proxy doesn't cache

Tue May 14 12:51:48 UTC 2013

Thanks a lot Maxim. This really solved my problem. :-)

Stefan

Am 11.05.2013 22:55, schrieb Maxim Dounin:
> Hello!
> 
> On Fri, May 10, 2013 at 11:13:42AM +0800, Stefan Xenon wrote:
> 
>> Hi!
>> I want to use nginx as a caching proxy in front of an OCSP responder.
>> The OCSP requests are transmitted via HTTP POST.
>>
>> Hence, I configured nginx as follows:
>>
>> proxy_cache_path  /tmp/nginx/cache levels=1:2 keys_zone=my-cache:8m
>> max_size=1000m inactive=600m;
>> server {
>>   server_name localhost;
>>   location / {
>>     proxy_pass  http://213.154.225.237:80; #ocsp.cacert.org
>>     proxy_cache my-cache;
>>     proxy_cache_methods    POST;
>>     proxy_cache_key        "$scheme$proxy_host$uri$request_body";
>>     proxy_ignore_headers X-Accel-Expires Expires Cache-Control Set-Cookie;
>>     proxy_set_header        Host            $host;
>>     proxy_set_header        X-Real-IP       $remote_addr;
>>   }
>> )
>>
>> I can access the OCSP responder through nginx and responses are received
>> as expected - no issue. The problem is that nginx doesn't cache the
>> responses. Note that OCSP nonces are *not* being sent as part of the
>> request. Using Wireshark and nginx' debug log, I verified that all my
>> requests are identical. How to configure nginx that it caches the responses?
>>
>> Note, I use the following command for testing:
>> openssl ocsp -issuer cacert.crt -no_nonce -CAfile CAbundle.crt -url
>> http://localhost/ -serial <SERIAL>
> 
> You configuration doesn't contain proxy_cache_valid (see 
> http://nginx.org/r/proxy_cache_valid), and in the same time via 
> proxy_ignore_headers it ignores all headers which may be used to 
> set response validity based on response headers.  That is, no 
> responses will be cached with the configuration above.
> 
> You probably want to add something like
> 
>    proxy_cache_valid 200 1d;
> 
> to your configuration.
> 