> On 22 Jun 2017, at 7:06 am, David Sommerseth > <open...@sf.lists.topphemmelig.net> wrote: > > - What can be done with Cloudflare to fully ensure their caches are > truly purged when we ask for it? As Jonathan noticed, their caches > are tightly connected to the web browser and have a non-deterministic > behaviour across browsers, even on the same computer.
Cloudflare’s API supports clearing the cache (as does their web control panel), and this can be done on a file-by-file basis. Based on our experience it only takes around 15-20 seconds for the cache to be cleared on all of Cloudflare's CDN nodes for a file and it can be easily thrown into a release script. https://api.cloudflare.com/#zone-purge-individual-files-by-url-and-cache-tags As for some web browsers, proxy servers, etc. in-between the user and a Cloudflare node, they’re respecting the HTTP cache-control headers which are currently set to cache for 24 hours: curl -I https://swupdate.openvpn.org/community/releases/openvpn-2.4.3.tar.gz Expires: Fri, 23 Jun 2017 00:14:19 GMT Cache-Control: public, max-age=86400 Of course, many proxy servers and web browsers have different approaches to handling caching headers (especially for zipped files), so you will get some differing behaviour. The best approach is to still have an appropriate caching time between nodes and the web server (24 hours is fine) so they don’t need to re-fetch the files too often, but then have a Cloudflare Page Rule to rewrite these with a lower time to clients (we use 4 hours) to limit the impact in the (hopefully rare) event of a file update being needed. https://support.cloudflare.com/hc/en-us/articles/200168306-Is-there-a-tutorial-for-Page-Rules-#cache The final cause of differing behaviour is that each Cloudflare node’s caching time of a file starts when that individual node first gets a request for it. But this can easily be ignored by just using the API to clear the cache of all nodes when needed. > So I suggest we take a few weeks holiday, let this sink in, and then we > can schedule a meeting some time in August where we discuss these > issues. Sorry to throw more noise at the mailing list, but I figured I’d put up some comments as IRC meeting times don’t usually align for those of us in Australia :-) Regards, James -- James Bekkema SparkLabs Developer https://www.sparklabs.com https://twitter.com/sparklabs supp...@sparklabs.com ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
