Memory usage in nginx proxy setup and use of min_uses

Lucas Rolff lucas at lucasrolff.com
Mon May 17 14:47:33 UTC 2021


Hi Maxim,

Thanks a lot for your reply!

I'm indeed aware of the ~8k keys per mb of memory, I was just wondering if it was handled differently when min_uses are in use, but it does indeed make sense that nginx has to keep track of it somehow, and the keys zone makes the most sense!

> Much like with any cache item, such keys are removed from the keys_zone if no matching requests are seen during the "inactive" time

That's a bummer, since that still allows memory "poisoning" - it would be awesome to have another flag for proxy_cache_path to control how long keys that have not yet reached min_uses are kept in SHM.
The benefit of this would be to say if min_uses have not been reached within let's say 5 minutes, then we purge those keys from SHM to clear up the memory.

For controlling the cache items - ideally we wanna use query strings as a part of the cache key, but still ideally prevent memory poisoning as above - the inactive flag for min_uses would be pretty useful for this - while it won't prevent it fully, we'd still be able to somewhat control memory even if people are trying to do the cache/memory poisoning.

Best Regards,
Lucas Rolff

On 17/05/2021, 16.37, "nginx on behalf of Maxim Dounin" <nginx-bounces at nginx.org on behalf of mdounin at mdounin.ru> wrote:

    Hello!

    On Sun, May 16, 2021 at 04:46:17PM +0000, Lucas Rolff wrote:

    > Hi everyone,
    > 
    > I have a few questions regarding proxy_cache and the use of 
    > proxy_cache_min_uses in nginx:
    > 
    > Let’s assume you have an nginx server with proxy_cache enabled, 
    > and you’ve set proxy_cache_min_uses to 5;
    > 
    > Q1: How does nginx internally keep track of the count for 
    > min_uses? Is it using SHM to do it (and counts towards the 
    > key_zone limit?), or something else?
    > 
    > Q2: How long time does nginx keep this information for the 
    > number of accesses. Let’s say the file gets visited once in a 24 
    > hour period; Would nginx keep the counter at 1 for that whole 
    > period, or are there some set timeout where it’s “flushed”.
    > 
    > Q3: If you have a user who decides to access files with a random 
    > query string on it; We want to prevent caching this to fill up 
    > the storage (The main reason for setting the 
    > proxy_cache_min_uses in the first place) – but are we gonna fill 
    > up the memory (and keys_zone limit) regardless; If yes – is 
    > there a way to prevent this?
    > 
    > Basically the goal is to understand even just broadly how 
    > min_uses are counted, and possibly how to prevent memory from 
    > being eaten up in case someone decides to access the same URL 
    > once with millions of requests – if there’s any way to flush out 
    > the memory for example, for anything that haven’t yet reached 
    > the proxy_cache_min_uses if it indeed uses up memory.

    The proxy_cache_min_uses basically means that if nginx sees a 
    request whose uses count not reached the specified limit yet, it 
    won't try to store the response to disk.  It will, however, keep 
    the key in the keys_zone with the relevant information, notably 
    the number of uses seen so far.  Quoting the proxy_cache_path 
    directive description (http://nginx.org/r/proxy_cache_path):

    "In addition, all active keys and information about data are stored 
    in a shared memory zone, whose name and size are configured by the 
    keys_zone parameter. One megabyte zone can store about 8 thousand 
    keys."

    Much like with any cache item, such keys are removed from the 
    keys_zone if no matching requests are seen during the "inactive" 
    time.  Similarly, least recently used keys are removed if there is 
    not enough room in the keys_zone.

    Much like with normal caching, you can control the cache key nginx 
    uses.  If you don't want to take query string into account, you 
    may want to configure proxy_cache_key without the query string 
    (see http://nginx.org/r/proxy_cache_key).

    -- 
    Maxim Dounin
    http://mdounin.ru/
    _______________________________________________
    nginx mailing list
    nginx at nginx.org
    http://mailman.nginx.org/mailman/listinfo/nginx



More information about the nginx mailing list