gru/plikd_docker
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update varnish/default.vcl

Browse Source
This commit is contained in:
gru
2026-02-27 20:13:28 +01:00
parent 6cfcf7cd6f
commit 31cb41b786
1 changed files with 16 additions and 30 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
varnish/default.vcl
View File

@@ -16,7 +16,6 @@ backend default {
acl purge { "localhost"; "127.0.0.1"; "::1"; } acl purge { "localhost"; "127.0.0.1"; "::1"; }
sub vcl_recv { sub vcl_recv {
# --- anty-noise / normalizacja ---
unset req.http.X-Cache; unset req.http.X-Cache;
unset req.http.X-Cache-Hits; unset req.http.X-Cache-Hits;
set req.http.Host = regsub(req.http.Host, ":[0-9]+", ""); set req.http.Host = regsub(req.http.Host, ":[0-9]+", "");
@@ -36,7 +35,6 @@ sub vcl_recv {
return (synth(429, "Too Many Requests")); return (synth(429, "Too Many Requests"));
} }
# --- metody administracyjne ---
if (req.method == "PURGE") { if (req.method == "PURGE") {
if (!client.ip ~ purge) { return (synth(405, "Not allowed.")); } if (!client.ip ~ purge) { return (synth(405, "Not allowed.")); }
return (hash); return (hash);
@@ -47,18 +45,15 @@ sub vcl_recv {
return (synth(200, "Banned")); return (synth(200, "Banned"));
} }
# --- dopuszczalne metody / pass dla niecacheowalnych ---
if (req.method != "GET" && req.method != "HEAD" && req.method != "OPTIONS") { if (req.method != "GET" && req.method != "HEAD" && req.method != "OPTIONS") {
return (pass); return (pass);
} }
if (req.http.Authorization) { return (pass); } if (req.http.Authorization) { return (pass); }
# --- wyjątki dynamiczne (np. admin, ajax, status) ---
if (req.url ~ "(?i)/(ajax|ahah)/") { if (req.url ~ "(?i)/(ajax|ahah)/") {
return (pass); return (pass);
} }
# --- Accept-Encoding (nie kompresujemy oczywistych statyk po rozszerzeniu) ---
if (req.http.Accept-Encoding) { if (req.http.Accept-Encoding) {
if (req.url ~ "(?i)\.(jpg|jpeg|png|gif|webp|ico|svg|woff2?|ttf|eot|mp4|mp3|pdf|zip|7z|gz|bz2)$") { if (req.url ~ "(?i)\.(jpg|jpeg|png|gif|webp|ico|svg|woff2?|ttf|eot|mp4|mp3|pdf|zip|7z|gz|bz2)$") {
unset req.http.Accept-Encoding; unset req.http.Accept-Encoding;
@@ -71,11 +66,9 @@ sub vcl_recv {
} }
} }
# --- cookies: tylko jeśli naprawdę potrzebne do cache key; inaczej wyczyść ---
if (req.http.Cookie) { if (req.http.Cookie) {
set req.http.Cookie = ";" + req.http.Cookie; set req.http.Cookie = ";" + req.http.Cookie;
set req.http.Cookie = regsuball(req.http.Cookie, "; +", ";"); set req.http.Cookie = regsuball(req.http.Cookie, "; +", ";");
# przykładowy whitelist (dopasuj pod aplikację); tu czyścimy wszystkie
set req.http.Cookie = regsuball(req.http.Cookie, ";[^;]*", ""); set req.http.Cookie = regsuball(req.http.Cookie, ";[^;]*", "");
set req.http.Cookie = regsuball(req.http.Cookie, "^[; ]+|[; ]+$", ""); set req.http.Cookie = regsuball(req.http.Cookie, "^[; ]+|[; ]+$", "");
if (req.http.Cookie ~ "^\s*$") { unset req.http.Cookie; } if (req.http.Cookie ~ "^\s*$") { unset req.http.Cookie; }
@@ -93,26 +86,23 @@ sub vcl_hit {
set req.http.X-Cache = "HIT"; set req.http.X-Cache = "HIT";
if (obj.ttl <= 0s && obj.grace > 0s) { set req.http.X-Cache = "HIT-GRACE"; } if (obj.ttl <= 0s && obj.grace > 0s) { set req.http.X-Cache = "HIT-GRACE"; }
} }
sub vcl_miss { set req.http.X-Cache = "MISS"; } sub vcl_miss { set req.http.X-Cache = "MISS"; }
sub vcl_pass { set req.http.X-Cache = "PASS"; } sub vcl_pass { set req.http.X-Cache = "PASS"; }
sub vcl_backend_response { sub vcl_backend_response {
# krótkie TTL dla wybranych statusów
if (beresp.status == 404 || beresp.status == 301 || beresp.status == 500) { if (beresp.status == 404 || beresp.status == 301 || beresp.status == 500) {
set beresp.ttl = 10m; set beresp.ttl = 10m;
} }
# retry na 5xx (bez pętli)
if (beresp.status == 500 || beresp.status == 503) { return (retry); } if (beresp.status == 500 || beresp.status == 503) { return (retry); }
# kompresja
if (bereq.url ~ "(?i)\.(jpg|jpeg|png|gif|webp|ico|svg|mp4|mp3|pdf|zip|7z|gz|bz2)$") { if (bereq.url ~ "(?i)\.(jpg|jpeg|png|gif|webp|ico|svg|mp4|mp3|pdf|zip|7z|gz|bz2)$") {
set beresp.do_gzip = false; set beresp.do_gzip = false;
} else { } else {
set beresp.do_gzip = true; set beresp.do_gzip = true;
} }
# TTL: honoruj Cache-Control; no-store/private = 0
if (beresp.http.Cache-Control ~ "(?i)no-store|private") { if (beresp.http.Cache-Control ~ "(?i)no-store|private") {
set beresp.ttl = 0s; set beresp.ttl = 0s;
} else { } else {
@@ -121,7 +111,7 @@ sub vcl_backend_response {
} elseif (beresp.http.Cache-Control ~ "(?i)max-age=\d+") { } elseif (beresp.http.Cache-Control ~ "(?i)max-age=\d+") {
set beresp.ttl = std.duration(regsub(beresp.http.Cache-Control, ".*(?i)max-age=(\d+).*", "\1") + "s", 0s); set beresp.ttl = std.duration(regsub(beresp.http.Cache-Control, ".*(?i)max-age=(\d+).*", "\1") + "s", 0s);
} }
# fallback (lekko agresywny, prosto)
if (beresp.ttl <= 0s) { if (beresp.ttl <= 0s) {
if (beresp.http.Content-Type ~ "(?i)^image/|^font/|/javascript|/css") { set beresp.ttl = 7d; } if (beresp.http.Content-Type ~ "(?i)^image/|^font/|/javascript|/css") { set beresp.ttl = 7d; }
elseif (beresp.http.Content-Type ~ "(?i)^text/|^application/json") { set beresp.ttl = 1d; } elseif (beresp.http.Content-Type ~ "(?i)^text/|^application/json") { set beresp.ttl = 1d; }
@@ -129,18 +119,15 @@ sub vcl_backend_response {
} }
} }
# usuń ciasteczka dla statyk/binariów
if (bereq.url ~ "(?i)\.(jpg|jpeg|png|gif|webp|ico|svg|js|css|woff2?|ttf|eot|pdf|zip|7z|gz|bz2|mp4|mp3)$") { if (bereq.url ~ "(?i)\.(jpg|jpeg|png|gif|webp|ico|svg|js|css|woff2?|ttf|eot|pdf|zip|7z|gz|bz2|mp4|mp3)$") {
unset beresp.http.Set-Cookie; unset beresp.http.Set-Cookie;
} }
# ESI
if (beresp.http.Surrogate-Control ~ "ESI/1.0") { if (beresp.http.Surrogate-Control ~ "ESI/1.0") {
unset beresp.http.Surrogate-Control; unset beresp.http.Surrogate-Control;
set beresp.do_esi = true; set beresp.do_esi = true;
} }
# grace/keep
if (beresp.ttl > 0s) { if (beresp.ttl > 0s) {
set beresp.grace = beresp.ttl / 10; set beresp.grace = beresp.ttl / 10;
if (beresp.grace < 10m) { set beresp.grace = 10m; } if (beresp.grace < 10m) { set beresp.grace = 10m; }
@@ -151,19 +138,18 @@ sub vcl_backend_response {
} else { } else {
set beresp.keep = beresp.ttl; set beresp.keep = beresp.ttl;
} }
} else { } else {
set beresp.grace = 0s; set beresp.grace = 0s;
set beresp.keep = 0s; set beresp.keep = 0s;
} }
# streaming dużych odpowiedzi (>1 MiB)
if (beresp.http.Content-Length && std.integer(beresp.http.Content-Length, 0) > 1048576) { if (beresp.http.Content-Length && std.integer(beresp.http.Content-Length, 0) > 1048576) {
set beresp.do_stream = true; set beresp.do_stream = true;
} }
} }
sub vcl_deliver { sub vcl_deliver {
# polityka Cache-Control po typie (frontend)
if (resp.http.Content-Type ~ "(?i)^image/|^font/|/javascript|/css") { if (resp.http.Content-Type ~ "(?i)^image/|^font/|/javascript|/css") {
set resp.http.Cache-Control = "public, max-age=604800"; # 7d set resp.http.Cache-Control = "public, max-age=604800"; # 7d
} elseif (resp.http.Content-Type ~ "(?i)^text/|^application/json") { } elseif (resp.http.Content-Type ~ "(?i)^text/|^application/json") {
@@ -173,7 +159,6 @@ sub vcl_deliver {
unset resp.http.Expires; unset resp.http.Expires;
unset resp.http.Pragma; unset resp.http.Pragma;
# metryki cache
if (obj.uncacheable) { if (obj.uncacheable) {
set resp.http.X-Cache = "PASS"; set resp.http.X-Cache = "PASS";
unset resp.http.Age; unset resp.http.Age;
@@ -185,7 +170,6 @@ sub vcl_deliver {
unset resp.http.Age; unset resp.http.Age;
} }
# twarde usunięcie sygnatur serwera
unset resp.http.X-Url; unset resp.http.X-Url;
unset resp.http.X-Host; unset resp.http.X-Host;
unset resp.http.Via; unset resp.http.Via;
@@ -193,7 +177,6 @@ sub vcl_deliver {
unset resp.http.Server; unset resp.http.Server;
set resp.http.X-Frame-Options = "SAMEORIGIN"; set resp.http.X-Frame-Options = "SAMEORIGIN";
# strona serwisowa dla wybranych statusów
if (resp.status == 403 || resp.status == 404 || resp.status == 500 || resp.status == 503) { if (resp.status == 403 || resp.status == 404 || resp.status == 500 || resp.status == 503) {
return (synth(800, "Maintenance page")); return (synth(800, "Maintenance page"));
} }
@@ -201,16 +184,19 @@ sub vcl_deliver {
sub vcl_synth { sub vcl_synth {
set resp.http.X-Cache = "SYNTH"; set resp.http.X-Cache = "SYNTH";
unset resp.http.X-Varnish;
if (resp.status == 503 && req.restarts < 4) { return (restart); } if (resp.status == 503 && req.restarts < 4) {
return (restart);
}
if (resp.status == 800) { if (resp.status == 800) {
set resp.http.Content-Type = "text/html; charset=utf-8"; set resp.http.Content-Type = "text/html; charset=utf-8";
set resp.status = 404; set resp.status = 404;
set resp.http.Cache-Control = "no-store, no-cache, must-revalidate, max-age=0"; set resp.http.Cache-Control = "no-store, no-cache, must-revalidate, max-age=0";
synthetic({"<!DOCTYPE html> synthetic({"<!DOCTYPE html>
<html><head><title>"} + resp.status + " " + resp.reason + {"</title></head> <html><head><title>"} + resp.status + " " + resp.reason + {"</title></head>
<body><h1>Error "} + resp.status + {"</h1><p>"} + resp.reason + {"</p></body></html>"}); <body><h1>Error "} + resp.status + {"</h1><p>"} + resp.reason + {"</p></body></html>"});
return (deliver); return (deliver);
} }
} }