Created
March 21, 2017 15:04
-
-
Save raininja/9d964b1b40d2cd5c144a4d64ca9c0466 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [root@b9a5f77b-fbaa-45b7-a775-938bc76ada64 /]# cat /opt/local/etc/varnish/* | |
| vcl 4.0; | |
| import std; | |
| backend default { | |
| .host = "127.0.0.1"; | |
| .port = "8080"; | |
| } | |
| acl purge { | |
| "127.0.0.1"; | |
| "10.1.1.17"; | |
| "localhost"; | |
| "denki.ninja"; | |
| } | |
| include "/opt/local/etc/varnish/purge.vcl"; | |
| sub vcl_recv { | |
| if (req.http.Accept-Encoding) { | |
| if (req.http.Accept-Encoding ~ "gzip") { | |
| # If the browser supports it, we'll use gzip. | |
| set req.http.Accept-Encoding = "gzip"; | |
| } | |
| else if (req.http.Accept-Encoding ~ "deflate") { | |
| # Next, try deflate if it is supported. | |
| set req.http.Accept-Encoding = "deflate"; | |
| } | |
| else { | |
| # Unknown algorithm. Remove it and send unencoded. | |
| unset req.http.Accept-Encoding; | |
| } | |
| } | |
| if (req.restarts == 0) { | |
| if (req.http.x-forwarded-for) { | |
| set req.http.X-Forwarded-For = | |
| req.http.X-Forwarded-For + ", " + client.ip; | |
| } else { | |
| set req.http.X-Forwarded-For = client.ip; | |
| } | |
| } | |
| # Don't serve cached pages to logged in users | |
| if ( req.http.cookie ~ "wordpress_logged_in" || req.url ~ "vaultpress=true" ) { | |
| return( pass ); | |
| } | |
| if (req.method != "GET" && | |
| req.method != "HEAD" && | |
| req.method != "PUT" && | |
| req.method != "POST" && | |
| req.method != "TRACE" && | |
| req.method != "OPTIONS" && | |
| req.method != "DELETE") { | |
| return (pipe); | |
| } | |
| # Do not cache these paths | |
| if (req.url ~ "^/wp-cron\.php$" || | |
| req.url ~ "^/xmlrpc\.php$" || | |
| req.url ~ "^/wp-admin/.*$" || | |
| req.url ~ "^/wp-includes/.*$" || | |
| req.url ~ "\?s=") { | |
| return (pass); | |
| } | |
| if (req.method != "GET" && req.method != "HEAD") { | |
| return (pass); | |
| } | |
| if (!(req.url ~ "wp-(login|admin)") && | |
| !(req.url ~ "&preview=true" ) ) { | |
| unset req.http.cookie; | |
| } | |
| if (req.http.Authorization || req.http.Cookie) { | |
| return (pass); | |
| } | |
| return (hash); | |
| } | |
| sub vcl_backend_response { | |
| # remove some headers we never want to see | |
| unset beresp.http.Server; | |
| unset beresp.http.X-Powered-By; | |
| if (!(bereq.url ~ "wp-(login|admin)")) { | |
| unset beresp.http.set-cookie; | |
| set beresp.ttl = 96h; | |
| } | |
| # don't cache response to posted requests or those with basic auth | |
| if ( bereq.method == "POST" || bereq.http.Authorization ) { | |
| #set beresp.ttl = 120s; | |
| set beresp.uncacheable = true; | |
| return (deliver); | |
| } | |
| # don't cache search results | |
| if( bereq.url ~ "\?s=" ){ | |
| #return (hit_for_pass); | |
| #set beresp.ttl = 120s; | |
| set beresp.uncacheable = true; | |
| return (deliver); | |
| } | |
| # only cache status ok | |
| if ( beresp.status != 200 ) { | |
| #set beresp.ttl = 120s; | |
| set beresp.uncacheable = true; | |
| return (deliver); | |
| } | |
| if (beresp.ttl <= 0s || | |
| beresp.http.Set-Cookie || | |
| beresp.http.Vary == "*") { | |
| set beresp.ttl = 120s; | |
| set beresp.uncacheable = true; | |
| return (deliver); | |
| } | |
| return (deliver); | |
| } | |
| # There are 3 possible behaviors of purging. | |
| # Regex purging | |
| # Treat the request URL as a regular expression. | |
| sub purge_regex { | |
| ban("obj.http.X-Req-URL ~ " + req.url + " && obj.http.X-Req-Host == " + req.http.host); | |
| } | |
| # Exact purging | |
| # Use the exact request URL (including any query params) | |
| sub purge_exact { | |
| ban("obj.http.X-Req-URL == " + req.url + " && obj.http.X-Req-Host == " + req.http.host); | |
| } | |
| # Page purging (default) | |
| # Use the exact request URL, but ignore any query params | |
| sub purge_page { | |
| set req.url = regsub(req.url, "\?.*$", ""); | |
| ban("obj.http.X-Req-URL-Base == " + req.url + " && obj.http.X-Req-Host == " + req.http.host); | |
| } | |
| # The purge behavior can be controlled with the X-Purge-Method header. | |
| # | |
| # Setting the X-Purge-Method header to contain "regex" or "exact" will use | |
| # those respective behaviors. Any other value for the X-Purge header will | |
| # use the default ("page") behavior. | |
| # | |
| # The X-Purge-Method header is not case-sensitive. | |
| # | |
| # If no X-Purge-Method header is set, the request url is inspected to attempt | |
| # a best guess as to what purge behavior is expected. This should work for | |
| # most cases, although if you want to guarantee some behavior you should | |
| # always set the X-Purge-Method header. | |
| sub vcl_recv { | |
| if (req.method == "PURGE") { | |
| if (client.ip !~ purge) { | |
| return(synth(405, "This IP is not allowed to send PURGE requests.")); | |
| } | |
| if (req.http.X-Purge-Method) { | |
| if (req.http.X-Purge-Method ~ "(?i)regex") { | |
| call purge_regex; | |
| } elsif (req.http.X-Purge-Method ~ "(?i)exact") { | |
| call purge_exact; | |
| } else { | |
| call purge_page; | |
| } | |
| } else { | |
| # No X-Purge-Method header was specified. | |
| # Do our best to figure out which one they want. | |
| if (req.url ~ "\.\*" || req.url ~ "^\^" || req.url ~ "\$$" || req.url ~ "\\[.?*+^$|()]") { | |
| call purge_regex; | |
| } elsif (req.url ~ "\?") { | |
| call purge_exact; | |
| } else { | |
| call purge_page; | |
| } | |
| } | |
| return(synth(200, "Purged!")); | |
| } | |
| } | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment