From a577d152cdf10b3f4bf29349b2a0bbc61065823c Mon Sep 17 00:00:00 2001
From: Bertrand Benjamin <benjamin.bertrand@opytex.org>
Date: Thu, 2 Jan 2020 19:04:36 +0100
Subject: [PATCH] =?UTF-8?q?Feat:=20D=C3=A9ploiement=20d'un=20serveur=20cac?=
 =?UTF-8?q?he=20pour=20Pacman?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 files/nginx.conf              | 51 +++++++++++++++++++++++++++++++++++
 tasks/pacman_cache_server.yml | 25 +++++++++++++++++
 2 files changed, 76 insertions(+)
 create mode 100644 files/nginx.conf
 create mode 100644 tasks/pacman_cache_server.yml

diff --git a/files/nginx.conf b/files/nginx.conf
new file mode 100644
index 0000000..e3ff10a
--- /dev/null
+++ b/files/nginx.conf
@@ -0,0 +1,51 @@
+worker_processes  1;
+
+events {
+    worker_connections  1024;
+}
+
+http {
+    # Use a custom log format that will show response times and cache status
+    log_format archmirror '$remote_addr - $upstream_cache_status [$time_local] $request_method $host$request_uri $server_protocol $status $body_bytes_sent $request_time $upstream_response_time';
+
+    # Configure the cache directory, size and keys
+    proxy_cache_path /srv/http/pacman-cache
+        levels=1:2  keys_zone=archmirror:60m
+        inactive=365d use_temp_path=off max_size=3g;
+
+    server {
+        listen 8080;
+        server_name cache.local;
+
+        access_log /var/log/nginx/archmirror.access.log archmirror;
+        error_log /var/log/nginx/archmirror.error.log;
+
+        # Force proxy to use TLS for upstream server requests
+        proxy_ssl_protocols     TLSv1 TLSv1.1 TLSv1.2;
+        # Use previously negotiated connection parameters
+        proxy_ssl_session_reuse on;
+        # Enables revalidation of expired cache items using conditional requests with the "If-Modified-Since" and "If-None-Match" header fields.
+        proxy_cache_revalidate  on;
+        # Only one request at a time will be allowed to populate a new cache element
+        proxy_cache_lock        on;
+        # Cache any responses for 1 minute by default, can be overridden by more specific response codes
+        proxy_cache_valid       any 1m;
+
+        # Keep connections to upstream server open
+        proxy_http_version 1.1;
+        proxy_set_header Connection "";
+        proxy_read_timeout     300;
+        proxy_connect_timeout  300;
+
+        location / {
+            proxy_pass      http://mirror.archlinux.ikoula.com;
+            proxy_cache            archmirror; # This directive should match the keys_zone option
+                proxy_cache_valid      200 5m;
+            proxy_cache_use_stale  error timeout invalid_header updating http_500 http_502 http_503 http_504;
+
+            # Add some cache status headers for debugging purposes, you can remove these lines if you want
+            add_header X-Upstream-Status $upstream_status;
+            add_header X-Cache-Status $upstream_cache_status;
+        }
+    }
+}
diff --git a/tasks/pacman_cache_server.yml b/tasks/pacman_cache_server.yml
new file mode 100644
index 0000000..9513496
--- /dev/null
+++ b/tasks/pacman_cache_server.yml
@@ -0,0 +1,25 @@
+---
+- name: Install nginx
+  pacman:
+    name: nginx
+    state: present
+
+- name: create cache directy
+  file:
+    path: /srv/http/pacman-cache
+    state: directory
+    owner: http
+    group: http
+
+- name: copy nginx config
+  template:
+    src: files/nginx.conf
+    dest: /etc/nginx/nginx.conf
+    owner: root
+    group: root
+
+- name: Enable nginx daemon
+  service: 
+    name: nginx
+    state: started
+    enabled: yes