paulknulst/default.vcl Secret

## default.vcl
vcl 4.0;

backend default {
    .host = "ghost:2368";
}
sub vcl_recv {
    # Do not cache the admin and preview pages
    if (req.url ~ "^/ghost($|/.*)" ||
        req.url ~ "^/p($|/.*)" ||
        req.url ~ "^/admin($|/.*)" ||
        req.url == "/"
        ) {
           return (pass);
    }
    if (req.url ~ "testclear") {
        ban("req.http.host == knulst.de");
        return(synth(200, "Cache was cleared by Rest call"));
    }
}

## docker-compose.varnish-part.yml
varnish:
    image: varnish:stable
    container_name: varnish
    restart: unless-stopped
    configs:
      - source: varnish_cfg
        target: /etc/varnish/default.vcl
    networks:
      - default
      - traefik-public
    deploy:
      labels:
        - traefik.enable=true
        - traefik.docker.network=traefik-public
        - traefik.constraint-label=traefik-public
        - traefik.http.routers.blogs-knulst-http.rule=Host(`www.knulst.de`) || Host(`knulst.de`) || Host(`blog.knulst.de`)
        - traefik.http.routers.blogs-knulst-http.entrypoints=http
        - traefik.http.routers.blogs-knulst-http.middlewares=https-redirect
        - traefik.http.routers.blogs-knulst-https.rule=Host(`www.knulst.de`) || Host(`knulst.de`) || Host(`blog.knulst.de`)
        - traefik.http.routers.blogs-knulst-https.entrypoints=https
        - traefik.http.routers.blogs-knulst-https.tls=true
        - traefik.http.routers.blogs-knulst-https.tls.certresolver=le
        - traefik.http.routers.blogs-knulst-https.tls.options=mintls12@file
        - traefik.http.services.blogs-knulst.loadbalancer.server.port=80
        - traefik.http.middlewares.redirect-blogs-knulst.redirectregex.regex=^https://blog.knulst.de/(.*)
        - traefik.http.middlewares.redirect-blogs-knulst.redirectregex.replacement=https://www.knulst.de/$${1}
        - traefik.http.middlewares.redirect-blogs-knulst.redirectregex.permanent=true
        - traefik.http.middlewares.redirect-blogs-knulst-nosub.redirectregex.regex=^https://knulst.de/(.*)
        - traefik.http.middlewares.redirect-blogs-knulst-nosub.redirectregex.replacement=https://www.knulst.de/$${1}
        - traefik.http.middlewares.redirect-blogs-knulst-nosub.redirectregex.permanent=true
        - traefik.http.routers.blogs-knulst-https.middlewares=redirect-blogs-knulst, redirect-blogs-knulst-nosub
configs:
  varnish_cfg:
    file: ./default.vcl

## docker-compose.yml
version: "3.4"
services:
  ghost:
    image: ghost:5.9.4
    environment:
      url: https://www.knulst.de
      mail__transport: SMTP
      mail__options__host: ${MAIL_HOST?Variable not set}
      mail__options__port: ${MAIL_PORT?Variable not set}
      mail__options__auth__user: ${MAIL_USER?Variable not set}
      mail__options__auth__pass: ${MAIL_PASS?Variable not set}
      mail__from: ${MAIL_FROM?Variable not set}
      mail__from:
      database__client: mysql
      database__connection__host: ${DB_HOST?Variable not set}
      database__connection__user: ${DB_USER?Variable not set}
      database__connection__password: ${DB_PASS?Variable not set}
      database__connection__database: ${DB_DB?Variable not set}
    volumes:
      - content:/var/lib/ghost/content
    networks:
      - default
    deploy:
      placement:
        constraints:
          - node.labels.blogs.knulst == true
  db:
    image: mysql:8.0
    restart: always
    networks:
      - default
    volumes:
      - data:/var/lib/mysql
    environment:
      MYSQL_ROOT_PASSWORD: ${DB_PASS?Variable not set}
    deploy:
      placement:
        constraints:
          - node.labels.blogs.knulst == true
  varnish:
    image: varnish:stable
    container_name: varnish
    restart: unless-stopped
    configs:
      - source: varnish_cfg
        target: /etc/varnish/default.vcl
    networks:
      - default
      - traefik-public
    deploy:
      labels:
        - traefik.enable=true
        - traefik.docker.network=traefik-public
        - traefik.constraint-label=traefik-public
        - traefik.http.routers.blogs-knulst-http.rule=Host(`www.knulst.de`) || Host(`knulst.de`) || Host(`blog.knulst.de`)
        - traefik.http.routers.blogs-knulst-http.entrypoints=http
        - traefik.http.routers.blogs-knulst-http.middlewares=https-redirect
        - traefik.http.routers.blogs-knulst-https.rule=Host(`www.knulst.de`) || Host(`knulst.de`) || Host(`blog.knulst.de`)
        - traefik.http.routers.blogs-knulst-https.entrypoints=https
        - traefik.http.routers.blogs-knulst-https.tls=true
        - traefik.http.routers.blogs-knulst-https.tls.certresolver=le
        - traefik.http.routers.blogs-knulst-https.tls.options=mintls12@file
        - traefik.http.services.blogs-knulst.loadbalancer.server.port=80
        - traefik.http.middlewares.redirect-blogs-knulst.redirectregex.regex=^https://blog.knulst.de/(.*)
        - traefik.http.middlewares.redirect-blogs-knulst.redirectregex.replacement=https://www.knulst.de/$${1}
        - traefik.http.middlewares.redirect-blogs-knulst.redirectregex.permanent=true
        - traefik.http.middlewares.redirect-blogs-knulst-nosub.redirectregex.regex=^https://knulst.de/(.*)
        - traefik.http.middlewares.redirect-blogs-knulst-nosub.redirectregex.replacement=https://www.knulst.de/$${1}
        - traefik.http.middlewares.redirect-blogs-knulst-nosub.redirectregex.permanent=true
        - traefik.http.routers.blogs-knulst-https.middlewares=redirect-blogs-knulst, redirect-blogs-knulst-nosub
volumes:
  content:
  data:
configs:
  varnish_cfg:
    file: ./default.vcl
networks:
  traefik-public:
    external: true
  default:
    external: false
	vcl 4.0;

	backend default {
	.host = "ghost:2368";
	}
	sub vcl_recv {
	# Do not cache the admin and preview pages
	if (req.url ~ "^/ghost($\|/.*)" \|\|
	req.url ~ "^/p($\|/.*)" \|\|
	req.url ~ "^/admin($\|/.*)" \|\|
	req.url == "/"
	) {
	return (pass);
	}
	if (req.url ~ "testclear") {
	ban("req.http.host == knulst.de");
	return(synth(200, "Cache was cleared by Rest call"));
	}
	}
	varnish:
	image: varnish:stable
	container_name: varnish
	restart: unless-stopped
	configs:
	- source: varnish_cfg
	target: /etc/varnish/default.vcl
	networks:
	- default
	- traefik-public
	deploy:
	labels:
	- traefik.enable=true
	- traefik.docker.network=traefik-public
	- traefik.constraint-label=traefik-public
	- traefik.http.routers.blogs-knulst-http.rule=Host(`www.knulst.de`) \|\| Host(`knulst.de`) \|\| Host(`blog.knulst.de`)
	- traefik.http.routers.blogs-knulst-http.entrypoints=http
	- traefik.http.routers.blogs-knulst-http.middlewares=https-redirect
	- traefik.http.routers.blogs-knulst-https.rule=Host(`www.knulst.de`) \|\| Host(`knulst.de`) \|\| Host(`blog.knulst.de`)
	- traefik.http.routers.blogs-knulst-https.entrypoints=https
	- traefik.http.routers.blogs-knulst-https.tls=true
	- traefik.http.routers.blogs-knulst-https.tls.certresolver=le
	- traefik.http.routers.blogs-knulst-https.tls.options=mintls12@file
	- traefik.http.services.blogs-knulst.loadbalancer.server.port=80
	- traefik.http.middlewares.redirect-blogs-knulst.redirectregex.regex=^https://blog.knulst.de/(.*)
	- traefik.http.middlewares.redirect-blogs-knulst.redirectregex.replacement=https://www.knulst.de/$${1}
	- traefik.http.middlewares.redirect-blogs-knulst.redirectregex.permanent=true
	- traefik.http.middlewares.redirect-blogs-knulst-nosub.redirectregex.regex=^https://knulst.de/(.*)
	- traefik.http.middlewares.redirect-blogs-knulst-nosub.redirectregex.replacement=https://www.knulst.de/$${1}
	- traefik.http.middlewares.redirect-blogs-knulst-nosub.redirectregex.permanent=true
	- traefik.http.routers.blogs-knulst-https.middlewares=redirect-blogs-knulst, redirect-blogs-knulst-nosub
	configs:
	varnish_cfg:
	file: ./default.vcl
	version: "3.4"
	services:
	ghost:
	image: ghost:5.9.4
	environment:
	url: https://www.knulst.de
	mail__transport: SMTP
	mail__options__host: ${MAIL_HOST?Variable not set}
	mail__options__port: ${MAIL_PORT?Variable not set}
	mail__options__auth__user: ${MAIL_USER?Variable not set}
	mail__options__auth__pass: ${MAIL_PASS?Variable not set}
	mail__from: ${MAIL_FROM?Variable not set}
	mail__from:
	database__client: mysql
	database__connection__host: ${DB_HOST?Variable not set}
	database__connection__user: ${DB_USER?Variable not set}
	database__connection__password: ${DB_PASS?Variable not set}
	database__connection__database: ${DB_DB?Variable not set}
	volumes:
	- content:/var/lib/ghost/content
	networks:
	- default
	deploy:
	placement:
	constraints:
	- node.labels.blogs.knulst == true
	db:
	image: mysql:8.0
	restart: always
	networks:
	- default
	volumes:
	- data:/var/lib/mysql
	environment:
	MYSQL_ROOT_PASSWORD: ${DB_PASS?Variable not set}
	deploy:
	placement:
	constraints:
	- node.labels.blogs.knulst == true
	varnish:
	image: varnish:stable
	container_name: varnish
	restart: unless-stopped
	configs:
	- source: varnish_cfg
	target: /etc/varnish/default.vcl
	networks:
	- default
	- traefik-public
	deploy:
	labels:
	- traefik.enable=true
	- traefik.docker.network=traefik-public
	- traefik.constraint-label=traefik-public
	- traefik.http.routers.blogs-knulst-http.rule=Host(`www.knulst.de`) \|\| Host(`knulst.de`) \|\| Host(`blog.knulst.de`)
	- traefik.http.routers.blogs-knulst-http.entrypoints=http
	- traefik.http.routers.blogs-knulst-http.middlewares=https-redirect
	- traefik.http.routers.blogs-knulst-https.rule=Host(`www.knulst.de`) \|\| Host(`knulst.de`) \|\| Host(`blog.knulst.de`)
	- traefik.http.routers.blogs-knulst-https.entrypoints=https
	- traefik.http.routers.blogs-knulst-https.tls=true
	- traefik.http.routers.blogs-knulst-https.tls.certresolver=le
	- traefik.http.routers.blogs-knulst-https.tls.options=mintls12@file
	- traefik.http.services.blogs-knulst.loadbalancer.server.port=80
	- traefik.http.middlewares.redirect-blogs-knulst.redirectregex.regex=^https://blog.knulst.de/(.*)
	- traefik.http.middlewares.redirect-blogs-knulst.redirectregex.replacement=https://www.knulst.de/$${1}
	- traefik.http.middlewares.redirect-blogs-knulst.redirectregex.permanent=true
	- traefik.http.middlewares.redirect-blogs-knulst-nosub.redirectregex.regex=^https://knulst.de/(.*)
	- traefik.http.middlewares.redirect-blogs-knulst-nosub.redirectregex.replacement=https://www.knulst.de/$${1}
	- traefik.http.middlewares.redirect-blogs-knulst-nosub.redirectregex.permanent=true
	- traefik.http.routers.blogs-knulst-https.middlewares=redirect-blogs-knulst, redirect-blogs-knulst-nosub
	volumes:
	content:
	data:
	configs:
	varnish_cfg:
	file: ./default.vcl
	networks:
	traefik-public:
	external: true
	default:
	external: false