|
# |
|
# Varnish 3 |
|
# |
|
|
|
# Change this for your needs |
|
backend default { |
|
.host = "127.0.0.1"; |
|
.port = "8080"; |
|
} |
|
|
|
# Authorized hosts for PURGE requests |
|
acl purge { |
|
"localhost"; |
|
"127.0.0.1"; |
|
} |
|
|
|
# Below is a commented-out copy of the default VCL logic. If you |
|
# redefine any of these subroutines, the built-in logic will be |
|
# appended to your code. |
|
# sub vcl_recv { |
|
# if (req.restarts == 0) { |
|
# if (req.http.x-forwarded-for) { |
|
# set req.http.X-Forwarded-For = |
|
# req.http.X-Forwarded-For + ", " + client.ip; |
|
# } else { |
|
# set req.http.X-Forwarded-For = client.ip; |
|
# } |
|
# } |
|
# if (req.request != "GET" && |
|
# req.request != "HEAD" && |
|
# req.request != "PUT" && |
|
# req.request != "POST" && |
|
# req.request != "TRACE" && |
|
# req.request != "OPTIONS" && |
|
# req.request != "DELETE") { |
|
# /* Non-RFC2616 or CONNECT which is weird. */ |
|
# return (pipe); |
|
# } |
|
# if (req.request != "GET" && req.request != "HEAD") { |
|
# /* We only deal with GET and HEAD by default */ |
|
# return (pass); |
|
# } |
|
# if (req.http.Authorization || req.http.Cookie) { |
|
# /* Not cacheable by default */ |
|
# return (pass); |
|
# } |
|
# return (lookup); |
|
# } |
|
|
|
sub vcl_recv { |
|
# Serve objects up to 2 minutes past their expiry if the backend is slow to respond. |
|
set req.grace = 120s; |
|
|
|
# Disable Varnish on some hosts |
|
# if (req.http.Host ~ "dev\.example\.com$) { |
|
# return (pass); |
|
# } |
|
|
|
# Ignore cookies for static files |
|
if (req.url ~ "\.(js|css|jpe?g|png|gif|tiff|avi|mov|mp3|ogg|wmv|wma|woff|ttf|otf|svg)") { |
|
unset req.http.cookie; |
|
} |
|
|
|
# Disable caching when user specifically asks for it |
|
if (req.http.Cache-Control ~ "no-cache" || req.http.Pragma ~ "no-cache") { |
|
return (pass); |
|
} |
|
|
|
# From http:#serverfault.com/questions/195654/how-to-cache-websites-using-varnish-php-and-cookies |
|
# Remove Google Analytics Cookies |
|
set req.http.Cookie = regsuball(req.http.Cookie, "(^|; ) *(__)?utm[a-z0-9_]+=[^;]+;? *", "\1"); |
|
|
|
# Enable purging, but only from authorized hosts |
|
if (req.request == "PURGE") { |
|
if (!client.ip ~ purge) { |
|
error 405 "Not allowed."; |
|
} |
|
return (lookup); |
|
} |
|
|
|
# normalize Accept-Encoding to reduce vary |
|
if (req.http.Accept-Encoding) { |
|
if (req.http.User-Agent ~ "MSIE 6") { |
|
unset req.http.Accept-Encoding; |
|
} elsif (req.http.Accept-Encoding ~ "gzip") { |
|
set req.http.Accept-Encoding = "gzip"; |
|
} elsif (req.http.Accept-Encoding ~ "deflate") { |
|
set req.http.Accept-Encoding = "deflate"; |
|
} else { |
|
unset req.http.Accept-Encoding; |
|
} |
|
} |
|
|
|
# Unset empty Cookie string |
|
if (req.http.Cookie ~ "^[\s;]*$") { |
|
unset req.http.Cookie; |
|
} |
|
} |
|
|
|
# sub vcl_pipe { |
|
# # Note that only the first request to the backend will have |
|
# # X-Forwarded-For set. If you use X-Forwarded-For and want to |
|
# # have it set for all requests, make sure to have: |
|
# # set bereq.http.connection = "close"; |
|
# # here. It is not set by default as it might break some broken web |
|
# # applications, like IIS with NTLM authentication. |
|
# return (pipe); |
|
# } |
|
# |
|
# sub vcl_pass { |
|
# return (pass); |
|
# } |
|
|
|
sub vcl_pass { |
|
if (req.request == "PURGE") { |
|
error 502 "PURGE on a passed object"; |
|
} |
|
} |
|
|
|
# |
|
# sub vcl_hash { |
|
# hash_data(req.url); |
|
# if (req.http.host) { |
|
# hash_data(req.http.host); |
|
# } else { |
|
# hash_data(server.ip); |
|
# } |
|
# return (hash); |
|
# } |
|
|
|
# sub vcl_hit { |
|
# return (deliver); |
|
# } |
|
# |
|
|
|
sub vcl_hit { |
|
if (req.request == "PURGE") { |
|
purge; |
|
error 200 "Purged"; |
|
} |
|
} |
|
|
|
# sub vcl_miss { |
|
# return (fetch); |
|
# } |
|
|
|
sub vcl_miss { |
|
if (req.request == "PURGE") { |
|
purge; |
|
error 200 "Not in cache"; |
|
} |
|
} |
|
|
|
# |
|
# sub vcl_fetch { |
|
# if (beresp.ttl <= 0s || |
|
# beresp.http.Set-Cookie || |
|
# beresp.http.Vary == "*") { |
|
# /* |
|
# * Mark as "Hit-For-Pass" for the next 2 minutes |
|
# */ |
|
# set beresp.ttl = 120 s; |
|
# return (hit_for_pass); |
|
# } |
|
# return (deliver); |
|
# } |
|
|
|
sub vcl_fetch { |
|
# If backend is not responding, allow replying with a stale response. |
|
set beresp.grace = 120s; |
|
|
|
# Strip cookies for static files: |
|
if (req.url ~ "\.(jpg|jpeg|gif|png|ico|css|zip|tgz|gz|rar|bz2|pdf|txt|tar|wav|bmp|rtf|js|flv|swf)$") { |
|
unset beresp.http.set-cookie; |
|
} |
|
|
|
# X-Cacheable is useful to debug the behaviour of Varnish |
|
# https://www.varnish-cache.org/trac/wiki/VCLExampleHitMissHeader |
|
if (beresp.http.Cache-Control ~ "private") { |
|
# You are respecting the Cache-Control=private header from the backend |
|
set beresp.http.X-Cacheable = "NO: Cache-Control=private"; |
|
|
|
return (hit_for_pass); |
|
} elsif (beresp.http.Set-Cookie) { |
|
# You are respecting the Cache-Control=private header from the backend |
|
set beresp.http.X-Cacheable = "NO: Set-Cookie"; |
|
|
|
return (hit_for_pass); |
|
} elseif (req.http.Cache-Control ~ "no-cache" || req.http.Pragma ~ "no-cache") { |
|
set beresp.http.X-Cacheable = "NO: Forced by user"; |
|
|
|
return (hit_for_pass); |
|
#} elsif ( beresp.ttl < 1s ) { |
|
# # Even if no cache is specified, force a 10s cache. |
|
# # Be careful when using this, it may break some websites |
|
# set beresp.ttl = 10s; |
|
# set beresp.grace = 10s; |
|
# set beresp.http.X-Cacheable = "YES: Auto 10s"; |
|
} |
|
} |
|
|
|
# |
|
# sub vcl_deliver { |
|
# return (deliver); |
|
# } |
|
|
|
sub vcl_deliver { |
|
# Remove some headers that are useless or may give security information |
|
remove resp.http.Age; |
|
remove resp.http.Via; |
|
remove resp.http.X-Powered-By; |
|
|
|
# Server is needed, so set something generic |
|
unset resp.http.Server; |
|
set resp.http.Server = "Webserver"; |
|
} |
|
|
|
# |
|
# sub vcl_error { |
|
# set obj.http.Content-Type = "text/html; charset=utf-8"; |
|
# set obj.http.Retry-After = "5"; |
|
# synthetic {" |
|
# <?xml version="1.0" encoding="utf-8"?> |
|
# <!DOCTYPE html PUBLIC "-#W3C//DTD XHTML 1.0 Strict//EN" |
|
# "http:#www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> |
|
# <html> |
|
# <head> |
|
# <title>"} + obj.status + " " + obj.response + {"</title> |
|
# </head> |
|
# <body> |
|
# <h1>Error "} + obj.status + " " + obj.response + {"</h1> |
|
# <p>"} + obj.response + {"</p> |
|
# <h3>Guru Meditation:</h3> |
|
# <p>XID: "} + req.xid + {"</p> |
|
# <hr> |
|
# <p>Varnish cache server</p> |
|
# </body> |
|
# </html> |
|
# "}; |
|
# return (deliver); |
|
# } |
|
|
|
|
|
sub vcl_error { |
|
# Remove server for security reasons |
|
unset obj.http.Server; |
|
set obj.http.Server = "Webserver"; |
|
} |
|
|
|
|
|
# |
|
# sub vcl_init { |
|
# return (ok); |
|
# } |
|
# |
|
# sub vcl_fini { |
|
# return (ok); |
|
# } |