nginx serving wrong website under proxy_cache

Sun May 3 10:05:57 MSD 2009


Igor Sysoev wrote:
> On Sun, May 03, 2009 at 01:18:30AM -0400, Jim Ohlstein wrote:
>
>   
>> Igor Sysoev wrote:
>>     
>>> On Sat, May 02, 2009 at 11:16:47PM -0400, Jim Ohlstein wrote:
>>>
>>>  
>>>       
>>>> Correction:
>>>>
>>>> The question should read:
>>>>
>>>> Do I need to use two fastcgi_cache_key settings if a site serves both 
>>>> http and https?
>>>>    
>>>>         
>>> If you use the same backend - no:
>>>
>>>      server {
>>>          listen 80;
>>>          location / {
>>>              fastcgi_pass       backend:9000;
>>>              fastcgi_cache_key  backend:9000$request_uri;
>>>          }
>>>      }
>>>
>>>      server {
>>>          listen 443;
>>>          location / {
>>>              fastcgi_pass       backend:9000;
>>>              fastcgi_cache_key  backend:9000$request_uri;
>>>          }
>>>      }
>>>
>>>  
>>>       
>> I am using the same backend and configured like this:
>>
>> server {
>>    listen  80;
>>
>>    location / {
>>        fastcgi_pass backend;
>>        fastcgi_cache one;
>>        fastcgi_cache_key backend$request_uri;
>>    }
>> }
>>
>> server {
>>    listen     443;
>>    location / {
>>        fastcgi_pass backend;
>>        fastcgi_cache one;
>>        fastcgi_cache_key backend$request_uri;
>>    }
>> }
>>     
>
> Yes, this is OK.
>
>   
>> For what it may be worth, I have seen some md5 collisions in the error log:
>>
>> 2009/05/03 00:39:18 [crit] 21997#0: *61 cache file 
>> "/usr/local/nginx/cache/0/da/90e8de013d4126fbab247d12350fdda0" has md5 
>> collision, client: my.ip.addr.ess, server: mydomain.com, request: "GET 
>> /rtwhtrsyrn/010110A/687474702s7777772r777732746s7073697465732r636s6q2s627574746s6r2r7068703s753q776s726p6477617274776s7n6s6r655s636s6q 
>> HTTP/1.1", host: "mydomain.com", referrer: 
>> "https://mydomain.com/rtwhtrsyrn/010110A/687474702s776s726p6477617274776s7n6s6r652r636s6q2s666s72756q732s616r6r6s756r63656q656r74732s31333535392q6r6s2q796s752q6172656r742q6372617n792r68746q6p"
>> 2009/05/03 00:39:24 [crit] 21997#0: *44 cache file 
>> "/usr/local/nginx/cache/0/da/90e8de013d4126fbab247d12350fdda0" has md5 
>> collision, client: my.ip.addr.ess, server: mydomain.com, request: "GET 
>> /rtwhtrsyrn/010110A/687474702s7777772r777732746s7073697465732r636s6q2s627574746s6r2r7068703s753q776s726p6477617274776s7n6s6r655s636s6q 
>> HTTP/1.1", host: "mydomain.com", referrer: 
>> "https://mydomain.com/rtwhtrsyrn/010110A/687474702s776s726p6477617274776s7n6s6r652r636s6q2s666s72756q732s2r2r2s"
>>     
>
> nginx uses md5 create a cache key and use the key as path to a cache file,
> 90e8de013d4126fbab247d12350fdda0 in you case. Besides, in the file there
> is crc32 of the original key to test possible md5 collisions.
>
> Could you run
>
> head -1 /usr/local/nginx/cache/0/da/90e8de013d4126fbab247d12350fdda0 | hexdump
> head -2 /usr/local/nginx/cache/0/da/90e8de013d4126fbab247d12350fdda0 | tail -1
>
> ?
>
>
>   

[root at saturn logs]# head -1 
/usr/local/nginx/cache/0/da/90e8de013d4126fbab247d12350fdda0 | hexdump
0000000 8ab0 1afc 0000 0000 1a20 b835 0032 0000
0000010 0000 0000 0000 0000 0000 0000 0000 0000
0000020 028b 0000 0000 0000 000a              
0000029
[root at saturn logs]# head -2 
/usr/local/nginx/cache/0/da/90e8de013d4126fbab247d12350fdda0 | tail -1
KEY: 
unix:/tmp/cgi.sock.1:/rtwhtrsyrn/010110A/687474702s7777772r777732746s7073697465732r636s6q2s627574746s6r2r7068703s753q776s726p6477617274776s7n6s6r655s636s6q