# # This is an example VCL file for Varnish. # # It does not do anything by default, delegating control to the # builtin VCL. The builtin VCL is called when there is no explicit # return statement. # # See the VCL chapters in the Users Guide at https://www.varnish-cache.org/docs/ # and https://www.varnish-cache.org/trac/wiki/VCLExamples for more examples. # # validate config with: # varnishd -C -f /etc/varnish/default.vcl # https://varnish-cache.org/docs/6.2/ # # Marker to tell the VCL compiler that this VCL has been adapted to the # new 4.0 format. vcl 4.0; import std; # Default backend definition. Set this to point to your content server. backend default { .host = "127.0.0.1"; .port = "80"; } sub vcl_recv { # Happens before we check if we have this in cache already. # # Typically you clean up the request here, removing cookies you don't need, # rewriting the request, etc. # Normalize the header - lowercase & remove the port set req.http.host = std.tolower(req.http.host); set req.http.host = regsub(req.http.host, ":[0-9]+", ""); # Do not remove www as depending on WP url setting this can cause a 301 redirect loop. #set req.http.host = regsub(req.http.host, "^www\.", ""); if (req.method == "PRI") { /* This will never happen in properly formed traffic (see: RFC7540) */ return (synth(405)); } if (!req.http.host && req.esi_level == 0 && req.proto ~ "^(?i)HTTP/1.1") { /* In HTTP/1.1, Host is required. */ return (synth(400)); } if (req.method != "GET" && req.method != "HEAD" && req.method != "PUT" && req.method != "POST" && req.method != "TRACE" && req.method != "OPTIONS" && req.method != "DELETE" && req.method != "PATCH") { /* Non-RFC2616 or CONNECT which is weird. */ return (pipe); } if (req.method != "GET" && req.method != "HEAD") { /* We only deal with GET and HEAD by default */ return (pass); } if (req.http.Authorization) { /* Not cacheable by default */ return (pass); } # HTTP verification passthrough (Let'sEncrypt/Certbot /acme-challenge/ URL already handled by HAProxy) if (req.url ~ "^/\.well-known/") { return (pass); } # # Don't cache status checks. # if (req.url ~ "^/status\.php") { # return(pass); # } # # "fix" X-Forwarded-For. Not needed # if (req.http.x-client-ip) { # set req.http.X-Forwarded-For = req.http.X-Client-IP; # } else { # set req.http.X-Forwarded-For = client.ip; # } } sub vcl_backend_response { # Happens after we have read the response headers from the backend. # # Here you clean the response headers, removing silly Set-Cookie headers # and other mistakes your backend does. } sub vcl_deliver { # Happens when we have all the pieces we need, and are about to send the # response to the client. # # You can do accounting or modifying the final object here. if (obj.hits > 0) { set resp.http.X-Cache = "HIT"; set resp.http.X-Cache-Hits = obj.hits; } else { set resp.http.X-Cache = "MISS"; } } sub vcl_hash { if (req.http.X-Forwarded-Proto) { hash_data(req.http.X-Forwarded-Proto); } elseif (req.http.X-Forwarded-Port) { hash_data(req.http.X-Forwarded-Port); } else { hash_data(std.port(server.ip)); } } # include configs & vhosts include "wordpress-sub.vcl"; include "sites.vcl"; include "catch-all.vcl";