projects / akkoma / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Add example Varnish VCL
[akkoma] / installation / pleroma.vcl
1 vcl 4.0;
2 import std;
3
4 backend default {
5 .host = "127.0.0.1";
6 .port = "4000";
7 }
8
9 sub vcl_recv {
10 # Redirect HTTP to HTTPS
11 if (std.port(server.ip) != 443) {
12 set req.http.x-redir = "https://" + req.http.host + req.url;
13 return (synth(750, ""));
14 }
15
16 # Pipe if WebSockets request is coming through
17 if (req.http.upgrade ~ "(?i)websocket") {
18 return (pipe);
19 }
20
21 # Pleroma MediaProxy - strip headers that will affect caching
22 if (req.url ~ "^/proxy/") {
23 unset req.http.Cookie;
24 unset req.http.Authorization;
25 unset req.http.Accept;
26 return (hash);
27 }
28
29 # Hack to enable a Terms of Service page missing from Pleroma
30 if (req.url ~ "^/about/more$") {
31 set req.http.x-redir = "https://" + req.http.host + "/static/terms-of-service.html";
32 return (synth(750, ""));
33 }
34
35 # Strip headers that will affect caching from all other static content
36 # This also permits caching of individual toots and AP Activities
37 if ((req.url ~ "^/(media|notice|objects|static)/") ||
38 (req.url ~ "^/(activities/|api/v1/statuses/\d+$)") ||
39 (req.url ~ "^/(activities/|api/v1/statuses/\d+/card$)") ||
40 (req.url ~ "(?i)\.(html|js|css|jpg|jpeg|png|gif|gz|tgz|bz2|tbz|mp3|ogg|svg|swf|ttf|pdf|woff|woff2)$"))
41 {
42 unset req.http.Cookie;
43 unset req.http.Authorization;
44 return (hash);
45 }
46
47 # Everything else should just be piped to Pleroma
48 return (pipe);
49 }
50
51 sub vcl_backend_response {
52 # gzip text content
53 if (beresp.http.content-type ~ "(text|text/css|application/x-javascript|application/javascript)") {
54 set beresp.do_gzip = true;
55 }
56
57 # etags are bad
58 unset beresp.http.etag;
59
60 # Don't cache objects that require authentication
61 if (beresp.http.Authorization && !beresp.http.Cache-Control ~ "public") {
62 set beresp.uncacheable = true;
63 return (deliver);
64 }
65
66 # Default object caching of 86400s;
67 set beresp.ttl = 86400s;
68 # Allow serving cached content for 6h in case backend goes down
69 set beresp.grace = 6h;
70
71 # Do not cache 5xx responses
72 if (beresp.status == 500 || beresp.status == 502 || beresp.status == 503 || beresp.status == 504) {
73 set beresp.uncacheable = true;
74 return (abandon);
75 }
76
77 # Do not cache redirects and errors
78 if ((beresp.status >= 300) && (beresp.status < 500)) {
79 set beresp.uncacheable = true;
80 set beresp.ttl = 30s;
81 return (deliver);
82 }
83
84 # Pleroma MediaProxy internally sets headers properly
85 if (bereq.url ~ "^/proxy/") {
86 return (deliver);
87 }
88
89 # Strip cache-restricting headers from Pleroma on static content that we want to cache
90 # Also enable streaming of cached content to clients (no waiting for Varnish to complete backend fetch)
91 if ((bereq.url ~ "^/(notice|objects)/") ||
92 (bereq.url ~ "^/(activities/|api/v1/statuses/\d+$)") ||
93 (bereq.url ~ "^/(activities/|api/v1/statuses/\d+/card$)") ||
94 (bereq.url ~ "(?i)\.(js|css|jpg|jpeg|png|gif|gz|tgz|bz2|tbz|mp3|ogg|svg|swf|ttf|pdf|woff|woff2)$"))
95 {
96 unset beresp.http.set-cookie;
97 unset beresp.http.Cache-Control;
98 unset beresp.http.x-request-id;
99 set beresp.http.Cache-Control = "public, max-age=86400";
100 set beresp.do_stream = true;
101 }
102 }
103
104 # The synthetic response for the HTTP to HTTPS upgrade
105 sub vcl_synth {
106 if (resp.status == 750) {
107 set resp.status = 301;
108 set resp.http.Location = req.http.x-redir;
109 return(deliver);
110 }
111 }
112
113 # Ensure WebSockets through the pipe do not close prematurely
114 sub vcl_pipe {
115 if (req.http.upgrade) {
116 set bereq.http.upgrade = req.http.upgrade;
117 set bereq.http.connection = req.http.connection;
118 }
119 }
Fork of https://akkoma.dev/AkkomaGang/akkoma.git