git.squeep.com Git - akkoma/blob - installation/pleroma.vcl

   1 vcl 4.0;
   2 import std;
   3
   4 backend default {
   5     .host = "127.0.0.1";
   6     .port = "4000";
   7 }
   8
   9 # ACL for IPs that are allowed to PURGE data from the cache
  10 acl purge {
  11     "127.0.0.1";
  12 }
  13
  14 sub vcl_recv {
  15     # Redirect HTTP to HTTPS
  16     if (std.port(server.ip) != 443) {
  17         set req.http.x-redir = "https://" + req.http.host + req.url;
  18         return (synth(750, ""));
  19     }
  20
  21     # Pipe if WebSockets request is coming through
  22     if (req.http.upgrade ~ "(?i)websocket") {
  23         return (pipe);
  24     }
  25
  26     # Allow purging of the cache
  27     if (req.method == "PURGE") {
  28         if (!client.ip ~ purge) {
  29           return(synth(405,"Not allowed."));
  30         }
  31         return(purge);
  32     }
  33
  34     # Pleroma MediaProxy - strip headers that will affect caching
  35     if (req.url ~ "^/proxy/") {
  36         unset req.http.Cookie;
  37         unset req.http.Authorization;
  38         unset req.http.Accept;
  39         return (hash);
  40     }
  41
  42     # Strip headers that will affect caching from all other static content
  43     # This also permits caching of individual toots and AP Activities
  44     if ((req.url ~ "^/(media|static)/") ||
  45     (req.url ~ "(?i)\.(html|js|css|jpg|jpeg|png|gif|gz|tgz|bz2|tbz|mp3|mp4|ogg|webm|svg|swf|ttf|pdf|woff|woff2)$"))
  46     {
  47       unset req.http.Cookie;
  48       unset req.http.Authorization;
  49       return (hash);
  50     }
  51 }
  52
  53 sub vcl_backend_response {
  54     # gzip text content
  55     if (beresp.http.content-type ~ "(text|text/css|application/x-javascript|application/javascript)") {
  56       set beresp.do_gzip = true;
  57     }
  58
  59     # Don't cache objects that require authentication
  60     if (beresp.http.Authorization && !beresp.http.Cache-Control ~ "public") {
  61       set beresp.uncacheable = true;
  62       return (deliver);
  63     }
  64
  65     # Default object caching of 86400s;
  66     set beresp.ttl = 86400s;
  67     # Allow serving cached content for 6h in case backend goes down
  68     set beresp.grace = 6h;
  69
  70     # Do not cache 5xx responses
  71     if (beresp.status == 500 || beresp.status == 502 || beresp.status == 503 || beresp.status == 504) {
  72       set beresp.uncacheable = true;
  73       return (abandon);
  74     }
  75
  76     # Do not cache redirects and errors
  77     if ((beresp.status >= 300) && (beresp.status < 500)) {
  78         set beresp.uncacheable = true;
  79         set beresp.ttl = 30s;
  80         return (deliver);
  81     }
  82
  83     # Pleroma MediaProxy internally sets headers properly
  84     if (bereq.url ~ "^/proxy/") {
  85       return (deliver);
  86     }
  87
  88     # Strip cache-restricting headers from Pleroma on static content that we want to cache
  89     if (bereq.url ~ "(?i)\.(js|css|jpg|jpeg|png|gif|gz|tgz|bz2|tbz|mp3|mp4|ogg|webm|svg|swf|ttf|pdf|woff|woff2)$")
  90     {
  91       unset beresp.http.set-cookie;
  92       unset beresp.http.Cache-Control;
  93       unset beresp.http.x-request-id;
  94       set beresp.http.Cache-Control = "public, max-age=86400";
  95     }
  96 }
  97
  98 # The synthetic response for 301 redirects
  99 sub vcl_synth {
 100     if (resp.status == 750) {
 101       set resp.status = 301;
 102       set resp.http.Location = req.http.x-redir;
 103       return(deliver);
 104     }
 105 }
 106
 107 # Ensure WebSockets through the pipe do not close prematurely
 108 sub vcl_pipe {
 109     if (req.http.upgrade) {
 110         set bereq.http.upgrade = req.http.upgrade;
 111         set bereq.http.connection = req.http.connection;
 112     }
 113 }