Last active
October 12, 2015 20:26
-
-
Save beherca/df4457761c7738e27921 to your computer and use it in GitHub Desktop.
a full varnish vcl
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# This VCL config file is adapted from template.vcl in http://pypi.python.org/pypi/plone.recipe.varnish | |
# from http://www.nedproductions.biz/wiki/a-perfected-varnish-reverse-caching-proxy-vcl-script | |
backend default { | |
.host = "localhost"; | |
.port = "6100"; | |
.first_byte_timeout = 300s; /* varnish v2.0.3 or later only */ | |
.probe = { | |
.url = "/"; | |
.timeout = 1s; | |
.interval = 5s; | |
.window = 1; | |
.threshold = 1; | |
} | |
} | |
backend repec { | |
.host = "ideas.repec.org"; | |
.port = "80"; | |
} | |
backend google { | |
.host = "209.85.229.106"; /*www.google.com";*/ | |
.port = "80"; | |
} | |
/* Only permit cluster to purge files from cache */ | |
acl purge { | |
"dedi1.nedprod.com"; | |
"europe1.nedproductions.biz"; | |
"usa1.nedproductions.biz"; | |
"localhost"; | |
} | |
sub vcl_recv { | |
/* Before anything else we need to fix gzip compression */ | |
if (req.http.Accept-Encoding) { | |
if (req.url ~ "\.(jpg|png|gif|gz|tgz|bz2|tbz|mp3|ogg)$") { | |
# No point in compressing these | |
remove req.http.Accept-Encoding; | |
} else if (req.http.Accept-Encoding ~ "gzip") { | |
set req.http.Accept-Encoding = "gzip"; | |
} else if (req.http.Accept-Encoding ~ "deflate") { | |
set req.http.Accept-Encoding = "deflate"; | |
} else { | |
# unknown algorithm | |
remove req.http.Accept-Encoding; | |
} | |
} | |
if (req.request == "PURGE") { | |
if (!client.ip ~ purge) { | |
error 405 "Not allowed."; | |
} | |
/* Always purge by URL rather than going via vcl_hash | |
as it hashes other factors which break purging */ | |
purge_url(req.url); | |
error 200 "Purged"; | |
} | |
/* Rewrite all requests to /repec/cgi-bin/authorref.cgi to http://ideas.repec.org/cgi-bin/authorref.cgi */ | |
if (req.url ~ "^/repec/cgi-bin/authorref.cgi\?handle=" || req.url ~ "^/repec/cgi-bin/ref.cgi\?handle=") { | |
set req.http.host = "ideas.repec.org"; | |
set req.url = regsub(req.url, "^/repec", ""); | |
set req.backend = repec; | |
remove req.http.Cookie; | |
lookup; | |
} else if(req.url ~ "^/googlefinance/finance/converter\?") { | |
set req.http.host = "www.google.com"; | |
set req.url = regsub(req.url, "^/googlefinance", ""); | |
set req.backend = google; | |
remove req.http.Cookie; | |
lookup; | |
} else { | |
set req.backend = default; | |
if (req.http.X-Forwarded-Proto == "https" ) { | |
set req.http.X-Forwarded-Port = "443"; | |
} else { | |
set req.http.X-Forwarded-Port = "80"; | |
} | |
if (req.http.host ~ "^(www\.|ipv6\.|usa1\.|europe1\.)?([-0-9a-zA-Z]+)\.([a-zA-Z]+)$") { | |
set req.http.host = regsub(req.http.host, "^(www\.|ipv6\.|usa1\.|europe1\.)?([-0-9a-zA-Z]+)\.([a-zA-Z]+)$", "\1\2.\3"); | |
set req.url = "/VirtualHostBase/" req.http.X-Forwarded-Proto | |
regsub(req.http.host, "^(www\.|ipv6\.|usa1\.|europe1\.)?([-0-9a-zA-Z]+)\.([a-zA-Z]+)$", "/\1\2.\3:") | |
req.http.X-Forwarded-Port | |
regsub(req.http.host, "^(www\.|ipv6\.|usa1\.|europe1\.)?([-0-9a-zA-Z]+)\.([a-zA-Z]+)$", "/\2.\3/\2.\3/VirtualHostRoot") | |
req.url; | |
} | |
} | |
if (req.request != "GET" && | |
req.request != "HEAD" && | |
req.request != "PUT" && | |
req.request != "POST" && | |
req.request != "TRACE" && | |
req.request != "OPTIONS" && | |
req.request != "DELETE") { | |
/* Non-RFC2616 or CONNECT which is weird. */ | |
pipe; | |
} | |
if (req.request != "GET" && req.request != "HEAD") { | |
/* We only deal with GET and HEAD by default */ | |
pass; | |
} | |
if (req.http.Cookie) { | |
# We only care about the "__ac.*" cookies, used for authentication and special persistent p_* cookies. | |
if (req.http.Cookie ~ "__ac.*" ) { | |
pass; | |
} | |
# Else strip all cookies | |
remove req.http.Cookie; | |
} | |
if (req.url ~ "createObject") { | |
pass; | |
} | |
/* Keep serving if haproxy goes down (ie; Plone is being serviced). Haproxy | |
will return a 503 error page if Plone goes down for us */ | |
if (req.backend.healthy) { | |
set req.grace = 20s; /* Only enable if you don't mind slightly stale content */ | |
} else { | |
set req.grace = 24h; | |
} | |
lookup; | |
} | |
sub vcl_pipe { | |
# This is not necessary if you do not do any request rewriting. | |
set req.http.connection = "close"; | |
} | |
sub vcl_hash { | |
# Normally it hashes on URL and Host but we rewrite the host | |
# into a VirtualHostBase URL. Therefore we can hash on URL alone. | |
set req.hash += req.url; | |
# One needs to include compression state normalised above | |
if (req.http.Accept-Encoding) { | |
set req.hash += req.http.Accept-Encoding; | |
} | |
# Differentiate based on login cookie too | |
#set req.hash += req.http.cookie; | |
return (hash); | |
} | |
sub vcl_hit { | |
if (req.request == "PURGE") { | |
purge_url(req.url); | |
error 200 "Purged"; | |
} | |
} | |
sub vcl_miss { | |
if (req.request == "PURGE") { | |
error 404 "Not in cache"; | |
} | |
} | |
sub vcl_fetch { | |
set obj.grace = 24h; /* Keep at longest used in vcl_recv */ | |
if (req.url ~ "\.svgz$") { | |
# Add a Content-Encoding to match compressed SVG | |
set obj.http.Content-Type = "image/svg+xml"; | |
set obj.http.Content-Encoding = "gzip"; | |
remove obj.http.Content-Length; | |
set obj.ttl = 86400s; | |
set obj.http.Cache-Control = "max-age=3600"; | |
deliver; | |
} | |
if (req.http.host == "ideas.repec.org" || req.http.host == "www.google.com") { | |
set obj.http.Content-Type = "text/html; charset=utf-8"; /* Correct the wrong response */ | |
set obj.ttl = 86400s; | |
set obj.http.Cache-Control = "max-age=3600"; | |
deliver; | |
} | |
if (obj.http.Set-Cookie) { | |
pass; | |
} | |
if (req.http.Authorization && !obj.http.Cache-Control ~ "public") { | |
pass; | |
} | |
/* Only use this if you wish to override Plone's CacheFu */ | |
if (obj.ttl < 3600s) { | |
if (obj.http.Cache-Control ~ "(private|no-cache|no-store)") { | |
set obj.ttl = 60s; /* Caching everything anonymous for 60s is handy for being slashdotted :) */ | |
} else { | |
set obj.ttl = 3600s; | |
} | |
} | |
} | |
sub vcl_error { | |
set obj.http.Content-Type = "text/html; charset=utf-8"; | |
synthetic {" | |
<?xml version="1.0" encoding="utf-8"?> | |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" | |
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> | |
<html> | |
<head> | |
<title>"} obj.status " " obj.response {"</title> | |
</head> | |
<body> | |
<div style="background-color:yellow;"> | |
<h1>This website is unavailable</h1> | |
<p>If you are seeing this page, either maintenance is being performed | |
or something really bad has happened. Try returning in a few minutes.</p> | |
<h2>Error "} obj.status " " obj.response {"</h2> | |
<p>"} obj.response {"</p> | |
<h3>Guru Meditation:</h3> | |
<p>XID: "} req.xid {"</p> | |
<address> | |
<a href="http://www.nedproductions.biz/">ned Productions Ltd.</a> | |
</address> | |
</div> | |
<div style="position:fixed;top:0;left:0;width:100%;height:100%;z-index:-1;"> | |
<img alt="" src="/static/BBCTestCard.jpg" style="width:100%;height:100%" /></div> | |
</body> | |
</html> | |
"}; | |
return (deliver); | |
} | |
#Below is a commented-out copy of the default VCL logic. If you | |
#redefine any of these subroutines, the built-in logic will be | |
#appended to your code. | |
# | |
#sub vcl_recv { | |
# if (req.request != "GET" && | |
# req.request != "HEAD" && | |
# req.request != "PUT" && | |
# req.request != "POST" && | |
# req.request != "TRACE" && | |
# req.request != "OPTIONS" && | |
# req.request != "DELETE") { | |
# /* Non-RFC2616 or CONNECT which is weird. */ | |
# return (pipe); | |
# } | |
# if (req.request != "GET" && req.request != "HEAD") { | |
# /* We only deal with GET and HEAD by default */ | |
# return (pass); | |
# } | |
# if (req.http.Authorization || req.http.Cookie) { | |
# /* Not cacheable by default */ | |
# return (pass); | |
# } | |
# return (lookup); | |
#} | |
# | |
#sub vcl_pipe { | |
# return (pipe); | |
#} | |
# | |
#sub vcl_pass { | |
# return (pass); | |
#} | |
# | |
#sub vcl_hash { | |
# set req.hash += req.url; | |
# if (req.http.host) { | |
# set req.hash += req.http.host; | |
# } else { | |
# set req.hash += server.ip; | |
# } | |
# return (hash); | |
#} | |
# | |
#sub vcl_hit { | |
# if (!obj.cacheable) { | |
# return (pass); | |
# } | |
# return (deliver); | |
#} | |
# | |
#sub vcl_miss { | |
# return (fetch); | |
#} | |
# | |
#sub vcl_fetch { | |
# if (!obj.cacheable) { | |
# return (pass); | |
# } | |
# if (obj.http.Set-Cookie) { | |
# return (pass); | |
# } | |
# set obj.prefetch = -30s; | |
# return (deliver); | |
#} | |
# | |
#sub vcl_deliver { | |
# return (deliver); | |
#} | |
# | |
#sub vcl_discard { | |
# /* XXX: Do not redefine vcl_discard{}, it is not yet supported */ | |
# return (discard); | |
#} | |
# | |
#sub vcl_prefetch { | |
# /* XXX: Do not redefine vcl_prefetch{}, it is not yet supported */ | |
# return (fetch); | |
#} | |
# | |
#sub vcl_timeout { | |
# /* XXX: Do not redefine vcl_timeout{}, it is not yet supported */ | |
# return (discard); | |
#} | |
# | |
#sub vcl_error { | |
# set obj.http.Content-Type = "text/html; charset=utf-8"; | |
# synthetic {" | |
#<?xml version="1.0" encoding="utf-8"?> | |
#<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" | |
# "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> | |
#<html> | |
# <head> | |
# <title>"} obj.status " " obj.response {"</title> | |
# </head> | |
# <body> | |
# <h1>Error "} obj.status " " obj.response {"</h1> | |
# <p>"} obj.response {"</p> | |
# <h3>Guru Meditation:</h3> | |
# <p>XID: "} req.xid {"</p> | |
# <address> | |
# <a href="http://www.varnish-cache.org/">Varnish</a> | |
# </address> | |
# </body> | |
#</html> | |
#"}; | |
# return (deliver); | |
#} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment