入口 nginx 缓存
Ingress nginx cache
我正在尝试弄清楚如何使用具有某些特定规则的 nginx 代理缓存。例如,当我托管 Ghost 或 Wordpress 时,我不想缓存管理部分。使用服务器代码段,我尝试了很多不同的组合,但管理部分的缓存仍然存在问题。
nginx.ingress.kubernetes.io/proxy-buffering: "on"
nginx.ingress.kubernetes.io/server-snippet: |-
proxy_ignore_headers X-Accel-Expires Expires Cache-Control;
proxy_ignore_headers Set-Cookie;
proxy_cache app_cache;
proxy_cache_lock on;
proxy_cache_valid any 30m;
add_header X-Cache-Status $upstream_cache_status;
我想在管理区域中为 (ghost|sinout) 路径使用 nginx 代码片段以绕过缓存,但我正在丢失 proxy_pass 上下文,导致 502 错误网关。
这是缓存每个页面的当前入口配置,也是管理路径:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
annotations:
nginx.ingress.kubernetes.io/proxy-buffering: "on"
nginx.ingress.kubernetes.io/server-snippet: |-
proxy_cache my_blog_cache;
proxy_cache_lock on;
proxy_cache_valid any 30m;
add_header X-Cache-Status $upstream_cache_status;
proxy_ignore_headers X-Accel-Expires Expires Cache-Control;
name: my-blog
namespace: web
spec:
rules:
- host: blog.example.com
http:
paths:
- backend:
serviceName: ingress-541322b8660dbd2ceb1e8ff1813f0dd5
servicePort: 2368
path: /
tls:
- hosts:
- blog.example.com
secretName: my-blog-cert
status:
loadBalancer:
ingress:
- ip: 1.2.3.4
这是我正在尝试获取但与入口注释不兼容的 nginx 配置:
location / {
proxy_cache my_blog_cache;
proxy_cache_valid 200 30m;
proxy_cache_valid 404 1m;
proxy_pass http://ghost_upstream;
proxy_ignore_headers X-Accel-Expires Expires Cache-Control;
proxy_ignore_headers Set-Cookie;
proxy_hide_header Set-Cookie;
proxy_hide_header X-powered-by;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
expires 10m;
}
location /content/images {
alias /path/to/ghost/content/images;
access_log off;
expires max;
}
location /assets {
alias /path/to/ghost/content/themes/uno-master/assets;
access_log off;
expires max;
}
location /public {
alias /path/to/ghost/core/built/public;
access_log off;
expires max;
}
location /ghost/scripts {
alias /path/to/ghost/core/built/scripts;
access_log off;
expires max;
}
location ~ ^/(?:ghost|signout) {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $http_host;
proxy_pass http://ghost_upstream;
add_header Cache-Control "no-cache, private, no-store, must-revalidate, max-stale=0, post-check=0, pre-check=0";
}
感谢您的帮助!
nginx-ingress 控制器中有一些选项只能像您一样使用 ConfigMap and other is possible using Annnotations 进行更改。
您可以将两者结合起来以达到预期的结果,或者创建一个 custom template。
你可以看到一个可能对你有帮助的替代方案。
我有完全相同的愿望:直接在 Kubernetes 集群中的 Nginx Ingress 上缓存关于 Cache-Control header 的 Ghost 响应。
花了几个小时后,这是我的解决方案:
第一步
首先,您需要在 Nginx Ingress ConfigMap level 上定义 proxy_cache_path(文档真的不清楚如何应用它)。
就我而言,我通过 Helm 管理 Nginx Ingress 安装,因此我已将其添加到 Helm 值图表中:
# Default values https://github.com/kubernetes/ingress-nginx/blob/main/charts/ingress-nginx/values.yaml
controller:
config:
http-snippet: "proxy_cache_path /tmp/nginx_my_cache levels=1:2 keys_zone=mycache:2m use_temp_path=off max_size=2g inactive=48h;"
然后应用此更改:
helm upgrade -f my-nginx-ingress-values.yaml ingress-nginx ingress-nginx/ingress-nginx --recreate-pods
第二步
现在我们已经设置了 proxy_cache_path,我们需要为特定主机配置 Ingress,并添加注解:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: myingress
namespace: mynamespace
annotations:
kubernetes.io/ingress.class: "nginx"
# Buffering must be enabled for Nginx disk cache to work.
nginx.ingress.kubernetes.io/proxy-buffering: "on"
# See https://www.nginx.com/blog/nginx-caching-guide/
# Cache Key Zone is configured in Helm config.
nginx.ingress.kubernetes.io/server-snippet: |
proxy_cache mycache;
proxy_cache_use_stale error timeout http_500 http_502 http_503 http_504;
proxy_cache_background_update on;
proxy_cache_revalidate on;
proxy_cache_lock on;
add_header X-Cache-Status $upstream_cache_status;
注:
I spent most time figuring out why I was still getting MISSes. Turned out it's due to nginx.ingress.kubernetes.io/proxy-buffering default in Ingress — off — this DISABLES Nginx caching, thus you have to set it to on which is what we do.
将更改应用到 Ingress。
调试生成的 Nginx 配置
你可以而且我认为应该验证结果 nginx.conf 用于因应用 ConfigMap 和 Ingress-level 注释而生成的 Ingress。
为此,您可以将 nginx.conf 从 Ingress Controller pod 复制到您的本地计算机并验证其内容(或 exec 到 pod 并在那里查看):
# Make sure to use correct namespace where Ingress Controller is deployed
# and correct Ingress Controller Pod name
kubectl cp -n default ingress-nginx-controller-xxxx:/etc/nginx/nginx.conf ~/Desktop/nginx.conf
它应该包含我们所做的所有更改!
调试实际响应缓存
现在我们已经配置了所有内容 — 现在是验证实际缓存的时候了。请注意,我们添加了 X-Cache-Status header,这将指示它是 HIT 还是 MISS。
我个人喜欢 httpie 来自终端的 HTTP 请求,您可以使用 curl 或浏览器:
第一个请求将是 MISS:
http https://example.com/myimage.jpg
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: public, max-age=31536000
Connection: keep-alive
Content-Length: 53588
Content-Type: image/jpeg
Date: Wed, 20 Oct 2021 10:39:06 GMT
ETag: W/"d154-17c3aa43389"
Last-Modified: Fri, 01 Oct 2021 06:56:52 GMT
Strict-Transport-Security: max-age=15724800; includeSubDomains
X-Cache-Status: HIT
X-Powered-By: Express
X-Request-ID: 0c73f97cb51d3071f14968720a26a99a
+-----------------------------------------+
| NOTE: binary data not shown in terminal |
+-----------------------------------------+
对同一个 URL 的第二个请求现在是 HIT 并且没有命中实际的 Ghost 安装,成功!
http https://example.com/myimage.jpg
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: public, max-age=31536000
Connection: keep-alive
Content-Length: 53588
Content-Type: image/jpeg
Date: Wed, 20 Oct 2021 10:39:43 GMT
ETag: W/"d154-17c3aa43389"
Last-Modified: Fri, 01 Oct 2021 06:56:52 GMT
Strict-Transport-Security: max-age=15724800; includeSubDomains
X-Cache-Status: HIT
X-Powered-By: Express
X-Request-ID: 0c73f97cb51d3071f14968720a26a99a
+-----------------------------------------+
| NOTE: binary data not shown in terminal |
+-----------------------------------------+
验证 Ghost 上的日志以 double-check 缓存 HIT 请求实际上直接从 Nginx 服务并且从未命中 Ghost 也很有用。
我正在尝试弄清楚如何使用具有某些特定规则的 nginx 代理缓存。例如,当我托管 Ghost 或 Wordpress 时,我不想缓存管理部分。使用服务器代码段,我尝试了很多不同的组合,但管理部分的缓存仍然存在问题。
nginx.ingress.kubernetes.io/proxy-buffering: "on"
nginx.ingress.kubernetes.io/server-snippet: |-
proxy_ignore_headers X-Accel-Expires Expires Cache-Control;
proxy_ignore_headers Set-Cookie;
proxy_cache app_cache;
proxy_cache_lock on;
proxy_cache_valid any 30m;
add_header X-Cache-Status $upstream_cache_status;
我想在管理区域中为 (ghost|sinout) 路径使用 nginx 代码片段以绕过缓存,但我正在丢失 proxy_pass 上下文,导致 502 错误网关。
这是缓存每个页面的当前入口配置,也是管理路径:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
annotations:
nginx.ingress.kubernetes.io/proxy-buffering: "on"
nginx.ingress.kubernetes.io/server-snippet: |-
proxy_cache my_blog_cache;
proxy_cache_lock on;
proxy_cache_valid any 30m;
add_header X-Cache-Status $upstream_cache_status;
proxy_ignore_headers X-Accel-Expires Expires Cache-Control;
name: my-blog
namespace: web
spec:
rules:
- host: blog.example.com
http:
paths:
- backend:
serviceName: ingress-541322b8660dbd2ceb1e8ff1813f0dd5
servicePort: 2368
path: /
tls:
- hosts:
- blog.example.com
secretName: my-blog-cert
status:
loadBalancer:
ingress:
- ip: 1.2.3.4
这是我正在尝试获取但与入口注释不兼容的 nginx 配置:
location / {
proxy_cache my_blog_cache;
proxy_cache_valid 200 30m;
proxy_cache_valid 404 1m;
proxy_pass http://ghost_upstream;
proxy_ignore_headers X-Accel-Expires Expires Cache-Control;
proxy_ignore_headers Set-Cookie;
proxy_hide_header Set-Cookie;
proxy_hide_header X-powered-by;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
expires 10m;
}
location /content/images {
alias /path/to/ghost/content/images;
access_log off;
expires max;
}
location /assets {
alias /path/to/ghost/content/themes/uno-master/assets;
access_log off;
expires max;
}
location /public {
alias /path/to/ghost/core/built/public;
access_log off;
expires max;
}
location /ghost/scripts {
alias /path/to/ghost/core/built/scripts;
access_log off;
expires max;
}
location ~ ^/(?:ghost|signout) {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $http_host;
proxy_pass http://ghost_upstream;
add_header Cache-Control "no-cache, private, no-store, must-revalidate, max-stale=0, post-check=0, pre-check=0";
}
感谢您的帮助!
nginx-ingress 控制器中有一些选项只能像您一样使用 ConfigMap and other is possible using Annnotations 进行更改。
您可以将两者结合起来以达到预期的结果,或者创建一个 custom template。
我有完全相同的愿望:直接在 Kubernetes 集群中的 Nginx Ingress 上缓存关于 Cache-Control header 的 Ghost 响应。
花了几个小时后,这是我的解决方案:
第一步
首先,您需要在 Nginx Ingress ConfigMap level 上定义 proxy_cache_path(文档真的不清楚如何应用它)。
就我而言,我通过 Helm 管理 Nginx Ingress 安装,因此我已将其添加到 Helm 值图表中:
# Default values https://github.com/kubernetes/ingress-nginx/blob/main/charts/ingress-nginx/values.yaml
controller:
config:
http-snippet: "proxy_cache_path /tmp/nginx_my_cache levels=1:2 keys_zone=mycache:2m use_temp_path=off max_size=2g inactive=48h;"
然后应用此更改:
helm upgrade -f my-nginx-ingress-values.yaml ingress-nginx ingress-nginx/ingress-nginx --recreate-pods
第二步
现在我们已经设置了 proxy_cache_path,我们需要为特定主机配置 Ingress,并添加注解:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: myingress
namespace: mynamespace
annotations:
kubernetes.io/ingress.class: "nginx"
# Buffering must be enabled for Nginx disk cache to work.
nginx.ingress.kubernetes.io/proxy-buffering: "on"
# See https://www.nginx.com/blog/nginx-caching-guide/
# Cache Key Zone is configured in Helm config.
nginx.ingress.kubernetes.io/server-snippet: |
proxy_cache mycache;
proxy_cache_use_stale error timeout http_500 http_502 http_503 http_504;
proxy_cache_background_update on;
proxy_cache_revalidate on;
proxy_cache_lock on;
add_header X-Cache-Status $upstream_cache_status;
注:
I spent most time figuring out why I was still getting
MISSes. Turned out it's due tonginx.ingress.kubernetes.io/proxy-bufferingdefault in Ingress —off— this DISABLES Nginx caching, thus you have to set it toonwhich is what we do.
将更改应用到 Ingress。
调试生成的 Nginx 配置
你可以而且我认为应该验证结果 nginx.conf 用于因应用 ConfigMap 和 Ingress-level 注释而生成的 Ingress。
为此,您可以将 nginx.conf 从 Ingress Controller pod 复制到您的本地计算机并验证其内容(或 exec 到 pod 并在那里查看):
# Make sure to use correct namespace where Ingress Controller is deployed
# and correct Ingress Controller Pod name
kubectl cp -n default ingress-nginx-controller-xxxx:/etc/nginx/nginx.conf ~/Desktop/nginx.conf
它应该包含我们所做的所有更改!
调试实际响应缓存
现在我们已经配置了所有内容 — 现在是验证实际缓存的时候了。请注意,我们添加了 X-Cache-Status header,这将指示它是 HIT 还是 MISS。
我个人喜欢 httpie 来自终端的 HTTP 请求,您可以使用 curl 或浏览器:
第一个请求将是 MISS:
http https://example.com/myimage.jpg
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: public, max-age=31536000
Connection: keep-alive
Content-Length: 53588
Content-Type: image/jpeg
Date: Wed, 20 Oct 2021 10:39:06 GMT
ETag: W/"d154-17c3aa43389"
Last-Modified: Fri, 01 Oct 2021 06:56:52 GMT
Strict-Transport-Security: max-age=15724800; includeSubDomains
X-Cache-Status: HIT
X-Powered-By: Express
X-Request-ID: 0c73f97cb51d3071f14968720a26a99a
+-----------------------------------------+
| NOTE: binary data not shown in terminal |
+-----------------------------------------+
对同一个 URL 的第二个请求现在是 HIT 并且没有命中实际的 Ghost 安装,成功!
http https://example.com/myimage.jpg
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: public, max-age=31536000
Connection: keep-alive
Content-Length: 53588
Content-Type: image/jpeg
Date: Wed, 20 Oct 2021 10:39:43 GMT
ETag: W/"d154-17c3aa43389"
Last-Modified: Fri, 01 Oct 2021 06:56:52 GMT
Strict-Transport-Security: max-age=15724800; includeSubDomains
X-Cache-Status: HIT
X-Powered-By: Express
X-Request-ID: 0c73f97cb51d3071f14968720a26a99a
+-----------------------------------------+
| NOTE: binary data not shown in terminal |
+-----------------------------------------+
验证 Ghost 上的日志以 double-check 缓存 HIT 请求实际上直接从 Nginx 服务并且从未命中 Ghost 也很有用。