murdercode · October 19, 2025 22:37 · Feb 2, 2024 · Oct 16, 2023 · Apr 24, 2023 · Apr 19, 2023
diff --git a/laravel-fastcgi-cache-config.md b/laravel-fastcgi-cache-config.md
@@ -1,5 +1,7 @@
 # Laravel + FastCGI Cache = ❤️
 
+> ⚠️ Need a more specific guide? See https://medium.com/@murdercode/speed-up-your-laravel-application-up-to-1000x-with-fastcgi-cache-0135b11407e5
+
 Using FastCGI cache allows you to speed up your website up to 1000x. In fact, the FastCGI cache (or Varnish) mechanism consists of putting a server-caching mechanism between a client and your web server. The whole page will be cached as an HTML output, and it will be delivered instead of using the PHP/MySQL/Redis stack, etc. for all users, but only for the first visit (and others after some specified time).
 
 **WARNING**: This is not a *take-away how-to*. Please read it carefully and use it at your own risk.

diff --git a/laravel-fastcgi-cache-config.md b/laravel-fastcgi-cache-config.md
@@ -47,7 +47,7 @@ As we mentioned earlier, we want to use sessions and cookies in Laravel Nova (al
 ```php
 public function boot()
     {
-        if(request()->is('cms/*') || request()->is('nova-api/*') || request()->is
+        if(request()->hasCookie('YOURAPPNAME_session') || request()->is('cms/*') || request()->is('nova-api/*') || request()->is
             ('nova-vendor/*')) {
             $this->app['router']->pushMiddlewareToGroup('web', \App\Http\Middleware\EncryptCookies::class);
             $this->app['router']->pushMiddlewareToGroup('web', \Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class);

diff --git a/laravel-fastcgi-cache-config.md b/laravel-fastcgi-cache-config.md
@@ -122,7 +122,7 @@ add_header X-Content-Type-Options "nosniff";
 
 #Custom Laravel
 fastcgi_cache_key       "$request_method $scheme://$host$request_uri";
-fastcgi_cache_use_stale updating error timeout invalid_header http_500;
+fastcgi_cache_use_stale error timeout invalid_header http_500;
 #fastcgi_pass_header     Set-Cookie;
 fastcgi_pass_header     Cookie;
 fastcgi_ignore_headers  Set-Cookie Cache-Control Expires Vary;

diff --git a/laravel-fastcgi-cache-config.md b/laravel-fastcgi-cache-config.md
@@ -95,7 +95,7 @@ if ($http_cookie ~* "YOUR-SESSION-NAME_session") {
 }
 
 # Don't cache uris containing the following segments
-if ($request_uri ~* "/cms/|/telescope/|/horizon/|/nova-api/|/feed|/.*sitemap.*\.(xml|xsl)") {
+if ($request_uri ~* "/cms/|/telescope/|/horizon/|/nova-api/|/nova-vendor/|/feed|/.*sitemap.*\.(xml|xsl)") {
     set $skip_cache 1;
 }
 

diff --git a/laravel-fastcgi-cache-config.md b/laravel-fastcgi-cache-config.md
@@ -89,6 +89,11 @@ if ($query_string ~* "query") {
     set $skip_cache 1;
 }
 
+# Set here your NAME_session, you can take it from HTTP response
+if ($http_cookie ~* "YOUR-SESSION-NAME_session") {
+    set $skip_cache 1;
+}
+
 # Don't cache uris containing the following segments
 if ($request_uri ~* "/cms/|/telescope/|/horizon/|/nova-api/|/feed|/.*sitemap.*\.(xml|xsl)") {
     set $skip_cache 1;

diff --git a/laravel-fastcgi-cache-config.md b/laravel-fastcgi-cache-config.md
@@ -14,7 +14,7 @@ This caching method is cookieless and sessionless, and is ideal for websites wit
 
 ## 1. Disable Session & Cookies in Laravel
 
-The first thing to do is to remove the middlewares that create and store sessions and cookies. You can move those middlewares to another group for reuse by modifying the following method in /app/Http/Kernel.php:
+The first thing to do is to remove the middlewares that create and store sessions and cookies. You can move those middlewares to another group for reuse by modifying the following method in `/app/Http/Kernel.php`:
 
 ```php
 protected $middlewareGroups = [
@@ -42,7 +42,7 @@ Please note that VerifyCSRF can pose a security issue if you don't know how to a
 
 ## 2. Define where to use sesssions and cookies
 
-As we mentioned earlier, we want to use sessions and cookies in Laravel Nova (although you can choose to use them elsewhere). So, edit /app/Providers/AppServiceProvider.php as follows:
+As we mentioned earlier, we want to use sessions and cookies in Laravel Nova (although you can choose to use them elsewhere). So, edit `/app/Providers/AppServiceProvider.php` as follows:
 
 ```php
 public function boot()

diff --git a/laravel-fastcgi-cache-config.md b/laravel-fastcgi-cache-config.md
@@ -24,10 +24,10 @@ protected $middlewareGroups = [
         ],
 
         'cookie' => [
-            \App\Http\Middleware\VerifyCsrfToken::class,
             \Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
             \Illuminate\Session\Middleware\StartSession::class,
             \Illuminate\View\Middleware\ShareErrorsFromSession::class,
+            \App\Http\Middleware\VerifyCsrfToken::class,
         ],
 
         'api' => [

diff --git a/laravel-fastcgi-cache-config.md b/laravel-fastcgi-cache-config.md
@@ -47,12 +47,13 @@ As we mentioned earlier, we want to use sessions and cookies in Laravel Nova (al
 ```php
 public function boot()
     {
-        if(request()->is('cms/*') || request()->is('nova-api/*')) {
-            $this->app['router']->pushMiddlewareToGroup('web', \App\Http\Middleware\VerifyCsrfToken::class);
+        if(request()->is('cms/*') || request()->is('nova-api/*') || request()->is
+            ('nova-vendor/*')) {
             $this->app['router']->pushMiddlewareToGroup('web', \App\Http\Middleware\EncryptCookies::class);
             $this->app['router']->pushMiddlewareToGroup('web', \Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class);
             $this->app['router']->pushMiddlewareToGroup('web', \Illuminate\Session\Middleware\StartSession::class);
             $this->app['router']->pushMiddlewareToGroup('web', \Illuminate\View\Middleware\ShareErrorsFromSession::class);
+            $this->app['router']->pushMiddlewareToGroup('web', \App\Http\Middleware\VerifyCsrfToken::class);
     }
 ```
 

diff --git a/laravel-fastcgi-cache-config.md b/laravel-fastcgi-cache-config.md
@@ -1,4 +1,4 @@
-# Laravel + FastCGI = ❤️
+# Laravel + FastCGI Cache = ❤️
 
 Using FastCGI cache allows you to speed up your website up to 1000x. In fact, the FastCGI cache (or Varnish) mechanism consists of putting a server-caching mechanism between a client and your web server. The whole page will be cached as an HTML output, and it will be delivered instead of using the PHP/MySQL/Redis stack, etc. for all users, but only for the first visit (and others after some specified time).
 

diff --git a/laravel-fastcgi-config.md → laravel-fastcgi-cache-config.md b/laravel-fastcgi-config.md → laravel-fastcgi-cache-config.md
diff --git a/laravel-fastcgi-config.md b/laravel-fastcgi-config.md
@@ -2,7 +2,7 @@
 
 Using FastCGI cache allows you to speed up your website up to 1000x. In fact, the FastCGI cache (or Varnish) mechanism consists of putting a server-caching mechanism between a client and your web server. The whole page will be cached as an HTML output, and it will be delivered instead of using the PHP/MySQL/Redis stack, etc. for all users, but only for the first visit (and others after some specified time).
 
-**WARNING**: This is not a take-away how-to. Please read it carefully and use it at your own risk.
+**WARNING**: This is not a *take-away how-to*. Please read it carefully and use it at your own risk.
 
 This config is based on the ploi.io stack. We will not cover the FastCGI installation process, so please prepare FastCGI and adapt the next config if you need it.
 

diff --git a/laravel-fastcgi-config.md b/laravel-fastcgi-config.md
@@ -2,7 +2,7 @@
 
 Using FastCGI cache allows you to speed up your website up to 1000x. In fact, the FastCGI cache (or Varnish) mechanism consists of putting a server-caching mechanism between a client and your web server. The whole page will be cached as an HTML output, and it will be delivered instead of using the PHP/MySQL/Redis stack, etc. for all users, but only for the first visit (and others after some specified time).
 
-WARNING: This is not a take-away how-to. Please read it carefully and use it at your own risk.
+**WARNING**: This is not a take-away how-to. Please read it carefully and use it at your own risk.
 
 This config is based on the ploi.io stack. We will not cover the FastCGI installation process, so please prepare FastCGI and adapt the next config if you need it.
 

diff --git a/laravel-fastcgi-config.md b/laravel-fastcgi-config.md
@@ -1,14 +1,69 @@
-# Laravel FastCGI config
+# Laravel + FastCGI = ❤️
 
-The main problem we have encountered in Laravel + FastCGI is the use of the `@csrf` parameter, which, by going to create a new token at each refresh, does not allow precise control between logged-in and non-logged-out users. Through a middleware we designed, we are going to refine FastCGI's caching mechanism.
+Using FastCGI cache allows you to speed up your website up to 1000x. In fact, the FastCGI cache (or Varnish) mechanism consists of putting a server-caching mechanism between a client and your web server. The whole page will be cached as an HTML output, and it will be delivered instead of using the PHP/MySQL/Redis stack, etc. for all users, but only for the first visit (and others after some specified time).
 
-This config is based on ploi.io stack, please adapt the FastCGI config if you need it.
+WARNING: This is not a take-away how-to. Please read it carefully and use it at your own risk.
 
-## Usage
+This config is based on the ploi.io stack. We will not cover the FastCGI installation process, so please prepare FastCGI and adapt the next config if you need it.
 
-First, install [Laravel Cookie Auth](https://github.com/The-3Labs-Team/laravel-cookie-auth) extension.
+# What you need to know
+
+To achieve significant improvements in speed and security, it's important to note that pages will be cached and shared among users. Therefore, **it's crucial that sessions and cookies aren't cached**, as doing so may result in shared sessions and security complications.
+
+This caching method is cookieless and sessionless, and is ideal for websites without a login mechanism. However, it also -*supports Laravel Nova authentication*.
+
+## 1. Disable Session & Cookies in Laravel
+
+The first thing to do is to remove the middlewares that create and store sessions and cookies. You can move those middlewares to another group for reuse by modifying the following method in /app/Http/Kernel.php:
+
+```php
+protected $middlewareGroups = [
+        'web' => [
+            \App\Http\Middleware\EncryptCookies::class,
+            \Illuminate\Routing\Middleware\SubstituteBindings::class,
+        ],
+
+        'cookie' => [
+            \App\Http\Middleware\VerifyCsrfToken::class,
+            \Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
+            \Illuminate\Session\Middleware\StartSession::class,
+            \Illuminate\View\Middleware\ShareErrorsFromSession::class,
+        ],
+
+        'api' => [
+            // \Laravel\Sanctum\Http\Middleware\EnsureFrontendRequestsAreStateful::class,
+            'throttle:api',
+            \Illuminate\Routing\Middleware\SubstituteBindings::class,
+        ],
+    ];
+```
+
+Please note that VerifyCSRF can pose a security issue if you don't know how to approach it.
+
+## 2. Define where to use sesssions and cookies
+
+As we mentioned earlier, we want to use sessions and cookies in Laravel Nova (although you can choose to use them elsewhere). So, edit /app/Providers/AppServiceProvider.php as follows:
+
+```php
+public function boot()
+    {
+        if(request()->is('cms/*') || request()->is('nova-api/*')) {
+            $this->app['router']->pushMiddlewareToGroup('web', \App\Http\Middleware\VerifyCsrfToken::class);
+            $this->app['router']->pushMiddlewareToGroup('web', \App\Http\Middleware\EncryptCookies::class);
+            $this->app['router']->pushMiddlewareToGroup('web', \Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class);
+            $this->app['router']->pushMiddlewareToGroup('web', \Illuminate\Session\Middleware\StartSession::class);
+            $this->app['router']->pushMiddlewareToGroup('web', \Illuminate\View\Middleware\ShareErrorsFromSession::class);
+    }
+```
+
+**Note**: in our case we will use `cms` as Nova path instead `nova`. Change it with yours.
+Note that `nova-api` can be used from Laravel Nova Tools, so add it as shown.
+
+
+## 3. Configure FastCGI
 
 We need to define some conditions, where FastCGI will be not enabled.
+
 In `fastcgi-cache.conf`:
 
 ```
@@ -38,13 +93,9 @@ if ($request_uri ~* "/cms/|/telescope/|/horizon/|/nova-api/|/feed|/.*sitemap.*\.
     set $skip_cache 1;
 }
 
-if ($http_cookie ~* "skip_cache") {
-    set $skip_cache 1;
-}
 ```
 
 Now it's time to ignore some headers for preventing misconfiguration.
-WARNING: you will skip the csrf token, so you can have problem with stuff like login inline etc...
 
 In `fastcgi-php-cache`, after `add_header` add:
 
@@ -75,4 +126,6 @@ fastcgi_hide_header     Vary;
 
 fastcgi_cache_bypass $skip_cache;
 fastcgi_no_cache $skip_cache;
-```
+```
+
+Note that this config will use a microcaching mechanism. Please update with your values if you need it.
diff --git a/laravel-fastcgi-config.md b/laravel-fastcgi-config.md
@@ -21,22 +21,26 @@ if ($request_method = POST) {
 }
 
 # Don't cache when there is a query string (e.g. ?search=query)
-if ($query_string != "") {
+#if ($query_string != "") {
+#    set $skip_cache 1;
+#}
+
+# Don't cache if querystring 
+if ($query_string ~* "nocache") {
+    set $skip_cache 1;
+}
+if ($query_string ~* "query") {
     set $skip_cache 1;
 }
 
 # Don't cache uris containing the following segments
-if ($request_uri ~* "/cms/|/nova-api/|/feed|/.*sitemap.*\.(xml|xsl)") {
+if ($request_uri ~* "/cms/|/telescope/|/horizon/|/nova-api/|/feed|/.*sitemap.*\.(xml|xsl)") {
     set $skip_cache 1;
 }
 
-# Don't use the cache for logged in users or recent commenters
 if ($http_cookie ~* "skip_cache") {
     set $skip_cache 1;
 }
-if ($http_cookie = "skip_cache") {
-    set $skip_cache 1;
-}
 ```
 
 Now it's time to ignore some headers for preventing misconfiguration.
@@ -45,6 +49,21 @@ WARNING: you will skip the csrf token, so you can have problem with stuff like l
 In `fastcgi-php-cache`, after `add_header` add:
 
 ```
+fastcgi_cache NAMECACHE;
+fastcgi_cache_valid any 5s;
+
+# Allow only 1 request to cache content
+fastcgi_cache_lock on;
+# Use old cache when it's updating
+fastcgi_cache_use_stale updating;
+fastcgi_cache_background_update on;
+
+add_header X-FastCGI-Cache $upstream_cache_status;
+add_header X-Frame-Options "SAMEORIGIN";
+add_header X-XSS-Protection "1; mode=block";
+add_header X-Content-Type-Options "nosniff";
+
+#Custom Laravel
 fastcgi_cache_key       "$request_method $scheme://$host$request_uri";
 fastcgi_cache_use_stale updating error timeout invalid_header http_500;
 #fastcgi_pass_header     Set-Cookie;
@@ -53,4 +72,7 @@ fastcgi_ignore_headers  Set-Cookie Cache-Control Expires Vary;
 fastcgi_hide_header     Expires;
 fastcgi_hide_header     Pragma;
 fastcgi_hide_header     Vary;
+
+fastcgi_cache_bypass $skip_cache;
+fastcgi_no_cache $skip_cache;
 ```
diff --git a/laravel-fastcgi-config.md b/laravel-fastcgi-config.md
@@ -26,24 +26,17 @@ if ($query_string != "") {
 }
 
 # Don't cache uris containing the following segments
-if ($request_uri ~* "/cms/|/cms/*|/nova-api/*|/feed|/.*sitemap.*\.(xml|xsl)") {
+if ($request_uri ~* "/cms/|/nova-api/|/feed|/.*sitemap.*\.(xml|xsl)") {
     set $skip_cache 1;
 }
 
 # Don't use the cache for logged in users or recent commenters
 if ($http_cookie ~* "skip_cache") {
     set $skip_cache 1;
 }
-
 if ($http_cookie = "skip_cache") {
     set $skip_cache 1;
 }
-
-# Don't cache if there is a cookie called PHPSESSID
-if ($http_cookie = "PHPSESSID")
-{
-    set $no_cache 1;
-}
 ```
 
 Now it's time to ignore some headers for preventing misconfiguration.

diff --git a/laravel-fastcgi-config.md b/laravel-fastcgi-config.md
@@ -20,7 +20,7 @@ if ($request_method = POST) {
     set $skip_cache 1;
 }
 
-# Don't cache when there is a query string (e.g. ?search=query or ?nocache=1)
+# Don't cache when there is a query string (e.g. ?search=query)
 if ($query_string != "") {
     set $skip_cache 1;
 }
@@ -34,6 +34,16 @@ if ($request_uri ~* "/cms/|/cms/*|/nova-api/*|/feed|/.*sitemap.*\.(xml|xsl)") {
 if ($http_cookie ~* "skip_cache") {
     set $skip_cache 1;
 }
+
+if ($http_cookie = "skip_cache") {
+    set $skip_cache 1;
+}
+
+# Don't cache if there is a cookie called PHPSESSID
+if ($http_cookie = "PHPSESSID")
+{
+    set $no_cache 1;
+}
 ```
 
 Now it's time to ignore some headers for preventing misconfiguration.

diff --git a/laravel-fastcgi-config.md b/laravel-fastcgi-config.md
@@ -26,7 +26,7 @@ if ($query_string != "") {
 }
 
 # Don't cache uris containing the following segments
-if ($request_uri ~* "/cms/|/cms/*|/nova-api/*|/.*sitemap.*\.(xml|xsl)") {
+if ($request_uri ~* "/cms/|/cms/*|/nova-api/*|/feed|/.*sitemap.*\.(xml|xsl)") {
     set $skip_cache 1;
 }
 

diff --git a/laravel-fastcgi-config.md b/laravel-fastcgi-config.md
@@ -6,8 +6,9 @@ This config is based on ploi.io stack, please adapt the FastCGI config if you ne
 
 ## Usage
 
-First, install [CookieCacheMiddleware](https://github.com/The-3Labs-Team/laravel-cookie-auth).
+First, install [Laravel Cookie Auth](https://github.com/The-3Labs-Team/laravel-cookie-auth) extension.
 
+We need to define some conditions, where FastCGI will be not enabled.
 In `fastcgi-cache.conf`:
 
 ```
@@ -19,7 +20,7 @@ if ($request_method = POST) {
     set $skip_cache 1;
 }
 
-# Don't cache when there is a query string (e.g. ?search=query)
+# Don't cache when there is a query string (e.g. ?search=query or ?nocache=1)
 if ($query_string != "") {
     set $skip_cache 1;
 }
@@ -35,6 +36,9 @@ if ($http_cookie ~* "skip_cache") {
 }
 ```
 
+Now it's time to ignore some headers for preventing misconfiguration.
+WARNING: you will skip the csrf token, so you can have problem with stuff like login inline etc...
+
 In `fastcgi-php-cache`, after `add_header` add:
 
 ```

diff --git a/laravel-fastcgi-config.md b/laravel-fastcgi-config.md
@@ -25,7 +25,7 @@ if ($query_string != "") {
 }
 
 # Don't cache uris containing the following segments
-if ($request_uri ~* "/cms/*|/api/*|/.*sitemap.*\.(xml|xsl)") {
+if ($request_uri ~* "/cms/|/cms/*|/nova-api/*|/.*sitemap.*\.(xml|xsl)") {
     set $skip_cache 1;
 }
 

diff --git a/laravel-fastcgi-config.md b/laravel-fastcgi-config.md
@@ -1,8 +1,12 @@
 # Laravel FastCGI config
 
-This config is based on ploi.io preconfig.
+The main problem we have encountered in Laravel + FastCGI is the use of the `@csrf` parameter, which, by going to create a new token at each refresh, does not allow precise control between logged-in and non-logged-out users. Through a middleware we designed, we are going to refine FastCGI's caching mechanism.
 
-First, install CookieCacheMiddleware.
+This config is based on ploi.io stack, please adapt the FastCGI config if you need it.
+
+## Usage
+
+First, install [CookieCacheMiddleware](https://github.com/The-3Labs-Team/laravel-cookie-auth).
 
 In `fastcgi-cache.conf`:
 

diff --git a/laravel-fastcgi-config.md b/laravel-fastcgi-config.md
@@ -0,0 +1,45 @@
+# Laravel FastCGI config
+
+This config is based on ploi.io preconfig.
+
+First, install CookieCacheMiddleware.
+
+In `fastcgi-cache.conf`:
+
+```
+# Create a variable to skip the cache
+set $skip_cache 0;
+
+# POST requests and urls with a query string should always go to PHP
+if ($request_method = POST) {
+    set $skip_cache 1;
+}
+
+# Don't cache when there is a query string (e.g. ?search=query)
+if ($query_string != "") {
+    set $skip_cache 1;
+}
+
+# Don't cache uris containing the following segments
+if ($request_uri ~* "/cms/*|/api/*|/.*sitemap.*\.(xml|xsl)") {
+    set $skip_cache 1;
+}
+
+# Don't use the cache for logged in users or recent commenters
+if ($http_cookie ~* "skip_cache") {
+    set $skip_cache 1;
+}
+```
+
+In `fastcgi-php-cache`, after `add_header` add:
+
+```
+fastcgi_cache_key       "$request_method $scheme://$host$request_uri";
+fastcgi_cache_use_stale updating error timeout invalid_header http_500;
+#fastcgi_pass_header     Set-Cookie;
+fastcgi_pass_header     Cookie;
+fastcgi_ignore_headers  Set-Cookie Cache-Control Expires Vary;
+fastcgi_hide_header     Expires;
+fastcgi_hide_header     Pragma;
+fastcgi_hide_header     Vary;
+```
No results found