gru/zbiorki_app
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

varnish add

Browse Source
This commit is contained in:
Mateusz Gruszczyński
2025-09-24 12:54:01 +02:00
parent eec3985c5a
commit 16beaac932
4 changed files with 75 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

0
Dockerfile → deploy/app/Dockerfile
View File

30
deploy/varnish/default.vcl
View File

@@ -1,34 +1,35 @@
vcl 4.1; vcl 4.1;
import vsthrottle;
backend app { backend app {
.host = "app"; .host = "app";
.port = "8080"; .port = "8080";
} }
acl purge { "localhost"; "127.0.0.1"; } acl purge { "127.0.0.1"; }
sub vcl_recv { sub vcl_recv {
# RATE LIMIT
if (!vsthrottle.is_allowed(client.ip, 10, 10s)) {
return (synth(429, "Too Many Requests"));
}
# PURGE tylko lokalnie # PURGE tylko lokalnie
if (req.method == "PURGE") { if (req.method == "PURGE") {
if (!client.ip ~ purge) { return (synth(405, "Not allowed")); } if (!client.ip ~ purge) {
return (synth(405, "Not allowed"));
}
return (purge); return (purge);
} }
# omijamy cache dla healthchecków / wewn. nagłówka # omijamy cache dla healthchecków / wewn. nagłówka
if (req.url == "/healthcheck" || req.http.X-Internal-Check) { return (pass); } if (req.url == "/healthcheck" || req.http.X-Internal-Check) {
return (pass);
}
# metody inne niż GET/HEAD bez cache # metody inne niż GET/HEAD bez cache
if (req.method != "GET" && req.method != "HEAD") { return (pass); } if (req.method != "GET" && req.method != "HEAD") {
return (pass);
}
# static agresywnie cacheujemy # static agresywnie cacheujemy
if (req.url ~ "^/static/" || req.url ~ "\.(css|js|png|jpg|svg|ico|woff2?)$") { return (hash); } if (req.url ~ "^/static/" || req.url ~ "\.(css|js|png|jpg|svg|ico|woff2?)$") {
return (hash);
}
return (hash); return (hash);
} }
@@ -52,7 +53,4 @@ sub vcl_deliver {
} else { } else {
set resp.http.X-Cache = "MISS"; set resp.http.X-Cache = "MISS";
} }
}
set resp.http.X-RateLimit-Limit = "10";
set resp.http.X-RateLimit-Window = "10s";
}

58
deploy/varnish/default_throttle.vcl Normal file
View File

@@ -0,0 +1,58 @@
vcl 4.1;
import vsthrottle;
backend app {
.host = "app";
.port = "8080";
}
acl purge { "localhost"; "127.0.0.1"; }
sub vcl_recv {
# RATE LIMIT
if (!vsthrottle.is_allowed(client.ip, 10, 10s)) {
return (synth(429, "Too Many Requests"));
}
# PURGE tylko lokalnie
if (req.method == "PURGE") {
if (!client.ip ~ purge) { return (synth(405, "Not allowed")); }
return (purge);
}
# omijamy cache dla healthchecków / wewn. nagłówka
if (req.url == "/healthcheck" || req.http.X-Internal-Check) { return (pass); }
# metody inne niż GET/HEAD bez cache
if (req.method != "GET" && req.method != "HEAD") { return (pass); }
# static agresywnie cacheujemy
if (req.url ~ "^/static/" || req.url ~ "\.(css|js|png|jpg|svg|ico|woff2?)$") { return (hash); }
return (hash);
}
sub vcl_backend_response {
if (bereq.url ~ "^/static/" || bereq.url ~ "\.(css|js|png|jpg|svg|ico|woff2?)$") {
set beresp.ttl = 24h;
} else {
if (beresp.http.Cache-Control ~ "no-cache|no-store|private") {
set beresp.uncacheable = true;
set beresp.ttl = 0s;
} else {
set beresp.ttl = 60s; # domyślny TTL dla HTML/API
}
}
}
sub vcl_deliver {
if (obj.hits > 0) {
set resp.http.X-Cache = "HIT";
} else {
set resp.http.X-Cache = "MISS";
}
set resp.http.X-RateLimit-Limit = "10";
set resp.http.X-RateLimit-Window = "10s";
}

5
docker-compose.yml
View File

@@ -1,6 +1,6 @@
services: services:
app: app:
build: . build: ./deploy/app
container_name: zbiorka-app container_name: zbiorka-app
#ports: #ports:
# - "${APP_PORT:-8080}:${APP_PORT}" # - "${APP_PORT:-8080}:${APP_PORT}"
@@ -19,7 +19,8 @@ services:
restart: unless-stopped restart: unless-stopped
varnish: varnish:
build: ./deploy/varnish #build: ./deploy/varnish
image: varnish:latest
container_name: zbiorka-varnish container_name: zbiorka-varnish
depends_on: depends_on:
app: app: