Reverse caching proxies: Varnish or Nginx? - phpuk15

Reverse caching proxies Varnish or Nginx? By Thijs Feryn

Hi, I’m Thijs

I’m @ThijsFeryn on Twitter

I’m an at Evangelist

I’m a at board member

What’s a reverse proxy?

Why? ✓ Hide origin server ✓ SSL termination ✓ Load
balancing ✓ Caching ✓ Compression

✓ Hide origin server ✓ SSL termination ✓ Load balancing
✓ Caching ✓ Compression Why?

Protecting your backend server

Kevin & Whitney

Proxy Webserver PHP runtime Client Webserver thinks it’s a
browser Browser things it’s a webserver

Cache-control Cache-‐Control “max-‐age=3600, s-‐ maxage=1000, public, must-‐revalidate”

Expires Expires "Wed, 1 Jan 2015 20:00:00 GMT"

ETag If-‐None-‐Match: "3e86-‐410-‐3596Sbc" ETag: "3e86-‐410-‐3596Sbc" Problems with browser cache

What’s not cacheable ✓HTTP POST, PUT, DELETE ✓ Cookie &
Set-Cookie headers ✓ Authorization ✓ TTL == 0

Meet the contenders Varnish Nginx

Varnish ✓Poul-Henning Kamp ✓Verdens Gang AS ✓Redpill Linpro ✓Varnish software
✓Reverse proxy only ✓2005: ideas @ Verdens Gang ✓2006 : development & v1 ✓2008: v2 ✓2011: v3 ✓2014: v4 (April 29th)

Nginx ✓Igor Sysoev ✓2002: development ✓2004: first release ✓15% of
the internet ✓CK10 problem ✓Event driven, async ✓Webserver & reverse proxy ✓Current version: 1.7.10

Install

curl http://repo.varnish-‐cache.org/debian/GPG-‐key.txt | sudo apt-‐ key add -‐ echo
"deb http://repo.varnish-‐cache.org/ubuntu/ utopic varnish-‐4.0" | sudo tee -‐a /etc/apt/sources.list sudo apt-‐get update sudo apt-‐get install varnish curl http://repo.varnish-‐cache.org/debian/GPG-‐key.txt | sudo apt-‐ key add -‐ echo "deb http://repo.varnish-‐cache.org/debian/ wheezy varnish-‐4.0" | sudo tee -‐a /etc/apt/sources.list sudo apt-‐get update sudo apt-‐get install varnish

deb http://nginx.org/packages/ubuntu/ utopic nginx deb-‐src http://nginx.org/packages/ubuntu/ utopic nginx deb
http://nginx.org/packages/debian/ wheezy nginx deb-‐src http://nginx.org/packages/debian/ wheezy nginx Go to h&p://wiki.nginx.org/Pgp for PGP signature Go to h&p://wiki.nginx.org/Install for more info

Configure

DAEMON_OPTS="-‐a :80 \ -‐T localhost:6082 \ -‐f /etc/varnish/default.vcl
\ -‐S /etc/varnish/secret \ -‐s malloc,256m" In “/etc/default/varnish”

backend default { .host
= "127.0.0.1"; .port = "8080"; } In “/etc/varnish/default.vcl”

server { listen
80; server_name host-‐name.dev; access_log /var/log/nginx/access.log; error_log /var/log/nginx/error.log; location / { proxy_pass http://localhost:8080; proxy_cache proxy-‐cache; proxy_cache_key "$scheme://$host $request_uri"; proxy_cache_valid 200 302 1h; } } In “/etc/nginx/ conf.d/default.conf”

proxy_cache_path /tmp/ levels=1:2 keys_zone=proxy-‐cache:10m inactive=5m max_size=1024; Add to
“/etc/nginx/nginx.conf”

Backend Listen 8080 In “/etc/apache2/ports.conf”

✓mod_php ✓mod_fcgid & php-cgi ✓mod_proxy_fcgi & php-fpm ✓Behind Varnish &
Nginx

✓Native fastcgi proxying for php-fpm ✓Cacheable

server { listen
80; server_name nginx-‐proxy.dev; root /home/data/www; access_log /var/log/nginx/access.log; access_log /var/log/nginx/error.log; location / { index index.php; } location ~ \.php$ { fastcgi_split_path_info ^(.+\.php)(/.+)$; fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; include fastcgi_params; fastcgi_param SCRIPT_FILENAME $request_filename; fastcgi_cache fastcgi-‐cache; fastcgi_cache_valid 200 302 1h; fastcgi_cache_key "$scheme://$host$request_uri"; } } 38

Nginx PHP-FPM Client Webserver & caching
proxy

h&ps://www.varnish-‐cache.org/trac/wiki/ Future_Feature#FCGIbackendsupport

What about ?

sudo apt-‐get install software-‐properties-‐common sudo apt-‐key adv -‐-‐recv-‐keys -‐-‐keyserver
hkp:// keyserver.ubuntu.com:80 0x5a16e7281be7a449 sudo add-‐apt-‐repository 'deb http://dl.hhvm.com/ubuntu utopic main' sudo apt-‐get update sudo apt-‐get install hhvm sudo apt-‐key adv -‐-‐recv-‐keys -‐-‐keyserver hkp:// keyserver.ubuntu.com:80 0x5a16e7281be7a449 echo deb http://dl.hhvm.com/debian wheezy main | sudo tee /etc/ apt/sources.list.d/hhvm.list sudo apt-‐get update sudo apt-‐get install hhvm

; php options pid = /var/run/hhvm/pid ; hhvm
specific hhvm.server.port = 9000 hhvm.server.type = fastcgi hhvm.server.default_document = index.php hhvm.log.use_log_file = true hhvm.log.file = /var/log/hhvm/error.log hhvm.repo.central.path = /var/run/hhvm/hhvm.hhbc In “/etc/hhvm/server.ini” > /etc/init.d/php-‐fpm stop > /etc/init.d/hhvm start

server { listen
80; server_name hhvm.dev; root /home/data/www; access_log /var/log/nginx/access.log; access_log /var/log/nginx/error.log; location / { index index.php; } location ~ \.php$ { fastcgi_split_path_info ^(.+\.php)(/.+)$; fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; include fastcgi_params; fastcgi_param SCRIPT_FILENAME $request_filename; fastcgi_cache fastcgi-‐cache; fastcgi_cache_valid 200 302 1h; fastcgi_cache_key "$scheme://$host$request_uri"; } } 44 Same deal as PHP-‐FPM

With HHVM 3.0.0 we aren't going to ship an HTTP
server anymore. That means -m server and -m daemon won't work without -vServer.Type=fastcgi. This came about for many reasons: • About 1/2 of user questions were "how do you configure the server to do ...". • It is largely unmaintained. • Building a webserver isn't our core competency and there are many wonderful options already out there. • We built FastCGI support just for this purpose. The slowdown is negligible for most sites, but we feel the configurability you will gain is very much worth it. The default package init.d scripts and server.ini files already support FastCGI so it should work right out of the box. You can run sudo /usr/ share/hhvm/install_fastcgi.sh to configure your nginx or apache config files automatically.

What about ?

curl -‐sL https://deb.nodesource.com/setup | sudo bash -‐ apt-‐get install
-‐y nodejs build-‐essential npm install ws wscat console.log("Server started"); var Msg = ''; var WebSocketServer = require('ws').Server , wss = new WebSocketServer({port: 8010}); wss.on('connection', function(ws) { ws.on('message', function(message) { console.log('Received from client: %s', message); ws.send('Server received from client: ' + message); }); }); Websocket test script

map $http_upgrade $connection_upgrade { default upgrade;
'' close; } server { listen 80; server_name nodejs.dev; location / { proxy_pass http://127.0.0.1:8010; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $connection_upgrade; } }

sub vcl_recv { if (req.http.Upgrade ~
"(?i)websocket") { return (pipe); } } sub vcl_pipe { if (req.http.upgrade) { set bereq.http.upgrade = req.http.upgrade; } set bereq.http.Connection = "close"; return (pipe); }

$> ./node_modules/wscat/bin/wscat -‐-‐connect ws://localhost connected (press CTRL+C to quit)
> test < Server received from client: test Websocket client

Out of the box

✓POST, DELETE & PUT ✓cookies & auth headers ✓set-cookie headers
✓“no-cache", "no-store", „private” in v4 Varnish wil not cache

✓POST, DELETE & PUT ✓“no-cache", "no-store", "private” ✓set-cookie headers ✓cache
ttl <= 0 ✓X-Accel-Expires: 0 Nginx wil not cache

About cookies

About cookies HTTP cookie request header via browser HTTP set-cookie
response header via webserver

set $bypass 0; if ($http_cookie) { set $bypass
1; } fastcgi_cache_bypass $bypass; fastcgi_no_cache $bypass; Nginx caches cookies by default

Monitoring & Logging

access_log error_log

log_format main '$remote_addr -‐ $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"' '"$upstream_cache_status"'; log_format main '$remote_addr -‐ $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; Default log format Add more fields

✓MISS ✓BYPASS ➡caused by proxy_cache_bypass call ✓EXPIRED ➡found in cache,
expired, request was passed to backend ✓UPDATING ➡expired, stale response was used due to proxy/fastcgi_cache_use_stale and cache_lock has timed out ✓STALE ➡expired, stale response was used due to proxy/fastcgi_cache_use_stale ✓REVALIDATED ➡proxy_cache_revalidate verified that the cached content was still valid ✓HIT $upstream_cache_status

varnishstat varnishlog varnishtop

Varnishstat Continuously updated state of the server

Varnishlog In memory activity log

* << Request >> 17 -‐
Begin req 16 rxreq -‐ Timestamp Start: 1402575535.812994 0.000000 0.000000 -‐ Timestamp Req: 1402575535.812994 0.000000 0.000000 -‐ ReqStart 10.10.10.1 51762 -‐ ReqMethod GET -‐ ReqURL / -‐ ReqProtocol HTTP/1.1 -‐ ReqHeader Host: varnishv4.dev -‐ ReqHeader User-‐Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:29.0) Gecko/20100101 Firefox/29.0 -‐ ReqHeader Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/ *;q=0.8 -‐ ReqHeader Accept-‐Language: en,nl;q=0.7,fr-‐be;q=0.3 -‐ ReqHeader Accept-‐Encoding: gzip, deflate -‐ ReqHeader Connection: keep-‐alive -‐ ReqHeader Cache-‐Control: max-‐age=0 -‐ ReqHeader X-‐Forwarded-‐For: 10.10.10.1 -‐ VCL_call RECV -‐ VCL_return hash -‐ ReqUnset Accept-‐Encoding: gzip, deflate -‐ ReqHeader Accept-‐Encoding: gzip -‐ VCL_call HASH -‐ VCL_return lookup -‐ Hit 2147516434 -‐ VCL_call HIT -‐ VCL_return deliver -‐ Link bereq 18 bgfetch -‐ Timestamp Fetch: 1402575535.813497 0.000503 0.000503 -‐ Timestamp Process: 1402575535.813508 0.000514 0.000011 Client

-‐ Hit
2147516434 -‐ VCL_call HIT -‐ VCL_return deliver -‐ Link bereq 18 bgfetch -‐ Timestamp Fetch: 1402575535.813497 0.000503 0.000503 -‐ Timestamp Process: 1402575535.813508 0.000514 0.000011 -‐ RespProtocol HTTP/1.1 -‐ RespStatus 200 -‐ RespResponse OK -‐ RespHeader Date: Thu, 12 Jun 2014 12:18:43 GMT -‐ RespHeader Server: Apache/2.2.22 (Debian) -‐ RespHeader X-‐Powered-‐By: PHP/5.4.4-‐14+deb7u10 -‐ RespHeader Cache-‐Control: public, max-‐age=5 -‐ RespHeader Vary: Accept-‐Encoding -‐ RespHeader Content-‐Encoding: gzip -‐ RespHeader Content-‐Type: text/html -‐ RespUnset Date: Thu, 12 Jun 2014 12:18:43 GMT -‐ RespHeader Date: Thu, 12 Jun 2014 12:18:55 GMT -‐ RespHeader X-‐Varnish: 17 32786 -‐ RespHeader Age: 12 -‐ RespHeader Via: 1.1 varnish (v4) -‐ VCL_call DELIVER -‐ VCL_return deliver -‐ RespHeader Content-‐Length: 64 -‐ Debug "RES_MODE 2" -‐ RespHeader Connection: keep-‐alive -‐ RespHeader Accept-‐Ranges: bytes -‐ Timestamp Resp: 1402575535.813804 0.000810 0.000296 -‐ Debug "XXX REF 2" -‐ ReqAcct 331 0 331 349 64 413 -‐ End Client

* << BeReq >> 18
-‐ Begin bereq 17 bgfetch -‐ Timestamp Start: 1402575535.813071 0.000000 0.000000 -‐ BereqMethod GET -‐ BereqURL / -‐ BereqProtocol HTTP/1.1 -‐ BereqHeader Host: varnishv4.dev -‐ BereqHeader User-‐Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:29.0) Gecko/20100101 Firefox/29.0 -‐ BereqHeader Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/ *;q=0.8 -‐ BereqHeader Accept-‐Language: en,nl;q=0.7,fr-‐be;q=0.3 -‐ BereqHeader X-‐Forwarded-‐For: 10.10.10.1 -‐ BereqHeader Accept-‐Encoding: gzip -‐ BereqHeader X-‐Varnish: 18 -‐ VCL_call BACKEND_FETCH -‐ VCL_return fetch -‐ BackendClose 17 default(127.0.0.1,,8080) toolate -‐ BackendOpen 17 default(127.0.0.1,,8080) 127.0.0.1 41135 -‐ Backend 17 default default(127.0.0.1,,8080) -‐ Timestamp Bereq: 1402575535.813220 0.000149 0.000149 -‐ Timestamp Beresp: 1402575535.828116 0.015045 0.014896 -‐ BerespProtocol HTTP/1.1 -‐ BerespStatus 200 -‐ BerespResponse OK -‐ BerespHeader Date: Thu, 12 Jun 2014 12:18:55 GMT -‐ BerespHeader Server: Apache/2.2.22 (Debian) -‐ BerespHeader X-‐Powered-‐By: PHP/5.4.4-‐14+deb7u10 -‐ BerespHeader Cache-‐Control: public, max-‐age=5 -‐ BerespHeader Vary: Accept-‐Encoding Backend

-‐ BerespHeader Content-‐Encoding: gzip -‐
BerespHeader Content-‐Length: 64 -‐ BerespHeader Content-‐Type: text/html -‐ TTL RFC 5 -‐1 -‐1 1402575536 1402575536 1402575535 0 5 -‐ VCL_call BACKEND_RESPONSE -‐ VCL_return deliver -‐ Storage malloc s0 -‐ ObjProtocol HTTP/1.1 -‐ ObjStatus 200 -‐ ObjResponse OK -‐ ObjHeader Date: Thu, 12 Jun 2014 12:18:55 GMT -‐ ObjHeader Server: Apache/2.2.22 (Debian) -‐ ObjHeader X-‐Powered-‐By: PHP/5.4.4-‐14+deb7u10 -‐ ObjHeader Cache-‐Control: public, max-‐age=5 -‐ ObjHeader Vary: Accept-‐Encoding -‐ ObjHeader Content-‐Encoding: gzip -‐ ObjHeader Content-‐Type: text/html -‐ Fetch_Body 3 length stream -‐ Gzip u F -‐ 64 44 80 80 442 -‐ Timestamp BerespBody: 1402575535.828260 0.015189 0.000144 -‐ BackendReuse 17 default(127.0.0.1,,8080) -‐ Length 64 -‐ BereqAcct 316 0 316 250 64 314 -‐ End * << Session >> 16 -‐ Begin sess 0 HTTP/1 -‐ SessOpen 10.10.10.1 51762 :80 10.10.10.36 80 1402575535.812946 14 -‐ Link req 17 rxreq -‐ SessClose RX_TIMEOUT 5.021 -‐ End Backend

VSL Query Expressions varnishlog -‐i ReqURL -‐q 'VCL_Call eq "HIT"'
varnishlog -‐i ReqURL -‐q 'VCL_Call eq "MISS"' varnishlog -‐i ReqURL -‐q 'RespStatus > 400 and RespStatus <= 404' varnishlog -‐i ReqURL -‐q 'Timestamp:Fetch[2] > 2.0'

Varnishtop Continuously updated list of incremental data

VSL Query Expressions varnishtop -‐i ReqURL -‐q 'VCL_Call eq "HIT"'
varnishtop -‐i ReqURL -‐q 'VCL_Call eq "MISS"' varnishtop -‐C -‐I "ReqHeader:^User-‐Agent" varnishtop -‐i RespStatus varnishtop -‐i ReqURL

The flow

* << Request >> 17 -‐
Begin req 16 rxreq -‐ Timestamp Start: 1402575535.812994 0.000000 0.000000 -‐ Timestamp Req: 1402575535.812994 0.000000 0.000000 -‐ ReqStart 10.10.10.1 51762 -‐ ReqMethod GET -‐ ReqURL / -‐ ReqProtocol HTTP/1.1 -‐ ReqHeader Host: varnishv4.dev -‐ ReqHeader User-‐Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:29.0) Gecko/20100101 Firefox/29.0 -‐ ReqHeader Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/ *;q=0.8 -‐ ReqHeader Accept-‐Language: en,nl;q=0.7,fr-‐be;q=0.3 -‐ ReqHeader Accept-‐Encoding: gzip, deflate -‐ ReqHeader Connection: keep-‐alive -‐ ReqHeader Cache-‐Control: max-‐age=0 -‐ ReqHeader X-‐Forwarded-‐For: 10.10.10.1 -‐ VCL_call RECV -‐ VCL_return hash -‐ ReqUnset Accept-‐Encoding: gzip, deflate -‐ ReqHeader Accept-‐Encoding: gzip -‐ VCL_call HASH -‐ VCL_return lookup -‐ Hit 2147516434 -‐ VCL_call HIT -‐ VCL_return deliver -‐ Link bereq 18 bgfetch -‐ Timestamp Fetch: 1402575535.813497 0.000503 0.000503 -‐ Timestamp Process: 1402575535.813508 0.000514 0.000011 Got it?

Cache key

Cache key sub vcl_hash { hash_data(req.url); if (req.http.host)
{ hash_data(req.http.host); } else { hash_data(server.ip); } return (lookup); }

Cache key fastcgi_cache_key "$scheme://$host$request_uri"; proxy_cache_key "$scheme://$host$request_uri";

Hashing cookies

Hashing cookies sub vcl_hash { if(req.http.Cookie ~ "country"){
hash_data(regsub(req.http.Cookie, ".*country=([^;]+);.*","\1")); } }

Hashing cookies proxy_cache_key “$scheme://$host$request_uri $cookie_country"; fastcgi_cache_key "$scheme://$host$request_uri $cookie_country";

Cache purging

Purge config sub vcl_recv { if
(req.method == "PURGE") { return(purge); } }

sub vcl_recv {
if (req.method == "PURGE") { ban("req.http.host == " + req.http.host + " && req.url ~ " + req.url); return (synth(200, "Banned")); } } sub vcl_recv { if (req.method == "PURGE") { ban("req.http.host == " + req.http.host + " && req.url == " + req.url); return (synth(200, "Banned")); } } Ban config URL Pattern

Purge/ban execution curl -‐X PURGE http://varnish.dev/your-‐page $ varnishadm varnish>
varnish> ban req.url == "/" 200 Or via telnet

Purge grep -‐lr 'http://host.dev/test.php' /tmp/cache/* | xargs rm

h&ps://github.com/FRiCKLE/ngx_cache_purge location / {
index index.php; error_page 477 = @purge; if ($request_method = PURGE) { return 477; } } location @purge { access_log /var/log/nginx/caching.purge.log; fastcgi_cache_purge fastcgi-‐cache "$scheme://$host $request_uri"; } Purge config

h&ps://github.com/FRiCKLE/ngx_cache_purge location / {
index index.php; error_page 477 = @purge; if ($request_method = PURGE) { return 477; } } location @purge { access_log /var/log/nginx/caching.purge.log; proxy_cache_purge proxy-‐cache "$scheme://$host $request_uri"; } Purge config

Purge execution curl -‐X PURGE http://varnish.dev/your-‐page

Loadbalancing

probe healthcheck { .url = "/status.php"; .interval = 60s; .timeout
= 0.3 s; .window = 8; .threshold = 3; .initial = 3; .expected_response = 200; } backend www { .host = "www.example.com"; .port = "http"; .probe = healthcheck; } Health probes

server { ... location / { proxy_pass http://backend; health_check match=welcome;
} } match welcome { status 200; header Content-Type = text/html; body ~ "Welcome to nginx!"; } Health probes

✓Round-robin ✓Random ✓Hash ✓Fallback Directors

vcl 4.0; backend apache {
.host = "127.0.0.1"; .port = “8080"; } backend nginx { .host = "127.0.0.1"; .port = "8081"; } import directors; sub vcl_init { new vdir = directors.random(); vdir.add_backend(apache,10); vdir.add_backend(nginx,5); } sub vcl_recv { set req.backend_hint = vdir.backend(); } Random

… vcl 4.0; backend apache {
.host = "127.0.0.1"; .port = "8080"; .probe = healthcheck; } backend nginx { .host = "127.0.0.1"; .port = "8081"; .probe = healthcheck; } import directors; sub vcl_init { new vdir = directors.fallback(); vdir.add_backend(apache); vdir.add_backend(nginx); } sub vcl_recv { set req.backend_hint = vdir.backend(); } Fallback Picks first healthy backend Order matters

vcl 4.0; backend apache {
.host = "127.0.0.1"; .port = "8080"; } backend nginx { .host = "127.0.0.1"; .port = "8081"; } import directors; sub vcl_init { new vdir = directors.hash(); vdir.add_backend(apache,1.0); vdir.add_backend(nginx,1.0); } sub vcl_recv { set req.backend_hint = vdir.backend(client.identity); } IP hash

upstream backend { server backend1.example.com weight=5; server backend2.example.com:8080; server unix:/tmp/backend3;
} server { location / { proxy_pass http://backend; } } Random

upstream backend { server backend1.example.com; server backend2.example.com backup; } server
{ location / { proxy_pass http://backend; } } Fallback

upstream backend { ip_hash; server backend1.example.com weight=2; server backend2.example.com; server
backend3.example.com down; server backend4.example.com; } server { location / { proxy_pass http://backend; } } IP hash

HIT/MISS marker

sub vcl_deliver { if (obj.hits > 0) {
set resp.http.X-‐Cache = "HIT"; } else { set resp.http.X-‐Cache = "MISS"; } } HIT/MISS marker

HIT/MISS marker add_header X-‐Cache $upstream_cache_status;

Set Time To Live

Cache-‐Control “max-‐age=10, s-‐maxage=5, public, must-‐revalidate”

Cache-‐Control “max-‐age=10, s-‐maxage=5, public, must-‐revalidate” 5 seconds TTL

Cache-‐Control “max-‐age=10, s-‐maxage=5, public, must-‐revalidate” 10 seconds TTL

Force TTL sub vcl_backend_response { if(bereq.url
~ "^/bla") { set beresp.ttl = 10s; } else { set beresp.ttl = 3600s; } }

location / { proxy_pass http://localhost:8080; proxy_cache proxy-‐cache;
proxy_cache_key "$scheme://$host$request_uri"; proxy_cache_valid 200 302 1h; } location ~ /bla { proxy_pass http://localhost:8080; proxy_cache proxy-‐cache; proxy_cache_key "$scheme://$host$request_uri"; proxy_cache_valid 200 302 10s; } Force TTL

Edge Side Includes

header.php menu.php main.php footer.php TTL 5s No caching TTL 10s
TTL 2s

sub vcl_recv { set req.http.Surrogate-‐Capability="key=ESI/1.0"; }
sub vcl_backend_response { if(beresp.http.Surrogate-‐Control~"ESI/1.0") { unset beresp.http.Surrogate-‐Control; set beresp.do_esi=true; } }

h&ps://github.com/taf2/nginx-‐esi Not oﬃcial Haven’t tested it yet Edge Side
Includes

Edge Side Includes Server Side Includes

<html> <body> <table> <tr> <td colspan="2" >  </td> </tr> <tr> <td>  </td> <td>  </td> </tr> <tr> <td colspan="2" >  </td> </tr> </table> </body> </html> Highest TTL is used

server { … ssi on; …
}

SSL support

Varnish doesn’t support SSL

Nginx supports SSL (& SPDY)

server { listen 443; ssl on;
ssl_certificate /path/to/ssl.crt; ssl_certificate_key /path/to/ssl.key; server_name hostname.dev; access_log /var/log/nginx/access.log; error_log /var/log/nginx/error.log; location / { proxy_pass http://localhost:80; proxy_set_header X-‐Real-‐IP $remote_addr; proxy_cache proxy-‐cache; proxy_cache_key "$scheme://$host$request_uri"; proxy_cache_valid 200 302 1h; } } SSL

Who won the battle? Varnish Nginx

And on that bombshell ...

Reverse caching proxies: Varnish or Nginx? - ph...

Reverse caching proxies: Varnish or Nginx? - phpuk15

More Decks by Thijs Feryn

Other Decks in Technology

Featured

Transcript