nginx as reverse proxy with "mod secdownload" feature - possible?

Reinis Rozitis r at
Thu Oct 21 15:32:19 MSD 2010

> This would not help (at least i think so) because we do not want to sync
> any content to the caches. We just want them to fetch the stuff from the
> main servers if they haven't stored it locally in their proxy cache, and
> deliver it from the cache if they already have it.

You don't need to "store" directly (like push any files beforehand) to the 
cache servers - nginx can store the files on demand in the same tree 
structure as on backend (quite easy to examine that way what is getting 
fetched and purge the cache with simple filesystem tools like 'find / rm') 
by using the "proxy_store on" ( ) directive or either 
in its own cache tree but then you need to adjust proxy_cache_key so that it 
doesnt include the default $request_uri (which would contain the dynamic 
hash that way storing a single file multiple times (someone correct me if 
I'm wronge here)) but just the real path (do something like $secure_link 
rewrite) and the file technically should be fetched from cache each time 
rather than backend (the advantage of this is you can have a dynamic garbage 
collector (cache cleaner) by adjusting the overal size and time to live 
rather than have to do it yourself) ..

To give some example - some pseido config for the first approach:

    upstream backend {
        server backendip:8080;

     server {
        root   /webroot;
        error_page      404 = @store;

        location /dlpath/ {
				secure_link_secret   randomkey;
                if ($secure_link = "") {
                        return 403;
                rewrite  ^ /dlpath/$secure_link  break;

        location @store {
                proxy_pass           http://backend;
                proxy_store          on;

> So from all my readings, i think(! and might be wrong), the easiest and
> maybe best way for now would be having a small perl module doing the
> secdownload stuff (just a few lines of code, so no big deal) and rewrite
> the request to a normalized url which can be found on the backend.

Since I am not aware of any third party modules which can keep track of the 
download status thats one of the solutions (imo the easy way).

On the other hand if you plan to _exploit_ all of nginx possibilities / 
features you could use the memcache + echo module

In a way the Memcached would hold an unique key (inserted by third party app 
or some nginx subrequest) which consists of the file path or true/false and 
after making a request the key would be deleted - thats just theory though 
and requires some voodoo :)


More information about the nginx mailing list