Looks like we can make a per user cache by using regex to read the weird cookie name.
proxy_cache_path /var/www/cache levels=1:2 keys_zone=ghostcache:10m max_size=120m inactive=7d;
proxy_ignore_headers Cache-Control Expires Set-Cookie;
proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
proxy_cache_lock on;
server {
server_name MYWEBSITE.com;
root /var/www/MYWEBSITE/system/nginx-root; # Used for acme.sh SSL verification (https://acme.sh)
set $skip_cache 0;
set $usercookie 0;
if ($http_cookie ~* "ghost-members-ssr.sig=([A-Za-z-0-9]+)") {
set $usercookie $1;
}
if ($request_uri ~* "ghost/|p/|members/") {
set $skip_cache 1;
}
location / {
proxy_cache_key $request_uri$usercookie;
proxy_cache_bypass $skip_cache;
proxy_no_cache $skip_cache;
proxy_cache_valid 7d;
proxy_cache ghostcache;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $http_host;
proxy_pass http://127.0.0.1:2368;
}
location ~ ^/(ghost/) {
allow MYIPADDRESS;
allow 127.0.0.1;
deny all;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $http_host;
proxy_pass http://127.0.0.1:2368;
}
location ~ /.well-known {
allow all;
}
client_max_body_size 50m;
listen [::]:443 ssl http2 ipv6only=on; # managed by Certbot
listen 443 ssl http2; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/MYWEBSITE.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/MYWEBSITE.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = MYWEBSITE.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
listen [::]:80;
server_name MYWEBSITE.com;
return 404; # managed by Certbot
}