X-Git-Url: http://git.squeep.com/?a=blobdiff_plain;f=installation%2Fpleroma.vcl;h=4752510ea010be1c91abb14bbf947d433d046131;hb=2c96668a2c20906e5159fdea9326dbba4ca6ca62;hp=154747aa60b646df7658688ce7bd436b6b92de11;hpb=f4e2595592ccca6cedd64669baef7bdd2a6547d0;p=akkoma

diff --git a/installation/pleroma.vcl b/installation/pleroma.vcl
index 154747aa6..4752510ea 100644
--- a/installation/pleroma.vcl
+++ b/installation/pleroma.vcl
@@ -1,3 +1,4 @@
+# Recommended varnishncsa logging format: '%h %l %u %t "%m %{X-Forwarded-Proto}i://%{Host}i%U%q %H" %s %b "%{Referer}i" "%{User-agent}i"'
 vcl 4.1;
 import std;
 
@@ -14,8 +15,11 @@ acl purge {
 sub vcl_recv {
     # Redirect HTTP to HTTPS
     if (std.port(server.ip) != 443) {
+      set req.http.X-Forwarded-Proto = "http";
       set req.http.x-redir = "https://" + req.http.host + req.url;
       return (synth(750, ""));
+    } else {
+      set req.http.X-Forwarded-Proto = "https";
     }
 
     # CHUNKED SUPPORT
@@ -55,6 +59,13 @@ sub vcl_backend_response {
       set beresp.http.CR = beresp.http.content-range;
     }
 
+    # Bypass cache for large files
+    # 50000000 ~ 50MB
+    if (std.integer(beresp.http.content-length, 0) > 50000000) {
+       set beresp.uncacheable = true;
+       return(deliver);
+    }
+
     # Don't cache objects that require authentication
     if (beresp.http.Authorization && !beresp.http.Cache-Control ~ "public") {
       set beresp.uncacheable = true;
@@ -105,7 +116,7 @@ sub vcl_hash {
 
 sub vcl_backend_fetch {
     # Be more lenient for slow servers on the fediverse
-    if bereq.url ~ "^/proxy/" {
+    if (bereq.url ~ "^/proxy/") {
       set bereq.first_byte_timeout = 300s;
     }