Nginx代理缓存使对s3的请求无效

时间:2014-11-09 07:12:22

标签: caching amazon-web-services nginx amazon-s3 proxy

我已经从我的应用服务器设置了一个代理到私有s3存储桶来缓存请求。我遇到了一些麻烦,其中s3拒绝我的下载请求(403禁止),经过一些实验,似乎禁用缓存允许有效请求通过。但代理的整个目的是作为缓存。我想代理正在以某种方式改变请求,但我不明白如何。有没有人能够深入了解nginx中的启用缓存如何改变请求以及是否有某种方法可以解决这个问题?

这是相关配置。

http {

    proxy_cache_path          /home/cache levels=1:2 keys_zone=S3_CACHE:10m inactive=24h max_size=500m;
    proxy_temp_path           /home/cache/tmp;

    server {

        server_name my-cache-server.com;
        listen 80;

        proxy_cache S3_CACHE;

        location / {

            proxy_buffering        on;
            proxy_pass             http://MY_BUCKET.s3.amazonaws.com/;
            proxy_pass_request_headers      on;
        }
    }
}

如果我删除了行proxy_cache S3_CACHE;

以下是禁用了proxy_cache和启用的nginx访问日志之间的区别...在第一种情况下,标头被传递,接受,然后发出返回图像的get请求。在第二种情况下(启用缓存),标头被发送然后被拒绝,导致403错误,导致performance.vidigami.com测试服务器停止运行

... WORKING 

MY_IP - - [09/Nov/2014:23:19:04 +0000] "HEAD https://MY_BUCKET.s3.amazonaws.com/Test%20image.jpg      
HTTP/1.1" 200 0 "-" "aws-sdk-nodejs/2.0.23 darwin/v0.10.32"

MY_IP - - [09/Nov/2014:23:19:04 +0000] "GET https://MY_BUCKET.s3.amazonaws.com/Test%20image.jpg 
HTTP/1.1" 200 69475 "-" "aws-sdk-nodejs/2.0.23 darwin/v0.10.32"

不工作...... 

MY_IP - - [09/Nov/2014:23:20:08 +0000] "HEAD https://MY_BUCKET.s3.amazonaws.com/Test%20image.jpg 
HTTP/1.1" 403 0 "-" "aws-sdk-nodejs/2.0.23 darwin/v0.10.32"

1 个答案:

答案 0 :(得分:3)

如果AWS S3拒绝请求(HTTP 403),则原始呼叫无效,这不是缓存或Nginx问题。在您的情况下,Nginx本身通过http(80端口)访问S3,确保创建的S3 URL无需HTTPS即可访问。其他,请 proxy_pass https:// ...

此指令 proxy_pass_request_headers 不是必需的,默认情况下代理缓冲也处于启用状态。强烈建议您启用访问/错误日志。

要使用HTTP 1.1使用后端保持活动并执行缓存,请使用以下指令:

location / {
  proxy_http_version     1.1;
  proxy_set_header       Connection "";
  proxy_set_header       Host 'MY_BUCKET.s3.amazonaws.com';
  proxy_set_header       Authorization '';
  proxy_hide_header      x-amz-id-2;
  proxy_hide_header      x-amz-request-id;
  proxy_hide_header      Set-Cookie;
  proxy_ignore_headers   Set-Cookie;

  proxy_cache            S3_CACHE;
  proxy_cache_valid      200 24h;
  proxy_cache_valid      403 15m;
  proxy_cache_bypass     $http_cache_purge;
  add_header             X-Cached $upstream_cache_status;

  proxy_pass             http://MY_BUCKET.s3.amazonaws.com/;

  access_log             s3.access.log;
  error_log              s3.error.log;
}

缓存失效通过HTTP标头缓存清除工作,因此标头 X-Cached 分别根据完整请求或从缓存中检索显示MISS / HIT。要执行缓存失效,只需执行以下操作:

curl -I 'http://your_server.com/file' -H 'Cache-Purge: 1'

选择合适的S3端点以避免DNS重定向非常重要:

us-east-1       s3.amazonaws.com
us-west-2       s3-us-west-2.amazonaws.com
us-west-1       s3-us-west-1.amazonaws.com
eu-west-1       s3-eu-west-1.amazonaws.com  
eu-central-1    s3.eu-central-1.amazonaws.com
ap-southeast-1  s3-ap-southeast-1.amazonaws.com
ap-southeast-2  s3-ap-southeast-2.amazonaws.com
ap-northeast-1  s3-ap-northeast-1.amazonaws.com
sa-east-1       s3-sa-east-1.amazonaws.com
相关问题
最新问题