-
-
Notifications
You must be signed in to change notification settings - Fork 195
/
varnish-alaveteli.vcl
159 lines (136 loc) · 4.53 KB
/
varnish-alaveteli.vcl
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
# This is a sample VCL configuration file for varnish running in front
# of Alaveteli. See the vcl(7) man page for details on VCL syntax and
# semantics.
#
# Default backend definition. Set this to point to your content
# server. In this case, apache + Passenger running on port 80
#
backend default {
.host = "127.0.0.1";
.port = "80";
.connect_timeout = 600s;
.first_byte_timeout = 600s;
.between_bytes_timeout = 600s;
}
// set the servers alaveteli can issue a purge from
acl purge {
"localhost";
"127.0.0.1";
}
sub vcl_recv {
# Handle IPv6
if (req.http.Host ~ "^ipv6.*") {
set req.http.host = regsub(req.http.host, "^ipv6\.(.*)","www\.\1");
}
# Sanitise X-Forwarded-For...
remove req.http.X-Forwarded-For;
set req.http.X-Forwarded-For = client.ip;
# Remove Google Analytics, has_js, and last-seen cookies
set req.http.Cookie = regsuball(req.http.Cookie, "(^|;\s*)(__[a-z]+|has_js|has_seen_country_message|seen_foi2)=[^;]*", "");
# Normalize the Accept-Encoding header
if (req.http.Accept-Encoding) {
if (req.url ~ "\.(jpg|jpeg|png|gif|gz|tgz|bz2|tbz|mp3|ogg|swf|flv|pdf|ico)$") {
# No point in compressing these
remove req.http.Accept-Encoding;
} elsif (req.http.Accept-Encoding ~ "gzip") {
set req.http.Accept-Encoding = "gzip";
} elsif (req.http.Accept-Encoding ~ "deflate") {
set req.http.Accept-Encoding = "deflate";
} else {
# unknown algorithm
remove req.http.Accept-Encoding;
}
}
# Ignore empty cookies
if (req.http.Cookie ~ "^\s*$") {
remove req.http.Cookie;
}
if (req.request != "GET" &&
req.request != "HEAD" &&
req.request != "POST" &&
req.request != "PUT" &&
req.request != "PURGE" &&
req.request != "DELETE" ) {
# We don't allow any other methods.
error 405 "Method Not Allowed";
}
if (req.request != "GET" && req.request != "HEAD" && req.request != "PURGE") {
/* We only deal with GET and HEAD by default, the rest get passed direct to backend */
return (pass);
}
# Ignore Cookies on images...
if (req.url ~ "\.(png|gif|jpg|jpeg|swf|css|js|rdf|ico)(\?.*|)$" &&
req.url !~ "(\?|\&)cookie_passthrough=1") {
remove req.http.Cookie;
return (lookup);
}
if (req.http.Authorization || req.http.Cookie) {
return (pass);
}
# Let's have a little grace
set req.grace = 30s;
# Handle PURGE requests
if (req.request == "PURGE") {
if (!client.ip ~ purge) {
error 405 "Not allowed.";
}
# For an explanation of the followng roundabout way of defining
# ban lists, see
# http://kristianlyng.wordpress.com/2010/07/28/smart-bans-with-varnish/
# TODO: in Varnish 2.x, the following would be
# purge("obj.http.x-url ~ " req.url);
ban("obj.http.x-url ~ " + req.url);
error 200 "Banned";
}
return (lookup);
}
sub vcl_fetch {
set beresp.http.x-url = req.url;
if (req.url ~ "\.(png|gif|jpg|jpeg|swf|css|js|rdf|ico|txt)(\?.*|)$" &&
req.url !~ "(\?|\&)cookie_passthrough=1")) {
# Ignore backend headers..
remove beresp.http.set-Cookie;
set beresp.ttl = 3600s;
return (deliver);
}
if (beresp.status == 404 || beresp.status == 301 || beresp.status == 500) {
set beresp.ttl = 1m;
return (deliver);
}
}
# We need to separately cache requests originating via http and via https
# since we are serving very slightly different content in each case
# Varnish 2.x version of vcl_hash
#sub vcl_hash {
# set req.hash += req.url;
# if (req.http.host) {
# set req.hash += req.http.host;
# } else {
# set req.hash += server.ip;
# }
#
# # Include the X-Forward-Proto header, since we want to treat HTTPS
# # requests differently, and make sure this header is always passed
# # properly to the backend server.
# if (req.http.X-Forwarded-Proto) {
# set req.hash += req.http.X-Forwarded-Proto;
# }
#
# return (hash);
#}
# Varnish 3 version of vcl_hash
sub vcl_hash {
hash_data(req.url);
if (req.http.host) {
hash_data(req.http.host);
} else {
hash_data(server.ip);
}
# Include the X-Forward-Proto header, since we want to treat HTTPS
# requests differently, and make sure this header is always passed
# properly to the backend server.
if (req.http.X-Forwarded-Proto) {
hash_data(req.http.X-Forwarded-Proto);
}
return (hash);
}