klinkby/default.vcl

## default.vcl
#
# This is a VCL file for Varnish used with @TryGhost blog.
# It rewrites Wordpress-style /yyyy/mm/dd/slug urls
# to /slug and /rss20.xml to Ghost's /rss/
# Adds 60 mins cachability to pages, adds AMP Project CSP header and a few other
# security headers giving the site an A+ on https://securityheaders.io/


# Marker to tell the VCL compiler that this VCL has been adapted to the
# new 4.0 format.
vcl 4.0;

# Default backend definition. Set this to point to your content server.
backend default {
    .host = "127.0.0.1";
    .port = "2368";
}

sub vcl_recv {
    # Happens before we check if we have this in cache already.
    #
    # Typically you clean up the request here, removing cookies you don't need,
    # rewriting the request, etc.

  if (req.url ~ "^/(\d{4}/\d{2}/\d{2}/)") {
    return (synth(700, ""));
  }
  if (req.url ~ "^/rss20.xml") {
    return (synth(701, ""));
  }
  if (req.http.cache-control ~ "no-cache") {
    set req.hash_always_miss = true;
  }
}

sub vcl_synth {
  if (resp.status == 700) {
    set resp.http.Location = "/" + regsuball(req.url, "^/(\d{4}/\d{2}/\d{2}/)", "");
    set resp.status = 301;
    set resp.reason = "Moved Permanently";
    synthetic ( {""} );
  }
  if (resp.status == 701) {
    set resp.http.Location = "/rss/";
    set resp.status = 301;
    set resp.reason = "Moved Permanently";
    synthetic ( {""} );
  }
  return (deliver);
}

sub vcl_backend_response {
    # Happens after we have read the response headers from the backend.
    #
    # Here you clean the response headers, removing silly Set-Cookie headers
    # and other mistakes your backend does.

  if (beresp.status < 400 && bereq.url !~ "^/(api|signout|ghost)") {
    set beresp.ttl = 60m;
    set beresp.http.cache-control = "public, max-age=3600";
    set beresp.http.content-security-policy = "default-src * data:; script-src https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://fast.fonts.net https://fonts.googleapis.com; report-uri https://csp-collector.appspot.com/csp/amp";
  }
}

sub vcl_deliver {
    # Happens when we have all the pieces we need, and are about to send the
    # response to the client.
    #
    # You can do accounting or modifying the final object here.
  unset resp.http.Via;
  unset resp.http.Age;
  unset resp.http.X-Powered-By;
  unset resp.http.X-Varnish;
  set resp.http.Server = "ZX-81";
  set resp.http.X-Content-Type-Options = "nosniff";
  set resp.http.X-Frame-Options = "DENY";
  set resp.http.X-XSS-Protection = "1; mode=block";
  return (deliver);
}
	#
	# This is a VCL file for Varnish used with @TryGhost blog.
	# It rewrites Wordpress-style /yyyy/mm/dd/slug urls
	# to /slug and /rss20.xml to Ghost's /rss/
	# Adds 60 mins cachability to pages, adds AMP Project CSP header and a few other
	# security headers giving the site an A+ on https://securityheaders.io/


	# Marker to tell the VCL compiler that this VCL has been adapted to the
	# new 4.0 format.
	vcl 4.0;

	# Default backend definition. Set this to point to your content server.
	backend default {
	.host = "127.0.0.1";
	.port = "2368";
	}

	sub vcl_recv {
	# Happens before we check if we have this in cache already.
	#
	# Typically you clean up the request here, removing cookies you don't need,
	# rewriting the request, etc.

	if (req.url ~ "^/(\d{4}/\d{2}/\d{2}/)") {
	return (synth(700, ""));
	}
	if (req.url ~ "^/rss20.xml") {
	return (synth(701, ""));
	}
	if (req.http.cache-control ~ "no-cache") {
	set req.hash_always_miss = true;
	}
	}

	sub vcl_synth {
	if (resp.status == 700) {
	set resp.http.Location = "/" + regsuball(req.url, "^/(\d{4}/\d{2}/\d{2}/)", "");
	set resp.status = 301;
	set resp.reason = "Moved Permanently";
	synthetic ( {""} );
	}
	if (resp.status == 701) {
	set resp.http.Location = "/rss/";
	set resp.status = 301;
	set resp.reason = "Moved Permanently";
	synthetic ( {""} );
	}
	return (deliver);
	}

	sub vcl_backend_response {
	# Happens after we have read the response headers from the backend.
	#
	# Here you clean the response headers, removing silly Set-Cookie headers
	# and other mistakes your backend does.

	if (beresp.status < 400 && bereq.url !~ "^/(api\|signout\|ghost)") {
	set beresp.ttl = 60m;
	set beresp.http.cache-control = "public, max-age=3600";
	set beresp.http.content-security-policy = "default-src * data:; script-src https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://fast.fonts.net https://fonts.googleapis.com; report-uri https://csp-collector.appspot.com/csp/amp";
	}
	}

	sub vcl_deliver {
	# Happens when we have all the pieces we need, and are about to send the
	# response to the client.
	#
	# You can do accounting or modifying the final object here.
	unset resp.http.Via;
	unset resp.http.Age;
	unset resp.http.X-Powered-By;
	unset resp.http.X-Varnish;
	set resp.http.Server = "ZX-81";
	set resp.http.X-Content-Type-Options = "nosniff";
	set resp.http.X-Frame-Options = "DENY";
	set resp.http.X-XSS-Protection = "1; mode=block";
	return (deliver);
	}