vhost-stack/etc/varnish/default.vcl

126 lines
3.4 KiB
Plaintext
Raw Normal View History

2021-04-04 13:28:22 -07:00
#
# This is an example VCL file for Varnish.
#
# It does not do anything by default, delegating control to the
# builtin VCL. The builtin VCL is called when there is no explicit
# return statement.
#
2022-08-29 15:32:56 -07:00
# See the VCL chapters in the Users Guide for a comprehensive documentation
# at https://www.varnish-cache.org/docs/.
2021-04-04 13:28:22 -07:00
#
# validate config with:
# varnishd -C -f /etc/varnish/default.vcl
#
2022-08-29 15:32:56 -07:00
# Marker to tell the VCL compiler that this VCL has been written with the
# 4.0 or 4.1 syntax.
2021-04-04 13:28:22 -07:00
vcl 4.0;
import std;
# Default backend definition. Set this to point to your content server.
backend default {
.host = "127.0.0.1";
.port = "80";
}
sub vcl_recv {
# Happens before we check if we have this in cache already.
#
# Typically you clean up the request here, removing cookies you don't need,
# rewriting the request, etc.
# Normalize the header - lowercase & remove the port
set req.http.host = std.tolower(req.http.host);
set req.http.host = regsub(req.http.host, ":[0-9]+", "");
# Do not remove www as depending on WP url setting this can cause a 301 redirect loop.
#set req.http.host = regsub(req.http.host, "^www\.", "");
if (req.method == "PRI") {
/* This will never happen in properly formed traffic (see: RFC7540) */
return (synth(405));
}
if (!req.http.host && req.esi_level == 0 && req.proto ~ "^(?i)HTTP/1.1") {
/* In HTTP/1.1, Host is required. */
return (synth(400));
}
if (req.method != "GET" &&
req.method != "HEAD" &&
req.method != "PUT" &&
req.method != "POST" &&
req.method != "TRACE" &&
req.method != "OPTIONS" &&
req.method != "DELETE" &&
req.method != "PATCH") {
/* Non-RFC2616 or CONNECT which is weird. */
return (pipe);
}
if (req.method != "GET" && req.method != "HEAD") {
/* We only deal with GET and HEAD by default */
return (pass);
}
if (req.http.Authorization) {
/* Not cacheable by default */
return (pass);
}
# HTTP verification passthrough (Let'sEncrypt/Certbot /acme-challenge/ URL already handled by HAProxy)
if (req.url ~ "^/\.well-known/") {
return (pass);
}
# # Don't cache status checks.
# if (req.url ~ "^/status\.php") {
# return(pass);
# }
# # "fix" X-Forwarded-For. Not needed
# if (req.http.x-client-ip) {
# set req.http.X-Forwarded-For = req.http.X-Client-IP;
# } else {
# set req.http.X-Forwarded-For = client.ip;
# }
}
sub vcl_backend_response {
# Happens after we have read the response headers from the backend.
#
# Here you clean the response headers, removing silly Set-Cookie headers
# and other mistakes your backend does.
}
sub vcl_deliver {
# Happens when we have all the pieces we need, and are about to send the
# response to the client.
#
# You can do accounting or modifying the final object here.
if (obj.hits > 0) {
set resp.http.X-Cache = "HIT";
set resp.http.X-Cache-Hits = obj.hits;
} else {
set resp.http.X-Cache = "MISS";
}
}
sub vcl_hash {
if (req.http.X-Forwarded-Proto) {
hash_data(req.http.X-Forwarded-Proto);
} elseif (req.http.X-Forwarded-Port) {
hash_data(req.http.X-Forwarded-Port);
} else {
hash_data(std.port(server.ip));
}
}
# include configs & vhosts
include "wordpress-sub.vcl";
include "sites.vcl";
include "catch-all.vcl";