content cache ^#8

By ballot
stable

Supports: bionic focal

Description

Installs Nginx and HAProxy as a highly available web accelerator with TLS support. Useful for providing local mirrors of HTTP servers and building content delivery networks (CDN).

Series:
bionic ›
focal ›

Overview

Deploy your own content distribution network (CDN).

Usage

To deploy the charm:

juju deploy cs:content-cache

Set juju config for the sites option as required. For example:

# Site with some public, some authenticated content, using another site
# with two IPs for authentication. In this case, 10.1.1.2 and 10.1.1.3
# would need to listen on 443 for auth.example1.com and process
# authentication requests. If set, cache-maxconn will set the maximum
# number of simultaneous connections to the nginx cache for this location,
# while backend-maxconn limits connections to the defined backends.
# If unset, both will default to 2048
example1.com:
  tls-cert-bundle-path: /var/lib/haproxy
  locations:
    '/':
      extra-config:
        - root /srv/example1.com/content/
        - autoindex on
    '/auth':
      modifier: '='
      backends:
        - 10.1.1.2:443
        - 10.1.1.3:443
      backend-check-path: /status
      backend-inter-time: '10s'
      backend-maxconn: 64
      backend-path: /auth-check/
      backend-tls: True
      cache-maxconn: 4096
      cache-validity: '200 401 1h'
      origin-headers:
        - Original-URI: $request_uri
        - Resource-Name: example1
      extra-config:
        - internal
        - proxy_cache_key $http_authorization
      site-name: auth.example1.com
    '/status':
      extra-config:
        - stub_status on
    '/private/content/':
      extra-config:
        - root /srv/example1.com/content/
        - autoindex on
        - auth_request /auth
      nagios-expect: 401 Unauthorized

To get metrics:

juju deploy cs:telegraf
juju add-relation telegraf:haproxy content-cache:haproxy-statistics

You can then query the telegraf endpoint to get HAProxy metrics from the content-cache charm.

To get cache hits metrics:

juju config content-cache enable_prometheus_metrics=true

This will expose the following metrics for each site configured:

# HELP nginx_cache_request_hit_total Number of cache hits per site
# TYPE nginx_cache_request_hit_total counter
nginx_cache_request_hit_total{host="myhost"} 10
# HELP nginx_cache_request_total Number of cache requests per site 
# TYPE nginx_cache_request_total counter                           
nginx_cache_request_total{host="myhost"} 20
# HELP nginx_http_request_total Number of HTTP requests per site
# TYPE nginx_http_request_total counter
nginx_http_request_total{host="myhost",status="200"} 110129
# HELP nginx_metric_errors_total Number of nginx-lua-prometheus errors
# TYPE nginx_metric_errors_total counter
nginx_metric_errors_total 0

Configuration

blacklist_ports: (string) Comma-separated list of TCP port numbers to skip over when generating internal servers used between haproxy and nginx. Used when a large number of sites may interfere with existing unit services, subordinate charms, etc.
cache_inactive_time: (string) Maximum age/time inactive objects are stored in cache. If unspecified, use the upstream defaults (currently 10m).
cache_max_size: (string) Maximum size of content cache storage. If unspecified, the maximum cache storage size will be set to 75% of the total disk space, using a 1GB minimum size.
cache_path: (string) Path or directory to store cached objects.; /var/lib/nginx/proxy
enable_prometheus_metrics: (boolean) Export metrics for the number of requests and the number of cache hits. Prometheus metrics are exposed at /metrics on port 9145.; True
log_retention: (int) Number of log files to retain during rotation.; 30
max_connections: (int) Configure maximum number of connections per site on frontend HAProxy. Defaults to auto-calculate (0).
nagios_context: (string) This string is prefixed to the hostname when writing exported nagios config fragments.; juju
nagios_servicegroups: (string) A comma-separated list of nagios servicegroups. If left empty, the nagios_context will be used as the servicegroup
sites: (string) YAML-formatted virtual hosts/sites. See the README.md for more details and examples.
sites_secrets: (string) YAML-formatted dictionary of secrets/keys. e.g. site1.local: locations: "/": origin-headers: X-Origin-Key: my-origin-secret-key signed-url-hmac-key: my-signed-url-secret-key
tls_cipher_suites: (string) Override default ciphers used for TLS/SSL termination (OpenSSL format).
worker_connections: (int) Sets the maximum number of simultaneous connections that can be opened by an Nginx worker process.; 768
worker_processes: (int) Sets the number of Nginx worker processes. Setting to '0' (auto) will set based on available CPU cores.