-
-
Notifications
You must be signed in to change notification settings - Fork 12.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
nginx serving nix store paths sets last-modified header to unix+1 timestamp #25485
Comments
Why do you need to turn etag off? |
Ah, I see. nginx's etags aren't hashes. https://serverfault.com/questions/690341/algorithm-behind-nginx-etag-generation/690374#690374 |
I wonder if we could find a way to pull the hash out of the nix store path and put it into an etag header. |
Thanks for finding this. I've been having issues with broken caching on my nginx/nixos server. Even when the files on the server were updated (files in the nix store), the browser was told that no change had happened. If I'm understanding this correctly, since nginx's etags are based on filesystem modification time; you can't have proper cache invalidation (ie. it will always send 304 not modified). Or is there a workaround? |
+1 this is a problem. And turning off etag seems like overkill. Is there some way to 1) set the date on a file so that Nginx can pick it up, or 2) do something else awesome? |
Is the zero-timestamp rule set in stone in Nix, or is there some way to override it if you really want a file in /nix/store to have a particular timestamp? |
I think we could get away with:
It's not perfect, as it will change on each Nix evaluation instead of being content addressed. Another way would be to turn the store path passed to nginx |
The etag function is at ngx_http_core_module.c#L1582 Making it dependent on the realpath of the file seems doable. |
Explanation how to configure nginx to use the hash from the nix path: https://nixos.wiki/wiki/Nginx#Correct_Caching_when_Serving_Static_Files_from_.2Fnix.2Fstore |
In my testing, this sends the correct etag, but does not send the 304 not
modified, when the etag matches.
Also, the header gets stripped out when compression is enabled.
…On Sun, Jul 29, 2018, 14:54 Akii ***@***.***> wrote:
Explanation how to configure nginx to use the hash from the nix path:
https://nixos.wiki/wiki/Nginx#Correct_Caching_when_Serving_Static_Files_from_.2Fnix.2Fstore
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
<#25485 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AAnfpEGW6x31I2WS02ZPG4LRosPQHu_1ks5uLbCJgaJpZM4NPcks>
.
|
It's working perfectly for me. I've gzip compression enabled, the etag header is sent and the browser gets a 304 when querying the |
Nice! An example with a directory would be more common:
|
I've to correct what I said. @yorickvP your statement seems to be correct. What happens in my case is that Cloudflare is actually handling the caching of the ETag correctly, not nginx. So this approach is completely useless without external caching. I'll investigate further and see if I can come up with a solution. |
Here is a patch: https://gitlab.com/yegortimoshenko/patches/blob/cc67b35dc7cf68a18ba98043b54ed3d10374c486/nginx/nix-etag-1.15.4.patch If real path (after dereferencing symlinks) of
I'll take some time to double check everything and only then send a PR. However, feel free to test: { pkgs, ... }:
{
services.nginx = {
enable = true;
package = with pkgs; nginx.overrideAttrs (super: {
patches = (super.patches or []) ++ [(fetchpatch {
url = https://gitlab.com/yegortimoshenko/patches/raw/cc67b35dc7cf68a18ba98043b54ed3d10374c486/nginx/nix-etag-1.15.4.patch;
sha256 = "16pa1vwcm7kibkjsxpk3szaa2vnxdinml6v0fp4038i2qaav113k";
})];
});
};
} |
Resolves NixOS#25485. Usage example: $ realpath /var/www /nix/store/wnrhnnpdj3x50j5xz38zp1qxs1ygwccw-site $ curl --head localhost HTTP/1.1 200 OK Server: nginx Date: Fri, 28 Sep 2018 06:09:25 GMT Content-Type: text/html Content-Length: 50 Last-Modified: Thu, 01 Jan 1970 00:00:01 GMT Connection: keep-alive ETag: "wnrhnnpdj3x50j5xz38zp1qxs1ygwccw" Accept-Ranges: bytes
This is really great! @yegortimoshenko, @domenkozar, or anyone, do you have a moment to write an explanation of this new feature and its practical ramifications for anyone configuring an nginx server? Since it isn't typical nginx behavior, I think the nixos manual should explain it somewhere so it doesn't catch people by surprise. |
I think https://twitter.com/chris__martin/status/1123050969271554048 is a good explanation, just needs to be put into the manual. |
Cool, submitted #60578. |
If you serve files from
/nix/store
, nginx will set last-modified header to unix timestamp 1. The result is that browser will cache indefinitely.Not sure what we should do about it really, following nginx configuration helps:
The text was updated successfully, but these errors were encountered: