Hi, I want to enable caching on some sites that are behind my nginx reverse proxy such as owncloud and gitlab, both of these are log in based with separate users, but I dont want a situation the same as steam recently encountered where they were caching a particular users page for all other users and other people could see other peoples profiles, see the link: http://store.steampowered.com/news/19852/

So are there any special config options that I can include to make sure that this does not happen to my sites.

Thanks for any responses, Ben

Ah I have found something:

How Does NGINX Determine Whether or Not to Cache Something?

By default, NGINX respects the Cache-Control headers from origin servers. It does not cache responses with Cache-Control set to Private, No-Cache, or No-Store or with Set-Cookie in the response header. NGINX only caches GET and HEAD client requests. You can override these defaults as described in the answers below.


but my question is do I need to set up the backend web server to add the headers or will the website (owncloud and gitlab) automatically add these when on pages that shouldn't be cached

Ha I have answered my own question... should have researched a bit more before postingm if you go into dev tools in chrome and into network you can see the headers and the cache control, so owncloud should work fine by just enabling cache in nginx, as it caches the css and static files I guess but dosent cache anything it shouldn't, anyway good idea to check this before anyone else enables caching on their site.

Thanks, Ben