Update varnish with critical transit_buffer option

2025-05-09 02:05:37 +00:00 · 2024-11-21 22:12:28 +11:00
parent d0b21d4ce1
commit 2261c2432f
1 changed files with 51 additions and 42 deletions
--- a/varnish/default.vcl
+++ b/varnish/default.vcl
@ -2,6 +2,9 @@ vcl 4.1;
 import std;

 # backend pointing to HAProxy
+backend default {
+	.path = "/shared-sockets/varnish-to-haproxy-internal.sock";
+}
 backend haproxy {
 	.path = "/shared-sockets/varnish-to-haproxy-internal.sock";
 }
@ -9,13 +12,24 @@ backend haproxy {
 acl purge_allowed {
 	"127.0.0.1";
 	"::1";
-	"172.19.0.1";
+	"103.230.159.7";
+	"2404:9400:2:0:216:3eff:fee3:5c06";
+}
+
+sub vcl_pipe {
+	return (pipe);
 }

 # incoming requests
 sub vcl_recv {

-	# handle PURGE and BAN requests
+	# route all requests to haproxy
+	set req.backend_hint = haproxy;
+
+	# unfuck x-forwarded-for
+	set req.http.X-Forwarded-For = regsub(req.http.X-Forwarded-For, "^([^,]+),?.*$", "\1");
+
+	# handle PURGE and BAN
 	if ((req.method == "PURGE" || req.method == "BAN") && req.http.X-BasedFlare-Varnish-Key == "changeme") {
 		if (req.http.X-Forwarded-For) {
 			set req.http.X-Real-IP = regsub(req.http.X-Forwarded-For, ",.*", "");
@ -36,8 +50,9 @@ sub vcl_recv {
 		}
 	}

-	# route all requests to haproxy
-	set req.backend_hint = haproxy;
+	if (req.http.Range) {
+		return (pass);
+	}

 	# some conditions are not cached
 	if (req.method != "GET" && req.method != "HEAD") {
@ -50,28 +65,44 @@ sub vcl_recv {
 		return (pass);
 	}

-	# save the Cookie header temporarily if needed by the backend
-	if (req.http.Cookie) {
-		set req.http.X-Cookie-Temp = req.http.Cookie;
-		unset req.http.Cookie;  # remove Cookie header for caching purposes
-	}
-
 }

-# caching behavior when fetching from backend
+sub vcl_hash {
+	hash_data(req.url);
+	if (req.http.Host) {
+		hash_data(req.http.Host);
+	}
+	if (req.http.Range) {
+		hash_data(req.http.Range);
+	}
+}
+
+## caching behavior when fetching from backend
 sub vcl_backend_response {

-	# for BANs
-	set beresp.http.x-url = bereq.url;
-	set beresp.http.x-host = bereq.http.host;
+	set beresp.do_stream = true;  # Stream directly
+	set beresp.transit_buffer = 1M; # testing

+	# dont cache > 100MB
+	if (beresp.http.Content-Length && std.integer(beresp.http.Content-Length, 0) > 100 * 1024 * 1024) {
+		set beresp.uncacheable = true;  # Don't cache
+		return (deliver);
+	}
+
+	# dont cache set-cookie responses
 	if (beresp.http.Set-Cookie) {
 		set beresp.uncacheable = true;
 		return (pass);
 	}

+	# dont cache ranges
+	# if (bereq.http.Range) {
+	# 	set beresp.ttl = 0s;
+	# 	set beresp.uncacheable = true;
+	# }
+
 	# only cache specific types of content and successful responses
-	if ((beresp.status == 200 || beresp.status == 206) && beresp.http.Content-Type ~ "text|application|image|video|audio|font") {
+	if ((beresp.status == 200 || beresp.status == 206) && (!beresp.http.Content-Type || beresp.http.Content-Type ~ "text|application|image|video|audio|font")) {
 		if (beresp.http.Cache-Control ~ "no-cache" || beresp.http.Cache-Control ~ "no-store" || beresp.http.Pragma == "no-cache") {
 			#don't cache if the backend says no-cache
 			set beresp.uncacheable = true;
@ -81,41 +112,29 @@ sub vcl_backend_response {
 			set beresp.ttl = std.duration(regsub(beresp.http.Cache-Control, ".*max-age=([0-9]+).*", "\1") + "s", 0s);
 		} else if (beresp.http.Expires) {
 			# calculate ttl using Expires if present
-			set beresp.ttl = std.duration(beresp.http.Expires, 0s);
+			set beresp.ttl = std.duration(beresp.http.Expires + "s", 0s);
 		} else {
 			# default ttl if no cache header
 			set beresp.ttl = 1m;
 		}
-
 		# grace period for stale content
 		set beresp.grace = 10m;
 		set beresp.uncacheable = false;
-		set beresp.do_stream = true;
-		set beresp.do_gunzip = true;
 	} else {
 		# non-cacheable or non-success responses
 		set beresp.uncacheable = true;
 		return (pass);
 	}

-	# remove Set-Cookie for cacheable responses
-	if (!beresp.uncacheable) {
-		unset beresp.http.Set-Cookie;
-	}
-
 }

 # when sending response
 sub vcl_deliver {

-	# for BANs
-	unset resp.http.x-url;
-	unset resp.http.x-host;
-
-	# remove some headers
-	unset resp.http.X-Varnish;
-	unset resp.http.Via;
-	unset req.http.X-Cookie-Temp; # ensure X-Cookie-Temp is gone
+	# add accept-ranges for backend reqs
+	if (req.http.Range) {
+		set resp.http.Accept-Ranges = "bytes";
+	}

 	# custom header to indicate cache hit or miss
 	if (obj.hits > 0) {
@ -125,13 +144,3 @@ sub vcl_deliver {
 	}

 }
-
-# restore Cookie header to backend if saved
-sub vcl_backend_fetch {
-
-	if (bereq.http.X-Cookie-Temp) {
-		set bereq.http.Cookie = bereq.http.X-Cookie-Temp;
-		unset bereq.http.X-Cookie-Temp; # remove X-Cookie-Temp after use
-	}
-
-}