0)
yum -y install varnish && systemctl enable varnish && systemctl start varnish sed -ie 's/VARNISH_LISTEN_PORT=6081/VARNISH_LISTEN_PORT=8888/' /etc/varnish/varnish.params echo 'DAEMON_OPTS="-p default_ttl=2419200"' >> /etc/varnish/varnish.params # Configure Apache for Varnish sed -ie 's/Listen 80/Listen 8080/' /etc/httpd/conf/httpd.conf echo 'RemoteIPHeader X-Forwarded-For' >> /etc/httpd/conf/httpd.conf echo "RemoteIPInternalProxy $IP" >> /etc/httpd/conf/httpd.conf sed -ie 's/%h/%a/' /etc/httpd/conf/httpd.conf
1) file=/etc/varnish/default.vcl
cat > /etc/varnish/default.vcl << 'EOT' vcl 4.0; backend default { .host = "65.49.80.99"; .port = "8080"; } acl purge { "localhost"; "127.0.0.1"; } sub vcl_deliver { # If proxying via cloudflare, then send 520 responses in place of 500/503 if ((resp.status == 500 || resp.status == 503) && req.http.cf-connecting-ip) { set resp.status = 520; } } sub vcl_recv { # if (req.http.host == "demo.altagrade.com") { # if (req.url !~ "^/user") { # unset req.http.cookie; # } # } # if (req.http.Host == "sub.domain.com" || req.http.Host == "db.domain.net" ) { # return (pass); # } if (req.url == "/check-altagrade-varnish") { return(synth(200, "Varnish up")); } # Check the incoming request type is "PURGE", not "GET" or "POST". if (req.method == "PURGE") { # Check if the IP is allowed. if (!client.ip ~ purge) { # Return error code 405 (Forbidden) when not. return (synth(405, "Not allowed.")); } return (purge); } # Do not cache these paths. if (req.url ~ "^/status\.php$" || req.url ~ "^/update\.php" || req.url ~ "^/install\.php" || req.url ~ "^/apc\.php$" || req.url ~ "^/admin" || req.url ~ "^/admin/.*$" || req.url ~ "^/user" || req.url ~ "^/user/.*$" || req.url ~ "^/users/.*$" || req.url ~ "^/info/.*$" || req.url ~ "^/flag/.*$" || req.url ~ "^.*/ajax/.*$" || req.url ~ "^.*/ahah/.*$" || req.url ~ "^/system/files/.*$") { return (pass); } # Always cache the following file types for all users. This list of extensions # appears twice, once here and again in vcl_backend_response so make sure you edit both # and keep them equal. if (req.url ~ "(?i)\.(pdf|asc|dat|txt|doc|xls|ppt|tgz|csv|png|gif|jpeg|jpg|ico|swf|css|js)(\?.*)?$") { unset req.http.Cookie; } # Remove all cookies that Drupal doesn't need to know about. We explicitly # list the ones that Drupal does need, the SESS and NO_CACHE. If, after # running this code we find that either of these two cookies remains, we # will pass as the page cannot be cached. if (req.http.Cookie) { # 1. Append a semi-colon to the front of the cookie string. # 2. Remove all spaces that appear after semi-colons. # 3. Match the cookies we want to keep, adding the space we removed # previously back. (\1) is first matching group in the regsuball. # 4. Remove all other cookies, identifying them by the fact that they have # no space after the preceding semi-colon. # 5. Remove all spaces and semi-colons from the beginning and end of the # cookie string. set req.http.Cookie = ";" + req.http.Cookie; set req.http.Cookie = regsuball(req.http.Cookie, "; +", ";"); set req.http.Cookie = regsuball(req.http.Cookie, ";(SESS[a-z0-9]+|SSESS[a-z0-9]+|NO_CACHE)=", "; \1="); set req.http.Cookie = regsuball(req.http.Cookie, ";[^ ][^;]*", ""); set req.http.Cookie = regsuball(req.http.Cookie, "^[; ]+|[; ]+$", ""); if (req.http.Cookie == "") { # If there are no remaining cookies, remove the cookie header. If there # aren't any cookie headers, Varnish's default behavior will be to cache # the page. unset req.http.Cookie; } else { # If there is any cookies left (a session or NO_CACHE cookie), do not # cache the page. Pass it on to Apache directly. return (pass); } } } EOT
2)
systemctl restart httpd && systemctl restart varnish && systemctl restart pound
- Log in to post comments
- Copy all the steps