gru/plikd_docker
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update varnish/default.vcl

Browse Source
This commit is contained in:
gru
2026-02-27 20:13:28 +01:00
parent 6cfcf7cd6f
commit 31cb41b786
1 changed files with 16 additions and 30 deletions
Download Patch File Download Diff File Expand all files Collapse all files

46
varnish/default.vcl
View File

@@ -16,7 +16,6 @@ backend default {
acl purge { "localhost"; "127.0.0.1"; "::1"; }
sub vcl_recv {
# --- anty-noise / normalizacja ---
unset req.http.X-Cache;
unset req.http.X-Cache-Hits;
set req.http.Host = regsub(req.http.Host, ":[0-9]+", "");
@@ -36,7 +35,6 @@ sub vcl_recv {
return (synth(429, "Too Many Requests"));
}
# --- metody administracyjne ---
if (req.method == "PURGE") {
if (!client.ip ~ purge) { return (synth(405, "Not allowed.")); }
return (hash);
@@ -47,18 +45,15 @@ sub vcl_recv {
return (synth(200, "Banned"));
}
# --- dopuszczalne metody / pass dla niecacheowalnych ---
if (req.method != "GET" && req.method != "HEAD" && req.method != "OPTIONS") {
return (pass);
}
if (req.http.Authorization) { return (pass); }
# --- wyjątki dynamiczne (np. admin, ajax, status) ---
if (req.url ~ "(?i)/(ajax|ahah)/") {
return (pass);
}
# --- Accept-Encoding (nie kompresujemy oczywistych statyk po rozszerzeniu) ---
if (req.http.Accept-Encoding) {
if (req.url ~ "(?i)\.(jpg|jpeg|png|gif|webp|ico|svg|woff2?|ttf|eot|mp4|mp3|pdf|zip|7z|gz|bz2)$") {
unset req.http.Accept-Encoding;
@@ -71,11 +66,9 @@ sub vcl_recv {
}
}
# --- cookies: tylko jeśli naprawdę potrzebne do cache key; inaczej wyczyść ---
if (req.http.Cookie) {
set req.http.Cookie = ";" + req.http.Cookie;
set req.http.Cookie = regsuball(req.http.Cookie, "; +", ";");
# przykładowy whitelist (dopasuj pod aplikację); tu czyścimy wszystkie
set req.http.Cookie = regsuball(req.http.Cookie, ";[^;]*", "");
set req.http.Cookie = regsuball(req.http.Cookie, "^[; ]+|[; ]+$", "");
if (req.http.Cookie ~ "^\s*$") { unset req.http.Cookie; }
@@ -93,26 +86,23 @@ sub vcl_hit {
set req.http.X-Cache = "HIT";
if (obj.ttl <= 0s && obj.grace > 0s) { set req.http.X-Cache = "HIT-GRACE"; }
}
sub vcl_miss { set req.http.X-Cache = "MISS"; }
sub vcl_pass { set req.http.X-Cache = "PASS"; }
sub vcl_backend_response {
# krótkie TTL dla wybranych statusów
if (beresp.status == 404 || beresp.status == 301 || beresp.status == 500) {
set beresp.ttl = 10m;
}
# retry na 5xx (bez pętli)
if (beresp.status == 500 || beresp.status == 503) { return (retry); }
# kompresja
if (bereq.url ~ "(?i)\.(jpg|jpeg|png|gif|webp|ico|svg|mp4|mp3|pdf|zip|7z|gz|bz2)$") {
set beresp.do_gzip = false;
} else {
set beresp.do_gzip = true;
}
# TTL: honoruj Cache-Control; no-store/private = 0
if (beresp.http.Cache-Control ~ "(?i)no-store|private") {
set beresp.ttl = 0s;
} else {
@@ -121,7 +111,7 @@ sub vcl_backend_response {
} elseif (beresp.http.Cache-Control ~ "(?i)max-age=\d+") {
set beresp.ttl = std.duration(regsub(beresp.http.Cache-Control, ".*(?i)max-age=(\d+).*", "\1") + "s", 0s);
}
# fallback (lekko agresywny, prosto)
if (beresp.ttl <= 0s) {
if (beresp.http.Content-Type ~ "(?i)^image/|^font/|/javascript|/css") { set beresp.ttl = 7d; }
elseif (beresp.http.Content-Type ~ "(?i)^text/|^application/json") { set beresp.ttl = 1d; }
@@ -129,41 +119,37 @@ sub vcl_backend_response {
}
}
# usuń ciasteczka dla statyk/binariów
if (bereq.url ~ "(?i)\.(jpg|jpeg|png|gif|webp|ico|svg|js|css|woff2?|ttf|eot|pdf|zip|7z|gz|bz2|mp4|mp3)$") {
unset beresp.http.Set-Cookie;
}
# ESI
if (beresp.http.Surrogate-Control ~ "ESI/1.0") {
unset beresp.http.Surrogate-Control;
set beresp.do_esi = true;
}
# grace/keep
if (beresp.ttl > 0s) {
if (beresp.ttl > 0s) {
set beresp.grace = beresp.ttl / 10;
if (beresp.grace < 10m) { set beresp.grace = 10m; }
if (beresp.grace > 2h) { set beresp.grace = 2h; }
if (beresp.ttl > 1h) {
set beresp.keep = 1h;
set beresp.keep = 1h;
} else {
set beresp.keep = beresp.ttl;
}
} else {
set beresp.grace = 0s;
set beresp.keep = 0s;
set beresp.grace = 0s;
set beresp.keep = 0s;
}
# streaming dużych odpowiedzi (>1 MiB)
if (beresp.http.Content-Length && std.integer(beresp.http.Content-Length, 0) > 1048576) {
set beresp.do_stream = true;
}
if (beresp.http.Content-Length && std.integer(beresp.http.Content-Length, 0) > 1048576) {
set beresp.do_stream = true;
}
}
sub vcl_deliver {
# polityka Cache-Control po typie (frontend)
if (resp.http.Content-Type ~ "(?i)^image/|^font/|/javascript|/css") {
set resp.http.Cache-Control = "public, max-age=604800"; # 7d
} elseif (resp.http.Content-Type ~ "(?i)^text/|^application/json") {
@@ -173,7 +159,6 @@ sub vcl_deliver {
unset resp.http.Expires;
unset resp.http.Pragma;
# metryki cache
if (obj.uncacheable) {
set resp.http.X-Cache = "PASS";
unset resp.http.Age;
@@ -185,7 +170,6 @@ sub vcl_deliver {
unset resp.http.Age;
}
# twarde usunięcie sygnatur serwera
unset resp.http.X-Url;
unset resp.http.X-Host;
unset resp.http.Via;
@@ -193,7 +177,6 @@ sub vcl_deliver {
unset resp.http.Server;
set resp.http.X-Frame-Options = "SAMEORIGIN";
# strona serwisowa dla wybranych statusów
if (resp.status == 403 || resp.status == 404 || resp.status == 500 || resp.status == 503) {
return (synth(800, "Maintenance page"));
}
@@ -201,16 +184,19 @@ sub vcl_deliver {
sub vcl_synth {
set resp.http.X-Cache = "SYNTH";
unset resp.http.X-Varnish;
if (resp.status == 503 && req.restarts < 4) { return (restart); }
if (resp.status == 503 && req.restarts < 4) {
return (restart);
}
if (resp.status == 800) {
set resp.http.Content-Type = "text/html; charset=utf-8";
set resp.status = 404;
set resp.http.Cache-Control = "no-store, no-cache, must-revalidate, max-age=0";
synthetic({"<!DOCTYPE html>
<html><head><title>"} + resp.status + " " + resp.reason + {"</title></head>
<body><h1>Error "} + resp.status + {"</h1><p>"} + resp.reason + {"</p></body></html>"});
<html><head><title>"} + resp.status + " " + resp.reason + {"</title></head>
<body><h1>Error "} + resp.status + {"</h1><p>"} + resp.reason + {"</p></body></html>"});
return (deliver);
}
}