Skip to content

Website Caching Nginx Lua proxy_cache and fastcgi_cache

Jump to bottom
Conor McKnight edited this page May 23, 2026 · 24 revisions

I built in a way to allow you to cache webpages to improve your sites performance and speed what will also help search engines see your site speed is fast.

https://github.com/C0nw0nk/Nginx-Lua-Anti-DDoS/blob/master/lua/anti_ddos_challenge.lua#L418

You can bypass the cache depending on cookies or urls and to cache content if bigger than or smaller than a certain size there are many features.

Make sure for any Cache Zone you create you also add to your nginx config the shared memory zone it requires if you are using ngx.shared.DICT cache or lrucache

http {
# Nginx config HTTP Block Caching shared memory zones
lua_shared_dict html_cache 10m; #HTML pages cache
lua_shared_dict mp4_cache 300m; #video mp4 cache
}

If you are not using memory based caching you can adjust the following settings to use redis, memcached etc.

	{
		1, --storage server for cache redis = 1 memcached = 2 lrucache = 3 ngx.shared.dict = 4
		"127.0.0.1", --ipaddress or "unix:/path/to/unix.sock" if using socket set port to nil
		6379, --port memcached 11211 redis 6379
		nil,--1000, --connect_timeout 1 second
		nil,--1000, --send_timeout 1 second
		nil,--1000, --read_timeout 1 second
		nil,--10000, --keepalive max_idle_timeout 10 seconds
		nil,--100, --keepalive pool_size
		nil,--"user", --auth_user
		nil,--"pass", --auth_pass
		nil,--{--11th table fallback incase server offline or goes down
		--	{2,"127.0.0.2",11211,}, --memcache
		--	{3, localized_global.lrucache,}, --lru cache https://github.com/C0nw0nk/Nginx-Lua-Anti-DDoS/wiki/lrucache-setup-example
		--	{4, localized.ngx.shared.html_cache,}, --shared.dict
		--},
	},

If for any reason you need to display cookies on Cache Status HIT pages change this setting to 0 That will have the set-cookie header displayed on all Cache Status HIT pages for that URL / path.

2, --0 do not remove set-cookie header 1 remove set-cookie header on both HIT/UPDATING 2 remove from HIT ONLY 3 remove from UPDATING ONLY if serving from cache or updating cache page remove cookie headers (for dynamic sites you should do this to stay as guest only cookie headers will be sent on bypass pages)
Expand view 
localized.content_cache = {
	
	{
		".*", --regex match any site / path
		"text/html", --empty string matches all "" content-type valid types are text to match all text formats or text/css text/javascript etc
		--lua_shared_dict html_cache 10m; #HTML pages cache
		localized.ngx.shared.html_cache, --shared cache zone to use or empty string to not use "" lua_shared_dict html_cache 10m; #HTML pages cache or lua table for advanced options
		--{
		--	1, --storage server for cache redis = 1 memcached = 2 lrucache = 3 ngx.shared.dict = 4
		--	"127.0.0.1", --ipaddress or "unix:/path/to/unix.sock" if using socket set port to nil
		--	6379, --port memcached 11211 redis 6379
		--	nil,--1000, --connect_timeout 1 second
		--	nil,--1000, --send_timeout 1 second
		--	nil,--1000, --read_timeout 1 second
		--	nil,--10000, --keepalive max_idle_timeout 10 seconds
		--	nil,--100, --keepalive pool_size
		--	nil,--"user", --auth_user
		--	nil,--"pass", --auth_pass
		--	{--11th table fallback incase server offline or goes down
		--		{2,"127.0.0.2",11211,}, --memcache
		--		{3, localized_global.lrucache,}, --lru cache https://github.com/C0nw0nk/Nginx-Lua-Anti-DDoS/wiki/lrucache-setup-example
		--		{4, localized.ngx.shared.html_cache,}, --shared.dict
		--	},
		--},
		60, --ttl for cache or ""
		1, --enable logging 1 to enable 0 to disable
		{200,206,}, --response status codes to cache
		{"GET",}, --request method to cache
		{ --bypass cache on cookie use nil or empty string "" to not bypass on cookies
			{
				".*", --cookie name regex ".*" for any cookie
				".*", --cookie value ".*" for any value
				0, --0 guest user cache only 1 both guest and logged in user cache useful if logged_in cookie is present then cache key will include cookies
			},
			--{"logged_in","1",0,},
		}, --bypass cache on cookie
		{"/login.html","/administrator","/admin*.$",}, --bypass cache urls use nil or empty string "" to not bypass on urls
		1, --Send cache status header X-Cache-Status: HIT, X-Cache-Status: MISS
		2, --0 do not remove set-cookie header 1 remove set-cookie header on both HIT/UPDATING 2 remove from HIT ONLY 3 remove from UPDATING ONLY if serving from cache or updating cache page remove cookie headers (for dynamic sites you should do this to stay as guest only cookie headers will be sent on bypass pages)
		localized.request_uri, --url to use you can do "/index.html", as an example localized.request_uri is best.
		false, --true to use lua resty.http library if exist if you set this to true you can change localized.request_uri above to "https://www.google.com/", as an example.
		{ --Content Modifier Modification/Minification / Minify HTML output
			--Usage :
			--Regex, Replacement
			--Text, Replacement
			--You can use this to alter contents of the page output.
			--Example :
			--{"replace me", " with me! ",},
			--{"</head>", "<script type='text/javascript' src='../jquery.min.js'></script></head>",} --inject javascript into html page
			--{"<!--[^>]-->", "",}, --remove nulled out html example !! I DO NOT RECOMMEND REMOVING COMMENTS, THIS COULD BREAK YOUR ENTIRE WEBSITE FOR OLD BROWSERS, BE AWARE
			--{"(//[^.*]*.\n)", "",}, -- Example: this //will remove //comments (result: this remove)
			--{"(/%*[^*]*%*/)", "",}, -- Example: this /*will*/ remove /*comments*/ (result: this remove)
			--{"<style>(.*)%/%*(.*)%*%/(.*)</style>", "<style>%1%3</style>",},
			--{"<script>(.*)%/%*(.*)%*%/(.*)</script>", "<script>%1%3</script>",},
			--{"[ \t]+$", "",}, --remove break lines (execution order of regex matters keep this last)
			--{"<!%-%-[^%[]-->", "",},
			--{"%s%s+", " ",},
			--{"\n\n*", " ",},
			--{"\n*$", ""},
		},
		"", --1e+6, --Maximum content size to cache in bytes 1e+6 = 1MB content larger than this wont be cached empty string "" to skip
		"", --Minimum content size to cache in bytes content smaller than this wont be cached empty string "" to skip
		{"content-type","content-range","content-length","etag","last-modified","set-cookie",}, --headers you can use this to specify what headers you want to keep on your cache HIT/UPDATING output
		--Request header forwarding / overrides :
		--the way ngx.location.capture works with request headers is it forwards your browser request headers to the ngx.location you can remove them using a table by setting the request header from your browser to nil
		--you can over ride your browsers request headers being sent to the backend using a table any headers your browser sends that is not specified in the table will not be overridden and will still go to the ngx location as is.
		--nil,--nil or empty table to use browsers request headers
		{ --override browsers request headers
			--["Content-Type"] = "application/x-www-form-urlencoded", --add this header to request being sent to backend
			--["Accept"] = localized.ngx_req_get_headers()["Accept"], --override this header being sent with the contents of browsers accept value
			--["host"] = "www.google.com", --override this header to request being sent to backend
			--["priority"] = "", --remove this header from the request being sent to the backened
		},
		nil,--{ --cache only when cookie match found use nil or empty string "" to ignore
			--{
			--	"logged_in", --cookie name regex ".*" for any cookie
			--	"1", --cookie value ".*" for any value
			--	1, --0 cache key will NOT include cookies 1 cache key will include cookies
			--},
		--},
	},
	{
		".*", --regex match any site / path
		"video/mp4", --content-type valid types are video to match all video formats or video/mp4 video/webm etc
		--lua_shared_dict mp4_cache 300m; #video mp4 cache
		localized.ngx.shared.mp4_cache, --shared cache zone to use or empty string to not use "" lua_shared_dict mp4_cache 300m; #video mp4 cache  or lua table for advanced options
		--{
		--	1, --storage server for cache redis = 1 memcached = 2 lrucache = 3 ngx.shared.dict = 4
		--	"127.0.0.1", --ipaddress or "unix:/path/to/unix.sock" if using socket set port to nil
		--	6379, --port memcached 11211 redis 6379
		--	nil,--1000, --connect_timeout 1 second
		--	nil,--1000, --send_timeout 1 second
		--	nil,--1000, --read_timeout 1 second
		--	nil,--10000, --keepalive max_idle_timeout 10 seconds
		--	nil,--100, --keepalive pool_size
		--	nil,--"user", --auth_user
		--	nil,--"pass", --auth_pass
		--	{--11th table fallback incase server offline or goes down
		--		{2,"127.0.0.2",11211,}, --memcache
		--		{3, localized_global.lrucache,}, --lru cache https://github.com/C0nw0nk/Nginx-Lua-Anti-DDoS/wiki/lrucache-setup-example
		--		{4, localized.ngx.shared.html_cache,}, --shared.dict
		--	},
		--},
		60, --ttl for cache or ""
		1, --enable logging 1 to enable 0 to disable
		{200,206,}, --response status codes to cache
		{"GET",}, --request method to cache
		"", --nil or empty string "" to not bypass on cookies
		"", --nil or empty string "" to not bypass on urls
		1, --Send cache status header X-Cache-Status: HIT, X-Cache-Status: MISS
		2, --0 do not remove set-cookie header 1 remove set-cookie header on both HIT/UPDATING 2 remove from HIT ONLY 3 remove from UPDATING ONLY if serving from cache or updating cache page remove cookie headers (for dynamic sites you should do this to stay as guest only cookie headers will be sent on bypass pages)
		localized.request_uri, --url to use you can do "/index.html", as an example localized.request_uri is best.
		false, --true to use lua resty.http library if exist if you set this to true you can change localized.request_uri above to "https://www.google.com/", as an example.
		"", --content modified not needed for this format
		4e+7, --Maximum content size to cache in bytes 1e+6 = 1MB, 1e+7 = 10MB, 1e+8 = 100MB, 1e+9 = 1GB content larger than this wont be cached empty string "" to skip
		200000, --200kb --Minimum content size to cache in bytes content smaller than this wont be cached empty string "" to skip
		{"content-type","content-range","content-length","etag","last-modified","set-cookie",}, --headers you can use this to specify what headers you want to keep on your cache HIT/UPDATING output
		--Request header forwarding / overrides :
		--the way ngx.location.capture works with request headers is it forwards your browser request headers to the ngx.location you can remove them using a table by setting the request header from your browser to nil
		--you can over ride your browsers request headers being sent to the backend using a table any headers your browser sends that is not specified in the table will not be overridden and will still go to the ngx location as is.
		--nil,--nil or empty table to use browsers request headers
		{ --override browsers request headers
			--["Content-Type"] = "application/x-www-form-urlencoded", --add this header to request being sent to backend
			--["Accept"] = localized.ngx_req_get_headers()["Accept"], --override this header being sent with the contents of browsers accept value
			--["host"] = "www.google.com", --override this header to request being sent to backend
			--["priority"] = "", --remove this header from the request being sent to the backened
		},
		nil,--{ --cache only when cookie match found use nil or empty string "" to ignore
			--{
			--	"logged_in", --cookie name regex ".*" for any cookie
			--	"1", --cookie value ".*" for any value
			--	1, --0 cache key will NOT include cookies 1 cache key will include cookies
			--},
		--},
	},
	{
		".*", --regex match any site / path
		"image", --content-type for image/png image/jpeg image/x-icon etc
		--lua_shared_dict image_cache 300m; #image cache
		localized.ngx.shared.image_cache, --shared cache zone to use or empty string to not use "" lua_shared_dict image_cache 300m; #image cache  or lua table for advanced options
		--{
		--	1, --storage server for cache redis = 1 memcached = 2 lrucache = 3 ngx.shared.dict = 4
		--	"127.0.0.1", --ipaddress or "unix:/path/to/unix.sock" if using socket set port to nil
		--	6379, --port memcached 11211 redis 6379
		--	nil,--1000, --connect_timeout 1 second
		--	nil,--1000, --send_timeout 1 second
		--	nil,--1000, --read_timeout 1 second
		--	nil,--10000, --keepalive max_idle_timeout 10 seconds
		--	nil,--100, --keepalive pool_size
		--	nil,--"user", --auth_user
		--	nil,--"pass", --auth_pass
		--	{--11th table fallback incase server offline or goes down
		--		{2,"127.0.0.2",11211,}, --memcache
		--		{3, localized_global.lrucache,}, --lru cache https://github.com/C0nw0nk/Nginx-Lua-Anti-DDoS/wiki/lrucache-setup-example
		--		{4, localized.ngx.shared.html_cache,}, --shared.dict
		--	},
		--},
		60, --ttl for cache or ""
		1, --enable logging 1 to enable 0 to disable
		{200,206,}, --response status codes to cache
		{"GET",}, --request method to cache
		nil, --nil or empty string "" to not bypass on cookies
		nil, --nil or empty string "" to not bypass on urls
		1, --Send cache status header X-Cache-Status: HIT, X-Cache-Status: MISS
		2, --0 do not remove set-cookie header 1 remove set-cookie header on both HIT/UPDATING 2 remove from HIT ONLY 3 remove from UPDATING ONLY if serving from cache or updating cache page remove cookie headers (for dynamic sites you should do this to stay as guest only cookie headers will be sent on bypass pages)
		localized.request_uri, --url to use you can do "/index.html", as an example localized.request_uri is best.
		false, --true to use lua resty.http library if exist if you set this to true you can change localized.request_uri above to "https://www.google.com/", as an example.
		"", --content modified not needed for this format
		"", --Maximum content size to cache in bytes 1e+6 = 1MB, 1e+7 = 10MB, 1e+8 = 100MB, 1e+9 = 1GB content larger than this wont be cached empty string "" to skip
		"", --200kb --Minimum content size to cache in bytes content smaller than this wont be cached empty string "" to skip
		{"content-type","content-range","content-length","etag","last-modified","set-cookie",}, --headers you can use this to specify what headers you want to keep on your cache HIT/UPDATING output
		--Request header forwarding / overrides :
		--the way ngx.location.capture works with request headers is it forwards your browser request headers to the ngx.location you can remove them using a table by setting the request header from your browser to nil
		--you can over ride your browsers request headers being sent to the backend using a table any headers your browser sends that is not specified in the table will not be overridden and will still go to the ngx location as is.
		--nil,--nil or empty table to use browsers request headers
		{ --override browsers request headers
			--["Content-Type"] = "application/x-www-form-urlencoded", --add this header to request being sent to backend
			--["Accept"] = localized.ngx_req_get_headers()["Accept"], --override this header being sent with the contents of browsers accept value
			--["host"] = "www.google.com", --override this header to request being sent to backend
			--["priority"] = "", --remove this header from the request being sent to the backened
		},
		nil,--{ --cache only when cookie match found use nil or empty string "" to ignore
			--{
			--	"logged_in", --cookie name regex ".*" for any cookie
			--	"1", --cookie value ".*" for any value
			--	1, --0 cache key will NOT include cookies 1 cache key will include cookies
			--},
		--},
	},
	
}

How can i setup Joomla CMS with fastcgi_cache or proxy_cache

Joomla's Nginx config : https://docs.joomla.org/Nginx

There are two ways to do this Method #1 or Method #2

Expand Method #1 view

Change the URL bypass to match this so on these Joomla URLs / Pages they wont be cached allowing users to login and register still.

Expand view 
{
"/login",
"/component/users/login",
"/component/users/reset",
"/component/users/remind",
"/register",
"/component/users/register",
"/component/users/registration",
"/administrator",
"/admin*.$",
--NON SEF / SEO URLs not optimized or search engine friendly or optimized joomla urls
"index.php?option=com_users&view=registration",
"index.php?option=com_users&view=login",
"index.php?option=com_users&view=reset",
"index.php?option=com_users&view=remind",
"/user/login?view=reset",
"/user/login?view=registration",
"/user/login?view=remind",
},

Set your cookie bypass

Expand view 
{ --bypass cache on cookie
	{
		".*", --cookie name regex ".*" for any cookie
		".*", --cookie value ".*" for any value
		1, --0 guest user cache only 1 both guest and logged in user cache useful if logged_in cookie is present then cache key will include cookies
	},
}, --bypass cache on cookie
Expand Method #2 view

Change the URL bypass to match this so on these Joomla URLs / Pages they wont be cached allowing users to login and register still.

Expand view 
{
"/login",
"/component/users/login",
"/component/users/reset",
"/component/users/remind",
"/register",
"/component/users/register",
"/component/users/registration",
"/administrator",
"/admin*.$",
--NON SEF / SEO URLs not optimized or search engine friendly or optimized joomla urls
"index.php?option=com_users&view=registration",
"index.php?option=com_users&view=login",
"index.php?option=com_users&view=reset",
"index.php?option=com_users&view=remind",
"/user/login?view=reset",
"/user/login?view=registration",
"/user/login?view=remind",
},

Turn on the cache above and then edit your root /index.php to reflect this

Expand view 
<?php
//JOOMLA INDEX.PHP ETC

/**
 * Constant that is checked in included files to prevent direct access.
 * define() is used rather than "const" to not error for PHP 5.2 and lower
 */
define('_JEXEC', 1);

// Run the application - All executable code should be triggered through this file
require_once __DIR__ . '/includes/app.php';

$user =& JFactory::getUser();
if($user->id!=0){
//user is logged in

$cookie_name = "logged_in";
$cookie_value = "1";
setcookie($cookie_name, $cookie_value, time() + (86400 * 30), "/"); // 86400 = 1 day

} else {

//User is not logged in is a guest
$cookie_name = "logged_in";
$cookie_value = "0";
setcookie($cookie_name, $cookie_value, time() + (86400 * 30), "/"); // 86400 = 1 day
}

Set your cookie bypass

Expand view 
{ --bypass cache on cookie
	{
		"logged_in", --cookie name regex ".*" for any cookie
		"1", --cookie value ".*" for any value
		1, --0 guest user cache only 1 both guest and logged in user cache useful if logged_in cookie is present then cache key will include cookies
	},
}, --bypass cache on cookie

How can i setup a PHP website with fastcgi_cache or proxy_cache and Lua caching

There are two ways to do this Method #1 or Method #2

Expand Method #1 view

Change the URL bypass to match this so on these URLs / Pages they wont be cached allowing users to login and register still.

Expand view 
{
"/login.php",
"/register.php",
"/administrator",
"/admin*.$",
},

Set your cookie bypass

Expand view 
{ --bypass cache on cookie
	{
		".*", --cookie name regex ".*" for any cookie
		".*", --cookie value ".*" for any value
		1, --0 guest user cache only 1 both guest and logged in user cache useful if logged_in cookie is present then cache key will include cookies
	},
}, --bypass cache on cookie
Expand Method #2 view

Change the URL bypass to match this so on these URLs / Pages they wont be cached allowing users to login and register still.

Expand view 
{
"/login.php",
"/register.php",
"/administrator",
"/admin*.$",
},

As a example with php you can do this and STATIC pages ARE cached and DYNAMIC content for logged in users will NOT be cached.

Expand view 
<?php
//Just change the code for your CMS / APP Joomla / Drupal etc have plenty of examples.
if($user->guest = 1){
//User in not logged in is a guest
$cookie_name = "logged_in";
$cookie_value = "0";
setcookie($cookie_name, $cookie_value, time() + (86400 * 30), "/"); // 86400 = 1 day
}
else
{
//User is logged in
$cookie_name = "logged_in";
$cookie_value = "1";
setcookie($cookie_name, $cookie_value, time() + (86400 * 30), "/"); // 86400 = 1 day
}
?>

Set your cookie bypass

Expand view 
{ --bypass cache on cookie
	{
		"logged_in", --cookie name regex ".*" for any cookie
		"1", --cookie value ".*" for any value
		1, --0 guest user cache only 1 both guest and logged in user cache useful if logged_in cookie is present then cache key will include cookies
	},
}, --bypass cache on cookie

How can i setup MyBB forum with fastcgi_cache or proxy_cache and Lua caching

Set your bypass cache urls to

Expand view 
{
"/member.php.*", --allow users to register and login
}

Set your cookie bypass

Expand view 
{ --bypass cache on cookie
	{
		".*", --cookie name regex ".*" for any cookie
		".*", --cookie value ".*" for any value
		1, --0 guest user cache only 1 both guest and logged in user cache useful if logged_in cookie is present then cache key will include cookies
	},
}, --bypass cache on cookie

How can i setup vBulletin forum with fastcgi_cache or proxy_cache and Lua caching

Set your bypass cache urls to

Expand view 
{
"/auth/ajax-login.*", --allow users to register and login
"/register.*", --registration page
"/lostpw.*", --forgot password page
"/auth/", --POST data goes to auth urls
}

Set your cookie bypass

Expand view 
{ --bypass cache on cookie
	{
		".*", --cookie name regex ".*" for any cookie
		".*", --cookie value ".*" for any value
		1, --0 guest user cache only 1 both guest and logged in user cache useful if logged_in cookie is present then cache key will include cookies
	},
}, --bypass cache on cookie

How can i setup Wordpress forum with fastcgi_cache or proxy_cache and Lua caching

Set your bypass cache urls to

Expand view 
{
"/wp-login.php.*", --allow users to register and login
}

Set your cookie bypass

Expand view 
{ --bypass cache on cookie
	{
		".*", --cookie name regex ".*" for any cookie
		".*", --cookie value ".*" for any value
		0, --0 guest user cache only 1 both guest and logged in user cache useful if logged_in cookie is present then cache key will include cookies
	},
}, --bypass cache on cookie

Clone this wiki locally