LumeWeb
/
skynet-webportal
Archived
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

improve nginx skylinks cache purging (#553) 

* purge test

* purge test

* purge test

* purge test

* purge test

* purge test

* purge test

* purge test
This commit is contained in:
Karol Wypchło 2020-12-03 12:59:50 +01:00 committed by GitHub
parent c0673b3f76
commit 92f9ca3efe
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 91 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
docker/nginx/conf.d/client.conf
View File

@ -71,7 +71,7 @@ server {
# redirect links with handshake domain on hns subdomain # redirect links with handshake domain on hns subdomain
error_page 461 = @hns_domain; error_page 461 = @hns_domain;
if ($hns_domain != "") { if ($hns_domain != "") {
return 461; return 461;
} }
@ -268,6 +268,12 @@ server {
include /etc/nginx/conf.d/include/proxy-buffer; include /etc/nginx/conf.d/include/proxy-buffer;
include /etc/nginx/conf.d/include/proxy-cache-downloads; include /etc/nginx/conf.d/include/proxy-cache-downloads;
# redirect purge calls to separate location
error_page 462 = @purge;
if ($request_method = PURGE) {
return 462;
}
limit_conn downloads_by_ip 100; # ddos protection: max 100 downloads at a time limit_conn downloads_by_ip 100; # ddos protection: max 100 downloads at a time
add_header Cache-Control "public, max-age=86400"; # allow consumer to cache response add_header Cache-Control "public, max-age=86400"; # allow consumer to cache response
@ -293,6 +299,17 @@ server {
proxy_pass http://127.0.0.1/hns/$hns_domain/$request_uri; proxy_pass http://127.0.0.1/hns/$hns_domain/$request_uri;
} }
location @purge {
allow 10.0.0.0/8;
allow 127.0.0.1/32;
allow 172.16.0.0/12;
allow 192.168.0.0/16;
deny all;
set $lua_purge_path "/data/nginx/cache/";
content_by_lua_file /etc/nginx/conf.d/scripts/purge-multi.lua;
}
location ~ "^/file/([a-zA-Z0-9-_]{46}(/.*)?)$" { location ~ "^/file/([a-zA-Z0-9-_]{46}(/.*)?)$" {
include /etc/nginx/conf.d/include/proxy-buffer; include /etc/nginx/conf.d/include/proxy-buffer;

68
docker/nginx/conf.d/scripts/purge-multi.lua Normal file
View File

@ -0,0 +1,68 @@
-- Tit Petric, Monotek d.o.o., Tue 03 Jan 2017 06:54:56 PM CET
--
-- Delete nginx cached assets with a PURGE request against an endpoint
-- supports extended regular expression PURGE requests (/upload/.*)
--
-- https://scene-si.org/2017/01/08/improving-nginx-lua-cache-purge/
--
function file_exists(name)
local f = io.open(name, "r")
if f~=nil then io.close(f) return true else return false end
end
function explode(d, p)
local t, ll
t={}
ll=0
if(#p == 1) then return {p} end
while true do
l=string.find(p, d, ll, true) -- find the next d in the string
if l~=nil then -- if "not not" found then..
table.insert(t, string.sub(p, ll, l-1)) -- Save it in our array.
ll=l+1 -- save just after where we found it for searching next time.
else
table.insert(t, string.sub(p, ll)) -- Save what's left in our array.
break -- Break at end, as it should be, according to the lua manual.
end
end
return t
end
function purge(filename)
if (file_exists(filename)) then
os.remove(filename)
end
end
function trim(s)
return (string.gsub(s, "^%s*(.-)%s*$", "%1"))
end
function exec(cmd)
local handle = io.popen(cmd)
local result = handle:read("*all")
handle:close()
return trim(result)
end
function list_files(cache_path, purge_pattern)
local result = exec("/usr/bin/find " .. cache_path .. " -type f | /usr/bin/xargs --no-run-if-empty -n1000 /bin/grep -El -m 1 '^KEY: " .. purge_pattern .. "' 2>&1")
if result == "" then
return {}
end
return explode("\n", result)
end
if ngx ~= nil then
-- list all cached items matching uri
local files = list_files(ngx.var.lua_purge_path, ngx.var.uri)
ngx.header["Content-type"] = "text/plain; charset=utf-8"
ngx.header["X-Purged-Count"] = table.getn(files)
for k, v in pairs(files) do
purge(v)
end
ngx.say("OK")
ngx.exit(ngx.OK)
end

18
scripts/blocklist-skylink.sh
View File

@ -29,25 +29,17 @@ else
skylinks=("$1") # just single skylink passed as input argument skylinks=("$1") # just single skylink passed as input argument
fi fi
#################################################### #########################################################################
# iterate through all servers and block the skylinks # iterate through all servers, block the skylinks and purge it from cache
#################################################### #########################################################################
for server in "germany.siasky.net" "helsinki.siasky.net" "us-west.siasky.net" "us-va-1.siasky.net" "us-pa-1.siasky.net" "us-pa-2.siasky.net" "siasky.xyz"; for server in "germany.siasky.net" "helsinki.siasky.net" "us-west.siasky.net" "us-va-1.siasky.net" "us-pa-1.siasky.net" "us-pa-2.siasky.net" "siasky.xyz";
do do
#############################################################
# iterate throught all skylinks and add each one to blocklist
#############################################################
for skylink in "${skylinks[@]}"; for skylink in "${skylinks[@]}";
do do
echo ".. ⌁ Blocking skylink ${skylink} on ${server}" echo ".. ⌁ Blocking skylink ${skylink} on ${server}"
ssh -q -t user@${server} 'docker exec sia siac skynet blocklist add '$skylink''
done
###################################################### ssh -q -t user@${server} "docker exec sia siac skynet blocklist add $skylink && docker exec nginx curl -s -i -X PURGE http://localhost/$skylink | egrep \"^(OK|HTTP|X-)\""
# purge nginx cache after all the skylinks are blocked done
######################################################
ssh -q -t user@${server} 'docker exec nginx sh -c "rm -rf /data/nginx/cache/*"'
echo ".... 🗑️ Pruned nginx cache on ${server}"
done done
echo "✓ All done !" echo "✓ All done !"