9 # ACL for IPs that are allowed to PURGE data from the cache
15 # Redirect HTTP to HTTPS
16 if (std.port(server.ip) != 443) {
17 set req.http.x-redir = "https://" + req.http.host + req.url;
18 return (synth(750, ""));
21 # Pipe if WebSockets request is coming through
22 if (req.http.upgrade ~ "(?i)websocket") {
26 # Allow purging of the cache
27 if (req.method == "PURGE") {
28 if (!client.ip ~ purge) {
29 return(synth(405,"Not allowed."));
34 # Pleroma MediaProxy - strip headers that will affect caching
35 if (req.url ~ "^/proxy/") {
36 unset req.http.Cookie;
37 unset req.http.Authorization;
38 unset req.http.Accept;
42 # Hack to enable a Terms of Service page missing from Pleroma
43 if (req.url ~ "^/about/more$") {
44 set req.http.x-redir = "https://" + req.http.host + "/static/terms-of-service.html";
45 return (synth(750, ""));
48 # Strip headers that will affect caching from all other static content
49 # This also permits caching of individual toots and AP Activities
50 if ((req.url ~ "^/(media|notice|objects|static)/") ||
51 (req.url ~ "^/(activities/|api/v1/statuses/\d+$)") ||
52 (req.url ~ "^/(activities/|api/v1/statuses/\d+/card$)") ||
53 (req.url ~ "(?i)\.(html|js|css|jpg|jpeg|png|gif|gz|tgz|bz2|tbz|mp3|ogg|svg|swf|ttf|pdf|woff|woff2)$"))
55 unset req.http.Cookie;
56 unset req.http.Authorization;
60 # Everything else should just be piped to Pleroma
64 sub vcl_backend_response {
66 if (beresp.http.content-type ~ "(text|text/css|application/x-javascript|application/javascript)") {
67 set beresp.do_gzip = true;
71 unset beresp.http.etag;
73 # Don't cache objects that require authentication
74 if (beresp.http.Authorization && !beresp.http.Cache-Control ~ "public") {
75 set beresp.uncacheable = true;
79 # Default object caching of 86400s;
80 set beresp.ttl = 86400s;
81 # Allow serving cached content for 6h in case backend goes down
82 set beresp.grace = 6h;
84 # Do not cache 5xx responses
85 if (beresp.status == 500 || beresp.status == 502 || beresp.status == 503 || beresp.status == 504) {
86 set beresp.uncacheable = true;
90 # Do not cache redirects and errors
91 if ((beresp.status >= 300) && (beresp.status < 500)) {
92 set beresp.uncacheable = true;
97 # Pleroma MediaProxy internally sets headers properly
98 if (bereq.url ~ "^/proxy/") {
102 # Strip cache-restricting headers from Pleroma on static content that we want to cache
103 # Also enable streaming of cached content to clients (no waiting for Varnish to complete backend fetch)
104 if ((bereq.url ~ "^/(notice|objects)/") ||
105 (bereq.url ~ "^/(activities/|api/v1/statuses/\d+$)") ||
106 (bereq.url ~ "^/(activities/|api/v1/statuses/\d+/card$)") ||
107 (bereq.url ~ "(?i)\.(js|css|jpg|jpeg|png|gif|gz|tgz|bz2|tbz|mp3|ogg|svg|swf|ttf|pdf|woff|woff2)$"))
109 unset beresp.http.set-cookie;
110 unset beresp.http.Cache-Control;
111 unset beresp.http.x-request-id;
112 set beresp.http.Cache-Control = "public, max-age=86400";
113 set beresp.do_stream = true;
117 # The synthetic response for the HTTP to HTTPS upgrade
119 if (resp.status == 750) {
120 set resp.status = 301;
121 set resp.http.Location = req.http.x-redir;
126 # Ensure WebSockets through the pipe do not close prematurely
128 if (req.http.upgrade) {
129 set bereq.http.upgrade = req.http.upgrade;
130 set bereq.http.connection = req.http.connection;
projects / akkoma / blob