Set Up Apache as a Forward Proxy with Caching

apache-2.2cachePROXY

I would like to configure apache forward proxy with caching. I have some clients that have to downloa some big files from time to time from the internets, and I would like it to be done through this apache proxy, so that it has these big files cached on disk and returns them from cache.

I have managed to configure proxy, but caching does not work. I have cache, mem_cache, file_cache modules enabled. I have the following config of my caching proxy virtualhost:

<VirtualHost *:80>
ProxyRequests On
ProxyVia On

<Proxy *>
Order deny,allow
Deny from all
Allow from all
</Proxy>

CacheEnable disk /
CacheMaxFileSize 10000000000
CacheMinFileSize 1000000
CacheRoot "/var/cache/apache2/mod_disk_cache/"
CacheMaxExpire 24
CacheLastModifiedFactor 0.1
CacheIgnoreQueryString On
EnableSendfile On
CacheDefaultExpire 7200

CacheIgnoreNoLastMod On
CacheStorePrivate On
CacheStoreNoStore On

ServerName my-proxy

ErrorLog "/var/log/apache2/proxy-error.log"
CustomLog "/var/log/apache2/proxy-access.log" common
</VirtualHost>

For testing purposes I configured my Firefox to use this proxy. I download a zip file from
http://download.java.net/jdk8/archive/b128/binaries/jdk-8-fcs-bin-b128-linux-i586-01_feb_2014.tar.gz, which takes about 5 minutes. The only line I get in proxy-access.log on this event is:

"GET http://download.java.net/jdk8/archive/b128/binaries/jdk-8-fcs-bin-b128-linux-i586-01_feb_2014.tar.gz HTTP/1.1" 200 115883719

When I later check the /var/cache/apache2/mod_disk_cache folder, there is nothing there. And next time I download the same file it also takes the same 5 minutes, although in our local network the speed is much faster – which means it redownloads it from the internet again.

How can I make it cache?

I have seen this Setting Up Apache as a Forward Proxy with Caching question, read What Can be Cached? – there is no "Authorization" header in either request or response (checked with wireshark). So it looks to me as it should be cached. It also should not be affected by this bug, as apache version is 2.2.22-1ubuntu1 and not 2.4.3.

Best Answer

It was not initially documented properly, but CacheEnable does not implicitly apply to forward proxy anymore. there is a note and updated examples now.

http://httpd.apache.org/docs/2.4/mod/mod_cache.html#cacheenable

edit to not hide the answer in the link: as in CacheEnable disk http://

Related Solutions

Nginx – How to Set Up as a Caching Reverse Proxy

I don't think that there is a way to explicitly invalidate cached items, but here is an example of how to do the rest. Update: As mentioned by Piotr in another answer, there is a cache purge module that you can use. You can also force a refresh of a cached item using nginx's proxy_cache_bypass - see Cherian's answer for more information.

In this configuration, items that aren't cached will be retrieved from example.net and stored. The cached versions will be served up to future clients until they are no longer valid (60 minutes).

Your Cache-Control and Expires HTTP headers will be honored, so if you want to explicitly set an expiration date, you can do that by setting the correct headers in whatever you are proxying to.

There are lots of parameters that you can tune - see the nginx Proxy module documentation for more information about all of this including details on the meaning of the different settings/parameters: http://nginx.org/r/proxy_cache_path

http {
  proxy_cache_path  /var/www/cache levels=1:2 keys_zone=my-cache:8m max_size=1000m inactive=600m;
  proxy_temp_path /var/www/cache/tmp; 


  server {
    location / {
      proxy_pass http://example.net;
      proxy_cache my-cache;
      proxy_cache_valid  200 302  60m;
      proxy_cache_valid  404      1m;
    }
  }
}

Linux – Apache2 quietly breaking, won’t make apache2.pid

Hmm, I am pretty suspicious of the config file

/etc/apache2/vhosts.d/30_subversion_ssl_vhost.conf

When you remove the '-D SSL' you will cause all parts of the configuration files that are enclosed in ... to be skipped. The default SSL vhost file on my Gentoo box is wrapped in that tag so I wonder if, by removing the '-D SSL', you are preventing the config in 30_subversion_ssl_vhost.conf from being run at all and if that is what is allowing Apache to start.

If you temporarily remove the file 30_subversion_ssl_vhost.conf from /etc/apache2/vhosts.d does Apache run? Are there any other SSL related vhost.conf files in vhosts.d? My reasonably fresh/unused Apache install's vhosts.d directory looks like this:

# pwd && ls
/etc/apache2/vhosts.d
00_default_ssl_vhost.conf  00_default_vhost.conf  default_vhost.include

edit 1:

So much for that theory :) I am now wondering if the problem is with the Apache SSL setup itself. I apologize if I am covering ground you have already checked but I am wondering if you could do the following to help verify your Apache install.

On my Apache install with working SSL the use flags are as follows:

# emerge -av apache

These are the packages that would be merged, in order:

Calculating dependencies... done!
[ebuild     U ] www-servers/apache-2.2.11-r2 [2.2.11] USE="ssl -debug -doc -ldap (-selinux) -sni -static -suexec -threads" APACHE2_MODULES="actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias -asis -auth_digest -authn_dbd -cern_meta -charset_lite -dbd -dumpio -ident -imagemap -log_forensic -proxy -proxy_ajp -proxy_balancer -proxy_connect -proxy_ftp -proxy_http -substitute -version" APACHE2_MPMS="-event -itk -peruser -prefork -worker" 64 kB

In particular do you have the 'ssl' USE flag set?

Also, could you use equery to verify the integrity of your apache2 install? If you do not have the equery command you can install it by running 'emerge -av gentoolkit'. The following command should verify the integrity of your apache install:

equery check apache

On my server the above command gives the following output:

[ Checking www-servers/apache-2.2.11 ]
!!! /etc/apache2/vhosts.d/00_default_ssl_vhost.conf has wrong mtime (is 1256620928, should be 1246793824)
!!! /etc/apache2/modules.d/00_default_settings.conf has wrong mtime (is 1246796304, should be 1246793824)
!!! /etc/conf.d/apache2 has incorrect md5sum
 * 429 out of 432 files good

edit 2:

Well the install looks good to me, so much for theory 2. I am wondering if we can coax Apache into giving some more information on startup. In /etc/conf.d/apache2 if you change your APACHE2_OPTS line from:

APACHE2_OPTS="-D DEFAULT_VHOST -D INFO -D SSL -D SSL_DEFAULT_VHOST -D LANGUAGE"

APACHE2_OPTS="-X -e debug -D DEFAULT_VHOST -D INFO -D SSL -D SSL_DEFAULT_VHOST -D LANGUAGE"

and then start Apache (/etc/init.d/apache2 start) the daemon should stay in the foreground (the -X flag) and output debuging messages as it starts (the -e debug option). Maybe this will give a clue as to why it is dying on startup.

Best Answer

Related Solutions

Nginx – How to Set Up as a Caching Reverse Proxy

Linux – Apache2 quietly breaking, won’t make apache2.pid

Related Topic