From 0016aa52049d87d3210a85f5c4b2e4caff6e51b2 Mon Sep 17 00:00:00 2001 From: Thomas Lynch Date: Wed, 13 Nov 2024 14:20:50 +1100 Subject: [PATCH] Clean up some sockets locations Remove vcl_init for secret initialisation --- haproxy/haproxy.cfg | 4 ++-- varnish/default.vcl | 9 ++++----- 2 files changed, 6 insertions(+), 7 deletions(-) diff --git a/haproxy/haproxy.cfg b/haproxy/haproxy.cfg index adfe263..44986e6 100644 --- a/haproxy/haproxy.cfg +++ b/haproxy/haproxy.cfg @@ -57,7 +57,7 @@ frontend http-in # Or instead, for Tor, to use circuit IDs as "IP": #bind 127.0.0.1:80 accept-proxy - #option forwardfor + option forwardfor # optional geoip handling (maps required) and alt-svc header addition http-request set-var(req.xcc) src,map_ip(/etc/haproxy/map/geoip.map) @@ -158,7 +158,7 @@ frontend varnish-to-haproxy-internal default_backend servers backend haproxy-to-varnish-cache - server CACHE unix@/shared-sockets/haproxy-to-varnish-cache.sock check observe layer7 inter 1s + server varnish unix@/shared-sockets/haproxy-to-varnish-cache.sock check observe layer7 inter 1s backend servers balance leastconn diff --git a/varnish/default.vcl b/varnish/default.vcl index 4ccd95a..0de8913 100644 --- a/varnish/default.vcl +++ b/varnish/default.vcl @@ -1,10 +1,6 @@ vcl 4.1; import std; -sub vcl_init { - set purge_secret_key = "CHANGEME_YOUR_SECRET_KEY"; -} - # backend pointing to HAProxy backend haproxy { .path = "/shared-sockets/varnish-to-haproxy-internal.sock"; @@ -12,13 +8,16 @@ backend haproxy { acl purge_allowed { "127.0.0.1"; + "::1"; + "172.19.0.1"; } + # incoming requests sub vcl_recv { # handle PURGE requests - if (req.method == "PURGE" && req.http.X-BasedFlare-Varnish-Key == secret_key) { + if (req.method == "PURGE" && req.http.X-BasedFlare-Varnish-Key == "changeme") { if (req.http.X-Forwarded-For) { set req.http.X-Real-IP = regsub(req.http.X-Forwarded-For, ",.*", ""); } else {