As many probably already know I use NGINX for load balancing and acting as a reverse proxy. Today I made sure that the portraits of the users can be served from NGINX instead of hitting the backend servers all the time.
I did this by redirecting the thumbnail view from /shared/portrait-bits.tcl to /image/$image_id/thumbnail and set up a directive in NGINX to cache the /image URL. Works like a charm.
Now I am thinking though of taking this one step further and provide caching for all files in the content repository. My idea here is to have something similar. I would create a page which takes the item_id and which does the permission checking . It then redirects to a separate page like /shared/file-cache.vuh which works on the revision_id instead of the item_id. Why revision_id? Because the revision_id will not change its content, whereas the item_id could.
NGINX would then be configured to cache everything coming from file-cache.vuh. A couple of thoughts though.
a) I would configure file-cache.vuh as an internal location, so only if its referred from the Backend server will it serve the file. This is to make sure people have a hard time tricking the permission checking.
b) We need to access the files probably like /shared/file-cache/$revision_id/$filename_with_extension so NGINX serves the correct headers for the file.
Before I go down that road, has anyone solved this problem already e.g. using Pound and lives to tell the tale? I have the slight suspicion that this idea lied behind the creation of image.vuh but i am not sure.