From: root Date: Fri, 20 Dec 2013 00:32:03 +0000 Subject: varnish config dec 2013 X-Git-Url: http://maxious.lambdacomplex.org/git/?p=ckanext-datagovau.git&a=commitdiff&h=b18448b25ae578c68b7d643d9a6754153a7411b7 --- varnish config dec 2013 --- --- a/admin/default.vcl +++ b/admin/default.vcl @@ -8,45 +8,117 @@ .host = "127.0.0.1"; .port = "8080"; } +backend geoserver { + .host = "172.31.18.207"; + .port = "8983"; +} sub vcl_fetch { set beresp.grace = 1h; - - if (beresp.http.content-type ~ "(text|application)") { + unset beresp.http.Server; + # These status codes should always pass through and never cache. + if ( beresp.status >= 500 ) { + set beresp.ttl = 0s; + } + if (beresp.http.content-type ~ "(text|javascript|json|xml|html)") { set beresp.do_gzip = true; } + # CKAN cache headers are used by Varnish cache, but should not be propagated to + # the Internet. Tell browsers and proxies not to cache. This means Varnish always + # gets the responsibility to server the right content at all times. + if (beresp.http.Cache-Control ~ "max-age") { + unset beresp.http.set-cookie; + set beresp.http.Cache-Control = "no-cache"; + } + + # Encourage assets to be cached by proxies and browsers + # JS and CSS may be gzipped depending on headers + # see https://developers.google.com/speed/docs/best-practices/caching + if (req.url ~ "\.(css|js)") { + set beresp.http.Vary = "Accept-Encoding"; + } + + # Encourage assets to be cached by proxies and browsers for 1 day + if (req.url ~ "\.(png|gif|jpg|swf|css|js)") { + unset beresp.http.set-cookie; + set beresp.http.Cache-Control = "public, max-age=86400"; + set beresp.ttl = 1d; + } + + # Encourage CKAN vendor assets (which are versioned) to be cached by + # by proxies and browsers for 1 year + if (req.url ~ "^/scripts/vendor/") { + unset beresp.http.set-cookie; + set beresp.http.Cache-Control = "public, max-age=31536000"; + set beresp.ttl = 12m; + } +} +sub vcl_recv { + if (req.http.user-agent ~ "Ezooms" || req.http.user-agent ~ "Ahrefs") { + error 403; + } +if (req.url ~ "^/geoserver/") { + set req.backend = geoserver; + } else { + set req.backend = default; + #redirect secure traffic to https + if ( (req.http.Cookie ~ "auth_tkt" || req.http.Cookie ~ "ckan" || req.url ~ "user/(reset|login)") && req.http.X-Forwarded-Proto !~ "(?i)https") { + set req.http.x-Redir-Url = "https://data.gov.au" + req.url; + error 753 req.http.x-Redir-Url; + } + # remove locale links + if (req.url ~ "/((?!js)..|.._..|sr_Latn)/") { + set req.http.x-Redir-Url = regsub(req.url, "/((?!js)..|.._..|sr_Latn)/", "/"); + error 751 req.http.x-Redir-Url; + } + # rewrite broken resources + if (req.url ~ "leaflet") { + set req.url = regsub(req.url, "fanstatic/ckanext-spatial/:version:2013-09-13T02:32:17.87/:bundle:js/vendor/leaflet/images", "js/vendor/leaflet/images"); + } + # remove old hostnames + if (req.http.host ~ "data.australia.gov.au") { + set req.http.x-Redir-Url = "http://data.gov.au" + req.url; + error 751 req.http.x-Redir-Url; + } + + if (req.url ~ "^/_tracking") { + // exclude web spiders from statistics + if (req.http.user-agent ~ "Googlebot" || req.http.user-agent ~ "baidu" || req.http.user-agent ~ "bing") { + error 200; + } else { + return (pass); + } + } if (req.url ~ "\.(png|gif|jpg|jpeg|swf|css|js|woff|eot)$") { - unset beresp.http.set-cookie; + //Varnish to deliver content from cache even if the request othervise indicates that the request should be passed + return(lookup); } } -sub vcl_recv { - if (req.url ~ "^/_tracking") { - return (pass); - } - if (req.url ~ "\.(png|gif|jpg|jpeg|swf|css|js|woff|eot)$") { - return(lookup); - } -if (req.url ~ "/(..|.._..)/") { - set req.url = regsub(req.url, "/((?!js)..|.._..)/", "/"); -} - if (req.http.Cookie) { - set req.http.Cookie = regsuball(req.http.Cookie, "(^|; ) *__utm.=[^;]+;? *", "\1"); # removes all cookies named __utm? (utma, utmb...) - tracking thing - - if (req.http.Cookie == "") { - remove req.http.Cookie; - } - } + // Remove has_js and Google Analytics cookies. Evan added sharethis cookies + set req.http.Cookie = regsuball(req.http.Cookie, "(^|;\s*)(__[a-z]+|has_js|cookie-agreed-en|_csoot|_csuid|_chartbeat2)=[^;]*", ""); + + // Remove a ";" prefix, if present. + set req.http.Cookie = regsub(req.http.Cookie, "^;\s*", ""); + // Remove empty cookies. + if (req.http.Cookie ~ "^\s*$") { + unset req.http.Cookie; + } + + remove req.http.X-Forwarded-For; + set req.http.X-Forwarded-For = req.http.X-Real-IP; } sub vcl_hash { # http://serverfault.com/questions/112531/ignoring-get-parameters-in-varnish-vcl - set req.url = regsub(req.url, "(?:(.com|.au))/((?!js)..|.._..)/", "/"); + set req.url = regsub(req.url, "(?:(.com|.au))/((?!js)..|.._..|sr_Latn)/", "/"); hash_data(req.url); if (req.http.host) { hash_data(req.http.host); } else { hash_data(server.ip); } - return (hash); + if (req.http.Cookie) { + hash_data(req.http.Cookie); +} } sub vcl_deliver { if (!resp.http.Vary) { @@ -54,13 +126,29 @@ } else if (resp.http.Vary !~ "(?i)Accept-Encoding") { set resp.http.Vary = resp.http.Vary + ",Accept-Encoding"; } - if (obj.hits > 0) { - set resp.http.X-Cache = "HIT"; - } else { - set resp.http.X-Cache = "MISS"; - } + remove resp.http.X-Varnish; + remove resp.http.Via; + remove resp.http.Age; + remove resp.http.X-Powered-By; +if (req.url ~ "^/geoserver/") { + set resp.http.Access-Control-Allow-Origin = "*"; + set resp.http.Access-Control-Allow-Methods = "GET, POST, PUT, DELETE"; + set resp.http.Access-Control-Allow-Headers = "Origin, X-Requested-With, Content-Type, Accept"; +} } - +sub vcl_error { + remove obj.http.Server; + if (obj.status == 751) { + set obj.http.Location = obj.response; + set obj.status = 301; + return (deliver); + } + if (obj.status == 753) { + set obj.http.Location = obj.response; + set obj.status = 301; + return (deliver); + } +} # # Below is a commented-out copy of the default VCL logic. If you # redefine any of these subroutines, the built-in logic will be