Clean up some sockets locations

Remove vcl_init for secret initialisation

haproxy/haproxy.cfg

@@ -57,7 +57,7 @@ frontend http-in
 
 	# Or instead, for Tor, to use circuit IDs as "IP":
 	#bind 127.0.0.1:80 accept-proxy
-	#option forwardfor
+	option forwardfor
 
 	# optional geoip handling (maps required) and alt-svc header addition
 	http-request set-var(req.xcc) src,map_ip(/etc/haproxy/map/geoip.map)
@@ -158,7 +158,7 @@ frontend varnish-to-haproxy-internal
 	default_backend servers
 
 backend haproxy-to-varnish-cache
-	server CACHE unix@/shared-sockets/haproxy-to-varnish-cache.sock check observe layer7 inter 1s
+	server varnish unix@/shared-sockets/haproxy-to-varnish-cache.sock check observe layer7 inter 1s
 
 backend servers
 	balance leastconn

varnish/default.vcl

@@ -1,10 +1,6 @@
 vcl 4.1;
 import std;
 
-sub vcl_init {
-	set purge_secret_key = "CHANGEME_YOUR_SECRET_KEY";
-}
-
 # backend pointing to HAProxy
 backend haproxy {
 	.path = "/shared-sockets/varnish-to-haproxy-internal.sock";
@@ -12,13 +8,16 @@ backend haproxy {
 
 acl purge_allowed {
 	"127.0.0.1";
+	"::1";
+	"172.19.0.1";
 }
 
+
 # incoming requests
 sub vcl_recv {
 
 	# handle PURGE requests
-	if (req.method == "PURGE" && req.http.X-BasedFlare-Varnish-Key == secret_key) {
+	if (req.method == "PURGE" && req.http.X-BasedFlare-Varnish-Key == "changeme") {
 		if (req.http.X-Forwarded-For) {
 			set req.http.X-Real-IP = regsub(req.http.X-Forwarded-For, ",.*", "");
 		} else {