voxmaster/kube-httpcache-0.vcl Secret

## kube-httpcache-0.vcl
    vcl 4.0;

    import std;
    import directors;
    # The minimal Varnish version is 6.0
    # For SSL offloading, pass the following header in your proxy server or load balancer: 'X-Forwarded-Proto: https'


    // ".Frontends" is a slice that contains all known Varnish instances
    // (as selected by the service specified by -frontend-service).
    // The backend name needs to be the Pod name, since this value is compared
    // to the server identity ("server.identity" [1]) later.
    //
    //   [1]: https://varnish-cache.org/docs/6.4/reference/vcl.html#local-server-remote-and-client
    {{ range .Frontends }}
    backend {{ .Name }} {
        .host = "{{ .Host }}";
        .port = "{{ .Port }}";
    }
    {{- end }}

    backend default {
        .host = "magento";
        .port = "80";
    }

    acl purge {
        "127.0.0.1";
        "localhost";
        "::1";
        {{- range .Frontends }}
        "{{ .Host }}";
        {{- end }}
        "10.0.0.0"/8; /* pods IPs */
    }

    sub vcl_init {
        new cluster = directors.hash();

        {{ range .Frontends -}}
        cluster.add_backend({{ .Name }}, 1);
        {{ end }}

        new lb = directors.round_robin();

        lb.add_backend(default);

    }

    sub vcl_recv {

        # Set backend hint for non cachable objects.
        set req.backend_hint = lb.backend();

        # ...

        # Routing logic. Pass a request to an appropriate Varnish node.
        # See https://info.varnish-software.com/blog/creating-self-routing-varnish-cluster for more info.
        unset req.http.x-cache;
        set req.backend_hint = cluster.backend(req.url);
        set req.http.x-shard = req.backend_hint;
        if (req.http.x-shard != server.identity) {
            return(pass);
        }
        set req.backend_hint = lb.backend();


        #~ Magento2 vcl_recv{} part | Begin ~#
        /* BEGIN # Fix for Magento + Varnish 6: Too many restarts issue */
        if (req.restarts > 0) {
            set req.hash_always_miss = true;
        }
        /* END */

        /* BEGIN # This block should forward client ip to magento */
        unset req.http.X-Forwarded-For;
        set req.http.X-Forwarded-For = client.ip;
        /* END */

        if (req.method == "PURGE") {
            if (client.ip !~ purge) {
                return (synth(405, "Method not allowed"));
            }
            # To use the X-Pool header for purging varnish during automated deployments, make sure the X-Pool header
            # has been added to the response in your backend server config. This is used, for example, by the
            # capistrano-magento2 gem for purging old content from varnish during it's deploy routine.
            if (!req.http.X-Magento-Tags-Pattern && !req.http.X-Pool) {
                return (synth(400, "X-Magento-Tags-Pattern or X-Pool header required"));
            }
            if (req.http.X-Magento-Tags-Pattern) {
              ban("obj.http.X-Magento-Tags ~ " + req.http.X-Magento-Tags-Pattern);
            }
            if (req.http.X-Pool) {
              ban("obj.http.X-Pool ~ " + req.http.X-Pool);
            }
            return (synth(200, "Purged"));
        }

        if (req.method != "GET" &&
            req.method != "HEAD" &&
            req.method != "PUT" &&
            req.method != "POST" &&
            req.method != "TRACE" &&
            req.method != "OPTIONS" &&
            req.method != "DELETE") {
              /* Non-RFC2616 or CONNECT which is weird. */
              return (pipe);
        }

        # We only deal with GET and HEAD by default
        if (req.method != "GET" && req.method != "HEAD") {
            return (pass);
        }

        # Bypass shopping cart, checkout and search requests
        if (req.url ~ "/checkout" || req.url ~ "/catalogsearch") {
            return (pass);
        }

        # Bypass health check requests
        if (req.url ~ "/pub/health_check.php") {
            return (pass);
        }

        # Set initial grace period usage status
        set req.http.grace = "none";

        # normalize url in case of leading HTTP scheme and domain
        set req.url = regsub(req.url, "^http[s]?://", "");

        # collect all cookies
        std.collect(req.http.Cookie);

        # Compression filter. See https://www.varnish-cache.org/trac/wiki/FAQ/Compression
        if (req.http.Accept-Encoding) {
            if (req.url ~ "\.(jpg|jpeg|png|gif|gz|tgz|bz2|tbz|mp3|ogg|swf|flv)$") {
                # No point in compressing these
                unset req.http.Accept-Encoding;
            } elsif (req.http.Accept-Encoding ~ "gzip") {
                set req.http.Accept-Encoding = "gzip";
            } elsif (req.http.Accept-Encoding ~ "deflate" && req.http.user-agent !~ "MSIE") {
                set req.http.Accept-Encoding = "deflate";
            } else {
                # unknown algorithm
                unset req.http.Accept-Encoding;
            }
        }

        # Remove all marketing get parameters to minimize the cache objects
        if (req.url ~ "(\?|&)(gclid|cx|ie|cof|siteurl|zanpid|origin|fbclid|mc_[a-z]+|utm_[a-z]+|_bta_[a-z]+)=") {
            set req.url = regsuball(req.url, "(gclid|cx|ie|cof|siteurl|zanpid|origin|fbclid|mc_[a-z]+|utm_[a-z]+|_bta_[a-z]+)=[-_A-z0-9+()%.]+&?", "");
            set req.url = regsub(req.url, "[?|&]+$", "");
        }

        # Static files caching
        if (req.url ~ "^/(pub/)?(media|static)/") {
            # Static files should not be cached by default
            return (pass);

            # But if you use a few locales and don't use CDN you can enable caching static files by commenting previous line (#return (pass);) and uncommenting next 3 lines
            #unset req.http.Https;
            #unset req.http.X-Forwarded-Proto;
            #unset req.http.Cookie;
        }
        #~ Magento2 vcl_recv{} part | End ~#

        return (hash);
    }


    #~ Magento2 Other ~#
    sub vcl_hash {
        if (req.http.cookie ~ "X-Magento-Vary=") {
            hash_data(regsub(req.http.cookie, "^.*?X-Magento-Vary=([^;]+);*.*$", "\1"));
        }

        # For multi site configurations to not cache each other's content
        if (req.http.host) {
            hash_data(req.http.host);
        } else {
            hash_data(server.ip);
        }

        # To make sure http users don't see ssl warning
        if (req.http.X-Forwarded-Proto) {
            hash_data(req.http.X-Forwarded-Proto);
        }


        if (req.url ~ "/graphql") {
            call process_graphql_headers;
        }
    }

    sub process_graphql_headers {
        if (req.http.Store) {
            hash_data(req.http.Store);
        }
        if (req.http.Content-Currency) {
            hash_data(req.http.Content-Currency);
        }
    }

    sub vcl_backend_response {

        set beresp.grace = 3d;

        if (beresp.http.content-type ~ "text") {
            set beresp.do_esi = true;
        }

        if (bereq.url ~ "\.js$" || beresp.http.content-type ~ "text") {
            set beresp.do_gzip = true;
        }

        if (beresp.http.X-Magento-Debug) {
            set beresp.http.X-Magento-Cache-Control = beresp.http.Cache-Control;
        }

        # cache only successfully responses and 404s
        if (beresp.status != 200 && beresp.status != 404) {
            set beresp.ttl = 0s;
            set beresp.uncacheable = true;
            return (deliver);
        } elsif (beresp.http.Cache-Control ~ "private") {
            set beresp.uncacheable = true;
            set beresp.ttl = 86400s;
            return (deliver);
        }

        # validate if we need to cache it and prevent from setting cookie
        if (beresp.ttl > 0s && (bereq.method == "GET" || bereq.method == "HEAD")) {
            unset beresp.http.set-cookie;
        }

      # If page is not cacheable then bypass varnish for 2 minutes as Hit-For-Pass
      if (beresp.ttl <= 0s ||
          beresp.http.Surrogate-control ~ "no-store" ||
          (!beresp.http.Surrogate-Control &&
          beresp.http.Cache-Control ~ "no-cache|no-store") ||
          beresp.http.Vary == "*") {
            # Mark as Hit-For-Pass for the next 2 minutes
            set beresp.ttl = 120s;
            set beresp.uncacheable = true;
        }

        return (deliver);
    }

    sub vcl_deliver {
        if (resp.http.X-Magento-Debug) {
            if (resp.http.x-varnish ~ " ") {
                set resp.http.X-Magento-Cache-Debug = "HIT";
                set resp.http.Grace = req.http.grace;
            } else {
                set resp.http.X-Magento-Cache-Debug = "MISS";
            }
        } else {
            unset resp.http.Age;
        }

        # Not letting browser to cache non-static files.
        if (resp.http.Cache-Control !~ "private" && req.url !~ "^/(pub/)?(media|static)/") {
            set resp.http.Pragma = "no-cache";
            set resp.http.Expires = "-1";
            set resp.http.Cache-Control = "no-store, no-cache, must-revalidate, max-age=0";
        }

        # unset resp.http.X-Magento-Debug; # Disable this line to debug varnish caching
        unset resp.http.X-Magento-Tags;
        unset resp.http.X-Powered-By;
        unset resp.http.Server;
        # unset resp.http.X-Varnish;       # Disable this line to debug varnish caching
        # unset resp.http.Via;             # Disable this line to debug varnish caching
        unset resp.http.Link;
    }

    sub vcl_hit {
        if (obj.ttl >= 0s) {
            # Hit within TTL period
            return (deliver);
        }
        if (std.healthy(req.backend_hint)) {
            if (obj.ttl + 300s > 0s) {
                # Hit after TTL expiration, but within grace period
                set req.http.grace = "normal (healthy server)";
                return (deliver);
            } else {
                # Hit after TTL and grace expiration
                return (restart);
            }
        } else {
            # server is not healthy, retrieve from cache
            set req.http.grace = "unlimited (unhealthy server)";
            return (deliver);
        }
    }
	vcl 4.0;

	import std;
	import directors;
	# The minimal Varnish version is 6.0
	# For SSL offloading, pass the following header in your proxy server or load balancer: 'X-Forwarded-Proto: https'


	// ".Frontends" is a slice that contains all known Varnish instances
	// (as selected by the service specified by -frontend-service).
	// The backend name needs to be the Pod name, since this value is compared
	// to the server identity ("server.identity" [1]) later.
	//
	// [1]: https://varnish-cache.org/docs/6.4/reference/vcl.html#local-server-remote-and-client
	{{ range .Frontends }}
	backend {{ .Name }} {
	.host = "{{ .Host }}";
	.port = "{{ .Port }}";
	}
	{{- end }}

	backend default {
	.host = "magento";
	.port = "80";
	}

	acl purge {
	"127.0.0.1";
	"localhost";
	"::1";
	{{- range .Frontends }}
	"{{ .Host }}";
	{{- end }}
	"10.0.0.0"/8; /* pods IPs */
	}

	sub vcl_init {
	new cluster = directors.hash();

	{{ range .Frontends -}}
	cluster.add_backend({{ .Name }}, 1);
	{{ end }}

	new lb = directors.round_robin();

	lb.add_backend(default);

	}

	sub vcl_recv {

	# Set backend hint for non cachable objects.
	set req.backend_hint = lb.backend();

	# ...

	# Routing logic. Pass a request to an appropriate Varnish node.
	# See https://info.varnish-software.com/blog/creating-self-routing-varnish-cluster for more info.
	unset req.http.x-cache;
	set req.backend_hint = cluster.backend(req.url);
	set req.http.x-shard = req.backend_hint;
	if (req.http.x-shard != server.identity) {
	return(pass);
	}
	set req.backend_hint = lb.backend();


	#~ Magento2 vcl_recv{} part \| Begin ~#
	/* BEGIN # Fix for Magento + Varnish 6: Too many restarts issue */
	if (req.restarts > 0) {
	set req.hash_always_miss = true;
	}
	/* END */

	/* BEGIN # This block should forward client ip to magento */
	unset req.http.X-Forwarded-For;
	set req.http.X-Forwarded-For = client.ip;
	/* END */

	if (req.method == "PURGE") {
	if (client.ip !~ purge) {
	return (synth(405, "Method not allowed"));
	}
	# To use the X-Pool header for purging varnish during automated deployments, make sure the X-Pool header
	# has been added to the response in your backend server config. This is used, for example, by the
	# capistrano-magento2 gem for purging old content from varnish during it's deploy routine.
	if (!req.http.X-Magento-Tags-Pattern && !req.http.X-Pool) {
	return (synth(400, "X-Magento-Tags-Pattern or X-Pool header required"));
	}
	if (req.http.X-Magento-Tags-Pattern) {
	ban("obj.http.X-Magento-Tags ~ " + req.http.X-Magento-Tags-Pattern);
	}
	if (req.http.X-Pool) {
	ban("obj.http.X-Pool ~ " + req.http.X-Pool);
	}
	return (synth(200, "Purged"));
	}

	if (req.method != "GET" &&
	req.method != "HEAD" &&
	req.method != "PUT" &&
	req.method != "POST" &&
	req.method != "TRACE" &&
	req.method != "OPTIONS" &&
	req.method != "DELETE") {
	/* Non-RFC2616 or CONNECT which is weird. */
	return (pipe);
	}

	# We only deal with GET and HEAD by default
	if (req.method != "GET" && req.method != "HEAD") {
	return (pass);
	}

	# Bypass shopping cart, checkout and search requests
	if (req.url ~ "/checkout" \|\| req.url ~ "/catalogsearch") {
	return (pass);
	}

	# Bypass health check requests
	if (req.url ~ "/pub/health_check.php") {
	return (pass);
	}

	# Set initial grace period usage status
	set req.http.grace = "none";

	# normalize url in case of leading HTTP scheme and domain
	set req.url = regsub(req.url, "^http[s]?://", "");

	# collect all cookies
	std.collect(req.http.Cookie);

	# Compression filter. See https://www.varnish-cache.org/trac/wiki/FAQ/Compression
	if (req.http.Accept-Encoding) {
	if (req.url ~ "\.(jpg\|jpeg\|png\|gif\|gz\|tgz\|bz2\|tbz\|mp3\|ogg\|swf\|flv)$") {
	# No point in compressing these
	unset req.http.Accept-Encoding;
	} elsif (req.http.Accept-Encoding ~ "gzip") {
	set req.http.Accept-Encoding = "gzip";
	} elsif (req.http.Accept-Encoding ~ "deflate" && req.http.user-agent !~ "MSIE") {
	set req.http.Accept-Encoding = "deflate";
	} else {
	# unknown algorithm
	unset req.http.Accept-Encoding;
	}
	}

	# Remove all marketing get parameters to minimize the cache objects
	if (req.url ~ "(\?\|&)(gclid\|cx\|ie\|cof\|siteurl\|zanpid\|origin\|fbclid\|mc_[a-z]+\|utm_[a-z]+\|_bta_[a-z]+)=") {
	set req.url = regsuball(req.url, "(gclid\|cx\|ie\|cof\|siteurl\|zanpid\|origin\|fbclid\|mc_[a-z]+\|utm_[a-z]+\|_bta_[a-z]+)=[-_A-z0-9+()%.]+&?", "");
	set req.url = regsub(req.url, "[?\|&]+$", "");
	}

	# Static files caching
	if (req.url ~ "^/(pub/)?(media\|static)/") {
	# Static files should not be cached by default
	return (pass);

	# But if you use a few locales and don't use CDN you can enable caching static files by commenting previous line (#return (pass);) and uncommenting next 3 lines
	#unset req.http.Https;
	#unset req.http.X-Forwarded-Proto;
	#unset req.http.Cookie;
	}
	#~ Magento2 vcl_recv{} part \| End ~#

	return (hash);
	}


	#~ Magento2 Other ~#
	sub vcl_hash {
	if (req.http.cookie ~ "X-Magento-Vary=") {
	hash_data(regsub(req.http.cookie, "^.?X-Magento-Vary=([^;]+);.*$", "\1"));
	}

	# For multi site configurations to not cache each other's content
	if (req.http.host) {
	hash_data(req.http.host);
	} else {
	hash_data(server.ip);
	}

	# To make sure http users don't see ssl warning
	if (req.http.X-Forwarded-Proto) {
	hash_data(req.http.X-Forwarded-Proto);
	}


	if (req.url ~ "/graphql") {
	call process_graphql_headers;
	}
	}

	sub process_graphql_headers {
	if (req.http.Store) {
	hash_data(req.http.Store);
	}
	if (req.http.Content-Currency) {
	hash_data(req.http.Content-Currency);
	}
	}

	sub vcl_backend_response {

	set beresp.grace = 3d;

	if (beresp.http.content-type ~ "text") {
	set beresp.do_esi = true;
	}

	if (bereq.url ~ "\.js$" \|\| beresp.http.content-type ~ "text") {
	set beresp.do_gzip = true;
	}

	if (beresp.http.X-Magento-Debug) {
	set beresp.http.X-Magento-Cache-Control = beresp.http.Cache-Control;
	}

	# cache only successfully responses and 404s
	if (beresp.status != 200 && beresp.status != 404) {
	set beresp.ttl = 0s;
	set beresp.uncacheable = true;
	return (deliver);
	} elsif (beresp.http.Cache-Control ~ "private") {
	set beresp.uncacheable = true;
	set beresp.ttl = 86400s;
	return (deliver);
	}

	# validate if we need to cache it and prevent from setting cookie
	if (beresp.ttl > 0s && (bereq.method == "GET" \|\| bereq.method == "HEAD")) {
	unset beresp.http.set-cookie;
	}

	# If page is not cacheable then bypass varnish for 2 minutes as Hit-For-Pass
	if (beresp.ttl <= 0s \|\|
	beresp.http.Surrogate-control ~ "no-store" \|\|
	(!beresp.http.Surrogate-Control &&
	beresp.http.Cache-Control ~ "no-cache\|no-store") \|\|
	beresp.http.Vary == "*") {
	# Mark as Hit-For-Pass for the next 2 minutes
	set beresp.ttl = 120s;
	set beresp.uncacheable = true;
	}

	return (deliver);
	}

	sub vcl_deliver {
	if (resp.http.X-Magento-Debug) {
	if (resp.http.x-varnish ~ " ") {
	set resp.http.X-Magento-Cache-Debug = "HIT";
	set resp.http.Grace = req.http.grace;
	} else {
	set resp.http.X-Magento-Cache-Debug = "MISS";
	}
	} else {
	unset resp.http.Age;
	}

	# Not letting browser to cache non-static files.
	if (resp.http.Cache-Control !~ "private" && req.url !~ "^/(pub/)?(media\|static)/") {
	set resp.http.Pragma = "no-cache";
	set resp.http.Expires = "-1";
	set resp.http.Cache-Control = "no-store, no-cache, must-revalidate, max-age=0";
	}

	# unset resp.http.X-Magento-Debug; # Disable this line to debug varnish caching
	unset resp.http.X-Magento-Tags;
	unset resp.http.X-Powered-By;
	unset resp.http.Server;
	# unset resp.http.X-Varnish; # Disable this line to debug varnish caching
	# unset resp.http.Via; # Disable this line to debug varnish caching
	unset resp.http.Link;
	}

	sub vcl_hit {
	if (obj.ttl >= 0s) {
	# Hit within TTL period
	return (deliver);
	}
	if (std.healthy(req.backend_hint)) {
	if (obj.ttl + 300s > 0s) {
	# Hit after TTL expiration, but within grace period
	set req.http.grace = "normal (healthy server)";
	return (deliver);
	} else {
	# Hit after TTL and grace expiration
	return (restart);
	}
	} else {
	# server is not healthy, retrieve from cache
	set req.http.grace = "unlimited (unhealthy server)";
	return (deliver);
	}
	}