log_format pkg-cache '$remote_addr - $upstream_cache_status [$time_local] $request_method $host$request_uri $server_protocol $status $body_bytes_sent $request_time $upstream_response_time'; proxy_cache_path /cache levels=1:2 keys_zone=pkg-cache:60m inactive=365d use_temp_path=off max_size=10g; server { listen 8000; server_name pkg.actcur.com; access_log /var/log/nginx/pkg-cache.access.log pkg-cache; error_log /var/log/nginx/pkg-cache.error.log; # Force proxy to use TLS for upstream server requests proxy_ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Use previously negotiated connection parameters proxy_ssl_session_reuse on; # Enables revalidation of expired cache items using conditional requests with the "If-Modified-Since" and "If-None-Match" header fields. proxy_cache_revalidate on; # Only one request at a time will be allowed to populate a new cache element proxy_cache_lock on; # Cache any responses for 1 minute by default, can be overridden by more specific response codes proxy_cache_valid any 1m; # Keep connections to upstream server open proxy_http_version 1.1; proxy_set_header Connection ""; proxy_read_timeout 300; proxy_connect_timeout 300; location ~ aur-local { root /mnt/pkgs; } location ~ \.(db|sig) { proxy_pass https://mirrors.kernel.org$request_uri; } location / { proxy_pass https://mirrors.kernel.org; proxy_cache pkg-cache; # This directive should match the keys_zone option proxy_cache_revalidate on; proxy_cache_min_uses 0; proxy_cache_valid 200 5m; proxy_cache_use_stale error timeout invalid_header updating http_500 http_502 http_503 http_504; proxy_cache_lock on; # Add some cache status headers for debugging purposes, you can remove these lines if you want add_header X-Upstream-Status $upstream_status; add_header X-Cache-Status $upstream_cache_status; } }