diff --git a/deploy.sh b/deploy.sh index 1180879..10faa69 100755 --- a/deploy.sh +++ b/deploy.sh @@ -48,6 +48,11 @@ git rev-parse --short HEAD > version.txt log "Docker Compose DOWN (usuwanie kontenerów i osieroconych usług)" docker compose -f "$COMPOSE_FILE" down --remove-orphans + +# --- Generowanie default.vcl z szablonu --- +log "Generowanie default.vcl z APP_PORT=$APP_PORT" +envsubst < deploy/varnish/default.vcl.template > deploy/varnish/default.vcl + # --- Budowanie i uruchamianie bez restartu zależności --- log "Docker Compose UP (build bez deps) dla: ${SERVICES[*]:-(wszystkie)}" if [[ ${#SERVICES[@]} -gt 0 ]]; then diff --git a/deploy/varnish/default.vcl.template b/deploy/varnish/default.vcl.template new file mode 100644 index 0000000..8fe201d --- /dev/null +++ b/deploy/varnish/default.vcl.template @@ -0,0 +1,56 @@ +vcl 4.1; + +backend app { + .host = "app"; + .port = "${APP_PORT}"; +} + +acl purge { "127.0.0.1"; } + +sub vcl_recv { + # PURGE tylko lokalnie + if (req.method == "PURGE") { + if (!client.ip ~ purge) { + return (synth(405, "Not allowed")); + } + return (purge); + } + + # omijamy cache dla healthchecków / wewn. nagłówka + if (req.url == "/healthcheck" || req.http.X-Internal-Check) { + return (pass); + } + + # metody inne niż GET/HEAD bez cache + if (req.method != "GET" && req.method != "HEAD") { + return (pass); + } + + # static – agresywnie cache’ujemy + if (req.url ~ "^/static/" || req.url ~ "\.(css|js|png|jpg|svg|ico|woff2?)$") { + return (hash); + } + + return (hash); +} + +sub vcl_backend_response { + if (bereq.url ~ "^/static/" || bereq.url ~ "\.(css|js|png|jpg|svg|ico|woff2?)$") { + set beresp.ttl = 24h; + } else { + if (beresp.http.Cache-Control ~ "no-cache|no-store|private") { + set beresp.uncacheable = true; + set beresp.ttl = 0s; + } else { + set beresp.ttl = 60s; # domyślny TTL dla HTML/API + } + } +} + +sub vcl_deliver { + if (obj.hits > 0) { + set resp.http.X-Cache = "HIT"; + } else { + set resp.http.X-Cache = "MISS"; + } +}