gru/plikd_docker
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update varnish/default.vcl

Browse Source
This commit is contained in:
gru
2026-03-24 08:47:26 +01:00
parent 3efbfa47cf
commit 7eb606e02c
1 changed files with 117 additions and 71 deletions
Download Patch File Download Diff File Expand all files Collapse all files

188
varnish/default.vcl
View File

@@ -7,40 +7,57 @@ backend default {
.host = "plik"; .host = "plik";
.port = "8080"; .port = "8080";
.max_connections = 100; .max_connections = 100;
.probe = { .url = "/"; .interval = 10s; .timeout = 5s; .window = 5; .threshold = 3; } .probe = {
.url = "/";
.interval = 10s;
.timeout = 5s;
.window = 5;
.threshold = 3;
}
.connect_timeout = 5s; .connect_timeout = 5s;
.first_byte_timeout = 90s; .first_byte_timeout = 90s;
.between_bytes_timeout = 2s; .between_bytes_timeout = 2s;
} }
acl purge { "localhost"; "127.0.0.1"; "::1"; } acl purge {
"localhost";
"127.0.0.1";
"::1";
}
sub vcl_recv { sub vcl_recv {
unset req.http.X-Cache; unset req.http.X-Cache;
unset req.http.X-Cache-Hits; unset req.http.X-Cache-Hits;
set req.http.Host = regsub(req.http.Host, ":[0-9]+", ""); set req.http.Host = regsub(req.http.Host, ":[0-9]+", "");
unset req.http.proxy; unset req.http.proxy;
set req.backend_hint = default; set req.backend_hint = default;
set req.url = std.querysort(req.url); set req.url = std.querysort(req.url);
set req.url = regsub(req.url, "\?$", ""); set req.url = regsub(req.url, "\?$", "");
set req.http.Surrogate-Capability = "key=ESI/1.0";
if (req.restarts == 0) { if (req.restarts == 0) {
if (req.http.X-Forwarded-For) { set req.http.X-Forwarded-For = req.http.X-Forwarded-For + ", " + client.ip; } if (req.http.X-Forwarded-For) {
else { set req.http.X-Forwarded-For = client.ip; } set req.http.X-Forwarded-For = req.http.X-Forwarded-For + ", " + client.ip;
} else {
set req.http.X-Forwarded-For = client.ip;
}
} }
# --- RATE LIMIT: 100/10s, kara 10s ---
if (vsthrottle.is_denied(client.identity, 100, 10s, 10s)) { if (vsthrottle.is_denied(client.identity, 100, 10s, 10s)) {
return (synth(429, "Too Many Requests")); return (synth(429, "Too Many Requests"));
} }
if (req.method == "PURGE") { if (req.method == "PURGE") {
if (!client.ip ~ purge) { return (synth(405, "Not allowed.")); } if (!client.ip ~ purge) {
return (hash); return (synth(405, "Not allowed."));
}
return (purge);
} }
if (req.method == "BAN") { if (req.method == "BAN") {
if (!client.ip ~ purge) { return (synth(405, "Not allowed.")); } if (!client.ip ~ purge) {
return (synth(405, "Not allowed."));
}
ban("req.http.host == " + req.http.host + " && req.url ~ " + req.url); ban("req.http.host == " + req.http.host + " && req.url ~ " + req.url);
return (synth(200, "Banned")); return (synth(200, "Banned"));
} }
@@ -48,9 +65,16 @@ sub vcl_recv {
if (req.method != "GET" && req.method != "HEAD" && req.method != "OPTIONS") { if (req.method != "GET" && req.method != "HEAD" && req.method != "OPTIONS") {
return (pass); return (pass);
} }
if (req.http.Authorization) { return (pass); }
if (req.url ~ "(?i)/(ajax|ahah)/") { if (req.http.Authorization) {
return (pass);
}
# upload / status / api / ajax poza cache
if (
req.url ~ "(?i)^/(upload|api|status|progress|session|login|logout)(/|$)" ||
req.url ~ "(?i)/(ajax|ahah)/"
) {
return (pass); return (pass);
} }
@@ -59,43 +83,63 @@ sub vcl_recv {
unset req.http.Accept-Encoding; unset req.http.Accept-Encoding;
} elseif (req.http.Accept-Encoding ~ "gzip") { } elseif (req.http.Accept-Encoding ~ "gzip") {
set req.http.Accept-Encoding = "gzip"; set req.http.Accept-Encoding = "gzip";
} elseif (req.http.Accept-Encoding ~ "deflate" && req.http.user-agent !~ "MSIE") {
set req.http.Accept-Encoding = "deflate";
} else { } else {
unset req.http.Accept-Encoding; unset req.http.Accept-Encoding;
} }
} }
# jeśli są cookies, to:
# - dla plików statycznych ignorujemy
# - dla reszty omijamy cache
if (req.http.Cookie) { if (req.http.Cookie) {
set req.http.Cookie = ";" + req.http.Cookie; if (req.url ~ "(?i)\.(jpg|jpeg|png|gif|webp|ico|svg|js|css|woff2?|ttf|eot|pdf|zip|7z|gz|bz2|mp4|mp3)$") {
set req.http.Cookie = regsuball(req.http.Cookie, "; +", ";"); unset req.http.Cookie;
set req.http.Cookie = regsuball(req.http.Cookie, ";[^;]*", ""); } else {
set req.http.Cookie = regsuball(req.http.Cookie, "^[; ]+|[; ]+$", ""); return (pass);
if (req.http.Cookie ~ "^\s*$") { unset req.http.Cookie; } }
else { return (pass); } # zostało coś istotnego → omijamy cache
} }
return (hash); return (hash);
} }
sub vcl_hash { sub vcl_hash {
hash_data(req.http.X-Forwarded-Proto); if (req.http.X-Forwarded-Proto) {
hash_data(req.http.X-Forwarded-Proto);
}
} }
sub vcl_hit { sub vcl_hit {
set req.http.X-Cache = "HIT"; set req.http.X-Cache = "HIT";
if (obj.ttl <= 0s && obj.grace > 0s) { set req.http.X-Cache = "HIT-GRACE"; } if (obj.ttl <= 0s && obj.grace > 0s) {
set req.http.X-Cache = "HIT-GRACE";
}
return (deliver);
} }
sub vcl_miss { set req.http.X-Cache = "MISS"; } sub vcl_miss {
sub vcl_pass { set req.http.X-Cache = "PASS"; } set req.http.X-Cache = "MISS";
return (fetch);
}
sub vcl_pass {
set req.http.X-Cache = "PASS";
return (fetch);
}
sub vcl_backend_response { sub vcl_backend_response {
if (beresp.status == 404 || beresp.status == 301 || beresp.status == 500) { # nie cache'uj błędów 5xx
set beresp.ttl = 10m; if (beresp.status == 500 || beresp.status == 503) {
set beresp.uncacheable = true;
set beresp.ttl = 0s;
return (deliver);
} }
if (beresp.status == 500 || beresp.status == 503) { return (retry); } # krótkie cache dla 404, umiarkowane dla redirectów
if (beresp.status == 404) {
set beresp.ttl = 5s;
} elseif (beresp.status == 301 || beresp.status == 302) {
set beresp.ttl = 10m;
}
if (bereq.url ~ "(?i)\.(jpg|jpeg|png|gif|webp|ico|svg|mp4|mp3|pdf|zip|7z|gz|bz2)$") { if (bereq.url ~ "(?i)\.(jpg|jpeg|png|gif|webp|ico|svg|mp4|mp3|pdf|zip|7z|gz|bz2)$") {
set beresp.do_gzip = false; set beresp.do_gzip = false;
@@ -104,18 +148,32 @@ sub vcl_backend_response {
} }
if (beresp.http.Cache-Control ~ "(?i)no-store|private") { if (beresp.http.Cache-Control ~ "(?i)no-store|private") {
set beresp.uncacheable = true;
set beresp.ttl = 0s; set beresp.ttl = 0s;
} else { return (deliver);
if (beresp.http.Cache-Control ~ "(?i)s-maxage=\d+") { }
set beresp.ttl = std.duration(regsub(beresp.http.Cache-Control, ".*(?i)s-maxage=(\d+).*", "\1") + "s", 0s);
} elseif (beresp.http.Cache-Control ~ "(?i)max-age=\d+") {
set beresp.ttl = std.duration(regsub(beresp.http.Cache-Control, ".*(?i)max-age=(\d+).*", "\1") + "s", 0s);
}
if (beresp.ttl <= 0s) { if (beresp.ttl <= 0s) {
if (beresp.http.Content-Type ~ "(?i)^image/|^font/|/javascript|/css") { set beresp.ttl = 7d; } if (beresp.http.Cache-Control ~ "(?i)s-maxage=\d+") {
elseif (beresp.http.Content-Type ~ "(?i)^text/|^application/json") { set beresp.ttl = 1d; } set beresp.ttl = std.duration(
else { set beresp.ttl = 1h; } regsub(beresp.http.Cache-Control, ".*(?i)s-maxage=(\d+).*", "\1") + "s",
0s
);
} elseif (beresp.http.Cache-Control ~ "(?i)max-age=\d+") {
set beresp.ttl = std.duration(
regsub(beresp.http.Cache-Control, ".*(?i)max-age=(\d+).*", "\1") + "s",
0s
);
}
}
if (beresp.ttl <= 0s) {
if (bereq.url ~ "(?i)\.(jpg|jpeg|png|gif|webp|ico|svg|js|css|woff2?|ttf|eot|pdf|zip|7z|gz|bz2|mp4|mp3)$") {
set beresp.ttl = 7d;
} else {
set beresp.ttl = 0s;
set beresp.uncacheable = true;
return (deliver);
} }
} }
@@ -129,37 +187,38 @@ sub vcl_backend_response {
} }
if (beresp.ttl > 0s) { if (beresp.ttl > 0s) {
set beresp.grace = beresp.ttl / 10; set beresp.grace = 10m;
if (beresp.grace < 10m) { set beresp.grace = 10m; }
if (beresp.grace > 2h) { set beresp.grace = 2h; }
if (beresp.ttl > 1h) { if (beresp.ttl > 1h) {
set beresp.keep = 1h; set beresp.keep = 1h;
} else { } else {
set beresp.keep = beresp.ttl; set beresp.keep = beresp.ttl;
} }
} else {
set beresp.grace = 0s;
set beresp.keep = 0s;
}
} else { if (beresp.http.Content-Length && std.integer(beresp.http.Content-Length, 0) > 1048576) {
set beresp.grace = 0s; set beresp.do_stream = true;
set beresp.keep = 0s; }
}
if (beresp.http.Content-Length && std.integer(beresp.http.Content-Length, 0) > 1048576) { return (deliver);
set beresp.do_stream = true;
}
} }
sub vcl_deliver { sub vcl_deliver {
if (resp.http.Content-Type ~ "(?i)^image/|^font/|/javascript|/css") { # Cache-Control tylko dla realnych plików
set resp.http.Cache-Control = "public, max-age=604800"; # 7d if (req.url ~ "(?i)\.(jpg|jpeg|png|gif|webp|ico|svg|js|css|woff2?|ttf|eot|pdf|zip|7z|gz|bz2|mp4|mp3)$") {
} elseif (resp.http.Content-Type ~ "(?i)^text/|^application/json") { set resp.http.Cache-Control = "public, max-age=604800, immutable";
set resp.http.Cache-Control = "public, max-age=86400"; # 1d } else {
set resp.http.Cache-Control = "no-store, no-cache, must-revalidate, max-age=0";
} }
unset resp.http.Expires; unset resp.http.Expires;
unset resp.http.Pragma; unset resp.http.Pragma;
if (obj.uncacheable) { if (resp.status >= 500) {
set resp.http.X-Cache = "ERROR";
} elseif (obj.uncacheable) {
set resp.http.X-Cache = "PASS"; set resp.http.X-Cache = "PASS";
unset resp.http.Age; unset resp.http.Age;
} elseif (obj.hits > 0) { } elseif (obj.hits > 0) {
@@ -175,30 +234,17 @@ sub vcl_deliver {
unset resp.http.Via; unset resp.http.Via;
unset resp.http.X-Varnish; unset resp.http.X-Varnish;
unset resp.http.Server; unset resp.http.Server;
unset resp.http.Content-disposition; unset resp.http.Content-Disposition;
set resp.http.X-Frame-Options = "SAMEORIGIN"; set resp.http.X-Frame-Options = "SAMEORIGIN";
if (resp.status == 403 || resp.status == 404 || resp.status == 500 || resp.status == 503) {
return (synth(800, "Maintenance page"));
}
} }
sub vcl_synth { sub vcl_synth {
set resp.http.X-Cache = "SYNTH"; set resp.http.X-Cache = "SYNTH";
unset resp.http.X-Varnish; unset resp.http.X-Varnish;
if (resp.status == 503 && req.restarts < 4) { if (resp.status == 429) {
return (restart); set resp.http.Content-Type = "text/plain; charset=utf-8";
}
if (resp.status == 800) {
set resp.http.Content-Type = "text/html; charset=utf-8";
set resp.status = 404;
set resp.http.Cache-Control = "no-store, no-cache, must-revalidate, max-age=0";
synthetic({"<!DOCTYPE html>
<html><head><title>"} + resp.status + " " + resp.reason + {"</title></head>
<body><h1>Error "} + resp.status + {"</h1><p>"} + resp.reason + {"</p></body></html>"});
return (deliver); return (deliver);
} }
} }