archwiki: cache at the web server level

8a7295dd · Kristian Klausen · f81f7e50 · 8a7295dd · 8a7295dd · 8a7295dd
Commit 8a7295dd authored 8 months ago by Kristian Klausen
--- a/roles/archwiki/files/nginx-cache-purge
+++ b/roles/archwiki/files/nginx-cache-purge
+#!/usr/bin/env python
+import hashlib
+import http.server
+import pathlib
+import socketserver
+import urllib.parse
+
+socketserver.ThreadingTCPServer.allow_reuse_address = True
+
+
+class Handler(http.server.BaseHTTPRequestHandler):
+    def do_PURGE(self):
+        self.send_response(http.HTTPStatus.OK)
+        self.end_headers()
+        o = urllib.parse.urlparse(self.path)
+        for method in ["GET", "HEAD"]:
+            # Please keep in sync with "fastcgi_cache_key" in nginx.d.conf.j2
+            if o.query:
+                cache_key = f"https{method}{o.netloc}{o.path}?{o.query}"
+            else:
+                cache_key = f"https{method}{o.netloc}{o.path}"
+            hash = hashlib.md5(cache_key.encode("utf-8")).hexdigest()
+            # Please keep in sync with "fastcgi_cache_path" in nginx.d.conf.j2
+            pathlib.Path(
+                f"/var/lib/nginx/cache/{hash[-1]}/{hash[-3:-1]}/{hash}"
+            ).unlink(missing_ok=True)
+
+
+httpd = http.server.ThreadingHTTPServer(("127.0.0.1", 1080), Handler)
+httpd.serve_forever()
--- a/roles/archwiki/tasks/main.yml
+++ b/roles/archwiki/tasks/main.yml
@@ -98,16 +98,18 @@
 - name: Start and enable memcached service
  systemd: name=memcached@archwiki.service state=started enabled=true daemon_reload=true

+- name: Install nginx-cache-purge script
+  copy: src=nginx-cache-purge dest=/usr/local/bin/nginx-cache-purge owner=root group=root mode=0755
+
 - name: Install systemd services/timers
  template: src="{{ item }}.j2" dest="/etc/systemd/system/{{ item }}" owner=root group=root mode=0644
  loop:
    - archwiki-runjobs.service
    - archwiki-runjobs-wait.service
    - archwiki-runjobs.timer
-    - archwiki-prune-cache.service
-    - archwiki-prune-cache.timer
    - archwiki-question-updater.service
    - archwiki-question-updater.timer
+    - nginx-cache-purge.service

 - name: Start and enable archwiki timers and services
  systemd:
@@ -117,9 +119,9 @@
    daemon_reload: true
  with_items:
    - archwiki-runjobs.timer
-    - archwiki-prune-cache.timer
    - archwiki-runjobs-wait.service
    - archwiki-question-updater.timer
+    - nginx-cache-purge.service

 - name: Create question answer file
  systemd:

--- a/roles/archwiki/templates/LocalSettings.php.j2
+++ b/roles/archwiki/templates/LocalSettings.php.j2
@@ -147,9 +147,9 @@ $wgMemCachedServers = [ "unix://{{ archwiki_memcached_socket }}" ];
 ## be publicly accessible from the web.
 $wgCacheDirectory = "$IP/../cache/data";
 $wgEnableSidebarCache = true;
-$wgUseFileCache = true;
-$wgFileCacheDirectory = "$IP/../cache/html";
-$wgUseGzip = true;
+$wgUseCdn = true;
+$wgCdnServers = [ '127.0.0.1' ];
+$wgInternalServer = 'http://wiki.archlinux.org';

 # CSS-based preferences supposedly cause about 20 times slower page loads
 # https://phabricator.wikimedia.org/rSVN63707

--- a/roles/archwiki/templates/archwiki-prune-cache.service.j2
+++ b/roles/archwiki/templates/archwiki-prune-cache.service.j2
-[Unit]
-Description=Archwiki Prune Cache Service
-
-[Service]
-Type=oneshot
-User={{ archwiki_user }}
-WorkingDirectory={{ archwiki_dir }}
-ExecStart=/usr/bin/php {{ archwiki_dir }}/public/maintenance/run.php pruneFileCache -q --agedays 1
-
-NoNewPrivileges=yes
-PrivateTmp=yes
-PrivateDevices=yes
-PrivateNetwork=true
-ProtectSystem=full
-ProtectHome=true
-ProtectControlGroups=yes
-ProtectKernelModules=yes
-ProtectKernelTunables=yes
-
-[Install]
-WantedBy=multi-user.target
--- a/roles/archwiki/templates/archwiki-prune-cache.timer.j2
+++ b/roles/archwiki/templates/archwiki-prune-cache.timer.j2
-[Unit]
-Description=Archwiki Prune Cache timer
-
-[Timer]
-OnCalendar=*-*-* 04:12:00
-
-[Install]
-WantedBy=timers.target
--- a/roles/archwiki/templates/nginx-cache-purge.service.j2
+++ b/roles/archwiki/templates/nginx-cache-purge.service.j2
+[Unit]
+Description=nginx cache PURGE service
+
+[Service]
+User=http
+ProtectSystem=strict
+ReadWritePaths=/var/lib/nginx/cache
+ExecStart=/usr/local/bin/nginx-cache-purge
+
+[Install]
+WantedBy=multi-user.target
--- a/roles/archwiki/templates/nginx.d.conf.j2
+++ b/roles/archwiki/templates/nginx.d.conf.j2
-fastcgi_cache_path /var/lib/nginx/cache levels=1:2 keys_zone=wiki:100m inactive=60m;
+# Please keep "path" and "levels" in sync with nginx-cache-purger-service
+fastcgi_cache_path /var/lib/nginx/cache levels=1:2 keys_zone=wiki:100m inactive=720m;
+# Please keep in sync with "cache_key" in nginx-cache-purger-service
 fastcgi_cache_key "$scheme$request_method$host$request_uri";

 # rate limit API endpoint
@@ -110,6 +112,9 @@ server {
        fastcgi_index  index.php;
        include        fastcgi.conf;

+        fastcgi_cache wiki;
+        add_header X-Cache $upstream_cache_status;
+
        limit_req zone=archwikilimit burst=10 nodelay;
    }