ansible-inventories/arocom#158 Optimize Varnish config

db36f188 · jurgenhaas · 7904b574 · db36f188
Commit db36f188 authored 8 years ago by jurgenhaas
--- a/templates/default.vcl
+++ b/templates/default.vcl
@@ -4,6 +4,7 @@
 vcl 4.0;

 import std;
+import directors;

 {% for host in groups.webserver|default([]) %}
 backend {{ host }} {
@@ -21,9 +22,9 @@ backend {{ host }} {
    .window    = 5;
    .threshold = 3;
  }
-  .connect_timeout = 0.5s;
-  .first_byte_timeout = 600s;
-  .between_bytes_timeout = 600s;
+  .connect_timeout = 2s;
+  .first_byte_timeout = 300s;
+  .between_bytes_timeout = 2s;
 }
 {% endfor %}

@@ -58,6 +59,9 @@ sub vcl_recv {
  # Normalize the query arguments
  set req.url = std.querysort(req.url);

+  # Remove the proxy header (see https://httpoxy.org/#mitigate-varnish)
+  unset req.http.proxy;
+
  # Allow purging
  if (req.method == "PURGE") {
    if (!client.ip ~ purge) { # purge is the ACL defined at the begining
@@ -164,11 +168,6 @@ sub vcl_recv {
  # Before you blindly enable this, have a read here: https://ma.ttias.be/stop-caching-static-files/
  if (req.url ~ "^[^?]*\.(7z|avi|bmp|bz2|css|csv|doc|docx|eot|flac|flv|gif|gz|ico|jpeg|jpg|js|less|mka|mkv|mov|mp3|mp4|mpeg|mpg|odt|otf|ogg|ogm|opus|pdf|png|ppt|pptx|rar|rtf|svg|svgz|swf|tar|tbz|tgz|ttf|txt|txz|wav|webm|webp|woff|woff2|xls|xlsx|xml|xz|zip)(\?.*)?$") {
    unset req.http.Cookie;
-
-    # force cache, client can not control, disable Ctrl+F5 force refresh
-    unset req.http.Cache-Control;
-    unset req.http.Pragma;
-
    return (hash);
  }

@@ -180,7 +179,7 @@ sub vcl_recv {
    return (pass);
  }

-  return(hash);
+  return (hash);
 }

 sub vcl_pipe {
@@ -298,7 +297,6 @@ sub vcl_backend_response {
  if (bereq.url ~ "^[^?]*\.(7z|avi|bz2|flac|flv|gz|mka|mkv|mov|mp3|mp4|mpeg|mpg|ogg|ogm|opus|rar|tar|tgz|tbz|txz|wav|webm|xz|zip)(\?.*)?$") {
    unset beresp.http.set-cookie;
    set beresp.do_stream = true;  # Check memory usage it'll grow in fetch_chunksize blocks (128k by default) if the backend doesn't send a Content-Length header, so only enable it for big objects
-    set beresp.do_gzip = false;   # Don't try to compress it for storage
  }

  # Sometimes, a 301 or 302 redirect formed via Apache's mod_rewrite can mess with the HTTP port that is being passed along.
@@ -313,6 +311,7 @@ sub vcl_backend_response {

  # Disable buffering only for BigPipe responses
  if (beresp.http.Surrogate-Control ~ "BigPipe/1.0") {
+    set beresp.grace = 6h;
    set beresp.do_stream = true;
    set beresp.do_gzip = false;
    set beresp.ttl = 0s;
@@ -326,6 +325,11 @@ sub vcl_backend_response {
    return (deliver);
  }

+  # Don't cache 50x responses
+  if (beresp.status == 500 || beresp.status == 502 || beresp.status == 503 || beresp.status == 504) {
+    return (abandon);
+  }
+
  # Allow stale content, in case the backend goes down.
  # make Varnish keep all objects for 6 hours beyond their TTL
  set beresp.grace = 6h;