cache key > 1049 characters results in 502
James Beal
james_ at catbus.co.uk
Fri Aug 24 07:59:09 UTC 2018
We currently use caching for guests, our search pages use long urls to pass the parameters to our application. Currently searches that worked for logged in users don't work for guests.
I can show the issue with these two curl examples ( which are not obviously valid searches )
As a guest
james_ at Sophie:/mnt/c/Users/james$ curl -I "https://archiveofourown.org/works?a=111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111"
HTTP/1.1 502 Bad Gateway
Server: nginx/1.13.7
Content-Type: text/html
Connection: keep-alive
X-Proxy-Cache: MISS
X-Hostname: ao3-front01
Date: Fri, 24 Aug 2018 07:19:10 GMT
X-Page-Speed: 1.13.35.1-0
Cache-Control: max-age=0, no-cache, s-maxage=10
Faked logged in
james_ at Sophie:/mnt/c/Users/james$ curl -I --cookie "user_credentials=Yes" "https://archiveofourown.org/works?a=111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111"
HTTP/1.1 200 OK
Server: nginx/1.13.7
Content-Type: text/html; charset=utf-8
Connection: keep-alive
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
ETag: W/"1790278d744d2e531bec864667a1668c"
Set-Cookie: _otwarchive_session=*******c1ab; path=/; expires=Fri, 07 Sep 2018 07:55:19 -0000; HttpOnly
X-Request-Id: 236abd18-2463-4163-ab7e-24b3b10e572e
X-Runtime: 0.182444
X-Aooo-Debug1: Archive Unicorn
X-Clacks-Overhead: GNU Terry Pratchett
Potential_upstream: unicorn_story
X-Hostname: ao3-front01
Date: Fri, 24 Aug 2018 07:55:19 GMT
X-Page-Speed: 1.13.35.1-0
Cache-Control: max-age=0, no-cache, must-revalidate
One less character
james_ at Sophie:/mnt/c/Users/james$ curl -I "https://archiveofourown.org/works?a=11111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111"
HTTP/1.1 200 OK
Server: nginx/1.13.7
Content-Type: text/html; charset=utf-8
Connection: keep-alive
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Request-Id: d4cb7c78-78bd-4de5-a974-1695db5a6d23
X-Runtime: 0.188035
X-Proxy-Cache: HIT
X-Hostname: ao3-front01
X-Clacks-Overhead: GNU Terry Pratchett
X-ao3-caching-backend: unicorn_story
X-Page-Speed: 1.13.35.1-0
X-Aooo-Debug1: Archive Unicorn
X-Clacks-Overhead: GNU Terry Pratchett
Potential_upstream: unicorn_cache
X-Hostname: ao3-front01
Date: Fri, 24 Aug 2018 07:19:17 GMT
X-Page-Speed: 1.13.35.1-0
Cache-Control: max-age=0, no-cache
I think the relevant bits of the config are:
client_body_buffer_size 2048k;
proxy_buffers 32 64k;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_set_header X-Queue-Start "t=${msec}000";
proxy_redirect off;
proxy_read_timeout 300;
proxy_cache_path /var/cache/nginx/downloads keys_zone=downloads_cache:4096m loader_threshold=300 loader_files=200 max_size=300g inactive=30d levels=2:2;
proxy_cache_path /var/cache/nginx/ao3 keys_zone=ao3_cache:4096m loader_threshold=300 loader_files=200 max_size=70g inactive=1h levels=2:2;
proxy_cache_path /var/cache/nginx/tmpfs keys_zone=ao3_tmpfs:4096m loader_threshold=300 loader_files=200 max_size=40g inactive=1h levels=2:2;
large_client_header_buffers 4 32k;
And
location / {
proxy_cache ao3_tmpfs;
proxy_cache_key "$request_uri";
proxy_cache_valid 200 302 40m;
proxy_cache_valid 404 10m;
proxy_cache_use_stale error timeout invalid_header updating;
proxy_cache_lock on ;
proxy_cache_min_uses 1 ;
proxy_buffering on ;
proxy_hide_header Cache-Control ;
proxy_hide_header Set-Cookie ;
proxy_ignore_headers Cache-Control ;
proxy_ignore_headers Set-Cookie ;
proxy_http_version 1.1;
proxy_set_header X-Forwarded-For "$http_x_forwarded_for,$realip_remote_addr" ;
proxy_set_header X-Forwarded-Proto $scheme ;
proxy_headers_hash_bucket_size 4096 ;
proxy_redirect off;
proxy_set_header Connection "";
real_ip_recursive on ;
set_real_ip_from 10.0.0.0/8 ;
real_ip_header X-Forwarded-For;
client_max_body_size 4G;
keepalive_timeout 5; proxy_set_header Host archiveofourown.org ;
add_header X-Proxy-Cache $upstream_cache_status always;
add_header X-Hostname $hostname always;
add_header Cache-Control "public" always;
add_header X-Clacks-Overhead "GNU Terry Pratchett" ;
add_header X-ao3-caching-backend "$unicorn_cache_backend" ;
proxy_pass http://$unicorn_cache_backend;
expires 40m ;
}
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20180824/6ce9fe15/attachment-0001.html>
More information about the nginx
mailing list