Last active
January 17, 2023 08:55
-
-
Save mklooss/c8998409985b8551ec2ef2c355557ceb to your computer and use it in GitHub Desktop.
varnish-wordpress-w3-total-cache.vcl
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # VCL version 5.0 is not supported so it should be 4.0 even though actually used Varnish version is 6 | |
| vcl 4.0; | |
| import std; | |
| # The minimal Varnish version is 6.0 | |
| # For SSL offloading, pass the following header in your proxy server or load balancer: 'SSL-OFFLOADED: https' | |
| backend default { | |
| .host = "10.0.1.2"; | |
| .port = "80"; | |
| .connect_timeout = 600s; | |
| .first_byte_timeout = 600s; | |
| .between_bytes_timeout = 600s; | |
| } | |
| acl purge { | |
| # Web server with plugin which will issue PURGE requests | |
| "localhost"; | |
| } | |
| sub vcl_recv { | |
| if (req.method == "PURGE") { | |
| if (!client.ip ~ purge) { | |
| return (synth(405, "Method not allowed")); | |
| } | |
| ban("req.url ~ ^" + req.url + "$ && req.http.host == " + req.http.host); | |
| } | |
| if (req.method != "GET" && | |
| req.method != "HEAD" && | |
| req.method != "PUT" && | |
| req.method != "POST" && | |
| req.method != "TRACE" && | |
| req.method != "OPTIONS" && | |
| req.method != "DELETE") { | |
| /* Non-RFC2616 or CONNECT which is weird. */ | |
| return (pipe); | |
| } | |
| if (req.method != "GET" && req.method != "HEAD") { | |
| return (pass); | |
| } | |
| # Compression filter. See https://www.varnish-cache.org/trac/wiki/FAQ/Compression | |
| if (req.http.Accept-Encoding) { | |
| if (req.url ~ "\.(jpg|jpeg|png|gif|gz|tgz|bz2|tbz|mp3|ogg|swf|flv)$") { | |
| # No point in compressing these | |
| unset req.http.Accept-Encoding; | |
| } elsif (req.http.Accept-Encoding ~ "gzip") { | |
| set req.http.Accept-Encoding = "gzip"; | |
| } elsif (req.http.Accept-Encoding ~ "deflate" && req.http.user-agent !~ "MSIE") { | |
| set req.http.Accept-Encoding = "deflate"; | |
| } else { | |
| unset req.http.Accept-Encoding; | |
| } | |
| } | |
| # Remove cookies and query string for real static files | |
| if (req.url ~ "\.(bz2|css|flv|gif|gz|ico|jpeg|jpg|js|lzma|mp3|mp4|pdf|png|swf|tbz|tgz|txt|zip)(\?.*|)$") { | |
| unset req.http.cookie; | |
| set req.url = regsub(req.url, "\?.*$", ""); | |
| } | |
| # Remove all marketing get parameters to minimize the cache objects | |
| if (req.url ~ "(\?|&)(gclid|cx|ie|cof|siteurl|zanpid|origin|fbclid|mc_[a-z]+|utm_[a-z]+|_bta_[a-z]+)=") { | |
| set req.url = regsuball(req.url, "(gclid|cx|ie|cof|siteurl|zanpid|origin|fbclid|mc_[a-z]+|utm_[a-z]+|_bta_[a-z]+)=[-_A-z0-9+()%.]+&?", ""); | |
| set req.url = regsub(req.url, "[?|&]+$", ""); | |
| } | |
| if (req.url ~ "/wp-json") { | |
| return (pass); | |
| } | |
| if (req.url ~ "wp-(login|admin|comments-post.php|cron.php)" || | |
| req.url ~ "preview=true" || | |
| req.url ~ "xmlrpc.php") { | |
| return (pass); | |
| } | |
| return (hash); | |
| } | |
| sub vcl_hash { | |
| # For multi site configurations to not cache each other's content | |
| if (req.http.host) { | |
| hash_data(req.http.host); | |
| } else { | |
| hash_data(server.ip); | |
| } | |
| # To make sure http users don't see ssl warning | |
| if (req.http.SSL-OFFLOADED) { | |
| hash_data(req.http.SSL-OFFLOADED); | |
| } | |
| } | |
| sub vcl_backend_response { | |
| # Don't cache backend | |
| if (bereq.url ~ "wp-(login|admin|comments-post.php|cron.php)" || | |
| bereq.url ~ "preview=true" || | |
| bereq.url ~ "xmlrpc.php" || | |
| # WooCommerce | |
| bereq.url ~ "wp-admin|wp-login|produkt|warenkorb|kasse|mein-konto|/?add-to-cart=|/?remove_item=|/?wc-ajax=" | |
| ) { | |
| # Dont modify anything, it's (pass) object | |
| } else { | |
| unset beresp.http.set-cookie; | |
| if (beresp.status == 307) { | |
| # Don't cache temporary redirects like ?repeat=w3tc | |
| set beresp.ttl = 0h; | |
| } else if (bereq.url ~ "\.(bz2|css|flv|gif|gz|ico|jpeg|jpg|js|lzma|mp3|mp4|pdf|png|swf|tbz|tgz|txt|zip)$") { | |
| set beresp.ttl = 30d; | |
| } else { | |
| set beresp.ttl = 4h; | |
| } | |
| } | |
| } | |
| sub vcl_deliver { | |
| if (resp.http.x-varnish ~ " ") { | |
| set resp.http.X-Cache-Debug = "HIT"; | |
| set resp.http.Grace = req.http.grace; | |
| } else { | |
| set resp.http.X-Cache-Debug = "MISS"; | |
| } | |
| # Not letting browser to cache non-static files. | |
| if (resp.http.Cache-Control !~ "private" && req.url !~ "^/(wp-content|wp-upload|wp-json)/") { | |
| set resp.http.Pragma = "no-cache"; | |
| set resp.http.Expires = "-1"; | |
| set resp.http.Cache-Control = "no-store, no-cache, must-revalidate, max-age=0"; | |
| } | |
| unset resp.http.X-Powered-By; | |
| unset resp.http.Server; | |
| unset resp.http.X-Varnish; | |
| unset resp.http.Via; | |
| unset resp.http.Link; | |
| } | |
| sub vcl_hit { | |
| if (obj.ttl >= 0s) { | |
| # Hit within TTL period | |
| return (deliver); | |
| } | |
| if (std.healthy(req.backend_hint)) { | |
| if (obj.ttl + 300s > 0s) { | |
| # Hit after TTL expiration, but within grace period | |
| set req.http.grace = "normal (healthy server)"; | |
| return (deliver); | |
| } else { | |
| # Hit after TTL and grace expiration | |
| return (restart); | |
| } | |
| } else { | |
| # server is not healthy, retrieve from cache | |
| set req.http.grace = "unlimited (unhealthy server)"; | |
| return (deliver); | |
| } | |
| } | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment