-
Notifications
You must be signed in to change notification settings - Fork 2
/
blog.vcl
218 lines (187 loc) · 6.92 KB
/
blog.vcl
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
#
# Fastly (Varnish) configuration for blog.webplatform.org
#
# Service: blog, v #53 (see 30, 35, 37, 38, 48)
#
# Backend configs:
# - Max connections: 700
# - Error treshold: 5
# - Connection (ms): 60000
# - First byte (ms): 60000
# - Between bytes (ms): 30000
#
# Assuming it is using Varnish 2.1.5 syntax
#
# Ref:
# - https://www.varnish-cache.org/docs/2.1/tutorial/vcl.html
# - https://www.varnish-software.com/static/book/VCL_functions.html
# - http://docs.fastly.com/guides/22958207/27123847
# - http://docs.fastly.com/guides/22958207/23206371
# - http://blog.bigdinosaur.org/adventures-in-varnish/
# - https://www.varnish-cache.org/docs/2.1/tutorial/increasing_your_hitrate.html
#
# Doc: Called at the beginning of a request, after the complete request
# has been received and parsed. Its purpose is to
# decide whether or not to serve the request, how to
# do it, and, if applicable, which backend to use.
sub vcl_recv {
#FASTLY recv
set client.identity = req.http.Fastly-Client-IP;
# Force SSL
if (!req.http.Fastly-SSL) {
error 801 "Force SSL";
}
# Header overwrite XFF··
if (!req.http.X-Forwarded-For) {
set req.http.X-Forwarded-For = req.http.Fastly-Client-IP;
}
#
# Handle grace periods for where we will serve a stale response
# source: https://github.com/python/psf-fastly/blob/master/vcl/pypi.vcl
if (!req.backend.healthy) {
# The backend is unhealthy which means we want to serve the stale
# response long enough (hopefully) for us to fix the problem.
set req.grace = 24h;
# The backend is unhealthy which means we want to serve responses as
# if the user was not logged in. This means they will be eligible
# for the cached pages.
remove req.http.Authenticate;
remove req.http.Authorization;
remove req.http.Cookie;
}
else {
# Avoid a request pileup by serving stale content if required.
set req.grace = 15s;
}
# Remove ALL cookies to the backend
# except the ones WordPress cares about
if(req.url ~ "wp-(login|admin)" || req.url ~ "preview=true" || req.url ~ "xmlrpc.php") {
# Do not tamper with WordPress cookies here
} else {
if (req.http.Cookie) {
set req.http.Cookie = ";" req.http.Cookie;
set req.http.Cookie = regsuball(req.http.Cookie, "; +", ";");
set req.http.Cookie = regsuball(req.http.Cookie, ";(wordpress_|wp-settings-)=", "; \1=");
set req.http.Cookie = regsuball(req.http.Cookie, ";[^ ][^;]*", "");
set req.http.Cookie = regsuball(req.http.Cookie, "^[; ]+|[; ]+$", "");
if (req.http.Cookie == "") {
remove req.http.Cookie;
}
}
}
## Fastly BOILERPLATE ========
# # NOTE: To use vcl_miss in some desired cases, pass everything to lookup, not pass
# # ref: http://stackoverflow.com/questions/5110841/is-there-a-way-to-set-req-connection-timeout-for-specific-requests-in-varnish
if (req.request != "HEAD" && req.request != "GET" && req.request != "PURGE") {
return(pass);
}
return(lookup); # Default outcome, keep at the end
## /Fastly BOILERPLATE ========
}
# Doc: Called after a document has been successfully retrieved from the backend
sub vcl_fetch {
#FASTLY fetch
# Set the maximum grace period on an object
set beresp.grace = 24h;
if ( (!(req.url ~ "(wp-(login|admin)|login)")) || (req.request == "GET") ) {
unset beresp.http.set-cookie;
}
# Debug notes
if(!beresp.http.X-Cache-Note) {
set beresp.http.X-Cache-Note = "Debugging notes: ";
}
# Gzip
if (beresp.status == 200 && (beresp.http.content-type ~ "^(text/html|application/x-javascript|text/css|application/javascript|text/javascript)\s*($|;)" || req.url ~ "\.(js|css|html)($|\?)" ) ) {
# always set vary to make sure uncompressed versions dont always win
if (!beresp.http.Vary ~ "Accept-Encoding") {
if (beresp.http.Vary) {
set beresp.http.Vary = beresp.http.Vary ", Accept-Encoding";
} else {
set beresp.http.Vary = "Accept-Encoding";
}
}
if (req.http.Accept-Encoding == "gzip") {
set beresp.gzip = true;
}
}
# Enforce static asset Cache
if (
req.url ~ ".*\.(png|jpg|jpeg|gif|svg|css).*"
) {
set beresp.http.X-Cache-Note = beresp.http.X-Cache-Note ", Forced static asset cache";
set beresp.ttl = 86400s;
set beresp.grace = 864000s;
return(deliver);
}
## Fastly BOILERPLATE ========
if ((beresp.status == 500 || beresp.status == 503) && req.restarts < 1 && (req.request == "GET" || req.request == "HEAD")) {
restart;
}
if(req.restarts > 0 ) {
set beresp.http.Fastly-Restarts = req.restarts;
}
if (beresp.http.Set-Cookie) {
set beresp.http.X-Cache-Note = beresp.http.X-Cache-Note ", Has Set-Cookie";
set req.http.Fastly-Cachetype = "SETCOOKIE";
return (pass);
}
if (beresp.http.Cache-Control ~ "private") {
set beresp.http.X-Cache-Note = beresp.http.X-Cache-Note ", Cache-Control private";
set req.http.Fastly-Cachetype = "PRIVATE";
return (pass);
}
if (beresp.status == 500 || beresp.status == 503) {
set beresp.http.X-Cache-Note = beresp.http.X-Cache-Note ", Error document";
set req.http.Fastly-Cachetype = "ERROR";
set beresp.ttl = 1s;
set beresp.grace = 5s;
return (deliver);
}
if (beresp.http.Expires || beresp.http.Surrogate-Control ~ "max-age" || beresp.http.Cache-Control ~"(s-maxage|max-age)") {
set beresp.http.X-Cache-Note = beresp.http.X-Cache-Note ", Has either max-age,Expires,Cache-control";
# keep the ttl here
} else {
# apply the default ttl
set beresp.http.X-Cache-Note = beresp.http.X-Cache-Note ", Had no max-age,expires,cache-control; setting default ttl";
set beresp.ttl = 3600s;
}
return(deliver); # Default outcome, keep at the end
## /Fastly BOILERPLATE =======
}
# Doc: Called before a cached object is delivered to the client
sub vcl_deliver {
#FASTLY deliver
# Always send this instead of using meta tags in markup
if (resp.http.Content-Type ~ "html") {
set resp.http.X-UA-Compatible = "IE=edge,chrome=1";
}
# Debug, change version string
set resp.http.X-Config-Serial = "2014102600";
# The (!req.http.Fastly-FF) is to differentiate between
# edge to the sheild nodes. Shield nodes has a Fastly-FF
# header added internally.
if ((!req.http.Fastly-FF) && (!req.http.Fastly-Debug)) {
remove resp.http.X-Cache-Note;
remove resp.http.X-Backend-Key;
remove resp.http.Server;
remove resp.http.Via;
remove resp.http.X-Served-By;
remove resp.http.X-Cache;
remove resp.http.X-Cache-Hits;
remove resp.http.X-Timer;
}
## Fastly BOILERPLATE ========
return(deliver);
## /Fastly BOILERPLATE =======
}
sub vcl_error {
#FASTLY error
# Force SSL
if (obj.status == 801) {
set obj.status = 301;
set obj.response = "Moved Permanently";
set obj.http.Location = "https://" req.http.host req.url;
synthetic {""};
return (deliver);
}
}