nginx as reverse proxy with "mod secdownload" feature - possible?
Reinis Rozitis
r at roze.lv
Thu Oct 21 15:32:19 MSD 2010
> This would not help (at least i think so) because we do not want to sync
> any content to the caches. We just want them to fetch the stuff from the
> main servers if they haven't stored it locally in their proxy cache, and
> deliver it from the cache if they already have it.
You don't need to "store" directly (like push any files beforehand) to the
cache servers - nginx can store the files on demand in the same tree
structure as on backend (quite easy to examine that way what is getting
fetched and purge the cache with simple filesystem tools like 'find / rm')
by using the "proxy_store on" (
http://wiki.nginx.org/NginxHttpProxyModule#proxy_store ) directive or either
in its own cache tree but then you need to adjust proxy_cache_key so that it
doesnt include the default $request_uri (which would contain the dynamic
hash that way storing a single file multiple times (someone correct me if
I'm wronge here)) but just the real path (do something like $secure_link
rewrite) and the file technically should be fetched from cache each time
rather than backend (the advantage of this is you can have a dynamic garbage
collector (cache cleaner) by adjusting the overal size and time to live
rather than have to do it yourself) ..
To give some example - some pseido config for the first approach:
upstream backend {
server backendip:8080;
}
server {
root /webroot;
error_page 404 = @store;
location /dlpath/ {
secure_link_secret randomkey;
if ($secure_link = "") {
return 403;
}
rewrite ^ /dlpath/$secure_link break;
}
location @store {
internal;
proxy_pass http://backend;
proxy_store on;
}
}
> So from all my readings, i think(! and might be wrong), the easiest and
> maybe best way for now would be having a small perl module doing the
> secdownload stuff (just a few lines of code, so no big deal) and rewrite
> the request to a normalized url which can be found on the backend.
Since I am not aware of any third party modules which can keep track of the
download status thats one of the solutions (imo the easy way).
On the other hand if you plan to _exploit_ all of nginx possibilities /
features you could use the memcache + echo module
http://wiki.nginx.org/NginxHttpMemcModule
http://github.com/agentzh/echo-nginx-module
In a way the Memcached would hold an unique key (inserted by third party app
or some nginx subrequest) which consists of the file path or true/false and
after making a request the key would be deleted - thats just theory though
and requires some voodoo :)
rr
More information about the nginx
mailing list