savoirfairelinux · ghost · May 2, 2017 · May 2, 2017
diff --git a/README.md b/README.md
@@ -29,4 +29,13 @@ This role supports uninstalling cleanly. If you run the role with `php_uninstall
 resources created by the role will be removed. This however, excludes system packages because we
 want to avoid removing packages that another role might need.
 
+## FastCGI Cache
+
+You can enable FastCGI Cache by setting `php_fastcgi_cache_enabled` to `true`.
+If you want to clear the cache, you need to call from the same machine this
+corresponding URL : `http://[[php_base_name]].purge.cache.fastcgi.nginx.local/`
+
+More information about caching features can be found in `defaults/main.yml`.
+
+
 [ansible-nginx]: https://github.com/savoirfairelinux/ansible-nginx
diff --git a/defaults/main.yml b/defaults/main.yml
@@ -77,3 +77,30 @@ php_http_basic_auth_accounts: []
 #   password: whatever42
 # - username: alice
 #   password: rocknroll42
+
+# Enable FastCGI cache
+php_fastcgi_cache_enabled: false
+
+# set fastcgi cache storage path
+php_fastcgi_cache_storage_path: "/dev/shm/nginx_fastcgi_cache_{{ php_base_name }}"
+
+# maximum size of cache in Mb
+php_fastcgi_cache_max_size_mb: 256
+
+# minutes before cached page expiration
+php_fastcgi_cache_expiration_minutes: 10080
+
+# the request uris regexes to not cache
+php_fastcgi_cache_ignored_uri_regex_matches: []
+
+# if you want to not cache post requests
+php_fastcgi_cache_ignore_post_requests: true
+
+# where you want to save the cache clear script
+php_fastcgi_cache_purge_script_path: ""
+
+# if nginx requests per second limit must be enabled (outer static assets)
+php_limitreq_enabled: false
+
+# the maximum requests per second per client IP address to throw HTTP error
+php_limitreq_per_second: 15
diff --git a/tasks/nginx.yml b/tasks/nginx.yml
@@ -20,3 +20,24 @@
 - name: Create config for site
   template: "src=nginx.conf dest=/etc/nginx/sites-enabled/{{ php_base_name }}.conf"
   notify: nginx restart
+
+# Older versions of nginx shipped with package manager does not support
+# fastcgi_cache_purge, and fastcgi refuses to give rights over cache files to
+# particular users, and LXDock sets nosuid so we required to workaround this
+# by creating a simple script owned by www-data that delete the cache by itself.
+# For this version, the whole cache will be cleared because it do the
+# job for what we need. May be required to upgrade this method in the future.
+- name: Ensure a script that www-data can execute to clear FastCGI Cache
+  template:
+    src: cache-clear-script.conf
+    dest: "{{ php_fastcgi_cache_purge_script_path }}"
+    mode: 0050
+    owner: root
+    group: www-data
+  when: php_fastcgi_cache_enabled
+
+- name: Ensure that the FastCGI Cache clear URL is reachable
+  lineinfile:
+    path: /etc/hosts
+    line: "127.0.0.1 {{ php_base_name }}.purge.cache.fastcgi.nginx.local"
+  when: php_fastcgi_cache_enabled
diff --git a/templates/cache-clear-script.conf b/templates/cache-clear-script.conf
@@ -0,0 +1,2 @@
+<?php
+system('rm -rf {{ php_fastcgi_cache_storage_path }}/*');
diff --git a/templates/nginx.conf b/templates/nginx.conf
@@ -21,7 +21,32 @@ server {
 }
 {% endfor %}
 
+{% if php_limitreq_enabled %}
+limit_req_zone $binary_remote_addr zone=limit_req_{{ php_base_name }}:10m  rate={{ php_limitreq_per_second }}r/s;
+{% endif %}
+
+{% if php_fastcgi_cache_enabled %}
+fastcgi_cache_path {{ php_fastcgi_cache_storage_path }} levels=1:2 keys_zone=fastcgi_cache_{{ php_base_name }}:{{ php_fastcgi_cache_max_size_mb }}m inactive={{ php_fastcgi_cache_expiration_minutes }}m;
+fastcgi_cache_key "$scheme$request_method$host$request_uri";
+fastcgi_cache_use_stale error timeout invalid_header http_500;
+fastcgi_ignore_headers Cache-Control Expires Set-Cookie;
+{% endif %}
+
 server {
+    {% if php_fastcgi_cache_enabled %}
+    set $skip_cache 0;
+    {% if php_fastcgi_cache_ignore_post_requests %}
+    if ($request_method = POST) {
+        set $skip_cache 1;
+    }
+    {% endif %}
+    {% for match in php_fastcgi_cache_ignored_uri_regex_matches %}
+    if ($request_uri ~ {{ match }}) {
+        set $skip_cache 1;
+    }
+    {% endfor %}
+    {% endif %}
+
     {% if php_referer_hash_bucket_size is defined -%}
     referer_hash_bucket_size {{ php_referer_hash_bucket_size }};
     {%- endif %}
@@ -74,7 +99,29 @@ server {
         fastcgi_param {{ item }};
         {% endfor %}
         {{ php_fastcgi_nginx_include }}
+        {% if php_fastcgi_cache_enabled %}
+        fastcgi_cache_bypass $skip_cache;
+        fastcgi_no_cache $skip_cache;
+        fastcgi_cache fastcgi_cache_{{ php_base_name }};
+        fastcgi_cache_valid {{ php_fastcgi_cache_expiration_minutes }}m;
+        {% endif %}
+        {% if php_limitreq_enabled %}
+        limit_req zone=limit_req_{{ php_base_name }} burst={{ php_limitreq_per_second }} nodelay;
+        limit_req_log_level error;
+        limit_req_status 429;
+        {% endif %}
     }
     {% endif %}
 }
 
+{% if php_fastcgi_cache_enabled %}
+server {
+    listen 127.0.0.1:80;
+    server_name {{ php_base_name }}.purge.cache.fastcgi.nginx.local;
+    location / {
+        include fastcgi.conf;
+        fastcgi_pass unix:{{ php_fpm_socket_path|mandatory }};
+        fastcgi_param SCRIPT_FILENAME {{ php_fastcgi_cache_purge_script_path }};
+    }
+}
+{% endif %}
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,2 @@
		<?php
		system('rm -rf {{ php_fastcgi_cache_storage_path }}/*');