Update deploy/varnish/default.vcl.template

deploy/varnish/default.vcl.template

@@ -75,6 +75,27 @@ sub vcl_recv {
     set req.http.X-Forwarded-Proto = "https";
   }
 
+  if (req.url == "/healthcheck" || req.http.X-Internal-Check) {
+    set req.http.X-Pass-Reason = "internal";
+    return (pass);
+  }
+
+  if (req.method != "GET" && req.method != "HEAD") {
+    set req.http.X-Pass-Reason = "method";
+    return (pass);
+  }
+
+  if (req.http.Authorization) {
+    set req.http.X-Pass-Reason = "auth";
+    return (pass);
+  }
+
+  # jeśli chcesz PASS przy cookie:
+  # if (req.http.Cookie) {
+  #   set req.http.X-Pass-Reason = "cookie";
+  #   return (pass);
+  # }
+
   return (hash);
 }
 
@@ -107,6 +128,7 @@ sub vcl_backend_response {
   if (beresp.http.Cache-Control ~ "(?i)no-store|private") {
     set beresp.uncacheable = true;
     set beresp.ttl = 0s;
+    set beresp.http.X-Pass-Reason = "no-store";
     return (deliver);
   }
 
@@ -114,6 +136,7 @@ sub vcl_backend_response {
   if (beresp.status >= 300 && beresp.status < 400) {
     set beresp.uncacheable = true;
     set beresp.ttl = 0s;
+    set beresp.http.X-Pass-Reason = "redirect";
     return (deliver);
   }
 
@@ -210,7 +233,14 @@ sub vcl_backend_error {
 # ===== DELIVER =====
 sub vcl_deliver {
   if (obj.uncacheable) {
-    set resp.http.X-Cache = "PASS";
+    if (req.http.X-Pass-Reason) {
+      set resp.http.X-Cache = "PASS:" + req.http.X-Pass-Reason;
+    } else if (resp.http.X-Pass-Reason) {    # z backendu
+      set resp.http.X-Cache = "PASS:" + resp.http.X-Pass-Reason;
+    } else {
+      set resp.http.X-Cache = "PASS";
+    }
+    unset resp.http.X-Pass-Reason;
     unset resp.http.Age;
   } else if (obj.hits > 0) {
     set resp.http.X-Cache = "HIT";