full page caching in general and Django

Things Caches Do HTTP / Headers

kinds of web caches • Browser Caches • Proxy Caches
• Gateway Caches

Gateway caches • Varnish on your server • CDN •
„reverse proxy“

expiration • Cache-Control: max-age=N • Expires (for your CDN) •
Surrogate-Control: max-age=N • Cache-Control: s-max-age=N

expiration

validation • Last-Modified / If-Modified-Since • ETag / If-None-Match •
HTTP Response: 304 Not Modified

validation

cache key

cache key https://api.thermondo.de/settings/

cache key https://api.thermondo.de/settings/ • method (GET) • path (/api/settings/) •
GET arguments (most times) • more?

GET arguments (most times) • Language • Encoding • more?

GET arguments (most times) • Language • Encoding • User Session

vary $ http -h https://api.thermondo.de/settings/ „Authorization: Token secrettoken" HTTP/1.1 200
OK Allow: GET, HEAD, OPTIONS Api-Version: 1.0.0 Connection: keep-alive Content-Encoding: gzip Content-Language: en-us Content-Length: 646 Content-Type: application/json Date: Mon, 30 Mar 2015 12:48:31 GMT Etag: "9987fab5ec7adb7c70be2a24e3665a5b;gzip" Server: waitress Vary: Accept, Accept-Language, Cookie, Accept-Encoding Via: 1.1 vegur

vary $ http -h https://api.thermondo.de/settings/ „Authorization: Token secrettoken" HTTP/1.1 200
OK Allow: GET, HEAD, OPTIONS Api-Version: 1.0.0 Connection: keep-alive Content-Encoding: gzip Content-Language: en-us Content-Length: 646 Content-Type: application/json Date: Mon, 30 Mar 2015 12:48:31 GMT Etag: "9987fab5ec7adb7c70be2a24e3665a5b;gzip" Vary: Accept, Accept-Language, Cookie, Accept-Encoding Via: 1.1 vegur

on cookies

on cookies • session • google analytics • often breaks
caching

on csrf • different content per session • often breaks
caching

Static Files js / css / images

the best way (tm) • unique filenames + far future
expiration (1 year) or • normal filenames, short expiration (5 min) or • normal filenames, CDN only expiration  (and flush the CDN after changes)

Page Caching in Django

Middleware

validation • CommonMiddleware • adds an ETag to the response
if there is none • Conditional GET for ETag • generates new 304 response if ETag matches  (keeps cookies)

validation • ConditionalGetMiddleware • Conditional GET for ETag and Last-Modiﬁed
• changes the response status code to 304 if conditions match

validation • @etag, @last_modiﬁed, @condition • callables for ETag or
Last-Modiﬁed calculation • best server performance • most RFC compliant

validation • GZipMiddleware • breaks Django’s ETag handling • changes
ETag in response

expiration • FetchFromCacheMiddleware has to be last:   after everything
that modifies the Vary-Header • UpdateCacheMiddleware has to be first:   before everything that modifies the Vary-Header

Middleware

vary • SessionMiddleware adds Cookie • GZipMiddleware adds Accept-Encoding •
LocaleMiddleware adds Accept-Language • @vary_on_cookie, @vary_on_headers

Django sucks here but it’s right

expiration breaks • when you use sessions • when you
use CSRF protection (which uses cookies) • when you use google analytics

easy (wrong) way • drop vary header in custom middleware
(security risk, wrong data)

possible but hard way • Middleware to ﬁlter google analytics
cookies and add them back later   they have no effect on the content • be very careful with using the session / user in your views • be very careful with using forms (which use CSRF Protection)

other ways • don’t use normal expiration headers • only
ﬂushable store (local cache, CDN) • ﬂush the cache (for example) when the database changes

not included • @cache_control (private, public, revalidate, …) • stale
expire headers

full page caching in general and Django

full page caching in general and Django

More Decks by Denis Cornehl

Other Decks in Technology

Featured

Transcript