-
Notifications
You must be signed in to change notification settings - Fork 13
Nginx cache
Sometimes it might be useful to have gorjun's cache server located near by Subutai users to make network operations, such as import template, more efficient. Nginx web server ability to work as reverse proxy provides such opportunity. Below you can find Nginx configuration which should be used to setup gorjun cache node:
proxy_cache_path /var/snap/subutai/common/cache/nginx/templ/ levels=1:2 keys_zone=TEM:10m inactive=1w max_size=20g;
proxy_cache_path /var/snap/subutai/common/cache/nginx/deb/ levels=1:2 keys_zone=APT:10m inactive=1w max_size=10g;
proxy_cache_path /var/snap/subutai/common/cache/nginx/raw/ levels=1:2 keys_zone=RAW:10m inactive=1w max_size=10g;
proxy_cache_path /var/snap/subutai/common/cache/nginx/qry/ levels=1:2 keys_zone=QRY:10m inactive=1w max_size=1g;
proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
proxy_cache_lock on;
proxy_cache_lock_age 20m;
proxy_cache_lock_timeout 20m;
proxy_connect_timeout 10;
proxy_send_timeout 1200;
proxy_read_timeout 1200;
send_timeout 1200;
proxy_cache_revalidate on;
proxy_request_buffering off;
server {
listen 80;
server_name <cdn domain>;
return 301 https://$host:8338$request_uri;
}
server {
listen 8338;
server_name <cdn domain>;
client_max_body_size 2G;
proxy_connect_timeout 6000;
proxy_send_timeout 6000;
proxy_read_timeout 6000;
send_timeout 6000;
ssl on;
ssl_certificate <public certificate>;
ssl_certificate_key <certificate private key>;
error_page 497 https://$host$request_uri;
location ~ /kurjun/rest/template/(get|download) {
proxy_pass https://eu0.<cdn domain>:8338$request_uri;
proxy_cache TEM;
proxy_cache_valid 1m;
proxy_ignore_headers "Cache-Control" "Expires";
}
location /kurjun/rest/apt/(get|download) {
proxy_pass https://eu0.<cdn domain>:8338$request_uri;
proxy_cache APT;
proxy_cache_valid 1m;
proxy_ignore_headers "Cache-Control" "Expires";
}
location ~ /kurjun/rest/raw/(get|download) {
proxy_pass https://eu0.<cdn domain>:8338$request_uri;
proxy_cache RAW;
proxy_cache_valid 1m;
proxy_ignore_headers "Cache-Control" "Expires";
}
location /kurjun/rest/auth {
proxy_pass https://eu0.<cdn domain>:8338$request_uri;
}
location /kurjun/rest/auth/validate {
if ($http_origin ~* (https?://[^/]*\.subut\.ai|https://subutai.io)) {
set $cors "true";
add_header 'Access-Control-Allow-Origin' "$http_origin";
}
if ($request_method = 'OPTIONS') {
set $cors "${cors}options";
}
if ($request_method = 'GET') {
set $cors "${cors}get";
}
if ($request_method = 'POST') {
set $cors "${cors}post";
}
if ($cors = "true") {
add_header 'Access-Control-Allow-Origin' "$http_origin";
}
if ($cors = "trueget") {
add_header 'Access-Control-Allow-Origin' "$http_origin";
add_header 'Access-Control-Allow-Credentials' 'true';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
add_header 'Access-Control-Allow-Headers' 'token,DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';
}
if ($cors = "trueoptions") {
add_header 'Access-Control-Allow-Origin' "$http_origin";
add_header 'Access-Control-Allow-Credentials' 'true';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
add_header 'Access-Control-Allow-Headers' 'token,DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';
add_header 'Access-Control-Max-Age' 1728000;
add_header 'Content-Type' 'text/plain charset=UTF-8';
add_header 'Content-Length' 0;
return 204;
}
if ($cors = "truepost") {
add_header 'Access-Control-Allow-Origin' "$http_origin";
add_header 'Access-Control-Allow-Credentials' 'true';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
add_header 'Access-Control-Allow-Headers' 'token,DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';
}
proxy_pass https://eu0.<cdn domain>:8338/kurjun/rest/auth/validate;
proxy_cache QRY;
proxy_cache_valid 1m;
proxy_ignore_headers "Cache-Control" "Expires";
}
location /kurjun {
if ($http_origin ~* (https?://[^/]*\.subut\.ai|https://subutai.io)) {
set $cors "true";
add_header 'Access-Control-Allow-Origin' "$http_origin";
}
if ($request_method = 'OPTIONS') {
set $cors "${cors}options";
}
if ($request_method = 'GET') {
set $cors "${cors}get";
}
if ($request_method = 'POST') {
set $cors "${cors}post";
}
if ($cors = "true") {
add_header 'Access-Control-Allow-Origin' "$http_origin";
}
if ($cors = "trueget") {
add_header 'Access-Control-Allow-Origin' "$http_origin";
add_header 'Access-Control-Allow-Credentials' 'true';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
add_header 'Access-Control-Allow-Headers' 'token,DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';
}
if ($cors = "trueoptions") {
add_header 'Access-Control-Allow-Origin' "$http_origin";
add_header 'Access-Control-Allow-Credentials' 'true';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
add_header 'Access-Control-Allow-Headers' 'token,DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';
add_header 'Access-Control-Max-Age' 1728000;
add_header 'Content-Type' 'text/plain charset=UTF-8';
add_header 'Content-Length' 0;
return 204;
}
if ($cors = "truepost") {
add_header 'Access-Control-Allow-Origin' "$http_origin";
add_header 'Access-Control-Allow-Credentials' 'true';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
add_header 'Access-Control-Allow-Headers' 'token,DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';
}
proxy_pass https://eu0.<cdn domain>:8338/kurjun;
proxy_cache QRY;
proxy_cache_valid 1m;
proxy_ignore_headers "Cache-Control" "Expires";
}
}
server {
listen 8080;
server_name <cdn domain>;
client_max_body_size 2G;
location /kurjun/rest/apt {
proxy_pass https://eu0.<cdn domain>:8338$request_uri;
proxy_cache APT;
proxy_cache_valid 1m;
proxy_ignore_headers "Cache-Control" "Expires";
}
}
Three variables in config above should be replaced before using it:
-
cdn domain -
cdn.subutai.iofor production cache,mastercdn.subutai.iofor stage anddevcdn.subutai.iofor dev. To deploy more than one environment on single nginx instance, only one config should include proxy_cache section on the top of file, others must be copied without it. -
public certificate - *.subut.ai SSL certificate
-
certificate private key - public certificate's secret key
Must have an SSL certificate. It can be bought or generated. public certificate and certificate private key should be kept in path /etc/ssl/certs/ like : /etc/ssl/certs/certificateName.cert and /etc/ssl/certs/keyName.key
Directory /var/snap/subutai/common/cache/nginx/templ/ must be created before starting nginx. Run command sudo mkdir -p /var/snap/subutai/common/cache/nginx/templ/ to create directory.
Then, run systemctl restart nginx to restart nginx server.
After new configuration applied and ports 8080, 8338 start to be listened by nginx, local DNS must be configured to return nginx server IP as cdn domain address. If it's not possible to configure DNS, add custom entry into /etc/hosts file on RH may help.
Now you can make requests to REST API of your own CDN cache node by link: https://{your_own_ip_address}:8338/kurjun/rest/..
When steps above are completed, gorjun cache is ready to use but it is "empty". On the first subutai import execution, template will be synced into the cache node and all following requests of this file will be served by cache node.