gru/zbiorki_app
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

varnish add

Browse Source
This commit is contained in:
Mateusz Gruszczyński
2025-09-24 12:32:48 +02:00
parent f4ebcdb5b1
commit 7495a6baca
2 changed files with 80 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

53
deploy/varnish/default.vcl Normal file
View File

@@ -0,0 +1,53 @@
vcl 4.1;
import vsthrottle;
backend app {
.host = "app";
.port = "8080";
}
acl purge { "localhost"; "127.0.0.1"; }
sub vcl_recv {
# RATE LIMIT
if (!vsthrottle.is_allowed(client.ip, 10, 10s)) {
return (synth(429, "Too Many Requests"));
}
# PURGE tylko lokalnie
if (req.method == "PURGE") {
if (!client.ip ~ purge) { return (synth(405, "Not allowed")); }
return (purge);
}
# omijamy cache dla healthchecków / wewn. nagłówka
if (req.url == "/healthcheck" || req.http.X-Internal-Check) { return (pass); }
# metody inne niż GET/HEAD bez cache
if (req.method != "GET" && req.method != "HEAD") { return (pass); }
# static agresywnie cacheujemy
if (req.url ~ "^/static/" || req.url ~ "\.(css|js|png|jpg|svg|ico|woff2?)$") { return (hash); }
return (hash);
}
sub vcl_backend_response {
if (bereq.url ~ "^/static/" || bereq.url ~ "\.(css|js|png|jpg|svg|ico|woff2?)$") {
set beresp.ttl = 24h;
} else {
if (beresp.http.Cache-Control ~ "no-cache|no-store|private") {
set beresp.uncacheable = true;
set beresp.ttl = 0s;
} else {
set beresp.ttl = 60s; # domyślny TTL dla HTML/API
}
}
}
sub vcl_deliver {
set resp.http.X-Cache = obj.hits > 0 ? "HIT" : "MISS";
set resp.http.X-RateLimit-Limit = "10";
set resp.http.X-RateLimit-Window = "10s";
}

27
docker-compose.yml
View File

@@ -2,8 +2,10 @@ services:
app: app:
build: . build: .
container_name: zbiorka-app container_name: zbiorka-app
ports: #ports:
- "${APP_PORT:-8080}:${APP_PORT}" # - "${APP_PORT:-8080}:${APP_PORT}"
expose:
- "${APP_PORT}"
healthcheck: healthcheck:
test: [ "CMD", "python", "-c", "import urllib.request; import sys; req = urllib.request.Request('http://localhost:${APP_PORT}/healthcheck', headers={'X-Internal-Check': '${HEALTHCHECK_TOKEN}'}); sys.exit(0) if urllib.request.urlopen(req).read() == b'OK' else sys.exit(1)" ] test: [ "CMD", "python", "-c", "import urllib.request; import sys; req = urllib.request.Request('http://localhost:${APP_PORT}/healthcheck', headers={'X-Internal-Check': '${HEALTHCHECK_TOKEN}'}); sys.exit(0) if urllib.request.urlopen(req).read() == b'OK' else sys.exit(1)" ]
interval: 30s interval: 30s
@@ -15,3 +17,24 @@ services:
volumes: volumes:
- ./instance:/app/instance - ./instance:/app/instance
restart: unless-stopped restart: unless-stopped
varnish:
image: varnish:fresh
container_name: zbiorka-varnish
depends_on:
app:
condition: service_healthy
ports:
- "${APP_PORT:-8080}:80"
volumes:
- ./deploy/varnish/default.vcl:/etc/varnish/default.vcl:ro
environment:
- VARNISH_SIZE=256m
healthcheck:
test: [ "CMD-SHELL", "curl -fsS -H 'X-Internal-Check=${HEALTHCHECK_TOKEN}' http://localhost/healthcheck | grep -q OK" ]
interval: 30s
timeout: 5s
retries: 3
env_file:
- .env
restart: unless-stopped