Last active
August 12, 2016 13:18
-
-
Save karabasosman/17077c550663f3807c74083faa05c6c2 to your computer and use it in GitHub Desktop.
Varnish configuration
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# | |
# /etc/pam.d/common-session - session-related modules common to all services | |
# | |
# This file is included from other service-specific PAM config files, | |
# and should contain a list of modules that define tasks to be performed | |
# at the start and end of sessions of *any* kind (both interactive and | |
# non-interactive). | |
# | |
# As of pam 1.0.1-6, this file is managed by pam-auth-update by default. | |
# To take advantage of this, it is recommended that you configure any | |
# local modules either before or after the default block, and use | |
# pam-auth-update to manage selection of other modules. See | |
# pam-auth-update(8) for details. | |
# here are the per-package modules (the "Primary" block) | |
session [default=1] pam_permit.so | |
# here's the fallback if no module succeeds | |
session requisite pam_deny.so | |
# prime the stack with a positive return value if there isn't one already; | |
# this avoids us returning an error just because nothing sets a success code | |
# since the modules above will each just jump around | |
session required pam_permit.so | |
# The pam_umask module will set the umask according to the system default in | |
# /etc/login.defs and user settings, solving the problem of different | |
# umask settings with different shells, display managers, remote sessions etc. | |
# See "man pam_umask". | |
session optional pam_umask.so | |
# and here are more per-package modules (the "Additional" block) | |
session required pam_unix.so | |
session optional pam_systemd.so | |
# end of pam-auth-update config | |
session required pam_limits.so |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
vcl 4.0; | |
acl upstream_proxy { | |
"0.0.0.0"; | |
} | |
backend yourbackend { | |
.host = "*******"; | |
.port = "80"; | |
.connect_timeout = 600s; | |
.first_byte_timeout = 600s; | |
.between_bytes_timeout = 600s; | |
} | |
sub vcl_deliver { | |
# Add cache hit data | |
if (obj.hits > 0) { | |
# If hit add hit count | |
set resp.http.X-Cache = "HIT"; | |
set resp.http.X-Cache-Hits = obj.hits; | |
} else { | |
set resp.http.X-Cache = "MISS"; | |
} | |
} | |
sub vcl_recv { | |
set req.http.host = "*******"; | |
set req.backend_hint = yourbackend; | |
set req.http.User-Agent = ""; | |
unset req.http.Cache-Control; | |
unset req.http.Max-Age; | |
unset req.http.Pragma; | |
unset req.http.Cookie; | |
set req.http.Max-Age = ""; | |
if (req.http.Cookie) { | |
set req.http.Cookie = ";" + req.http.Cookie; | |
set req.http.Cookie = regsuball(req.http.Cookie, "; +", ";"); | |
set req.http.Cookie = regsuball(req.http.Cookie, ";[^ ][^;]*", ""); | |
set req.http.Cookie = regsuball(req.http.Cookie, "^[; ]+|[; ]+$", ""); | |
if (req.http.Cookie == "") { | |
unset req.http.Cookie; | |
} | |
} | |
if (client.ip ~ upstream_proxy && req.http.X-Forwarded-For) { | |
set req.http.X-Forwarded-For = req.http.X-Forwarded-For; | |
} else { | |
set req.http.X-Forwarded-For = regsub(client.ip, ":.*", ""); | |
} | |
if (req.method != "GET" && | |
req.method != "HEAD" && | |
req.method != "PUT" && | |
req.method != "POST" && | |
req.method != "TRACE" && | |
req.method != "OPTIONS" && | |
req.method != "DELETE") { | |
return (pipe); | |
} | |
if (req.method != "GET" && req.method != "HEAD") { | |
return (pass); | |
} | |
return (hash); | |
} | |
sub vcl_backend_response { | |
set beresp.ttl = 15s; | |
set beresp.grace = 1h; | |
unset beresp.http.Cache-Control; | |
set beresp.http.Cache-Control = "public"; | |
return (deliver); | |
} | |
sub vcl_hash { | |
hash_data(req.url); | |
if (req.http.host) { | |
hash_data(req.http.host); | |
} else { | |
hash_data(server.ip); | |
} | |
return (lookup); | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# /etc/security/limits.conf | |
# | |
#Each line describes a limit for a user in the form: | |
# | |
#<domain> <type> <item> <value> | |
# | |
#Where: | |
#<domain> can be: | |
# - a user name | |
# - a group name, with @group syntax | |
# - the wildcard *, for default entry | |
# - the wildcard %, can be also used with %group syntax, | |
# for maxlogin limit | |
# - NOTE: group and wildcard limits are not applied to root. | |
# To apply a limit to the root user, <domain> must be | |
# the literal username root. | |
# | |
#<type> can have the two values: | |
# - "soft" for enforcing the soft limits | |
# - "hard" for enforcing hard limits | |
# | |
#<item> can be one of the following: | |
# - core - limits the core file size (KB) | |
# - data - max data size (KB) | |
# - fsize - maximum filesize (KB) | |
# - memlock - max locked-in-memory address space (KB) | |
# - nofile - max number of open files | |
# - rss - max resident set size (KB) | |
# - stack - max stack size (KB) | |
# - cpu - max CPU time (MIN) | |
# - nproc - max number of processes | |
# - as - address space limit (KB) | |
# - maxlogins - max number of logins for this user | |
# - maxsyslogins - max number of logins on the system | |
# - priority - the priority to run user process with | |
# - locks - max number of file locks the user can hold | |
# - sigpending - max number of pending signals | |
# - msgqueue - max memory used by POSIX message queues (bytes) | |
# - nice - max nice priority allowed to raise to values: [-20, 19] | |
# - rtprio - max realtime priority | |
# - chroot - change root to directory (Debian-specific) | |
# | |
#<domain> <type> <item> <value> | |
# | |
* soft nofile 65000 | |
* hard nofile 65000 | |
#root hard core 100000 | |
#* hard rss 10000 | |
#@student hard nproc 20 | |
#@faculty soft nproc 20 | |
#@faculty hard nproc 50 | |
#ftp hard nproc 0 | |
#ftp - chroot /ftp | |
#@student - maxlogins 4 | |
# End of file |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment