Created
December 17, 2012 17:26
-
-
Save lavoiesl/4320088 to your computer and use it in GitHub Desktop.
Working towards a sensible Varnish configuration
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # | |
| # Varnish 3 | |
| # | |
| # Change this for your needs | |
| backend default { | |
| .host = "127.0.0.1"; | |
| .port = "8080"; | |
| } | |
| # Authorized hosts for PURGE requests | |
| acl purge { | |
| "localhost"; | |
| "127.0.0.1"; | |
| } | |
| # Below is a commented-out copy of the default VCL logic. If you | |
| # redefine any of these subroutines, the built-in logic will be | |
| # appended to your code. | |
| # sub vcl_recv { | |
| # if (req.restarts == 0) { | |
| # if (req.http.x-forwarded-for) { | |
| # set req.http.X-Forwarded-For = | |
| # req.http.X-Forwarded-For + ", " + client.ip; | |
| # } else { | |
| # set req.http.X-Forwarded-For = client.ip; | |
| # } | |
| # } | |
| # if (req.request != "GET" && | |
| # req.request != "HEAD" && | |
| # req.request != "PUT" && | |
| # req.request != "POST" && | |
| # req.request != "TRACE" && | |
| # req.request != "OPTIONS" && | |
| # req.request != "DELETE") { | |
| # /* Non-RFC2616 or CONNECT which is weird. */ | |
| # return (pipe); | |
| # } | |
| # if (req.request != "GET" && req.request != "HEAD") { | |
| # /* We only deal with GET and HEAD by default */ | |
| # return (pass); | |
| # } | |
| # if (req.http.Authorization || req.http.Cookie) { | |
| # /* Not cacheable by default */ | |
| # return (pass); | |
| # } | |
| # return (lookup); | |
| # } | |
| sub vcl_recv { | |
| # Serve objects up to 2 minutes past their expiry if the backend is slow to respond. | |
| set req.grace = 120s; | |
| # Disable Varnish on some hosts | |
| # if (req.http.Host ~ "dev\.example\.com$) { | |
| # return (pass); | |
| # } | |
| # Ignore cookies for static files | |
| if (req.url ~ "\.(js|css|jpe?g|png|gif|tiff|avi|mov|mp3|ogg|wmv|wma|woff|ttf|otf|svg)") { | |
| unset req.http.cookie; | |
| } | |
| # Disable caching when user specifically asks for it | |
| if (req.http.Cache-Control ~ "no-cache" || req.http.Pragma ~ "no-cache") { | |
| return (pass); | |
| } | |
| # From http:#serverfault.com/questions/195654/how-to-cache-websites-using-varnish-php-and-cookies | |
| # Remove Google Analytics Cookies | |
| set req.http.Cookie = regsuball(req.http.Cookie, "(^|; ) *(__)?utm[a-z0-9_]+=[^;]+;? *", "\1"); | |
| # Enable purging, but only from authorized hosts | |
| if (req.request == "PURGE") { | |
| if (!client.ip ~ purge) { | |
| error 405 "Not allowed."; | |
| } | |
| return (lookup); | |
| } | |
| # normalize Accept-Encoding to reduce vary | |
| if (req.http.Accept-Encoding) { | |
| if (req.http.User-Agent ~ "MSIE 6") { | |
| unset req.http.Accept-Encoding; | |
| } elsif (req.http.Accept-Encoding ~ "gzip") { | |
| set req.http.Accept-Encoding = "gzip"; | |
| } elsif (req.http.Accept-Encoding ~ "deflate") { | |
| set req.http.Accept-Encoding = "deflate"; | |
| } else { | |
| unset req.http.Accept-Encoding; | |
| } | |
| } | |
| # Unset empty Cookie string | |
| if (req.http.Cookie ~ "^[\s;]*$") { | |
| unset req.http.Cookie; | |
| } | |
| } | |
| # sub vcl_pipe { | |
| # # Note that only the first request to the backend will have | |
| # # X-Forwarded-For set. If you use X-Forwarded-For and want to | |
| # # have it set for all requests, make sure to have: | |
| # # set bereq.http.connection = "close"; | |
| # # here. It is not set by default as it might break some broken web | |
| # # applications, like IIS with NTLM authentication. | |
| # return (pipe); | |
| # } | |
| # | |
| # sub vcl_pass { | |
| # return (pass); | |
| # } | |
| sub vcl_pass { | |
| if (req.request == "PURGE") { | |
| error 502 "PURGE on a passed object"; | |
| } | |
| } | |
| # | |
| # sub vcl_hash { | |
| # hash_data(req.url); | |
| # if (req.http.host) { | |
| # hash_data(req.http.host); | |
| # } else { | |
| # hash_data(server.ip); | |
| # } | |
| # return (hash); | |
| # } | |
| # sub vcl_hit { | |
| # return (deliver); | |
| # } | |
| # | |
| sub vcl_hit { | |
| if (req.request == "PURGE") { | |
| purge; | |
| error 200 "Purged"; | |
| } | |
| } | |
| # sub vcl_miss { | |
| # return (fetch); | |
| # } | |
| sub vcl_miss { | |
| if (req.request == "PURGE") { | |
| purge; | |
| error 200 "Not in cache"; | |
| } | |
| } | |
| # | |
| # sub vcl_fetch { | |
| # if (beresp.ttl <= 0s || | |
| # beresp.http.Set-Cookie || | |
| # beresp.http.Vary == "*") { | |
| # /* | |
| # * Mark as "Hit-For-Pass" for the next 2 minutes | |
| # */ | |
| # set beresp.ttl = 120 s; | |
| # return (hit_for_pass); | |
| # } | |
| # return (deliver); | |
| # } | |
| sub vcl_fetch { | |
| # If backend is not responding, allow replying with a stale response. | |
| set beresp.grace = 120s; | |
| # Strip cookies for static files: | |
| if (req.url ~ "\.(jpg|jpeg|gif|png|ico|css|zip|tgz|gz|rar|bz2|pdf|txt|tar|wav|bmp|rtf|js|flv|swf)$") { | |
| unset beresp.http.set-cookie; | |
| } | |
| # X-Cacheable is useful to debug the behaviour of Varnish | |
| # https://www.varnish-cache.org/trac/wiki/VCLExampleHitMissHeader | |
| if (beresp.http.Cache-Control ~ "private") { | |
| # You are respecting the Cache-Control=private header from the backend | |
| set beresp.http.X-Cacheable = "NO: Cache-Control=private"; | |
| return (hit_for_pass); | |
| } elsif (beresp.http.Set-Cookie) { | |
| # You are respecting the Cache-Control=private header from the backend | |
| set beresp.http.X-Cacheable = "NO: Set-Cookie"; | |
| return (hit_for_pass); | |
| } elseif (req.http.Cache-Control ~ "no-cache" || req.http.Pragma ~ "no-cache") { | |
| set beresp.http.X-Cacheable = "NO: Forced by user"; | |
| return (hit_for_pass); | |
| #} elsif ( beresp.ttl < 1s ) { | |
| # # Even if no cache is specified, force a 10s cache. | |
| # # Be careful when using this, it may break some websites | |
| # set beresp.ttl = 10s; | |
| # set beresp.grace = 10s; | |
| # set beresp.http.X-Cacheable = "YES: Auto 10s"; | |
| } | |
| } | |
| # | |
| # sub vcl_deliver { | |
| # return (deliver); | |
| # } | |
| sub vcl_deliver { | |
| # Remove some headers that are useless or may give security information | |
| remove resp.http.Age; | |
| remove resp.http.Via; | |
| remove resp.http.X-Powered-By; | |
| # Server is needed, so set something generic | |
| unset resp.http.Server; | |
| set resp.http.Server = "Webserver"; | |
| } | |
| # | |
| # sub vcl_error { | |
| # set obj.http.Content-Type = "text/html; charset=utf-8"; | |
| # set obj.http.Retry-After = "5"; | |
| # synthetic {" | |
| # <?xml version="1.0" encoding="utf-8"?> | |
| # <!DOCTYPE html PUBLIC "-#W3C//DTD XHTML 1.0 Strict//EN" | |
| # "http:#www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> | |
| # <html> | |
| # <head> | |
| # <title>"} + obj.status + " " + obj.response + {"</title> | |
| # </head> | |
| # <body> | |
| # <h1>Error "} + obj.status + " " + obj.response + {"</h1> | |
| # <p>"} + obj.response + {"</p> | |
| # <h3>Guru Meditation:</h3> | |
| # <p>XID: "} + req.xid + {"</p> | |
| # <hr> | |
| # <p>Varnish cache server</p> | |
| # </body> | |
| # </html> | |
| # "}; | |
| # return (deliver); | |
| # } | |
| sub vcl_error { | |
| # Remove server for security reasons | |
| unset obj.http.Server; | |
| set obj.http.Server = "Webserver"; | |
| } | |
| # | |
| # sub vcl_init { | |
| # return (ok); | |
| # } | |
| # | |
| # sub vcl_fini { | |
| # return (ok); | |
| # } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment