FastCGI Questions

[rawhasan]

Hi!

Thanks for the awesome configuration kit and the the WordPress server setup tutorial! I must say, this is the most complete guide I've found anywhere so far to set-up a full Linux server for WordPress!

I have a concern about the FastCGI cache purging. Before discovering your tutorial, I was following this tutorial to setup FastCGI cache: https://www.linuxbabe.com/nginx/setup-nginx-fastcgi-cache

It says to install http-cache-purge module to purge cache. My question is, does the nginx version in your tutorial includes this module. I assume it is, as you've not instructed to install it on the tutorial. But want to make sure. From this tutorial, it looks like cache purging with the Nginx Helper plugin will not work.

Also it says to add the following code to the server block for cache purging, which I do not see in this kit (probably I've missed it somehow!):

location ~ /purge(/.*) {
      fastcgi_cache_purge phpcache "$scheme$request_method$host$1";
}

I've also found this comment on the Nginx website regarding FastCGI: https://www.nginx.com/blog/9-tips-for-improving-wordpress-performance-with-nginx/#comment-2804093220

Using $host in fastcgi_cache_key can result in infinite redirect loops with WordPress.

WordPress has this silly little thing called redirect_canonical, which will attempt to strip the port number (:80, :443) from the Host header by redirecting to the same URL without the port number. Many web crawlers and especially monitoring systems explicitly provide the port number in the Host header, so they get a redirect.

But the $host variable in Nginx does not contain the port number, even if explicitly set in the Host header, resulting in the same cache keys for requests with and without the port. So if somebody is lucky enough (and monitoring systems are very persistent) they'll eventually hit a redirect, which will cause Nginx to cache that redirect and serve it to regular visitors requesting the same cache key, i.e. an infinite redirect loop for the duration of the cache.

Example:

$ curl -v https://example.org/ -H "Host: example.org:443" -o /dev/null
Location: https://example.org/
X-Cache: MISS

$ curl -v https://example.org/ -H "Host: example.org" -o /dev/null
Location: https://example.org/
X-Cache: HIT

This is a bit of an edge case because the :443 hit must arrive during a time where the cache is missing or has expired. But when it happens it's very hard to catch and debug.

The workaround is to use $http_host in the cache key instead, which is the original value of the Host header.

I can see $host is used on the kit configuration in key. Is it alright?

Thanks a lot for the clarification!

Regards

[hsntgm]

From this tutorial, it looks like cache purging with the Nginx Helper plugin will not work.

Nginx purge action is always problematic due to Nginx-PHP-FPM setup structer, where two distinct users WEBSERVER-USER and PHP-FPM-USER are involved, cause deep permission issues and generally requires server side manual interaction. I faced similar issues with Nginx FastCGI cache purge on Wordpress and tried different wordpress plugins and Nginx extension to manage it automatically from wordpress admin dashboard or remotely via REST API but no luck. One of my client asked for a solution and I decided to deep dive the problem and tried an other direct approach. Here the wordpress NPP plugin I developed to automate purge and preload on Wordpress with help of bash script that gives write permission to PHP-FPM users with associated Nginx Cache paths automatically with help of inotifywait/setfacl.

[joglomedia]

NPP

How about using fastcgi-cache-purge? purging the cache from GET request that offered by Nginx Helper