projects / ckanext-datagovau.git / blame
search:
summary | shortlog | log | commit | commitdiff | tree
plain | HEAD | blame
beginnings of autoupdate
[ckanext-datagovau.git] / admin / default.vcl
CKAN data.gov.au 1 # This is a basic VCL configuration file for varnish. See the vcl(7)
2 # man page for details on VCL syntax and semantics.
3 #
4 # Default backend definition. Set this to point to your content
5 # server.
6 #
7 backend default {
8 .host = "127.0.0.1";
9 .port = "8080";
10 }
root 11 backend geoserver {
12 .host = "172.31.18.207";
13 .port = "8983";
14 }
CKAN data.gov.au 15
16 sub vcl_fetch {
17 set beresp.grace = 1h;
root 18 unset beresp.http.Server;
19 # These status codes should always pass through and never cache.
20 if ( beresp.status >= 500 ) {
21 set beresp.ttl = 0s;
22 }
23 if (beresp.http.content-type ~ "(text|javascript|json|xml|html)") {
CKAN data.gov.au 24 set beresp.do_gzip = true;
25 }
root 26 # CKAN cache headers are used by Varnish cache, but should not be propagated to
27 # the Internet. Tell browsers and proxies not to cache. This means Varnish always
28 # gets the responsibility to server the right content at all times.
29 if (beresp.http.Cache-Control ~ "max-age") {
30 unset beresp.http.set-cookie;
31 set beresp.http.Cache-Control = "no-cache";
32 }
33
34 # Encourage assets to be cached by proxies and browsers
35 # JS and CSS may be gzipped depending on headers
36 # see https://developers.google.com/speed/docs/best-practices/caching
37 if (req.url ~ "\.(css|js)") {
38 set beresp.http.Vary = "Accept-Encoding";
39 }
40
41 # Encourage assets to be cached by proxies and browsers for 1 day
42 if (req.url ~ "\.(png|gif|jpg|swf|css|js)") {
43 unset beresp.http.set-cookie;
44 set beresp.http.Cache-Control = "public, max-age=86400";
45 set beresp.ttl = 1d;
46 }
47
48 # Encourage CKAN vendor assets (which are versioned) to be cached by
49 # by proxies and browsers for 1 year
50 if (req.url ~ "^/scripts/vendor/") {
51 unset beresp.http.set-cookie;
52 set beresp.http.Cache-Control = "public, max-age=31536000";
53 set beresp.ttl = 12m;
54 }
CKAN data.gov.au 55 }
56 sub vcl_recv {
root 57 if (req.http.user-agent ~ "Ezooms" || req.http.user-agent ~ "Ahrefs") {
58 error 403;
59 }
60 if (req.url ~ "^/geoserver/") {
61 set req.backend = geoserver;
62 } else {
63 set req.backend = default;
64 #redirect secure traffic to https
65 if ( (req.http.Cookie ~ "auth_tkt" || req.http.Cookie ~ "ckan" || req.url ~ "user/(reset|login)") && req.http.X-Forwarded-Proto !~ "(?i)https") {
66 set req.http.x-Redir-Url = "https://data.gov.au" + req.url;
67 error 753 req.http.x-Redir-Url;
68 }
69 # remove locale links
70 if (req.url ~ "/((?!js)..|.._..|sr_Latn)/") {
71 set req.http.x-Redir-Url = regsub(req.url, "/((?!js)..|.._..|sr_Latn)/", "/");
72 error 751 req.http.x-Redir-Url;
73 }
74 # rewrite broken resources
75 if (req.url ~ "leaflet") {
76 set req.url = regsub(req.url, "fanstatic/ckanext-spatial/:version:2013-09-13T02:32:17.87/:bundle:js/vendor/leaflet/images", "js/vendor/leaflet/images");
77 }
78 # remove old hostnames
79 if (req.http.host ~ "data.australia.gov.au") {
80 set req.http.x-Redir-Url = "http://data.gov.au" + req.url;
81 error 751 req.http.x-Redir-Url;
82 }
83
84 if (req.url ~ "^/_tracking") {
85 // exclude web spiders from statistics
86 if (req.http.user-agent ~ "Googlebot" || req.http.user-agent ~ "baidu" || req.http.user-agent ~ "bing") {
87 error 200;
88 } else {
89 return (pass);
90 }
91 }
CKAN data.gov.au 92 if (req.url ~ "\.(png|gif|jpg|jpeg|swf|css|js|woff|eot)$") {
root 93 //Varnish to deliver content from cache even if the request othervise indicates that the request should be passed
94 return(lookup);
CKAN data.gov.au 95 }
CKAN data.gov.au 96 }
root 97 // Remove has_js and Google Analytics cookies. Evan added sharethis cookies
98 set req.http.Cookie = regsuball(req.http.Cookie, "(^|;\s*)(__[a-z]+|has_js|cookie-agreed-en|_csoot|_csuid|_chartbeat2)=[^;]*", "");
CKAN data.gov.au 99
root 100 // Remove a ";" prefix, if present.
101 set req.http.Cookie = regsub(req.http.Cookie, "^;\s*", "");
102 // Remove empty cookies.
103 if (req.http.Cookie ~ "^\s*$") {
104 unset req.http.Cookie;
CKAN data.gov.au 105 }
root 106
107 remove req.http.X-Forwarded-For;
108 set req.http.X-Forwarded-For = req.http.X-Real-IP;
CKAN data.gov.au 109 }
CKAN data.gov.au 110 sub vcl_hash {
111 # http://serverfault.com/questions/112531/ignoring-get-parameters-in-varnish-vcl
root 112 set req.url = regsub(req.url, "(?:(.com|.au))/((?!js)..|.._..|sr_Latn)/", "/");
CKAN data.gov.au 113 hash_data(req.url);
114 if (req.http.host) {
115 hash_data(req.http.host);
116 } else {
117 hash_data(server.ip);
118 }
root 119 if (req.http.Cookie) {
120 hash_data(req.http.Cookie);
121 }
CKAN data.gov.au 122 }
CKAN data.gov.au 123 sub vcl_deliver {
124 if (!resp.http.Vary) {
125 set resp.http.Vary = "Accept-Encoding";
126 } else if (resp.http.Vary !~ "(?i)Accept-Encoding") {
127 set resp.http.Vary = resp.http.Vary + ",Accept-Encoding";
128 }
root 129 remove resp.http.X-Varnish;
130 remove resp.http.Via;
131 remove resp.http.Age;
132 remove resp.http.X-Powered-By;
133 if (req.url ~ "^/geoserver/") {
134 set resp.http.Access-Control-Allow-Origin = "*";
135 set resp.http.Access-Control-Allow-Methods = "GET, POST, PUT, DELETE";
136 set resp.http.Access-Control-Allow-Headers = "Origin, X-Requested-With, Content-Type, Accept";
137 }
CKAN data.gov.au 138 }
root 139 sub vcl_error {
140 remove obj.http.Server;
141 if (obj.status == 751) {
142 set obj.http.Location = obj.response;
143 set obj.status = 301;
144 return (deliver);
145 }
146 if (obj.status == 753) {
147 set obj.http.Location = obj.response;
148 set obj.status = 301;
149 return (deliver);
150 }
151 }
CKAN data.gov.au 152 #
153 # Below is a commented-out copy of the default VCL logic. If you
154 # redefine any of these subroutines, the built-in logic will be
155 # appended to your code.
156 # sub vcl_recv {
157 # if (req.restarts == 0) {
158 # if (req.http.x-forwarded-for) {
159 # set req.http.X-Forwarded-For =
160 # req.http.X-Forwarded-For + ", " + client.ip;
161 # } else {
162 # set req.http.X-Forwarded-For = client.ip;
163 # }
164 # }
165 # if (req.request != "GET" &&
166 # req.request != "HEAD" &&
167 # req.request != "PUT" &&
168 # req.request != "POST" &&
169 # req.request != "TRACE" &&
170 # req.request != "OPTIONS" &&
171 # req.request != "DELETE") {
172 # /* Non-RFC2616 or CONNECT which is weird. */
173 # return (pipe);
174 # }
175 # if (req.request != "GET" && req.request != "HEAD") {
176 # /* We only deal with GET and HEAD by default */
177 # return (pass);
178 # }
179 # if (req.http.Authorization || req.http.Cookie) {
180 # /* Not cacheable by default */
181 # return (pass);
182 # }
183 # return (lookup);
184 # }
185 #
186 # sub vcl_pipe {
187 # # Note that only the first request to the backend will have
188 # # X-Forwarded-For set. If you use X-Forwarded-For and want to
189 # # have it set for all requests, make sure to have:
190 # # set bereq.http.connection = "close";
191 # # here. It is not set by default as it might break some broken web
192 # # applications, like IIS with NTLM authentication.
193 # return (pipe);
194 # }
195 #
196 # sub vcl_pass {
197 # return (pass);