From f29d9c33f0cafbb7e0f2ce59603d8db533e64937 Mon Sep 17 00:00:00 2001 From: Alexander Rublev Date: Tue, 12 Feb 2019 22:12:40 +0700 Subject: [PATCH] Allow setting basic parameters for proxy cache (#94) * Add parameters for proxy cache --- README.md | 40 ++++++++++++++++ defaults/main.yml | 41 +++++++++++++++- tasks/conf/template-config.yml | 11 +++++ templates/http/default.conf.j2 | 63 ++++++++++++++++++++++++- tests/playbooks/nginx-http-template.yml | 54 ++++++++++++++++++++- 5 files changed, 204 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index 295cc7b..9a297e5 100644 --- a/README.md +++ b/README.md @@ -348,14 +348,54 @@ nginx_http_template: auth_basic_file: null http_demo_conf: false reverse_proxy: + proxy_cache_path: + - path: /var/cache/nginx/proxy/backend + keys_zone: + name: backend_proxy_cache + size: 10m + levels: "1:2" + max_size: 10g + inactive: 60m + use_temp_path: true + proxy_temp_path: + path: /var/cache/nginx/proxy/temp + proxy_cache_lock: true + proxy_cache_min_uses: 5 + proxy_cache_revalidate: true + proxy_cache_use_stale: + - error + - timeout + proxy_ignore_headers: + - Expires locations: backend: location: / proxy_pass: http://backend + proxy_cache: frontend_proxy_cache + proxy_temp_path: + path: /var/cache/nginx/proxy/backend/temp + proxy_cache_lock: false + proxy_cache_min_uses: 3 + proxy_cache_revalidate: false + proxy_cache_use_stale: + - http_403 + - http_404 + proxy_ignore_headers: + - Vary + - Cache-Control websocket: false auth_basic: null auth_basic_file: null health_check_plus: false + proxy_cache_enable: false + proxy_cache: + proxy_cache_path: + path: /var/cache/nginx + keys_zone: + name: one + size: 10m + proxy_temp_path: + path: /var/cache/nginx/proxy upstreams: upstream1: name: backend diff --git a/defaults/main.yml b/defaults/main.yml index f4f306a..3dff67f 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -179,19 +179,58 @@ nginx_http_template: auth_basic_file: null http_demo_conf: false reverse_proxy: + proxy_cache_path: + - path: /var/cache/nginx/proxy/backend + keys_zone: + name: backend_proxy_cache + size: 10m + levels: "1:2" + max_size: 10g + inactive: 60m + use_temp_path: true + proxy_temp_path: + path: /var/cache/nginx/proxy/temp + proxy_cache_lock: true + proxy_cache_min_uses: 5 + proxy_cache_revalidate: true + proxy_cache_use_stale: + - error + - timeout + proxy_ignore_headers: + - Expires locations: backend: location: / proxy_pass: http://backend + proxy_cache: frontend_proxy_cache + proxy_temp_path: + path: /var/cache/nginx/proxy/backend/temp + proxy_cache_lock: false + proxy_cache_min_uses: 3 + proxy_cache_revalidate: false + proxy_cache_use_stale: + - http_403 + - http_404 + proxy_ignore_headers: + - Vary + - Cache-Control websocket: false auth_basic: null auth_basic_file: null health_check_plus: false + proxy_cache: + proxy_cache_path: + path: /var/cache/nginx + keys_zone: + name: one + size: 10m + proxy_temp_path: + path: /var/cache/nginx/proxy upstreams: upstream1: name: backend lb_method: least_conn - zone_name: backend + zone_name: backend_mem_zone zone_size: 64k sticky_cookie: false servers: diff --git a/tasks/conf/template-config.yml b/tasks/conf/template-config.yml index 496b809..34d2b96 100644 --- a/tasks/conf/template-config.yml +++ b/tasks/conf/template-config.yml @@ -28,6 +28,17 @@ with_dict: "{{ nginx_http_template }}" when: nginx_http_template_enable +- name: "(Setup: All NGINX) Ensure NGINX Proxy Cache Directories Exists" + file: + path: "{{ item.1.path }}" + state: directory + owner: "{{ nginx_main_template.user }}" + with_subelements: + - "{{ nginx_http_template }}" + - reverse_proxy.proxy_cache_path + - skip_missing: true + when: nginx_http_template_enable + - name: "(Setup: All NGINX) Dynamically Generate NGINX HTTP Configuration Files" template: src: "{{ item.value.template_file }}" diff --git a/templates/http/default.conf.j2 b/templates/http/default.conf.j2 index 14c1bde..36edf31 100644 --- a/templates/http/default.conf.j2 +++ b/templates/http/default.conf.j2 @@ -15,6 +15,38 @@ upstream {{ item.value.upstreams[upstream].name }} { {% endfor %} {% endif %} +{% if item.value.reverse_proxy is defined %} +{% if item.value.reverse_proxy.proxy_cache_path is defined %} +{% for proxy_cache_path in item.value.reverse_proxy.proxy_cache_path %} +proxy_cache_path {{ proxy_cache_path.path }} keys_zone={{ proxy_cache_path.keys_zone.name }}:{{ proxy_cache_path.keys_zone.size }} + levels={{ proxy_cache_path.levels }} max_size={{ proxy_cache_path.max_size }} + inactive={{ proxy_cache_path.inactive }} use_temp_path={{ proxy_cache_path.use_temp_path | ternary("on", "off") }}; +{% endfor %} + +{% if item.value.reverse_proxy.proxy_cache_background_update is defined %} +proxy_cache_background_update {{ item.value.reverse_proxy.proxy_cache_background_update | ternary("on", "off") }}; +{% endif %} +{% if item.value.reverse_proxy.proxy_cache_lock is defined %} +proxy_cache_lock {{ item.value.reverse_proxy.proxy_cache_lock | ternary("on", "off") }}; +{% endif %} +{% if item.value.reverse_proxy.proxy_cache_min_uses is defined %} +proxy_cache_min_uses {{ item.value.reverse_proxy.proxy_cache_min_uses }}; +{% endif %} +{% if item.value.reverse_proxy.proxy_cache_revalidate is defined %} +proxy_cache_revalidate {{ item.value.reverse_proxy.proxy_cache_revalidate | ternary("on", "off") }}; +{% endif %} +{% if item.value.reverse_proxy.proxy_cache_use_stale is defined %} +proxy_cache_use_stale {{ item.value.reverse_proxy.proxy_cache_use_stale | join(" ") }}; +{% endif %} +{% if item.value.reverse_proxy.proxy_ignore_headers is defined %} +proxy_ignore_headers {{ item.value.reverse_proxy.proxy_ignore_headers | join(" ") }}; +{% endif %} +{% if item.value.reverse_proxy.proxy_temp_path is defined %} +proxy_temp_path {{ item.value.reverse_proxy.proxy_temp_path.path }} {{ item.value.reverse_proxy.proxy_temp_path.level_1 | default("") }} {{ item.value.reverse_proxy.proxy_temp_path.level_2 | default("") }} {{ item.value.reverse_proxy.proxy_temp_path.level_3 | default("") }}; +{% endif %} +{% endif %} +{% endif %} + server { {% if item.value.ssl is defined %} listen {{ item.value.port }} ssl; @@ -30,6 +62,7 @@ server { {% if item.value.https_redirect is defined and item.value.https_redirect %} return 301 https://{{ item.value.server_name }}$request_uri; {% endif%} + {% if item.value.reverse_proxy is defined %} {% for location in item.value.reverse_proxy.locations %} location {{ item.value.reverse_proxy.locations[location].location }} { @@ -40,9 +73,35 @@ server { auth_basic_user_file {{ item.value.reverse_proxy.locations[location].auth_basic_file }}; {% endif %} proxy_pass {{ item.value.reverse_proxy.locations[location].proxy_pass }}; -{% if item.value.reverse_proxy.health_check_plus is defined and item.value.reverse_proxy.health_check_plus %} + +{% if item.value.reverse_proxy.locations[location].proxy_cache is defined %} + proxy_cache {{ item.value.reverse_proxy.locations[location].proxy_cache }}; +{% endif %} +{% if item.value.reverse_proxy.locations[location].proxy_cache_background_update is defined %} + proxy_cache_background_update {{ item.value.reverse_proxy.locations[location].proxy_cache_background_update | ternary("on", "off") }}; +{% endif %} +{% if item.value.reverse_proxy.locations[location].proxy_cache_lock is defined %} + proxy_cache_lock {{ item.value.reverse_proxy.locations[location].proxy_cache_lock | ternary("on", "off") }}; +{% endif %} +{% if item.value.reverse_proxy.locations[location].proxy_cache_min_uses is defined %} + proxy_cache_min_uses {{ item.value.reverse_proxy.locations[location].proxy_cache_min_uses }}; +{% endif %} +{% if item.value.reverse_proxy.locations[location].proxy_cache_revalidate is defined %} + proxy_cache_revalidate {{ item.value.reverse_proxy.locations[location].proxy_cache_revalidate | ternary("on", "off") }}; +{% endif %} +{% if item.value.reverse_proxy.locations[location].proxy_cache_use_stale is defined %} + proxy_cache_use_stale {{ item.value.reverse_proxy.locations[location].proxy_cache_use_stale | join(" ") }}; +{% endif %} +{% if item.value.reverse_proxy.locations[location].proxy_temp_path is defined %} + proxy_temp_path {{ item.value.reverse_proxy.locations[location].proxy_temp_path.path }} {{ item.value.reverse_proxy.locations[location].proxy_temp_path.level_1 | default("") }} {{ item.value.reverse_proxy.locations[location].proxy_temp_path.level_2 | default("") }} {{ item.value.reverse_proxy.locations[location].proxy_temp_path.level_3 | default("") }}; +{% endif %} +{% if item.value.reverse_proxy.locations[location].proxy_ignore_headers is defined %} + proxy_ignore_headers {{ item.value.reverse_proxy.locations[location].proxy_ignore_headers | join(" ") }}; +{% endif %} +{% if (item.value.reverse_proxy.health_check_plus is defined) and item.value.reverse_proxy.health_check_plus %} health_check; {% endif %} + proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; @@ -52,9 +111,9 @@ server { proxy_set_header Connection "Upgrade"; {% endif %} } - {% endfor %} {% endif %} + {% if item.value.web_server is defined %} {% for location in item.value.web_server.locations %} location {{ item.value.web_server.locations[location].location }} { diff --git a/tests/playbooks/nginx-http-template.yml b/tests/playbooks/nginx-http-template.yml index fe9c5e9..6dc169e 100644 --- a/tests/playbooks/nginx-http-template.yml +++ b/tests/playbooks/nginx-http-template.yml @@ -5,6 +5,7 @@ roles: - ansible-role-nginx vars: + nginx_debug_output: true nginx_http_template_enable: true nginx_http_template: app: @@ -15,18 +16,67 @@ server_name: localhost error_page: /usr/share/nginx/html reverse_proxy: + proxy_cache_path: + - path: /var/cache/nginx/proxy/frontend + keys_zone: + name: frontend_proxy_cache + size: 5m + levels: "1:2" + max_size: 5g + inactive: 30m + use_temp_path: true + - path: /var/cache/nginx/proxy/backend + keys_zone: + name: backend_proxy_cache + size: 10m + levels: "1:2" + max_size: 10g + inactive: 60m + use_temp_path: true + proxy_temp_path: + path: /var/cache/nginx/proxy/temp + proxy_cache_lock: true + proxy_cache_min_uses: 5 + proxy_cache_revalidate: true + proxy_cache_use_stale: + - error + - timeout + proxy_ignore_headers: + - Expires locations: frontend: location: / proxy_pass: http://frontend_servers/ + proxy_cache: frontend_proxy_cache + proxy_temp_path: + path: /var/cache/nginx/proxy/frontend/temp + proxy_cache_lock: false + proxy_cache_min_uses: 3 + proxy_cache_revalidate: false + proxy_cache_use_stale: + - http_403 + - http_404 + proxy_ignore_headers: + - Vary + - Cache-Control backend: location: /backend proxy_pass: http://backend_servers/ + proxy_cache: backend_proxy_cache + proxy_temp_path: + path: /var/cache/nginx/proxy/backend/temp + proxy_cache_lock: true + proxy_cache_min_uses: 2 + proxy_cache_revalidate: true + proxy_cache_use_stale: + - http_500 + - http_502 + - http_503 upstreams: frontend_upstream: name: frontend_servers lb_method: least_conn - zone_name: frontend + zone_name: frontend_mem_zone zone_size: 64k sticky_cookie: false servers: @@ -38,7 +88,7 @@ backend_upstream: name: backend_servers lb_method: least_conn - zone_name: backend + zone_name: backend_mem_zone zone_size: 64k sticky_cookie: false servers: