We currently use caching for guests, our search pages use long urls to pass the parameters to our application. Currently searches that worked for logged in users don't work for guests.
I can show the issue with these two curl examples ( which are not obviously valid searches )
As a guest
james_@Sophie:/mnt/c/Users/james$ curl -I "https://archiveofourown.org/works?a=111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111"
HTTP/1.1 502 Bad Gateway
Server: nginx/1.13.7
Content-Type: text/html
Connection: keep-alive
X-Proxy-Cache: MISS
X-Hostname: ao3-front01
Date: Fri, 24 Aug 2018 07:19:10 GMT
X-Page-Speed: 1.13.35.1-0
Cache-Control: max-age=0, no-cache, s-maxage=10
Faked logged in
james_@Sophie:/mnt/c/Users/james$ curl -I --cookie "user_credentials=Yes" "https://archiveofourown.org/works?a=111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111"
HTTP/1.1 200 OK
Server: nginx/1.13.7
Content-Type: text/html; charset=utf-8
Connection: keep-alive
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
ETag: W/"1790278d744d2e531bec864667a1668c"
Set-Cookie: _otwarchive_session=*******c1ab; path=/; expires=Fri, 07 Sep 2018 07:55:19 -0000; HttpOnly
X-Request-Id: 236abd18-2463-4163-ab7e-24b3b10e572e
X-Runtime: 0.182444
X-Aooo-Debug1: Archive Unicorn
X-Clacks-Overhead: GNU Terry Pratchett
Potential_upstream: unicorn_story
X-Hostname: ao3-front01
Date: Fri, 24 Aug 2018 07:55:19 GMT
X-Page-Speed: 1.13.35.1-0
Cache-Control: max-age=0, no-cache, must-revalidate
One less character
james_@Sophie:/mnt/c/Users/james$ curl -I "https://archiveofourown.org/works?a=11111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111"
HTTP/1.1 200 OK
Server: nginx/1.13.7
Content-Type: text/html; charset=utf-8
Connection: keep-alive
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Request-Id: d4cb7c78-78bd-4de5-a974-1695db5a6d23
X-Runtime: 0.188035
X-Proxy-Cache: HIT
X-Hostname: ao3-front01
X-Clacks-Overhead: GNU Terry Pratchett
X-ao3-caching-backend: unicorn_story
X-Page-Speed: 1.13.35.1-0
X-Aooo-Debug1: Archive Unicorn
X-Clacks-Overhead: GNU Terry Pratchett
Potential_upstream: unicorn_cache
X-Hostname: ao3-front01
Date: Fri, 24 Aug 2018 07:19:17 GMT
X-Page-Speed: 1.13.35.1-0
Cache-Control: max-age=0, no-cache
I think the relevant bits of the config are:
client_body_buffer_size 2048k;
proxy_buffers 32 64k;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_set_header X-Queue-Start "t=${msec}000";
proxy_redirect off;
proxy_read_timeout 300;
proxy_cache_path /var/cache/nginx/downloads keys_zone=downloads_cache:4096m loader_threshold=300 loader_files=200 max_size=300g inactive=30d levels=2:2;
proxy_cache_path /var/cache/nginx/ao3 keys_zone=ao3_cache:4096m loader_threshold=300 loader_files=200 max_size=70g inactive=1h levels=2:2;
proxy_cache_path /var/cache/nginx/tmpfs keys_zone=ao3_tmpfs:4096m loader_threshold=300 loader_files=200 max_size=40g inactive=1h levels=2:2;
large_client_header_buffers 4 32k;
And
location / {
proxy_cache ao3_tmpfs;
proxy_cache_key "$request_uri";
proxy_cache_valid 200 302 40m;
proxy_cache_valid 404 10m;
proxy_cache_use_stale error timeout invalid_header updating;
proxy_cache_lock on ;
proxy_cache_min_uses 1 ;
proxy_buffering on ;
proxy_hide_header Cache-Control ;
proxy_hide_header Set-Cookie ;
proxy_ignore_headers Cache-Control ;
proxy_ignore_headers Set-Cookie ;
proxy_http_version 1.1;
proxy_set_header X-Forwarded-For "$http_x_forwarded_for,$realip_remote_addr" ;
proxy_set_header X-Forwarded-Proto $scheme ;
proxy_headers_hash_bucket_size 4096 ;
proxy_redirect off;
proxy_set_header Connection "";
real_ip_recursive on ;
set_real_ip_from 10.0.0.0/8 ;
real_ip_header X-Forwarded-For;
client_max_body_size 4G;
keepalive_timeout 5; proxy_set_header Host archiveofourown.org ;
add_header X-Proxy-Cache $upstream_cache_status always;
add_header X-Hostname $hostname always;
add_header Cache-Control "public" always;
add_header X-Clacks-Overhead "GNU Terry Pratchett" ;
add_header X-ao3-caching-backend "$unicorn_cache_backend" ;
proxy_pass http://$unicorn_cache_backend;
expires 40m ;
}_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx