Link Search Menu Expand Document

A complete guide on how you can create reverse proxy with multilayer caching logic.

Table of contents

Application (PHP) level caching

FastCGI and Vanish are the popular caching programme for PHP. We know PHP requires dynamic requests, it takes longer specially when sending query to the underlying database.

Click here for seeing how to configure FastCGI.

Sample CGI configuration

http {
    fastcgi_cache_path /tmp/nginx_cache levels=1:2 keys_zone=zone_1:100m inactive=60m;
}
server { 
    location ~\.php$ {
        # pass php requests to the php-fpm service (fastcgi)
        include fastcgi.conf;
        fastcgi_pass unix:/run/php/php7.2-fpm.sock;

        # Enable cache, give `zone` a name, 
        # Remember to also configure name in the above http{...} block
        fastcgi_cache zone_1; 
        fastcgi_cache_valid 200 60m;
        # 200 returned file cache for 60 minutes.
        fastcgi_cache_valid 404 10m; 
        # 404 returned file cache for 10 minutes.
        add_header php-cache $upstream_cache_status;
        # give a custom header, so you can see `HIT, MISS` output on the PHP layer cache.
    }
}

Server (Nginx) level caching

Step 1

  • Define the server block is listening on different port 8080 (any non http-stand port)
  • Make sure port 8080 is open, if not, run sudo ufw allow 8080
server {
        listen 8080; 
        root /var/www/example.com;
        index index.html index.php index.htm index.nginx-debian.html;
        server_name example.com;
}

Step 2

  • Using proxy_pass: 127.0.0.1:8080 or using below block.
upstream origin_server {
    server 127.0.0.1:8080; 
}

Sample server (Nginx) level configuration

proxy_cache_path /tmp/cache/zone_1 levels=1:2 keys_zone=proxy_zone_example.com:100m max_size=1g inactive=60m use_temp_path=off;
proxy_cache_key $scheme$request_method$host$request_uri$http_x_custom_header$http_cookie;

upstream origin_server {
    server 127.0.0.1:8080; 
}

server {
    server_name example.com;

    location / {
        include proxy_params;
        proxy_pass http://origin_server;
        # if using `proxy_pass: 127.0.0.1:8080`, remove the above `upstream origin_server` block.
        proxy_cache proxy_zone_example.com; 
        proxy_cache_valid any 5m;
        proxy_cache_revalidate on;
        proxy_ignore_headers Cache-Control Set-Cookie;
        proxy_cache_background_update on;
        add_header reserve-proxy-cache $upstream_cache_status; 
        add_header reserve-proxy-cached-on $upstream_http_Date;
        add_header Set-Cookie "Path=/; HttpOnly; Secure";
    }
    
    listen 443 ssl http2; 
    ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
    ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;

    access_log /var/log/nginx/proxy-example-access.log;
    error_log /var/log/nginx/proxy-example-error.log;
}

server {
        listen 80;
        server_name example.com;
        rewrite ^/(.*) https://example.com/$1 permanent;
}

Proxy level caching

You will create config file on a completely different server. Using proxy_pass: origin-server-ip for reverse proxy.

  • Note: proxy server will strip origin server’s set-cookie.

Sample reverse proxy configuration

  • Let’s assume origin server public IP is: 192.25.25.0, using proxy_pass http://192.25.25.0; to reverse proxy the origin server.
  • If origin server configured with SSL or TLS protocol, the entire request will go over https protocol for enhanced security.
proxy_cache_path /tmp/cache/zone_2 levels=1:2 keys_zone=proxy_zone_example.com:100m max_size=1g inactive=60m use_temp_path=off; 
proxy_cache_key $scheme$request_method$host$request_uri$http_x_custom_header$http_cookie;

server {
    server_name example.com;
    location / {
        include proxy_params;
        proxy_pass http://192.25.25.0;
        proxy_cache proxy_zone_example.com; 
        proxy_cache_valid any 5m; 

        add_header reserve-proxy-cache $upstream_cache_status; 
        add_header reserve-proxy-cached-on $upstream_http_Date;
        add_header Set-Cookie "Path=/; HttpOnly; Secure";
    }

        listen 443 ssl http2;
        ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
        ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
        ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;

        access_log /var/log/nginx/proxy-simple-access.log;
        error_log /var/log/nginx/proxy-simple-error.log;
}