Nginx proxy cache/temp folders empty when located inside /tmp on CentOS 7

(First post in the Nginx forum, so please bear with me if it seems
slightly
long…)

I’m the maker of Engintron, a popular cPanel plugin which integrates
Nginx
as a reverse caching proxy in front of Apache. The project started in
Dec
2014, it is open source & free and you can check out the code here,
including Nginx configuration files:
https://github.com/engintron/engintron

In Feb 2016 I rewrote the plugin from scratch using a more efficient
universal proxy configuration in Nginx, for any domain hosted on a
cPanel
server. The benefit is that you install Engintron on your cPanel server
and
it just works, with zero maintenance and no vhost sync’ing between Nginx
&
Apache like similar plugins for cPanel.

I am defining 2 proxy cache zones/pools plus a proxy temp location in
/etc/nginx/nginx.conf like this:

proxy_cache_path /tmp/engintron_dynamic levels=1:2
keys_zone=engintron_dynamic:20m inactive=10m max_size=500m;
proxy_cache_path /tmp/engintron_static levels=1:2
keys_zone=engintron_static:20m inactive=10m max_size=500m;
proxy_temp_path /tmp/engintron_temp;

Nginx does 1 min caching for static assets like CSS, JS, images etc. and
1
sec micro-caching for dynamic/HTML content. The latter is used so that
it
doesn’t break sites with user-generated content such as forums,
e-commerce
sites etc.

In CentOS versions 5 & 6, the folders referenced above will start
filling up
when Nginx is installed via Engintron, as Nginx caching kicks in.
In CentOS 7 however - and this has been verified in multiple cPanel
installations on my end, as well as other Engintron users via the
project’s
Issues section on GitHub- the above folders are just empty.

However caching DOES work in CentOS 7, at least according to the headers
sent by Nginx as well as by checking a static file if it gets cached.

For example if I modify this CSS file
http://www.benetomaretti.com/templates/vp_merchant/css/template.css I
won’t
see any changes until a minute has passed (1 min static cache). So the
file
does indeed get cached by Nginx, but the cache entry does not appear in
the
proxy cache/temp folders. These folders show up as empty with a simple
du
command.

And if you check the same file via curl, you get something like this:

$ curl -I
http://www.benetomaretti.com/templates/vp_merchant/css/template.css
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 06 Apr 2016 04:27:52 GMT
Content-Type: text/css
Content-Length: 45237
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Wed, 06 Apr 2016 04:25:52 GMT
ETag: “45a86635-b0b5-52fc95b6d4120”
Expires: Fri, 06 May 2016 04:27:52 GMT
Cache-Control: max-age=2592000
X-Cache-Status: HIT
X-Server-Powered-By: Engintron
Pragma: public
Cache-Control: public
Vary: Accept-Encoding
Accept-Ranges: bytes

I’m really out of ideas why on earth there’s this behaviour with CentOS
7
specifically.

Any pointers would be appreciated.

For the record, the (re-written) release of Engintron in Feb 2016
already
has more than 1300 server deployments in 72 countries worldwide.

It’s in my plans to also get anonymous system metrics at some point in
the
near future, so I know which CentOS version is used (along with other
data
such Apache version, MySQL version etc.). In the meantime I can’t know
what
percentage uses CentOS 7, but judging from the fact that new cPanel
deployments usually get setup on CentOS 7, I’m assuming the percentage
may
be high overall.

Thanks in advance for any help or guidance.

Posted at Nginx Forum:
https://forum.nginx.org/read.php?2,265943,265943#msg-265943

Hi,

This gives a good explanation of what you are observing:

https://securityblog.redhat.com/2014/04/09/new-red-hat-enterprise-linux-7-security-feature-privatetmp/

Kind Regards
Andrew

On 06/04/16 05:39, fevangelou wrote:

server. The benefit is that you install Engintron on your cPanel server and
proxy_temp_path /tmp/engintron_temp;
Issues section on GitHub- the above folders are just empty.

Vary: Accept-Encoding

such Apache version, MySQL version etc.). In the meantime I can’t know what
[email protected]
http://mailman.nginx.org/mailman/listinfo/nginx


Andrew H. (LinuxJedi)
Technical Product Manager, NGINX Inc.

Awesome. Thank you :slight_smile:

Posted at Nginx Forum:
https://forum.nginx.org/read.php?2,265943,265986#msg-265986

This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.

| Privacy Policy | Terms of Service | Remote Ruby Jobs