diff options
author | Karen Arutyunov <karen@codesynthesis.com> | 2020-04-28 13:11:01 +0300 |
---|---|---|
committer | Karen Arutyunov <karen@codesynthesis.com> | 2020-05-01 14:26:24 +0300 |
commit | e326eacee55d5bff5fd18aefece07cd7f7daacee (patch) | |
tree | 6199adf996a77d971ff837d8c6fbb62daeee4888 /etc | |
parent | 74306be97efedeafdeef1f1b98e842b5af11512e (diff) |
Add Apache2-based HTTP(S) caching proxy configuration
Diffstat (limited to 'etc')
-rw-r--r-- | etc/proxy-apache2.conf | 144 |
1 files changed, 144 insertions, 0 deletions
diff --git a/etc/proxy-apache2.conf b/etc/proxy-apache2.conf new file mode 100644 index 0000000..fc7cfea --- /dev/null +++ b/etc/proxy-apache2.conf @@ -0,0 +1,144 @@ +# Paste the following fragment into the <VirtualHost> section intended for +# proxying HTTP(S) requests and caching the responses. See INSTALL-PROXY for +# details. +# +# List of modules used: +# +# rewrite +# headers +# ssl +# proxy +# proxy_http +# cache +# cache_disk +# + + # Enable the rewrite rules functionality. + # + <IfModule !rewrite_module> + Error "rewrite_module is not enabled" + </IfModule> + + RewriteEngine on + RewriteOptions AllowAnyURI + + # Make sure that the HTTP header management functionality is enabled. + # + <IfModule !headers_module> + Error "headers_module is not enabled" + </IfModule> + + # Enable the HTTP proxy. + # + <IfModule !proxy_module> + Error "proxy_module is not enabled" + </IfModule> + + <IfModule !proxy_http_module> + Error "proxy_http_module is not enabled" + </IfModule> + + ProxyRequests On + + # Enable SSL/TLS API usage for querying HTTPS URLs. + # + <IfModule !ssl_module> + Error "ssl_module is not enabled" + </IfModule> + + SSLProxyEngine on + + # Optional: prevent non-authorized proxy usage, for example: + # + # <Proxy *> + # Require ip 10.5 + # </Proxy> + + # Accept only the HTTP GET method and respond with the 403 HTTP status + # code (Forbidden) for other methods. + # + RewriteCond %{REQUEST_METHOD} !GET + RewriteRule .* - [F] + + # Optional: restrict the URL set allowed for proxying, for example: + # + # RewriteCond %{HTTP_HOST} !(.+\.)?example.org + # RewriteRule .* - [F] + + # Convert the http scheme to https for URLs being proxied. + # + # To prevent the conversion we can exclude certain hosts. For example: + # + # RewriteCond %{HTTP_HOST} !(.+\.)?example.org [OR] + # RewriteCond %{HTTP_HOST} !(.+\.)?example.net + # + # Or check for a custom header value. Note that this header should not + # be forwarded to the origin server. For example: + # + # RewriteCond %{HTTP:X-Preserve-HTTP} !(1|on|true) [NC] + # RequestHeader unset X-Preserve-HTTP + # + RewriteRule ^proxy:http://(.*)$ "https://$1" [P] + + # Enable the disk storage-based cache. + # + <IfModule !cache_module> + Error "cache_module is not enabled" + </IfModule> + + <IfModule !cache_disk_module> + Error "cache_disk_module is not enabled" + </IfModule> + + CacheEnable disk "http://" + + # Specify the cache root directory and make sure it is writable by the + # user under which Apache2 is running. + # + # Note that if there are no other proxies enabled for the WEB server, + # you can probably specify (you still have to specify it) the default + # cache directory (/var/cache/apache2/mod_cache_disk for Debian/Ubuntu + # and /var/cache/httpd/proxy for Fedora/RHEL). + # + CacheRoot + + # Cache entry maximum size (in bytes). + # + CacheMaxFileSize 100000000 + + # Prevent duplicate caching of responses for the same simultaneously + # proxied URL. Specify an appropriate per-URL lock timeout (in + # seconds) to avoid stalled downloads from keeping the entries + # uncached. + # + CacheLock on + CacheLockMaxAge 600 + + # Always validate an existing cache entry by querying the origin + # server. + # + # We do this by injecting the request header which always declares the + # existing cache entry as potentially stale (ignoring Expire response + # header and Cache-Control header's max-age field) which should also + # be propagated through all the upstream proxies forcing them to + # validate the resource freshness. + # + # Note that this relies on both the proxy and origin servers correctly + # supporting conditional requests based on entity tags (ETag HTTP + # response and If-None-Match HTTP request headers) or less accurate + # entity modification times (Last-Modified HTTP response and + # If-Modified-Since HTTP request headers), which is normally the case + # if both are running Apache. A proxy normally caches the ETag and/or + # Last-Modified response header values alongside the cached entity and + # adds If-None-Match and/or If-Modified-Since headers respectively to + # the entity validation request. An origin server normally checks if + # any of the ETag or Last-Modified headers changed for the entity and + # responds with its full content, if that's the case, or with the 304 + # HTTP status code (Not Modified) otherwise (see the Apache Caching + # Guide for details). + # + # Also note that to observe the injected header the cache handler + # should not be configured as a quick handler. + # + RequestHeader set Cache-Control max-age=0 + CacheQuickHandler off |