Advertisement
Guest User

Untitled

a guest
Dec 23rd, 2015
208
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 16.28 KB | None | 0 0
  1. vcl 4.0;
  2.  
  3. import std;
  4. import directors;
  5.  
  6. backend server1 {
  7. .host = "127.0.0.1"; # IP or Hostname of backend
  8. .port = "8081"; # Port Apache or whatever is listening
  9. .max_connections = 800; # That's it
  10. .first_byte_timeout = 300s; # How long to wait before we receive a first byte from our backend?
  11. .connect_timeout = 300s; # How long to wait for a backend connection?
  12. .between_bytes_timeout = 300s; # How long to wait between bytes received from our backend?
  13. }
  14.  
  15. # Only allow purging from specific IPs
  16. acl purge {
  17. "localhost";
  18. "127.0.0.1";
  19. "elsitar.com";
  20. }
  21.  
  22. sub vcl_init {
  23. # Called when VCL is loaded, before any requests pass through it. Typically used to initialize VMODs.
  24. new vdir = directors.round_robin();
  25. vdir.add_backend(server1);
  26. }
  27.  
  28.  
  29. sub vcl_recv {
  30. # Called at the beginning of a request, after the complete request has been received and parsed.
  31. # Its purpose is to decide whether or not to serve the request, how to do it, and, if applicable,
  32. # which backend to use.
  33. # also used to modify the request
  34. # send all traffic to the vdir director
  35. set req.backend_hint = vdir.backend();
  36. # TURN OFF CACHE when needed (just uncomment this only when needed)
  37. return(pass);
  38. # Tell PageSpeed not to use optimizations specific to this request.
  39. set req.http.PS-CapabilityList = "fully general optimizations only";
  40.  
  41. # Don't allow external entities to force beaconing.
  42. unset req.http.PS-ShouldBeacon;
  43.  
  44. # Authenticate the purge request by IP.
  45. if (req.method == "PURGE") {
  46. if (!client.ip ~ purge) {
  47. return (synth(405,"Not allowed."));
  48. }
  49. return (purge);
  50. }
  51.  
  52.  
  53.  
  54.  
  55. # Normalize the header, remove the port (in case you're testing this on various TCP ports)
  56. set req.http.Host = regsub(req.http.Host, ":[0-9]+", "");
  57.  
  58. # set or append the client.ip to X-Forwarded-For header. Important for logging and correct IPs.
  59. if (req.restarts == 0) {
  60. if (req.http.X-Forwarded-For) {
  61. set req.http.X-Forwarded-For = req.http.X-Forwarded-For + ", " + client.ip;
  62. } else {
  63. set req.http.X-Forwarded-For = client.ip;
  64. }
  65. }
  66.  
  67. ###
  68. ### Do not Cache: special cases
  69. ###
  70. # The code below makes sure the AJAX "add to cart" function works
  71. set req.url = regsub(req.url, "add-to-cart=\d+_\d+&", "");
  72. # Do not cache AJAX requests.
  73. if (req.http.X-Requested-With == "XMLHttpRequest") {
  74. return(pass);
  75. }
  76.  
  77. # Post requests will not be cached
  78. if (req.http.Authorization || req.method == "POST") {
  79. return (pass);
  80. }
  81.  
  82. # Only cache GET or HEAD requests. This makes sure the POST requests are always passed.
  83. if (req.method != "GET" && req.method != "HEAD") {
  84. return (pass);
  85. }
  86.  
  87. # Dont Cache WordPress post pages and edit pages
  88. if (req.url ~ "(wp-admin|post\.php|edit\.php|wp-login)") {
  89. return(pass);
  90. }
  91. #Woocommerce don't cache :
  92. if (req.url ~ "^/(cart|my-account/*|checkout|addons|logout|lost-password|product/*)") {
  93. return (pass);
  94. }
  95. #Woocommerce add to cart pass :
  96. if (req.url ~ "\?add-to-cart=" ) {
  97. return (pass);
  98. }
  99. if (req.url ~ "/wp-cron.php" || req.url ~ "preview=true") {
  100. return (pass);
  101. }
  102.  
  103. # Woocommerce
  104. if (req.url ~ "(cart|my-account|checkout|addons)") {
  105. return (pass);
  106. }
  107. if ( req.url ~ "\?add-to-cart=" ) {
  108. return (pass);
  109. }
  110.  
  111. # Paid memberships Pro PMP
  112. if ( req.url ~ "(membership-account|membership-checkout)" ) {
  113. return (pass);
  114. }
  115.  
  116. # WordPress Social Login Plugin. Note: Need to develop this. Please share if you have an example.
  117. if (req.url ~ "(wordpress-social-login|wp-social-login)") {
  118. return (pass);
  119. }
  120.  
  121. # WP-Affiliate
  122. if ( req.url ~ "\?ref=" ) {
  123. return (pass);
  124. }
  125.  
  126. # phpBB Logged in users and ACP
  127. if ( req.url ~ "(/forumPM/adm/|ucp.php?mode=|\?mode=edit)" ) {
  128. return (pass);
  129. }
  130.  
  131.  
  132. ###
  133. ### http header Cookie
  134. ### Remove some cookies (if found)
  135. ### Cache This Stuff
  136. ###
  137. # https://www.varnish-cache.org/docs/4.0/users-guide/increasing-your-hitrate.html#cookies
  138.  
  139. ### COOKIE MADNESS.
  140.  
  141. # Remove the "has_js" cookie
  142. set req.http.Cookie = regsuball(req.http.Cookie, "has_js=[^;]+(; )?", "");
  143.  
  144. # Remove any Google Analytics based cookies
  145. set req.http.Cookie = regsuball(req.http.Cookie, "__utm.=[^;]+(; )?", "");
  146. set req.http.Cookie = regsuball(req.http.Cookie, "_ga=[^;]+(; )?", "");
  147. set req.http.Cookie = regsuball(req.http.Cookie, "utmctr=[^;]+(; )?", "");
  148. set req.http.Cookie = regsuball(req.http.Cookie, "utmcmd.=[^;]+(; )?", "");
  149. set req.http.Cookie = regsuball(req.http.Cookie, "utmccn.=[^;]+(; )?", "");
  150.  
  151. # Remove the Quant Capital cookies (added by some plugin, all __qca)
  152. set req.http.Cookie = regsuball(req.http.Cookie, "__qc.=[^;]+(; )?", "");
  153.  
  154. # Remove the wp-settings-1 cookie
  155. set req.http.Cookie = regsuball(req.http.Cookie, "wp-settings-1=[^;]+(; )?", "");
  156.  
  157. # Remove the wp-settings-time-1 cookie
  158. set req.http.Cookie = regsuball(req.http.Cookie, "wp-settings-time-1=[^;]+(; )?", "");
  159.  
  160. # Remove the wp test cookie
  161. set req.http.Cookie = regsuball(req.http.Cookie, "wordpress_test_cookie=[^;]+(; )?", "");
  162.  
  163. # Remove the phpBB cookie. This will help us cache bots and anonymous users.
  164. set req.http.Cookie = regsuball(req.http.Cookie, "style_cookie=[^;]+(; )?", "");
  165. set req.http.Cookie = regsuball(req.http.Cookie, "phpbb3_psyfx_track=[^;]+(; )?", "");
  166.  
  167. # Remove the cloudflare cookie
  168. set req.http.Cookie = regsuball(req.http.Cookie, "__cfduid=[^;]+(; )?", "");
  169.  
  170. # Remove the PHPSESSID in members area cookie
  171. set req.http.Cookie = regsuball(req.http.Cookie, "PHPSESSID=[^;]+(; )?", "");
  172.  
  173. # Are there cookies left with only spaces or that are empty?
  174. if (req.http.cookie ~ "^\s*$") {
  175. unset req.http.cookie;
  176. }
  177.  
  178. # MEGA DROP. Drop ALL cookies sent to WordPress, except those originating from the URLs defined.
  179. # This increases HITs significantly, but be careful it can also break plugins that need cookies.
  180. # Note: The /members/ directory had problems with PMP login and social login plugin.
  181. # Adding it to the exclude list here (and including it below in the "Retain cookies" list) fixed login.
  182. # This works better than than other cookie removal examples found on varnish's website.
  183. # Note phpBB directory (forumPM) also passes cookies here.
  184. #if (!(req.url ~ "(wp-login|wp-admin|cart|my-account|checkout|addons|wordpress-social-login|wp-login\.php|forumPM|members)")) {
  185. #unset req.http.cookie;
  186. #}
  187.  
  188. if (!(req.url ~ "(wp-login|wp-admin|cart|my-account/*|checkout|addons|logout|lost-password|product/*)")) {
  189. unset req.http.cookie;
  190. }
  191.  
  192. # Normalize the query arguments.
  193. # Note: Placing this above the "do not cache" section breaks some WP theme elements and admin functionality.
  194. set req.url = std.querysort(req.url);
  195.  
  196. # Large static files are delivered directly to the end-user without
  197. # waiting for Varnish to fully read the file first.
  198. # Varnish 4 fully supports Streaming, so see do_stream in vcl_backend_response() to witness the glory.
  199. if (req.url ~ "^[^?]*\.(mp[34]|rar|tar|tgz|wav|zip|bz2|xz|7z|avi|mov|ogm|mpe?g|mk[av])(\?.*)?$") {
  200. unset req.http.Cookie;
  201. return (hash);
  202. }
  203.  
  204. # Cache all static files by Removing all cookies for static files
  205. # Remember, do you really need to cache static files that don't cause load? Only if you have memory left.
  206. # Here I decide to cache these static files. For me, most of them are handled by the CDN anyway.
  207. if (req.url ~ "^[^?]*\.(bmp|bz2|css|doc|eot|flv|gif|ico|jpeg|jpg|js|less|pdf|png|rtf|swf|txt|woff|xml)(\?.*)?$") {
  208. unset req.http.Cookie;
  209. return (hash);
  210. }
  211.  
  212. # Cache all static files by Removing all cookies for static files - These file extensions are generated by WP Super Cache.
  213. if (req.url ~ "^[^?]*\.(html|htm|gz)(\?.*)?$") {
  214. unset req.http.Cookie;
  215. return (hash);
  216. }
  217.  
  218. # Do not cache Authorized requests.
  219. if (req.http.Authorization) {
  220. return(pass);
  221. }
  222.  
  223. # Cache all others requests.
  224. # Note Varnish v4: vcl_recv must now return hash instead of lookup
  225. return (hash);
  226. }
  227.  
  228.  
  229. sub vcl_pipe {
  230. # Called upon entering pipe mode.
  231. # In this mode, the request is passed on to the backend, and any further data from both the client
  232. # and backend is passed on unaltered until either end closes the connection. Basically, Varnish will
  233. # degrade into a simple TCP proxy, shuffling bytes back and forth. For a connection in pipe mode,
  234. # no other VCL subroutine will ever get called after vcl_pipe.
  235.  
  236. # Note that only the first request to the backend will have
  237. # X-Forwarded-For set. If you use X-Forwarded-For and want to
  238. # have it set for all requests, make sure to have:
  239. # set bereq.http.connection = "close";
  240. # here. It is not set by default as it might break some broken web
  241. # applications, like IIS with NTLM authentication.
  242.  
  243. # set bereq.http.Connection = "Close";
  244.  
  245. return (pipe);
  246. }
  247.  
  248.  
  249. sub vcl_pass {
  250. # Called upon entering pass mode. In this mode, the request is passed on to the backend, and the
  251. # backend's response is passed on to the client, but is not entered into the cache. Subsequent
  252. # requests submitted over the same client connection are handled normally.
  253.  
  254. # return (pass);
  255. }
  256.  
  257.  
  258. # The data on which the hashing will take place
  259. sub vcl_hash {
  260. # Called after vcl_recv to create a hash value for the request. This is used as a key
  261. # to look up the object in Varnish.
  262.  
  263. hash_data(req.url);
  264.  
  265. if (req.http.host) {
  266. hash_data(req.http.host);
  267. } else {
  268. hash_data(server.ip);
  269. }
  270.  
  271. # hash cookies for requests that have them
  272. if (req.http.Cookie) {
  273. hash_data(req.http.Cookie);
  274. }
  275.  
  276. # If the client supports compression, keep that in a different cache
  277. if (req.http.Accept-Encoding) {
  278. hash_data(req.http.Accept-Encoding);
  279. }
  280.  
  281. return (lookup);
  282. }
  283.  
  284.  
  285. # Handle the HTTP request coming from our backend
  286. sub vcl_backend_response {
  287. # Called after the response headers has been successfully retrieved from the backend.
  288. # Sometimes, a 301 or 302 redirect formed via Apache's mod_rewrite can mess with the HTTP port that is being passed along.
  289. # This often happens with simple rewrite rules in a scenario where Varnish runs on :80 and Apache on :8080 on the same box.
  290. # A redirect can then often redirect the end-user to a URL on :8080, where it should be :80.
  291. # This may need fine tuning on your setup.
  292. # To prevent accidental replace, we only filter the 301/302 redirects for now.
  293. if (beresp.status == 301 || beresp.status == 302) {
  294. set beresp.http.Location = regsub(beresp.http.Location, ":[0-9]+", "");
  295. }
  296.  
  297.  
  298. ###
  299. ### Overall TTL
  300. ### Note: The TTL is designed to be somewhat aggressive here, to keep things in cache.
  301. ###
  302. # Lets get this party started.
  303. # This will keep things in cache longer
  304. if (beresp.ttl > 0s) {
  305. unset beresp.http.expires;
  306. set beresp.http.cache-control = "max-age=900";
  307. set beresp.ttl = 4d; # how long you cache objects
  308. set beresp.http.magicmarker = "1";
  309. }
  310.  
  311. # Allow stale content, in case the backend goes down.
  312. # make Varnish keep all objects for x hours beyond their TTL
  313. set beresp.grace = 12h;
  314.  
  315. ###
  316. ### Static Files
  317. ###
  318. # Enable cache for all static files
  319. # Monitor your cache size, if you get data nuked out of it, consider giving up the static file cache.
  320. # More reading here: https://ma.ttias.be/stop-caching-static-files/
  321. if (bereq.url ~ "^[^?]*\.(bmp|bz2|css|doc|eot|flv|gif|ico|jpeg|jpg|js|less|mp[34]|pdf|png|rar|rtf|swf|tar|tgz|txt|wav|woff|xml|zip)(\?.*)?$") {
  322. set beresp.ttl = 2d; # set a TTL for these optional.
  323. unset beresp.http.set-cookie;
  324. }
  325.  
  326. # Cache all static files by Removing all cookies for static files - Note: These file extensions are generated by WordPress WP Super Cache.
  327. if (bereq.url ~ "^[^?]*\.(html|htm|gz)(\?.*)?$") {
  328. set beresp.ttl = 1d; # set a TTL for these optional.
  329. unset beresp.http.set-cookie;
  330. }
  331.  
  332. ###
  333. ### Targeted TTL
  334. ###
  335. # Members section is very dynamic and uses cookies (see cookie settings in vcl_recv).
  336. if (bereq.url ~ "/members/") {
  337. set beresp.ttl = 2d;
  338. }
  339. # My Shop section is fairly static when browsing the catalog, but woocommerce is passed in vcl_recv.
  340. #if (bereq.url ~ "/shop/") {
  341. # set beresp.ttl = 1d;
  342. #}
  343. # phBB Forum
  344. # Note: Cookies are dropped for phpBB in vcl_recv which disables the forums cookies, however, logged in users still get a hash.
  345. # I set the anonymous user as a bot in phpBB admin settings. As bots dont use cookies, this gives 99% hit rate.
  346. if (bereq.url ~ "/forumPM/") {
  347. set beresp.ttl = 2h;
  348. }
  349. # Long ttl sites
  350. if (bereq.url ~ "(example.com|example2.com)") {
  351. set beresp.ttl = 1w;
  352. }
  353.  
  354. # Large static files are delivered directly to the end-user without
  355. # waiting for Varnish to fully read the file first.
  356. # Varnish 4 fully supports Streaming, so use streaming here to avoid locking.
  357. # I do not stream large files from my server, I use a CDN or dropbox, so I have not tested this.
  358. if (bereq.url ~ "^[^?]*\.(mp[34]|rar|tar|tgz|wav|zip|bz2|xz|7z|avi|mov|ogm|mpe?g|mk[av])(\?.*)?$") {
  359. unset beresp.http.set-cookie;
  360. set beresp.do_stream = true; # Check memory usage it'll grow in fetch_chunksize blocks (128k by default) if the backend doesn't send a Content-Length header, so only enable it for big objects
  361. set beresp.do_gzip = false; # Don't try to compress it for storage
  362. }
  363.  
  364. # don't cache response to posted requests or those with basic auth
  365. if ( bereq.method == "POST" || bereq.http.Authorization ) {
  366. set beresp.uncacheable = true;
  367. set beresp.ttl = 120s;
  368. return (deliver);
  369. }
  370. }
  371.  
  372. sub vcl_hit {
  373. # 5% of the time ignore that we got a cache hit and send the request to the
  374. # backend anyway for instrumentation.
  375. if (std.random(0, 100) < 5) {
  376. set req.http.PS-ShouldBeacon = "yoursecretkey";
  377. return (pass);
  378. }
  379. }
  380. sub vcl_miss {
  381. # Instrument 25% of cache misses.
  382. if (std.random(0, 100) < 25) {
  383. set req.http.PS-ShouldBeacon = "yoursecretkey";
  384. return (pass);
  385. }
  386. }
  387.  
  388.  
  389. # The routine when we deliver the HTTP request to the user
  390. # Last chance to modify headers that are sent to the client
  391. sub vcl_deliver {
  392. # Called before a cached object is delivered to the client.
  393.  
  394. # Mark HTML as uncacheable for our responses.
  395. if (resp.http.Content-Type ~ "text/html") {
  396. unset resp.http.Cache-Control;
  397. set resp.http.Cache-Control = "no-cache, max-age=0";
  398. }
  399.  
  400. if (obj.hits > 0) { # Add debug header to see if it's a HIT/MISS and the number of hits, disable when not needed
  401. set resp.http.X-Cache = "HIT";
  402. } else {
  403. set resp.http.X-Cache = "MISS";
  404. }
  405.  
  406. # Please note that obj.hits behaviour changed in 4.0, now it counts per objecthead, not per object
  407. # and obj.hits may not be reset in some cases where bans are in use. See bug 1492 for details.
  408. # So take hits with a grain of salt
  409. set resp.http.X-Cache-Hits = obj.hits;
  410.  
  411. # Remove some headers: PHP version
  412. unset resp.http.X-Powered-By;
  413.  
  414. # Remove some headers: Apache version & OS
  415. unset resp.http.Server;
  416. unset resp.http.X-Drupal-Cache;
  417. unset resp.http.X-Varnish;
  418. unset resp.http.Age;
  419. unset resp.http.Via;
  420. unset resp.http.Link;
  421. unset resp.http.X-Generator;
  422.  
  423. if (resp.http.magicmarker) {
  424. unset resp.http.magicmarker;
  425. set resp.http.age = "0";
  426. }
  427.  
  428. return (deliver);
  429. }
  430.  
  431.  
  432.  
  433. sub vcl_synth {
  434. if (resp.status == 720) {
  435. # We use this special error status 720 to force redirects with 301 (permanent) redirects
  436. # To use this, call the following from anywhere in vcl_recv: return (synth(720, "http://host/new.html"));
  437. set resp.http.Location = resp.reason;
  438. set resp.status = 301;
  439. return (deliver);
  440. } elseif (resp.status == 721) {
  441. # And we use error status 721 to force redirects with a 302 (temporary) redirect
  442. # To use this, call the following from anywhere in vcl_recv: return (synth(720, "http://host/new.html"));
  443. set resp.http.Location = resp.reason;
  444. set resp.status = 302;
  445. return (deliver);
  446. }
  447.  
  448. return (deliver);
  449. }
  450.  
  451.  
  452. sub vcl_fini {
  453. # Called when VCL is discarded only after all requests have exited the VCL.
  454. # Typically used to clean up VMODs.
  455.  
  456. return (ok);
  457. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement