From a3a2afdc597eb00121191ca42f01a9e04555f684 Mon Sep 17 00:00:00 2001 From: Vincent Ambo Date: Sat, 21 Nov 2015 19:49:36 +0100 Subject: [varnish] Use Varnish 4.1, redirect to HTTPS --- varnish/Dockerfile | 9 ++++++--- varnish/default.vcl | 13 ++++++++++--- 2 files changed, 16 insertions(+), 6 deletions(-) diff --git a/varnish/Dockerfile b/varnish/Dockerfile index 4a4b7dd7e08c..54a8afe27879 100644 --- a/varnish/Dockerfile +++ b/varnish/Dockerfile @@ -1,11 +1,14 @@ FROM centos:7 MAINTAINER Vincent Ambo -EXPOSE 6081 6082 +EXPOSE 6081 6082 6083 -RUN yum install -y epel-release && yum install -y varnish +RUN yum install -y epel-release && \ + rpm --nosignature -i https://repo.varnish-cache.org/redhat/varnish-4.1.el7.rpm && \ + yum install -y varnish ADD default.vcl /etc/varnish/default.vcl CMD ulimit -n 131072 && \ - /usr/sbin/varnishd -F -f /etc/varnish/default.vcl -a :6081 -T :6082 -t 120 + /usr/sbin/varnishd -F -f /etc/varnish/default.vcl \ + -a :6081 -T :6082 -a :6083,PROXY -t 120 diff --git a/varnish/default.vcl b/varnish/default.vcl index ebf1854df855..066b1a9b248f 100644 --- a/varnish/default.vcl +++ b/varnish/default.vcl @@ -1,4 +1,5 @@ vcl 4.0; +import std; # By default, Varnish will run on the same servers as the blog. Inside of # Kubernetes this will be inside the same pod. @@ -23,6 +24,11 @@ sub vcl_recv { if (req.url ~ "^/admin") { return (pass); } + + # Redirect non-www to www and non-HTTPS to HTTPS + if (req.http.host ~ "tazj.in" || std.port(local.ip) == 6081) { + return (synth (750, "")); + } } sub vcl_backend_response { @@ -38,9 +44,10 @@ sub vcl_deliver { } sub vcl_synth { - # Execute redirects - if (resp.status == 301) { - set resp.http.Location = req.url; + # Execute TLS or www. redirect + if (resp.status == 750) { + set resp.http.Location = "https://www.tazj.in" + req.url; + set resp.status = 301; return (deliver); } } -- cgit 1.4.1