proxy doesn't cache

Sat May 11 14:55:58 UTC 2013

Hello!

On Fri, May 10, 2013 at 11:13:42AM +0800, Stefan Xenon wrote:

> Hi!
> I want to use nginx as a caching proxy in front of an OCSP responder.
> The OCSP requests are transmitted via HTTP POST.
> 
> Hence, I configured nginx as follows:
> 
> proxy_cache_path  /tmp/nginx/cache levels=1:2 keys_zone=my-cache:8m
> max_size=1000m inactive=600m;
> server {
>   server_name localhost;
>   location / {
>     proxy_pass  http://213.154.225.237:80; #ocsp.cacert.org
>     proxy_cache my-cache;
>     proxy_cache_methods    POST;
>     proxy_cache_key        "$scheme$proxy_host$uri$request_body";
>     proxy_ignore_headers X-Accel-Expires Expires Cache-Control Set-Cookie;
>     proxy_set_header        Host            $host;
>     proxy_set_header        X-Real-IP       $remote_addr;
>   }
> )
> 
> I can access the OCSP responder through nginx and responses are received
> as expected - no issue. The problem is that nginx doesn't cache the
> responses. Note that OCSP nonces are *not* being sent as part of the
> request. Using Wireshark and nginx' debug log, I verified that all my
> requests are identical. How to configure nginx that it caches the responses?
> 
> Note, I use the following command for testing:
> openssl ocsp -issuer cacert.crt -no_nonce -CAfile CAbundle.crt -url
> http://localhost/ -serial <SERIAL>

You configuration doesn't contain proxy_cache_valid (see 
http://nginx.org/r/proxy_cache_valid), and in the same time via 
proxy_ignore_headers it ignores all headers which may be used to 
set response validity based on response headers.  That is, no 
responses will be cached with the configuration above.

You probably want to add something like

   proxy_cache_valid 200 1d;

to your configuration.

-- 
Maxim Dounin
http://nginx.org/en/donation.html