Skip to content

slapos
slapos
Commit 1ed2b682 authored by Tatuya Kamada's avatar Tatuya Kamada
Browse files
Options

Introduce the best practices from erp5 public web sites experience.

parent 98aa5dad
Hide whitespace changes
Inline Side-by-side
Showing with 155 additions and 92 deletions
slapos/recipe/generic_varnish/template/default.vcl.in
View file @ 1ed2b682
...@@ -5,120 +5,183 @@ ...@@ -5,120 +5,183 @@
#server. #server.
# #
backend default { backend default {
.host = "%(backend_server)s"; .host = "%(backend_server)s";
.port = "%(backend_port)s"; .port = "%(backend_port)s";
.probe = { .probe = {
.timeout = 30s; .timeout = 30s;
.interval = 5s; .interval = 5s;
.window = 4; .window = 4;
.threshold = 3; .threshold = 3;
.request = .request =
"OPTIONS /erp5/getId HTTP/1.1" "OPTIONS /erp5/getId HTTP/1.1"
"Host: %(backend_server)s:%(backend_port)s" "Host: %(backend_server)s:%(backend_port)s"
"Accept-Encoding: identity" "Accept-Encoding: identity"
"Connection: close" "Connection: close"
"User-Agent: Varnish"; "User-Agent: Varnish";
} }
} }
#
#Below is a commented-out copy of the default VCL logic. If you
#redefine any of these subroutines, the built-in logic will be
#appended to your code.
#
# Called at the beginning of a request, after the complete request has been received and parsed
sub vcl_recv { sub vcl_recv {
if (req.request != "GET" && # Force lookup if the request is a no-cache request from the client
req.request != "HEAD" && if (req.http.cache-control ~ "no-cache") {
req.request != "PUT" && ban_url(req.url);
req.request != "POST" && }
req.request != "TRACE" && # Pass any requests that Varnish does not understand straight to the backend.
req.request != "OPTIONS" && if (req.request != "GET" &&
req.request != "PURGE" && req.request != "HEAD" &&
req.request != "DELETE") { req.request != "PUT" &&
/* Non-RFC2616 or CONNECT which is weird. */ req.request != "POST" &&
return(pipe); req.request != "TRACE" &&
} req.request != "OPTIONS" &&
if (req.request != "GET" && req.request != "HEAD" && req.request != "PURGE") { req.request != "PURGE" &&
/* We only deal with GET and HEAD by default */ req.request != "DELETE") {
return(pass); /* Non-RFC2616 or CONNECT which is weird. */
} return(pipe);
remove req.http.Cookie; }
remove req.http.Set-Cookie; # Pass anything other than GET and HEAD and PURGE directly.
if (req.http.Accept-Encoding) { if (req.request != "GET" && req.request != "HEAD" && req.request != "PURGE") {
if (req.http.Accept-Encoding ~ "gzip") { /* We only deal with GET and HEAD by default */
set req.http.Accept-Encoding = "gzip"; return(pass);
} elsif (req.http.Accept-Encoding ~ "deflate") { }
set req.http.Accept-Encoding = "deflate"; if (req.http.Authorization) {
/* Not cacheable by default */
return (pass);
}
# no need to have cookies for the resources
if (req.url ~ "\.(css|js|ico)$") {
unset req.http.cookie;
}
# remove bogus cookies
if (req.http.Cookie) {
set req.http.Cookie = regsuball(req.http.Cookie, "(^|; ) *__utm.=[^;]+;? *", "\1");
set req.http.Cookie = regsuball(req.http.Cookie, "(^|; ) *__ac_name=\x22\x22;? *", "\1");
set req.http.Cookie = regsuball(req.http.Cookie, "(^|; ) *__ac=\x22Og.3D.3D\x22;? *", "\1");
}
if (req.http.Cookie == "") {
remove req.http.Cookie;
}
if (req.http.Cookie && req.http.Cookie ~ "(^|; ) *__ac=") {
/* Not cacheable for authorised users,
but KM images are cacheable */
if (!(req.url ~ "/km_img/.*\.(png|gif)$")) {
return (pass);
}
}
# XXX Is it OK to remove this of all the case?
remove req.http.Set-Cookie;
if (req.http.Accept-Encoding) {
if (req.http.Accept-Encoding ~ "gzip") {
set req.http.Accept-Encoding = "gzip";
} elsif (req.http.Accept-Encoding ~ "deflate") {
set req.http.Accept-Encoding = "deflate";
} else {
# unkown algorithm
remove req.http.Accept-Encoding;
}
}
# We do not care about Accept-Language, this is url controlled
remove req.http.Accept-Language;
## XXX login form can defer based on __ac_name cookie value
if (req.url ~ "/(login_form|WebSite_viewLoginDialog)($|\?)") {
return (pass);
}
if (req.backend.healthy) {
set req.grace = 1h;
} else { } else {
# unkown algorithm set req.grace = 1w;
remove req.http.Accept-Encoding; }
} return(lookup);
}
# Force deflate
remove req.http.Accept-Encoding;
# We do not care about Accept-Language, this is url controlled
remove req.http.Accept-Language;
#if (req.request == "PURGE") {
# if (!client.ip ~ purge) {
# error 405 "Not allowed.";
# }
# purge_url(req.url);
# error 200 "HASHPURGED";
# unset req.http.x;
#}
set req.grace = 30d;
return(lookup);
} }
# Creates the varnish cache key by the url
sub vcl_hash { sub vcl_hash {
hash_data(req.url); hash_data(req.url);
return(hash); return(hash);
} }
# Called after a cache lookup if the requested document was found in the cache
sub vcl_hit { sub vcl_hit {
#if (req.request == "PURGE" && client.ip ~ purge) { # According Vary Header do not return those headers
# set obj.ttl = 0s; remove req.http.Accept-Language;
# error 200 "Purged."; remove req.http.Accept-Encoding;
#} remove req.http.Cookie;
return(deliver);
#if (client.ip ~ purge){
# # Force refresh from localhost
# set obj.ttl = 0s;
# return (restart);
#}
# According Vary Header do not return those headers
remove req.http.Accept-Language;
remove req.http.Accept-Encoding;
remove req.http.Cookie;
return(deliver);
} }
# Called after a cache lookup if the requested document was not found in the cache
sub vcl_miss { sub vcl_miss {
return(fetch); return(fetch);
} }
# Called after a document has been successfully retrieved from the backend
sub vcl_fetch { sub vcl_fetch {
# we only cache 200 (OK) and 304 (Not Modified) responses.
if (beresp.status != 200 && beresp.status != 304) {
set beresp.ttl = 0s;
}
if (beresp.http.cache-control ~ "no-cache") {
set beresp.ttl = 0s;
}
if (beresp.ttl == 0s) {
unset beresp.http.expires;
set beresp.http.cache-control = "no-cache";
return(hit_for_pass);
}
# we don't care haproxy's cookie.
if (beresp.http.Set-Cookie && beresp.http.Set-Cookie !~ "^SERVERID=[^;]+; path=/$") {
return(hit_for_pass);
}
if (req.url ~ "\.(css|js|ico)$") {
unset beresp.http.set-cookie;
set beresp.http.cache-control = regsub(beresp.http.cache-control, "^", "public,");
set beresp.http.cache-control = regsub(beresp.http.cache-control, ",$", "");
}
# remove some headers added by caching policy manager to avoid
# '304 Not Modified' in case of login <-> logout switching.
if (beresp.http.content-type ~ "^text/html") {
unset beresp.http.last-modified;
}
set beresp.grace = 1w;
/* Never send request to backend even if client ask refreshed content */ /* Never send request to backend even if client ask refreshed content */
if (beresp.ttl > 0s) { if (beresp.ttl > 0s) {
/* Setup grace period for 30days for all cacheable contents */ /* Setup grace period for 30days for all cacheable contents */
#set req.grace = 30d; set beresp.grace = 30d;
set beresp.grace = 30d; /* Remove Expires from backend, it's not long enough */
} unset beresp.http.expires;
return(deliver); # /* Set the clients TTL on this object */
} # set beresp.http.cache-control = "max-age = 300";
/* Set how long Varnish will keep it */
set beresp.ttl = 1w;
/* marker for vcl_deliver to reset Age: */
set beresp.http.magicmarker = "1";
}
return(deliver);
}
# Called before a cached object is delivered to the client
sub vcl_deliver { sub vcl_deliver {
if (obj.hits > 0) { if (resp.http.magicmarker) {
set resp.http.X-Cache = obj.hits; /* Remove the magic marker */
} else { unset resp.http.magicmarker;
set resp.http.X-Cache = "MISS"; /* By definition we have a fresh object */
} set resp.http.age = "0";
#if (obj.hash) { }
# set resp.http.X-Hash = obj.hash; if (obj.hits > 0) {
#} else { set resp.http.X-Cache = obj.hits;
# set resp.http.X-Hash = "No hash"; } else {
#} set resp.http.X-Cache = "MISS";
}
return(deliver); return(deliver);
} }
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7