vcl 4.0;
|
# Based on: https://github.com/mattiasgeniar/varnish-4.0-configuration-templates/blob/master/default.vcl
|
#import xkey;
|
import std;
|
#include "/etc/varnish/acmetool.vcl";
|
#include "/etc/varnish/streaming.vcl";
|
include "/etc/varnish/certbot.vcl";
|
# Define one backend
|
backend default
|
{
|
.host = "111.111.111.111; # IP or Hostname of backend
|
.port = "80"; # Port Apache or whatever is listening
|
}
|
backend admin
|
{
|
.host = "111.111.111.111"; # IP or Hostname of backend
|
.port = "80"; # Port Apache or whatever is listening
|
.first_byte_timeout = 600s; # How long to wait before we receive a first byte from our backend?
|
.connect_timeout = 600s; # How long to wait for a backend connection?
|
.between_bytes_timeout = 600s; # How long to wait between bytes received from our backend?
|
}
|
/*
|
backend local_system_code
|
{
|
.host = "111.111.111.111"; # IP or Hostname of backend
|
.port = "8888"; # Port Apache or whatever is listening
|
.first_byte_timeout = 600s; # How long to wait before we receive a first byte from our backend?
|
.connect_timeout = 600s; # How long to wait for a backend connection?
|
.between_bytes_timeout = 600s; # How long to wait between bytes received from our backend?
|
}
|
*/
|
acl purge
|
{
|
# ACL we'll use later to allow purges
|
"localhost";
|
"209.126.111.251";
|
"127.0.0.1";
|
"::1";
|
#"Client Specific IPs here";
|
}
|
sub vcl_recv
|
{
|
## Send admin requests to different backend with extended timeouts
|
if (req.url ~ "^/admin") {
|
set req.backend_hint = admin;
|
}
|
/*
|
if (req.http.host ~ "example.com")
|
{
|
set req.backend_hint = local_system_code;
|
}
|
*/
|
## To exclude domains from varnish
|
/*
|
if (req.http.host ~ "^(?i)staging.domain.com") {
|
return (pass);
|
}
|
*/
|
## Redirect to https
|
if ((client.ip != "127.0.0.1" && std.port(server.ip) == 80) && (req.http.host ~ "^(?i)(www\.)?domain.com")) {
|
if (req.method != "PURGE")
|
{
|
set req.http.x-redir = "https://" + req.http.host + req.url;
|
return (synth(850, ""));
|
}
|
}
|
## Redirect assets to CDN
|
/*
|
if ( req.http.host == "domain.com" || req.http.host == "www.domain.com" || req.http.host == "cdn.domain.com")
|
{
|
if ( req.url ~ "\.(gif|ico|jpg|jpeg|png)$" && req.http.host != "cdn.domain.com" ) {
|
set req.http.x-redir = "https://cdn.domain.com" + req.url;
|
return (synth(750, ""));
|
}
|
if ( req.url !~ "\.(gif|ico|jpg|jpeg|png)$" && req.http.host == "cdn.domain.com" ) {
|
set req.http.x-redir = "https://www.domain.com" + req.url;
|
return (synth(760, ""));
|
}
|
}
|
*/
|
## Redirect specific traffic to another url
|
/*
|
if (req.http.host ~ "^(?i)m.domain.com")
|
{
|
return (synth(750, ""));
|
}
|
*/
|
## Allow htaccess password
|
if (req.http.Authorization || req.http.Authenticate)
|
{
|
return (pass);
|
}
|
##PASSING REAL IP TO BACKEND
|
if (req.restarts == 0)
|
{
|
if (req.http.X-Forwarded-For)
|
{
|
set req.http.X-Forwarded-For = req.http.X-Forwarded-For + ", " + client.ip;
|
}
|
else
|
{
|
set req.http.X-Forwarded-For = client.ip;
|
}
|
}
|
## Called at the beginning of a request, after the complete request has been received and parsed.
|
## Its purpose is to decide whether or not to serve the request, how to do it, and, if applicable,
|
## which backend to use.
|
## also used to modify the request
|
## Remove the proxy header (see https://httpoxy.org/#mitigate-varnish)
|
unset req.http.proxy;
|
## Allow purging
|
/*
|
## XKey logic
|
if ( req.http.host == "domain.com" || req.http.host == "www.domain.com")
|
{
|
if (req.method == "PURGE")
|
{
|
# If not allowed then a error 405 is returned
|
if (!client.ip ~ purge)
|
{
|
return(synth(405, "This IP is not allowed to send PURGE requests."));
|
}
|
set req.http.n-gone = xkey.softpurge("10000");
|
return(synth(200, "BAN added - Invalidated "+req.http.n-gone+" objects"));
|
}
|
}
|
*/
|
## Override purging where mass urls need to be purged
|
if (req.method == "BAN")
|
{
|
# If not allowed then a error 405 is returned
|
if (!client.ip ~ purge)
|
{
|
return(synth(405, "This IP is not allowed to send PURGE requests."));
|
}
|
return (hash);
|
}
|
if (req.method == "PURGE")
|
{
|
# If not allowed then a error 405 is returned
|
if (!client.ip ~ purge)
|
{
|
return(synth(405, "This IP is not allowed to send PURGE requests."));
|
}
|
#return (purge);
|
ban("req.http.host ~ " + req.http.host + " && req.url ~ " + req.url);
|
}
|
if (req.url ~ "wp-login|admin|git_deployment|show=preview|checkout")
|
{
|
return (pass);
|
}
|
if(req.http.Cookie ~ "wordpress_logged_in_" )
|
{
|
return (pass);
|
}
|
# Post requests will not be cached
|
if (req.http.Authorization || req.method == "POST")
|
{
|
return (pass);
|
}
|
## Unset all cookies so that Varnish can serve cached content
|
unset req.http.cookie;
|
}
|
## Handle the HTTP request coming from our backend
|
sub vcl_backend_response
|
{
|
/*
|
if (bereq.http.Host ~ "^(?i)(www\.)?domain.com" ||bereq.http.Host == "^(?i)www.domain.com" )
|
{
|
set beresp.http.xkey = "10000";
|
}
|
*/
|
/*
|
if (beresp.status >= 500 && beresp.status <= 599)
|
{
|
return (abandon);
|
}
|
*/
|
## Do not cache error pages & 404 pages
|
if (beresp.status == 403 || beresp.status == 404 || beresp.status >= 500)
|
{
|
set beresp.ttl = 0s;
|
return (deliver);
|
}
|
## Called after the response headers has been successfully retrieved from the backend.
|
## Enable cache for all static files
|
## The same argument as the static caches from above: monitor your cache size, if you get data nuked out of it, consider giving up the static file cache.
|
## Before you blindly enable this, have a read here: https://ma.ttias.be/stop-caching-static-files/
|
if (bereq.url ~ "^[^?]*\.(7z|avi|bmp|bz2|css|csv|doc|docx|eot|flac|flv|gif|gz|ico|jpeg|jpg|js|less|mka|mkv|mov|mp3|mp4|mpeg|mpg|odt|otf|ogg|ogm|opus|pdf|png|ppt|pptx|rar|rtf|svg|svgz|swf|tar|tbz|tgz|ttf|txt|txz|wav|webm|webp|woff|woff2|xls|xlsx|xml|xz|zip)(\?.*)?$")
|
{
|
unset beresp.http.set-cookie;
|
}
|
## Large static files are delivered directly to the end-user without waiting for Varnish to fully read the file first.
|
## Varnish 4 fully supports Streaming, so use streaming here to avoid locking.
|
if (bereq.url ~ "^[^?]*\.(7z|avi|bz2|flac|flv|gz|mka|mkv|mov|mp3|mp4|mpeg|mpg|ogg|ogm|opus|rar|tar|tgz|tbz|txz|wav|webm|xz|zip)(\?.*)?$")
|
{
|
unset beresp.http.set-cookie;
|
set beresp.do_stream = true;
|
## Check memory usage it'll grow in fetch_chunksize blocks (128k by default)
|
## if the backend doesn't send a Content-Length header, so only enable it for big objects
|
}
|
/*
|
## Don't cache 50x & 403 responses
|
## 404 added for testing - remove before live
|
if (beresp.status == 500 || beresp.status == 502 || beresp.status == 503 || beresp.status == 504 || beresp.status == 403)
|
{
|
return (abandon);
|
}
|
*/
|
## Allow stale content, in case the backend goes down.
|
## make Varnish keep all objects for 6 hours beyond their TTL
|
# A TTL of 2h
|
set beresp.ttl = 24h;
|
set beresp.grace = 24h;
|
return (deliver);
|
}
|
## The routine when we deliver the HTTP request to the user
|
## Last chance to modify headers that are sent to the client
|
sub vcl_deliver {
|
#turn on if you want disable login bar on wordpress.
|
/*
|
if (req.url !~ "admin|wp-login")
|
{
|
unset resp.http.set-cookie;
|
unset resp.http.cookie;
|
}
|
*/
|
## Called before a cached object is delivered to the client.
|
if (obj.hits > 0)
|
{
|
## Add debug header to see if it's a HIT/MISS and the number of hits, disable when not needed
|
set resp.http.X-Cache = "HIT - " + obj.hits;
|
}
|
else
|
{
|
set resp.http.X-Cache = "";
|
}
|
## Remove some headers: PHP version
|
unset resp.http.X-Powered-By;
|
## Remove some headers: Apache version & OS
|
unset resp.http.Server;
|
unset resp.http.X-Drupal-Cache;
|
unset resp.http.X-Varnish;
|
unset resp.http.Via;
|
unset resp.http.Link;
|
unset resp.http.X-Generator;
|
return (deliver);
|
}
|
sub vcl_synth {
|
if (resp.status == 503 && req.http.sie-enabled)
|
{
|
unset req.http.sie-enabled;
|
return (restart);
|
}
|
## Redirector for CDN
|
/*
|
if (resp.status == 750)
|
{
|
set resp.http.Location = req.http.x-redir;
|
set resp.status = 302;
|
return (deliver);
|
}
|
if (resp.status == 760)
|
{
|
set resp.http.Location = req.http.x-redir;
|
set resp.status = 302;
|
return (deliver);
|
}
|
*/
|
## The actual redirector for HTTPS
|
if (resp.status == 850)
|
{
|
// Redirect to HTTPS with 301 status.
|
set resp.status = 301;
|
set resp.http.Location = req.http.x-redir;
|
return(deliver);
|
}
|
if (resp.status == 503)
|
{
|
synthetic(std.fileread("/etc/varnish/error_docs/503.html"));
|
return(deliver);
|
}
|
if (resp.status == 403)
|
{
|
synthetic(std.fileread("/etc/varnish/error_docs/403.html"));
|
return(deliver);
|
}
|
}
|
sub vcl_hit {
|
if (obj.ttl < 0s && obj.ttl + obj.grace > 0s)
|
{
|
if (req.restarts == 0)
|
{
|
set req.http.sie-enabled = true;
|
return (restart);
|
}
|
else
|
{
|
set req.http.sie-abandon = true;
|
return (deliver);
|
}
|
}
|
if (obj.ttl >= 0s)
|
{
|
return (deliver);
|
}
|
return (restart);
|
/*
|
if (req.method == "PURGE")
|
{
|
softpurge.softpurge();
|
return (synth(200, "Successful softpurge"));
|
}
|
if (req.method == "BAN")
|
{
|
softpurge.softpurge();
|
return (synth(200, "Successful softpurge"));
|
}
|
*/
|
}
|
sub vcl_miss
|
{
|
/*
|
if (req.method == "PURGE")
|
{
|
softpurge.softpurge();
|
return (synth(200, "Successful softpurge"));
|
}
|
if (req.method == "BAN")
|
{
|
softpurge.softpurge();
|
return (synth(200, "Successful softpurge"));
|
}
|
*/
|
}
|
# In the event of an error, show friendlier messages.
|
sub vcl_backend_error
|
{
|
set beresp.http.Content-Type = "text/html; charset=utf-8";
|
set beresp.http.Retry-After = "5";
|
synthetic( {"
|
<?xml version="1.0" encoding="utf-8"?>
|
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
|
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
|
<html>
|
<head>
|
<script>error_name="503 - Backend fetch failed";event_action="503 - Backend fetch failed";event_label="503 - Backend fetch failed";event_value="503";content_displaed_on_page="503 Varnish Error !";document.title=window.location.hostname + " - " + error_name;(function(i, s, o, g, r, a, m){i['GoogleAnalyticsObject']=r;i[r]=i[r] || function(){(i[r].q=i[r].q || []).push(arguments)}, i[r].l=1 * new Date();a=s.createElement(o),m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a, m)})(window, document, 'script', '//www.google-analytics.com/analytics.js', 'ga');ga('create', 'UA-111111111111', 'auto');ga('require', 'displayfeatures');ga('require', 'linkid', 'linkid.js');ga('send', 'pageview');ga('set', 'nonInteraction', true);ga('send', 'event',{eventCategory: window.location.hostname, eventAction: event_action, eventLabel: event_label, eventValue: event_value});var dimensionValue=event_value;ga('set', 'dimension1', dimensionValue);var dimensionValue=window.location.hostname;ga('set', 'dimension2', dimensionValue);ga('send', 'exception',{'exDescription': error_name,'exFatal': true});</script>
|
<link href='' rel='stylesheet'><style>*:before, *:after{-webkit-box-sizing: border-box;-moz-box-sizing: b order-box;box-sizing: border-box;}body{font-family: 'Open Sans', 'Helvetica Neue', Helvetica, Arial, sans-serif;color: #394263;font-size: 13px;background-color: #FFF;}#error-container{padding: 120px 20px;position: relative;}#error-container .error-options{position: absolute;top: 20px;left: 20px;}#error-container h1{font-size: 96px;color: #431111;margin-bottom: 40px;}#error-container h2{color: #11103D;font-size: 24px;margin-bottom: 40px;margin-top: 80px;line-height: 1.4;}#error-container form{padding: 20px;border-radius: 3px;background: #fff;background: url(../img/template/ie8_opacity_light_10.png) repeat;background: rgba(255, 255, 255, .1);}#error-container .form-control{border-color: #fff;}.clearfix:before, .clearfix:after, .container:before, .container:after, .container-fluid:before, .container-fluid:after, .row:before, .row:after, .form-horizontal .form-group:before, .form-horizontal .form-group:after, .btn-toolbar:before, .btn-toolbar:after, .btn-group-vertical>.btn-group:before, .btn-group-vertical>.btn-group:after, .nav:before, .nav:after, .navbar:before, .navbar:after, .navbar-header:before, .navbar-header:after, .navbar-collapse:before, .navbar-collapse:after, .pager:before, .pager:after, .panel-body:before, .panel-body:after, .modal-footer:before, .modal-footer:after{content: ' ';display: table;}.col-sm-offset-2{margin-left: 16.66666667%}.col-sm-8{width: 66.66666667%}@media (min-width:768px){.col-sm-1, .col-sm-2, .col-sm-3, .col-sm-4, .col-sm-5, .col-sm-6, .col-sm-7, .col-sm-8, .col-sm-9, .col-sm-10, .col-sm-11, .col-sm-12{float: left;}.col-xs-1, .col-sm-1, .col-md-1, .col-lg-1, .col-xs-2, .col-sm-2, .col-md-2, .col-lg-2, .col-xs-3, .col-sm-3, .col-md-3, .col-lg-3, .col-xs-4, .col-sm-4, .col-md-4, .col-lg-4, .col-xs-5, .col-sm-5, .col-md-5, .col-lg-5, .col-xs-6, .col-sm-6, .col-md-6, .col-lg-6, .col-xs-7, .col-sm-7, .col-md-7, .col-lg-7, .col-xs-8, .col-sm-8, .col-md-8, .col-lg-8, .col-xs-9, .col-sm-9, .col-md-9, .col-lg-9, .col-xs-10, .col-sm-10, .col-md-10, .col-lg-10, .col-xs-11, .col-sm-11, .col-md-11, .col-lg-11, .col-xs-12, .col-sm-12, .col-md-12, .col-lg-12{position: relative;min-height: 1px;padding-left: 15px;padding-right: 15px;}.text-center{text-align: center;}*{-webkit-box-sizing: border-box;-moz-box-sizing: border-box;box-sizing: border-box;}.animation-tossing{animation-name: tossing;-webkit-animation-name: tossing;animation-duration: 2.5s;-webkit-animation-duration: 2.5s;animation-iteration-count: infinite;-webkit-animation-iteration-count: infinite;}@keyframes tossing{0%{transform: rotate(-4deg);}50%{transform: rotate(4deg);}100%{transform: rotate(-4deg);}}@-webkit-keyframes tossing{0%{-webkit-transform: rotate(-4deg);}50%{-webkit-transform: rotate(4deg);}100%{-webkit-transform: rotate(-4deg);}}.h1, .h2, .h3, .h4, .h5, .h6, h1, h2, h3, h4, h5, h6{font-family: 'Open Sans', 'Helvetica Neue', Helvetica, Arial, sans-serif;font-weight: 300;}a{//text-decoration: none;color: #2554B4;pointer: pointer;}.text-danger, .text-danger:hover, a.text-danger, a.text-danger:focus, a.text-danger:hover{color: #e74c3c;}/*@font-face{font-family: 'FontAwesome';src: url('../fonts/fontawesome-webfont.eot?v=4.1.0');src: url('../fonts/fontawesome-webfont.eot?#iefix&v=4.1.0') format('embedded-opentype'), url('../fonts/fontawesome-webfont.woff?v=4.1.0') format('woff'), url('../fonts/fontawesome-webfont.ttf?v=4.1.0') format('truetype'), url('../fonts/fontawesome-webfont.svg?v=4.1.0#fontawesomeregular') format('svg');font-weight: normal;font-style: normal;}*/.fa-gear:before, .fa-cog:before{content: '\f013'}.fa{display: inline-block;font-family: FontAwesome;font-style: normal;font-weight: normal;line-height: 1;-webkit-font-smoothing: antialiased;-moz-osx-font-smoothing: grayscale;}.fa-spin{-webkit-animation: spin 2s infinite linear;-moz-animation: spin 2s infinite linear;-o-animation: spin 2s infinite linear;animation: spin 2s infinite linear;}@-moz-keyframes spin{0%{-moz-transform: rotate(0deg);}100%{-moz-transform: rotate(359deg);}}@-webkit-keyframes spin{0%{-webkit-transform: rotate(0deg);}100%{-webkit-transform: rotate(359deg);}}@-o-keyframes spin{0%{-o-transform: rotate(0deg);}100%{-o-transform: rotate(359deg);}}@keyframes spin{0%{-webkit-transform: rotate(0deg);transform: rotate(0deg);}100%{-webkit-transform: rotate(359deg);transform: rotate(359deg);}</style></head>
|
<body>
|
<div id='error-container'><div class='row'><div class='col-sm-8 col-sm-offset-2 text-center'><h1 class=''><i class=''></i><script>document.write(content_displaed_on_page);</script></h1><h2 class='h3'>Don't worry, we'll be back.<br>Click <a href='javascript:document.location.reload(true);'>here</a> to reload the page</h2></div></div>
|
</body>
|
</html>
|
<!-- Comment out default error html block
|
<html>
|
<head>
|
<title>"} + beresp.status + " " + beresp.reason + {"</title>
|
</head>
|
<body>
|
<h1>Error "} + beresp.status + " " + beresp.reason + {"</h1>
|
<p>"} + beresp.reason + {"</p>
|
<h3>Guru Meditation:</h3>
|
<p>XID: "} + bereq.xid + {"</p>
|
<hr>
|
<p>Varnish cache server</p>
|
</body>
|
</html>
|
-->
|
"} );
|
return (deliver);
|
}
|
sub vcl_fini {
|
## Called when VCL is discarded only after all requests have exited the VCL.
|
## Typically used to clean up VMODs.
|
return (ok);
|
}
|
Leave a Reply