diff options
Diffstat (limited to 'services/tazblog/varnish')
-rw-r--r-- | services/tazblog/varnish/Dockerfile | 16 | ||||
-rw-r--r-- | services/tazblog/varnish/default.vcl | 60 |
2 files changed, 0 insertions, 76 deletions
diff --git a/services/tazblog/varnish/Dockerfile b/services/tazblog/varnish/Dockerfile deleted file mode 100644 index 83733b527d31..000000000000 --- a/services/tazblog/varnish/Dockerfile +++ /dev/null @@ -1,16 +0,0 @@ -FROM centos:7 -MAINTAINER Vincent Ambo <hej@tazj.in> - -EXPOSE 6081 6082 6083 - -RUN yum install -y epel-release && \ - rpm --nosignature -i https://repo.varnish-cache.org/redhat/varnish-4.1.el7.rpm && \ - yum install -y varnish - -ADD default.vcl /etc/varnish/default.vcl - -CMD ulimit -n 131072 && \ - /usr/sbin/varnishd -F -f /etc/varnish/default.vcl \ - -a :6081 -T :6082 -a :6083,PROXY -t 120 \ - -p thread_pool_min=5 -p thread_pool_max=500\ - -p thread_pool_timeout=300 diff --git a/services/tazblog/varnish/default.vcl b/services/tazblog/varnish/default.vcl deleted file mode 100644 index 5a15d21a9c98..000000000000 --- a/services/tazblog/varnish/default.vcl +++ /dev/null @@ -1,60 +0,0 @@ -vcl 4.0; -import std; - -# By default, Varnish will run on the same servers as the blog. Inside of -# Kubernetes this will be inside the same pod. - -backend default { - .host = "localhost"; - .port = "8000"; -} - -# Purge requests should be accepted from localhost -acl purge { - "localhost"; -} - -sub vcl_recv { - # Allow HTTP PURGE from ACL above - if (req.method == "PURGE" && client.ip ~ purge) { - return (purge); - } - - # Don't cache admin page - if (req.url ~ "^/admin") { - return (pass); - } - - # Redirect non-www to www and non-HTTPS to HTTPS - if (req.http.host ~ "^tazj.in" || std.port(local.ip) == 6081) { - return (synth (750, "")); - } -} - -sub vcl_backend_response { - # Cache everything for at least 1 minute. - if (beresp.ttl < 1m) { - set beresp.ttl = 1m; - } -} - -sub vcl_deliver { - # Add an HSTS header to everything - set resp.http.Strict-Transport-Security = "max-age=31536000;includeSubdomains;preload"; - - if (obj.hits > 0) { - set resp.http.X-Cache = "HIT"; - } else { - set resp.http.X-Cache = "MISS"; - } -} - -sub vcl_synth { - # Execute TLS or www. redirect - if (resp.status == 750) { - set resp.http.Location = "https://www.tazj.in" + req.url; - set resp.http.Strict-Transport-Security = "max-age=31536000;includeSubdomains;preload"; - set resp.status = 301; - return (deliver); - } -} |