# This is a basic VCL configuration file for varnish. See the vcl(7) # man page for details on VCL syntax and semantics. # # Default backend definition. Set this to point to your content # server. # # backend default { # .host = "127.0.0.1"; # .port = "8080"; # } # # Below is a commented-out copy of the default VCL logic. If you # redefine any of these subroutines, the built-in logic will be # appended to your code. # sub vcl_recv { # if (req.restarts == 0) { # if (req.http.x-forwarded-for) { # set req.http.X-Forwarded-For = # req.http.X-Forwarded-For + ", " + client.ip; # } else { # set req.http.X-Forwarded-For = client.ip; # } # } # if (req.request != "GET" && # req.request != "HEAD" && # req.request != "PUT" && # req.request != "POST" && # req.request != "TRACE" && # req.request != "OPTIONS" && # req.request != "DELETE") { # /* Non-RFC2616 or CONNECT which is weird. */ # return (pipe); # } # if (req.request != "GET" && req.request != "HEAD") { # /* We only deal with GET and HEAD by default */ # return (pass); # } # if (req.http.Authorization || req.http.Cookie) { # /* Not cacheable by default */ # return (pass); # } # return (lookup); # } # # sub vcl_pipe { # # Note that only the first request to the backend will have # # X-Forwarded-For set. If you use X-Forwarded-For and want to # # have it set for all requests, make sure to have: # # set bereq.http.connection = "close"; # # here. It is not set by default as it might break some broken web # # applications, like IIS with NTLM authentication. # return (pipe); # } # # sub vcl_pass { # return (pass); # } # # sub vcl_hash { # hash_data(req.url); # if (req.http.host) { # hash_data(req.http.host); # } else { # hash_data(server.ip); # } # return (hash); # } # # sub vcl_hit { # return (deliver); # } # # sub vcl_miss { # return (fetch); # } # # sub vcl_fetch { # if (beresp.ttl <= 0s || # beresp.http.Set-Cookie || # beresp.http.Vary == "*") { # /* # * Mark as "Hit-For-Pass" for the next 2 minutes # */ # set beresp.ttl = 120 s; # return (hit_for_pass); # } # return (deliver); # } # # sub vcl_deliver { # return (deliver); # } # # sub vcl_error { # set obj.http.Content-Type = "text/html; charset=utf-8"; # set obj.http.Retry-After = "5"; # synthetic {" # # # # # "} + obj.status + " " + obj.response + {" # # #

Error "} + obj.status + " " + obj.response + {"

#

"} + obj.response + {"

#

Guru Meditation:

#

XID: "} + req.xid + {"

#
#

Varnish cache server

# # # "}; # return (deliver); # } # # sub vcl_init { # return (ok); # } # # sub vcl_fini { # return (ok); # } backend default { .host = "127.0.0.1"; .port = "80"; } sub vcl_recv { if (req.url ~ "^/phpmyadmin/.*$" || req.url ~ "^/phppgadmin/.*$" || req.url ~ "^/server-status.*$") { error 403 "For security reasons, this URL is only accesible using localhost (127.0.0.1) as the hostname"; } } sub vcl_recv { if (req.http.Host ~ "^wordpress.example.com:[0-9]+") { # Contents of the section vcl_recv in wordpress.vcl if (req.http.Accept-Encoding) { #revisit this list if (req.url ~ "\.(gif|jpg|jpeg|swf|flv|mp3|mp4|pdf|ico|png|gz|tgz|bz2)(\?.*|)$") { remove req.http.Accept-Encoding; } elsif (req.http.Accept-Encoding ~ "gzip") { set req.http.Accept-Encoding = "gzip"; } elsif (req.http.Accept-Encoding ~ "deflate") { set req.http.Accept-Encoding = "deflate"; } else { remove req.http.Accept-Encoding; } } if (req.url ~ "\.(gif|jpg|jpeg|swf|css|js|flv|mp3|mp4|pdf|ico|png)(\?.*|)$") { unset req.http.cookie; set req.url = regsub(req.url, "\?.*$", ""); } if (req.http.cookie) { if (req.http.cookie ~ "(wordpress_|wp-settings-)") { return(pass); } else { unset req.http.cookie; } } } elsif (req.http.Host ~ "^ghost.example.com:[0-9]+") { # Contents of the section vcl_recv in ghost.vcl # If the client uses shift-F5, get (and cache) a fresh copy. Nice for # systems without content invalidation. Big sites will want to disable # this. if (req.http.cache-control ~ "no-cache") { set req.hash_always_miss = true; } set req.http.x-pass = "false"; # TODO: I haven't seen any urls for logging access. When the # analytics parts of ghost are done, this needs to be added in the # exception list below. if (req.url ~ "^/(api|signout)") { set req.http.x-pass = "true"; } elseif (req.url ~ "^/ghost" && (req.url !~ "^/ghost/(img|css|fonts)")) { set req.http.x-pass = "true"; } if (req.http.x-pass == "true") { return(pass); } unset req.http.cookie; } } sub vcl_fetch { if (req.http.Host ~ "^wordpress.example.com:[0-9]+") { # Contents of the section vcl_fetch in wordpress.vcl if (req.url ~ "wp-(login|admin)" || req.url ~ "preview=true" || req.url ~ "xmlrpc.php") { return (hit_for_pass); } if ( (!(req.url ~ "(wp-(login|admin)|login)")) || (req.request == "GET") ) { unset beresp.http.set-cookie; } if (req.url ~ "\.(gif|jpg|jpeg|swf|css|js|flv|mp3|mp4|pdf|ico|png)(\?.*|)$") { set beresp.ttl = 365d; } } elsif (req.http.Host ~ "^ghost.example.com:[0-9]+") { # Contents of the section vcl_fetch in ghost.vcl # Only modify cookies/ttl outside of the management interface. if (req.http.x-pass != "true") { unset beresp.http.set-cookie; if (beresp.status < 500 && beresp.ttl == 0s) { set beresp.ttl = 2m; } } } } sub vcl_deliver { if (req.http.Host ~ "^wordpress.example.com:[0-9]+") { # Contents of the section vcl_deliver in wordpress.vcl # multi-server webfarm? set a variable here so you can check # the headers to see which frontend served the request # set resp.http.X-Server = "server-01"; if (obj.hits > 0) { set resp.http.X-Cache = "HIT"; } else { set resp.http.X-Cache = "MISS"; } } elsif (req.http.Host ~ "^ghost.example.com:[0-9]+") { # Contents of the section vcl_deliver in ghost.vcl } }