303 lines
9.7 KiB
Plaintext
303 lines
9.7 KiB
Plaintext
vcl 4.1;
|
|
|
|
import std;
|
|
|
|
backend default {
|
|
.host = "plik";
|
|
.port = "8080";
|
|
.max_connections = 100;
|
|
.probe = {
|
|
.url = "/";
|
|
.interval = 10s;
|
|
.timeout = 5s;
|
|
.window = 5;
|
|
.threshold = 3;
|
|
}
|
|
.connect_timeout = 5s;
|
|
.first_byte_timeout = 90s;
|
|
.between_bytes_timeout = 2s;
|
|
}
|
|
|
|
|
|
acl purge {
|
|
"localhost";
|
|
"127.0.0.1";
|
|
"::1";
|
|
}
|
|
|
|
sub vcl_recv {
|
|
|
|
unset req.http.x-cache;
|
|
unset req.http.x-cache-hits;
|
|
|
|
set req.http.Host = regsub(req.http.Host, ":[0-9]+", "");
|
|
unset req.http.proxy;
|
|
set req.backend_hint = default;
|
|
|
|
# gzip
|
|
if (req.http.Accept-Encoding) {
|
|
if (req.url ~ "\.(jpg|jpeg|png|JPG|JPEG|PNG|BMP|bmp|tiff|TIFF|jiff|SVG|svg|webp|WEBP|gif|GIF|png|PNG|ico|ICO|js|css|JS|CSS|html|htm|txt|TXT|HTM|HTM|eot|ttf|woff|woff2)$") {
|
|
unset req.http.Accept-Encoding;
|
|
} elsif (req.http.Accept-Encoding ~ "gzip") {
|
|
set req.http.Accept-Encoding = "gzip";
|
|
} elsif (req.http.Accept-Encoding ~ "deflate" &&
|
|
req.http.user-agent !~ "MSIE") {
|
|
set req.http.Accept-Encoding = "deflate";
|
|
} else {
|
|
unset req.http.Accept-Encoding;
|
|
}
|
|
}
|
|
|
|
set req.url = std.querysort(req.url);
|
|
set req.url = regsub(req.url, "\?$", "");
|
|
set req.http.Surrogate-Capability = "key=ESI/1.0";
|
|
|
|
|
|
if (req.restarts == 0) {
|
|
if (req.http.X-Forwarded-For) {
|
|
set req.http.X-Forwarded-For = req.http.X-Forwarded-For + ", " + client.ip;
|
|
}
|
|
else {
|
|
set req.http.X-Forwarded-For = client.ip;
|
|
}
|
|
}
|
|
|
|
if (req.method == "PURGE") {
|
|
if (!client.ip ~ purge) {
|
|
return(synth(405, "Not allowed."));
|
|
}
|
|
return (hash);
|
|
}
|
|
|
|
|
|
if (req.method == "BAN") {
|
|
# Same ACL check as above:
|
|
if (!client.ip ~ purge) {
|
|
return(synth(405, "Not allowed."));
|
|
}
|
|
}
|
|
|
|
if (
|
|
req.method != "GET" &&
|
|
req.method != "HEAD" &&
|
|
req.method != "PUT" &&
|
|
req.method != "POST" &&
|
|
req.method != "PATCH" &&
|
|
req.method != "TRACE" &&
|
|
req.method != "OPTIONS" &&
|
|
req.method != "DELETE"
|
|
) {
|
|
return (pipe);
|
|
}
|
|
|
|
# Remove tracking query string parameters used by analytics tools
|
|
if (req.url ~ "(\?|&)(utm_source|utm_medium|utm_campaign|utm_content|gclid|cx|ie|cof|siteurl)=") {
|
|
set req.url = regsuball(req.url, "&(utm_source|utm_medium|utm_campaign|utm_content|gclid|cx|ie|cof|siteurl)=([A-z0-9_\-\.%25]+)", "");
|
|
set req.url = regsuball(req.url, "\?(utm_source|utm_medium|utm_campaign|utm_content|gclid|cx|ie|cof|siteurl)=([A-z0-9_\-\.%25]+)", "?");
|
|
set req.url = regsub(req.url, "\?&", "?");
|
|
set req.url = regsub(req.url, "\?$", "");
|
|
}
|
|
|
|
# Only cache GET and HEAD requests
|
|
if ((req.method != "GET" && req.method != "HEAD") || req.http.Authorization) {
|
|
return(pass);
|
|
}
|
|
|
|
if (req.url ~ "^/status\.php$" ||
|
|
req.url ~ "^/update\.php$" ||
|
|
req.url ~ "^/admin$" ||
|
|
req.url ~ "^/admin/.*$" ||
|
|
req.url ~ "^/flag/.*$" ||
|
|
req.url ~ "^.*/ajax/.*$" ||
|
|
req.url ~ "^.*/ahah/.*$") {
|
|
return (pass);
|
|
}
|
|
|
|
if (req.http.Cookie) {
|
|
set req.http.Cookie = ";" + req.http.Cookie;
|
|
set req.http.Cookie = regsuball(req.http.Cookie, "; +", ";");
|
|
set req.http.Cookie = regsuball(req.http.Cookie, ";(SESS[a-z0-9]+|SSESS[a-z0-9]+|NO_CACHE)=", "; \1=");
|
|
set req.http.Cookie = regsuball(req.http.Cookie, ";[^ ][^;]*", "");
|
|
set req.http.Cookie = regsuball(req.http.Cookie, "^[; ]+|[; ]+$", "");
|
|
|
|
if (req.http.cookie ~ "^\s*$") {
|
|
unset req.http.cookie;
|
|
} else {
|
|
return(pass);
|
|
}
|
|
}
|
|
|
|
return(hash);
|
|
}
|
|
|
|
sub vcl_hit {
|
|
set req.http.x-cache = "hit";
|
|
if (obj.ttl <= 0s && obj.grace > 0s) {
|
|
set req.http.x-cache = "hit graced";
|
|
}
|
|
}
|
|
|
|
sub vcl_miss {
|
|
set req.http.x-cache = "miss";
|
|
}
|
|
|
|
sub vcl_pass {
|
|
set req.http.x-cache = "pass";
|
|
}
|
|
|
|
sub vcl_pipe {
|
|
set req.http.x-cache = "pipe uncacheable";
|
|
}
|
|
|
|
sub vcl_hash {
|
|
hash_data(req.http.X-Forwarded-Proto);
|
|
}
|
|
|
|
sub vcl_backend_response {
|
|
|
|
set beresp.http.X-Url = bereq.url;
|
|
set beresp.http.X-Host = bereq.http.host;
|
|
|
|
if (beresp.status == 404 || beresp.status == 301 || beresp.status == 500) {
|
|
set beresp.ttl = 10m;
|
|
}
|
|
|
|
/* Request retrial */
|
|
if ( beresp.status == 500 || beresp.status == 503 ) {
|
|
#TODO# consider not restarting POST requests as seenV3 on https://www.varnish-cache.org/trac/wiki/VCLExampleSaintMode
|
|
return (retry);
|
|
}
|
|
|
|
if (beresp.http.url ~ "\.(3gp|wmv|avi|asf|asx|mpg|mpeg|mp4|pls|mp3|mid|wav|swf|flv|exe|zip|tar|rar|gz|tgz|bz2|uha|7z|doc|docx|xls|xlss|pdf|iso|7Z|RAR|ZIP)$") {
|
|
set beresp.do_gzip = false;
|
|
} else {
|
|
set beresp.do_gzip = true;
|
|
#set beresp.http.X-Cache = "ZIP";
|
|
}
|
|
|
|
if (bereq.url ~ "^[^?]*\.(jpg|jpeg|png|JPG|JPEG|PNG|BMP|bmp|tiff|TIFF|jiff|SVG|svg|webp|WEBP)(\?.*)?$") {
|
|
unset beresp.http.Set-Cookie;
|
|
set beresp.grace = 1h;
|
|
}
|
|
|
|
if (bereq.url ~ "^[^?]*\.(gif|GIF|png|PNG|ico|ICO)(\?.*)?$") {
|
|
unset beresp.http.Set-Cookie;
|
|
set beresp.grace = 2h;
|
|
}
|
|
|
|
if (bereq.url ~ "^[^?]*\.(js|css|JS|CSS)(\?.*)?$") {
|
|
unset beresp.http.Set-Cookie;
|
|
set beresp.grace = 2h;
|
|
}
|
|
|
|
if (bereq.url ~ "^[^?]*\.(html|htm|txt|TXT|HTM|HTML)(\?.*)?$") {
|
|
unset beresp.http.Set-Cookie;
|
|
set beresp.grace = 30m;
|
|
}
|
|
|
|
if (bereq.url ~ "^[^?]*\.(eot|ttf|woff|woff2)(\?.*)?$") {
|
|
unset beresp.http.Set-Cookie;
|
|
set beresp.grace = 2h;
|
|
}
|
|
|
|
if (bereq.url ~ "^[^?]*\.(3gp|wmv|avi|asf|asx|mpg|mpeg|mp4|pls|mp3|mid|wav|swf|flv|exe|zip|tar|rar|gz|tgz|bz2|uha|7z|doc|docx|xls|xlss|pdf|iso|7Z|RAR|ZIP)(\?.*)?$") {
|
|
unset beresp.http.Set-Cookie;
|
|
set beresp.grace = 10m;
|
|
}
|
|
|
|
if (beresp.http.Surrogate-Control ~ "ESI/1.0") {
|
|
unset beresp.http.Surrogate-Control;
|
|
set beresp.do_esi = true;
|
|
}
|
|
|
|
set beresp.grace = 10m;
|
|
set beresp.keep = 10m;
|
|
|
|
}
|
|
|
|
|
|
sub vcl_deliver {
|
|
unset resp.http.X-Url;
|
|
unset resp.http.X-Host;
|
|
unset resp.http.Cache-Tags;
|
|
unset resp.http.X-Drupal-Cache-Contexts;
|
|
|
|
if (resp.http.Content-Type ~ "video/(mp4|webm|ogg|x-msvideo|x-matroska|mpeg|quicktime|3gpp|3gpp2|x-flv|avi|x-ms-wmv)$") {
|
|
set resp.http.Cache-Control = "public, max-age=259200"; # 3 dni
|
|
}
|
|
elseif (resp.http.Content-Type ~ "audio/(mpeg|mp3|ogg|wav|x-wav|webm|aac|flac|midi|x-midi|x-aiff|aiff|x-mpegurl|x-ms-wma)$") {
|
|
set resp.http.Cache-Control = "public, max-age=259200";
|
|
}
|
|
|
|
elseif (resp.http.Content-Type ~ "application/(zip|x-tar|rar|x-7z-compressed|gzip|x-bzip2|x-bzip|octet-stream|x-rar-compressed|x-gzip|x-xz|x-lzma|x-iso9660-image)$") {
|
|
set resp.http.Cache-Control = "public, max-age=3600";
|
|
}
|
|
|
|
elseif (resp.http.Content-Type ~ "image/(jpeg|jpg|jpe|png|gif|bmp|webp|svg\+xml|svg|tiff|tif|x-icon|vnd.microsoft.icon|heic|heif|avif|jp2|jpx|j2k|j2c|x-portable-pixmap|x-portable-bitmap|x-portable-graymap|x-portable-anymap|x-xbitmap|x-xpixmap|x-cmu-raster|x-sun-raster|x-adobe-dng|psd|x-photoshop|x-xcf|xcf|ico|cur)$") {
|
|
set resp.http.Cache-Control = "public, max-age=759200";
|
|
}
|
|
|
|
elseif (resp.http.Content-Type ~ "text/(plain|csv|css|html|xml|javascript|markdown|x-markdown|tab-separated-values|richtext|x-c|x-c++|x-java-source|x-shellscript|x-python|x-perl|x-php|x-ruby|x-yaml|x-sql|x-pascal|x-asm|x-tcl|x-sh|x-fortran|calendar|vnd.curl|vnd.wap.wml|vnd.wap.wmlscript|x-setext)$" ||
|
|
resp.http.Content-Type ~ "application/(json|xml|x-yaml|x-tar|x-latex|x-tex|x-bibtex|x-sql|x-javascript|x-lua|x-perl|x-python|x-ruby|x-csh|x-php|x-httpd-php|x-shellscript|x-javascript-config)$") {
|
|
set resp.http.Cache-Control = "public, max-age=2592000"; # 1 miesiąc (30 dni)
|
|
}
|
|
|
|
unset resp.http.Expires;
|
|
unset resp.http.Pragma;
|
|
|
|
if (obj.uncacheable) {
|
|
set req.http.x-cache = req.http.x-cache;
|
|
} else {
|
|
set req.http.x-cache = req.http.x-cache;
|
|
}
|
|
|
|
if (obj.hits > 0 ) {
|
|
set resp.http.x-cache = req.http.x-cache;
|
|
set resp.http.x-cache-hits = obj.hits;
|
|
} else {
|
|
unset resp.http.Age;
|
|
}
|
|
|
|
unset resp.http.X-Varnish;
|
|
unset resp.http.Via;
|
|
unset resp.http.Server;
|
|
if (resp.status == 403 || resp.status == 404 || resp.status == 500 || resp.status == 503) {
|
|
return (synth(800, "Maintenance page"));
|
|
}
|
|
|
|
}
|
|
|
|
sub vcl_synth {
|
|
set req.http.x-cache = "synth synth";
|
|
|
|
if ( resp.status == 503 && req.restarts < 4 ) {
|
|
return (restart);
|
|
}
|
|
|
|
if (resp.status == 800) {
|
|
set resp.http.Content-Type = "text/html; charset=utf-8";
|
|
set resp.status = 404;
|
|
set resp.http.Cache-Control = "no-store, no-cache, must-revalidate, post-check=0, pre-check=0, max-age=0";
|
|
|
|
synthetic( {"
|
|
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
|
|
<html>
|
|
<head>
|
|
<title>"} + resp.status + " " + resp.reason + {"</title>
|
|
<link href='http://fonts.googleapis.com/css?family=Oswald:400,700' rel='stylesheet' type='text/css'>
|
|
|
|
</head>
|
|
<body style="background-color:#444; font-family: 'Oswald', sans-serif;">
|
|
<h1 style="color:#DD8363;">Error "} + resp.status + " " + {"</h1>
|
|
<p style="color:#5F88C4; ">"} + resp.reason + {"</p>
|
|
<h3 style="color:white;">Server says</h3>
|
|
<p style="color:#bdb76b;">XID: "} + req.xid + {"</p>
|
|
<p style="color:#bdb76b;">Edge-Server: "} + server.hostname + {"</p>
|
|
<hr>
|
|
<p style="color:#65b042;">1.0</p>
|
|
</body>
|
|
</html>"} );
|
|
return(deliver);
|
|
}
|
|
}
|