Feat: Déploiement d'un serveur cache pour Pacman

2020-01-02 19:04:36 +01:00 · 2020-01-02 19:04:36 +01:00 · a577d152cd
commit a577d152cd
parent ee24be95d2
2 changed files with 76 additions and 0 deletions
--- a/files/nginx.conf
+++ b/files/nginx.conf
@ -0,0 +1,51 @@
+worker_processes  1;
+
+events {
+    worker_connections  1024;
+}
+
+http {
+    # Use a custom log format that will show response times and cache status
+    log_format archmirror '$remote_addr - $upstream_cache_status [$time_local] $request_method $host$request_uri $server_protocol $status $body_bytes_sent $request_time $upstream_response_time';
+
+    # Configure the cache directory, size and keys
+    proxy_cache_path /srv/http/pacman-cache
+        levels=1:2  keys_zone=archmirror:60m
+        inactive=365d use_temp_path=off max_size=3g;
+
+    server {
+        listen 8080;
+        server_name cache.local;
+
+        access_log /var/log/nginx/archmirror.access.log archmirror;
+        error_log /var/log/nginx/archmirror.error.log;
+
+        # Force proxy to use TLS for upstream server requests
+        proxy_ssl_protocols     TLSv1 TLSv1.1 TLSv1.2;
+        # Use previously negotiated connection parameters
+        proxy_ssl_session_reuse on;
+        # Enables revalidation of expired cache items using conditional requests with the "If-Modified-Since" and "If-None-Match" header fields.
+        proxy_cache_revalidate  on;
+        # Only one request at a time will be allowed to populate a new cache element
+        proxy_cache_lock        on;
+        # Cache any responses for 1 minute by default, can be overridden by more specific response codes
+        proxy_cache_valid       any 1m;
+
+        # Keep connections to upstream server open
+        proxy_http_version 1.1;
+        proxy_set_header Connection "";
+        proxy_read_timeout     300;
+        proxy_connect_timeout  300;
+
+        location / {
+            proxy_pass      http://mirror.archlinux.ikoula.com;
+            proxy_cache            archmirror; # This directive should match the keys_zone option
+                proxy_cache_valid      200 5m;
+            proxy_cache_use_stale  error timeout invalid_header updating http_500 http_502 http_503 http_504;
+
+            # Add some cache status headers for debugging purposes, you can remove these lines if you want
+            add_header X-Upstream-Status $upstream_status;
+            add_header X-Cache-Status $upstream_cache_status;
+        }
+    }
+}
--- a/tasks/pacman_cache_server.yml
+++ b/tasks/pacman_cache_server.yml
@ -0,0 +1,25 @@
+---
+- name: Install nginx
+  pacman:
+    name: nginx
+    state: present
+
+- name: create cache directy
+  file:
+    path: /srv/http/pacman-cache
+    state: directory
+    owner: http
+    group: http
+
+- name: copy nginx config
+  template:
+    src: files/nginx.conf
+    dest: /etc/nginx/nginx.conf
+    owner: root
+    group: root
+
+- name: Enable nginx daemon
+  service: 
+    name: nginx
+    state: started
+    enabled: yes