Created
May 14, 2012 17:17
-
-
Save benclark/2695148 to your computer and use it in GitHub Desktop.
Varnish config file w/ basic auth
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
backend default { | |
.host = "127.0.0.1"; | |
.port = "8080"; | |
.connect_timeout = 600s; | |
.first_byte_timeout = 600s; | |
.between_bytes_timeout = 600s; | |
} | |
acl purge { | |
"localhost"; | |
"127.0.0.1"; | |
} | |
sub vcl_recv { | |
if (req.request == "GET" && req.url ~ "^/varnishcheck$") { | |
error 200 "Varnish is Ready"; | |
} | |
if (req.request != "GET" && | |
req.request != "HEAD" && | |
req.request != "PUT" && | |
req.request != "POST" && | |
req.request != "TRACE" && | |
req.request != "OPTIONS" && | |
req.request != "PURGE" && | |
req.request != "DELETE") { | |
# Non-RFC2616 or CONNECT which is weird. | |
return (pipe); | |
} | |
# We only deal with GET, PURGE and HEAD by default. | |
if (req.request != "GET" && req.request != "HEAD" && req.request != "PURGE") { | |
return (pass); | |
} | |
# --- PURGE --- | |
if (req.request == "PURGE") { | |
# Check if the ip coresponds with the acl purge | |
if (!client.ip ~ purge) { | |
# Return error code 405 (Forbidden) when not | |
error 405 "Not allowed."; | |
} | |
return (lookup); | |
} | |
# --- PASSTHROUGH --- | |
# Always cache things with these extensions. | |
if (req.url ~ "\.(js|css|jpg|jpeg|png|gif|gz|tgz|bz2|tbz|mp3|ogg|swf)$") { | |
unset req.http.cookie; | |
return (lookup); | |
} | |
# Handle basic HTTP authentication for a specific base64 hash of user:pass. | |
if (! req.http.Authorization ~ "Basic ZGV2OmRldnBhc3M=" ) { | |
error 401 "Restricted"; | |
} | |
# Skip the Varnish cache for install, update, and cron. | |
if (req.url ~ "install\.php|update\.php|cron\.php") { | |
return (pass); | |
} | |
# Pass server-status. | |
if (req.url ~ ".*/server-status$") { | |
return (pass); | |
} | |
# Support for Pressflow Cookie-Cache Bypass. | |
if (req.http.cookie ~ "NO_CACHE") { | |
return (pass); | |
} | |
# Force lookup if the request is a no-cache request from the client. | |
if (req.http.Cache-Control ~ "no-cache") { | |
return (pass); | |
} | |
# Don't check cache if Drupal SESSION is set. | |
if (req.http.cookie ~ "SESS") { | |
return (pass); | |
} | |
# We "hide" the non-session cookies. | |
if (req.http.cookie) { | |
set req.http.X-Varnish-Cookie = req.http.cookie; | |
unset req.http.cookie; | |
} | |
# --- MISC --- | |
# Normalize the Accept-Encoding header | |
# as per: http://varnish-cache.org/wiki/FAQ/Compression | |
if (req.http.Accept-Encoding) { | |
if (req.url ~ "\.(jpg|png|gif|gz|tgz|bz2|tbz|mp3|ogg)$") { | |
# No point in compressing these. | |
unset req.http.Accept-Encoding; | |
} | |
else if (req.http.Accept-Encoding ~ "gzip") { | |
set req.http.Accept-Encoding = "gzip"; | |
} | |
else if (req.http.Accept-Encoding ~ "deflate") { | |
# Next, try deflate if it is supported. | |
set req.http.Accept-Encoding = "deflate"; | |
} | |
else { | |
# Unknown or deflate algorithm. | |
unset req.http.Accept-Encoding; | |
} | |
} | |
# Let's have a little grace. | |
set req.grace = 5m; | |
return (lookup); | |
} | |
sub vcl_hash { | |
if (req.http.cookie) { | |
hash_data(req.http.cookie); | |
} | |
} | |
# Strip any cookies before an image/js/css is inserted into cache. | |
sub vcl_fetch { | |
set beresp.grace = 5m; | |
# These status codes should always pass through and never cache. | |
if (beresp.status == 503 || beresp.status == 500) { | |
set beresp.http.X-Cacheable = "NO: obj.status"; | |
set beresp.http.X-Cacheable-status = beresp.status; | |
return (hit_for_pass); | |
} | |
if (req.url ~ "\.(js|css|jpg|jpeg|png|gif|gz|tgz|bz2|tbz|mp3|ogg|swf)(\?[a-z0-9]+)?$") { | |
unset beresp.http.set-cookie; | |
} | |
else if (beresp.http.Cache-Control) { | |
unset beresp.http.Expires; | |
} | |
if (beresp.status == 301) { | |
set beresp.ttl = 1h; | |
return(deliver); | |
} | |
# All tests passed, therefore item is cacheable | |
set beresp.http.X-Cacheable = "YES"; | |
} | |
# Set a header to track a cache HIT/MISS. | |
sub vcl_deliver { | |
if (obj.hits > 0) { | |
set resp.http.X-Varnish-Cache = "HIT"; | |
set resp.http.X-Varnish-Hits = obj.hits; | |
} | |
else { | |
set resp.http.X-Varnish-Cache = "MISS"; | |
} | |
# Set a header to track the webhead. | |
set resp.http.X-Varnish-IP = server.ip; | |
} | |
sub vcl_hit { | |
if (req.request == "PURGE") { | |
purge; | |
error 200 "Purged."; | |
} | |
} | |
sub vcl_miss { | |
if (req.http.X-Varnish-Cookie) { | |
set bereq.http.cookie = req.http.X-Varnish-Cookie; | |
unset bereq.http.X-Varnish-Cookie; | |
} | |
if (req.request == "PURGE") { | |
purge; | |
error 200 "Purged."; | |
} | |
} | |
sub vcl_error { | |
set obj.http.Content-Type = "text/html; charset=utf-8"; | |
if (obj.status == 401) { | |
# Prompt for password. | |
set obj.http.WWW-Authenticate = "Basic realm=Secured"; | |
} | |
synthetic {" | |
<?xml version="1.0" encoding="utf-8"?> | |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" | |
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> | |
<html> | |
<head> | |
<title>"} + obj.status + " " + obj.response + {"</title> | |
</head> | |
<body> | |
<div id="page"> | |
<h1>Page Could Not Be Loaded</h1> | |
<p>We're very sorry, but the page could not be loaded properly. This should be fixed very soon, and we apologize for any inconvenience.</p> | |
<hr /> | |
<h4>Debug Info:</h4> | |
<pre>Status: "} + obj.status + {" | |
Response: "} + obj.response + {" | |
XID: "} + req.xid + {"</pre> | |
</div> | |
</body> | |
</html> | |
"}; | |
return (deliver); | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi,
I am using your configurations and the issue is that I am facing is that client ip is not being forward to apache. In my pressflow application client ip is required client.ip.
Please let me know how to achieve this. How do it use the below code in your configurations