I have an app working behind nginx. The users can authenticate on my website.
I’m looking into utilize browser caching on production. There’s no clear information of how to achieve this.
One issue is that, as I’ve mentioned, the users can authenticate on my website. And as I’ve found out, some articles claim that “Cache-Control: public” won’t work properly because nginx might return authenticated, cached page to unauthenticated user. But this isn’t still clear, whether or not it’s the case.
How can I leverage browser caching in the first place? Properly. Many articles about this contradict each other or semi-complete.
Do you plan to cache whole web pages?
As far as I understand, nginx can’t decide whether a user is authenticated by just looking at the default (in phoenix) headers without asking your app. A simpler set up would be to put the cache (if any) in the application layer. For a more involved set up with nginx cache (at the proxy layer), see https://softwareengineering.stackexchange.com/questions/299535/caching-authenticated-requests-for-all-users.
You can safely cache public assets like js/css/etc.
Neither nginx, nor phoenix have something to do with browser caching, as as the name said, it’s browser caching. There are some headers though, through which one can suggest some specific caching behaviour, but browsers do not need to actually behave as asked for.
Oh, I missed the “browser” in the title. My post was in relation to nginx / varnish caching. For “browser caching” I’d probably look into service workers, although it depends on what kind of resources OP was trying to cache.
The answers are too vague
No, your question is.
What have you tried so far? What makes you think it is not working as expected?
I’m by far an expert on caching in any way, but what I can tell you, it is hard to do right.
For client side caching there are only a handfull of headers you may set to suggest some caching to the client, but still the client is free to ignore those.
So without knowing what headers you have set, and which browser you used for testing and with which settings, we really can’t help you.
Even beyond your question, what problem do you have or what problem do you think you’ll have? If the need for caching isn’t obvious, I’d suggest doing none at first. Don’t overengineer your solutions, get them working first and then optimize.
The biggest way to cache on the client is via service workers, a manifest, and the whole progressive app setup. Using that you can cache anything and everything you need.