The following config gives me 3-4x(!) time slower performance beching with ab than without caching - so something is off…
Caching Proxy Config
server {
server_name xxxxx www.xxxxx;
access_log /var/log/nginx/xxxxx.access.log rt_cache;
error_log /var/log/nginx/xxxxx.error.log;
add_header X-Proxy-Cache $upstream_cache_status;
location / {
proxy_pass http://10.189.68.134:80;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_cache_bypass $cookie_nocache $arg_nocache;
}
}
server {
listen 443;
ssl on;
server_name xxxxx www.xxxxx;
resolver 8.8.8.8 8.8.4.4;
ssl_certificate /etc/nginx/certs/xxxxx.ssl-bundle.crt;
ssl_certificate_key /etc/nginx/certs/xxxx.key;
#proxy_ssl_trusted_certificate /etc/nginx/certs/xxx.ssl-bundle.crt;
ssl_stapling on;
ssl_stapling_verify on;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers “EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !RC4”;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
add_header Strict-Transport-Security “max-age=31536000; includeSubdomains;”;
# ssl_session_cache shared:SSL:50m;
ssl_session_timeout 5m;
#proxy_ssl_verify on;
proxy_ssl_verify_depth 2;
proxy_ssl_session_reuse on;
location / {
proxy_set_header X-Forwarded-Proto $scheme; #https;
add_header Front-End-Https on;
#proxy_set_header X-Forwarded-Host $host;
# proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_cache my_cache;
proxy_cache_valid 200 302 60m;
proxy_cache_valid 404 1m;
proxy_pass https://10.189.68.134:443;
}
set $skip_cache 0;
if ($request_method = POST) {
set $skip_cache 1;
}
if ($query_string != “”) {
set $skip_cache 1;
}
Don’t cache uris containing the following segments. ‘admin’ is for one of my websites, it’s not required
for everyone. I’ve removed index.php as I want pages cached.
#if ($request_uri ~* "/wp-admin/|/admin-|/purge|/xmlrpc.php|wp-..php|/feed/|index.php|sitemap(_index)?.xml") {
if ($request_uri ~ “/wp-admin/|/admin-|/purge|/xmlrpc.php|wp-.*.php|/feed/|sitemap(_index)?.xml”) {
set $skip_cache 1;
}
Don’t use the cache for logged in users or recent commenters
if ($http_cookie ~* “comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_no_cache|wordpress_logged_in|code|PHPSESSID”) {
if ($http_cookie ~* “comment_author|wordpress_[a-f0-9]+|wordpress_logged_in|code”) {
set $skip_cache 1;
}
If we skip the cache it’s likely customised for one user. Set the caching headers to match.
if ($skip_cache = 1) {
set $cacheControl “private, max-age=0, s-maxage=0, no-cache, no-store”;
}
if ($skip_cache = 0) {
set $cacheControl “public, max-age=86400, s-maxage=86400”;
}
}