andristeiner/varnish-apt

## varnish-apt
/*
 * This file was autogenerated by puppet. Do not edit manually!
 *
 * snowflake Varnish Configuration for APT Cache
 */


/*
 * Backend Servers (APT Repositories)
 */

backend ftp_ch_debian_org {
	.host = "ftp.ch.debian.org";
}

backend security_debian_org {
	.host = "212.211.132.32";
}

backend backports_debian_org {
	.host = "debian.ethz.ch";
}

backend debian_systs_org {
	.host = "debian.systs.org";
}

backend php53_dotdeb_org {
	.host = "php53.dotdeb.org";
}

backend downloads_linux_hp_com {
	.host = "15.201.202.85";
}

backend download_proxmox_com {
	.host = "download.proxmox.com";
}

backend repo_varnish_cache_org {
	.host = "repo.varnish-cache.org";
}

backend pkg_jenkins_ci_org {
	.host = "pkg.jenkins-ci.org";
}

backend packages_elasticsearch_org {
	.host = "184.72.222.192";
}

backend mirror_netcologne_de {
	.host = "mirror.netcologne.de";
}

backend apt_puppetlabs_com {
	.host = "apt.puppetlabs.com";
}

backend dl_hhvm_com {
	.host = "dl.hhvm.com";
}

backend www_rabbitmq_com {
	.host = "www.rabbitmq.com";
}

 * Purge ACL
 * Clients in this lists are allowed to issue PURGE commands
 */

acl purge {
	"127.0.0.1";
	"<%= ipaddress %>";
	"<%= ipaddress_eth0_varnish %>";
	"91.199.98.0"/24;
	"91.234.160.0"/24;
	"185.17.68.0"/22;
	"2a04:500::"/29;
}


/*
 * vcl_recv
 * Called at the beginning of a request, after the complete request has been received and parsed.
 * Its purpose is to decide whether or not to serve the request, how to do it, and, if applicable, which backend to use.
 */

sub vcl_recv {
        # Check PURGE Requests against their according ACL
	if (req.request == "PURGE") {
		if(!client.ip ~ purge) {
			error 405 "Not allowed.";
		}
		return (lookup);
	}

	# Remove cookies
	remove req.http.Cookie;

	# Pipe unknown Methods
	if (req.request != "GET" &&
		req.request != "HEAD" &&
		req.request != "PUT" &&
		req.request != "POST" &&
		req.request != "TRACE" &&
		req.request != "OPTIONS" &&
		req.request != "DELETE") {
		return (pipe);
	}

	# Cache only GET or HEAD Requests
	if (req.request != "GET" && req.request != "HEAD") {
		return (pass);
	}

	# Map APT Servers
	if (req.url ~ "^/debian/") {
		set req.backend = ftp_ch_debian_org;
		set req.http.host = "ftp.ch.debian.org";
	} else if (req.url ~ "^/debian-security/") {
		set req.backend = security_debian_org;
		set req.http.host = "security.debian.org";
	} else if (req.url ~ "^/backports/") {
		set req.backend = backports_debian_org;
		set req.http.host = "backports.debian.org";
		set req.url = regsub(req.url, "^/backports/", "/debian-backports/");
	} else if (req.url ~ "^/systs/") {
		set req.backend = debian_systs_org;
		set req.http.host = "debian.systs.org";
		set req.url = regsub(req.url, "^/systs/", "/debian/");
	} else if (req.url ~ "^/dotdeb-php53/") {
		set req.backend = php53_dotdeb_org;
		set req.http.host = "php53.dotdeb.org";
		set req.url = regsub(req.url, "^/dotdeb-php53/", "/");
	} else if (req.url ~ "^/proliantsupportpack/") {
		set req.backend = downloads_linux_hp_com;
		set req.http.host = "downloads.linux.hp.com";
		set req.url = regsub(req.url, "^/proliantsupportpack/", "/SDR/downloads/MCP/");
	} else if (req.url ~ "^/proxmox/") {
		set req.backend = download_proxmox_com;
		set req.http.host = "download.proxmox.com";
		set req.url = regsub(req.url, "^/proxmox/", "/debian/");
	} else if (req.url ~ "^/varnish/") {
		set req.backend = repo_varnish_cache_org;
		set req.http.host = "repo.varnish-cache.org";
		set req.url = regsub(req.url, "^/varnish/", "/debian/");
	} else if (req.url ~ "^/jenkins/") {
		set req.backend = pkg_jenkins_ci_org;
		set req.http.host = "pkg.jenkins-ci.org";
		set req.url = regsub(req.url, "^/jenkins/", "/debian-stable/");
	} else if (req.url ~ "^/elasticsearch/") {
		set req.backend = packages_elasticsearch_org;
		set req.http.host = "packages.elasticsearch.org";
	} else if (req.url ~ "^/logstash/") {
		set req.backend = packages_elasticsearch_org;
		set req.http.host = "packages.elasticsearch.org";
	} else if (req.url ~ "^/mariadb/") {
		set req.backend = mirror_netcologne_de;
		set req.http.host = "mirror.netcologne.de";
	} else if (req.url ~ "^/puppet/") {
		set req.backend = apt_puppetlabs_com;
		set req.http.host = "apt.puppetlabs.com";
		set req.url = regsub(req.url, "^/puppet/", "/");
	} else if (req.url ~ "^/hhvm/") {
		set req.backend = dl_hhvm_com;
		set req.http.host = "dl.hhvm.com";
		set req.url = regsub(req.url, "^/hhvm/", "/");
	} else if (req.url ~ "^/rabbitmq/") {
		set req.backend = www_rabbitmq_com;
		set req.http.host = "www.rabbitmq.com";
		set req.url = regsub(req.url, "^/rabbitmq/", "/debian/");
	} else if (req.url ~ "^/nodesource/") {
		set req.backend = deb_nodesource_com;
		set req.http.host = "deb.nodesource.com";
		set req.url = regsub(req.url, "^/nodesource/", "/");
	}

	# Cache Lookup
	return (lookup);
}


/*
 * vcl_fetch
 * Called after a document has been successfully retrieved from the backend.
 */

sub vcl_fetch {
	# Cache only GET or HEAD Requests
	if (req.request != "GET" && req.request != "HEAD") {
		set beresp.http.X-SiteBooster = "Pass: No GET or HEAD Request";
		return (hit_for_pass);
	}

	# Grace period - deliver expired cache entries as long as the backend is not working
	set beresp.grace = 3d;

	# Cache everything
	unset beresp.http.set-cookie;
	set beresp.ttl = 1h;
	return (deliver);
}
	/*
	* This file was autogenerated by puppet. Do not edit manually!
	*
	* snowflake Varnish Configuration for APT Cache
	*/


	/*
	* Backend Servers (APT Repositories)
	*/

	backend ftp_ch_debian_org {
	.host = "ftp.ch.debian.org";
	}

	backend security_debian_org {
	.host = "212.211.132.32";
	}

	backend backports_debian_org {
	.host = "debian.ethz.ch";
	}

	backend debian_systs_org {
	.host = "debian.systs.org";
	}

	backend php53_dotdeb_org {
	.host = "php53.dotdeb.org";
	}

	backend downloads_linux_hp_com {
	.host = "15.201.202.85";
	}

	backend download_proxmox_com {
	.host = "download.proxmox.com";
	}

	backend repo_varnish_cache_org {
	.host = "repo.varnish-cache.org";
	}

	backend pkg_jenkins_ci_org {
	.host = "pkg.jenkins-ci.org";
	}

	backend packages_elasticsearch_org {
	.host = "184.72.222.192";
	}

	backend mirror_netcologne_de {
	.host = "mirror.netcologne.de";
	}

	backend apt_puppetlabs_com {
	.host = "apt.puppetlabs.com";
	}

	backend dl_hhvm_com {
	.host = "dl.hhvm.com";
	}

	backend www_rabbitmq_com {
	.host = "www.rabbitmq.com";
	}

	* Purge ACL
	* Clients in this lists are allowed to issue PURGE commands
	*/

	acl purge {
	"127.0.0.1";
	"<%= ipaddress %>";
	"<%= ipaddress_eth0_varnish %>";
	"91.199.98.0"/24;
	"91.234.160.0"/24;
	"185.17.68.0"/22;
	"2a04:500::"/29;
	}


	/*
	* vcl_recv
	* Called at the beginning of a request, after the complete request has been received and parsed.
	* Its purpose is to decide whether or not to serve the request, how to do it, and, if applicable, which backend to use.
	*/

	sub vcl_recv {
	# Check PURGE Requests against their according ACL
	if (req.request == "PURGE") {
	if(!client.ip ~ purge) {
	error 405 "Not allowed.";
	}
	return (lookup);
	}

	# Remove cookies
	remove req.http.Cookie;

	# Pipe unknown Methods
	if (req.request != "GET" &&
	req.request != "HEAD" &&
	req.request != "PUT" &&
	req.request != "POST" &&
	req.request != "TRACE" &&
	req.request != "OPTIONS" &&
	req.request != "DELETE") {
	return (pipe);
	}

	# Cache only GET or HEAD Requests
	if (req.request != "GET" && req.request != "HEAD") {
	return (pass);
	}

	# Map APT Servers
	if (req.url ~ "^/debian/") {
	set req.backend = ftp_ch_debian_org;
	set req.http.host = "ftp.ch.debian.org";
	} else if (req.url ~ "^/debian-security/") {
	set req.backend = security_debian_org;
	set req.http.host = "security.debian.org";
	} else if (req.url ~ "^/backports/") {
	set req.backend = backports_debian_org;
	set req.http.host = "backports.debian.org";
	set req.url = regsub(req.url, "^/backports/", "/debian-backports/");
	} else if (req.url ~ "^/systs/") {
	set req.backend = debian_systs_org;
	set req.http.host = "debian.systs.org";
	set req.url = regsub(req.url, "^/systs/", "/debian/");
	} else if (req.url ~ "^/dotdeb-php53/") {
	set req.backend = php53_dotdeb_org;
	set req.http.host = "php53.dotdeb.org";
	set req.url = regsub(req.url, "^/dotdeb-php53/", "/");
	} else if (req.url ~ "^/proliantsupportpack/") {
	set req.backend = downloads_linux_hp_com;
	set req.http.host = "downloads.linux.hp.com";
	set req.url = regsub(req.url, "^/proliantsupportpack/", "/SDR/downloads/MCP/");
	} else if (req.url ~ "^/proxmox/") {
	set req.backend = download_proxmox_com;
	set req.http.host = "download.proxmox.com";
	set req.url = regsub(req.url, "^/proxmox/", "/debian/");
	} else if (req.url ~ "^/varnish/") {
	set req.backend = repo_varnish_cache_org;
	set req.http.host = "repo.varnish-cache.org";
	set req.url = regsub(req.url, "^/varnish/", "/debian/");
	} else if (req.url ~ "^/jenkins/") {
	set req.backend = pkg_jenkins_ci_org;
	set req.http.host = "pkg.jenkins-ci.org";
	set req.url = regsub(req.url, "^/jenkins/", "/debian-stable/");
	} else if (req.url ~ "^/elasticsearch/") {
	set req.backend = packages_elasticsearch_org;
	set req.http.host = "packages.elasticsearch.org";
	} else if (req.url ~ "^/logstash/") {
	set req.backend = packages_elasticsearch_org;
	set req.http.host = "packages.elasticsearch.org";
	} else if (req.url ~ "^/mariadb/") {
	set req.backend = mirror_netcologne_de;
	set req.http.host = "mirror.netcologne.de";
	} else if (req.url ~ "^/puppet/") {
	set req.backend = apt_puppetlabs_com;
	set req.http.host = "apt.puppetlabs.com";
	set req.url = regsub(req.url, "^/puppet/", "/");
	} else if (req.url ~ "^/hhvm/") {
	set req.backend = dl_hhvm_com;
	set req.http.host = "dl.hhvm.com";
	set req.url = regsub(req.url, "^/hhvm/", "/");
	} else if (req.url ~ "^/rabbitmq/") {
	set req.backend = www_rabbitmq_com;
	set req.http.host = "www.rabbitmq.com";
	set req.url = regsub(req.url, "^/rabbitmq/", "/debian/");
	} else if (req.url ~ "^/nodesource/") {
	set req.backend = deb_nodesource_com;
	set req.http.host = "deb.nodesource.com";
	set req.url = regsub(req.url, "^/nodesource/", "/");
	}

	# Cache Lookup
	return (lookup);
	}


	/*
	* vcl_fetch
	* Called after a document has been successfully retrieved from the backend.
	*/

	sub vcl_fetch {
	# Cache only GET or HEAD Requests
	if (req.request != "GET" && req.request != "HEAD") {
	set beresp.http.X-SiteBooster = "Pass: No GET or HEAD Request";
	return (hit_for_pass);
	}

	# Grace period - deliver expired cache entries as long as the backend is not working
	set beresp.grace = 3d;

	# Cache everything
	unset beresp.http.set-cookie;
	set beresp.ttl = 1h;
	return (deliver);
	}