content cache #8
Description
Installs Nginx and HAProxy as a highly available web accelerator with TLS support. Useful for providing local mirrors of HTTP servers and building content delivery networks (CDN).
Overview
Deploy your own content distribution network (CDN).
Usage
To deploy the charm:
juju deploy cs:content-cache
Set juju config for the sites
option as required. For example:
# Site with some public, some authenticated content, using another site
# with two IPs for authentication. In this case, 10.1.1.2 and 10.1.1.3
# would need to listen on 443 for auth.example1.com and process
# authentication requests. If set, cache-maxconn will set the maximum
# number of simultaneous connections to the nginx cache for this location,
# while backend-maxconn limits connections to the defined backends.
# If unset, both will default to 2048
example1.com:
tls-cert-bundle-path: /var/lib/haproxy
locations:
'/':
extra-config:
- root /srv/example1.com/content/
- autoindex on
'/auth':
modifier: '='
backends:
- 10.1.1.2:443
- 10.1.1.3:443
backend-check-path: /status
backend-inter-time: '10s'
backend-maxconn: 64
backend-path: /auth-check/
backend-tls: True
cache-maxconn: 4096
cache-validity: '200 401 1h'
origin-headers:
- Original-URI: $request_uri
- Resource-Name: example1
extra-config:
- internal
- proxy_cache_key $http_authorization
site-name: auth.example1.com
'/status':
extra-config:
- stub_status on
'/private/content/':
extra-config:
- root /srv/example1.com/content/
- autoindex on
- auth_request /auth
nagios-expect: 401 Unauthorized
To get metrics:
juju deploy cs:telegraf
juju add-relation telegraf:haproxy content-cache:haproxy-statistics
You can then query the telegraf endpoint to get HAProxy metrics from the content-cache charm.
To get cache hits metrics:
juju config content-cache enable_prometheus_metrics=true
This will expose the following metrics for each site configured:
# HELP nginx_cache_request_hit_total Number of cache hits per site
# TYPE nginx_cache_request_hit_total counter
nginx_cache_request_hit_total{host="myhost"} 10
# HELP nginx_cache_request_total Number of cache requests per site
# TYPE nginx_cache_request_total counter
nginx_cache_request_total{host="myhost"} 20
# HELP nginx_http_request_total Number of HTTP requests per site
# TYPE nginx_http_request_total counter
nginx_http_request_total{host="myhost",status="200"} 110129
# HELP nginx_metric_errors_total Number of nginx-lua-prometheus errors
# TYPE nginx_metric_errors_total counter
nginx_metric_errors_total 0
Configuration
- blacklist_ports
- (string) Comma-separated list of TCP port numbers to skip over when generating internal servers used between haproxy and nginx. Used when a large number of sites may interfere with existing unit services, subordinate charms, etc.
- cache_inactive_time
- (string) Maximum age/time inactive objects are stored in cache. If unspecified, use the upstream defaults (currently 10m).
- cache_max_size
- (string) Maximum size of content cache storage. If unspecified, the maximum cache storage size will be set to 75% of the total disk space, using a 1GB minimum size.
- cache_path
- (string) Path or directory to store cached objects.
- /var/lib/nginx/proxy
- enable_prometheus_metrics
- (boolean) Export metrics for the number of requests and the number of cache hits. Prometheus metrics are exposed at /metrics on port 9145.
- True
- log_retention
- (int) Number of log files to retain during rotation.
- 30
- max_connections
- (int) Configure maximum number of connections per site on frontend HAProxy. Defaults to auto-calculate (0).
- nagios_context
- (string) This string is prefixed to the hostname when writing exported nagios config fragments.
- juju
- nagios_servicegroups
- (string) A comma-separated list of nagios servicegroups. If left empty, the nagios_context will be used as the servicegroup
- sites
- (string) YAML-formatted virtual hosts/sites. See the README.md for more details and examples.
- sites_secrets
- (string) YAML-formatted dictionary of secrets/keys. e.g. site1.local: locations: "/": origin-headers: X-Origin-Key: my-origin-secret-key signed-url-hmac-key: my-signed-url-secret-key
- tls_cipher_suites
- (string) Override default ciphers used for TLS/SSL termination (OpenSSL format).
- worker_connections
- (int) Sets the maximum number of simultaneous connections that can be opened by an Nginx worker process.
- 768
- worker_processes
- (int) Sets the number of Nginx worker processes. Setting to '0' (auto) will set based on available CPU cores.