Can NGINX cache metadata get updated automatically, if file is added through backdoor by another NGINX proxy-cache?
Maxim Dounin
mdounin at mdounin.ru
Fri Sep 29 13:18:05 UTC 2017
Hello!
On Fri, Sep 29, 2017 at 05:00:22AM -0400, rnmx18 wrote:
> I have a use-case, where NGINX (say NGINX-process-1) is set up as a reverse
> proxy, with caching enabled (say in /mnt/disk2/pubRoot, with zone name
> "cacheA"). However, I have another NGINX (say NGINX-Process-B) which also
> runs in parallel, and caches its content in (/mnt/disk2/frontstore, with
> zone name "cacheB"). Additionally, there is another application which
> monitors this "frontstore", and copies its content to "pubRoot".
>
> So, effectively, any content that NGINX-B caches in frontstore gets
> available in the cache-path which is configured for NGINX-A. However,
> NGINX-A cannot get it as HIT when it receives a request, as its metadata
> (zoneA) does not have the information, as it didn't cache it there in the
> first place.
>
> Is there a mechanism by which NGINX-A cache lookup can get a HIT in such a
> case?
No. Don't do that.
nginx assumes exclusive access to the cache directory, and
changing cache files in the directory is very likely to produce
highly incorrect results - including errors because of mismatch
between in-memory metadata and content of cache files. And,
because these errors are never expected to appear in proper
environment, at least some of these errors are currently known to
be handled incorrectly and may result in socket leaks[1].
[1] http://mailman.nginx.org/pipermail/nginx-ru/2017-September/060259.html
--
Maxim Dounin
http://nginx.org/
More information about the nginx
mailing list