Nginx – Resolver directive for setting up nginx reverse proxy

nginx

When setting up nginx as a reverse proxy with a gunicorn application server (a typical 1-to-1 mapping between the backend application server and nginx), I've configured the following:

upstream my_server {

  server unix:/home/user/folder/app/app.sock  fail_timeout=0;
}

location @https_proxy_to_app {
    proxy_set_header X-Forwarded-Proto https;
    include proxy_params;
    proxy_redirect off;
    proxy_pass http://my_server;
}

This is prescribed by a lot of literature available on the subject. While this works, I have a couple of questions about it.

Firstly (and trivially), why the need to include http:// in proxy_pass http://my_server;?

And secondly (and more importantly), do I need to set the resolver directive for this kind of a setup? I'm not using AWS' Elastic Load Balancer, and a lot of the prescription around the resolver directive happens to revolve around AWS ELB. Can someone explain in layman's terms why and how I need to set it? Accidental server admin here, so need an expert opinion.

Note that I'm also using OSCP stapling.

Best Answer

The resolver directive should be used in cases where your upstream servers are defined with DNS names.

IP adresses for upstream servers are evaluated when nginx starts.

The caveat here is that if an IP address is changed for a DNS name, nginx will not be aware of that until it restarts.

The resolver directive takes care of this, by updating "transparently" the IP address for the upstream server when the cache defined (valid=time) is expired.

In your case, where you use a Unix Socket and not a DNS name, this directive would be useless.

Why specify http for a Unix Socket ? I admit i am not 100% sure what the reason is.

Surely mainly because the proxy_pass directive requires that both, protocol and address, are defined for the proxied server, and that nginx allows only http and https protocols.

proxy_pass URL;

Sets the protocol and address of a proxied server and an optional URI to which a location should be mapped. As a protocol, “http” or “https” can be specified.

http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_pass

Related Solutions

Nginx – How to Set Up as a Caching Reverse Proxy

I don't think that there is a way to explicitly invalidate cached items, but here is an example of how to do the rest. Update: As mentioned by Piotr in another answer, there is a cache purge module that you can use. You can also force a refresh of a cached item using nginx's proxy_cache_bypass - see Cherian's answer for more information.

In this configuration, items that aren't cached will be retrieved from example.net and stored. The cached versions will be served up to future clients until they are no longer valid (60 minutes).

Your Cache-Control and Expires HTTP headers will be honored, so if you want to explicitly set an expiration date, you can do that by setting the correct headers in whatever you are proxying to.

There are lots of parameters that you can tune - see the nginx Proxy module documentation for more information about all of this including details on the meaning of the different settings/parameters: http://nginx.org/r/proxy_cache_path

http {
  proxy_cache_path  /var/www/cache levels=1:2 keys_zone=my-cache:8m max_size=1000m inactive=600m;
  proxy_temp_path /var/www/cache/tmp; 


  server {
    location / {
      proxy_pass http://example.net;
      proxy_cache my-cache;
      proxy_cache_valid  200 302  60m;
      proxy_cache_valid  404      1m;
    }
  }
}

Nginx – Help needed setting up nginx to serve static files

I looked at the nginx error logs and found that it was trying to serve the media from /var/django/myproject/site_media/site_media instead of /var/django/myproject/site_media --weird.

I changed root /var/django/myproject/site_media; to root /var/django/myproject; and it works now.

Best Answer

Related Solutions

Nginx – How to Set Up as a Caching Reverse Proxy

Nginx – Help needed setting up nginx to serve static files

Related Topic