Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Includes now defunct API Platform Varnish configuration. From https://github.com/api-platform/api-platform/blob/v2.5.7/api/docker/varnish/conf/default.vcl Please note that is a BAN based purge (which is kinda meh ?) Please see also FriendsOfSymfony/FOSHttpCache#495 api-platform/core#1856 api-platform/api-platform#1947
- Loading branch information
Showing
7 changed files
with
322 additions
and
21 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,95 @@ | ||
vcl 4.0; | ||
|
||
import std; | ||
|
||
backend default { | ||
.host = "api"; | ||
.port = "80"; | ||
# Health check | ||
#.probe = { | ||
# .url = "/"; | ||
# .timeout = 5s; | ||
# .interval = 10s; | ||
# .window = 5; | ||
# .threshold = 3; | ||
#} | ||
} | ||
|
||
# Hosts allowed to send BAN requests | ||
acl invalidators { | ||
"localhost"; | ||
"php"; | ||
# local Kubernetes network | ||
"10.0.0.0"/8; | ||
"172.16.0.0"/12; | ||
"192.168.0.0"/16; | ||
} | ||
|
||
sub vcl_recv { | ||
if (req.restarts > 0) { | ||
set req.hash_always_miss = true; | ||
} | ||
|
||
# Remove the "Forwarded" HTTP header if exists (security) | ||
unset req.http.forwarded; | ||
|
||
# To allow API Platform to ban by cache tags | ||
if (req.method == "BAN") { | ||
if (client.ip !~ invalidators) { | ||
return (synth(405, "Not allowed")); | ||
} | ||
|
||
if (req.http.ApiPlatform-Ban-Regex) { | ||
ban("obj.http.Cache-Tags ~ " + req.http.ApiPlatform-Ban-Regex); | ||
|
||
return (synth(200, "Ban added")); | ||
} | ||
|
||
return (synth(400, "ApiPlatform-Ban-Regex HTTP header must be set.")); | ||
} | ||
|
||
# For health checks | ||
if (req.method == "GET" && req.url == "/healthz") { | ||
return (synth(200, "OK")); | ||
} | ||
} | ||
|
||
sub vcl_hit { | ||
if (obj.ttl >= 0s) { | ||
# A pure unadulterated hit, deliver it | ||
return (deliver); | ||
} | ||
|
||
if (std.healthy(req.backend_hint)) { | ||
# The backend is healthy | ||
# Fetch the object from the backend | ||
return (restart); | ||
} | ||
|
||
# No fresh object and the backend is not healthy | ||
if (obj.ttl + obj.grace > 0s) { | ||
# Deliver graced object | ||
# Automatically triggers a background fetch | ||
return (deliver); | ||
} | ||
|
||
# No valid object to deliver | ||
# No healthy backend to handle request | ||
# Return error | ||
return (synth(503, "API is down")); | ||
} | ||
|
||
sub vcl_deliver { | ||
# Don't send cache tags related headers to the client | ||
unset resp.http.url; | ||
# Comment the following line to send the "Cache-Tags" header to the client (e.g. to use CloudFlare cache tags) | ||
unset resp.http.Cache-Tags; | ||
} | ||
|
||
sub vcl_backend_response { | ||
# Ban lurker friendly header | ||
set beresp.http.url = bereq.url; | ||
|
||
# Add a grace in case the backend is down | ||
set beresp.grace = 1h; | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,109 @@ | ||
vcl 4.0; | ||
import std; | ||
|
||
backend default { | ||
.host = "caddy"; | ||
.port = "8080"; | ||
.max_connections = 300; | ||
.first_byte_timeout = 300s; # How long to wait before we receive a first byte from our backend? | ||
.connect_timeout = 5s; # How long to wait for a backend connection? | ||
.between_bytes_timeout = 2s; # How long to wait between bytes received from our backend? | ||
|
||
# Health check | ||
# .probe = { | ||
# .request = | ||
# "HEAD /health-check HTTP/1.1" | ||
# "Host: caddy-probe.local" | ||
# "Connection: close" | ||
# "User-Agent: Varnish Health Probe"; | ||
# .timeout = 5s; | ||
# .interval = 5s; | ||
# .window = 4; | ||
# .threshold = 2; | ||
# } | ||
} | ||
|
||
# Hosts allowed to send BAN requests | ||
acl invalidators { | ||
"localhost"; | ||
"php"; | ||
# local Kubernetes network | ||
# "10.0.0.0"/8; | ||
# "172.16.0.0"/12; | ||
# "192.168.0.0"/16; | ||
} | ||
|
||
sub vcl_recv { | ||
if (req.restarts > 0) { | ||
set req.hash_always_miss = true; | ||
} | ||
|
||
# Remove the "Forwarded" HTTP header if exists (security) | ||
unset req.http.forwarded; | ||
|
||
# To allow API Platform to ban by cache tags | ||
if (req.method == "BAN") { | ||
if (client.ip !~ invalidators) { | ||
return (synth(405, "Not allowed")); | ||
} | ||
|
||
if (req.http.ApiPlatform-Ban-Regex) { | ||
ban("obj.http.Cache-Tags ~ " + req.http.ApiPlatform-Ban-Regex); | ||
|
||
return (synth(200, "Ban added")); | ||
} | ||
|
||
return (synth(400, "ApiPlatform-Ban-Regex HTTP header must be set.")); | ||
} | ||
|
||
if (req.method != "GET" && req.method != "HEAD") { | ||
return (pass); | ||
} | ||
|
||
# For health checks | ||
# if (req.method == "GET" && req.url == "/healthz") { | ||
# return (synth(200, "OK")); | ||
# } | ||
|
||
return (hash); | ||
} | ||
|
||
sub vcl_hit { | ||
if (obj.ttl >= 0s) { | ||
# A pure unadulterated hit, deliver it | ||
return (deliver); | ||
} | ||
|
||
if (std.healthy(req.backend_hint)) { | ||
# The backend is healthy | ||
# Fetch the object from the backend | ||
return (restart); | ||
} | ||
|
||
# No fresh object and the backend is not healthy | ||
if (obj.ttl + obj.grace > 0s) { | ||
# Deliver graced object | ||
# Automatically triggers a background fetch | ||
return (deliver); | ||
} | ||
|
||
# No valid object to deliver | ||
# No healthy backend to handle request | ||
# Return error | ||
return (synth(503, "API is down")); | ||
} | ||
|
||
sub vcl_deliver { | ||
# Don't send cache tags related headers to the client | ||
unset resp.http.url; | ||
# Comment the following line to send the "Cache-Tags" header to the client (e.g. to use CloudFlare cache tags) | ||
# unset resp.http.Cache-Tags; | ||
} | ||
|
||
sub vcl_backend_response { | ||
# Ban lurker friendly header | ||
set beresp.http.url = bereq.url; | ||
|
||
# Add a grace in case the backend is down | ||
set beresp.grace = 1h; | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,18 @@ | ||
#!/bin/sh | ||
set -e | ||
|
||
# this will check if the first argument is a flag | ||
# but only works if all arguments require a hyphenated flag | ||
# -v; -SL; -f arg; etc will work, but not arg1 arg2 | ||
if [ "$#" -eq 0 ] || [ "${1#-}" != "$1" ]; then | ||
set -- varnishd \ | ||
-F \ | ||
-f /etc/varnish/default.vcl \ | ||
-a http=:80,HTTP \ | ||
-a proxy=:8443,PROXY \ | ||
-p feature=+http2 \ | ||
-s malloc,$VARNISH_SIZE \ | ||
"$@" | ||
fi | ||
|
||
exec "$@" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters