服务器管理绝对不是我的领域 —— 不幸的是我只能设置一个以 Nginx 作为静态资产服务器的服务器,并以 php-fpm 为后盾的 apache 来提供 PHP 页面服务。
我正在尝试建立代理缓存,但只有当我不使用 PHP 会话时它才有效。我可能忽略了一点,但据我所知,我不明白为什么缓存不可能提供不用于身份验证的标准 PHP 会话 cookie?
我猜想这是配置问题,但我为此绞尽了脑汁。我在这里发布了我的设置 - 希望有人能给我指明正确的方向。我有一个 php 文件,里面除了以下内容外什么都没有:
session_cache_limiter('public');
ini_set('session.cache_expire', 1000);
session_start();
echo "OK";
die();
nginx.conf:
user www-data;
worker_processes 6;
worker_rlimit_nofile 50000;
pid /run/nginx.pid;
events {
worker_connections 8096;
multi_accept on;
use epoll;
}
http {
##
# Basic Settings
##
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 15;
types_hash_max_size 2048;
server_tokens off;
# server_names_hash_bucket_size 64;
# server_name_in_redirect off;
include /etc/nginx/mime.types;
default_type application/octet-stream;
##
# SSL Settings
##
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;
##
# Logging Settings
##
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
log_format cache '***$time_local '
'req_time=$request_time '
'$upstream_cache_status '
'Cache-Control: $upstream_http_cache_control '
'Expires: $upstream_http_expires '
'"$request" ($status) '
'"$http_user_agent" ';
access_log /var/log/nginx/cache.log cache;
##
# Gzip Settings
##
gzip on;
gzip_disable "msie6";
gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_buffers 16 8k;
gzip_http_version 1.1;
gzip_min_length 256;
gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript application/vnd.ms-fontobject application/x-font-ttf font/opentype image/svg+xml image/x-icon;
##
# Proxy Settings
##
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_temp_path /var/data/nginx/tmp;
proxy_cache_path /var/data/nginx/cache/proxy levels=1:2 keys_zone=proxy_cache:10m max_size=1024m inactive=60m use_temp_path=off;
fastcgi_cache_path /var/data/nginx/cache/fcgi levels=1:2 keys_zone=fcgi_cache:10m max_size=1024m inactive=60m; add_header X-Cache $upstream_cache_status;
## cookie mapping
map $http_cookie $session_cookie {
default "";
~PHPSESSID=(?<sessionkey>[a-zA-Z0-9]+) $sessionkey;
}
## mapping cache to request method
map $request_method $no_cache {
default 1; # by default do not cache
HEAD 0; # cache HEAD requests
GET 0; # cache GET requests
}
## map purge request
map $request_method $purge_method {
PURGE 1;
default 0;
}
# Allow underscores in header
underscores_in_headers on;
# Set Max Client Body size to 10 MB
client_max_body_size 10M;
##
# Virtual Host Configs
##
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}
虚拟主机配置:
# http
server {
listen 80 default_server;
listen [::]:80 default_server;
return 302 https://$server_name$request_uri;
}
# https
server {
listen 443 ssl http2 default_server;
listen [::]:443 ssl http2 default_server;
include snippets/self-signed.conf;
include snippets/ssl-params.conf;
root /var/www/;
index index.php;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 15;
location / {
access_log off;
log_not_found off;
try_files $uri $uri/ @apache;
index index.html index.htm index.php;
}
location ~* \.(jpg|jpeg|gif|png|svg|css|js|ico|xml|woff|woff2|eot|ttf)$ {
access_log off;
log_not_found off;
expires 30d;
autoindex off;
add_header Pragma "public";
add_header Cache-Control public;
add_header Cache-Control "max-age=43200, public, must-revalidate, proxy-revalidate";
gzip_static on;
gzip_min_length 1000;
gzip_comp_level 2;
}
location = /favicon.ico {
access_log off;
log_not_found off;
}
location = /robots.txt {
access_log off;
log_not_found off;
}
location ~ /\. {
deny all;
access_log off;
log_not_found off;
}
location ~*|\.php*$ {
access_log off;
log_not_found off;
# Apache reverse proxy and caching turn proxy buffering to "on" to enable
proxy_buffering on;
include /etc/nginx/proxy_params;
proxy_pass https://127.0.0.1:8088;
proxy_cache proxy_cache;
proxy_cache_revalidate on;
proxy_cache_lock on;
proxy_cache_valid 200 302 5m;
proxy_cache_valid 404 1m;
proxy_cache_valid any 3m;
proxy_cache_min_uses 3;
proxy_cache_key $proxy_host$request_uri$session_cookie;
}
location @apache {
access_log off;
log_not_found off;
# Apache reverse proxy and caching turn proxy buffering to "on" to enable
proxy_buffering on;
include /etc/nginx/proxy_params;
proxy_pass https://127.0.0.1:8088;
}
}
代理参数:
client_max_body_size 100M;
client_body_buffer_size 1m;
proxy_intercept_errors on;
proxy_buffer_size 128k;
proxy_buffers 256 16k;
proxy_busy_buffers_size 256k;
proxy_temp_file_write_size 256k;
proxy_max_temp_file_size 10m;
proxy_read_timeout 300;
proxy_cache_use_stale error timeout invalid_header updating http_500 http_502 http_503 http_504;
add_header X-Cache-Status $upstream_cache_status;
add_header X-Handled-By $proxy_host;
我不断收到缓存未命中的消息:
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 22 Nov 2017 12:27:25 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Set-Cookie: PHPSESSID=c183rru5i3fgj5map7jqgbf2do; path=/
Expires: Thu, 23 Nov 2017 05:07:25 GMT
Cache-Control: public, max-age=60000
Last-Modified: Wed, 22 Nov 2017 12:20:41 GMT
Vary: Accept-Encoding
X-Cache-Status: MISS
X-Handled-By: 127.0.0.1:8088
重要提示:主机在 SSL 下运行
这里有谁可以给我提示吗?
答案1
据我所知,您想缓存 @apache 位置但失败了,对吗?如果这是您的问题,那么是因为您没有在 @apache 位置激活 nginx 缓存。您需要添加到proxy_cache proxy_cache;
。/etc/nginx/proxy_params
如果这不是您想要做的,请更清楚地描述您的问题或您想要做的事情。
答案2
事实证明我太愚蠢了,没有意识到通过执行 curl 请求不会允许会话存储(自然),因此每个请求都会缓存命中,因为无法通过这种方式设置 cookie。并且由于我在缓存键中包含了会话 ID,所以它不起作用 ;)