You are here

/etc/varnish/default.vcl

Submitted by Alan Mels on Sat, 08/04/2018 - 21:53
0)
yum -y install varnish && systemctl enable varnish && systemctl start varnish
sed -ie 's/VARNISH_LISTEN_PORT=6081/VARNISH_LISTEN_PORT=8888/' /etc/varnish/varnish.params
echo 'DAEMON_OPTS="-p default_ttl=2419200"' >> /etc/varnish/varnish.params
# Configure Apache for Varnish
sed -ie 's/Listen 80/Listen 8080/' /etc/httpd/conf/httpd.conf
echo 'RemoteIPHeader X-Forwarded-For' >> /etc/httpd/conf/httpd.conf
echo "RemoteIPInternalProxy $IP" >> /etc/httpd/conf/httpd.conf
sed -ie 's/%h/%a/' /etc/httpd/conf/httpd.conf

1) file=/etc/varnish/default.vcl

cat > /etc/varnish/default.vcl << 'EOT'
vcl 4.0;
 
backend default {
    .host = "65.49.80.99";
    .port = "8080";
}
 
acl purge {
  "localhost";
  "127.0.0.1";
}
 
sub vcl_deliver {
  # If proxying via cloudflare, then send 520 responses in place of 500/503
  if ((resp.status == 500 || resp.status == 503) && req.http.cf-connecting-ip) {
    set resp.status = 520;
  }
}
 
sub vcl_recv {
 
#  if (req.http.host == "demo.altagrade.com") {
#     if (req.url !~ "^/user") {
#         unset req.http.cookie;
#     }
#  }

#  if (req.http.Host == "sub.domain.com" || req.http.Host == "db.domain.net" ) {
#    return (pass);
#  }

  if (req.url == "/check-altagrade-varnish") {
    return(synth(200, "Varnish up"));
  }
 
 # Check the incoming request type is "PURGE", not "GET" or "POST".
  if (req.method == "PURGE") {
    # Check if the IP is allowed.
    if (!client.ip ~ purge) {
      # Return error code 405 (Forbidden) when not.
      return (synth(405, "Not allowed."));
    }
    return (purge);
  }
 
# Do not cache these paths.
  if (req.url ~ "^/status\.php$" ||
      req.url ~ "^/update\.php" ||
      req.url ~ "^/install\.php" ||
      req.url ~ "^/apc\.php$" ||
      req.url ~ "^/admin" ||
      req.url ~ "^/admin/.*$" ||
      req.url ~ "^/user" ||
      req.url ~ "^/user/.*$" ||
      req.url ~ "^/users/.*$" ||
      req.url ~ "^/info/.*$" ||
      req.url ~ "^/flag/.*$" ||
      req.url ~ "^.*/ajax/.*$" ||
      req.url ~ "^.*/ahah/.*$" ||
      req.url ~ "^/system/files/.*$") {
 
    return (pass);
  }
 
 # Always cache the following file types for all users. This list of extensions
  # appears twice, once here and again in vcl_backend_response so make sure you edit both
  # and keep them equal.
  if (req.url ~ "(?i)\.(pdf|asc|dat|txt|doc|xls|ppt|tgz|csv|png|gif|jpeg|jpg|ico|swf|css|js)(\?.*)?$") {
    unset req.http.Cookie;
  }
 
  # Remove all cookies that Drupal doesn't need to know about. We explicitly
  # list the ones that Drupal does need, the SESS and NO_CACHE. If, after
  # running this code we find that either of these two cookies remains, we
  # will pass as the page cannot be cached.
  if (req.http.Cookie) {
    # 1. Append a semi-colon to the front of the cookie string.
    # 2. Remove all spaces that appear after semi-colons.
    # 3. Match the cookies we want to keep, adding the space we removed
    #    previously back. (\1) is first matching group in the regsuball.
    # 4. Remove all other cookies, identifying them by the fact that they have
    #    no space after the preceding semi-colon.
    # 5. Remove all spaces and semi-colons from the beginning and end of the
    #    cookie string.
    set req.http.Cookie = ";" + req.http.Cookie;
    set req.http.Cookie = regsuball(req.http.Cookie, "; +", ";");
    set req.http.Cookie = regsuball(req.http.Cookie, ";(SESS[a-z0-9]+|SSESS[a-z0-9]+|NO_CACHE)=", "; \1=");
    set req.http.Cookie = regsuball(req.http.Cookie, ";[^ ][^;]*", "");
    set req.http.Cookie = regsuball(req.http.Cookie, "^[; ]+|[; ]+$", "");
 
    if (req.http.Cookie == "") {
      # If there are no remaining cookies, remove the cookie header. If there
      # aren't any cookie headers, Varnish's default behavior will be to cache
      # the page.
      unset req.http.Cookie;
    }
    else {
      # If there is any cookies left (a session or NO_CACHE cookie), do not
      # cache the page. Pass it on to Apache directly.
      return (pass);
    }
  }
 
 
}
EOT
2)
systemctl restart httpd && systemctl restart varnish && systemctl restart pound