@@ -15,7 +15,16 @@ upstream puppetmaster_unicorn {
1515upstream puppetca {
1616 server unix:/var/run/puppet/puppetmaster_unicorn.sock;
1717}
18- # define our proxy for breaking up SSL
18+
19+ # define a custom log level for cache stats
20+ log_format custom-cache '$remote_addr - $remote_user [$time_local] '
21+ '"$request" $status $body_bytes_sent '
22+ '"$http_referer" "$http_user_agent" nocache:$no_cache';
23+
24+ # define our cache
25+ proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=microcache:5m max_size=1000m;
26+
27+ # define our proxy
1928server {
2029 <% unless @disable_ssl -%>
2130 ssl on;
@@ -43,6 +52,46 @@ server {
4352 location / {
4453 proxy_pass http://puppetmaster_unicorn;
4554 proxy_redirect off;
55+ # Setup var defaults
56+ set $no_cache "";
57+
58+ # If non GET/HEAD, don't cache & mark user as uncacheable for 1 second via cookie
59+ if ($request_method !~ ^(GET|HEAD)$) {
60+ set $no_cache "1";
61+ }
62+
63+ # Drop no cache cookie if need be
64+ # (for some reason, add_header fails if included in prior if-block)
65+ if ($no_cache = "1") {
66+ add_header Set-Cookie "_mcnc=1; Max-Age=2; Path=/";
67+ add_header X-Microcachable "0";
68+ }
69+
70+ # Bypass cache if no-cache cookie is set
71+ if ($http_cookie ~* "_mcnc") {
72+ set $no_cache "1";
73+ }
74+
75+ # Bypass cache if flag is set
76+ proxy_no_cache $no_cache;
77+ proxy_cache_bypass $no_cache;
78+ # Set cache zone
79+ proxy_cache microcache;
80+
81+ # Set cache key to include identifying components
82+ proxy_cache_key $scheme$host$request_method$request_uri;
83+
84+ # Only cache valid HTTP 200 responses for 1 second
85+ proxy_cache_valid 200 1s;
86+
87+ # Serve from cache if currently refreshing
88+ proxy_cache_use_stale updating;
89+
90+ # Set files larger than 1M to stream rather than cache
91+ proxy_max_temp_file_size 1M;
92+
93+ # activate our logging
94+ access_log /var/log/nginx/puppetmaster-microcache.log custom-cache;
4695 }
4796 location ~ ^/([^/]+/certificate.*)$ {
4897 proxy_pass http://puppetca;
0 commit comments