Nginx http proxy caching

Tue May 11 05:05:26 MSD 2010

Hello!

On Mon, May 10, 2010 at 04:55:03PM -0500, Ryan Malayter wrote:

> On Mon, May 10, 2010 at 2:15 PM, Igor Sysoev <igor at sysoev.ru> wrote:
> > On Mon, May 10, 2010 at 03:02:09PM -0400, Jim Ursetto wrote:
> >
> >> Vinay Y S Wrote:
> >> -------------------------------------------------------
> >> > Hi,
> >> > Is there developer documentation on how http
> >> > caching works in nginx? I'm
> >> > seeing weird caching behavior where it's caching
> >> > responses with Cache-Control: private headers.
> >>
> >> nginx completely ignores the `private` keyword and
> >> will cache your document regardless.
> >>
> >> > As I've asked in another thread, I'm also trying
> >> > to understand how I can
> >> > enable/disable caching per request based on a
> >> > cookie or a header set by
> >> > upstream server.
> >>
> >> You can send `Cache-control: max-age=0` or
> >> `Cache-control: no-cache` to disable nginx proxy cache.
> >>
> >> Note that because `private` is ignored, you cannot tell
> >> nginx to not use the proxy cache while still allowing
> >> the browser to cache (for example,
> >> `Cache-control: max-age=3600, private`).  You can only
> >> disable the proxy cache in the configuration file based
> >> on the current Location.  I don't really understand this
> >> behavior; I think private should be honored.
> >
> > You are right, "private" should be ignored.
> > However, you may say nginx "X-Accel-Expires: 0" to not cache such
> > responses. You may say different cache times for nginx and
> > browsers/transit proxies:
> >
> > X-Accel-Expires: 500
> > Cache-Control: max-age=100
> 
> Ach... is this really true? It is a fundamental HTTP spec violation to
> ignore "private" cache-control directives in a proxy (even a reverse
> proxy I would think).

There are lots of situations where you have to cache private data 
on reverse proxy.  And you can do this safely by providing 
appropriate proxy_cache_key.

I agree that private data shouldn't be cached by default, but I 
don't see any "fundamental violation" here.  In HTTP terms nginx 
is origin server, and it's up to it's admin to configure it to do 
whatever he want.

> It says in the documentation that it will obey cache-control headers here:
> http://wiki.nginx.org/NginxHttpProxyModule#proxy_cache

Wiki isn't documentation, it's user-contributed content.

> Is the documentation incorrect? Are "private", "no-transform",
> ,"proxy-revalidate", and other such headers are ignored by nginx? I
> just introduced caching into our QA environment for a whole site,
> expecting sane behavior on the part of nginx. I guess I better do some
> multi-user testing or roll it back out of caution...

The only cache-control directives currently honored are "no-cache" 
and "max-age=".

And yes, using proxy_cache on some arbitrary backend which wasn't 
designed to work with nginx isn't really good idea (at least right 
now).

Maxim Dounin