[varnish] Add Varnish configuration and Dockerfile

2 files changed, 60 insertions, 0 deletions

diff --git a/varnish/Dockerfile b/varnish/Dockerfile
new file mode 100644
index 0000000000..4a4b7dd7e0
--- /dev/null
+++ b/varnish/Dockerfile
@@ -0,0 +1,11 @@
+FROM centos:7
+MAINTAINER Vincent Ambo <hej@tazj.in>
+
+EXPOSE 6081 6082
+
+RUN yum install -y epel-release && yum install -y varnish
+
+ADD default.vcl /etc/varnish/default.vcl
+
+CMD ulimit -n 131072 && \
+    /usr/sbin/varnishd -F -f /etc/varnish/default.vcl -a :6081 -T :6082 -t 120
diff --git a/varnish/default.vcl b/varnish/default.vcl
new file mode 100644
index 0000000000..5710a589cc
--- /dev/null
+++ b/varnish/default.vcl
@@ -0,0 +1,49 @@
+vcl 4.0;
+
+# By default, Varnish will run on the same servers as the blog. Inside of
+# Kubernetes this will be inside the same pod.
+
+backend default {
+        .host = "localhost";
+        .port = "8000";
+}
+
+# Purge requests should be accepted from localhost
+acl purge {
+        "localhost";
+}
+
+sub vcl_recv {
+        # Allow HTTP PURGE from ACL above
+        if (req.method == "PURGE" && client.ip ~ purge) {
+                return (purge);
+        }
+
+        # Redirect /en to / (no more multi-language support)
+        if (req.url ~ "^/en") {
+                set req.url = regsub(req.url, "^/en/", "/");
+                return (synth(301, ""));
+        }
+
+        # Don't cache admin page
+        if (req.url ~ "^/admin") {
+                return (pass);
+        }
+}
+
+sub vcl_backend_response {
+        # Cache everything for at least 1 minute.
+        if (beresp.ttl < 1m) {
+                set beresp.ttl = 1m;
+        }
+
+        # Add an HSTS header to our response
+}
+
+sub vcl_synth {
+        # Execute redirects
+        if (resp.status == 301) {
+                set resp.http.Location = req.url;
+                return (deliver);
+        }
+}