Can NGINX cache metadata get updated automatically, if file is added through backdoor by another NGINX proxy-cache?

Maxim Dounin mdounin at
Fri Sep 29 13:18:05 UTC 2017


On Fri, Sep 29, 2017 at 05:00:22AM -0400, rnmx18 wrote:

> I have a use-case, where NGINX (say NGINX-process-1) is set up as a reverse
> proxy, with caching enabled (say in /mnt/disk2/pubRoot, with zone name
> "cacheA"). However, I have another NGINX (say NGINX-Process-B) which also
> runs in parallel, and caches its content in (/mnt/disk2/frontstore, with
> zone name "cacheB"). Additionally, there is another application which
> monitors this "frontstore", and copies its content to "pubRoot".
> So, effectively, any content that NGINX-B caches in frontstore gets
> available in the cache-path which is configured for NGINX-A. However,
> NGINX-A cannot get it as HIT when it receives a request, as its metadata
> (zoneA) does not have the information, as it didn't cache it there in the
> first place.
> Is there a mechanism by which NGINX-A cache lookup can get a HIT in such a
> case?

No.  Don't do that.

nginx assumes exclusive access to the cache directory, and 
changing cache files in the directory is very likely to produce 
highly incorrect results - including errors because of mismatch 
between in-memory metadata and content of cache files.  And, 
because these errors are never expected to appear in proper 
environment, at least some of these errors are currently known to 
be handled incorrectly and may result in socket leaks[1].


Maxim Dounin

More information about the nginx mailing list