Proxy doesn't cache

Hi!
I want to use nginx as a caching proxy in front of an OCSP responder.
The OCSP requests are transmitted via HTTP POST.

Hence, I configured nginx as follows:

proxy_cache_path /tmp/nginx/cache levels=1:2 keys_zone=my-cache:8m
max_size=1000m inactive=600m;
server {
server_name localhost;
location / {
proxy_pass http://213.154.225.237:80; #ocsp.cacert.org
proxy_cache my-cache;
proxy_cache_methods POST;
proxy_cache_key “$scheme$proxy_host$uri$request_body”;
proxy_ignore_headers X-Accel-Expires Expires Cache-Control
Set-Cookie;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
}
)

I can access the OCSP responder through nginx and responses are received
as expected - no issue. The problem is that nginx doesn’t cache the
responses. Note that OCSP nonces are not being sent as part of the
request. Using Wireshark and nginx’ debug log, I verified that all my
requests are identical. How to configure nginx that it caches the
responses?

Note, I use the following command for testing:
openssl ocsp -issuer cacert.crt -no_nonce -CAfile CAbundle.crt -url
http://localhost/ -serial

Thanks a lot for your help!
Stefan

Hello!

On Fri, May 10, 2013 at 11:13:42AM +0800, Stefan Xenon wrote:

location / {
I can access the OCSP responder through nginx and responses are received
as expected - no issue. The problem is that nginx doesn’t cache the
responses. Note that OCSP nonces are not being sent as part of the
request. Using Wireshark and nginx’ debug log, I verified that all my
requests are identical. How to configure nginx that it caches the responses?

Note, I use the following command for testing:
openssl ocsp -issuer cacert.crt -no_nonce -CAfile CAbundle.crt -url
http://localhost/ -serial

You configuration doesn’t contain proxy_cache_valid (see
Module ngx_http_proxy_module), and in the same time via
proxy_ignore_headers it ignores all headers which may be used to
set response validity based on response headers. That is, no
responses will be cached with the configuration above.

You probably want to add something like

proxy_cache_valid 200 1d;

to your configuration.


Maxim D.
http://nginx.org/en/donation.html

Thanks a lot Maxim. This really solved my problem. :slight_smile:

Stefan

Am 11.05.2013 22:55, schrieb Maxim D.: