我正在尝试为使用非常自定义的Wordpress安装的网站编写一个好的vcl文件,但我仍然是该领域的新手。如果有人能指出我犯错误的地方,我将非常感激。
我正在尝试使用具有通用规则的default.vcl和具有域特定规则的每个域vcl文件。问题是我试图指示Varnish不要缓存一些页面路径和弹出ajax框。而不是缓存通过登录cookie捕获的登录用户。
我将粘贴完整的配置。 另外,如果有一个附加的vcl文件,我对vcl文件的线性执行感到有点困惑。 “包含”的位置在哪里? 我想自己研究这个案例,但使用Varnish日志记录有点复杂。有没有办法可以找到哪些规则在特定页面上运行?
我的default.vcl
vcl 4.0;
import std;
backend domain1 {
.host = "11.111.11.1";
.port = "8001";
.connect_timeout = 600s;
.first_byte_timeout = 600s;
.between_bytes_timeout = 600s;
.max_connections = 800;
}
backend domain2 {
.host = "222.22.22.2";
.port = "8002";
.connect_timeout = 600s;
.first_byte_timeout = 600s;
.between_bytes_timeout = 600s;
.max_connections = 800;
}
acl purge {
"localhost";
"127.0.0.1";
"79.124.64.16";
"193.107.37.45";
}
sub vcl_recv {
if (req.http.host ~ "^(?i)domain1.com" || req.http.host ~ "^.*\.domain1.com" ) {
set req.backend_hint = domain1;
}
elseif (req.http.host == "^.*\.domain2.com" || req.http.host == "^.*\.domain2-alias.com") {
set req.backend_hint = domain2;
}
if (req.restarts == 0) {
if (req.http.X-Forwarded-For) {
set req.http.X-Forwarded-For = req.http.X-Forwarded-For + ", " + client.ip;
} else {
set req.http.X-Forwarded-For = client.ip;
}
}
#Pass through cache PhpMyAdmin
if (req.url ~ "^.*phpmyadmin.*") {
return(pass);
}
}
######## PER DOMAIN SUBROUTINES ###########
include "domain1.vcl";
include "domain2.vcl";
if (req.http.Cookie ~ "wordpress_logged_in_") {
return (pass);
}
# Normalize the header, remove the port (in case you're testing this on various TCP ports)
set req.http.Host = regsub(req.http.Host, ":[0-9]+", "");
# Allow purging from ACL
if (req.method == "PURGE") {
# If not allowed then a error 405 is returned
if (!client.ip ~ purge) {
return(synth(405, "This IP is not allowed to send PURGE requests."));
}
# If allowed, do a cache_lookup -> vlc_hit() or vlc_miss()
return (purge);
}
# Post requests will not be cached
if (req.http.Authorization || req.method == "POST") {
return (pass);
}
# Conflicting with few lines below
# # Only deal with "normal" types
# if (req.method != "GET" &&
# req.method != "HEAD" &&
# req.method != "PUT" &&
# req.method != "POST" &&
# req.method != "TRACE" &&
# req.method != "OPTIONS" &&
# req.method != "PATCH" &&
# req.method != "DELETE") {
# /* Non-RFC2616 or CONNECT which is weird. */
# return (pipe);
# }
# Implementing websocket support (https://www.varnish-cache.org/docs/4.0/users-guide/vcl-example-websockets.html)
if (req.http.Upgrade ~ "(?i)websocket") {
return (pipe);
}
# Only cache GET or HEAD requests. This makes sure the POST requests are always passed.
if (req.method != "GET" && req.method != "HEAD") {
return (pipe);
}
# Some generic URL manipulation, useful for all templates that follow
# First remove the Google Analytics added parameters, useless for our backend
if (req.url ~ "(\?|&)(utm_source|utm_medium|utm_campaign|utm_content|gclid|cx|ie|cof|siteurl)=") {
set req.url = regsuball(req.url, "&(utm_source|utm_medium|utm_campaign|utm_content|gclid|cx|ie|cof|siteurl)=([A-z0-9_\-\.%25]+)", "");
set req.url = regsuball(req.url, "\?(utm_source|utm_medium|utm_campaign|utm_content|gclid|cx|ie|cof|siteurl)=([A-z0-9_\-\.%25]+)", "?");
set req.url = regsub(req.url, "\?&", "?");
set req.url = regsub(req.url, "\?$", "");
}
# Some generic cookie manipulation, useful for all templates that follow
# Remove the "has_js" cookie
set req.http.Cookie = regsuball(req.http.Cookie, "has_js=[^;]+(; )?", "");
# Remove any Google Analytics based cookies
set req.http.Cookie = regsuball(req.http.Cookie, "__utm.=[^;]+(; )?", "");
set req.http.Cookie = regsuball(req.http.Cookie, "_ga=[^;]+(; )?", "");
set req.http.Cookie = regsuball(req.http.Cookie, "_gat=[^;]+(; )?", "");
set req.http.Cookie = regsuball(req.http.Cookie, "utmctr=[^;]+(; )?", "");
set req.http.Cookie = regsuball(req.http.Cookie, "utmcmd.=[^;]+(; )?", "");
set req.http.Cookie = regsuball(req.http.Cookie, "utmccn.=[^;]+(; )?", "");
# Remove DoubleClick offensive cookies
set req.http.Cookie = regsuball(req.http.Cookie, "__gads=[^;]+(; )?", "");
# Remove the Quant Capital cookies (added by some plugin, all __qca)
set req.http.Cookie = regsuball(req.http.Cookie, "__qc.=[^;]+(; )?", "");
# Remove the AddThis cookies
set req.http.Cookie = regsuball(req.http.Cookie, "__atuv.=[^;]+(; )?", "");
# Remove a ";" prefix in the cookie if present
set req.http.Cookie = regsuball(req.http.Cookie, "^;\s*", "");
#Remove WP cookies
set req.http.Cookie = regsuball(req.http.Cookie, "__utma.=[^;]+(; )?", "");
set req.http.Cookie = regsuball(req.http.Cookie, "__utmb.=[^;]+(; )?", "");
set req.http.Cookie = regsuball(req.http.Cookie, "__utmc.=[^;]+(; )?", "");
set req.http.Cookie = regsuball(req.http.Cookie, "__utmt.=[^;]+(; )?", "");
set req.http.Cookie = regsuball(req.http.Cookie, "__utmz.=[^;]+(; )?", "");
# set req.http.Cookie = regsuball(req.http.Cookie, "wordpress_test_cookie.=[^;]+(; )?", "");
# set req.http.Cookie = regsuball(req.http.Cookie, "wordpress_test_cookie[^;]+(; )?", "");
set req.http.Cookie = regsuball(req.http.Cookie, "bp-message[^;]+(; )?", "");
set req.http.Cookie = regsuball(req.http.Cookie, "bp-message-type[^;]+(; )?", "");
# Are there cookies left with only spaces or that are empty?
if (req.http.cookie ~ "^\s*$") {
unset req.http.cookie;
}
**#Dont cache Logged-in users
if (req.http.Cookie == "wordpress_logged_in_") {
return (pass);
}
elseifif (req.http.cookie ~ "wordpress_logged_in_") {
return (pass);
}**
# Large static files are delivered directly to the end-user without
# waiting for Varnish to fully read the file first.
# Varnish 4 fully supports Streaming, so set do_stream in vcl_backend_response()
if (req.url ~ "^[^?]*\.(7z|avi|bz2|flac|flv|gz|mka|mkv|mov|mp3|mp4|mpeg|mpg|ogg|ogm|opus|rar|tar|tgz|tbz|txz|wav|webm|xz|zip)(\?.*)?$") {
unset req.http.Cookie;
return (hash);
}
# Remove all cookies for static files
# A valid discussion could be held on this line: do you really need to cache static files that don't cause load? Only if you have memory left.
# Sure, there's disk I/O, but chances are your OS will already have these files in their buffers (thus memory).
# Before you blindly enable this, have a read here: https://ma.ttias.be/stop-caching-static-files/
if (req.url ~ "^[^?]*\.(7z|avi|bmp|bz2|css|csv|doc|docx|eot|flac|flv|gif|gz|ico|jpeg|jpg|js|less|mka|mkv|mov|mp3|mp4|mpeg|mpg|odt|otf|ogg|ogm|opus|pdf|png|ppt|pptx|rar|rtf|svg|svgz|swf|tar|tbz|tgz|ttf|txt|txz|wav|webm|webp|woff|
woff2|xls|xlsx|xml|xz|zip)(\?.*)?$") {
unset req.http.Cookie;
return (hash);
}
# Send Surrogate-Capability headers to announce ESI support to backend
# set req.http.Surrogate-Capability = "key=ESI/1.0";
if (req.http.Authorization) {
# Not cacheable by default
return (pass);
}
# Did not cache HTTP authentication and HTTP Cookie
if (req.http.Authorization || req.http.Cookie) {
# Not cacheable by default
return (pass);
}
}
# Cache all others requests
return (hash);
}
######## PER DOMAIN SUBROUTINES ###########
include "domain1.vcl";
include "domain2.vcl";
sub vcl_pipe {
# set bereq.http.Connection = "Close";
# Implementing websocket support (https://www.varnish-cache.org/docs/4.0/users-guide/vcl-example-websockets.html)
if (req.http.upgrade) {
set bereq.http.upgrade = req.http.upgrade;
}
return (pipe);
}
sub vcl_pass {
# return (pass);
}
# The data on which the hashing will take place
sub vcl_hash {
hash_data(req.url);
if (req.http.host) {
hash_data(req.http.host);
} else {
hash_data(server.ip);
}
# hash cookies for requests that have them
# if (req.http.Cookie) {
# hash_data(req.http.Cookie);
# }
}
sub vcl_hit {
if (obj.ttl >= 0s) {
# A pure unadultered hit, deliver it
return (deliver);
}
# https://www.varnish-cache.org/docs/trunk/users-guide/vcl-grace.html
# When several clients are requesting the same page Varnish will send one request to the backend and place the others on hold while fetching one copy from the backend. In some products this is called request coalescing and Varni
sh does this automatically.
# If you are serving thousands of hits per second the queue of waiting requests can get huge. There are two potential problems - one is a thundering herd problem - suddenly releasing a thousand threads to serve content might sen
d the load sky high. Secondly - nobody likes to wait. To deal with this we can instruct Varnish to keep the objects in cache beyond their TTL and to serve the waiting requests somewhat stale content.
# if (!std.healthy(req.backend_hint) && (obj.ttl + obj.grace > 0s)) {
# return (deliver);
# } else {
# return (fetch);
# }
# We have no fresh fish. Lets look at the stale ones.
##if (std.healthy(req.backend_hint) {
# Backend is healthy. Limit age to 10s.
##if (obj.ttl + 10s > 0s) {
#set req.http.grace = "normal(limited)";
## return (deliver);
## } else {
# No candidate for grace. Fetch a fresh object.
## return(fetch);
## }
## } else {
# backend is sick - use full grace
## if (obj.ttl + obj.grace > 0s) {
#set req.http.grace = "full";
## return (deliver);
## } else {
# no graced object.
return (fetch);
## }
## }
# fetch & deliver once we get the result
## return (fetch); # Dead code, keep as a safeguard
}
sub vcl_miss {
# Called after a cache lookup if the requested document was not found in the cache. Its purpose
# is to decide whether or not to attempt to retrieve the document from the backend, and which
# backend to use.
return (fetch);
}
# Handle the HTTP request coming from our backend
sub vcl_backend_response {
# Called after the response headers has been successfully retrieved from the backend.
if (bereq.http.Cookie ~ "(UserID|_session)") {
set beresp.http.X-Cacheable = "NO:Got Session";
set beresp.uncacheable = true;
return (deliver);
} elsif (beresp.ttl <= 0s) {
# Varnish determined the object was not cacheable
set beresp.http.X-Cacheable = "NO:Not Cacheable";
} elsif (beresp.http.set-cookie) {
# You don't wish to cache content for logged in users
set beresp.http.X-Cacheable = "NO:Set-Cookie";
set beresp.uncacheable = true;
return (deliver);
} elsif (beresp.http.Cache-Control ~ "private") {
# You are respecting the Cache-Control=private header from the backend
set beresp.http.X-Cacheable = "NO:Cache-Control=private";
set beresp.uncacheable = true;
return (deliver);
} else {
# Varnish determined the object was cacheable
set beresp.http.X-Cacheable = "YES";
}
# Pause ESI request and remove Surrogate-Control header
if (beresp.http.Surrogate-Control ~ "ESI/1.0") {
unset beresp.http.Surrogate-Control;
set beresp.do_esi = true;
}
# Enable cache for all static files
# The same argument as the static caches from above: monitor your cache size, if you get data nuked out of it, consider giving up the static file cache.
# Before you blindly enable this, have a read here: https://ma.ttias.be/stop-caching-static-files/
if (bereq.url ~ "^[^?]*\.(7z|avi|bmp|bz2|css|csv|doc|docx|eot|flac|flv|gif|gz|ico|jpeg|jpg|js|less|mka|mkv|mov|mp3|mp4|mpeg|mpg|odt|otf|ogg|ogm|opus|pdf|png|ppt|pptx|rar|rtf|svg|svgz|swf|tar|tbz|tgz|ttf|txt|txz|wav|webm|webp|wof
f|woff2|xls|xlsx|xml|xz|zip)(\?.*)?$") {
unset beresp.http.set-cookie;
}
# Large static files are delivered directly to the end-user without
# waiting for Varnish to fully read the file first.
# Varnish 4 fully supports Streaming, so use streaming here to avoid locking.
if (bereq.url ~ "^[^?]*\.(7z|avi|bz2|flac|flv|gz|mka|mkv|mov|mp3|mp4|mpeg|mpg|ogg|ogm|opus|rar|tar|tgz|tbz|txz|wav|webm|xz|zip)(\?.*)?$") {
unset beresp.http.set-cookie;
set beresp.do_stream = true; # Check memory usage it'll grow in fetch_chunksize blocks (128k by default) if the backend doesn't send a Content-Length header, so only enable it for big objects
}
# Sometimes, a 301 or 302 redirect formed via Apache's mod_rewrite can mess with the HTTP port that is being passed along.
# This often happens with simple rewrite rules in a scenario where Varnish runs on :80 and Apache on :8080 on the same box.
# A redirect can then often redirect the end-user to a URL on :8080, where it should be :80.
# This may need finetuning on your setup.
#
# To prevent accidental replace, we only filter the 301/302 redirects for now.
if (beresp.status == 301 || beresp.status == 302) {
set beresp.http.Location = regsub(beresp.http.Location, ":[0-9]+", "");
}
# Set 2min cache if unset for static files
if (beresp.ttl <= 0s || beresp.http.Set-Cookie || beresp.http.Vary == "*") {
set beresp.ttl = 120s; # Important, you shouldn't rely on this, SET YOUR HEADERS in the backend
set beresp.uncacheable = true;
return (deliver);
}
# Don't cache 50x responses
if (beresp.status == 500 || beresp.status == 502 || beresp.status == 503 || beresp.status == 504) {
return (abandon);
}
# Allow stale content, in case the backend goes down.
# make Varnish keep all objects for 6 hours beyond their TTL
set beresp.grace = 6h;
return (deliver);
}
# The routine when we deliver the HTTP request to the user
# Last chance to modify headers that are sent to the client
sub vcl_deliver {
# Called before a cached object is delivered to the client.
if (obj.hits > 0) { # Add debug header to see if it's a HIT/MISS and the number of hits, disable when not needed
set resp.http.X-Cache = "HIT";
} else {
set resp.http.X-Cache = "MISS";
}
# Please note that obj.hits behaviour changed in 4.0, now it counts per objecthead, not per object
# and obj.hits may not be reset in some cases where bans are in use. See bug 1492 for details.
# So take hits with a grain of salt
#set resp.http.X-Cache-Hits = obj.hits;
# Remove some headers: PHP version
unset resp.http.X-Powered-By;
# Remove some headers: Apache version & OS
unset resp.http.Server;
unset resp.http.X-Drupal-Cache;
unset resp.http.X-Varnish;
unset resp.http.Via;
unset resp.http.Link;
unset resp.http.X-Generator;
return (deliver);
}
sub vcl_purge {
# Only handle actual PURGE HTTP methods, everything else is discarded
if (req.method != "PURGE") {
# restart request
set req.http.X-Purge = "Yes";
return(restart);
}
}
sub vcl_synth {
if (resp.status == 720) {
# We use this special error status 720 to force redirects with 301 (permanent) redirects
# To use this, call the following from anywhere in vcl_recv: return (synth(720, "http://host/new.html"));
set resp.http.Location = resp.reason;
set resp.status = 301;
return (deliver);
} elseif (resp.status == 721) {
# And we use error status 721 to force redirects with a 302 (temporary) redirect
# To use this, call the following from anywhere in vcl_recv: return (synth(720, "http://host/new.html"));
set resp.http.Location = resp.reason;
set resp.status = 302;
return (deliver);
}
return (deliver);
}
sub vcl_fini {
# Called when VCL is discarded only after all requests have exited the VCL.
# Typically used to clean up VMODs.
return (ok);
}
我的domain1.vcl
vcl 4.0;
sub vcl_recv {
if (req.backend_hint == domain1) {
**#Don't store backend in case of login pop screen
if (req.url ~ "^.*wp-(login|admin).*" || req.url ~ "preview=true" || req.url ~ "^.*(login|admin).*" || req.url ~ "^.*wp-load.*") {
return (pipe);
}
# Do not cache home, search, registration pages
if (req.url ~ "\/path\/subpath\/" || req.url ~ "\/pathabc\/pathdef\/" || req.url ~ ".*register.*") {
return(pipe);
}
if (req.url ~ ".*\/members\/.*") {
return(hash);
}
}
return(hash);
}**
sub vcl_backend_response {
}
sub vcl_deliver {
}
我的domain2.vcl在创建规则时没有遇到任何问题。
答案 0 :(得分:1)
您遇到的问题是req.backend_hint == domain1(这不起作用)。您应该与站点特定VCL中的主机名进行比较。所以在domain1.vcl中它将是:
vcl 4.0;
sub vcl_recv {
if (req.http.host ~ "^(?i)domain1.com" || req.http.host ~ "^.*\.domain1.com" ) {
# site specific logic goes here ...
}
}
您不应将include指令直接放在vcl_recv过程中。这些应该位于文件的最顶部或底部,具体取决于所需的优先级。
在这种情况下,您应将它们放在顶部,这意味着:
# ...
include "domain1.vcl";
include "domain2.vcl";
sub vcl_recv {
#...
这将确保在您的站点特定VCL文件中定义的vcl_recv逻辑优先于您在主VCL文件本身中具有的逻辑。
VCL包含的工作方式是最后执行进一步包含的文件中的每个过程。例如,vcl_recv例程将按以下顺序执行:
vcl_recv来自特定于网站的.vcl vcl_recv 的default.vcl
来自vcl_recv builtin.vcl
有关编写特定于站点的VCL以及builtin.vcl是you can find here的更多信息。
您的VCL不必要地复杂。我总是建议从Varnish附带的空default.vcl开始,一点一点地慢慢添加更多代码,以便了解工作原理。盲目的复制粘贴永远不会导致预期的结果,更常见的是意外的结果:)。
以下是完全没必要的。 Varnish 4在首先执行任何VCL之前为您处理此事:
if (req.restarts == 0) {
if (req.http.X-Forwarded-For) {
set req.http.X-Forwarded-For = req.http.X-Forwarded-For + ", " + client.ip;
} else {
set req.http.X-Forwarded-For = client.ip;
}
}
}
此外,为所有内容设置600s超时值可能会使您的应用程序正常工作,但如果它没有使用默认值(当然,您可以看到&#34;后端获取失败&#34;)有一个原因。并且Varnish不是修理的地方&#34;后端获取失败&#34; - 你的申请是:)。
最后,如果您已决定根据Wordpress Cookie的存在实施缓存策略,请坚持并删除过滤掉已知不需要的Cookie的所有行。这些是不必要的(想想为什么你会同时将cookie列入白名单和黑名单。)
我指的是与此相似的所有行:
set req.http.Cookie = regsuball(req.http.Cookie, "has_js=[^;]+(; )?", "");
# ...