tvl-depot/varnish/default.vcl

vcl 4.0;
import std;

# By default, Varnish will run on the same servers as the blog. Inside of
# Kubernetes this will be inside the same pod.

backend default {
        .host = "localhost";
        .port = "8000";
}

# Purge requests should be accepted from localhost
acl purge {
        "localhost";
}

sub vcl_recv {
        # Allow HTTP PURGE from ACL above
        if (req.method == "PURGE" && client.ip ~ purge) {
                return (purge);
        }

        # Don't cache admin page
        if (req.url ~ "^/admin") {
                return (pass);
        }

        # Redirect non-www to www and non-HTTPS to HTTPS
        if (req.http.host ~ "^tazj.in" || std.port(local.ip) == 6081) {
                return (synth (750, ""));
        }
}

sub vcl_backend_response {
        # Cache everything for at least 1 minute.
        if (beresp.ttl < 1m) {
                set beresp.ttl = 1m;
        }
}

sub vcl_deliver {
        # Add an HSTS header to everything
        set resp.http.Strict-Transport-Security = "max-age=31536000;includeSubdomains;preload";
}

sub vcl_synth {
        # Execute TLS or www. redirect
        if (resp.status == 750) {
                set resp.http.Location = "https://www.tazj.in" + req.url;
                set resp.status = 301;
                return (deliver);
        }
}
[varnish] Add Varnish configuration and Dockerfile 2015-11-19 22:23:05 +01:00			`vcl 4.0;`
[varnish] Use Varnish 4.1, redirect to HTTPS 2015-11-21 19:49:36 +01:00			`import std;`
[varnish] Add Varnish configuration and Dockerfile 2015-11-19 22:23:05 +01:00
			`# By default, Varnish will run on the same servers as the blog. Inside of`
			`# Kubernetes this will be inside the same pod.`

			`backend default {`
			`.host = "localhost";`
			`.port = "8000";`
			`}`

			`# Purge requests should be accepted from localhost`
			`acl purge {`
			`"localhost";`
			`}`

			`sub vcl_recv {`
			`# Allow HTTP PURGE from ACL above`
			`if (req.method == "PURGE" && client.ip ~ purge) {`
			`return (purge);`
			`}`

			`# Don't cache admin page`
			`if (req.url ~ "^/admin") {`
			`return (pass);`
			`}`
[varnish] Use Varnish 4.1, redirect to HTTPS 2015-11-21 19:49:36 +01:00
			`# Redirect non-www to www and non-HTTPS to HTTPS`
[varnish] Fix www. redirect 2015-11-21 20:30:50 +01:00			`if (req.http.host ~ "^tazj.in" \|\| std.port(local.ip) == 6081) {`
[varnish] Use Varnish 4.1, redirect to HTTPS 2015-11-21 19:49:36 +01:00			`return (synth (750, ""));`
			`}`
[varnish] Add Varnish configuration and Dockerfile 2015-11-19 22:23:05 +01:00			`}`

			`sub vcl_backend_response {`
			`# Cache everything for at least 1 minute.`
			`if (beresp.ttl < 1m) {`
			`set beresp.ttl = 1m;`
			`}`
[varnish] Add HSTS header to every response 2015-11-21 18:25:22 +01:00			`}`
[varnish] Add Varnish configuration and Dockerfile 2015-11-19 22:23:05 +01:00
[varnish] Add HSTS header to every response 2015-11-21 18:25:22 +01:00			`sub vcl_deliver {`
			`# Add an HSTS header to everything`
			`set resp.http.Strict-Transport-Security = "max-age=31536000;includeSubdomains;preload";`
[varnish] Add Varnish configuration and Dockerfile 2015-11-19 22:23:05 +01:00			`}`

			`sub vcl_synth {`
[varnish] Use Varnish 4.1, redirect to HTTPS 2015-11-21 19:49:36 +01:00			`# Execute TLS or www. redirect`
			`if (resp.status == 750) {`
			`set resp.http.Location = "https://www.tazj.in" + req.url;`
			`set resp.status = 301;`
[varnish] Add Varnish configuration and Dockerfile 2015-11-19 22:23:05 +01:00			`return (deliver);`
			`}`
			`}`