#
# This is an example VCL file for Varnish.
#
# It does not do anything by default, delegating control to the
# builtin VCL. The builtin VCL is called when there is no explicit
# return statement.
#
# See the VCL chapters in the Users Guide for a comprehensive documentation
# at https://www.varnish-cache.org/docs/.
#
# validate config with:
# varnishd -C -f /etc/varnish/default.vcl
#
# Marker to tell the VCL compiler that this VCL has been written with the
# 4.0 or 4.1 syntax.
vcl 4.0;

import std;

# Default backend definition. Set this to point to your content server.
backend default {
    .host = "127.0.0.1";
    .port = "80";
}

sub vcl_recv {
    # Happens before we check if we have this in cache already.
    #
    # Typically you clean up the request here, removing cookies you don't need,
    # rewriting the request, etc.

    # Normalize the header - lowercase & remove the port
    set req.http.host = std.tolower(req.http.host);
    set req.http.host = regsub(req.http.host, ":[0-9]+", "");
    # Do not remove www as depending on WP url setting this can cause a 301 redirect loop.
    #set req.http.host = regsub(req.http.host, "^www\.", "");

    if (req.method == "PRI") {
        /* This will never happen in properly formed traffic (see: RFC7540) */
        return (synth(405));
    }

    if (!req.http.host && req.esi_level == 0 && req.proto ~ "^(?i)HTTP/1.1") {
        /* In HTTP/1.1, Host is required. */
        return (synth(400));
    }

    if (req.method != "GET" &&
        req.method != "HEAD" &&
        req.method != "PUT" &&
        req.method != "POST" &&
        req.method != "TRACE" &&
        req.method != "OPTIONS" &&
        req.method != "DELETE" &&
        req.method != "PATCH") {
        /* Non-RFC2616 or CONNECT which is weird. */
        return (pipe);
    }

    if (req.method != "GET" && req.method != "HEAD") {
        /* We only deal with GET and HEAD by default */
        return (pass);
    }

    if (req.http.Authorization) {
        /* Not cacheable by default */
        return (pass);
    }

    # HTTP verification passthrough (Let'sEncrypt/Certbot /acme-challenge/ URL already handled by HAProxy)
    if (req.url ~ "^/\.well-known/") {
        return (pass);
    }


#     # Don't cache status checks.
#     if (req.url ~ "^/status\.php") {
#         return(pass);
#     }

#     # "fix" X-Forwarded-For. Not needed
#     if (req.http.x-client-ip) {
#         set req.http.X-Forwarded-For = req.http.X-Client-IP;
#     } else {
#         set req.http.X-Forwarded-For = client.ip;
#     }

}

sub vcl_backend_response {
    # Happens after we have read the response headers from the backend.
    #
    # Here you clean the response headers, removing silly Set-Cookie headers
    # and other mistakes your backend does.
}

sub vcl_deliver {
    # Happens when we have all the pieces we need, and are about to send the
    # response to the client.
    #
    # You can do accounting or modifying the final object here.
    if (obj.hits > 0) {
        set resp.http.X-Cache = "HIT";
        set resp.http.X-Cache-Hits = obj.hits;
    } else {
        set resp.http.X-Cache = "MISS";
    }
}

sub vcl_hash {

    if (req.http.X-Forwarded-Proto) {
        hash_data(req.http.X-Forwarded-Proto);
    } elseif (req.http.X-Forwarded-Port) {
        hash_data(req.http.X-Forwarded-Port);
    } else {
        hash_data(std.port(server.ip));
    }

}

# include configs & vhosts
include "wordpress-sub.vcl";
include "sites.vcl";
include "catch-all.vcl";