# Use 100 MiB cache with a 1 MiB memory zone (enough for ~8,000 keys).
# Delete data that has not been accessed for 30 minutes.
fastcgi_cache_path /var/cache/nginx/avatar levels=1:2 keys_zone=avatar:1m
                   max_size=100m inactive=30m use_temp_path=off;
fastcgi_cache_key "$scheme$request_method$host$request_uri";
add_header X-Cache $upstream_cache_status;

server {
    listen 443 ssl;
    listen [::]:443 ssl;
    server_name avatar.example.com;

    error_log /var/log/nginx/avatar_log warn;

    ssl_certificate /var/lib/dehydrated/certs/avatar.example.com/fullchain.pem;
    ssl_certificate_key /var/lib/dehydrated/certs/avatar.example.com/privkey.pem;

    expires 6h;

    location / {
        include /etc/nginx/fastcgi_params;
        fastcgi_pass unix:/var/run/cgi-fcgiwrap.socket-1;
        fastcgi_param SCRIPT_FILENAME /usr/bin/libravatarserv;

        # fastcgi_param LIBRAVATARSERV_DIR "/var/db/libravatarserv"
        # fastcgi_param LIBRAVATARSERV_DEFAULT_FALLBACK 404;
        # fastcgi_param LIBRAVATARSERV_REDIRECT 1;

        fastcgi_cache avatar;
        fastcgi_cache_valid 200 307 400 501 1h; # Cache answers for up to 1 hour
        # Cache negative replies that may be temporary for 10 minutes
        fastcgi_cache_valid 404 500 10m;
        fastcgi_cache_lock on; # Relay only one identical request at a time.
    }
}