From 16beaac932612f20ba1f3ad26fe635fc4c771db3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mateusz=20Gruszczy=C5=84ski?= Date: Wed, 24 Sep 2025 12:54:01 +0200 Subject: [PATCH] varnish add --- Dockerfile => deploy/app/Dockerfile | 0 deploy/varnish/default.vcl | 30 +++++++-------- deploy/varnish/default_throttle.vcl | 58 +++++++++++++++++++++++++++++ docker-compose.yml | 5 ++- 4 files changed, 75 insertions(+), 18 deletions(-) rename Dockerfile => deploy/app/Dockerfile (100%) create mode 100644 deploy/varnish/default_throttle.vcl diff --git a/Dockerfile b/deploy/app/Dockerfile similarity index 100% rename from Dockerfile rename to deploy/app/Dockerfile diff --git a/deploy/varnish/default.vcl b/deploy/varnish/default.vcl index 9e5dbcc..d7448a0 100644 --- a/deploy/varnish/default.vcl +++ b/deploy/varnish/default.vcl @@ -1,34 +1,35 @@ vcl 4.1; -import vsthrottle; - backend app { .host = "app"; .port = "8080"; } -acl purge { "localhost"; "127.0.0.1"; } +acl purge { "127.0.0.1"; } sub vcl_recv { - # RATE LIMIT - if (!vsthrottle.is_allowed(client.ip, 10, 10s)) { - return (synth(429, "Too Many Requests")); - } - # PURGE tylko lokalnie if (req.method == "PURGE") { - if (!client.ip ~ purge) { return (synth(405, "Not allowed")); } + if (!client.ip ~ purge) { + return (synth(405, "Not allowed")); + } return (purge); } # omijamy cache dla healthchecków / wewn. nagłówka - if (req.url == "/healthcheck" || req.http.X-Internal-Check) { return (pass); } + if (req.url == "/healthcheck" || req.http.X-Internal-Check) { + return (pass); + } # metody inne niż GET/HEAD bez cache - if (req.method != "GET" && req.method != "HEAD") { return (pass); } + if (req.method != "GET" && req.method != "HEAD") { + return (pass); + } # static – agresywnie cache’ujemy - if (req.url ~ "^/static/" || req.url ~ "\.(css|js|png|jpg|svg|ico|woff2?)$") { return (hash); } + if (req.url ~ "^/static/" || req.url ~ "\.(css|js|png|jpg|svg|ico|woff2?)$") { + return (hash); + } return (hash); } @@ -52,7 +53,4 @@ sub vcl_deliver { } else { set resp.http.X-Cache = "MISS"; } - - set resp.http.X-RateLimit-Limit = "10"; - set resp.http.X-RateLimit-Window = "10s"; -} \ No newline at end of file +} diff --git a/deploy/varnish/default_throttle.vcl b/deploy/varnish/default_throttle.vcl new file mode 100644 index 0000000..9e5dbcc --- /dev/null +++ b/deploy/varnish/default_throttle.vcl @@ -0,0 +1,58 @@ +vcl 4.1; + +import vsthrottle; + +backend app { + .host = "app"; + .port = "8080"; +} + +acl purge { "localhost"; "127.0.0.1"; } + +sub vcl_recv { + # RATE LIMIT + if (!vsthrottle.is_allowed(client.ip, 10, 10s)) { + return (synth(429, "Too Many Requests")); + } + + # PURGE tylko lokalnie + if (req.method == "PURGE") { + if (!client.ip ~ purge) { return (synth(405, "Not allowed")); } + return (purge); + } + + # omijamy cache dla healthchecków / wewn. nagłówka + if (req.url == "/healthcheck" || req.http.X-Internal-Check) { return (pass); } + + # metody inne niż GET/HEAD bez cache + if (req.method != "GET" && req.method != "HEAD") { return (pass); } + + # static – agresywnie cache’ujemy + if (req.url ~ "^/static/" || req.url ~ "\.(css|js|png|jpg|svg|ico|woff2?)$") { return (hash); } + + return (hash); +} + +sub vcl_backend_response { + if (bereq.url ~ "^/static/" || bereq.url ~ "\.(css|js|png|jpg|svg|ico|woff2?)$") { + set beresp.ttl = 24h; + } else { + if (beresp.http.Cache-Control ~ "no-cache|no-store|private") { + set beresp.uncacheable = true; + set beresp.ttl = 0s; + } else { + set beresp.ttl = 60s; # domyślny TTL dla HTML/API + } + } +} + +sub vcl_deliver { + if (obj.hits > 0) { + set resp.http.X-Cache = "HIT"; + } else { + set resp.http.X-Cache = "MISS"; + } + + set resp.http.X-RateLimit-Limit = "10"; + set resp.http.X-RateLimit-Window = "10s"; +} \ No newline at end of file diff --git a/docker-compose.yml b/docker-compose.yml index 29a5926..0d02a45 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -1,6 +1,6 @@ services: app: - build: . + build: ./deploy/app container_name: zbiorka-app #ports: # - "${APP_PORT:-8080}:${APP_PORT}" @@ -19,7 +19,8 @@ services: restart: unless-stopped varnish: - build: ./deploy/varnish + #build: ./deploy/varnish + image: varnish:latest container_name: zbiorka-varnish depends_on: app: