Commit 1ed2b682 authored by Tatuya Kamada's avatar Tatuya Kamada

Introduce the best practices from erp5 public web sites experience.

parent 98aa5dad
...@@ -5,120 +5,183 @@ ...@@ -5,120 +5,183 @@
#server. #server.
# #
backend default { backend default {
.host = "%(backend_server)s"; .host = "%(backend_server)s";
.port = "%(backend_port)s"; .port = "%(backend_port)s";
.probe = { .probe = {
.timeout = 30s; .timeout = 30s;
.interval = 5s; .interval = 5s;
.window = 4; .window = 4;
.threshold = 3; .threshold = 3;
.request = .request =
"OPTIONS /erp5/getId HTTP/1.1" "OPTIONS /erp5/getId HTTP/1.1"
"Host: %(backend_server)s:%(backend_port)s" "Host: %(backend_server)s:%(backend_port)s"
"Accept-Encoding: identity" "Accept-Encoding: identity"
"Connection: close" "Connection: close"
"User-Agent: Varnish"; "User-Agent: Varnish";
} }
} }
#
#Below is a commented-out copy of the default VCL logic. If you
#redefine any of these subroutines, the built-in logic will be
#appended to your code.
#
# Called at the beginning of a request, after the complete request has been received and parsed
sub vcl_recv { sub vcl_recv {
if (req.request != "GET" && # Force lookup if the request is a no-cache request from the client
req.request != "HEAD" && if (req.http.cache-control ~ "no-cache") {
req.request != "PUT" && ban_url(req.url);
req.request != "POST" && }
req.request != "TRACE" && # Pass any requests that Varnish does not understand straight to the backend.
req.request != "OPTIONS" && if (req.request != "GET" &&
req.request != "PURGE" && req.request != "HEAD" &&
req.request != "DELETE") { req.request != "PUT" &&
/* Non-RFC2616 or CONNECT which is weird. */ req.request != "POST" &&
return(pipe); req.request != "TRACE" &&
} req.request != "OPTIONS" &&
if (req.request != "GET" && req.request != "HEAD" && req.request != "PURGE") { req.request != "PURGE" &&
/* We only deal with GET and HEAD by default */ req.request != "DELETE") {
return(pass); /* Non-RFC2616 or CONNECT which is weird. */
} return(pipe);
remove req.http.Cookie; }
remove req.http.Set-Cookie; # Pass anything other than GET and HEAD and PURGE directly.
if (req.http.Accept-Encoding) { if (req.request != "GET" && req.request != "HEAD" && req.request != "PURGE") {
if (req.http.Accept-Encoding ~ "gzip") { /* We only deal with GET and HEAD by default */
set req.http.Accept-Encoding = "gzip"; return(pass);
} elsif (req.http.Accept-Encoding ~ "deflate") { }
set req.http.Accept-Encoding = "deflate"; if (req.http.Authorization) {
/* Not cacheable by default */
return (pass);
}
# no need to have cookies for the resources
if (req.url ~ "\.(css|js|ico)$") {
unset req.http.cookie;
}
# remove bogus cookies
if (req.http.Cookie) {
set req.http.Cookie = regsuball(req.http.Cookie, "(^|; ) *__utm.=[^;]+;? *", "\1");
set req.http.Cookie = regsuball(req.http.Cookie, "(^|; ) *__ac_name=\x22\x22;? *", "\1");
set req.http.Cookie = regsuball(req.http.Cookie, "(^|; ) *__ac=\x22Og.3D.3D\x22;? *", "\1");
}
if (req.http.Cookie == "") {
remove req.http.Cookie;
}
if (req.http.Cookie && req.http.Cookie ~ "(^|; ) *__ac=") {
/* Not cacheable for authorised users,
but KM images are cacheable */
if (!(req.url ~ "/km_img/.*\.(png|gif)$")) {
return (pass);
}
}
# XXX Is it OK to remove this of all the case?
remove req.http.Set-Cookie;
if (req.http.Accept-Encoding) {
if (req.http.Accept-Encoding ~ "gzip") {
set req.http.Accept-Encoding = "gzip";
} elsif (req.http.Accept-Encoding ~ "deflate") {
set req.http.Accept-Encoding = "deflate";
} else {
# unkown algorithm
remove req.http.Accept-Encoding;
}
}
# We do not care about Accept-Language, this is url controlled
remove req.http.Accept-Language;
## XXX login form can defer based on __ac_name cookie value
if (req.url ~ "/(login_form|WebSite_viewLoginDialog)($|\?)") {
return (pass);
}
if (req.backend.healthy) {
set req.grace = 1h;
} else { } else {
# unkown algorithm set req.grace = 1w;
remove req.http.Accept-Encoding; }
} return(lookup);
}
# Force deflate
remove req.http.Accept-Encoding;
# We do not care about Accept-Language, this is url controlled
remove req.http.Accept-Language;
#if (req.request == "PURGE") {
# if (!client.ip ~ purge) {
# error 405 "Not allowed.";
# }
# purge_url(req.url);
# error 200 "HASHPURGED";
# unset req.http.x;
#}
set req.grace = 30d;
return(lookup);
} }
# Creates the varnish cache key by the url
sub vcl_hash { sub vcl_hash {
hash_data(req.url); hash_data(req.url);
return(hash); return(hash);
} }
# Called after a cache lookup if the requested document was found in the cache
sub vcl_hit { sub vcl_hit {
#if (req.request == "PURGE" && client.ip ~ purge) { # According Vary Header do not return those headers
# set obj.ttl = 0s; remove req.http.Accept-Language;
# error 200 "Purged."; remove req.http.Accept-Encoding;
#} remove req.http.Cookie;
return(deliver);
#if (client.ip ~ purge){
# # Force refresh from localhost
# set obj.ttl = 0s;
# return (restart);
#}
# According Vary Header do not return those headers
remove req.http.Accept-Language;
remove req.http.Accept-Encoding;
remove req.http.Cookie;
return(deliver);
} }
# Called after a cache lookup if the requested document was not found in the cache
sub vcl_miss { sub vcl_miss {
return(fetch); return(fetch);
} }
# Called after a document has been successfully retrieved from the backend
sub vcl_fetch { sub vcl_fetch {
# we only cache 200 (OK) and 304 (Not Modified) responses.
if (beresp.status != 200 && beresp.status != 304) {
set beresp.ttl = 0s;
}
if (beresp.http.cache-control ~ "no-cache") {
set beresp.ttl = 0s;
}
if (beresp.ttl == 0s) {
unset beresp.http.expires;
set beresp.http.cache-control = "no-cache";
return(hit_for_pass);
}
# we don't care haproxy's cookie.
if (beresp.http.Set-Cookie && beresp.http.Set-Cookie !~ "^SERVERID=[^;]+; path=/$") {
return(hit_for_pass);
}
if (req.url ~ "\.(css|js|ico)$") {
unset beresp.http.set-cookie;
set beresp.http.cache-control = regsub(beresp.http.cache-control, "^", "public,");
set beresp.http.cache-control = regsub(beresp.http.cache-control, ",$", "");
}
# remove some headers added by caching policy manager to avoid
# '304 Not Modified' in case of login <-> logout switching.
if (beresp.http.content-type ~ "^text/html") {
unset beresp.http.last-modified;
}
set beresp.grace = 1w;
/* Never send request to backend even if client ask refreshed content */ /* Never send request to backend even if client ask refreshed content */
if (beresp.ttl > 0s) { if (beresp.ttl > 0s) {
/* Setup grace period for 30days for all cacheable contents */ /* Setup grace period for 30days for all cacheable contents */
#set req.grace = 30d; set beresp.grace = 30d;
set beresp.grace = 30d; /* Remove Expires from backend, it's not long enough */
} unset beresp.http.expires;
return(deliver); # /* Set the clients TTL on this object */
} # set beresp.http.cache-control = "max-age = 300";
/* Set how long Varnish will keep it */
set beresp.ttl = 1w;
/* marker for vcl_deliver to reset Age: */
set beresp.http.magicmarker = "1";
}
return(deliver);
}
# Called before a cached object is delivered to the client
sub vcl_deliver { sub vcl_deliver {
if (obj.hits > 0) { if (resp.http.magicmarker) {
set resp.http.X-Cache = obj.hits; /* Remove the magic marker */
} else { unset resp.http.magicmarker;
set resp.http.X-Cache = "MISS"; /* By definition we have a fresh object */
} set resp.http.age = "0";
#if (obj.hash) { }
# set resp.http.X-Hash = obj.hash; if (obj.hits > 0) {
#} else { set resp.http.X-Cache = obj.hits;
# set resp.http.X-Hash = "No hash"; } else {
#} set resp.http.X-Cache = "MISS";
}
return(deliver); return(deliver);
} }
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment