diff --git a/varnish/default.vcl b/varnish/default.vcl
index 8a77230..b2a7f6f 100644
--- a/varnish/default.vcl
+++ b/varnish/default.vcl
@@ -16,7 +16,6 @@ backend default {
acl purge { "localhost"; "127.0.0.1"; "::1"; }
sub vcl_recv {
- # --- anty-noise / normalizacja ---
unset req.http.X-Cache;
unset req.http.X-Cache-Hits;
set req.http.Host = regsub(req.http.Host, ":[0-9]+", "");
@@ -36,7 +35,6 @@ sub vcl_recv {
return (synth(429, "Too Many Requests"));
}
- # --- metody administracyjne ---
if (req.method == "PURGE") {
if (!client.ip ~ purge) { return (synth(405, "Not allowed.")); }
return (hash);
@@ -47,18 +45,15 @@ sub vcl_recv {
return (synth(200, "Banned"));
}
- # --- dopuszczalne metody / pass dla niecache’owalnych ---
if (req.method != "GET" && req.method != "HEAD" && req.method != "OPTIONS") {
return (pass);
}
if (req.http.Authorization) { return (pass); }
- # --- wyjątki dynamiczne (np. admin, ajax, status) ---
if (req.url ~ "(?i)/(ajax|ahah)/") {
return (pass);
}
- # --- Accept-Encoding (nie kompresujemy oczywistych statyk po rozszerzeniu) ---
if (req.http.Accept-Encoding) {
if (req.url ~ "(?i)\.(jpg|jpeg|png|gif|webp|ico|svg|woff2?|ttf|eot|mp4|mp3|pdf|zip|7z|gz|bz2)$") {
unset req.http.Accept-Encoding;
@@ -71,11 +66,9 @@ sub vcl_recv {
}
}
- # --- cookies: tylko jeśli naprawdę potrzebne do cache key; inaczej wyczyść ---
if (req.http.Cookie) {
set req.http.Cookie = ";" + req.http.Cookie;
set req.http.Cookie = regsuball(req.http.Cookie, "; +", ";");
- # przykładowy whitelist (dopasuj pod aplikację); tu czyścimy wszystkie
set req.http.Cookie = regsuball(req.http.Cookie, ";[^;]*", "");
set req.http.Cookie = regsuball(req.http.Cookie, "^[; ]+|[; ]+$", "");
if (req.http.Cookie ~ "^\s*$") { unset req.http.Cookie; }
@@ -93,26 +86,23 @@ sub vcl_hit {
set req.http.X-Cache = "HIT";
if (obj.ttl <= 0s && obj.grace > 0s) { set req.http.X-Cache = "HIT-GRACE"; }
}
+
sub vcl_miss { set req.http.X-Cache = "MISS"; }
sub vcl_pass { set req.http.X-Cache = "PASS"; }
sub vcl_backend_response {
- # krótkie TTL dla wybranych statusów
if (beresp.status == 404 || beresp.status == 301 || beresp.status == 500) {
set beresp.ttl = 10m;
}
- # retry na 5xx (bez pętli)
if (beresp.status == 500 || beresp.status == 503) { return (retry); }
- # kompresja
if (bereq.url ~ "(?i)\.(jpg|jpeg|png|gif|webp|ico|svg|mp4|mp3|pdf|zip|7z|gz|bz2)$") {
set beresp.do_gzip = false;
} else {
set beresp.do_gzip = true;
}
- # TTL: honoruj Cache-Control; no-store/private = 0
if (beresp.http.Cache-Control ~ "(?i)no-store|private") {
set beresp.ttl = 0s;
} else {
@@ -121,7 +111,7 @@ sub vcl_backend_response {
} elseif (beresp.http.Cache-Control ~ "(?i)max-age=\d+") {
set beresp.ttl = std.duration(regsub(beresp.http.Cache-Control, ".*(?i)max-age=(\d+).*", "\1") + "s", 0s);
}
- # fallback (lekko agresywny, prosto)
+
if (beresp.ttl <= 0s) {
if (beresp.http.Content-Type ~ "(?i)^image/|^font/|/javascript|/css") { set beresp.ttl = 7d; }
elseif (beresp.http.Content-Type ~ "(?i)^text/|^application/json") { set beresp.ttl = 1d; }
@@ -129,41 +119,37 @@ sub vcl_backend_response {
}
}
- # usuń ciasteczka dla statyk/binariów
if (bereq.url ~ "(?i)\.(jpg|jpeg|png|gif|webp|ico|svg|js|css|woff2?|ttf|eot|pdf|zip|7z|gz|bz2|mp4|mp3)$") {
unset beresp.http.Set-Cookie;
}
- # ESI
if (beresp.http.Surrogate-Control ~ "ESI/1.0") {
unset beresp.http.Surrogate-Control;
set beresp.do_esi = true;
}
- # grace/keep
- if (beresp.ttl > 0s) {
+ if (beresp.ttl > 0s) {
set beresp.grace = beresp.ttl / 10;
if (beresp.grace < 10m) { set beresp.grace = 10m; }
if (beresp.grace > 2h) { set beresp.grace = 2h; }
if (beresp.ttl > 1h) {
- set beresp.keep = 1h;
+ set beresp.keep = 1h;
} else {
set beresp.keep = beresp.ttl;
}
+
} else {
- set beresp.grace = 0s;
- set beresp.keep = 0s;
+ set beresp.grace = 0s;
+ set beresp.keep = 0s;
}
- # streaming dużych odpowiedzi (>1 MiB)
- if (beresp.http.Content-Length && std.integer(beresp.http.Content-Length, 0) > 1048576) {
- set beresp.do_stream = true;
- }
+ if (beresp.http.Content-Length && std.integer(beresp.http.Content-Length, 0) > 1048576) {
+ set beresp.do_stream = true;
+ }
}
sub vcl_deliver {
- # polityka Cache-Control po typie (frontend)
if (resp.http.Content-Type ~ "(?i)^image/|^font/|/javascript|/css") {
set resp.http.Cache-Control = "public, max-age=604800"; # 7d
} elseif (resp.http.Content-Type ~ "(?i)^text/|^application/json") {
@@ -173,7 +159,6 @@ sub vcl_deliver {
unset resp.http.Expires;
unset resp.http.Pragma;
- # metryki cache
if (obj.uncacheable) {
set resp.http.X-Cache = "PASS";
unset resp.http.Age;
@@ -185,7 +170,6 @@ sub vcl_deliver {
unset resp.http.Age;
}
- # twarde usunięcie sygnatur serwera
unset resp.http.X-Url;
unset resp.http.X-Host;
unset resp.http.Via;
@@ -193,7 +177,6 @@ sub vcl_deliver {
unset resp.http.Server;
set resp.http.X-Frame-Options = "SAMEORIGIN";
- # strona serwisowa dla wybranych statusów
if (resp.status == 403 || resp.status == 404 || resp.status == 500 || resp.status == 503) {
return (synth(800, "Maintenance page"));
}
@@ -201,16 +184,19 @@ sub vcl_deliver {
sub vcl_synth {
set resp.http.X-Cache = "SYNTH";
+ unset resp.http.X-Varnish;
- if (resp.status == 503 && req.restarts < 4) { return (restart); }
+ if (resp.status == 503 && req.restarts < 4) {
+ return (restart);
+ }
if (resp.status == 800) {
set resp.http.Content-Type = "text/html; charset=utf-8";
set resp.status = 404;
set resp.http.Cache-Control = "no-store, no-cache, must-revalidate, max-age=0";
synthetic({"
-"} + resp.status + " " + resp.reason + {"
-Error "} + resp.status + {"
"} + resp.reason + {"
"});
+ "} + resp.status + " " + resp.reason + {"
+ Error "} + resp.status + {"
"} + resp.reason + {"
"});
return (deliver);
}
}