I'm trying to improve the webserver performance activating nginx cache.
This is my simple config:
proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=mycache:100m max_size=500m inactive=60m use_temp_path=off;
and
proxy_cache mycache;
inside my location directive
I'm facing this situation, checking logs I see plenty of MISS entries, my cache folder is not full (40MB), and most of these MISS entries are GET, don't have set-cookie or cache-control header.
I also added this config entry to check the cache status:
add_header X-Cache-Status $upstream_cache_status;
An this is an output of my browser:
I repeatedly loaded the same html page, the header doesn't have any cache control and as you can see the result is X-Cache-status is MISS.
This is the full config:
# configuration file /etc/nginx/nginx.conf:
user www-data;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;
events {
worker_connections 768;
# multi_accept on;
}
http {
##
# Basic Settings
##
sendfile on;
tcp_nopush on;
types_hash_max_size 2048;
server_tokens off;
client_max_body_size 100M;
# server_names_hash_bucket_size 64;
# server_name_in_redirect off;
include /etc/nginx/mime.types;
default_type application/octet-stream;
##
# SSL Settings
##
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;
##
# Logging Settings
##
log_format cache_st '$remote_addr - $upstream_cache_status [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent"';
access_log /var/log/nginx/access.log cache_st;
error_log /var/log/nginx/error.log;
##
# Gzip Settings
##
gzip on;
# gzip_vary on;
# gzip_proxied any;
# gzip_comp_level 6;
# gzip_buffers 16 8k;
# gzip_http_version 1.1;
# gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
#
## Cache
#
proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=mycache:100m max_size=500m inactive=60m use_temp_path=off;
##
# Virtual Host Configs
##
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}
#mail {
# See sample authentication script at:
# http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
# auth_http localhost/auth.php;
# pop3_capabilities "TOP" "USER";
# imap_capabilities "IMAP4rev1" "UIDPLUS";
server {
listen localhost:110;
protocol pop3;
proxy on;
}
server {
listen localhost:143;
protocol imap;
proxy on;
}
#}
configuration file /etc/nginx/modules-enabled/50-mod-http-auth-pam.conf:
load_module modules/ngx_http_auth_pam_module.so;
configuration file /etc/nginx/modules-enabled/50-mod-http-cache-purge.conf:
load_module modules/ngx_http_cache_purge_module.so;
configuration file /etc/nginx/modules-enabled/50-mod-http-dav-ext.conf:
load_module modules/ngx_http_dav_ext_module.so;
configuration file /etc/nginx/modules-enabled/50-mod-http-echo.conf:
load_module modules/ngx_http_echo_module.so;
configuration file /etc/nginx/modules-enabled/50-mod-http-fancyindex.conf:
load_module modules/ngx_http_fancyindex_module.so;
configuration file /etc/nginx/modules-enabled/50-mod-http-geoip.conf:
load_module modules/ngx_http_geoip_module.so;
configuration file /etc/nginx/modules-enabled/50-mod-http-geoip2.conf:
load_module modules/ngx_http_geoip2_module.so;
configuration file /etc/nginx/modules-enabled/50-mod-http-headers-more-filter.conf:
load_module modules/ngx_http_headers_more_filter_module.so;
configuration file /etc/nginx/modules-enabled/50-mod-http-image-filter.conf:
load_module modules/ngx_http_image_filter_module.so;
configuration file /etc/nginx/modules-enabled/50-mod-http-perl.conf:
load_module modules/ngx_http_perl_module.so;
configuration file /etc/nginx/modules-enabled/50-mod-http-subs-filter.conf:
load_module modules/ngx_http_subs_filter_module.so;
configuration file /etc/nginx/modules-enabled/50-mod-http-uploadprogress.conf:
load_module modules/ngx_http_uploadprogress_module.so;
configuration file /etc/nginx/modules-enabled/50-mod-http-upstream-fair.conf:
load_module modules/ngx_http_upstream_fair_module.so;
configuration file /etc/nginx/modules-enabled/50-mod-http-xslt-filter.conf:
load_module modules/ngx_http_xslt_filter_module.so;
configuration file /etc/nginx/modules-enabled/50-mod-mail.conf:
load_module modules/ngx_mail_module.so;
configuration file /etc/nginx/modules-enabled/50-mod-nchan.conf:
load_module modules/ngx_nchan_module.so;
configuration file /etc/nginx/modules-enabled/50-mod-stream.conf:
load_module modules/ngx_stream_module.so;
configuration file /etc/nginx/modules-enabled/70-mod-stream-geoip.conf:
load_module modules/ngx_stream_geoip_module.so;
configuration file /etc/nginx/modules-enabled/70-mod-stream-geoip2.conf:
load_module modules/ngx_stream_geoip2_module.so;
configuration file /etc/nginx/mime.types:
types {
text/html html htm shtml;
text/css css;
text/xml xml;
image/gif gif;
image/jpeg jpeg jpg;
application/javascript js;
application/atom+xml atom;
application/rss+xml rss;
text/mathml mml;
text/plain txt;
text/vnd.sun.j2me.app-descriptor jad;
text/vnd.wap.wml wml;
text/x-component htc;
image/png png;
image/tiff tif tiff;
image/vnd.wap.wbmp wbmp;
image/x-icon ico;
image/x-jng jng;
image/x-ms-bmp bmp;
image/svg+xml svg svgz;
image/webp webp;
application/font-woff woff;
application/java-archive jar war ear;
application/json json;
application/mac-binhex40 hqx;
application/msword doc;
application/pdf pdf;
application/postscript ps eps ai;
application/rtf rtf;
application/vnd.apple.mpegurl m3u8;
application/vnd.ms-excel xls;
application/vnd.ms-fontobject eot;
application/vnd.ms-powerpoint ppt;
application/vnd.wap.wmlc wmlc;
application/vnd.google-earth.kml+xml kml;
application/vnd.google-earth.kmz kmz;
application/x-7z-compressed 7z;
application/x-cocoa cco;
application/x-java-archive-diff jardiff;
application/x-java-jnlp-file jnlp;
application/x-makeself run;
application/x-perl pl pm;
application/x-pilot prc pdb;
application/x-rar-compressed rar;
application/x-redhat-package-manager rpm;
application/x-sea sea;
application/x-shockwave-flash swf;
application/x-stuffit sit;
application/x-tcl tcl tk;
application/x-x509-ca-cert der pem crt;
application/x-xpinstall xpi;
application/xhtml+xml xhtml;
application/xspf+xml xspf;
application/zip zip;
application/octet-stream bin exe dll;
application/octet-stream deb;
application/octet-stream dmg;
application/octet-stream iso img;
application/octet-stream msi msp msm;
application/vnd.openxmlformats-officedocument.wordprocessingml.document docx;
application/vnd.openxmlformats-officedocument.spreadsheetml.sheet xlsx;
application/vnd.openxmlformats-officedocument.presentationml.presentation pptx;
audio/midi mid midi kar;
audio/mpeg mp3;
audio/ogg ogg;
audio/x-m4a m4a;
audio/x-realaudio ra;
video/3gpp 3gpp 3gp;
video/mp2t ts;
video/mp4 mp4;
video/mpeg mpeg mpg;
video/quicktime mov;
video/webm webm;
video/x-flv flv;
video/x-m4v m4v;
video/x-mng mng;
video/x-ms-asf asx asf;
video/x-ms-wmv wmv;
video/x-msvideo avi;
}
configuration file /etc/nginx/sites-enabled/010-mysiteb:
HTTP
server {
server_name mysite2 mysiteb mysite3 mysiteb;
listen 80;
include commons/http-location.inc;
}
BALANCED HAPROXY2 - TCP 81
server {
server_name mysiteb;
listen 443 ssl;
ssl_certificate /etc/letsencrypt/live/mysiteb/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/mysiteb/privkey.pem;
include commons/ha-location-2.inc;
}
BALANCED HAPROXY WEB - TCP 82
server {
server_name mysite3 mysiteb;
listen 443 ssl;
ssl_certificate /etc/letsencrypt/live/mysite3/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/mysite3/privkey.pem;
include commons/ha-location-web.inc;
}
server {
server_name mysite2;
listen 443 ssl;
ssl_certificate /etc/letsencrypt/live/mysite2/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/mysite2/privkey.pem;
include commons/ha-location-web.inc;
}
configuration file /etc/nginx/commons/http-location.inc:
location /.well-known {
alias /var/www/html/.well-known;
}
location / {
return 301 https://$host$request_uri;
}
configuration file /etc/nginx/commons/ha-location-2.inc:
location / {
proxy_pass http://127.0.0.1:81;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Host $http_host;
proxy_set_header X-Forwarded-SSL on;
proxy_set_header X-Forwarded-Proto https;
error_page 502 /502error.html;
}
location /ws {
proxy_pass http://127.0.0.1:81;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Host $http_host;
proxy_set_header X-Forwarded-SSL on;
proxy_set_header X-Forwarded-Proto https;
proxy_read_timeout 120;
}
location = /502error.html {
root /usr/share/nginx/html;
internal;
}
configuration file /etc/nginx/commons/ha-location-web.inc:
location / {
proxy_pass http://127.0.0.1:82;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Host $http_host;
proxy_set_header X-Forwarded-SSL on;
proxy_set_header X-Forwarded-Proto https;
error_page 502 /502error.html;
proxy_cache mycache;
add_header X-Cache-Status $upstream_cache_status;
}
location = /502error.html {
root /usr/share/nginx/html;
internal;
}
configuration file /etc/nginx/commons/srvap1-location.inc:
location / {
proxy_pass http://srvap1/;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Host $http_host;
proxy_set_header X-Forwarded-SSL on;
proxy_set_header X-Forwarded-Proto https;
error_page 502 /502error.html;
}
location /ws {
proxy_pass http://srvap1;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Host $http_host;
proxy_set_header X-Forwarded-SSL on;
proxy_set_header X-Forwarded-Proto https;
proxy_read_timeout 120;
}
location = /502error.html {
root /usr/share/nginx/html;
internal;
}
configuration file /etc/nginx/commons/srvap2-location.inc:
location / {
proxy_pass http://srvap2/;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Host $http_host;
proxy_set_header X-Forwarded-SSL on;
proxy_set_header X-Forwarded-Proto https;
error_page 502 /502error.html;
}
location /ws {
proxy_pass http://srvap2;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Host $http_host;
proxy_set_header X-Forwarded-SSL on;
proxy_set_header X-Forwarded-Proto https;
proxy_read_timeout 120;
}
location = /502error.html {
root /usr/share/nginx/html;
internal;
}
configuration file /etc/nginx/sites-enabled/030-mysitea:
HTTP
server {
server_name mysite1 mysite4 mysite5;
listen 80;
include commons/http-location.inc;
}
BALANCED HAPROXY - TCP 81
server {
server_name mysite4;
listen 443 ssl;
ssl_certificate /etc/letsencrypt/live/mysite4/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/mysite4/privkey.pem;
include commons/ha-location-2.inc;
}
server {
server_name mysite5 mysitea;
listen 443 ssl;
ssl_certificate /etc/letsencrypt/live/mysite5/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/mysite5/privkey.pem;
include commons/ha-location-web.inc;
}
server {
server_name mysite1;
listen 443 ssl;
ssl_certificate /etc/letsencrypt/live/mysite1/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/mysite1/privkey.pem;
include commons/ha-location-web.inc;
}
AP1 - TCP 10001
server {
server_name mysite4;
listen 10001 ssl;
ssl_certificate /etc/letsencrypt/live/mysite4/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/mysite4/privkey.pem;
include commons/srvap1-location.inc;
}
server {
server_name mysite5 mysitea;
listen 10001 ssl;
ssl_certificate /etc/letsencrypt/live/mysite5/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/mysite5/privkey.pem;
include commons/srvap1-location.inc;
}
server {
server_name mysite1;
listen 10001 ssl;
ssl_certificate /etc/letsencrypt/live/mysite1/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/mysite1/privkey.pem;
include commons/srvap1-location.inc;
}
AP2 - TCP 10002
server {
server_name mysite4;
listen 10002 ssl;
ssl_certificate /etc/letsencrypt/live/mysite4/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/mysite4/privkey.pem;
include commons/srvap2-location.inc;
}
server {
server_name mysite5 mysitea;
listen 10002 ssl;
ssl_certificate /etc/letsencrypt/live/mysite5/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/mysite5/privkey.pem;
include commons/srvap2-location.inc;
}
server {
server_name mysite1;
listen 10002 ssl;
ssl_certificate /etc/letsencrypt/live/mysite1/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/mysite1/privkey.pem;
include commons/srvap2-location.inc;
}
configuration file /etc/nginx/sites-enabled/default:
You should look at the following URL's in order to grasp a solid understanding
of Nginx configuration files in order to fully unleash the power of Nginx.
https://www.nginx.com/resources/wiki/start/
https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/
https://wiki.debian.org/Nginx/DirectoryStructure
In most cases, administrators will remove this file from sites-enabled/ and
leave it as reference inside of sites-available where it will continue to be
updated by the nginx packaging team.
This file will automatically load configuration files provided by other
applications, such as Drupal or Wordpress. These applications will be made
available underneath a path with that package name, such as /drupal8.
Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples.
Default server configuration
server {
listen 80 default_server;
listen [::]:80 default_server;
# SSL configuration
#
# listen 443 ssl default_server;
# listen [::]:443 ssl default_server;
#
# Note: You should disable gzip for SSL traffic.
# See: https://bugs.debian.org/773332
#
# Read up on ssl_ciphers to ensure a secure configuration.
# See: https://bugs.debian.org/765782
#
# Self signed certs generated by the ssl-cert package
# Don't use them in a production server!
#
# include snippets/snakeoil.conf;
root /var/www/html;
# Add index.php to the list if you are using PHP
index index.html index.htm index.nginx-debian.html;
server_name _;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
}
}
server {
listen 127.0.0.1:1935;
root /var/www/html;
location / {
stub_status;
}
}
