|
CKAN data.gov.au
|
1 |
# This is a basic VCL configuration file for varnish. See the vcl(7) |
|
|
2 |
# man page for details on VCL syntax and semantics. |
|
|
3 |
# |
|
|
4 |
# Default backend definition. Set this to point to your content |
|
|
5 |
# server. |
|
|
6 |
# |
|
|
7 |
backend default { |
|
|
8 |
.host = "127.0.0.1"; |
|
|
9 |
.port = "8080"; |
|
|
10 |
} |
|
root
|
11 |
backend geoserver { |
|
|
12 |
.host = "172.31.18.207"; |
|
|
13 |
.port = "8983"; |
|
|
14 |
} |
|
CKAN data.gov.au
|
15 |
|
|
|
16 |
sub vcl_fetch { |
|
|
17 |
set beresp.grace = 1h; |
|
root
|
18 |
unset beresp.http.Server; |
|
|
19 |
# These status codes should always pass through and never cache. |
|
|
20 |
if ( beresp.status >= 500 ) { |
|
|
21 |
set beresp.ttl = 0s; |
|
|
22 |
} |
|
|
23 |
if (beresp.http.content-type ~ "(text|javascript|json|xml|html)") { |
|
CKAN data.gov.au
|
24 |
set beresp.do_gzip = true; |
|
|
25 |
} |
|
root
|
26 |
# CKAN cache headers are used by Varnish cache, but should not be propagated to |
|
|
27 |
# the Internet. Tell browsers and proxies not to cache. This means Varnish always |
|
|
28 |
# gets the responsibility to server the right content at all times. |
|
|
29 |
if (beresp.http.Cache-Control ~ "max-age") { |
|
|
30 |
unset beresp.http.set-cookie; |
|
|
31 |
set beresp.http.Cache-Control = "no-cache"; |
|
|
32 |
} |
|
|
33 |
|
|
|
34 |
# Encourage assets to be cached by proxies and browsers |
|
|
35 |
# JS and CSS may be gzipped depending on headers |
|
|
36 |
# see https://developers.google.com/speed/docs/best-practices/caching |
|
|
37 |
if (req.url ~ "\.(css|js)") { |
|
|
38 |
set beresp.http.Vary = "Accept-Encoding"; |
|
|
39 |
} |
|
|
40 |
|
|
|
41 |
# Encourage assets to be cached by proxies and browsers for 1 day |
|
|
42 |
if (req.url ~ "\.(png|gif|jpg|swf|css|js)") { |
|
|
43 |
unset beresp.http.set-cookie; |
|
|
44 |
set beresp.http.Cache-Control = "public, max-age=86400"; |
|
|
45 |
set beresp.ttl = 1d; |
|
|
46 |
} |
|
|
47 |
|
|
|
48 |
# Encourage CKAN vendor assets (which are versioned) to be cached by |
|
|
49 |
# by proxies and browsers for 1 year |
|
|
50 |
if (req.url ~ "^/scripts/vendor/") { |
|
|
51 |
unset beresp.http.set-cookie; |
|
|
52 |
set beresp.http.Cache-Control = "public, max-age=31536000"; |
|
|
53 |
set beresp.ttl = 12m; |
|
|
54 |
} |
|
CKAN data.gov.au
|
55 |
} |
|
|
56 |
sub vcl_recv { |
|
root
|
57 |
if (req.http.user-agent ~ "Ezooms" || req.http.user-agent ~ "Ahrefs") { |
|
|
58 |
error 403; |
|
|
59 |
} |
|
|
60 |
if (req.url ~ "^/geoserver/") { |
|
|
61 |
set req.backend = geoserver; |
|
|
62 |
} else { |
|
|
63 |
set req.backend = default; |
|
|
64 |
#redirect secure traffic to https |
|
|
65 |
if ( (req.http.Cookie ~ "auth_tkt" || req.http.Cookie ~ "ckan" || req.url ~ "user/(reset|login)") && req.http.X-Forwarded-Proto !~ "(?i)https") { |
|
|
66 |
set req.http.x-Redir-Url = "https://data.gov.au" + req.url; |
|
|
67 |
error 753 req.http.x-Redir-Url; |
|
|
68 |
} |
|
|
69 |
# remove locale links |
|
|
70 |
if (req.url ~ "/((?!js)..|.._..|sr_Latn)/") { |
|
|
71 |
set req.http.x-Redir-Url = regsub(req.url, "/((?!js)..|.._..|sr_Latn)/", "/"); |
|
|
72 |
error 751 req.http.x-Redir-Url; |
|
|
73 |
} |
|
|
74 |
# rewrite broken resources |
|
|
75 |
if (req.url ~ "leaflet") { |
|
|
76 |
set req.url = regsub(req.url, "fanstatic/ckanext-spatial/:version:2013-09-13T02:32:17.87/:bundle:js/vendor/leaflet/images", "js/vendor/leaflet/images"); |
|
|
77 |
} |
|
|
78 |
# remove old hostnames |
|
|
79 |
if (req.http.host ~ "data.australia.gov.au") { |
|
|
80 |
set req.http.x-Redir-Url = "http://data.gov.au" + req.url; |
|
|
81 |
error 751 req.http.x-Redir-Url; |
|
|
82 |
} |
|
|
83 |
|
|
|
84 |
if (req.url ~ "^/_tracking") { |
|
|
85 |
// exclude web spiders from statistics |
|
|
86 |
if (req.http.user-agent ~ "Googlebot" || req.http.user-agent ~ "baidu" || req.http.user-agent ~ "bing") { |
|
|
87 |
error 200; |
|
|
88 |
} else { |
|
|
89 |
return (pass); |
|
|
90 |
} |
|
|
91 |
} |
|
CKAN data.gov.au
|
92 |
if (req.url ~ "\.(png|gif|jpg|jpeg|swf|css|js|woff|eot)$") { |
|
root
|
93 |
//Varnish to deliver content from cache even if the request othervise indicates that the request should be passed |
|
|
94 |
return(lookup); |
|
CKAN data.gov.au
|
95 |
} |
|
CKAN data.gov.au
|
96 |
} |
|
root
|
97 |
// Remove has_js and Google Analytics cookies. Evan added sharethis cookies |
|
|
98 |
set req.http.Cookie = regsuball(req.http.Cookie, "(^|;\s*)(__[a-z]+|has_js|cookie-agreed-en|_csoot|_csuid|_chartbeat2)=[^;]*", ""); |
|
CKAN data.gov.au
|
99 |
|
|
root
|
100 |
// Remove a ";" prefix, if present. |
|
|
101 |
set req.http.Cookie = regsub(req.http.Cookie, "^;\s*", ""); |
|
|
102 |
// Remove empty cookies. |
|
|
103 |
if (req.http.Cookie ~ "^\s*$") { |
|
|
104 |
unset req.http.Cookie; |
|
CKAN data.gov.au
|
105 |
} |
|
root
|
106 |
|
|
|
107 |
remove req.http.X-Forwarded-For; |
|
|
108 |
set req.http.X-Forwarded-For = req.http.X-Real-IP; |
|
CKAN data.gov.au
|
109 |
} |
|
CKAN data.gov.au
|
110 |
sub vcl_hash { |
|
|
111 |
# http://serverfault.com/questions/112531/ignoring-get-parameters-in-varnish-vcl |
|
root
|
112 |
set req.url = regsub(req.url, "(?:(.com|.au))/((?!js)..|.._..|sr_Latn)/", "/"); |
|
CKAN data.gov.au
|
113 |
hash_data(req.url); |
|
|
114 |
if (req.http.host) { |
|
|
115 |
hash_data(req.http.host); |
|
|
116 |
} else { |
|
|
117 |
hash_data(server.ip); |
|
|
118 |
} |
|
root
|
119 |
if (req.http.Cookie) { |
|
|
120 |
hash_data(req.http.Cookie); |
|
|
121 |
} |
|
CKAN data.gov.au
|
122 |
} |
|
CKAN data.gov.au
|
123 |
sub vcl_deliver { |
|
|
124 |
if (!resp.http.Vary) { |
|
|
125 |
set resp.http.Vary = "Accept-Encoding"; |
|
|
126 |
} else if (resp.http.Vary !~ "(?i)Accept-Encoding") { |
|
|
127 |
set resp.http.Vary = resp.http.Vary + ",Accept-Encoding"; |
|
|
128 |
} |
|
root
|
129 |
remove resp.http.X-Varnish; |
|
|
130 |
remove resp.http.Via; |
|
|
131 |
remove resp.http.Age; |
|
|
132 |
remove resp.http.X-Powered-By; |
|
|
133 |
if (req.url ~ "^/geoserver/") { |
|
|
134 |
set resp.http.Access-Control-Allow-Origin = "*"; |
|
|
135 |
set resp.http.Access-Control-Allow-Methods = "GET, POST, PUT, DELETE"; |
|
|
136 |
set resp.http.Access-Control-Allow-Headers = "Origin, X-Requested-With, Content-Type, Accept"; |
|
|
137 |
} |
|
CKAN data.gov.au
|
138 |
} |
|
root
|
139 |
sub vcl_error { |
|
|
140 |
remove obj.http.Server; |
|
|
141 |
if (obj.status == 751) { |
|
|
142 |
set obj.http.Location = obj.response; |
|
|
143 |
set obj.status = 301; |
|
|
144 |
return (deliver); |
|
|
145 |
} |
|
|
146 |
if (obj.status == 753) { |
|
|
147 |
set obj.http.Location = obj.response; |
|
|
148 |
set obj.status = 301; |
|
|
149 |
return (deliver); |
|
|
150 |
} |
|
|
151 |
} |
|
CKAN data.gov.au
|
152 |
# |
|
|
153 |
# Below is a commented-out copy of the default VCL logic. If you |
|
|
154 |
# redefine any of these subroutines, the built-in logic will be |
|
|
155 |
# appended to your code. |
|
|
156 |
# sub vcl_recv { |
|
|
157 |
# if (req.restarts == 0) { |
|
|
158 |
# if (req.http.x-forwarded-for) { |
|
|
159 |
# set req.http.X-Forwarded-For = |
|
|
160 |
# req.http.X-Forwarded-For + ", " + client.ip; |
|
|
161 |
# } else { |
|
|
162 |
# set req.http.X-Forwarded-For = client.ip; |
|
|
163 |
# } |
|
|
164 |
# } |
|
|
165 |
# if (req.request != "GET" && |
|
|
166 |
# req.request != "HEAD" && |
|
|
167 |
# req.request != "PUT" && |
|
|
168 |
# req.request != "POST" && |
|
|
169 |
# req.request != "TRACE" && |
|
|
170 |
# req.request != "OPTIONS" && |
|
|
171 |
# req.request != "DELETE") { |
|
|
172 |
# /* Non-RFC2616 or CONNECT which is weird. */ |
|
|
173 |
# return (pipe); |
|
|
174 |
# } |
|
|
175 |
# if (req.request != "GET" && req.request != "HEAD") { |
|
|
176 |
# /* We only deal with GET and HEAD by default */ |
|
|
177 |
# return (pass); |
|
|
178 |
# } |
|
|
179 |
# if (req.http.Authorization || req.http.Cookie) { |
|
|
180 |
# /* Not cacheable by default */ |
|
|
181 |
# return (pass); |
|
|
182 |
# } |
|
|
183 |
# return (lookup); |
|
|
184 |
# } |
|
|
185 |
# |
|
|
186 |
# sub vcl_pipe { |
|
|
187 |
# # Note that only the first request to the backend will have |
|
|
188 |
# # X-Forwarded-For set. If you use X-Forwarded-For and want to |
|
|
189 |
# # have it set for all requests, make sure to have: |
|
|
190 |
# # set bereq.http.connection = "close"; |
|
|
191 |
# # here. It is not set by default as it might break some broken web |
|
|
192 |
# # applications, like IIS with NTLM authentication. |
|
|
193 |
# return (pipe); |
|
|
194 |
# } |
|
|
195 |
# |
|
|
196 |
# sub vcl_pass { |
|
|
197 |
# return (pas |