# Nginx pkg cache help



## Blue|Fusion (Jul 1, 2022)

Hello all,

I am setting up an Nginx caching web server in a FreeBSD 13.1 Jail.  It is working as expected for freebsd-update and my Linux distro of choice, but not for FreeBSD binary packages.  The access log shows it is a cache miss and the file is retrieved downstream successfully through the Nginx cache, but the file is never cached - */var/log/nginx/fbsd-pkg* remains an empty directory (with proper permissions created at Nginx service start).


```
bf@repocache:~ % sudo du -h -d1 /var/cache/nginx
3.1G    /var/cache/nginx/void-repo
 12K    /var/cache/nginx/fbsd-update
512B    /var/cache/nginx/fbsd-pkg
3.1G    /var/cache/nginx
```

Here is my */usr/local/etc/nginx/nginx.conf* (my FQDN replaced with _example.lan_):
(Also open to other recommendations to make this pieced together config more appropriate for the task)


```
events {
    worker_connections 1024;
    multi_accept on;
}

http {
    aio threads;
    sendfile on;
    tcp_nopush on;
    tcp_nodelay on;
    keepalive_timeout 65;

    include       mime.types;
    default_type  application/octet-stream;

    log_format cachelog '$remote_addr / $http_x_forwarded_for - $remote_user [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent" "$upstream_cache_status" "$http_range"';

    proxy_cache_key "$scheme$request_method$host$request_uri";
    proxy_cache_path /var/cache/nginx/fbsd-update levels=1:2 keys_zone=fbsdupdate_cache:10m
                      max_size=5G inactive=7d use_temp_path=off;
    proxy_cache_path /var/cache/nginx/fbsd-pkg levels=1:2 keys_zone=fbsdpkg_cache:10m
                      max_size=10G inactive=365d use_temp_path=off;
    proxy_cache_path /var/cache/nginx/void-repo levels=1:2 keys_zone=voidrepo_cache:10m
                      max_size=10G inactive=365d use_temp_path=off;

    server {
      listen 80;
      server_name fbsd-update.example.lan;

      root /var/cache/nginx/fbsd-update;

      access_log /var/log/nginx/fbsd-update-access.log cachelog;

      location /nginx-status {
          stub_status on;
          access_log off;
          allow 127.0.0.1;
          allow ::1;
          deny all;
      }

      location / {
        proxy_cache fbsdupdate_cache;
        proxy_cache_lock on;
        proxy_buffering on;
        proxy_cache_lock_age 5m;
        proxy_cache_lock_timeout 15m;
        proxy_http_version 1.1;
        proxy_cache_revalidate  on;
        proxy_cache_valid 200 7d;
        expires max;
        add_header X-Proxy-Cache $upstream_cache_status;

        proxy_pass http://update.freebsd.org;

        location ~* (latest.ssl)$ {
            proxy_cache_bypass 1;
            proxy_no_cache 1;
            proxy_pass http://update.freebsd.org$request_uri;
        }
      }
    }

    server {
      listen 80;
      server_name fbsd-pkg.example.lan;

      root /var/cache/nginx/fbsd-pkg;

      access_log /var/log/nginx/fbsd-pkg-access.log cachelog;

      location /nginx-status {
          stub_status on;
          access_log off;
          allow 127.0.0.1;
          allow ::1;
          deny all;
      }

      location / {
        proxy_cache fbsdpkg_cache;
        proxy_cache_lock on;
        proxy_cache_lock_age 5m;
        proxy_cache_lock_timeout 15m;
        proxy_buffering on;
        proxy_http_version 1.1;
        proxy_cache_revalidate  on;
        proxy_cache_valid 200 365d;
        expires max;
        add_header X-Proxy-Cache $upstream_cache_status;

        proxy_pass https://pkg.freebsd.org;

        location ~* (packagesite.pkg)$ {
            proxy_cache_bypass 1;
            proxy_no_cache 1;
            proxy_pass https://pkg.freebsd.org$request_uri;
        }
        location ~* (packagesite.txz)$ {
            proxy_cache_bypass 1;
            proxy_no_cache 1;
            proxy_pass https://pkg.freebsd.org$request_uri;
        }
        location ~* (meta.conf)$ {
            proxy_cache_bypass 1;
            proxy_no_cache 1;
            proxy_pass https://pkg.freebsd.org$request_uri;
        }
        location ~* (meta.txz)$ {
            proxy_cache_bypass 1;
            proxy_no_cache 1;
            proxy_pass https://pkg.freebsd.org$request_uri;
        }
      }
    }

    server {
      listen 80;
      server_name void-repo.example.lan;

      root /var/cache/nginx/void-repo;

      access_log /var/log/nginx/void-repo-access.log cachelog;

      location /nginx-status {
          stub_status on;
          access_log off;
          allow 127.0.0.1;
          allow ::1;
          deny all;
      }

      location / {
        proxy_cache voidrepo_cache;
        proxy_cache_lock on;
        proxy_buffering on;
        proxy_cache_lock_age 5m;
        proxy_cache_lock_timeout 15m;
        proxy_http_version 1.1;
        proxy_cache_revalidate  on;
        proxy_cache_valid 200 365d;
        expires max;
        add_header X-Proxy-Cache $upstream_cache_status;

        proxy_pass https://repo-us.voidlinux.org;

        location ~* (x86_64-repodata)$ {
            proxy_cache_bypass 1;
            proxy_no_cache 1;
            proxy_pass https://repo-us.voidlinux.org$request_uri;
        }
      }
    }
}
```


----------



## Blue|Fusion (Jul 2, 2022)

I figured it out.  It's not a fault of the configuration but the upstream headers setting *Cache-Control: private*.  I'm not sure why this is, perhaps there's a good reason?

In the mean time, I set Nginx to ignore this header and the packages are now caching locally which is very useful for my 30-something jails.


----------

