首先,抱歉我的英语不好,这不是我的自然语言。
我尝试为管理用户配置带有cookie的varnish for backend,我有一些问题需要登录和其他检查。
我的recv,fetch和hash配置:
backend default {
.host = "127.0.0.1";
.port = "8080";
}
sub vcl_recv {
remove req.http.X-Forwarded-For;
set req.http.X-Forwarded-For = client.ip;
if (req.request == "POST"){
return (pass);
}
# Grace mode
if (! req.backend.healthy) {
set req.grace = 30m;
} else {
set req.grace = 15s;
}
if(req.url ~ "^localhost$"){
set req.http.host = "www.micasa.com";
}
# Acces to system URL's is protected
if ((req.url ~ "^/server_status") || (req.url ~ "^/discover/varnish_server")) {
error 403 "Go away, please";
}
# Delete all cookies except from user
if ( !(req.url ~ "^/logout") &&
!(req.url ~ "^/profile") &&
!(req.url ~ "^/playlists") &&
!(req.url ~ "^/users") &&
!(req.url ~ "^/signup") &&
!(req.url ~ "^/comments") &&
!(req.url ~ "^/login") &&
!(req.url ~ "^/remind"))
{
unset req.http.cookie;
}
sub vcl_fetch {
# Grace mode
# https://www.varnish-cache.org/docs/trunk/tutorial/handling_misbehaving_servers.html#grace-mode
set beresp.grace = 30m;
# Saint mode
# https://www.varnish-cache.org/docs/trunk/tutorial/handling_misbehaving_servers.html#saint-mode
if (beresp.status == 500) {
set beresp.saintmode = 10s;
return (restart);
}
if ( !(req.url ~ "^/login") && (req.request == "GET")){
unset beresp.http.set-cookie; # To avoid caching of cookies
}
# Process ESIs if X-RUN-ESI is set. This will be stripped before being sent down to client.
if ( beresp.http.X-RUN-ESI ) {
set beresp.do_esi = true;
remove beresp.http.X-RUN-ESI;
}
# cache 404s and 301s for 5 minute
if (beresp.status == 404 || beresp.status == 301 || beresp.status == 500) {
set beresp.ttl = 15m;
return (deliver);
}
# cache images and static assets during 15m
if ( req.url ~ "\.(png|gif|jpg|css|js|ico)" ) {
set beresp.ttl = 15m;
return (deliver);
}
# If X-VARNISH-TTL is set, use this header's value as the TTL for the varnish cache.
# Expires, cache-control, etc. will be passed directly through to the client
# Cribbed from http://www.lovelysystems.com/configuring-varnish-to-use-custom-http-headers/
if (beresp.http.X-VARNISH-TTL) {
C{
char *ttl;
/* first char in third param is length of header plus colon in octal */
ttl = VRT_GetHdr(sp, HDR_BERESP, "\016X-VARNISH-TTL:");
VRT_l_beresp_ttl(sp, atoi(ttl));
}C
remove beresp.http.X-VARNISH-TTL;
return (deliver);
}
sub vcl_deliver {
unset resp.http.x-url; # Optional
if ( req.url ~ "\.(png|gif|jpg|css|js|ico|woff)" ) {
set resp.http.expires = "3600";
}
#mikel
#remove resp.http.X-Powered-By;
remove resp.http.Server;
#remove resp.http.X-Varnish;
#remove resp.http.Via;
#remove resp.http.Age;
}
sub vcl_hash {
if (req.http.Cookie ~ "_micasa_session") {
hash_data(req.url);
hash_data(req.http.Cookie);
return (hash);
}
}
当我尝试使用用户登录时,没关系,但是如果我之后刷新同一页面,我会丢失cookie并立即注销,可能问题出现在sub vcl_recv中?
感谢您的帮助。
答案 0 :(得分:3)
您取消设置除定义页面之外的所有Cookie。您的站点登录几乎肯定是在cookie(会话cookie?)中。简单的方法是通过检查是否设置了识别登录用户的cookie来禁用登录用户的缓存。好方法是使用ESI,以便为所有用户提供相同的部分。