Reverse proxy is caching php pages?

aris · August 31, 2012, 1:33pm

I setup a reverse proxy on my forum and everything is working okay. (I
think?).

http {
…
proxy_cache_path /usr/local/nginx/cache levels=1:2
keys_zone=STATIC:10m inactive=24h max_size=1g;
…
}
server {
listen 80;
#listen [::]:80 ipv6only=on;
return 301 https://$host$request_uri;
}

server {
    listen                    ssl.xxx.yyy:443 ssl spdy;
   #listen                    [::]:443 ipv6only=on ssl;

    server_name               ssl.xxx.yyy;

    ssl                       on;
    ssl_session_cache         shared:SSL:10m;
    ssl_session_timeout       10m;
    ssl_ciphers

ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH:!AESGCM;
ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_certificate /usr/local/nginx/ssl/server.pem;
ssl_certificate_key /usr/local/nginx/ssl/ssl.key;
ssl_ecdh_curve secp521r1;

    keepalive_timeout         300;

    add_header Strict-Transport-Security "max-age=7776000;

includeSubdomains";

    error_page 502 504         /offline.html;

    location / {
        proxy_pass             http://xxx.xxx.xxx.xxx/;
        proxy_set_header       Host xxx.yyy;
        proxy_set_header       CF-Connecting-IP $remote_addr;
        proxy_set_header       X-Forwarded-Proto https;
        proxy_cache            STATIC;
        proxy_cache_valid      200  7d;
        proxy_cache_use_stale  error timeout invalid_header updating

http_500 http_502 http_503 http_504;
}

    location = /offline.html {
        root html;
    }
}

[small note: Do I really even need ssl_ecdh_curve? fine without? I can’t
find documentation on it so idk why I’m using it]

Config on my main site:

server {
listen [::]:80 ipv6only=on; # listen for IPv6 only traffic on
IPv6
sockets
listen 80; # listen also for IPv4 traffic on “regular” IPv4
sockets

    server_name  xxx.yyy;

    client_max_body_size 30M; #for large file uploads

    access_log  /home/web/logs/access.log  main;
    error_log /home/web/logs/error.log;

    root   /home/web/site;

    error_page  404 403    /404.html;

    location ~ /\.ht {
        deny   all;
        return 404;
    }

    location ~ /(addons|data|attachments) {
        deny   all;
        return 404;
    }

    location ~ \.php$ {
        try_files          $uri = 404;
        fastcgi_pass       unix:/tmp/php-fpm.sock;
        fastcgi_index      index.php;
        fastcgi_param      SCRIPT_FILENAME

$document_root$fastcgi_script_name;
include fastcgi_params;
}

    location ~ \.(?:ico|css|js|gif|jpe?g|png)$ {
        expires         90d;
        add_header      Cache-Control public;
    }

    location ~ \.(?:html|htm|rtf|rtx|svg|svgz|txt|xsd|xsl|xml)$ {
        expires 180s;
        add_header Cache-Control "public, must-revalidate";
    }
}

When I have scripts that should not be cached they get cached. For
example
if I have a script that displays my IP address, visiting that page on
the
reverse proxy it gets cached and is publicly viewable to everyone. How
can I
prevent the reverse proxy from caching PHP pages or pages ending in
.php?

Posted at Nginx Forum: