91 lines
2.8 KiB
Plaintext
91 lines
2.8 KiB
Plaintext
# The builtin VCL is called when there is no explicit
|
|
# return statement.
|
|
#
|
|
# See the VCL chapters in the Users Guide for a comprehensive documentation
|
|
# at https://www.varnish-cache.org/docs/.
|
|
|
|
# Marker to tell the VCL compiler that this VCL has been written with the
|
|
# 4.0 or 4.1 syntax.
|
|
vcl 4.1;
|
|
|
|
import std;
|
|
# https://www.varnish-software.com/developers/tutorials/avoid-http-to-https-redirect-loops-varnish/#create-cache-variations-based-on-the-x-forwarded-proto-header
|
|
import proxy;
|
|
|
|
# https://varnish-cache.org/docs/trunk/users-guide/vcl-backends.html#connecting-through-a-proxy
|
|
backend haproxy_https {
|
|
.path = "/shared/haproxy_https";
|
|
}
|
|
|
|
backend haproxy_http {
|
|
.path = "/shared/haproxy_http";
|
|
}
|
|
|
|
backend destination_https {
|
|
.host = "<%= @cache_secrets['customers'][@customer]['host'] %>";
|
|
.port = "80";
|
|
.via = haproxy_http;
|
|
}
|
|
|
|
backend destination_https {
|
|
.host = "<%= @cache_secrets['customers'][@customer]['host'] %>;
|
|
.port = "443";
|
|
.via = haproxy_https;
|
|
}
|
|
|
|
sub vcl_recv {
|
|
# Happens before we check if we have this in cache already.
|
|
#
|
|
# Typically you clean up the request here, removing cookies you don't need,
|
|
# rewriting the request, etc.
|
|
#
|
|
|
|
# The usage of the proxy module is possible because haproxy is configured
|
|
# to set PROXY SSL headers for us.
|
|
if (proxy.is_ssl()) {
|
|
std.syslog(180, "RECV: this is https");
|
|
if (req.http.host == "<%= @cache_secrets['customers'][@customer]['host'] %>") {
|
|
set req.backend_hint = destination_https;
|
|
}
|
|
} else {
|
|
std.syslog(180, "RECV: this is http");
|
|
if (req.http.host == "<%= @cache_secrets['customers'][@customer]['host'] %>") {
|
|
set req.backend_hint = destination_http;
|
|
}
|
|
}
|
|
if (req.method == "PURGE") {
|
|
if (req.http.x-sunet-cdn-key == "<%= @cache_secrets['customers'][@customer]['key'] %>") {
|
|
return (purge);
|
|
}
|
|
return(synth(405,"Not allowed."));
|
|
}
|
|
}
|
|
|
|
sub vcl_backend_response {
|
|
# Happens after we have read the response headers from the backend.
|
|
#
|
|
# Here you clean the response headers, removing silly Set-Cookie headers
|
|
# and other mistakes your backend does.
|
|
|
|
# Use slash/fellow for storage
|
|
set beresp.storage = storage.fellow;
|
|
|
|
# Hold stale objects (where TTL has expired) for a longer time
|
|
set beresp.grace = 30m;
|
|
|
|
# https://www.varnish-software.com/developers/tutorials/avoid-http-to-https-redirect-loops-varnish/#create-cache-variations-based-on-the-x-forwarded-proto-header
|
|
if(beresp.http.Vary) {
|
|
set beresp.http.Vary = beresp.http.Vary + ", X-Forwarded-Proto";
|
|
} else {
|
|
set beresp.http.Vary = "X-Forwarded-Proto";
|
|
}
|
|
}
|
|
|
|
sub vcl_deliver {
|
|
# Happens when we have all the pieces we need, and are about to send the
|
|
# response to the client.
|
|
#
|
|
# You can do accounting or modifying the final object here.
|
|
unset resp.http.Vary;
|
|
}
|