mklooss · January 17, 2023 08:55
diff --git a/t3 total cache varnish config b/t3 total cache varnish config
 # VCL version 5.0 is not supported so it should be 4.0 even though actually used Varnish version is 6
 vcl 4.0;

 import std;
 # The minimal Varnish version is 6.0
 # For SSL offloading, pass the following header in your proxy server or load balancer: 'SSL-OFFLOADED: https'

 backend default {
    .host = "10.0.1.2";
    .port = "80";
    .connect_timeout = 600s;
    .first_byte_timeout = 600s;
    .between_bytes_timeout = 600s;
 }

 acl purge {
    # Web server with plugin which will issue PURGE requests
    "localhost";
 }

 sub vcl_recv {
    if (req.method == "PURGE") {
        if (!client.ip ~ purge) {
            return (synth(405, "Method not allowed"));
        }
        ban("req.url ~ ^" + req.url + "$ && req.http.host == " + req.http.host);
    }

    if (req.method != "GET" &&
        req.method != "HEAD" &&
        req.method != "PUT" &&
        req.method != "POST" &&
        req.method != "TRACE" &&
        req.method != "OPTIONS" &&
        req.method != "DELETE") {
          /* Non-RFC2616 or CONNECT which is weird. */
          return (pipe);
    }

    if (req.method != "GET" && req.method != "HEAD") {
        return (pass);
    }
    # Compression filter. See https://www.varnish-cache.org/trac/wiki/FAQ/Compression
    if (req.http.Accept-Encoding) {
        if (req.url ~ "\.(jpg|jpeg|png|gif|gz|tgz|bz2|tbz|mp3|ogg|swf|flv)$") {
            # No point in compressing these
            unset req.http.Accept-Encoding;
        } elsif (req.http.Accept-Encoding ~ "gzip") {
            set req.http.Accept-Encoding = "gzip";
        } elsif (req.http.Accept-Encoding ~ "deflate" && req.http.user-agent !~ "MSIE") {
            set req.http.Accept-Encoding = "deflate";
        } else {
            unset req.http.Accept-Encoding;
        }
    }

    # Remove cookies and query string for real static files
    if (req.url ~ "\.(bz2|css|flv|gif|gz|ico|jpeg|jpg|js|lzma|mp3|mp4|pdf|png|swf|tbz|tgz|txt|zip)(\?.*|)$") {
        unset req.http.cookie;
        set req.url = regsub(req.url, "\?.*$", "");
    }

    # Remove all marketing get parameters to minimize the cache objects
    if (req.url ~ "(\?|&)(gclid|cx|ie|cof|siteurl|zanpid|origin|fbclid|mc_[a-z]+|utm_[a-z]+|_bta_[a-z]+)=") {
        set req.url = regsuball(req.url, "(gclid|cx|ie|cof|siteurl|zanpid|origin|fbclid|mc_[a-z]+|utm_[a-z]+|_bta_[a-z]+)=[-_A-z0-9+()%.]+&?", "");
        set req.url = regsub(req.url, "[?|&]+$", "");
    }


    if (req.url ~ "/wp-json") {
        return (pass);
    }

    if (req.url ~ "wp-(login|admin|comments-post.php|cron.php)" ||
        req.url ~ "preview=true" ||
        req.url ~ "xmlrpc.php") {
        return (pass);
    }

    return (hash);
 }

 sub vcl_hash {

    # For multi site configurations to not cache each other's content
    if (req.http.host) {
        hash_data(req.http.host);
    } else {
        hash_data(server.ip);
    }

    # To make sure http users don't see ssl warning
    if (req.http.SSL-OFFLOADED) {
        hash_data(req.http.SSL-OFFLOADED);
    }

 }

 sub vcl_backend_response {
    # Don't cache backend
    if (bereq.url ~ "wp-(login|admin|comments-post.php|cron.php)" ||
        bereq.url ~ "preview=true" ||
        bereq.url ~ "xmlrpc.php" ||
        # WooCommerce
        bereq.url ~ "wp-admin|wp-login|produkt|warenkorb|kasse|mein-konto|/?add-to-cart=|/?remove_item=|/?wc-ajax="
        ) {
        # Dont modify anything, it's (pass) object
    } else {
        unset beresp.http.set-cookie;

        if (beresp.status == 307) {
            # Don't cache temporary redirects like ?repeat=w3tc
            set beresp.ttl = 0h;
        } else if (bereq.url ~ "\.(bz2|css|flv|gif|gz|ico|jpeg|jpg|js|lzma|mp3|mp4|pdf|png|swf|tbz|tgz|txt|zip)$") {
            set beresp.ttl = 30d;
        } else {
            set beresp.ttl = 4h;
        }
    }
 }

 sub vcl_deliver {

    if (resp.http.x-varnish ~ " ") {
        set resp.http.X-Cache-Debug = "HIT";
        set resp.http.Grace = req.http.grace;
    } else {
        set resp.http.X-Cache-Debug = "MISS";
    }

    # Not letting browser to cache non-static files.
    if (resp.http.Cache-Control !~ "private" && req.url !~ "^/(wp-content|wp-upload|wp-json)/") {
        set resp.http.Pragma = "no-cache";
        set resp.http.Expires = "-1";
        set resp.http.Cache-Control = "no-store, no-cache, must-revalidate, max-age=0";
    }

    unset resp.http.X-Powered-By;
    unset resp.http.Server;
    unset resp.http.X-Varnish;
    unset resp.http.Via;
    unset resp.http.Link;
 }

 sub vcl_hit {
    if (obj.ttl >= 0s) {
        # Hit within TTL period
        return (deliver);
    }
    if (std.healthy(req.backend_hint)) {
        if (obj.ttl + 300s > 0s) {
            # Hit after TTL expiration, but within grace period
            set req.http.grace = "normal (healthy server)";
            return (deliver);
        } else {
            # Hit after TTL and grace expiration
            return (restart);
        }
    } else {
        # server is not healthy, retrieve from cache
        set req.http.grace = "unlimited (unhealthy server)";
        return (deliver);
    }
 }
	# VCL version 5.0 is not supported so it should be 4.0 even though actually used Varnish version is 6
	vcl 4.0;

	import std;
	# The minimal Varnish version is 6.0
	# For SSL offloading, pass the following header in your proxy server or load balancer: 'SSL-OFFLOADED: https'

	backend default {
	.host = "10.0.1.2";
	.port = "80";
	.connect_timeout = 600s;
	.first_byte_timeout = 600s;
	.between_bytes_timeout = 600s;
	}

	acl purge {
	# Web server with plugin which will issue PURGE requests
	"localhost";
	}

	sub vcl_recv {
	if (req.method == "PURGE") {
	if (!client.ip ~ purge) {
	return (synth(405, "Method not allowed"));
	}
	ban("req.url ~ ^" + req.url + "$ && req.http.host == " + req.http.host);
	}

	if (req.method != "GET" &&
	req.method != "HEAD" &&
	req.method != "PUT" &&
	req.method != "POST" &&
	req.method != "TRACE" &&
	req.method != "OPTIONS" &&
	req.method != "DELETE") {
	/* Non-RFC2616 or CONNECT which is weird. */
	return (pipe);
	}

	if (req.method != "GET" && req.method != "HEAD") {
	return (pass);
	}
	# Compression filter. See https://www.varnish-cache.org/trac/wiki/FAQ/Compression
	if (req.http.Accept-Encoding) {
	if (req.url ~ "\.(jpg\|jpeg\|png\|gif\|gz\|tgz\|bz2\|tbz\|mp3\|ogg\|swf\|flv)$") {
	# No point in compressing these
	unset req.http.Accept-Encoding;
	} elsif (req.http.Accept-Encoding ~ "gzip") {
	set req.http.Accept-Encoding = "gzip";
	} elsif (req.http.Accept-Encoding ~ "deflate" && req.http.user-agent !~ "MSIE") {
	set req.http.Accept-Encoding = "deflate";
	} else {
	unset req.http.Accept-Encoding;
	}
	}

	# Remove cookies and query string for real static files
	if (req.url ~ "\.(bz2\|css\|flv\|gif\|gz\|ico\|jpeg\|jpg\|js\|lzma\|mp3\|mp4\|pdf\|png\|swf\|tbz\|tgz\|txt\|zip)(\?.*\|)$") {
	unset req.http.cookie;
	set req.url = regsub(req.url, "\?.*$", "");
	}

	# Remove all marketing get parameters to minimize the cache objects
	if (req.url ~ "(\?\|&)(gclid\|cx\|ie\|cof\|siteurl\|zanpid\|origin\|fbclid\|mc_[a-z]+\|utm_[a-z]+\|_bta_[a-z]+)=") {
	set req.url = regsuball(req.url, "(gclid\|cx\|ie\|cof\|siteurl\|zanpid\|origin\|fbclid\|mc_[a-z]+\|utm_[a-z]+\|_bta_[a-z]+)=[-_A-z0-9+()%.]+&?", "");
	set req.url = regsub(req.url, "[?\|&]+$", "");
	}


	if (req.url ~ "/wp-json") {
	return (pass);
	}

	if (req.url ~ "wp-(login\|admin\|comments-post.php\|cron.php)" \|\|
	req.url ~ "preview=true" \|\|
	req.url ~ "xmlrpc.php") {
	return (pass);
	}

	return (hash);
	}

	sub vcl_hash {

	# For multi site configurations to not cache each other's content
	if (req.http.host) {
	hash_data(req.http.host);
	} else {
	hash_data(server.ip);
	}

	# To make sure http users don't see ssl warning
	if (req.http.SSL-OFFLOADED) {
	hash_data(req.http.SSL-OFFLOADED);
	}

	}

	sub vcl_backend_response {
	# Don't cache backend
	if (bereq.url ~ "wp-(login\|admin\|comments-post.php\|cron.php)" \|\|
	bereq.url ~ "preview=true" \|\|
	bereq.url ~ "xmlrpc.php" \|\|
	# WooCommerce
	bereq.url ~ "wp-admin\|wp-login\|produkt\|warenkorb\|kasse\|mein-konto\|/?add-to-cart=\|/?remove_item=\|/?wc-ajax="
	) {
	# Dont modify anything, it's (pass) object
	} else {
	unset beresp.http.set-cookie;

	if (beresp.status == 307) {
	# Don't cache temporary redirects like ?repeat=w3tc
	set beresp.ttl = 0h;
	} else if (bereq.url ~ "\.(bz2\|css\|flv\|gif\|gz\|ico\|jpeg\|jpg\|js\|lzma\|mp3\|mp4\|pdf\|png\|swf\|tbz\|tgz\|txt\|zip)$") {
	set beresp.ttl = 30d;
	} else {
	set beresp.ttl = 4h;
	}
	}
	}

	sub vcl_deliver {

	if (resp.http.x-varnish ~ " ") {
	set resp.http.X-Cache-Debug = "HIT";
	set resp.http.Grace = req.http.grace;
	} else {
	set resp.http.X-Cache-Debug = "MISS";
	}

	# Not letting browser to cache non-static files.
	if (resp.http.Cache-Control !~ "private" && req.url !~ "^/(wp-content\|wp-upload\|wp-json)/") {
	set resp.http.Pragma = "no-cache";
	set resp.http.Expires = "-1";
	set resp.http.Cache-Control = "no-store, no-cache, must-revalidate, max-age=0";
	}

	unset resp.http.X-Powered-By;
	unset resp.http.Server;
	unset resp.http.X-Varnish;
	unset resp.http.Via;
	unset resp.http.Link;
	}

	sub vcl_hit {
	if (obj.ttl >= 0s) {
	# Hit within TTL period
	return (deliver);
	}
	if (std.healthy(req.backend_hint)) {
	if (obj.ttl + 300s > 0s) {
	# Hit after TTL expiration, but within grace period
	set req.http.grace = "normal (healthy server)";
	return (deliver);
	} else {
	# Hit after TTL and grace expiration
	return (restart);
	}
	} else {
	# server is not healthy, retrieve from cache
	set req.http.grace = "unlimited (unhealthy server)";
	return (deliver);
	}
	}