From 46f7124b646c1f4bd7f6669e323b1ed8d7519a8a Mon Sep 17 00:00:00 2001
From: ale <ale@incal.net>
Date: Mon, 30 Dec 2024 07:55:01 +0000
Subject: [PATCH 1/2] Allow full control of nginx proxy_cache_path parameters

Introduce the 'nginx_cache_params_custom' configuration variable.
---
 roles/float-infra-nginx/defaults/main.yml                 | 3 ---
 .../float-infra-nginx/templates/config/conf.d/proxy.conf  | 3 +--
 roles/float-infra-nginx/vars/main.yml                     | 8 ++++++++
 3 files changed, 9 insertions(+), 5 deletions(-)
 create mode 100644 roles/float-infra-nginx/vars/main.yml

diff --git a/roles/float-infra-nginx/defaults/main.yml b/roles/float-infra-nginx/defaults/main.yml
index cba99a72..50b41600 100644
--- a/roles/float-infra-nginx/defaults/main.yml
+++ b/roles/float-infra-nginx/defaults/main.yml
@@ -9,9 +9,6 @@ nginx_https_port: 443
 # How much memory to use for key caching in the proxy_cache.
 nginx_cache_keys_mem: "64m"
 
-# How much disk space to use for the cache.
-nginx_cache_fs_size: "1g"
-
 # URL of the SSO login server.
 sso_server_url: "https://login.{{ domain_public[0] }}/"
 
diff --git a/roles/float-infra-nginx/templates/config/conf.d/proxy.conf b/roles/float-infra-nginx/templates/config/conf.d/proxy.conf
index 0fbc839a..aa7d0497 100644
--- a/roles/float-infra-nginx/templates/config/conf.d/proxy.conf
+++ b/roles/float-infra-nginx/templates/config/conf.d/proxy.conf
@@ -21,12 +21,11 @@ proxy_http_version      1.1;
 
 # Set up a global cache.
 include /etc/nginx/accept.map;
-proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=global:{{ nginx_cache_keys_mem }} max_size={{ nginx_cache_fs_size }} inactive=1d use_temp_path=off;
+proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=global:{{ nginx_cache_keys_mem }} {% for k, v in nginx_cache_params | combine(nginx_cache_custom_params | default({})) | dictsort %} {{ k }}={{ v }}{% endfor %};
 proxy_cache_key "$scheme$host$request_uri$http_accept_simplified$sent_http_content_language";
 proxy_no_cache $cookie_SSO $http_authorization;
 proxy_cache_methods GET HEAD;
 proxy_cache_valid 200 10m;
-proxy_cache_min_uses 2;
 
 # Show our own error pages, not the remote ones.
 proxy_intercept_errors on;
diff --git a/roles/float-infra-nginx/vars/main.yml b/roles/float-infra-nginx/vars/main.yml
new file mode 100644
index 00000000..ce408bd7
--- /dev/null
+++ b/roles/float-infra-nginx/vars/main.yml
@@ -0,0 +1,8 @@
+---
+
+nginx_cache_params:
+  # Use nginx_cache_fs_size for backwards compatibility.
+  max_size: "{{ nginx_cache_fs_size | default('1g') }}"
+  inactive: "3h"
+  use_temp_path: "off"
+
-- 
GitLab


From 49a7cd66885a24895fbe2fcaf33548054bb96888 Mon Sep 17 00:00:00 2001
From: ale <ale@incal.net>
Date: Mon, 30 Dec 2024 08:06:29 +0000
Subject: [PATCH 2/2] Expire and load files more aggressively

---
 roles/float-infra-nginx/vars/main.yml | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/roles/float-infra-nginx/vars/main.yml b/roles/float-infra-nginx/vars/main.yml
index ce408bd7..b28532d2 100644
--- a/roles/float-infra-nginx/vars/main.yml
+++ b/roles/float-infra-nginx/vars/main.yml
@@ -3,6 +3,8 @@
 nginx_cache_params:
   # Use nginx_cache_fs_size for backwards compatibility.
   max_size: "{{ nginx_cache_fs_size | default('1g') }}"
-  inactive: "3h"
+  inactive: "1h"
   use_temp_path: "off"
+  manager_files: 1000
+  loader_files: 1000
 
-- 
GitLab