From a45516468d9dd5dd7b96cdf311c07adb472c4e7f Mon Sep 17 00:00:00 2001 From: James Kinsman Date: Sat, 12 Nov 2022 12:10:20 +0000 Subject: [PATCH] Addition of upstream proxy to resolve slice redirect errors (302 Playstation) (#156) Addition of Upstream proxy from #60 to test 302 cache impact on PS5 caching Refactored upstream proxy into lancache standard structure. Simplified both location blocks into a single file rather than further delegated folders Fixed spacing & indents --- Dockerfile | 27 ++++++------- overlay/etc/nginx/nginx.conf | 38 ++++++++++--------- .../etc/nginx/sites-available/10_cache.conf | 2 + .../nginx/sites-available/20_upstream.conf | 17 +++++++++ .../cache.conf.d/root/20_cache.conf | 2 - .../cache.conf.d/root/90_upstream.conf | 5 ++- .../upstream.conf.d/10_resolver.conf | 2 + .../upstream.conf.d/20_tracking.conf | 2 + .../upstream.conf.d/30_primary_proxy.conf | 9 +++++ .../upstream.conf.d/40_redirect_proxy.conf | 11 ++++++ .../etc/nginx/stream-available/10_sni.conf | 10 ++--- overlay/hooks/entrypoint-pre.d/10_setup.sh | 1 + 12 files changed, 87 insertions(+), 39 deletions(-) create mode 100644 overlay/etc/nginx/sites-available/20_upstream.conf create mode 100644 overlay/etc/nginx/sites-available/upstream.conf.d/10_resolver.conf create mode 100644 overlay/etc/nginx/sites-available/upstream.conf.d/20_tracking.conf create mode 100644 overlay/etc/nginx/sites-available/upstream.conf.d/30_primary_proxy.conf create mode 100644 overlay/etc/nginx/sites-available/upstream.conf.d/40_redirect_proxy.conf diff --git a/Dockerfile b/Dockerfile index ad4909f..1ad1557 100644 --- a/Dockerfile +++ b/Dockerfile @@ -3,6 +3,9 @@ LABEL version=3 LABEL description="Single caching container for caching game content at LAN parties." LABEL maintainer="LanCache.Net Team " +RUN apt-get update ;\ + apt-get install -y jq git ; + ENV GENERICCACHE_VERSION=2 \ CACHE_MODE=monolithic \ WEBUSER=www-data \ @@ -24,19 +27,17 @@ RUN rm /etc/nginx/sites-enabled/* /etc/nginx/stream-enabled/* ;\ chmod 754 /var/log/tallylog ; \ id -u ${WEBUSER} &> /dev/null || adduser --system --home /var/www/ --no-create-home --shell /bin/false --group --disabled-login ${WEBUSER} ;\ chmod 755 /scripts/* ;\ - mkdir -m 755 -p /data/cache ;\ - mkdir -m 755 -p /data/info ;\ - mkdir -m 755 -p /data/logs ;\ - mkdir -m 755 -p /tmp/nginx/ ;\ - chown -R ${WEBUSER}:${WEBUSER} /data/ ;\ - mkdir -p /etc/nginx/sites-enabled ;\ - ln -s /etc/nginx/sites-available/10_cache.conf /etc/nginx/sites-enabled/10_generic.conf; \ - ln -s /etc/nginx/stream-available/10_sni.conf /etc/nginx/stream-enabled/10_sni.conf - -RUN mkdir -m 755 -p /data/cachedomains ;\ - mkdir -m 755 -p /tmp/nginx ;\ - apt-get update ;\ - apt-get install -y jq git ; + mkdir -m 755 -p /data/cache ;\ + mkdir -m 755 -p /data/info ;\ + mkdir -m 755 -p /data/logs ;\ + mkdir -m 755 -p /tmp/nginx/ ;\ + chown -R ${WEBUSER}:${WEBUSER} /data/ ;\ + mkdir -p /etc/nginx/sites-enabled ;\ + ln -s /etc/nginx/sites-available/10_cache.conf /etc/nginx/sites-enabled/10_generic.conf; \ + ln -s /etc/nginx/sites-available/20_upstream.conf /etc/nginx/sites-enabled/20_upstream.conf; \ + ln -s /etc/nginx/stream-available/10_sni.conf /etc/nginx/stream-enabled/10_sni.conf; \ + mkdir -m 755 -p /data/cachedomains ;\ + mkdir -m 755 -p /tmp/nginx RUN git clone --depth=1 --no-single-branch https://github.com/uklans/cache-domains/ /data/cachedomains diff --git a/overlay/etc/nginx/nginx.conf b/overlay/etc/nginx/nginx.conf index 367a734..a3b2da4 100644 --- a/overlay/etc/nginx/nginx.conf +++ b/overlay/etc/nginx/nginx.conf @@ -5,35 +5,37 @@ pid /run/nginx.pid; include /etc/nginx/modules-enabled/*.conf; events { - worker_connections 4096; - multi_accept on; - use epoll; + worker_connections 4096; + multi_accept on; + use epoll; } http { - aio threads; - sendfile on; - tcp_nopush on; - tcp_nodelay on; - keepalive_timeout 65; - types_hash_max_size 2048; + aio threads; + sendfile on; + tcp_nopush on; + tcp_nodelay on; + keepalive_timeout 65; + types_hash_max_size 2048; - include /etc/nginx/mime.types; - default_type application/octet-stream; + include /etc/nginx/mime.types; + default_type application/octet-stream; - access_log /var/log/nginx/access.log; - error_log /var/log/nginx/error.log; + access_log /var/log/nginx/access.log; + error_log /var/log/nginx/error.log; - gzip on; - include /etc/nginx/conf.d/*.conf; + gzip on; - include /etc/nginx/sites-enabled/*.conf; + include /etc/nginx/conf.d/*.conf; + + include /etc/nginx/sites-enabled/*.conf; } stream { - include /etc/nginx/stream.d/*.conf; - include /etc/nginx/stream-enabled/*; + include /etc/nginx/stream.d/*.conf; + include /etc/nginx/stream-enabled/*; } + diff --git a/overlay/etc/nginx/sites-available/10_cache.conf b/overlay/etc/nginx/sites-available/10_cache.conf index 950f346..34cdf93 100644 --- a/overlay/etc/nginx/sites-available/10_cache.conf +++ b/overlay/etc/nginx/sites-available/10_cache.conf @@ -1,3 +1,5 @@ +# Primary monolithic cache engine + server { listen 80 reuseport; diff --git a/overlay/etc/nginx/sites-available/20_upstream.conf b/overlay/etc/nginx/sites-available/20_upstream.conf new file mode 100644 index 0000000..6617943 --- /dev/null +++ b/overlay/etc/nginx/sites-available/20_upstream.conf @@ -0,0 +1,17 @@ +# Upstream server to proxy and handle inconsistent 302 redirects +# All cache traffic is passed through this proxy to allow rewriting of redirects without caching + +# This is particularly important for sony / ps5 as upstreams redirect between them which confuses slice map on caching + +server { + + # Internal bind on 3128, this should not be externally mapped + listen localhost:3128 reuseport; + + # No access_log tracking as all requests to this instance are already logged through monolithic + + # access_log /data/logs/upstream-access.log cachelog; + error_log /data/logs/upstream-error.log; + + include /etc/nginx/sites-available/upstream.conf.d/*.conf; +} diff --git a/overlay/etc/nginx/sites-available/cache.conf.d/root/20_cache.conf b/overlay/etc/nginx/sites-available/cache.conf.d/root/20_cache.conf index 263b874..4fb1ce4 100644 --- a/overlay/etc/nginx/sites-available/cache.conf.d/root/20_cache.conf +++ b/overlay/etc/nginx/sites-available/cache.conf.d/root/20_cache.conf @@ -31,5 +31,3 @@ # 40G max file proxy_max_temp_file_size 40960m; - - diff --git a/overlay/etc/nginx/sites-available/cache.conf.d/root/90_upstream.conf b/overlay/etc/nginx/sites-available/cache.conf.d/root/90_upstream.conf index a42a604..7dddf27 100644 --- a/overlay/etc/nginx/sites-available/cache.conf.d/root/90_upstream.conf +++ b/overlay/etc/nginx/sites-available/cache.conf.d/root/90_upstream.conf @@ -1,6 +1,9 @@ # Upstream Configuration proxy_next_upstream error timeout http_404; - proxy_pass http://$host$request_uri; + + # Proxy into the redirect handler + proxy_pass http://127.0.0.1:3128$request_uri; + proxy_redirect off; proxy_ignore_client_abort on; diff --git a/overlay/etc/nginx/sites-available/upstream.conf.d/10_resolver.conf b/overlay/etc/nginx/sites-available/upstream.conf.d/10_resolver.conf new file mode 100644 index 0000000..3375ec2 --- /dev/null +++ b/overlay/etc/nginx/sites-available/upstream.conf.d/10_resolver.conf @@ -0,0 +1,2 @@ + resolver UPSTREAM_DNS ipv6=off; + diff --git a/overlay/etc/nginx/sites-available/upstream.conf.d/20_tracking.conf b/overlay/etc/nginx/sites-available/upstream.conf.d/20_tracking.conf new file mode 100644 index 0000000..b8f389b --- /dev/null +++ b/overlay/etc/nginx/sites-available/upstream.conf.d/20_tracking.conf @@ -0,0 +1,2 @@ + # Header to track if resolved from upstream or 302 redirect + set $orig_loc 'upstream'; diff --git a/overlay/etc/nginx/sites-available/upstream.conf.d/30_primary_proxy.conf b/overlay/etc/nginx/sites-available/upstream.conf.d/30_primary_proxy.conf new file mode 100644 index 0000000..e237e60 --- /dev/null +++ b/overlay/etc/nginx/sites-available/upstream.conf.d/30_primary_proxy.conf @@ -0,0 +1,9 @@ + # Proxy all requests to upstream + location / { + # Simple proxy the request + proxy_pass http://$host$request_uri; + + # Catch the errors to process the redirects + proxy_intercept_errors on; + error_page 301 302 307 = @upstream_redirect; + } diff --git a/overlay/etc/nginx/sites-available/upstream.conf.d/40_redirect_proxy.conf b/overlay/etc/nginx/sites-available/upstream.conf.d/40_redirect_proxy.conf new file mode 100644 index 0000000..75adca5 --- /dev/null +++ b/overlay/etc/nginx/sites-available/upstream.conf.d/40_redirect_proxy.conf @@ -0,0 +1,11 @@ + # Special location block to handle 302 redirects + location @upstream_redirect { + # Upstream_http_location contains the Location: redirection from the upstream server + set $saved_upstream_location '$upstream_http_location'; + + # Set debug header + set $orig_loc 'upstream-302'; + + # Pass to proxy and reproxy the request + proxy_pass $saved_upstream_location; + } diff --git a/overlay/etc/nginx/stream-available/10_sni.conf b/overlay/etc/nginx/stream-available/10_sni.conf index 40161a3..3350bf2 100644 --- a/overlay/etc/nginx/stream-available/10_sni.conf +++ b/overlay/etc/nginx/stream-available/10_sni.conf @@ -1,9 +1,9 @@ server { - listen 443; + listen 443; resolver UPSTREAM_DNS ipv6=off; - proxy_pass $ssl_preread_server_name:443; - ssl_preread on; + proxy_pass $ssl_preread_server_name:443; + ssl_preread on; - access_log /data/logs/stream-access.log stream_basic; - error_log /data/logs/stream-error.log; + access_log /data/logs/stream-access.log stream_basic; + error_log /data/logs/stream-error.log; } diff --git a/overlay/hooks/entrypoint-pre.d/10_setup.sh b/overlay/hooks/entrypoint-pre.d/10_setup.sh index f9a9d0e..305c96c 100644 --- a/overlay/hooks/entrypoint-pre.d/10_setup.sh +++ b/overlay/hooks/entrypoint-pre.d/10_setup.sh @@ -17,4 +17,5 @@ sed -i "s/CACHE_MAX_AGE/${CACHE_MAX_AGE}/" /etc/nginx/conf.d/20_proxy_cache_path sed -i "s/CACHE_MAX_AGE/${CACHE_MAX_AGE}/" /etc/nginx/sites-available/cache.conf.d/root/20_cache.conf sed -i "s/slice 1m;/slice ${CACHE_SLICE_SIZE};/" /etc/nginx/sites-available/cache.conf.d/root/20_cache.conf sed -i "s/UPSTREAM_DNS/${UPSTREAM_DNS}/" /etc/nginx/sites-available/cache.conf.d/10_root.conf +sed -i "s/UPSTREAM_DNS/${UPSTREAM_DNS}/" /etc/nginx/sites-available/upstream.conf.d/10_resolver.conf sed -i "s/UPSTREAM_DNS/${UPSTREAM_DNS}/" /etc/nginx/stream-available/10_sni.conf