-
-
Save ii64/94f8c5ee0b508ee9ab3967eea5c85094 to your computer and use it in GitHub Desktop.
OBS access signer + Varnish Cache (+ CF CDN), while OBS itself also a CDN.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ## obs-access-signer | |
| # | |
| HTTP_ADDR=0.0.0.0:9002 | |
| OBS_ENDPOINT=gateway.storjshare.io | |
| OBS_BUCKET_NAME=mk-prod | |
| OBS_SECURE=true | |
| LOG_LEVEL=INFO | |
| AWS_ACCESS_KEY=example-key | |
| AWS_SECRET_KEY=example-pass | |
| # AWS_SESSION_TOKEN | |
| # accessible S3 gateway | |
| OBS_HOST_REDIRECT=gateway.storjshare.io | |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| version: '3' | |
| services: | |
| mk-obs-access-signer: | |
| image: ii64/obs-access-signer:v0.0.1 | |
| container_name: mk_obs_access_signer | |
| restart: unless-stopped | |
| networks: | |
| - obs | |
| expose: | |
| - 9002 | |
| env_file: | |
| - ./.env | |
| mk-voasis: | |
| image: varnish:stable | |
| container_name: mk_voasis_cache | |
| restart: unless-stopped | |
| networks: | |
| - obs | |
| depends_on: | |
| - mk-obs-access-signer | |
| expose: | |
| - 8080 | |
| - 8443 | |
| volumes: | |
| - ./media_voasis.vcl:/etc/varnish/default.vcl:ro | |
| networks: | |
| obs: |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # | |
| # This is an example VCL file for Varnish. | |
| # | |
| # It does not do anything by default, delegating control to the | |
| # builtin VCL. The builtin VCL is called when there is no explicit | |
| # return statement. | |
| # | |
| # See the VCL chapters in the Users Guide at https://www.varnish-cache.org/docs/ | |
| # and https://www.varnish-cache.org/trac/wiki/VCLExamples for more examples. | |
| # Marker to tell the VCL compiler that this VCL has been adapted to the | |
| # new 4.0 format. | |
| vcl 4.0; | |
| import std; | |
| import directors; | |
| # Default backend definition. Set this to point to your content server. | |
| backend obsb1 { | |
| .host = "mk-obs-access-signer"; | |
| .port = "9002"; | |
| .connect_timeout = 300s; | |
| .first_byte_timeout = 300s; | |
| .between_bytes_timeout = 300s; | |
| .max_connections = 800; | |
| } | |
| acl purge { | |
| "localhost"; | |
| "127.0.0.0"/8; | |
| } | |
| sub vcl_init { | |
| new vdir = directors.round_robin(); | |
| vdir.add_backend(obsb1); | |
| } | |
| sub vcl_hash { | |
| hash_data(req.url); | |
| if (req.http.Host) { | |
| hash_data(req.http.Host); | |
| } else { | |
| hash_data(server.ip); | |
| } | |
| } | |
| sub vcl_recv { | |
| # Happens before we check if we have this in cache already. | |
| # | |
| # Typically you clean up the request here, removing cookies you don't need, | |
| # rewriting the request, etc. | |
| // cache purge | |
| if (req.method == "PURGE") { | |
| if (!client.ip ~ purge) { | |
| return (synth(405, "Not Allowed")); | |
| } | |
| return (purge); | |
| } | |
| set req.backend_hint = vdir.backend(); | |
| if (req.method == "PRI") { | |
| /* We do not support SPDY or HTTP/2.0 */ | |
| return (synth(405)); | |
| } | |
| # remove port from Host | |
| set req.http.Host = regsub(req.http.Host, ":[0-9]+", ""); | |
| /* Backend accept HEAD and GET only */ | |
| if (req.method != "GET" && req.method != "HEAD") { | |
| return (synth(405)); | |
| } | |
| # Ignore the query string | |
| set req.url = regsub(req.url, "\?.*$", ""); | |
| return (hash); | |
| } | |
| sub vcl_backend_response { | |
| # Happens after we have read the response headers from the backend. | |
| # | |
| # Here you clean the response headers, removing silly Set-Cookie headers | |
| # and other mistakes your backend does. | |
| # Don't cache 400s | |
| if (beresp.status >= 400) { | |
| set beresp.uncacheable = true; | |
| set beresp.http.X-Cacheable = "NO: beresp.status"; | |
| set beresp.ttl = 0s; | |
| return (deliver); | |
| } | |
| # keep last stale content in case backend goes down. | |
| set beresp.grace = 6h; | |
| # cache timeout | |
| set beresp.ttl = 1h; | |
| return (deliver); | |
| } | |
| sub vcl_deliver { | |
| # Happens when we have all the pieces we need, and are about to send the | |
| # response to the client. | |
| # | |
| # You can do accounting or modifying the final object here. | |
| set resp.http.Via = regsuball(resp.http.Via, "\s\([a-zA-Z0-9\/.]+\)", ""); | |
| set resp.http.Server = "voasis"; | |
| # Debug header to see if it's a HIT/MISS and the number of hits | |
| if (obj.hits > 0) { | |
| set resp.http.X-Cache = "HIT"; | |
| } else { | |
| set resp.http.X-Cache = "MISS"; | |
| } | |
| # Please note that obj.hits behaviour changed in 4.0, now it counts per objecthead, not per object | |
| # and obj.hits may not be reset in some cases where bans are in use. See bug 1492 for details. | |
| # So take hits with a grain of salt | |
| set resp.http.X-Cache-Hits = obj.hits; | |
| unset resp.http.Date; | |
| unset resp.http.Age; | |
| # unset resp.http.Server; | |
| # unset resp.http.Via; | |
| return (deliver); | |
| } | |
| sub vcl_hit { | |
| // TTL still valid | |
| if (obj.ttl >= 0s) { | |
| return (deliver); | |
| } | |
| // Misbehaving backend: | |
| // https://varnish-cache.org/docs/trunk/users-guide/vcl-grace.html | |
| return (deliver); | |
| } | |
| sub vcl_miss { | |
| } | |
| sub vcl_backend_error { | |
| return (retry); | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment