", "");
 
+&SetEnv("no_cache_content_type", "");
+&SetEnv("no_cache_host", "");
+
 &SetEnv("SCRIPT_NAMES", "bounce.sh debugoff.sh debugon.sh harvest.sh maps.sh nxreload.sh start.sh status.sh stop.sh syntax.sh torreload.sh");
 &SetEnv("SCRIPT_PAUSE", 5);
 

lib.d/lint.pl

@@ -28,11 +28,14 @@ my %known =
      'PROJECTS_HOME' => 1, # where the projects live
 
      # in-template settings
+     'BLOCK_ERR' => 1,
      'BLOCK_HOST' => 1,
      'BLOCK_HOST_RE' => 1,
      'BLOCK_LOCATION' => 1,
      'BLOCK_LOCATION_RE' => 1,
+     'FOREIGNMAP_CSV' => 1,
      'IS_SOFTMAP' => 1,
+     'NGINX_CACHE_MIN_USES' => 1,
      'NGINX_CACHE_SECONDS' => 1,
      'NGINX_CACHE_SIZE' => 1,
      'NGINX_HELLO_ONION' => 1,
@@ -43,6 +46,8 @@ my %known =
      'NGINX_TEMPLATE' => 1,
      'NGINX_TIMEOUT' => 1,
      'NGINX_WORKERS' => 1,
+     'NO_CACHE_CONTENT_TYPE' => 1,
+     'NO_CACHE_HOST' => 1,
      'SOFTMAP_NGINX_WORKERS' => 1,
      'SOFTMAP_TOR_WORKERS' => 1,
      'SUPPRESS_HEADER_CSP' => 1,

templates.d/nginx.conf.txt

@@ -28,15 +28,16 @@ http {
   resolver %NGINX_RESOLVER% valid=%NGINX_TIMEOUT%s %NGINX_RESOLVER_FLAGS%;
   resolver_timeout %NGINX_TIMEOUT%s;
 
-  # internal connection buffers; these are quite large, need space to
-  # swallow entire SSL headers because we're being a MITM...
+  # we walk a line between keeping it small and flooding resources...
   proxy_buffering on;
-  proxy_buffers 16 64k;
-  proxy_buffer_size 64k;
-  proxy_busy_buffers_size 512k;
-  proxy_max_temp_file_size 2048k;
+  proxy_buffer_size 64k; # for initial; impacts SSL header
+  proxy_buffers 16 64k; # for rest of response
+  proxy_busy_buffers_size 256k; # how much can be busy sending to client?
+
+  # in case we want to start spooling responses locally
+  proxy_temp_path /tmp/nginx-proxy-%PROJECT%;
+  proxy_max_temp_file_size 64m; # < default(1024m)
   proxy_temp_file_write_size 64k;
-  proxy_temp_path "/tmp";
 
   %%IF %NGINX_CACHE_SECONDS%
   # nginx caching static responses for %NGINX_CACHE_SECONDS% seconds
@@ -45,10 +46,31 @@ http {
   # https://nginx.org/en/docs/http/ngx_http_proxy_module.html
   proxy_cache_path /tmp/nginx-cache-%PROJECT% levels=1:2 keys_zone=%PROJECT%:%NGINX_CACHE_SIZE%;
   proxy_cache %PROJECT%;
+  proxy_cache_min_uses %NGINX_CACHE_MIN_USES%;
   proxy_cache_revalidate on;
   proxy_cache_use_stale timeout updating;
-  # "proxy_cache_valid any" includes things like 404s
-  proxy_cache_valid any %NGINX_CACHE_SECONDS%s;
+  proxy_cache_valid any %NGINX_CACHE_SECONDS%s; # "any" includes 404s, etc
+
+  # content-types not to cache
+  map $http_content_type $no_cache_content_type {
+    %%CSV %NO_CACHE_CONTENT_TYPE%
+    %1% 1;
+    %%ENDCSV
+    default 0;
+  }
+
+  # hosts not to cache
+  map $http_host $no_cache_host {
+    hostnames;
+    %%CSV %NO_CACHE_HOST%
+    %1% 1;
+    %%ENDCSV
+    default 0;
+  }
+
+  # so, should we skip caching this stuff for some reason?
+  proxy_no_cache $no_cache_content_type $no_cache_host;
+  proxy_cache_bypass $no_cache_content_type $no_cache_host;
   %%ELSE
   # nginx caching disabled
   %%ENDIF