summaryrefslogtreecommitdiff
path: root/installation/pleroma.vcl
blob: 154747aa60b646df7658688ce7bd436b6b92de11 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
vcl 4.1;
import std;

backend default {
    .host = "127.0.0.1";
    .port = "4000";
}

# ACL for IPs that are allowed to PURGE data from the cache
acl purge {
    "127.0.0.1";
}

sub vcl_recv {
    # Redirect HTTP to HTTPS
    if (std.port(server.ip) != 443) {
      set req.http.x-redir = "https://" + req.http.host + req.url;
      return (synth(750, ""));
    }

    # CHUNKED SUPPORT
    if (req.http.Range ~ "bytes=") {
      set req.http.x-range = req.http.Range;
    }

    # Pipe if WebSockets request is coming through
    if (req.http.upgrade ~ "(?i)websocket") {
      return (pipe);
    }

    # Allow purging of the cache
    if (req.method == "PURGE") {
      if (!client.ip ~ purge) {
        return(synth(405,"Not allowed."));
      }
      return(purge);
    }
}

sub vcl_backend_response {
    # gzip text content
    if (beresp.http.content-type ~ "(text|text/css|application/x-javascript|application/javascript)") {
      set beresp.do_gzip = true;
    }

    # Retry broken backend responses.
    if (beresp.status == 503) {
      set bereq.http.X-Varnish-Backend-503 = "1";
      return (retry);
    }

    # CHUNKED SUPPORT
    if (bereq.http.x-range ~ "bytes=" && beresp.status == 206) {
      set beresp.ttl = 10m;
      set beresp.http.CR = beresp.http.content-range;
    }

    # Don't cache objects that require authentication
    if (beresp.http.Authorization && !beresp.http.Cache-Control ~ "public") {
      set beresp.uncacheable = true;
      return (deliver);
    }

    # Allow serving cached content for 6h in case backend goes down
    set beresp.grace = 6h;

    # Do not cache 5xx responses
    if (beresp.status == 500 || beresp.status == 502 || beresp.status == 503 || beresp.status == 504) {
      set beresp.uncacheable = true;
      return (abandon);
    }

    # Do not cache redirects and errors
    if ((beresp.status >= 300) && (beresp.status < 500)) {
      set beresp.uncacheable = true;
      set beresp.ttl = 30s;
      return (deliver);
    }
}

# The synthetic response for 301 redirects
sub vcl_synth {
    if (resp.status == 750) {
      set resp.status = 301;
      set resp.http.Location = req.http.x-redir;
      return(deliver);
    }
}

# Ensure WebSockets through the pipe do not close prematurely
sub vcl_pipe {
    if (req.http.upgrade) {
      set bereq.http.upgrade = req.http.upgrade;
      set bereq.http.connection = req.http.connection;
    }
}

sub vcl_hash {
    # CHUNKED SUPPORT
    if (req.http.x-range ~ "bytes=") {
      hash_data(req.http.x-range);
      unset req.http.Range;
    }
}

sub vcl_backend_fetch {
    # Be more lenient for slow servers on the fediverse
    if bereq.url ~ "^/proxy/" {
      set bereq.first_byte_timeout = 300s;
    }

    # CHUNKED SUPPORT
    if (bereq.http.x-range) {
      set bereq.http.Range = bereq.http.x-range;
    }

    if (bereq.retries == 0) {
        # Clean up the X-Varnish-Backend-503 flag that is used internally
        # to mark broken backend responses that should be retried.
        unset bereq.http.X-Varnish-Backend-503;
    } else {
        if (bereq.http.X-Varnish-Backend-503) {
            if (bereq.method != "POST" &&
              std.healthy(bereq.backend) &&
              bereq.retries <= 4) {
              # Flush broken backend response flag & try again.
              unset bereq.http.X-Varnish-Backend-503;
            } else {
              return (abandon);
            }
        }
    }
}

sub vcl_deliver {
    # CHUNKED SUPPORT
    if (resp.http.CR) {
      set resp.http.Content-Range = resp.http.CR;
      unset resp.http.CR;
    }
}

sub vcl_backend_error {
    # Retry broken backend responses.
    set bereq.http.X-Varnish-Backend-503 = "1";
    return (retry);
}