Skip to content

Instantly share code, notes, and snippets.

@mrtopf

mrtopf/gist:c3211681ce7dc0681bdc Secret

Created December 19, 2010 17:21
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save mrtopf/c3211681ce7dc0681bdc to your computer and use it in GitHub Desktop.
Save mrtopf/c3211681ce7dc0681bdc to your computer and use it in GitHub Desktop.
Download ZIP
varnish.vcl
Raw
gistfile1.txt
backend backend_0 {
.host = "127.0.0.1";
.port = "12010";
.connect_timeout = 0.4s;
.first_byte_timeout = 300s;
.between_bytes_timeout = 60s;
}
backend backend_1 {
.host = "127.0.0.1";
.port = "12011";
.connect_timeout = 0.4s;
.first_byte_timeout = 300s;
.between_bytes_timeout = 60s;
}
backend backend_2 {
.host = "127.0.0.1";
.port = "12012";
.connect_timeout = 0.4s;
.first_byte_timeout = 300s;
.between_bytes_timeout = 60s;
}
director plone round-robin {
{
.backend = backend_0;
}
{
.backend = backend_1;
}
{
.backend = backend_2;
}
}
acl purge {
"localhost";
"127.0.0.1";
}
sub vcl_recv {
set req.grace = 120s;
set req.backend = plone;
if (req.request == "PURGE") {
if (!client.ip ~ purge) {
error 405 "Not allowed.";
}
purge_url(req.url);
error 200 "Purged";
}
if (req.request != "GET" && req.request != "HEAD") {
# We only deal with GET and HEAD by default
return(pass);
}
call normalize_accept_encoding;
call annotate_request;
return(lookup);
}
sub vcl_fetch {
if (!beresp.cacheable) {
set beresp.http.X-Varnish-Action = "FETCH (pass - not cacheable)";
return(pass);
}
if (beresp.http.Set-Cookie) {
set beresp.http.X-Varnish-Action = "FETCH (pass - response sets cookie)";
return(pass);
}
if (!beresp.http.Cache-Control ~ "s-maxage=[1-9]" && beresp.http.Cache-Control ~ "(private|no-cache|no-store)") {
set beresp.http.X-Varnish-Action = "FETCH (pass - response sets private/no-cache/no-store token)";
return(pass);
}
if (req.http.Authorization && !beresp.http.Cache-Control ~ "public") {
set beresp.http.X-Varnish-Action = "FETCH (pass - authorized and no public cache control)";
return(pass);
}
if (req.http.X-Anonymous && !beresp.http.Cache-Control) {
set beresp.ttl = 600s;
set beresp.http.X-Varnish-Action = "FETCH (override - backend not setting cache control)";
}
call rewrite_s_maxage;
return(deliver);
}
sub vcl_deliver {
call rewrite_age;
}
##########################
# Helper Subroutines
##########################
# Optimize the Accept-Encoding variant caching
sub normalize_accept_encoding {
if (req.http.Accept-Encoding) {
if (req.url ~ "\.(jpe?g|png|gif|swf|pdf|gz|tgz|bz2|tbz|zip)$" || req.url ~ "/image_[^/]*$") {
remove req.http.Accept-Encoding;
} elsif (req.http.Accept-Encoding ~ "gzip") {
set req.http.Accept-Encoding = "gzip";
} else {
remove req.http.Accept-Encoding;
}
}
}
# Keep auth/anon variants apart if "Vary: X-Anonymous" is in the response
sub annotate_request {
if (!(req.http.Authorization || req.http.cookie ~ "(^|.*; )__ac=")) {
set req.http.X-Anonymous = "True";
}
}
# The varnish response should always declare itself to be fresh
sub rewrite_age {
if (resp.http.Age) {
set resp.http.X-Varnish-Age = resp.http.Age;
set resp.http.Age = "0";
}
}
# Rewrite s-maxage to exclude from intermediary proxies
# (to cache *everywhere*, just use 'max-age' token in the response to avoid this override)
sub rewrite_s_maxage {
if (beresp.http.Cache-Control ~ "s-maxage") {
set beresp.http.Cache-Control = regsub(beresp.http.Cache-Control, "s-maxage=[0-9]+", "s-maxage=0");
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment