Home / server / Questions / 814006
In Process
Antonio Laguna
Asked: 2016-11-10 05:31:31 +0800 CST

Nginx expires seem wrong

  • 772

I've just reinstalled my machine to remove old dependencies and install things in a more proper way and I've just realised the cache seems wrong now.

Headers are as follow for an image:

cache-control:max-age=300
content-type:image/png
date:Wed, 09 Nov 2016 13:17:50 GMT
expires:Wed, 09 Nov 2016 13:22:50 GMT
last-modified:Wed, 09 Nov 2016 12:25:44 GMT
server:nginx/1.11.5
status:200

As you may see the expire is 5m. However the cache block is set to this:

  location /assets {
    alias /var/www/f13/content/themes/lechuck/assets;
    access_log off;
    expires max;
  }

So it should be 10y.

Here's the whole file:

# sets the proxy cache path location, max size 2g
proxy_cache_path  /usr/local/nginx/cache  levels=1:2 keys_zone=STATIC:100m inactive=24h max_size=2g;

# uses the defined STATIC cache zone
proxy_cache             STATIC;

# cache 200 10 minutes, 404 1 minute, others status codes not cached
proxy_cache_valid 200 10m;
proxy_cache_valid 404 1m;

proxy_cache_key "$scheme$host$request_uri";
proxy_cache_use_stale   error timeout invalid_header updating http_500 http_502 http_503 http_504;
proxy_http_version 1.1;

# transfers real client IP to your ghost app,
# otherwise you would see your server ip
proxy_set_header        X-Real-IP        $remote_addr;
proxy_set_header        X-Forwarded-For  $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;

client_max_body_size  20m;
client_body_buffer_size    128k;

# default expires (browser cache) set to 1 minute
expires 1m;

# gzip every proxied responses
gzip_proxied any;

# gzip only if user asks it
gzip_vary on;

# gzip only theses mime types
gzip_types text/plain text/css application/x-javascript text/xml application/xml application/xml+rss text/javascript application/json application/javascript;
gzip_static on;

# add a cache HIT/MISS header
add_header X-Cache $upstream_cache_status;

# do not show incoming Etags, if-modified-since is sufficient
proxy_hide_header Etag;

# server {
#       listen         80;
#       server_name    funcion13.com;
#       return         301 https://$server_name$request_uri;
# }

server {
  listen 80;
  listen 443 ssl;
  server_name funcion13.com;

  root /var/www/f13/;

  include /usr/local/nginx/conf/nginx-ssl.conf;
  ssl_certificate_key /etc/letsencrypt/live/www.funcion13.com/privkey.pem;
  ssl_certificate /etc/letsencrypt/live/www.funcion13.com/fullchain.pem;

  return 301 https://www.funcion13.com$request_uri;
}

server {
  listen 80;
  listen 443 ssl http2 default_server;
  listen [::]:443 http2 default_server ipv6only=on;

  server_name www.funcion13.com; # Replace with your domain

  include /usr/local/nginx/conf/nginx-ssl.conf;
  ssl_certificate_key /etc/letsencrypt/live/www.funcion13.com/privkey.pem;
  ssl_certificate /etc/letsencrypt/live/www.funcion13.com/fullchain.pem;

  root /var/www/f13/;
  index index.html index.htm;

  client_max_body_size 10G;

  pagespeed on;
  pagespeed FetchHttps enable;
  pagespeed RewriteLevel CoreFilters;
  pagespeed EnableFilters move_css_above_scripts;
  pagespeed EnableFilters defer_javascript;
  pagespeed EnableFilters lazyload_images;
  pagespeed EnableFilters inline_google_font_css;
  pagespeed EnableFilters prioritize_critical_css;
  pagespeed UseExperimentalJsMinifier on;
  pagespeed EnableFilters insert_dns_prefetch;
  pagespeed EnableFilters collapse_whitespace;
  pagespeed LoadFromFile "https://www.funcion13.com/content" "/var/www/f13/content/";
  pagespeed LoadFromFile "https://www.funcion13.com/assets" "/var/www/f13/content/themes/lechuck/assets/";
  pagespeed SslCertDirectory "/etc/ssl/certs";

  # Needs to exist and be writable by nginx.  Use tmpfs for best performance.
  pagespeed FileCachePath /usr/local/nginx/ngx_pagespeed_cache;

  # Ensure requests for pagespeed optimized resources go to the pagespeed handler
  # and no extraneous headers get set.
  location ~ "\.pagespeed\.([a-z]\.)?[a-z]{2}\.[^.]{10}\.[^.]+" {
    add_header "" "";
  }
  location ~ "^/pagespeed_static/" {
    expires off;
  }
  location ~ "^/ngx_pagespeed_beacon$" { }

  location ~ /\.well-known\/acme-challenge {
    allow all;
  }

  location / {
    proxy_cache STATIC;
    proxy_cache_valid 200 30m;
    proxy_cache_valid 404 1m;
    proxy_pass http://127.0.0.1:2368;
    proxy_ignore_headers X-Accel-Expires Expires Cache-Control;
    proxy_ignore_headers Set-Cookie;
    proxy_hide_header Set-Cookie;
    proxy_hide_header X-powered-by;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header Host $http_host;
    proxy_intercept_errors on;
    rewrite "\d{4}\/\d{2}\/\d{2}\/([^.]+)(.*)$" /$1$2 permanent;
    rewrite ^(/wp-content/)(.*)$ /old/$2 permanent;
    expires 10m;
  }

  location /content/images {
    alias /var/www/f13/content/images;
    access_log off;
    expires max;
  }
  location /old {
    alias /var/www/f13/content/old;
    access_log off;
    expires max;
  }
  location /dmx {
    alias /var/www/f13/content/dmo;
    access_log off;
    expires max;
  }
  location /assets {
    alias /var/www/f13/content/themes/lechuck/assets;
    access_log off;
    expires max;
  }
  location /public {
    alias /var/www/f13/core/built/public;
    access_log off;
    expires max;
  }
  location /ghost/scripts {
    alias /var/www/f13/core/built/scripts;
    access_log off;
    expires max;
  }
  location ~ ^/(?:ghost|signout) {
    expires 0;
    add_header Cache-Control "no-cache, private, no-store, must-revalidate, max-stale=0, post-check=0, pre-check=0";
    proxy_pass http://127.0.0.1:2368;
  }
}

upstream ghost {
  server localhost:2368;
  keepalive 64;
}

Any idea on what could be going on?

cache nginx

2 Answers

  1. It seems that one from regexp-based locations intercepts requests.

    Try to comment all locations except /assets, then uncomment one-by-one and re-verify cache-control value.

    Don't forget to call "nginx -t" and "nginx -s reload" after every editing.

    • 1

  2. I found I needed to rewrite the expires headers manually when I was working with Wordpress, I wrote a tutorial which is here. You need the headers_more module, which often requires building Nginx from source, I have instructions for that here.

    I know SF wants information in the post, so here you go. You're better off reading the tutorial for better context though.

    Building Nginx

    cd /home/ec2-user
mkdir nginx-build
cd nginx-build
service nginx stop
yum groupinstall "Development Tools"
yum install pcre-devel zlib-devel openssl-devel
wget http://nginx.org/download/nginx-1.11.4.tar.gz
wget http://labs.frickle.com/files/ngx_cache_purge-2.3.tar.gz
wget https://github.com/openresty/headers-more-nginx-module/archive/v0.31.tar.gz
tar -xzf nginx-1.9.11.tar.gz
tar -xzf ngx_cache_purge-2.3.tar.gz
tar -xzf v0.31.tar.gz

cd nginx-1.11.4
# Note that I have no idea what the next line does but it was in the official guide
PS_NGX_EXTRA_FLAGS="--with-cc=/opt/rh/devtoolset-2/root/usr/bin/gcc"
# Safe option, slower, lots of modules included
#./configure --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx --group=nginx --with-http_ssl_module --with-http_realip_module --with-http_addition_module --with-http_sub_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_random_index_module --with-http_secure_link_module --with-http_stub_status_module --with-http_auth_request_module --with-threads --with-stream --with-stream_ssl_module --with-http_slice_module --with-mail --with-mail_ssl_module --with-file-aio --with-ipv6 --with-http_v2_module --with-cc-opt='-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic' --add-module=/tmp/ngx_cache_purge-2.3 --add-module=/tmp/headers-more-nginx-module-0.29 --with-http_realip_module 
# Many plugins removed, extra optimisations including some JUST for the machine it's compiled on
./configure --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx --group=nginx --with-http_ssl_module --with-http_realip_module --with-http_gunzip_module --with-http_gzip_static_module --with-threads --with-file-aio --with-ipv6 --with-http_v2_module --with-cc-opt='-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=native' --add-module=../ngx_cache_purge-2.3 --add-module=../headers-more-nginx-module-0.31 --with-http_realip_module
make && make install
make clean  (NB: optional)
service nginx start

    Header Manipulation

    Read the tutorial for commentary. There are examples you can use.

    more_clear_headers "Pragma"; more_clear_headers Server; more_clear_headers "Expires";
add_header Cache-Control "public, max-age=691200, s-maxage=691200";
add_header Cache-Control "public, max-age=86400, s-maxage=86400";
expires 8d;
    • 0