Nginx Expires Headers

[Adam Tinsley]

I set expires to max in nginx.conf and started having a weird deal where the admin login page wouldn't dismiss after entering credentials. It just keeps coming back after the animation. I did not notice any other problems with the site. When I turned expires headers off the problem stopped.

Here's exactly what I was using:

expires max;
add_header Cache-Control private;

Does anyone know if expires headers are recommended with XenForo or if there's a recommended way of setting them?

 

[rdn]

Did you use Memcached?

 

[Adam Tinsley]

No, I haven't set up any caching yet. I'm used to WordPress and there was always a plugin. I've never had to do it server side before but it's on my to-do list.

 

[Jeremy P]

Expires headers are for static content. You shouldn't set the expires header for every page. Then everything gets cached.

 

[Adam Tinsley]

@Jeremy P Would you mind to explain that a little more. I thought that expires headers only cached static resources to a page like css, js, and images so it would be ok as long as the URL is changed if there's an update to a file. But I can't figure out why I wasn't able to login to the Admin page. If I refreshed my browser, though, it would go ahead and load. The admin URL has the .php extension so I'm wondering if that has anything to do with it. Are you saying that there is also HTML caching going on? If so, that would explain the problem since the Admin URL (i.e. example.com/admin.php) does not change after logging in.

 

[Jeremy P]

That's what I suspect. You need to wrap your expires max; config option in a location block so it only affects css, js, fonts, and images. Google recommends an expiry not exceed one year.

location ~* ^.+\.(ico|css|js|eot|woff|otf|svg|gif|jpe?g|png|swg)(\?[a-z0-9=_]+)?$ {
    expires 1y;
}

 

[Adam Tinsley]

Thanks @Jeremy P! Adding the regex solves the problem.

 

[Floren]

I use this format for static files:

        location ~* \.(?:ico|css|gif|jpe?g|js|png|swf)$ {
                access_log       off;
                log_not_found    off;
                expires          1y;
        }

 

[Jeremy P]

@Floren will that still cache files like whatever.js?_v=23sd23d32 ?

I'm unfamiliar with what ?: does in regex, but $ usually matches end of line so cache-busting tags wouldn't match.

 

[Floren]

@Jeremy P, my understanding is that regardless if you add the .+ at the end, the client will still not cache the files.
Example:

location ~* \.(?:ico|css|gif|jpe?g|js|png|swf).+$ {

If anyone has some input in this area please share it with us. I have extensive Nginx knowledge and based on real life experience, files are not cached by client if they contain a request URI, that is the purpose of your version at the end. In fact, Google recommends not to have anything after file extension but rather have the file named in this format:
somefile_someversion.css, instead of somefile.css?someversion
Their mod_pagespeed can do that for you automatically, at the expense of tripling the memory usage. It is designed to be used mostly for CDN providers.

Related to ?, they are PCRE regular expressions. For example, (?:) is a non-capturing parenthesis that prevents the creation of a back-reference for the content (may not be back-referenced by a backslash and number, i.e.\1).
jpe?g acts as an OR conditional, jpeg OR jpg (not sure what is the proper PCRE name for that). Is related to (?()), which I personally call "conditional statement" and interpret it as (?(if)then|else). @Mike might shed some light into this as he is the RegexMan.

Edit: I apologize, I misread your post... I thought you meant I'm NOT familiar with. Well, it might help others.

 

[Jeremy P]

Edit: I apologize, I misread your post... I thought you meant I'm NOT familiar with. Well, it might help others.

You read it (semi) right I'm (still) a bit unclear on what (?:) does, but I have a pretty decent grasp on basic regex patterns. It looks like a ternary operator but I don't see what it does to modify the pattern.

Also, for me, using the above pattern, requests such as xenforo.js?_v=6248428c does set the expires header fine and I get a 304 response:

 

[Floren]

Thanks for the information, @Jeremy P. I'm going to try this:

location ~* \.(?:ico|css|gif|jpe?g|js|png|swf)(.+)?$ {

For some reason, I never thought this is possible since the client won't cache it?

 

[Jeremy P]

Thanks for the information, @Jeremy P. I'm going to try this:

location ~* \.(?:ico|css|gif|jpe?g|js|png|swf)(.+)?$ {

For some reason, I never thought this is possible since the client won't cache it?

I think it's just some proxy/caching services like squid, but browsers should cache it.

 

[MattW]

Default centminmod staticfiles config file

    location ~* \.(js)$ {
        #add_header Pragma public;
        add_header Cache-Control "public, must-revalidate, proxy-revalidate";
        access_log off;
        expires 30d;
        break;
        }

 

[Floren]

It works @Jeremy P, very nice find... thank you for your help!
I'm using this, is more compact :

location ~* \.(?:ico|css|gif|jpe?g|js|png|swf)(.+)?$ {

 

[Floren]

Default centminmod staticfiles config file

    location ~* \.(js)$ {
        #add_header Pragma public;
        add_header Cache-Control "public, must-revalidate, proxy-revalidate";
        access_log off;
        expires 30d;
        break;
        }

I think there is a mistake with your config, there is no need to set add_header. From what I know, expires already sets the proper Cache-Control. I would set it also to 1 year, is the Google recommended value.

 

[HWS]

We use this:

location ~* \.(?:ico|css|gif|jpe?g|js|png|ico|swf|woff|ttf|svg|eot)(.+)?$
{
}

 

[MattW]

I think there is a mistake with your config, there is no need to set add_header. From what I know, expires already sets the proper Cache-Control. I would set it also to 1 year, is the Google recommended value.

Just made a change and set one site to remove it, and the other still using the standard config
Standard config


Edited (set expires to 180d to see if it changed)

 

[Floren]

Ya, you don't need the add_header.

 

[Floren]

@Jeremy P, I found an issue. Using:

location ~* \.(?:ico|css|gif|jpe?g|js|png|swf)(.+)?$

breaks the image uploads, something into JSON process that goes kaput:
https://www.axivo.com/attachments/do-upload.json?hash=db920428d5bc244f3db7d8b1277fd258&content_type=resource_update&key=image

I added the escaped ? and everything is solved... I don't understand why I have to escape it.

location ~* \.(?:ico|css|gif|jpe?g|js|png|swf)(\?.+)?$