-vcl 4.0;
+vcl 4.1;
import std;
backend default {
sub vcl_recv {
# Redirect HTTP to HTTPS
if (std.port(server.ip) != 443) {
- set req.http.x-redir = "https://" + req.http.host + req.url;
- return (synth(750, ""));
+ set req.http.x-redir = "https://" + req.http.host + req.url;
+ return (synth(750, ""));
+ }
+
+ # CHUNKED SUPPORT
+ if (req.http.Range ~ "bytes=") {
+ set req.http.x-range = req.http.Range;
}
# Pipe if WebSockets request is coming through
if (req.http.upgrade ~ "(?i)websocket") {
- return (pipe);
+ return (pipe);
}
# Allow purging of the cache
if (req.method == "PURGE") {
- if (!client.ip ~ purge) {
- return(synth(405,"Not allowed."));
- }
- return(purge);
- }
-
- # Pleroma MediaProxy - strip headers that will affect caching
- if (req.url ~ "^/proxy/") {
- unset req.http.Cookie;
- unset req.http.Authorization;
- unset req.http.Accept;
- return (hash);
- }
-
- # Hack to enable a Terms of Service page missing from Pleroma
- if (req.url ~ "^/about/more$") {
- set req.http.x-redir = "https://" + req.http.host + "/static/terms-of-service.html";
- return (synth(750, ""));
- }
-
- # Strip headers that will affect caching from all other static content
- # This also permits caching of individual toots and AP Activities
- if ((req.url ~ "^/(media|notice|objects|static)/") ||
- (req.url ~ "^/(activities/|api/v1/statuses/\d+$)") ||
- (req.url ~ "^/(activities/|api/v1/statuses/\d+/card$)") ||
- (req.url ~ "(?i)\.(html|js|css|jpg|jpeg|png|gif|gz|tgz|bz2|tbz|mp3|ogg|svg|swf|ttf|pdf|woff|woff2)$"))
- {
- unset req.http.Cookie;
- unset req.http.Authorization;
- return (hash);
+ if (!client.ip ~ purge) {
+ return(synth(405,"Not allowed."));
+ }
+ return(purge);
}
-
- # Everything else should just be piped to Pleroma
- return (pipe);
}
sub vcl_backend_response {
set beresp.do_gzip = true;
}
- # etags are bad
- unset beresp.http.etag;
+ # Retry broken backend responses.
+ if (beresp.status == 503) {
+ set bereq.http.X-Varnish-Backend-503 = "1";
+ return (retry);
+ }
+
+ # CHUNKED SUPPORT
+ if (bereq.http.x-range ~ "bytes=" && beresp.status == 206) {
+ set beresp.ttl = 10m;
+ set beresp.http.CR = beresp.http.content-range;
+ }
# Don't cache objects that require authentication
if (beresp.http.Authorization && !beresp.http.Cache-Control ~ "public") {
return (deliver);
}
- # Default object caching of 86400s;
- set beresp.ttl = 86400s;
# Allow serving cached content for 6h in case backend goes down
set beresp.grace = 6h;
# Do not cache redirects and errors
if ((beresp.status >= 300) && (beresp.status < 500)) {
- set beresp.uncacheable = true;
- set beresp.ttl = 30s;
- return (deliver);
- }
-
- # Pleroma MediaProxy internally sets headers properly
- if (bereq.url ~ "^/proxy/") {
+ set beresp.uncacheable = true;
+ set beresp.ttl = 30s;
return (deliver);
}
-
- # Strip cache-restricting headers from Pleroma on static content that we want to cache
- # Also enable streaming of cached content to clients (no waiting for Varnish to complete backend fetch)
- if ((bereq.url ~ "^/(notice|objects)/") ||
- (bereq.url ~ "^/(activities/|api/v1/statuses/\d+$)") ||
- (bereq.url ~ "^/(activities/|api/v1/statuses/\d+/card$)") ||
- (bereq.url ~ "(?i)\.(js|css|jpg|jpeg|png|gif|gz|tgz|bz2|tbz|mp3|ogg|svg|swf|ttf|pdf|woff|woff2)$"))
- {
- unset beresp.http.set-cookie;
- unset beresp.http.Cache-Control;
- unset beresp.http.x-request-id;
- set beresp.http.Cache-Control = "public, max-age=86400";
- set beresp.do_stream = true;
- }
}
-# The synthetic response for the HTTP to HTTPS upgrade
+# The synthetic response for 301 redirects
sub vcl_synth {
if (resp.status == 750) {
set resp.status = 301;
# Ensure WebSockets through the pipe do not close prematurely
sub vcl_pipe {
if (req.http.upgrade) {
- set bereq.http.upgrade = req.http.upgrade;
- set bereq.http.connection = req.http.connection;
+ set bereq.http.upgrade = req.http.upgrade;
+ set bereq.http.connection = req.http.connection;
+ }
+}
+
+sub vcl_hash {
+ # CHUNKED SUPPORT
+ if (req.http.x-range ~ "bytes=") {
+ hash_data(req.http.x-range);
+ unset req.http.Range;
+ }
+}
+
+sub vcl_backend_fetch {
+ # Be more lenient for slow servers on the fediverse
+ if bereq.url ~ "^/proxy/" {
+ set bereq.first_byte_timeout = 300s;
+ }
+
+ # CHUNKED SUPPORT
+ if (bereq.http.x-range) {
+ set bereq.http.Range = bereq.http.x-range;
}
+
+ if (bereq.retries == 0) {
+ # Clean up the X-Varnish-Backend-503 flag that is used internally
+ # to mark broken backend responses that should be retried.
+ unset bereq.http.X-Varnish-Backend-503;
+ } else {
+ if (bereq.http.X-Varnish-Backend-503) {
+ if (bereq.method != "POST" &&
+ std.healthy(bereq.backend) &&
+ bereq.retries <= 4) {
+ # Flush broken backend response flag & try again.
+ unset bereq.http.X-Varnish-Backend-503;
+ } else {
+ return (abandon);
+ }
+ }
+ }
+}
+
+sub vcl_deliver {
+ # CHUNKED SUPPORT
+ if (resp.http.CR) {
+ set resp.http.Content-Range = resp.http.CR;
+ unset resp.http.CR;
+ }
+}
+
+sub vcl_backend_error {
+ # Retry broken backend responses.
+ set bereq.http.X-Varnish-Backend-503 = "1";
+ return (retry);
}