From 32f7aedc00cd742d4c089b69457730a62fee8430 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=A9r=C3=B4me=20Vieilledent?= Date: Fri, 3 Oct 2014 16:09:38 +0200 Subject: [PATCH 01/13] EZP-22400: Added FOSHttpCacheBundle --- composer.json | 5 ++++- ezpublish/EzPublishKernel.php | 4 ++++ 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/composer.json b/composer.json index 79824d4f..ab17bc9c 100644 --- a/composer.json +++ b/composer.json @@ -34,7 +34,10 @@ "hautelook/templated-uri-bundle": "~1.0 | ~2.0", "doctrine/dbal": "~2.5@rc", "doctrine/doctrine-bundle": "~1.3@beta", - "liip/imagine-bundle": "~1.0" + "liip/imagine-bundle": "~1.0", + "friendsofsymfony/http-cache-bundle": "~1.0", + "symfony/expression-language": "~2.4", + "sensio/framework-extra-bundle": "~2.2|~3.0" }, "require-dev": { "behat/behat": "3.0.*", diff --git a/ezpublish/EzPublishKernel.php b/ezpublish/EzPublishKernel.php index 70bcdf15..5345cd03 100644 --- a/ezpublish/EzPublishKernel.php +++ b/ezpublish/EzPublishKernel.php @@ -18,6 +18,7 @@ use EzSystems\BehatBundle\EzSystemsBehatBundle; use eZ\Bundle\EzPublishCoreBundle\Kernel; use EzSystems\NgsymfonytoolsBundle\EzSystemsNgsymfonytoolsBundle; +use FOS\HttpCacheBundle\FOSHttpCacheBundle; use Liip\ImagineBundle\LiipImagineBundle; use Symfony\Component\Config\Loader\LoaderInterface; use Symfony\Bundle\FrameworkBundle\FrameworkBundle; @@ -37,6 +38,7 @@ use Doctrine\Bundle\DoctrineBundle\DoctrineBundle; use Knp\Bundle\MenuBundle\KnpMenuBundle; use Oneup\FlysystemBundle\OneupFlysystemBundle; +use Sensio\Bundle\FrameworkExtraBundle\SensioFrameworkExtraBundle; class EzPublishKernel extends Kernel { @@ -57,9 +59,11 @@ public function registerBundles() new SwiftmailerBundle(), new AsseticBundle(), new DoctrineBundle(), + new SensioFrameworkExtraBundle(), new TedivmStashBundle(), new HautelookTemplatedUriBundle(), new LiipImagineBundle(), + new FOSHttpCacheBundle(), new EzPublishCoreBundle(), new EzPublishLegacyBundle( $this ), new EzPublishIOBundle(), From 4b79c4a2293bef8763eceffc0adc2f0b4b4bad45 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=A9r=C3=B4me=20Vieilledent?= Date: Tue, 28 Oct 2014 16:14:59 +0100 Subject: [PATCH 02/13] EZP-22400: Added Varnish samples --- doc/varnish/varnish.md | 10 ++ doc/varnish/vcl/varnish3.vcl | 224 +++++++++++++++++++++++++++++++++++ doc/varnish/vcl/varnish4.vcl | 224 +++++++++++++++++++++++++++++++++++ 3 files changed, 458 insertions(+) create mode 100644 doc/varnish/varnish.md create mode 100644 doc/varnish/vcl/varnish3.vcl create mode 100644 doc/varnish/vcl/varnish4.vcl diff --git a/doc/varnish/varnish.md b/doc/varnish/varnish.md new file mode 100644 index 00000000..41994429 --- /dev/null +++ b/doc/varnish/varnish.md @@ -0,0 +1,10 @@ +# eZ Publish Varnish configuration + +## Prerequisites +* A working Varnish 3 or Varnish 4 setup. + +## Recommended VCL base files +For Varnish to work properly with eZ, you'll need to use one of the provided files as a basis: + +* [eZ 5.4+ / 2014.09+ with Varnish 3](vcl/varnish3.vcl) +* [eZ 5.4+ / 2014.09+ with Varnish 4](vcl/varnish4.vcl) diff --git a/doc/varnish/vcl/varnish3.vcl b/doc/varnish/vcl/varnish3.vcl new file mode 100644 index 00000000..b4b8c783 --- /dev/null +++ b/doc/varnish/vcl/varnish3.vcl @@ -0,0 +1,224 @@ +# Varnish 3 style - eZ 5.4+ / 2014.09+ +# Complete VCL example + +# Our Backend - Assuming that web server is listening on port 80 +# Replace the host to fit your setup +backend ezpublish { + .host = "127.0.0.1"; + .port = "80"; +} + +# ACL for purgers IP +acl purgers { + "127.0.0.1"; + "192.168.0.0"/16; +} + +# ACL for debuggers IP +acl debuggers { + "127.0.0.1"; + "192.168.0.0"/16; +} + +# Called at the beginning of a request, after the complete request has been received +sub vcl_recv { + + # Set the backend + set req.backend = ezpublish; + + # Advertise Symfony for ESI support + set req.http.Surrogate-Capability = "abc=ESI/1.0"; + + # Add a unique header containing the client address (only for master request) + # Please note that /_fragment URI can change in Symfony configuration + if (!req.url ~ "^/_fragment") { + if (req.http.x-forwarded-for) { + set req.http.X-Forwarded-For = req.http.X-Forwarded-For + ", " + client.ip; + } else { + set req.http.X-Forwarded-For = client.ip; + } + } + + # Trigger cache purge if needed + call ez_purge; + + # Don't cache requests other than GET and HEAD. + if (req.request != "GET" && req.request != "HEAD") { + return (pass); + } + + # Normalize the Accept-Encoding headers + if (req.http.Accept-Encoding) { + if (req.http.Accept-Encoding ~ "gzip") { + set req.http.Accept-Encoding = "gzip"; + } elsif (req.http.Accept-Encoding ~ "deflate") { + set req.http.Accept-Encoding = "deflate"; + } else { + unset req.http.Accept-Encoding; + } + } + + # Don't cache Authenticate & Authorization + # You may remove this when using REST API with basic auth. + if (req.http.Authenticate || req.http.Authorization) { + if (client.ip ~ debuggers) { + set req.http.X-Debug = "Not Cached according to configuration (Authorization)"; + } + return(pass); + } + + # Do a standard lookup on assets + # Note that file extension list below is not extensive, so consider completing it to fit your needs. + if (req.url ~ "\.(css|js|gif|jpe?g|bmp|png|tiff?|ico|img|tga|wmf|svg|swf|ico|mp3|mp4|m4a|ogg|mov|avi|wmv|zip|gz|pdf|ttf|eot|wof)$") { + return (lookup); + } + + # Retrieve client user hash and add it to the forwarded request. + call ez_user_hash; + + # If it passes all these tests, do a lookup anyway. + return (lookup); +} + +# Called when the requested object has been retrieved from the backend +sub vcl_fetch { + + if (req.restarts == 0 + && req.http.accept ~ "application/vnd.fos.user-context-hash" + && beresp.status >= 500 + ) { + error 503 "Hash error"; + } + + # Optimize to only parse the Response contents from Symfony + if (beresp.http.Surrogate-Control ~ "ESI/1.0") { + unset beresp.http.Surrogate-Control; + set beresp.do_esi = true; + } + + # Don't cache response with Set-Cookie + if ( beresp.http.Set-Cookie ) { + set beresp.ttl = 0s; + return (hit_for_pass); + } + + # Respect the Cache-Control=private header from the backend + if (beresp.http.Cache-Control ~ "private") { + set beresp.ttl = 0s; + return (hit_for_pass); + } + + # Force TTL for some medias extension + #if (req.request == "GET" && req.url ~ "\.(gif|jpg|jpeg|bmp|png|tiff|tif|ico|img|tga|wmf|svg|swf|ico|mp3|mp4|m4a|ogg|mov|avi|wmv)$") { + # set beresp.ttl = 7d; + #} + # Force TTL for various other content pages + #if (req.request == "GET" && req.url ~ "\.(css|js|html)$") { + # set beresp.ttl = 1d; + #} + + return (deliver); +} + +# Handle purge +# You may add FOSHttpCacheBundle tagging rules +# See http://foshttpcache.readthedocs.org/en/latest/varnish-configuration.html#id4 +sub ez_purge { + + if (req.request == "PURGE" || req.request == "BAN") { + if (!client.ip ~ purgers) { + error 405 "Method not allowed"; + } + + if (req.http.X-Location-Id) { + ban( "obj.http.X-Location-Id ~ " + req.http.X-Location-Id); + if (client.ip ~ debuggers) { + set req.http.X-Debug = "Ban done for content connected to LocationId " + req.http.X-Location-Id; + } + error 200 "Banned"; + } + } +} + +# Sub-routine to get client user hash, for context-aware HTTP cache. +sub ez_user_hash { + + # Prevent tampering attacks on the hash mechanism + if (req.restarts == 0 + && (req.http.accept ~ "application/vnd.fos.user-context-hash" + || req.http.x-user-hash + ) + ) { + error 400; + } + + if (req.restarts == 0 && (req.request == "GET" || req.request == "HEAD")) { + # Anonymous user => Set a hardcoded anonymous hash + if (req.http.Cookie !~ "eZSESSID" && !req.http.authorization) { + set req.http.X-User-Hash = "38015b703d82206ebc01d17a39c727e5"; + } + # Pre-authenticate request to get shared cache, even when authenticated + else { + set req.http.x-fos-original-url = req.url; + set req.http.x-fos-original-accept = req.http.accept; + set req.http.x-fos-original-cookie = req.http.cookie; + # Clean up cookie for the hash request to only keep session cookie, as hash cache will vary on cookie. + set req.http.cookie = ";" + req.http.cookie; + set req.http.cookie = regsuball(req.http.cookie, "; +", ";"); + set req.http.cookie = regsuball(req.http.cookie, ";(eZSESSID[^=]*)=", "; \1="); + set req.http.cookie = regsuball(req.http.cookie, ";[^ ][^;]*", ""); + set req.http.cookie = regsuball(req.http.cookie, "^[; ]+|[; ]+$", ""); + + set req.http.accept = "application/vnd.fos.user-context-hash"; + set req.url = "/_fos_user_context_hash"; + + # Force the lookup, the backend must tell how to cache/vary response containing the user hash + + return (lookup); + } + } + + # Rebuild the original request which now has the hash. + if (req.restarts > 0 + && req.http.accept == "application/vnd.fos.user-context-hash" + ) { + set req.url = req.http.x-fos-original-url; + set req.http.accept = req.http.x-fos-original-accept; + set req.http.cookie = req.http.x-fos-original-cookie; + + unset req.http.x-fos-original-url; + unset req.http.x-fos-original-accept; + unset req.http.x-fos-original-cookie; + + # Force the lookup, the backend must tell not to cache or vary on the + # user hash to properly separate cached data. + + return (lookup); + } +} + +sub vcl_deliver { + # On receiving the hash response, copy the hash header to the original + # request and restart. + if (req.restarts == 0 + && resp.http.content-type ~ "application/vnd.fos.user-context-hash" + && resp.status == 200 + ) { + set req.http.x-user-hash = resp.http.x-user-hash; + + return (restart); + } + + # If we get here, this is a real response that gets sent to the client. + + # Remove the vary on context user hash, this is nothing public. Keep all + # other vary headers. + set resp.http.Vary = regsub(resp.http.Vary, "(?i),? *x-user-hash *", ""); + set resp.http.Vary = regsub(resp.http.Vary, "^, *", ""); + if (resp.http.Vary == "") { + unset resp.http.Vary; + } + + # Sanity check to prevent ever exposing the hash to a client. + unset resp.http.x-user-hash; +} diff --git a/doc/varnish/vcl/varnish4.vcl b/doc/varnish/vcl/varnish4.vcl new file mode 100644 index 00000000..e40321b9 --- /dev/null +++ b/doc/varnish/vcl/varnish4.vcl @@ -0,0 +1,224 @@ +# Varnish 4 style - eZ 5.4+ / 2014.09+ +# Complete VCL example + +vcl 4.0; + +# Our Backend - Assuming that web server is listening on port 80 +# Replace the host to fit your setup +backend ezpublish { + .host = "my_site.com"; + .port = "80"; +} + +# ACL for purgers IP +acl purgers { + "127.0.0.1"; + "192.168.0.0"/16; +} + +# ACL for debuggers IP +acl debuggers { + "127.0.0.1"; + "192.168.0.0"/16; +} + +# Called at the beginning of a request, after the complete request has been received +sub vcl_recv { + + # Set the backend + set req.backend = ezpublish; + + # Advertise Symfony for ESI support + set req.http.Surrogate-Capability = "abc=ESI/1.0"; + + # Add a unique header containing the client address (only for master request) + # Please note that /_fragment URI can change in Symfony configuration + if (!req.url ~ "^/_fragment") { + if (req.http.x-forwarded-for) { + set req.http.X-Forwarded-For = req.http.X-Forwarded-For + ", " + client.ip; + } else { + set req.http.X-Forwarded-For = client.ip; + } + } + + # Trigger cache purge if needed + call ez_purge; + + # Don't cache requests other than GET and HEAD. + if (req.method != "GET" && req.method != "HEAD") { + return (pass); + } + + # Normalize the Accept-Encoding headers + if (req.http.Accept-Encoding) { + if (req.http.Accept-Encoding ~ "gzip") { + set req.http.Accept-Encoding = "gzip"; + } elsif (req.http.Accept-Encoding ~ "deflate") { + set req.http.Accept-Encoding = "deflate"; + } else { + unset req.http.Accept-Encoding; + } + } + + # Don't cache Authenticate & Authorization + # You may remove this when using REST API with basic auth. + if (req.http.Authenticate || req.http.Authorization) { + if (client.ip ~ debuggers) { + set req.http.X-Debug = "Not Cached according to configuration (Authorization)"; + } + return (hash); + } + + # Do a standard lookup on assets + # Note that file extension list below is not extensive, so consider completing it to fit your needs. + if (req.url ~ "\.(css|js|gif|jpe?g|bmp|png|tiff?|ico|img|tga|wmf|svg|swf|ico|mp3|mp4|m4a|ogg|mov|avi|wmv|zip|gz|pdf|ttf|eot|wof)$") { + return (hash); + } + + # Retrieve client user hash and add it to the forwarded request. + call ez_user_hash; + + # If it passes all these tests, do a lookup anyway. + return (hash); +} + +# Called when the requested object has been retrieved from the backend +sub vcl_backend_response { + + if (bereq.http.accept ~ "application/vnd.fos.user-context-hash" + && beresp.status >= 500 + ) { + return (abandon); + } + + # Optimize to only parse the Response contents from Symfony + if (beresp.http.Surrogate-Control ~ "ESI/1.0") { + unset beresp.http.Surrogate-Control; + set beresp.do_esi = true; + } + + # Don't cache response with Set-Cookie + if (beresp.http.Set-Cookie) { + set beresp.ttl = 0s; + return (hit_for_pass); + } + + # Respect the Cache-Control=private header from the backend + if (beresp.http.Cache-Control ~ "private") { + set beresp.ttl = 0s; + return (hit_for_pass); + } + + # Force TTL for some medias extension + #if (bereq.method == "GET" && bereq.url ~ "\.(gif|jpg|jpeg|bmp|png|tiff|tif|ico|img|tga|wmf|svg|swf|ico|mp3|mp4|m4a|ogg|mov|avi|wmv)$") { + # set beresp.ttl = 7d; + #} + # Force TTL for various other content pages + #if (bereq.method == "GET" && bereq.url ~ "\.(css|js|html)$") { + # set beresp.ttl = 1d; + #} + + return (deliver); +} + +# Handle purge +# You may add FOSHttpCacheBundle tagging rules +# See http://foshttpcache.readthedocs.org/en/latest/varnish-configuration.html#id4 +sub ez_purge { + + if (req.method == "PURGE" || req.method == "BAN") { + if (!client.ip ~ purgers) { + return (synth(405, "Method not allowed")); + } + + if (req.http.X-Location-Id) { + ban("obj.http.X-Location-Id ~ " + req.http.X-Location-Id); + if (client.ip ~ debuggers) { + set req.http.X-Debug = "Ban done for content connected to LocationId " + req.http.X-Location-Id; + } + return (synth(200, "Banned")); + } + } +} + +# Sub-routine to get client user hash, for context-aware HTTP cache. +sub ez_user_hash { + + # Prevent tampering attacks on the hash mechanism + if (req.restarts == 0 + && (req.http.accept ~ "application/vnd.fos.user-context-hash" + || req.http.x-user-hash + ) + ) { + return (synth(400)); + } + + if (req.restarts == 0 && (req.method == "GET" || req.method == "HEAD")) { + # Anonymous user => Set a hardcoded anonymous hash + if (req.http.Cookie !~ "eZSESSID" && !req.http.authorization) { + set req.http.X-User-Hash = "38015b703d82206ebc01d17a39c727e5"; + } + # Pre-authenticate request to get shared cache, even when authenticated + else { + set req.http.x-fos-original-url = req.url; + set req.http.x-fos-original-accept = req.http.accept; + set req.http.x-fos-original-cookie = req.http.cookie; + # Clean up cookie for the hash request to only keep session cookie, as hash cache will vary on cookie. + set req.http.cookie = ";" + req.http.cookie; + set req.http.cookie = regsuball(req.http.cookie, "; +", ";"); + set req.http.cookie = regsuball(req.http.cookie, ";(eZSESSID[^=]*)=", "; \1="); + set req.http.cookie = regsuball(req.http.cookie, ";[^ ][^;]*", ""); + set req.http.cookie = regsuball(req.http.cookie, "^[; ]+|[; ]+$", ""); + + set req.http.accept = "application/vnd.fos.user-context-hash"; + set req.url = "/_fos_user_context_hash"; + + # Force the lookup, the backend must tell how to cache/vary response containing the user hash + + return (hash); + } + } + + # Rebuild the original request which now has the hash. + if (req.restarts > 0 + && req.http.accept == "application/vnd.fos.user-context-hash" + ) { + set req.url = req.http.x-fos-original-url; + set req.http.accept = req.http.x-fos-original-accept; + set req.http.cookie = req.http.x-fos-original-cookie; + + unset req.http.x-fos-original-url; + unset req.http.x-fos-original-accept; + unset req.http.x-fos-original-cookie; + + # Force the lookup, the backend must tell not to cache or vary on the + # user hash to properly separate cached data. + + return (hash); + } +} + +sub vcl_deliver { + # On receiving the hash response, copy the hash header to the original + # request and restart. + if (req.restarts == 0 + && resp.http.content-type ~ "application/vnd.fos.user-context-hash" + ) { + set req.http.x-user-hash = resp.http.x-user-hash; + + return (restart); + } + + # If we get here, this is a real response that gets sent to the client. + + # Remove the vary on context user hash, this is nothing public. Keep all + # other vary headers. + set resp.http.Vary = regsub(resp.http.Vary, "(?i),? *x-user-hash *", ""); + set resp.http.Vary = regsub(resp.http.Vary, "^, *", ""); + if (resp.http.Vary == "") { + unset resp.http.Vary; + } + + # Sanity check to prevent ever exposing the hash to a client. + unset resp.http.x-user-hash; +} From f3d1df408149191b8b48296974fafda428f60003 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=A9r=C3=B4me=20Vieilledent?= Date: Tue, 28 Oct 2014 16:15:58 +0100 Subject: [PATCH 03/13] EZP-22400: Point to ezpublish-kernel: impl_EZP-22400_FOSHttpCacheBundle --- composer.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/composer.json b/composer.json index ab17bc9c..a3901369 100644 --- a/composer.json +++ b/composer.json @@ -23,7 +23,7 @@ "sensio/generator-bundle": "~2.3", "incenteev/composer-parameter-handler": "~2.0", "tedivm/stash-bundle": "0.4.*", - "ezsystems/ezpublish-kernel": "dev-master", + "ezsystems/ezpublish-kernel": "dev-impl_EZP-22400_FOSHttpCacheBundle", "ezsystems/ezpublish-legacy": "dev-master", "ezsystems/demobundle": "dev-master", "ezsystems/comments-bundle": "dev-master", From 49dd0f2717b292506654208573f5181872327f10 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=A9r=C3=B4me=20Vieilledent?= Date: Tue, 28 Oct 2014 17:41:10 +0100 Subject: [PATCH 04/13] EZP-22400: Fixed VCL for Varnish 4 --- doc/varnish/vcl/varnish4.vcl | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/doc/varnish/vcl/varnish4.vcl b/doc/varnish/vcl/varnish4.vcl index e40321b9..7bf2454e 100644 --- a/doc/varnish/vcl/varnish4.vcl +++ b/doc/varnish/vcl/varnish4.vcl @@ -6,7 +6,7 @@ vcl 4.0; # Our Backend - Assuming that web server is listening on port 80 # Replace the host to fit your setup backend ezpublish { - .host = "my_site.com"; + .host = "127.0.0.1"; .port = "80"; } @@ -26,7 +26,7 @@ acl debuggers { sub vcl_recv { # Set the backend - set req.backend = ezpublish; + set req.backend_hint = ezpublish; # Advertise Symfony for ESI support set req.http.Surrogate-Capability = "abc=ESI/1.0"; @@ -100,13 +100,15 @@ sub vcl_backend_response { # Don't cache response with Set-Cookie if (beresp.http.Set-Cookie) { set beresp.ttl = 0s; - return (hit_for_pass); + set beresp.uncacheable = true; + return (deliver); } # Respect the Cache-Control=private header from the backend if (beresp.http.Cache-Control ~ "private") { set beresp.ttl = 0s; - return (hit_for_pass); + set beresp.uncacheable = true; + return (deliver); } # Force TTL for some medias extension From d158d39f3968c5e380f32342f4d9e929b0021f7d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=A9r=C3=B4me=20Vieilledent?= Date: Wed, 29 Oct 2014 15:30:40 +0100 Subject: [PATCH 05/13] Changed comment character in VCL examples + Ensure "no-cache", "no-store" and "private" values in Cache-control are not cached --- doc/varnish/vcl/varnish3.vcl | 102 +++++++++++++++++------------------ doc/varnish/vcl/varnish4.vcl | 102 +++++++++++++++++------------------ 2 files changed, 102 insertions(+), 102 deletions(-) diff --git a/doc/varnish/vcl/varnish3.vcl b/doc/varnish/vcl/varnish3.vcl index b4b8c783..faf4bde7 100644 --- a/doc/varnish/vcl/varnish3.vcl +++ b/doc/varnish/vcl/varnish3.vcl @@ -1,36 +1,36 @@ -# Varnish 3 style - eZ 5.4+ / 2014.09+ -# Complete VCL example +// Varnish 3 style - eZ 5.4+ / 2014.09+ +// Complete VCL example -# Our Backend - Assuming that web server is listening on port 80 -# Replace the host to fit your setup +// Our Backend - Assuming that web server is listening on port 80 +// Replace the host to fit your setup backend ezpublish { .host = "127.0.0.1"; .port = "80"; } -# ACL for purgers IP +// ACL for purgers IP acl purgers { "127.0.0.1"; "192.168.0.0"/16; } -# ACL for debuggers IP +// ACL for debuggers IP acl debuggers { "127.0.0.1"; "192.168.0.0"/16; } -# Called at the beginning of a request, after the complete request has been received +// Called at the beginning of a request, after the complete request has been received sub vcl_recv { - # Set the backend + // Set the backend set req.backend = ezpublish; - # Advertise Symfony for ESI support + // Advertise Symfony for ESI support set req.http.Surrogate-Capability = "abc=ESI/1.0"; - # Add a unique header containing the client address (only for master request) - # Please note that /_fragment URI can change in Symfony configuration + // Add a unique header containing the client address (only for master request) + // Please note that /_fragment URI can change in Symfony configuration if (!req.url ~ "^/_fragment") { if (req.http.x-forwarded-for) { set req.http.X-Forwarded-For = req.http.X-Forwarded-For + ", " + client.ip; @@ -39,15 +39,15 @@ sub vcl_recv { } } - # Trigger cache purge if needed + // Trigger cache purge if needed call ez_purge; - # Don't cache requests other than GET and HEAD. + // Don't cache requests other than GET and HEAD. if (req.request != "GET" && req.request != "HEAD") { return (pass); } - # Normalize the Accept-Encoding headers + // Normalize the Accept-Encoding headers if (req.http.Accept-Encoding) { if (req.http.Accept-Encoding ~ "gzip") { set req.http.Accept-Encoding = "gzip"; @@ -58,8 +58,8 @@ sub vcl_recv { } } - # Don't cache Authenticate & Authorization - # You may remove this when using REST API with basic auth. + // Don't cache Authenticate & Authorization + // You may remove this when using REST API with basic auth. if (req.http.Authenticate || req.http.Authorization) { if (client.ip ~ debuggers) { set req.http.X-Debug = "Not Cached according to configuration (Authorization)"; @@ -67,20 +67,20 @@ sub vcl_recv { return(pass); } - # Do a standard lookup on assets - # Note that file extension list below is not extensive, so consider completing it to fit your needs. + // Do a standard lookup on assets + // Note that file extension list below is not extensive, so consider completing it to fit your needs. if (req.url ~ "\.(css|js|gif|jpe?g|bmp|png|tiff?|ico|img|tga|wmf|svg|swf|ico|mp3|mp4|m4a|ogg|mov|avi|wmv|zip|gz|pdf|ttf|eot|wof)$") { return (lookup); } - # Retrieve client user hash and add it to the forwarded request. + // Retrieve client user hash and add it to the forwarded request. call ez_user_hash; - # If it passes all these tests, do a lookup anyway. + // If it passes all these tests, do a lookup anyway. return (lookup); } -# Called when the requested object has been retrieved from the backend +// Called when the requested object has been retrieved from the backend sub vcl_fetch { if (req.restarts == 0 @@ -90,39 +90,39 @@ sub vcl_fetch { error 503 "Hash error"; } - # Optimize to only parse the Response contents from Symfony + // Optimize to only parse the Response contents from Symfony if (beresp.http.Surrogate-Control ~ "ESI/1.0") { unset beresp.http.Surrogate-Control; set beresp.do_esi = true; } - # Don't cache response with Set-Cookie + // Don't cache response with Set-Cookie if ( beresp.http.Set-Cookie ) { set beresp.ttl = 0s; return (hit_for_pass); } - # Respect the Cache-Control=private header from the backend - if (beresp.http.Cache-Control ~ "private") { + // Respect the Cache-Control=private header from the backend + if (beresp.http.Cache-Control ~ "no-cache|no-store|private") { set beresp.ttl = 0s; return (hit_for_pass); } - # Force TTL for some medias extension - #if (req.request == "GET" && req.url ~ "\.(gif|jpg|jpeg|bmp|png|tiff|tif|ico|img|tga|wmf|svg|swf|ico|mp3|mp4|m4a|ogg|mov|avi|wmv)$") { - # set beresp.ttl = 7d; - #} - # Force TTL for various other content pages - #if (req.request == "GET" && req.url ~ "\.(css|js|html)$") { - # set beresp.ttl = 1d; - #} + // Force TTL for some medias extension + //if (req.request == "GET" && req.url ~ "\.(gif|jpg|jpeg|bmp|png|tiff|tif|ico|img|tga|wmf|svg|swf|ico|mp3|mp4|m4a|ogg|mov|avi|wmv)$") { + // set beresp.ttl = 7d; + //} + // Force TTL for various other content pages + //if (req.request == "GET" && req.url ~ "\.(css|js|html)$") { + // set beresp.ttl = 1d; + //} return (deliver); } -# Handle purge -# You may add FOSHttpCacheBundle tagging rules -# See http://foshttpcache.readthedocs.org/en/latest/varnish-configuration.html#id4 +// Handle purge +// You may add FOSHttpCacheBundle tagging rules +// See http://foshttpcache.readthedocs.org/en/latest/varnish-configuration.html#id4 sub ez_purge { if (req.request == "PURGE" || req.request == "BAN") { @@ -140,10 +140,10 @@ sub ez_purge { } } -# Sub-routine to get client user hash, for context-aware HTTP cache. +// Sub-routine to get client user hash, for context-aware HTTP cache. sub ez_user_hash { - # Prevent tampering attacks on the hash mechanism + // Prevent tampering attacks on the hash mechanism if (req.restarts == 0 && (req.http.accept ~ "application/vnd.fos.user-context-hash" || req.http.x-user-hash @@ -153,16 +153,16 @@ sub ez_user_hash { } if (req.restarts == 0 && (req.request == "GET" || req.request == "HEAD")) { - # Anonymous user => Set a hardcoded anonymous hash + // Anonymous user => Set a hardcoded anonymous hash if (req.http.Cookie !~ "eZSESSID" && !req.http.authorization) { set req.http.X-User-Hash = "38015b703d82206ebc01d17a39c727e5"; } - # Pre-authenticate request to get shared cache, even when authenticated + // Pre-authenticate request to get shared cache, even when authenticated else { set req.http.x-fos-original-url = req.url; set req.http.x-fos-original-accept = req.http.accept; set req.http.x-fos-original-cookie = req.http.cookie; - # Clean up cookie for the hash request to only keep session cookie, as hash cache will vary on cookie. + // Clean up cookie for the hash request to only keep session cookie, as hash cache will vary on cookie. set req.http.cookie = ";" + req.http.cookie; set req.http.cookie = regsuball(req.http.cookie, "; +", ";"); set req.http.cookie = regsuball(req.http.cookie, ";(eZSESSID[^=]*)=", "; \1="); @@ -172,13 +172,13 @@ sub ez_user_hash { set req.http.accept = "application/vnd.fos.user-context-hash"; set req.url = "/_fos_user_context_hash"; - # Force the lookup, the backend must tell how to cache/vary response containing the user hash + // Force the lookup, the backend must tell how to cache/vary response containing the user hash return (lookup); } } - # Rebuild the original request which now has the hash. + // Rebuild the original request which now has the hash. if (req.restarts > 0 && req.http.accept == "application/vnd.fos.user-context-hash" ) { @@ -190,16 +190,16 @@ sub ez_user_hash { unset req.http.x-fos-original-accept; unset req.http.x-fos-original-cookie; - # Force the lookup, the backend must tell not to cache or vary on the - # user hash to properly separate cached data. + // Force the lookup, the backend must tell not to cache or vary on the + // user hash to properly separate cached data. return (lookup); } } sub vcl_deliver { - # On receiving the hash response, copy the hash header to the original - # request and restart. + // On receiving the hash response, copy the hash header to the original + // request and restart. if (req.restarts == 0 && resp.http.content-type ~ "application/vnd.fos.user-context-hash" && resp.status == 200 @@ -209,16 +209,16 @@ sub vcl_deliver { return (restart); } - # If we get here, this is a real response that gets sent to the client. + // If we get here, this is a real response that gets sent to the client. - # Remove the vary on context user hash, this is nothing public. Keep all - # other vary headers. + // Remove the vary on context user hash, this is nothing public. Keep all + // other vary headers. set resp.http.Vary = regsub(resp.http.Vary, "(?i),? *x-user-hash *", ""); set resp.http.Vary = regsub(resp.http.Vary, "^, *", ""); if (resp.http.Vary == "") { unset resp.http.Vary; } - # Sanity check to prevent ever exposing the hash to a client. + // Sanity check to prevent ever exposing the hash to a client. unset resp.http.x-user-hash; } diff --git a/doc/varnish/vcl/varnish4.vcl b/doc/varnish/vcl/varnish4.vcl index 7bf2454e..bc099dce 100644 --- a/doc/varnish/vcl/varnish4.vcl +++ b/doc/varnish/vcl/varnish4.vcl @@ -1,38 +1,38 @@ -# Varnish 4 style - eZ 5.4+ / 2014.09+ -# Complete VCL example +// Varnish 4 style - eZ 5.4+ / 2014.09+ +// Complete VCL example vcl 4.0; -# Our Backend - Assuming that web server is listening on port 80 -# Replace the host to fit your setup +// Our Backend - Assuming that web server is listening on port 80 +// Replace the host to fit your setup backend ezpublish { .host = "127.0.0.1"; .port = "80"; } -# ACL for purgers IP +// ACL for purgers IP acl purgers { "127.0.0.1"; "192.168.0.0"/16; } -# ACL for debuggers IP +// ACL for debuggers IP acl debuggers { "127.0.0.1"; "192.168.0.0"/16; } -# Called at the beginning of a request, after the complete request has been received +// Called at the beginning of a request, after the complete request has been received sub vcl_recv { - # Set the backend + // Set the backend set req.backend_hint = ezpublish; - # Advertise Symfony for ESI support + // Advertise Symfony for ESI support set req.http.Surrogate-Capability = "abc=ESI/1.0"; - # Add a unique header containing the client address (only for master request) - # Please note that /_fragment URI can change in Symfony configuration + // Add a unique header containing the client address (only for master request) + // Please note that /_fragment URI can change in Symfony configuration if (!req.url ~ "^/_fragment") { if (req.http.x-forwarded-for) { set req.http.X-Forwarded-For = req.http.X-Forwarded-For + ", " + client.ip; @@ -41,15 +41,15 @@ sub vcl_recv { } } - # Trigger cache purge if needed + // Trigger cache purge if needed call ez_purge; - # Don't cache requests other than GET and HEAD. + // Don't cache requests other than GET and HEAD. if (req.method != "GET" && req.method != "HEAD") { return (pass); } - # Normalize the Accept-Encoding headers + // Normalize the Accept-Encoding headers if (req.http.Accept-Encoding) { if (req.http.Accept-Encoding ~ "gzip") { set req.http.Accept-Encoding = "gzip"; @@ -60,8 +60,8 @@ sub vcl_recv { } } - # Don't cache Authenticate & Authorization - # You may remove this when using REST API with basic auth. + // Don't cache Authenticate & Authorization + // You may remove this when using REST API with basic auth. if (req.http.Authenticate || req.http.Authorization) { if (client.ip ~ debuggers) { set req.http.X-Debug = "Not Cached according to configuration (Authorization)"; @@ -69,20 +69,20 @@ sub vcl_recv { return (hash); } - # Do a standard lookup on assets - # Note that file extension list below is not extensive, so consider completing it to fit your needs. + // Do a standard lookup on assets + // Note that file extension list below is not extensive, so consider completing it to fit your needs. if (req.url ~ "\.(css|js|gif|jpe?g|bmp|png|tiff?|ico|img|tga|wmf|svg|swf|ico|mp3|mp4|m4a|ogg|mov|avi|wmv|zip|gz|pdf|ttf|eot|wof)$") { return (hash); } - # Retrieve client user hash and add it to the forwarded request. + // Retrieve client user hash and add it to the forwarded request. call ez_user_hash; - # If it passes all these tests, do a lookup anyway. + // If it passes all these tests, do a lookup anyway. return (hash); } -# Called when the requested object has been retrieved from the backend +// Called when the requested object has been retrieved from the backend sub vcl_backend_response { if (bereq.http.accept ~ "application/vnd.fos.user-context-hash" @@ -91,41 +91,41 @@ sub vcl_backend_response { return (abandon); } - # Optimize to only parse the Response contents from Symfony + // Optimize to only parse the Response contents from Symfony if (beresp.http.Surrogate-Control ~ "ESI/1.0") { unset beresp.http.Surrogate-Control; set beresp.do_esi = true; } - # Don't cache response with Set-Cookie + // Don't cache response with Set-Cookie if (beresp.http.Set-Cookie) { set beresp.ttl = 0s; set beresp.uncacheable = true; return (deliver); } - # Respect the Cache-Control=private header from the backend - if (beresp.http.Cache-Control ~ "private") { + // Respect the Cache-Control=private header from the backend + if (beresp.http.Cache-Control ~ "no-cache|no-store|private") { set beresp.ttl = 0s; set beresp.uncacheable = true; return (deliver); } - # Force TTL for some medias extension - #if (bereq.method == "GET" && bereq.url ~ "\.(gif|jpg|jpeg|bmp|png|tiff|tif|ico|img|tga|wmf|svg|swf|ico|mp3|mp4|m4a|ogg|mov|avi|wmv)$") { - # set beresp.ttl = 7d; - #} - # Force TTL for various other content pages - #if (bereq.method == "GET" && bereq.url ~ "\.(css|js|html)$") { - # set beresp.ttl = 1d; - #} + // Force TTL for some medias extension + //if (bereq.method == "GET" && bereq.url ~ "\.(gif|jpg|jpeg|bmp|png|tiff|tif|ico|img|tga|wmf|svg|swf|ico|mp3|mp4|m4a|ogg|mov|avi|wmv)$") { + // set beresp.ttl = 7d; + //} + // Force TTL for various other content pages + //if (bereq.method == "GET" && bereq.url ~ "\.(css|js|html)$") { + // set beresp.ttl = 1d; + //} return (deliver); } -# Handle purge -# You may add FOSHttpCacheBundle tagging rules -# See http://foshttpcache.readthedocs.org/en/latest/varnish-configuration.html#id4 +// Handle purge +// You may add FOSHttpCacheBundle tagging rules +// See http://foshttpcache.readthedocs.org/en/latest/varnish-configuration.html#id4 sub ez_purge { if (req.method == "PURGE" || req.method == "BAN") { @@ -143,10 +143,10 @@ sub ez_purge { } } -# Sub-routine to get client user hash, for context-aware HTTP cache. +// Sub-routine to get client user hash, for context-aware HTTP cache. sub ez_user_hash { - # Prevent tampering attacks on the hash mechanism + // Prevent tampering attacks on the hash mechanism if (req.restarts == 0 && (req.http.accept ~ "application/vnd.fos.user-context-hash" || req.http.x-user-hash @@ -156,16 +156,16 @@ sub ez_user_hash { } if (req.restarts == 0 && (req.method == "GET" || req.method == "HEAD")) { - # Anonymous user => Set a hardcoded anonymous hash + // Anonymous user => Set a hardcoded anonymous hash if (req.http.Cookie !~ "eZSESSID" && !req.http.authorization) { set req.http.X-User-Hash = "38015b703d82206ebc01d17a39c727e5"; } - # Pre-authenticate request to get shared cache, even when authenticated + // Pre-authenticate request to get shared cache, even when authenticated else { set req.http.x-fos-original-url = req.url; set req.http.x-fos-original-accept = req.http.accept; set req.http.x-fos-original-cookie = req.http.cookie; - # Clean up cookie for the hash request to only keep session cookie, as hash cache will vary on cookie. + // Clean up cookie for the hash request to only keep session cookie, as hash cache will vary on cookie. set req.http.cookie = ";" + req.http.cookie; set req.http.cookie = regsuball(req.http.cookie, "; +", ";"); set req.http.cookie = regsuball(req.http.cookie, ";(eZSESSID[^=]*)=", "; \1="); @@ -175,13 +175,13 @@ sub ez_user_hash { set req.http.accept = "application/vnd.fos.user-context-hash"; set req.url = "/_fos_user_context_hash"; - # Force the lookup, the backend must tell how to cache/vary response containing the user hash + // Force the lookup, the backend must tell how to cache/vary response containing the user hash return (hash); } } - # Rebuild the original request which now has the hash. + // Rebuild the original request which now has the hash. if (req.restarts > 0 && req.http.accept == "application/vnd.fos.user-context-hash" ) { @@ -193,16 +193,16 @@ sub ez_user_hash { unset req.http.x-fos-original-accept; unset req.http.x-fos-original-cookie; - # Force the lookup, the backend must tell not to cache or vary on the - # user hash to properly separate cached data. + // Force the lookup, the backend must tell not to cache or vary on the + // user hash to properly separate cached data. return (hash); } } sub vcl_deliver { - # On receiving the hash response, copy the hash header to the original - # request and restart. + // On receiving the hash response, copy the hash header to the original + // request and restart. if (req.restarts == 0 && resp.http.content-type ~ "application/vnd.fos.user-context-hash" ) { @@ -211,16 +211,16 @@ sub vcl_deliver { return (restart); } - # If we get here, this is a real response that gets sent to the client. + // If we get here, this is a real response that gets sent to the client. - # Remove the vary on context user hash, this is nothing public. Keep all - # other vary headers. + // Remove the vary on context user hash, this is nothing public. Keep all + // other vary headers. set resp.http.Vary = regsub(resp.http.Vary, "(?i),? *x-user-hash *", ""); set resp.http.Vary = regsub(resp.http.Vary, "^, *", ""); if (resp.http.Vary == "") { unset resp.http.Vary; } - # Sanity check to prevent ever exposing the hash to a client. + // Sanity check to prevent ever exposing the hash to a client. unset resp.http.x-user-hash; } From 691b0091bacc1f52bc57519e20c92a4150a7df58 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=A9r=C3=B4me=20Vieilledent?= Date: Wed, 29 Oct 2014 15:32:25 +0100 Subject: [PATCH 06/13] EZP-22400: Varnish 4: Set grace to 1h --- doc/varnish/vcl/varnish4.vcl | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/doc/varnish/vcl/varnish4.vcl b/doc/varnish/vcl/varnish4.vcl index bc099dce..505b29b5 100644 --- a/doc/varnish/vcl/varnish4.vcl +++ b/doc/varnish/vcl/varnish4.vcl @@ -120,6 +120,10 @@ sub vcl_backend_response { // set beresp.ttl = 1d; //} + // Allow stale content, in case the backend goes down or cache is not fresh any more + // make Varnish keep all objects for 1 hours beyond their TTL + set beresp.grace = 1h; + return (deliver); } From 85cd178ebe5abb4deb8f968a4636e97b353b04d4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=A9r=C3=B4me=20Vieilledent?= Date: Wed, 29 Oct 2014 23:14:19 +0100 Subject: [PATCH 07/13] EZP-22400: Removed commented code in VCL --- doc/varnish/vcl/varnish3.vcl | 9 --------- doc/varnish/vcl/varnish4.vcl | 9 --------- 2 files changed, 18 deletions(-) diff --git a/doc/varnish/vcl/varnish3.vcl b/doc/varnish/vcl/varnish3.vcl index faf4bde7..4702226b 100644 --- a/doc/varnish/vcl/varnish3.vcl +++ b/doc/varnish/vcl/varnish3.vcl @@ -108,15 +108,6 @@ sub vcl_fetch { return (hit_for_pass); } - // Force TTL for some medias extension - //if (req.request == "GET" && req.url ~ "\.(gif|jpg|jpeg|bmp|png|tiff|tif|ico|img|tga|wmf|svg|swf|ico|mp3|mp4|m4a|ogg|mov|avi|wmv)$") { - // set beresp.ttl = 7d; - //} - // Force TTL for various other content pages - //if (req.request == "GET" && req.url ~ "\.(css|js|html)$") { - // set beresp.ttl = 1d; - //} - return (deliver); } diff --git a/doc/varnish/vcl/varnish4.vcl b/doc/varnish/vcl/varnish4.vcl index 505b29b5..a5cecef3 100644 --- a/doc/varnish/vcl/varnish4.vcl +++ b/doc/varnish/vcl/varnish4.vcl @@ -111,15 +111,6 @@ sub vcl_backend_response { return (deliver); } - // Force TTL for some medias extension - //if (bereq.method == "GET" && bereq.url ~ "\.(gif|jpg|jpeg|bmp|png|tiff|tif|ico|img|tga|wmf|svg|swf|ico|mp3|mp4|m4a|ogg|mov|avi|wmv)$") { - // set beresp.ttl = 7d; - //} - // Force TTL for various other content pages - //if (bereq.method == "GET" && bereq.url ~ "\.(css|js|html)$") { - // set beresp.ttl = 1d; - //} - // Allow stale content, in case the backend goes down or cache is not fresh any more // make Varnish keep all objects for 1 hours beyond their TTL set beresp.grace = 1h; From 5785d42800b4ccdd6615e6587ac9962ba4dd69da Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=A9r=C3=B4me=20Vieilledent?= Date: Thu, 30 Oct 2014 16:50:09 +0100 Subject: [PATCH 08/13] EZP-22400: Renamed 'purgers' to 'invalidators' for clarity --- doc/varnish/vcl/varnish3.vcl | 6 +++--- doc/varnish/vcl/varnish4.vcl | 6 +++--- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/doc/varnish/vcl/varnish3.vcl b/doc/varnish/vcl/varnish3.vcl index 4702226b..2275e997 100644 --- a/doc/varnish/vcl/varnish3.vcl +++ b/doc/varnish/vcl/varnish3.vcl @@ -8,8 +8,8 @@ backend ezpublish { .port = "80"; } -// ACL for purgers IP -acl purgers { +// ACL for invalidators IP +acl invalidators { "127.0.0.1"; "192.168.0.0"/16; } @@ -117,7 +117,7 @@ sub vcl_fetch { sub ez_purge { if (req.request == "PURGE" || req.request == "BAN") { - if (!client.ip ~ purgers) { + if (!client.ip ~ invalidators) { error 405 "Method not allowed"; } diff --git a/doc/varnish/vcl/varnish4.vcl b/doc/varnish/vcl/varnish4.vcl index a5cecef3..21f3ea4b 100644 --- a/doc/varnish/vcl/varnish4.vcl +++ b/doc/varnish/vcl/varnish4.vcl @@ -10,8 +10,8 @@ backend ezpublish { .port = "80"; } -// ACL for purgers IP -acl purgers { +// ACL for invalidators IP +acl invalidators { "127.0.0.1"; "192.168.0.0"/16; } @@ -124,7 +124,7 @@ sub vcl_backend_response { sub ez_purge { if (req.method == "PURGE" || req.method == "BAN") { - if (!client.ip ~ purgers) { + if (!client.ip ~ invalidators) { return (synth(405, "Method not allowed")); } From e1af26e20268c362c684ffa5d782f17ac94f6cc2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=A9r=C3=B4me=20Vieilledent?= Date: Thu, 30 Oct 2014 16:51:11 +0100 Subject: [PATCH 09/13] EZP-22400: Point back ezpublish-kernel to dev-master --- composer.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/composer.json b/composer.json index a3901369..ab17bc9c 100644 --- a/composer.json +++ b/composer.json @@ -23,7 +23,7 @@ "sensio/generator-bundle": "~2.3", "incenteev/composer-parameter-handler": "~2.0", "tedivm/stash-bundle": "0.4.*", - "ezsystems/ezpublish-kernel": "dev-impl_EZP-22400_FOSHttpCacheBundle", + "ezsystems/ezpublish-kernel": "dev-master", "ezsystems/ezpublish-legacy": "dev-master", "ezsystems/demobundle": "dev-master", "ezsystems/comments-bundle": "dev-master", From 78ea295f4836b5ca9db9753e610ec293af49f787 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=A9r=C3=B4me=20Vieilledent?= Date: Thu, 30 Oct 2014 16:51:30 +0100 Subject: [PATCH 10/13] EZP-22400: Dependencies adjustements --- composer.json | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/composer.json b/composer.json index ab17bc9c..ddbe4437 100644 --- a/composer.json +++ b/composer.json @@ -35,9 +35,8 @@ "doctrine/dbal": "~2.5@rc", "doctrine/doctrine-bundle": "~1.3@beta", "liip/imagine-bundle": "~1.0", - "friendsofsymfony/http-cache-bundle": "~1.0", "symfony/expression-language": "~2.4", - "sensio/framework-extra-bundle": "~2.2|~3.0" + "sensio/framework-extra-bundle": "~3.0" }, "require-dev": { "behat/behat": "3.0.*", From abd9581ae530ffd032d147c46f05fe9f8b7145e7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=A9r=C3=B4me=20Vieilledent?= Date: Thu, 30 Oct 2014 17:18:21 +0100 Subject: [PATCH 11/13] EZP-22400: Only support BAN requests for invalidation --- doc/varnish/vcl/varnish3.vcl | 2 +- doc/varnish/vcl/varnish4.vcl | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/doc/varnish/vcl/varnish3.vcl b/doc/varnish/vcl/varnish3.vcl index 2275e997..99fbf27d 100644 --- a/doc/varnish/vcl/varnish3.vcl +++ b/doc/varnish/vcl/varnish3.vcl @@ -116,7 +116,7 @@ sub vcl_fetch { // See http://foshttpcache.readthedocs.org/en/latest/varnish-configuration.html#id4 sub ez_purge { - if (req.request == "PURGE" || req.request == "BAN") { + if (req.request == "BAN") { if (!client.ip ~ invalidators) { error 405 "Method not allowed"; } diff --git a/doc/varnish/vcl/varnish4.vcl b/doc/varnish/vcl/varnish4.vcl index 21f3ea4b..83bc1c4b 100644 --- a/doc/varnish/vcl/varnish4.vcl +++ b/doc/varnish/vcl/varnish4.vcl @@ -123,7 +123,7 @@ sub vcl_backend_response { // See http://foshttpcache.readthedocs.org/en/latest/varnish-configuration.html#id4 sub ez_purge { - if (req.method == "PURGE" || req.method == "BAN") { + if (req.method == "BAN") { if (!client.ip ~ invalidators) { return (synth(405, "Method not allowed")); } From cd38fd7349dd2d1c6b62ab77dcf06d50b3fe010f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=A9r=C3=B4me=20Vieilledent?= Date: Thu, 30 Oct 2014 17:18:42 +0100 Subject: [PATCH 12/13] EZP-22400: Added note about FOSHttpCacheBundle usage --- doc/varnish/varnish.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/doc/varnish/varnish.md b/doc/varnish/varnish.md index 41994429..7e1f42a0 100644 --- a/doc/varnish/varnish.md +++ b/doc/varnish/varnish.md @@ -8,3 +8,7 @@ For Varnish to work properly with eZ, you'll need to use one of the provided fil * [eZ 5.4+ / 2014.09+ with Varnish 3](vcl/varnish3.vcl) * [eZ 5.4+ / 2014.09+ with Varnish 4](vcl/varnish4.vcl) + +> **Note:** Http cache management is done with the help of [FOSHttpCacheBundle](http://foshttpcachebundle.readthedocs.org/). + One may need to tweak their VCL further on according to [FOSHttpCache documentation](http://foshttpcache.readthedocs.org/en/latest/varnish-configuration.html) + in order to use features supported by it. From 0f2b148833526b363435d402df4c3d20198d424d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=A9r=C3=B4me=20Vieilledent?= Date: Thu, 30 Oct 2014 19:19:06 +0100 Subject: [PATCH 13/13] EZP-22400: Use default Varnish behavior with 'hit_for_pass' --- doc/varnish/vcl/varnish3.vcl | 8 +------- doc/varnish/vcl/varnish4.vcl | 16 ---------------- 2 files changed, 1 insertion(+), 23 deletions(-) diff --git a/doc/varnish/vcl/varnish3.vcl b/doc/varnish/vcl/varnish3.vcl index 99fbf27d..9ac0e06f 100644 --- a/doc/varnish/vcl/varnish3.vcl +++ b/doc/varnish/vcl/varnish3.vcl @@ -96,15 +96,9 @@ sub vcl_fetch { set beresp.do_esi = true; } - // Don't cache response with Set-Cookie - if ( beresp.http.Set-Cookie ) { - set beresp.ttl = 0s; - return (hit_for_pass); - } - // Respect the Cache-Control=private header from the backend if (beresp.http.Cache-Control ~ "no-cache|no-store|private") { - set beresp.ttl = 0s; + set beresp.ttl = 120s; return (hit_for_pass); } diff --git a/doc/varnish/vcl/varnish4.vcl b/doc/varnish/vcl/varnish4.vcl index 83bc1c4b..733290b4 100644 --- a/doc/varnish/vcl/varnish4.vcl +++ b/doc/varnish/vcl/varnish4.vcl @@ -97,25 +97,9 @@ sub vcl_backend_response { set beresp.do_esi = true; } - // Don't cache response with Set-Cookie - if (beresp.http.Set-Cookie) { - set beresp.ttl = 0s; - set beresp.uncacheable = true; - return (deliver); - } - - // Respect the Cache-Control=private header from the backend - if (beresp.http.Cache-Control ~ "no-cache|no-store|private") { - set beresp.ttl = 0s; - set beresp.uncacheable = true; - return (deliver); - } - // Allow stale content, in case the backend goes down or cache is not fresh any more // make Varnish keep all objects for 1 hours beyond their TTL set beresp.grace = 1h; - - return (deliver); } // Handle purge