varnish 配置文件分享(sens杨 注释)
(编辑:jimmy 日期: 2024/11/26 浏览:3 次 )
前言:
varnish 为目前新兴起来的软件,由于中文文档比较少,配置文件比较复杂,所以在运用起来也是特别的费劲。一个偶然的机会在一个群里,有位varnish高手( sens杨 )发表了一篇他对varnish配置文件理解的文档。对于学者来说很有价值。所以转载了过来。
原文如下:
varnish配置文件原文地址:http://groups.drupal.org/node/63203
注:红色字体是英文的直接翻译,有些地方翻译的不好
绿色部分是一些思考,这个配置对自身的业务配置的很详细,现在对除了cookie和TTL那部分外其他可以理解80%,慢慢学习体会
- backend default {
- .host = "127.0.0.1";
- .port = "8008";
- .connect_timeout = 600s;
- .first_byte_timeout = 600s;
- .between_bytes_timeout = 600s;
- }
- backend lighttpd {
- .host = "127.0.0.1";
- .port = "81";
- .connect_timeout = 600s;
- .first_byte_timeout = 600s;
- .between_bytes_timeout = 600s;
- }
- acl techmission_internal {
- "localhost";
- "127.0.0.1";
- }
- sub vcl_recv {
- // Allow a grace period for offering "stale" data in case backend lags (http://varnish-cache.org/wiki/VCLExampleGrace)
- // 如果backend数据滞后,允许为“过时”数据提供一个宽松期
- set req.grace = 5m;
- // block outside world from our test sites
- // 阻止非自己说测试网站(的数据访问)
- if ((req.http.host ~ "www.domain1.org|www.domain2.org") && !(client.ip ~ techmission_internal) && !(req.url ~ "^/ad|^/files")) {
- error 403 "Forbidden";
- }
- if((req.url ~ "/server-status" || req.url ~ "/whm-server-status") && !(client.ip ~ techmission_internal)) {
- error 404 "Not Found";
- }
- // add ping url to test Varnish status
- // 增加ping URL测试varnish状态(这个功能使用大部分vcl都没配置,可以增加一个监控状态)
- if (req.request == "GET" && req.url ~ "/varnish-ping") {
- error 200 "OK";
- }
- /* Normalize host header to reduce variation in cache */
- // 使host头规范化,以减少在cache中变化(这个为什么会说变化呢?)
- if (req.http.host == "domain.org" && req.url !~ "^/blogs") {
- set req.http.host = "www.domain.org";
- }
- /* Normalize Accept-Encoding to reduce effects of Vary: Accept-Encoding
- (cf. http://varnish-cache.org/wiki/FAQ/Compression)
- Also note that Vary: User-Agent is considered harmful
- (cf. http://www.mail-archive.com/varnish-misc@projects.linpro.no/msg03296.html) */
- //规范化Accept-Encoding以减少Vary:Accept-Encoding影响(cf),也要注意Vary: User-Agent认为是有害的
- if (req.http.Accept-Encoding) {
- //if先判断是否可以存在,是为了缩小处理范围?
- //看到的其他大部分配置直接就下面了,没有先判断Accept-Encoding是否存在,这点可以再考虑考虑
- //现在有req.can_gzip参数了,判断客户端是否接受压缩代码传输
- if (req.url ~ "\.(jpg|png|gif|gz|tgz|bz2|tbz|mp3|ogg)$") {
- // Don't compress already-compressed files
- remove req.http.Accept-Encoding;
- }
- elsif (req.http.Accept-Encoding ~ "gzip") {
- set req.http.Accept-Encoding = "gzip";
- }
- elsif (req.http.Accept-Encoding ~ "deflate") {
- set req.http.Accept-Encoding = "deflate";
- }
- else {
- // unknown algorithm
- // 不了解运算
- remove req.http.Accept-Encoding;
- }
- }
- // Remove has_js and Google Analytics __* cookies. Also remove collapsiblock cookies.
- //删除has_js和谷歌统计__*的cookies,同时删除collapsiblock cookies
- set req.http.Cookie = regsuball(req.http.Cookie, "(^|;\s*)(__[a-z]+|__utma_a2a|has_js|collapsiblock)=[^;]*", "");
- // Remove JSESSIONID cookie from ChristianVolunteering.org static files and pages that are same for all users
- //从ChristianVolunteering.org静态文件和网页中删除JSESSIONID cookie,所有的用户是一样(处理)的
- if (req.http.host ~ "christianvolunteering.org" &&
- (req.url ~ "^/$" ||
- req.url ~ "(searchform|advancedsearch|shorttermmissions|recruitvolunteers|volunteergettingstarted|virtualvolunteer|organizationsearch|abs-bible-outreach|ab*ecutive-volunteers|abs-traveling-engagement-center|churchinstructions|sitemap|city|virtual|organizationlistings|orglistings7407|technology|volunteerlistings|forgotpassword|churchvolunteer|churchvolunteering|servicetrip|region|citysitemap|searchformadv|personalitytest|groupvolunteering|disasterreliefvolunteering|disasterrelief|internships|christiangapyear|about|FAQs|bookrecommendations|contact|pressrelease|training|volunteerstart|volunteerstories|articles)\.jsp$" ||
- req.url ~ "org/org[0-9]+\.jsp$" ||
- req.url ~ "org/opp[0-9]+\.jsp$" ||
- req.url ~ "orglistings[0-9]+\.jsp$" ||
- req.url ~ "org/[^/]+\.jsp$" ||
- req.url ~ "volunteer/[^/]+\.jsp$")
- ) {
- set req.http.Cookie = regsuball(req.http.Cookie, "(^|;\s*)(JSESSIONID)=[^;]*", "");
- }
- // Remove a ";" prefix, if present.
- //如果有”;”前缀,则删除
- set req.http.Cookie = regsub(req.http.Cookie, "^;\s*", "");
- // Remove empty cookies.
- // 删除空cookies
- if (req.http.Cookie ~ "^\s*$") {
- unset req.http.Cookie;
- }
- // exclude umjobs and gospelpedia test sites
- // 排除umjos和gospelpedia测试站点
- if (req.http.host ~ "domain1.org" || req.http.host ~ "domain2.org") {
- return (pass);
- }
- // exclude the cron and supercron pages
- // 排除cron和supercron网页
- if (req.url ~ "cron.php") {
- return (pass);
- }
- // exclude dynamic pages (as did Boost)
- // 排除动态网页(也是提高(处理))
- if (req.http.host ~ "domain.org" && req.url ~ "^/(user/login|user/password|user/register|logout|cart|post-blog|site-feedback|cgi-bin/webscr|redirect-home|cv-enroll|recommended-content|node/8755|node/8830|node/8351|node/8757|node/8831|cart/(.*)|uc_paypal/(.*)|civicrm/(.*)|admin/(.*)|recommended-content/(.*)|comment/reply/(.*)|node/add/(.*))" ) {
- return (pass);
- }
- // exclude in case of Referer Theme
- // 排除Referer的一些主题
- if (req.http.host ~ "domain.org" && req.http.referer ~ "www.christianvolunteering.org|worldvision.christianvolunteering.org|ccda.christianvolunteering.org|www.ccda.org|www.urbanresource.net|mobile.urbanministry.org|www.ministeriourbano.com") {
- return (pass);
- }
- /* Rules to fix Moodle (thanks, gchaix!) */
- // 修复Moodle规则
- // Cache Moodle theme files
- //缓存Moodle主题文件
- if (req.url ~ "/pix/.*\.gif$") {
- return (lookup);
- }
- // Moodle doesn't like to be cached, passing
- //Moodle主题不能缓存的就pass
- if (req.http.Cookie ~ "(MoodleSession|MoodleSessionTest)") {
- return (pass);
- }
- if (req.http.host == "www.domain.edu" && req.url ~ "^/courses") {
- return (pass);
- }
- if (req.url ~ "file.php") {
- return (pass);
- }
- // WPMU themes are not playing well with static file caching
- //WPMU主题使用静态文件缓存运行的不太好
- if (req.http.host == "domain.org" && req.url ~ "/blogs/(.*)/wp-content/themes") {
- return (pass);
- }
- /* Rules for static file caching */
- /* 静态文件缓存规则
- // static files get served by Lighttpd
- // 使用Lightted服务静态文件
- if (req.http.host != "server2.techmission.org" && req.url ~ "\.(gif|jpg|swf|css|js|png|jpg|jpeg|gif|png|tiff|tif|svg|swf|ico|doc|ppt|pps|xls|odc|odb|odf|odg|odi|odp|ods|odt|sxc|sxd|sxi|sxw)$") {
- // Lighttpd does not require cookies
- unset req.http.Cookie;
- unset req.http.Authorization;
- set req.backend = lighttpd;
- }
- // large media files get piped directly to lighttpd, to avoid overfilling cache
- // 大媒体文件直接使用pipe方式到lightted,避免缓存溢出
- if (req.url ~ "\.(mp3|mp4|m4a|ogg|mov|avi|wmv)$" && req.url !~ "audio/download") {
- set req.backend = lighttpd;
- pipe;
- }
- // pipe large media files that come from Drupal, also, but they can't go to lighty
- // pipe从Drupal过来的大媒体文件,同时不去lighty
- if (req.url ~ "audio/play" || req.url ~ "audio/download") {
- pipe;
- }
- }
- sub vcl_hash {
- if (req.http.Cookie) {
- set req.hash += req.http.Cookie;
- }
- /* Have a separate object cache for mobile site based on User-Agent */
- /* 基于User-Agent的移动网站有一个单独的对象缓存
- if (req.http.host == "www.domain.org" && req.http.User-Agent ~ "(iPhone|iPod)") {
- set req.hash += "mobile";
- }
- }
- sub vcl_fetch {
- // Grace to allow varnish to serve content if backend is lagged
- // 如果backend滞后,允许varnish服务内容有一个缓冲期
- set obj.grace = 5m;
- // Add line showing what cookie is once stripped by regex in vcl_recv
- //在vcl_recv中通过regex增加展示cookie一次被剥夺的行
- set obj.http.X-Stripped-Cookie = req.http.Cookie;
- set obj.http.X-Request-URL = req.url;
- /* removing Set-Cookie headers that prevent caching */
- //删除那些阻止缓存的Set-Cookie头
- // Don't have cookies on static files (gchaix says may cause loss of session; I haven't observed that)
- if (req.url ~ "\.(gif|jpg|swf|css|js|png|jpg|jpeg|gif|png|tiff|tif|svg|swf|ico|doc|ppt|pps|xls|odc|odb|odf|odg|odi|odp|ods|odt|sxc|sxd|sxi|sxw)$") {
- remove obj.http.Set-Cookie;
- }
- // Don't set session cookie on ChristianVolunteering.org static files or pages that are same for all users
- //对于(头)ChristianVolunteering.org的静态文件和网页,对所有用户不设置session cookie
- if (req.http.host ~ "christianvolunteering.org" &&
- (req.url ~ "^/$" ||
- req.url ~ "(searchform|advancedsearch|shorttermmissions|recruitvolunteers|volunteergettingstarted|virtualvolunteer|organizationsearch|abs-bible-outreach|ab*ecutive-volunteers|abs-traveling-engagement-center|churchinstructions|sitemap|city|virtual|organizationlistings|orglistings7407|technology|volunteerlistings|forgotpassword|churchvolunteer|churchvolunteering|servicetrip|region|citysitemap|searchformadv|personalitytest|groupvolunteering|disasterreliefvolunteering|disasterrelief|internships|christiangapyear|about|FAQs|bookrecommendations|contact|pressrelease|training|volunteerstart|volunteerstories|articles)\.jsp$" ||
- req.url ~ "org/org[0-9]+\.jsp$" ||
- req.url ~ "org/opp[0-9]+\.jsp$" ||
- req.url ~ "orglistings[0-9]+\.jsp$" ||
- req.url ~ "org/[^/]+\.jsp$" ||
- req.url ~ "volunteer/[^/]+\.jsp$")
- ) {
- set obj.http.Set-Cookie = regsuball(req.http.Cookie, "(^|;\s*)(JSESSIONID)=[^;]*", "");
- // Remove empty set-cookie.
- if (obj.http.Set-Cookie ~ "^\s*$") {
- unset obj.http.Set-Cookie;
- }
- }
- /* ttl extensions */
- /* ttl 扩展 */
- // If on www.urbanministry.org or static.urbanministry.org, extend TTL by default (pt. 1)
- //对于www.urbanministry.org或static.urbanministry.org,默认情况下扩展TTL
- if (req.http.host == "www.domain.org" || req.http.host == "static.domain.org") {
- set obj.http.X-TTL-Extend = "YES";
- }
- // If on cityvision.edu, but not in Moodle, or if on blazinggrace.org, but not in forums, or if on techmission.org, change obj.ttl
- //如果主机头是cityvision.edu但是不在Moodle中,或者主机头是blazinggrace.org,但不在forums中,或者主机头是techmission.org,更改obj.ttl
- if ((req.http.host ~ "domain.edu" && req.url !~ "/courses") || (req.http.host ~ "blazinggrace.org" && req.url !~ "/forums") || (req.http.host ~ "techmission.org")) {
- set obj.ttl = 7d;
- set obj.http.X-Extended-TTL = "7d";
- }
- if (obj.status == 404) {
- set obj.ttl = 1s;
- if (obj.http.X-TTL-Extend) { unset obj.http.X-TTL-Extend; }
- }
- /* debugging of why a page was not cacheable */
- /* debug为什么页面没有缓存 */
- if (!obj.cacheable) {
- set obj.http.X-Cacheable = "NO: Varnish says not cacheable " obj.http.X-Cacheable;
- if (obj.http.X-TTL-Extend) { unset obj.http.X-TTL-Extend; }
- }
- // exclude umjobs and gospelpedia test sites
- // 排除umjobs和gospelpedia测试站点
- if (req.http.host ~ "domain1.org" || req.http.host ~ "domain2.org") {
- set obj.http.X-Cacheable = "NO: Test domain " obj.http.X-Cacheable;
- if (obj.http.X-TTL-Extend) { unset obj.http.X-TTL-Extend; }
- }
- if (obj.http.Set-Cookie) {
- set obj.http.X-Cacheable = "NO: Set-Cookie " obj.http.X-Cacheable;
- if (obj.http.X-TTL-Extend) { unset obj.http.X-TTL-Extend; }
- }
- if (req.http.Cookie ~ "DRUPAL_UID|SESS") {
- set obj.http.X-Cacheable = "NO: Got Session " obj.http.X-Cacheable;
- if (obj.http.X-TTL-Extend) { unset obj.http.X-TTL-Extend; }
- }
- if (obj.http.Cache-Control ~ "private" || obj.http.Cache-Control ~ "no-cache") {
- set obj.http.X-Cacheable = "NO: Cache-Control set to not cache " obj.http.X-Cacheable;
- if (obj.http.X-TTL-Extend) { unset obj.http.X-TTL-Extend; }
- }
- if (req.url ~ "cron.php") {
- set obj.http.X-Cacheable = "NO: Cron job " obj.http.X-Cacheable;
- if (obj.http.X-TTL-Extend) { unset obj.http.X-TTL-Extend; }
- }
- if (req.http.host ~ "domain.org" && req.url ~ "^/(user/login|user/password|user/register|logout|cart|post-blog|site-feedback|cgi-bin/webscr|redirect-home|cv-enroll|recommended-content|node/8755|node/8830|node/8351|node/8757|node/8831|cart/(.*)|uc_paypal/(.*)|civicrm/(.*)|admin/(.*)|recommended-content/(.*)|comment/reply/(.*)|node/add/(.*))" ) {
- set obj.http.X-Cacheable = "NO: Drupal un-cacheable path " obj.http.X-Cacheable;
- if (obj.http.X-TTL-Extend) { unset obj.http.X-TTL-Extend; }
- }
- if (req.http.host ~ "domain.org" && req.http.referer ~ "www.christianvolunteering.org|worldvision.christianvolunteering.org|ccda.christianvolunteering.org|www.ccda.org|www.urbanresource.net|mobile.urbanministry.org|www.ministeriourbano.com") {
- set obj.http.X-Cacheable = "NO: Referer Theme " obj.http.X-Cacheable;
- if (obj.http.X-TTL-Extend) { unset obj.http.X-TTL-Extend; }
- }
- if (req.request == "POST") {
- set obj.http.X-Cacheable = "NO: POST request " obj.http.X-Cacheable;
- if (obj.http.X-TTL-Extend) { unset obj.http.X-TTL-Extend; }
- }
- if (req.http.Authorization) {
- set obj.http.X-Cacheable = "NO: HTTP Authentication " obj.http.X-Cacheable;
- if (obj.http.X-TTL-Extend) { unset obj.http.X-TTL-Extend; }
- }
- // extend TTL for urbanministry.org objects (but not panels, views, or quicktabs); invalidation thru varnish.module + um_common.module
- //为urbaministry.org对象扩展TTL(不是面板、视图,或者quicktabs);经过varnish.module + um_common.module失效
- if((req.http.host == "www.domain.org" || req.http.host == "static.domain.org") && obj.http.X-TTL-Extend == "YES" && !obj.http.X-Cache-Type) {
- set obj.ttl = 7d;
- set obj.http.X-Extended-TTL = "7d";
- }
- }
- sub vcl_deliver {
- # return (deliver);
- // add cache hit data
- // 增加缓存命中数据
- if (obj.hits > 0) {
- // if hit add hit count
- // 如果命中,增加命中数
- set resp.http.X-Cache = "HIT";
- set resp.http.X-Cache-Hits = obj.hits;
- // set resp.http.X-Cache-Served-URL = "SERVED " obj.http.X-Request-URL; // http headers are apparently not accessible in vcl_deliver
- //在vcl_deliver中http头明显不可访问
- // set resp.http.X-Cache-TTL = obj.ttl; // string representation not implemented yet (currently on 2.0.5)
- }
- else {
- set resp.http.X-Cache = "MISS";
- }
- }
- /* custom error subroutine - to be a little friendlier to our users */
- //指定error子程序,对用户有好些
- sub vcl_error {
- if(obj.status == 503) {
- set obj.http.Content-Type = "text/html; charset=utf-8";
- synthetic {"
- <"string">"1.0" encoding="utf-8"?>
- <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
- "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
- <html>
- <head>
- <title>"} obj.status " " obj.response {"</title>
- </head>
- <body>
- <h1>Error "} obj.status " " obj.response {"</h1>
- <p>"} obj.response {"</p>
- <p>Sorry we missed you!</p>
- <p>We are currently upgrading our websites to serve you better. We should be up again soon.</p>
- <p>If you still receive this message 30 minutes from now, please email webmaster@techmission.org.</p>
- <h3>Guru Meditation:</h3>
- <p>XID: "} req.xid {"</p>
- <hr>
- <address>
- Served by <a href="http://www.varnish-cache.org/">Varnish cache server</a>
- </address>
- </body>
- </html>
- "};
- return (deliver);
- }
- elsif(obj.status == 403) {
- set obj.http.Content-Type = "text/html; charset=utf-8";
- synthetic {"
- <"string">"1.0" encoding="utf-8"?>
- <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
- "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
- <html>
- <head>
- <title>"} obj.status " " obj.response {"</title>
- </head>
- <body>
- <h1>Error "} obj.status " " obj.response {"</h1>
- <p>"} obj.response {"</p>
- <h2>TechMission Developer Access Only</h2>
- <p>This page is only accessible to our staff. Please visit our main websites www.techmission.org,www.urbanministry.org, and " title="www.christianvolunteering.org.
- " style="color: rgb(2, 122, 198); font-weight: bold; text-decoration: none; ">www.christianvolunteering.org.</p>
- <!-- (If you should have access to this page, edit the VCL file to grant yourself access (by adding your current IP to the ACL) and then reload the VCL.) -->
- <h3>Guru Meditation:</h3>
- <p>XID: "} req.xid {"</p>
- <hr>
- <address>
- Served by <a href="http://www.varnish-cache.org/">Varnish cache server</a>
- </address>
- </body>
- </html>
- "};
- return (deliver);
- }
- else {
- set obj.http.Content-Type = "text/html; charset=utf-8";
- synthetic {"
- <"string">"1.0" encoding="utf-8"?>
- <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
- "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
- <html>
- <head>
- <title>"} obj.status " " obj.response {"</title>
- </head>
- <body>
- <h1>Error "} obj.status " " obj.response {"</h1>
- <p>"} obj.response {"</p>
- <h3>Guru Meditation:</h3>
- <p>XID: "} req.xid {"</p>
- <hr>
- <address>
- Served by <a href="http://www.varnish-cache.org/">Varnish cache server</a>
- </address>
- </body>
- </html>
- "};
- return (deliver);
- }
- }
在这里感谢 sens杨 同学对配置文档的解释。
下面小编特整理的没有前面数字的文件方法大家使用
backend default { .host = "127.0.0.1"; .port = "8008"; .connect_timeout = 600s; .first_byte_timeout = 600s; .between_bytes_timeout = 600s; } backend lighttpd { .host = "127.0.0.1"; .port = "81"; .connect_timeout = 600s; .first_byte_timeout = 600s; .between_bytes_timeout = 600s; } acl techmission_internal { "localhost"; "127.0.0.1"; } sub vcl_recv { // Allow a grace period for offering "stale" data in case backend lags (http://varnish-cache.org/wiki/VCLExampleGrace) // 如果backend数据滞后,允许为“过时”数据提供一个宽松期 set req.grace = 5m; // block outside world from our test sites // 阻止非自己说测试网站(的数据访问) if ((req.http.host ~ "www.domain1.org|www.domain2.org") && !(client.ip ~ techmission_internal) && !(req.url ~ "^/ad|^/files")) { error 403 "Forbidden"; } if((req.url ~ "/server-status" || req.url ~ "/whm-server-status") && !(client.ip ~ techmission_internal)) { error 404 "Not Found"; } // add ping url to test Varnish status // 增加ping URL测试varnish状态(这个功能使用大部分vcl都没配置,可以增加一个监控状态) if (req.request == "GET" && req.url ~ "/varnish-ping") { error 200 "OK"; } /* Normalize host header to reduce variation in cache */ // 使host头规范化,以减少在cache中变化(这个为什么会说变化呢?) if (req.http.host == "domain.org" && req.url !~ "^/blogs") { set req.http.host = "www.domain.org"; } /* Normalize Accept-Encoding to reduce effects of Vary: Accept-Encoding (cf. http://varnish-cache.org/wiki/FAQ/Compression) Also note that Vary: User-Agent is considered harmful (cf. http://www.mail-archive.com/varnish-misc@projects.linpro.no/msg03296.html) */ //规范化Accept-Encoding以减少Vary:Accept-Encoding影响(cf),也要注意Vary: User-Agent认为是有害的 if (req.http.Accept-Encoding) { //if先判断是否可以存在,是为了缩小处理范围? //看到的其他大部分配置直接就下面了,没有先判断Accept-Encoding是否存在,这点可以再考虑考虑 //现在有req.can_gzip参数了,判断客户端是否接受压缩代码传输 if (req.url ~ "\.(jpg|png|gif|gz|tgz|bz2|tbz|mp3|ogg)$") { // Don't compress already-compressed files remove req.http.Accept-Encoding; } elsif (req.http.Accept-Encoding ~ "gzip") { set req.http.Accept-Encoding = "gzip"; } elsif (req.http.Accept-Encoding ~ "deflate") { set req.http.Accept-Encoding = "deflate"; } else { // unknown algorithm // 不了解运算 remove req.http.Accept-Encoding; } } // Remove has_js and Google Analytics __* cookies. Also remove collapsiblock cookies. //删除has_js和谷歌统计__*的cookies,同时删除collapsiblock cookies set req.http.Cookie = regsuball(req.http.Cookie, "(^|;\s*)(__[a-z]+|__utma_a2a|has_js|collapsiblock)=[^;]*", ""); // Remove JSESSIONID cookie from ChristianVolunteering.org static files and pages that are same for all users //从ChristianVolunteering.org静态文件和网页中删除JSESSIONID cookie,所有的用户是一样(处理)的 if (req.http.host ~ "christianvolunteering.org" && (req.url ~ "^/$" || req.url ~ "(searchform|advancedsearch|shorttermmissions|recruitvolunteers|volunteergettingstarted|virtualvolunteer|organizationsearch|abs-bible-outreach|ab*ecutive-volunteers|abs-traveling-engagement-center|churchinstructions|sitemap|city|virtual|organizationlistings|orglistings7407|technology|volunteerlistings|forgotpassword|churchvolunteer|churchvolunteering|servicetrip|region|citysitemap|searchformadv|personalitytest|groupvolunteering|disasterreliefvolunteering|disasterrelief|internships|christiangapyear|about|FAQs|bookrecommendations|contact|pressrelease|training|volunteerstart|volunteerstories|articles)\.jsp$" || req.url ~ "org/org[0-9]+\.jsp$" || req.url ~ "org/opp[0-9]+\.jsp$" || req.url ~ "orglistings[0-9]+\.jsp$" || req.url ~ "org/[^/]+\.jsp$" || req.url ~ "volunteer/[^/]+\.jsp$") ) { set req.http.Cookie = regsuball(req.http.Cookie, "(^|;\s*)(JSESSIONID)=[^;]*", ""); } // Remove a ";" prefix, if present. //如果有”;”前缀,则删除 set req.http.Cookie = regsub(req.http.Cookie, "^;\s*", ""); // Remove empty cookies. // 删除空cookies if (req.http.Cookie ~ "^\s*$") { unset req.http.Cookie; } // exclude umjobs and gospelpedia test sites // 排除umjos和gospelpedia测试站点 if (req.http.host ~ "domain1.org" || req.http.host ~ "domain2.org") { return (pass); } // exclude the cron and supercron pages // 排除cron和supercron网页 if (req.url ~ "cron.php") { return (pass); } // exclude dynamic pages (as did Boost) // 排除动态网页(也是提高(处理)) if (req.http.host ~ "domain.org" && req.url ~ "^/(user/login|user/password|user/register|logout|cart|post-blog|site-feedback|cgi-bin/webscr|redirect-home|cv-enroll|recommended-content|node/8755|node/8830|node/8351|node/8757|node/8831|cart/(.*)|uc_paypal/(.*)|civicrm/(.*)|admin/(.*)|recommended-content/(.*)|comment/reply/(.*)|node/add/(.*))" ) { return (pass); } // exclude in case of Referer Theme // 排除Referer的一些主题 if (req.http.host ~ "domain.org" && req.http.referer ~ "www.christianvolunteering.org|worldvision.christianvolunteering.org|ccda.christianvolunteering.org|www.ccda.org|www.urbanresource.net|mobile.urbanministry.org|www.ministeriourbano.com") { return (pass); } /* Rules to fix Moodle (thanks, gchaix!) */ // 修复Moodle规则 // Cache Moodle theme files //缓存Moodle主题文件 if (req.url ~ "/pix/.*\.gif$") { return (lookup); } // Moodle doesn't like to be cached, passing //Moodle主题不能缓存的就pass if (req.http.Cookie ~ "(MoodleSession|MoodleSessionTest)") { return (pass); } if (req.http.host == "www.domain.edu" && req.url ~ "^/courses") { return (pass); } if (req.url ~ "file.php") { return (pass); } // WPMU themes are not playing well with static file caching //WPMU主题使用静态文件缓存运行的不太好 if (req.http.host == "domain.org" && req.url ~ "/blogs/(.*)/wp-content/themes") { return (pass); } /* Rules for static file caching */ /* 静态文件缓存规则 // static files get served by Lighttpd // 使用Lightted服务静态文件 if (req.http.host != "server2.techmission.org" && req.url ~ "\.(gif|jpg|swf|css|js|png|jpg|jpeg|gif|png|tiff|tif|svg|swf|ico|doc|ppt|pps|xls|odc|odb|odf|odg|odi|odp|ods|odt|sxc|sxd|sxi|sxw)$") { // Lighttpd does not require cookies unset req.http.Cookie; unset req.http.Authorization; set req.backend = lighttpd; } // large media files get piped directly to lighttpd, to avoid overfilling cache // 大媒体文件直接使用pipe方式到lightted,避免缓存溢出 if (req.url ~ "\.(mp3|mp4|m4a|ogg|mov|avi|wmv)$" && req.url !~ "audio/download") { set req.backend = lighttpd; pipe; } // pipe large media files that come from Drupal, also, but they can't go to lighty // pipe从Drupal过来的大媒体文件,同时不去lighty if (req.url ~ "audio/play" || req.url ~ "audio/download") { pipe; } } sub vcl_hash { if (req.http.Cookie) { set req.hash += req.http.Cookie; } /* Have a separate object cache for mobile site based on User-Agent */ /* 基于User-Agent的移动网站有一个单独的对象缓存 if (req.http.host == "www.domain.org" && req.http.User-Agent ~ "(iPhone|iPod)") { set req.hash += "mobile"; } } sub vcl_fetch { // Grace to allow varnish to serve content if backend is lagged // 如果backend滞后,允许varnish服务内容有一个缓冲期 set obj.grace = 5m; // Add line showing what cookie is once stripped by regex in vcl_recv //在vcl_recv中通过regex增加展示cookie一次被剥夺的行 set obj.http.X-Stripped-Cookie = req.http.Cookie; set obj.http.X-Request-URL = req.url; /* removing Set-Cookie headers that prevent caching */ //删除那些阻止缓存的Set-Cookie头 // Don't have cookies on static files (gchaix says may cause loss of session; I haven't observed that) if (req.url ~ "\.(gif|jpg|swf|css|js|png|jpg|jpeg|gif|png|tiff|tif|svg|swf|ico|doc|ppt|pps|xls|odc|odb|odf|odg|odi|odp|ods|odt|sxc|sxd|sxi|sxw)$") { remove obj.http.Set-Cookie; } // Don't set session cookie on ChristianVolunteering.org static files or pages that are same for all users //对于(头)ChristianVolunteering.org的静态文件和网页,对所有用户不设置session cookie if (req.http.host ~ "christianvolunteering.org" && (req.url ~ "^/$" || req.url ~ "(searchform|advancedsearch|shorttermmissions|recruitvolunteers|volunteergettingstarted|virtualvolunteer|organizationsearch|abs-bible-outreach|ab*ecutive-volunteers|abs-traveling-engagement-center|churchinstructions|sitemap|city|virtual|organizationlistings|orglistings7407|technology|volunteerlistings|forgotpassword|churchvolunteer|churchvolunteering|servicetrip|region|citysitemap|searchformadv|personalitytest|groupvolunteering|disasterreliefvolunteering|disasterrelief|internships|christiangapyear|about|FAQs|bookrecommendations|contact|pressrelease|training|volunteerstart|volunteerstories|articles)\.jsp$" || req.url ~ "org/org[0-9]+\.jsp$" || req.url ~ "org/opp[0-9]+\.jsp$" || req.url ~ "orglistings[0-9]+\.jsp$" || req.url ~ "org/[^/]+\.jsp$" || req.url ~ "volunteer/[^/]+\.jsp$") ) { set obj.http.Set-Cookie = regsuball(req.http.Cookie, "(^|;\s*)(JSESSIONID)=[^;]*", ""); // Remove empty set-cookie. if (obj.http.Set-Cookie ~ "^\s*$") { unset obj.http.Set-Cookie; } } /* ttl extensions */ /* ttl 扩展 */ // If on www.urbanministry.org or static.urbanministry.org, extend TTL by default (pt. 1) //对于www.urbanministry.org或static.urbanministry.org,默认情况下扩展TTL if (req.http.host == "www.domain.org" || req.http.host == "static.domain.org") { set obj.http.X-TTL-Extend = "YES"; } // If on cityvision.edu, but not in Moodle, or if on blazinggrace.org, but not in forums, or if on techmission.org, change obj.ttl //如果主机头是cityvision.edu但是不在Moodle中,或者主机头是blazinggrace.org,但不在forums中,或者主机头是techmission.org,更改obj.ttl if ((req.http.host ~ "domain.edu" && req.url !~ "/courses") || (req.http.host ~ "blazinggrace.org" && req.url !~ "/forums") || (req.http.host ~ "techmission.org")) { set obj.ttl = 7d; set obj.http.X-Extended-TTL = "7d"; } if (obj.status == 404) { set obj.ttl = 1s; if (obj.http.X-TTL-Extend) { unset obj.http.X-TTL-Extend; } } /* debugging of why a page was not cacheable */ /* debug为什么页面没有缓存 */ if (!obj.cacheable) { set obj.http.X-Cacheable = "NO: Varnish says not cacheable " obj.http.X-Cacheable; if (obj.http.X-TTL-Extend) { unset obj.http.X-TTL-Extend; } } // exclude umjobs and gospelpedia test sites // 排除umjobs和gospelpedia测试站点 if (req.http.host ~ "domain1.org" || req.http.host ~ "domain2.org") { set obj.http.X-Cacheable = "NO: Test domain " obj.http.X-Cacheable; if (obj.http.X-TTL-Extend) { unset obj.http.X-TTL-Extend; } } if (obj.http.Set-Cookie) { set obj.http.X-Cacheable = "NO: Set-Cookie " obj.http.X-Cacheable; if (obj.http.X-TTL-Extend) { unset obj.http.X-TTL-Extend; } } if (req.http.Cookie ~ "DRUPAL_UID|SESS") { set obj.http.X-Cacheable = "NO: Got Session " obj.http.X-Cacheable; if (obj.http.X-TTL-Extend) { unset obj.http.X-TTL-Extend; } } if (obj.http.Cache-Control ~ "private" || obj.http.Cache-Control ~ "no-cache") { set obj.http.X-Cacheable = "NO: Cache-Control set to not cache " obj.http.X-Cacheable; if (obj.http.X-TTL-Extend) { unset obj.http.X-TTL-Extend; } } if (req.url ~ "cron.php") { set obj.http.X-Cacheable = "NO: Cron job " obj.http.X-Cacheable; if (obj.http.X-TTL-Extend) { unset obj.http.X-TTL-Extend; } } if (req.http.host ~ "domain.org" && req.url ~ "^/(user/login|user/password|user/register|logout|cart|post-blog|site-feedback|cgi-bin/webscr|redirect-home|cv-enroll|recommended-content|node/8755|node/8830|node/8351|node/8757|node/8831|cart/(.*)|uc_paypal/(.*)|civicrm/(.*)|admin/(.*)|recommended-content/(.*)|comment/reply/(.*)|node/add/(.*))" ) { set obj.http.X-Cacheable = "NO: Drupal un-cacheable path " obj.http.X-Cacheable; if (obj.http.X-TTL-Extend) { unset obj.http.X-TTL-Extend; } } if (req.http.host ~ "domain.org" && req.http.referer ~ "www.christianvolunteering.org|worldvision.christianvolunteering.org|ccda.christianvolunteering.org|www.ccda.org|www.urbanresource.net|mobile.urbanministry.org|www.ministeriourbano.com") { set obj.http.X-Cacheable = "NO: Referer Theme " obj.http.X-Cacheable; if (obj.http.X-TTL-Extend) { unset obj.http.X-TTL-Extend; } } if (req.request == "POST") { set obj.http.X-Cacheable = "NO: POST request " obj.http.X-Cacheable; if (obj.http.X-TTL-Extend) { unset obj.http.X-TTL-Extend; } } if (req.http.Authorization) { set obj.http.X-Cacheable = "NO: HTTP Authentication " obj.http.X-Cacheable; if (obj.http.X-TTL-Extend) { unset obj.http.X-TTL-Extend; } } // extend TTL for urbanministry.org objects (but not panels, views, or quicktabs); invalidation thru varnish.module + um_common.module //为urbaministry.org对象扩展TTL(不是面板、视图,或者quicktabs);经过varnish.module + um_common.module失效 if((req.http.host == "www.domain.org" || req.http.host == "static.domain.org") && obj.http.X-TTL-Extend == "YES" && !obj.http.X-Cache-Type) { set obj.ttl = 7d; set obj.http.X-Extended-TTL = "7d"; } } sub vcl_deliver { # return (deliver); // add cache hit data // 增加缓存命中数据 if (obj.hits > 0) { // if hit add hit count // 如果命中,增加命中数 set resp.http.X-Cache = "HIT"; set resp.http.X-Cache-Hits = obj.hits; // set resp.http.X-Cache-Served-URL = "SERVED " obj.http.X-Request-URL; // http headers are apparently not accessible in vcl_deliver //在vcl_deliver中http头明显不可访问 // set resp.http.X-Cache-TTL = obj.ttl; // string representation not implemented yet (currently on 2.0.5) } else { set resp.http.X-Cache = "MISS"; } } /* custom error subroutine - to be a little friendlier to our users */ //指定error子程序,对用户有好些 sub vcl_error { if(obj.status == 503) { set obj.http.Content-Type = "text/html; charset=utf-8"; synthetic {" <"1.0" encoding="utf-8"?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html> <head> <title>"} obj.status " " obj.response {"</title> </head> <body> <h1>Error "} obj.status " " obj.response {"</h1> <p>"} obj.response {"</p> <p>Sorry we missed you!</p> <p>We are currently upgrading our websites to serve you better. We should be up again soon.</p> <p>If you still receive this message 30 minutes from now, please email webmaster@techmission.org.</p> <h3>Guru Meditation:</h3> <p>XID: "} req.xid {"</p> <hr> <address> Served by <a href="http://www.varnish-cache.org/">Varnish cache server</a> </address> </body> </html> "}; return (deliver); } elsif(obj.status == 403) { set obj.http.Content-Type = "text/html; charset=utf-8"; synthetic {" <"1.0" encoding="utf-8"?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html> <head> <title>"} obj.status " " obj.response {"</title> </head> <body> <h1>Error "} obj.status " " obj.response {"</h1> <p>"} obj.response {"</p> <h2>TechMission Developer Access Only</h2> <p>This page is only accessible to our staff. Please visit our main websites www.techmission.org,www.urbanministry.org, and " title="www.christianvolunteering.org. " style="color: rgb(2, 122, 198); font-weight: bold; text-decoration: none; ">www.christianvolunteering.org.</p> <!-- (If you should have access to this page, edit the VCL file to grant yourself access (by adding your current IP to the ACL) and then reload the VCL.) --> <h3>Guru Meditation:</h3> <p>XID: "} req.xid {"</p> <hr> <address> Served by <a href="http://www.varnish-cache.org/">Varnish cache server</a> </address> </body> </html> "}; return (deliver); } else { set obj.http.Content-Type = "text/html; charset=utf-8"; synthetic {" <"1.0" encoding="utf-8"?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html> <head> <title>"} obj.status " " obj.response {"</title> </head> <body> <h1>Error "} obj.status " " obj.response {"</h1> <p>"} obj.response {"</p> <h3>Guru Meditation:</h3> <p>XID: "} req.xid {"</p> <hr> <address> Served by <a href="http://www.varnish-cache.org/">Varnish cache server</a> </address> </body> </html> "}; return (deliver); } }
下一篇:IIS防盗链,防迅雷的唯一方案(safe3if)