Switch to unix sockets for varnish<->haproxy comms

Remove some cruft from old caching

docker-compose.yml

@@ -1,4 +1,5 @@
 version: "3.9"
+
 services:
 
   haproxy:
@@ -8,6 +9,7 @@ services:
       context: ./
       dockerfile: haproxy/Dockerfile
     volumes:
+      - shared-socket:/shared-sockets
       - ./haproxy/haproxy.cfg:/etc/haproxy/haproxy.cfg
       #- ./haproxy/dataplaneapi.yml:/etc/haproxy/dataplaneapi.yml
       - ./haproxy/errors/:/etc/haproxy/errors/
@@ -41,13 +43,6 @@ services:
       - POW_TYPE=argon2
       - TOR_CONTROL_PORT_PASSWORD=changeme
       - USE_INTER_FONT=1
- 
-#   tor:
-#     build:
-#       context: ./
-#       dockerfile: tor/Dockerfile
-#     volumes:
-#       - ./tor/hidden_service:/var/lib/tor/hidden_service  # persists hs keys
 
   nginx:
     ports:
@@ -64,5 +59,17 @@ services:
       - VARNISH_SIZE=256M
       - VARNISH_PORT=8083
     volumes:
+      - shared-socket:/shared-sockets
       - ./varnish/default.vcl:/etc/varnish/default.vcl
-    command: varnishd -F -a :$VARNISH_PORT -f /etc/varnish/default.vcl -s malloc,$VARNISH_SIZE
+    command: varnishd -F -a /shared-sockets/haproxy-to-varnish-cache.sock -f /etc/varnish/default.vcl -s malloc,$VARNISH_SIZE
+    user: root
+
+#   tor:
+#     build:
+#       context: ./
+#       dockerfile: tor/Dockerfile
+#     volumes:
+#       - ./tor/hidden_service:/var/lib/tor/hidden_service  # persists hs keys
+
+volumes:
+  shared-socket:

haproxy/haproxy.cfg

@@ -142,10 +142,6 @@ frontend http-in
 	#http-request lua.set-lang-json
 	#http-request return lf-file /etc/haproxy/template/maintenance.html status 200 content-type "text/html; charset=utf-8" hdr "Cache-Control" "private, max-age=30" if maintenance_mode
 
-	# simple example cache for files
-	http-request set-var(txn.path) path
-	acl can_cache var(txn.path) -i -m end .png .jpg .jpeg .jpe .ico .webmanifest .xml .apng .bmp .webp .pjpeg .jfif .gif .mp4 .webm .mov .mkv .svg .m4a .aac .flac .mp3 .ogg .wav .opus .txt .pdf .sid
-
 	# optional alt-svc header (done after cache so not set in cached responses
 	acl match_server_continent var(txn.xcn) -m str "${HAPROXY_CONTINENT}"
 	http-response set-header X-Server-CN "${HAPROXY_CONTINENT}"
@@ -153,16 +149,16 @@ frontend http-in
 	http-response set-header Alt-Svc %[var(txn.xcn),map(/etc/haproxy/map/alt-svc.map)] if !match_server_continent
 
 	# varnish caching if available
-	acl varnish_available nbsrv(varnish) gt 0
-	use_backend varnish if varnish_available
+	acl varnish_available nbsrv(haproy-to-varnish-cache) gt 0
+	use_backend haproy-to-varnish-cache if varnish_available
 	default_backend servers
 
 frontend varnish-to-haproxy-internal
-	bind 127.0.0.1:8080 user root mode 666
+	bind unix@/shared-sockets/varnish-to-haproxy-internal.sock user root mode 666
 	default_backend servers
 
-backend varnish
-	server CACHE 127.0.0.1:8083 check observe layer7 inter 1s
+backend haproy-to-varnish-cache
+	server CACHE unix@/shared-sockets/haproxy-to-varnish-cache.sock check observe layer7 inter 1s
 
 backend servers
 	balance leastconn

varnish/default.vcl

@@ -3,8 +3,7 @@ import std;
 
 # backend pointing to HAProxy
 backend haproxy {
-	.host = "127.0.0.1";
-	.port = "8080";
+	.path = "/shared-sockets/varnish-to-haproxy-internal.sock";
 }
 
 acl purge_allowed {