What is the name of the domain?
What is the issue you’re encountering
Despite calling the CF API to purge individual entries from the cache, they remain (outdated) in some edge servers.
What steps have you taken to resolve the issue?
Calling the API again, once the outdated cache entry is recognised, usually solves the issue.
What are the steps to reproduce the issue?
We host an APT (Debian package) server, which consists, aside of the DEB packages themselves, of compressed package list files Packages.xz
as well as an InRelease
file per distro/release, which contains sizes and hashes for all Packages.xz
files, and an embedded signature. We cache all those files. The packages have a version string in their file name, hence their cache entry never needs to change, but the Packages.xz
and InRelease
files do change.
When adding or removing any package, the Packages.xz
for all architectures of all APT server components which contain it, need to be rewritten, as well as the InRelease
file for the APT distro/release of those components. On any update, a script scans the package directories of the distro/release to be updated, regenerates all Packages.xz
files and the related InRelease
, and then does a Cloudflare API call to purge those files from the Cloudflare cache:
curl -sSf 'https://api.cloudflare.com/client/v4/zones/<zone_id>/purge_cache' -H 'Authorization: Bearer <api_key>' -H 'Content-Type: application/json' --data "{\"files\":[${files%,}]}" | grep '"success":true,"errors":\[\],' || exit $?
Since we currently use the Cloudflare free plan, each API call is limited to 30 files, while in case of larger updates, more files could be affected. We hence split those into multiple calls, if needed. As can be seen, we check for curl
errors and as well assure the API does not return any error. This never happens, but regularly, individual CF edge servers have individual outdated entries, and do keep them until expiry timeout or another API call to purge them.
Are there any limitations with the API, or known issues when doing multiple calls shortly after another? Since API depends on InRelease
sizes and hashes to match the package list, as inherent integrity check, we need those files to be purged reliably from the cache.