bodnar1212 · July 14, 2022 06:33 · Mar 7, 2016
diff --git a/varnishadm param.show b/varnishadm param.show
@@ -0,0 +1,88 @@
+accept_filter              off [bool] (default)
+acceptor_sleep_decay       0.9 (default)
+acceptor_sleep_incr        0.000 [seconds] (default)
+acceptor_sleep_max         0.050 [seconds] (default)
+auto_restart               on [bool] (default)
+backend_idle_timeout       60.000 [seconds] (default)
+ban_dups                   on [bool] (default)
+ban_lurker_age             60.000 [seconds] (default)
+ban_lurker_batch           1000 (default)
+ban_lurker_sleep           0.010 [seconds] (default)
+between_bytes_timeout      60.000 [seconds] (default)
+cc_command                 "exec gcc -std=gnu99  -O2 -g -Wp,-D_FORTIFY_SOURCE=0 -Wall -Werror -pthread -fpic -shared -Wl,-x -o %o %s" (default)
+cli_buffer                 16k [bytes]
+cli_limit                  48k [bytes] (default)
+cli_timeout                60.000 [seconds] (default)
+clock_skew                 10 [seconds] (default)
+connect_timeout            3.500 [seconds] (default)
+critbit_cooloff            180.000 [seconds] (default)
+debug                      none (default)
+default_grace              10.000 [seconds] (default)
+default_keep               0.000 [seconds] (default)
+default_ttl                120.000 [seconds] (default)
+feature                    +esi_ignore_other_elements
+fetch_chunksize            16k [bytes] (default)
+fetch_maxchunksize         0.25G [bytes] (default)
+first_byte_timeout         60.000 [seconds] (default)
+gzip_buffer                32k [bytes] (default)
+gzip_level                 6 (default)
+gzip_memlevel              8 (default)
+http_gzip_support          on [bool] (default)
+http_max_hdr               64 [header lines] (default)
+http_range_support         on [bool] (default)
+http_req_hdr_len           8k [bytes] (default)
+http_req_size              32k [bytes] (default)
+http_resp_hdr_len          8k [bytes] (default)
+http_resp_size             32k [bytes] (default)
+idle_send_timeout          60.000 [seconds] (default)
+listen_depth               1024 [connections] (default)
+lru_interval               2.000 [seconds] (default)
+max_esi_depth              5 [levels] (default)
+max_restarts               4 [restarts] (default)
+max_retries                4 [retries] (default)
+nuke_limit                 50 [allocations] (default)
+pcre_match_limit           10000 (default)
+pcre_match_limit_recursion 20 (default)
+ping_interval              3 [seconds] (default)
+pipe_timeout               60.000 [seconds] (default)
+pool_req                   10,100,10 (default)
+pool_sess                  10,100,10 (default)
+pool_vbo                   10,100,10 (default)
+prefer_ipv6                off [bool] (default)
+rush_exponent              3 [requests per request] (default)
+send_timeout               600.000 [seconds] (default)
+session_max                100000 [sessions] (default)
+shm_reclen                 255b [bytes] (default)
+shortlived                 10.000 [seconds] (default)
+sigsegv_handler            on [bool] (default)
+syslog_cli_traffic         on [bool] (default)
+tcp_keepalive_intvl        75.000 [seconds] (default)
+tcp_keepalive_probes       9 [probes] (default)
+tcp_keepalive_time         7200.000 [seconds] (default)
+thread_pool_add_delay      0.000 [seconds] (default)
+thread_pool_destroy_delay  1.000 [seconds] (default)
+thread_pool_fail_delay     0.200 [seconds] (default)
+thread_pool_max            1000 [threads]
+thread_pool_min            50 [threads]
+thread_pool_stack          48k [bytes] (default)
+thread_pool_timeout        300.000 [seconds] (default)
+thread_pools               2 [pools] (default)
+thread_queue_limit         20 (default)
+thread_stats_rate          10 [requests] (default)
+timeout_idle               5.000 [seconds] (default)
+timeout_linger             0.050 [seconds] (default)
+vcc_allow_inline_c         on [bool]
+vcc_err_unref              on [bool] (default)
+vcc_unsafe_path            on [bool] (default)
+vcl_cooldown               600.000 [seconds] (default)
+vcl_dir                    /etc/varnish (default)
+vmod_dir                   /usr/lib64/varnish/vmods (default)
+vsl_buffer                 4k [bytes] (default)
+vsl_mask                   -VCL_trace,-WorkThread,-Hash,-VfpAcct (default)
+vsl_reclen                 255b [bytes] (default)
+vsl_space                  80M [bytes] (default)
+vsm_space                  1M [bytes] (default)
+workspace_backend          64k [bytes] (default)
+workspace_client           64k [bytes] (default)
+workspace_session          0.50k [bytes] (default)
+workspace_thread           2k [bytes] (default)
diff --git a/Errors b/Errors
@@ -0,0 +1,10 @@
+ ~]# varnishd -C -f /etc/varnish/default.vcl.turp
+Error:
+Message from VCC-compiler:
+Inline-C not allowed
+('/etc/varnish/default.vcl.turp' Line 2 Pos 1)
+C{
+##
+
+Running VCC-compiler failed, exited with 2
+VCL compilation failed
diff --git a/etc_sysconfig_varnish b/etc_sysconfig_varnish
@@ -0,0 +1,66 @@
+# Configuration file for Varnish Cache
+#
+# /etc/init.d/varnish expects the variable $DAEMON_OPTS to be set from this
+# shell script fragment.
+#
+
+# Maximum number of open files (for ulimit -n)
+NFILES=131072
+
+# Locked shared memory (for ulimit -l)
+# Default log size is 82MB + header
+MEMLOCK=82000
+
+# Maximum number of threads (for ulimit -u)
+NPROCS="unlimited"
+
+# Maximum size of corefile (for ulimit -c). Default in Fedora is 0
+# DAEMON_COREFILE_LIMIT="unlimited"
+
+# Init script support to reload/switch vcl without restart.
+# To make this work, you need to set the following variables
+# explicit: VARNISH_VCL_CONF, VARNISH_ADMIN_LISTEN_ADDRESS,
+# VARNISH_ADMIN_LISTEN_PORT, VARNISH_SECRET_FILE.
+RELOAD_VCL=1
+
+# Main configuration file.
+VARNISH_VCL_CONF=/etc/varnish/default.vcl
+#
+# Default address and port to bind to
+# Blank address means all IPv4 and IPv6 interfaces, otherwise specify
+# a host name, an IPv4 dotted quad, or an IPv6 address in brackets.
+VARNISH_LISTEN_PORT=80
+#
+# Telnet admin interface listen address and port
+VARNISH_ADMIN_LISTEN_ADDRESS=64.49.246.149
+VARNISH_ADMIN_LISTEN_PORT=6082
+#
+# Shared secret file for admin interface
+VARNISH_SECRET_FILE=/etc/varnish/secret
+#
+# The minimum number of worker threads to start
+VARNISH_MIN_THREADS=50
+#
+# The Maximum number of worker threads to start
+VARNISH_MAX_THREADS=1000
+#
+# Cache file size: in bytes, optionally using k / M / G / T suffix.
+VARNISH_STORAGE_SIZE=2G
+#
+# Backend storage specification
+VARNISH_STORAGE="malloc,${VARNISH_STORAGE_SIZE}"
+#
+# Default TTL used when the backend does not specify one
+VARNISH_TTL=120
+#
+# DAEMON_OPTS is used by the init script.
+DAEMON_OPTS="-a ${VARNISH_LISTEN_ADDRESS}:${VARNISH_LISTEN_PORT} \
+             -f ${VARNISH_VCL_CONF} \
+             -T ${VARNISH_ADMIN_LISTEN_ADDRESS}:${VARNISH_ADMIN_LISTEN_PORT} \
+             -p thread_pool_min=${VARNISH_MIN_THREADS} \
+             -p thread_pool_max=${VARNISH_MAX_THREADS} \
+             -p cli_buffer=16384 \
+             -p feature=+esi_ignore_other_elements \
+             -p vcc_allow_inline_c=on \
+             -S ${VARNISH_SECRET_FILE} \
+             -s ${VARNISH_STORAGE}"
diff --git a/etc_varnish_default.vcl b/etc_varnish_default.vcl
@@ -0,0 +1,385 @@
+vcl 4.0;
+C{
+#include <stdlib.h>
+#include <stdio.h>
+#include <time.h>
+#include <pthread.h>
+static pthread_mutex_t lrand_mutex = PTHREAD_MUTEX_INITIALIZER;
+void generate_uuid(char* buf) {
+pthread_mutex_lock(&lrand_mutex);
+long a = lrand48();
+long b = lrand48();
+long c = lrand48();
+long d = lrand48();
+pthread_mutex_unlock(&lrand_mutex);
+sprintf(buf, "frontend=%08lx%04lx%04lx%04lx%04lx%08lx",
+a,
+b & 0xffff,
+(b & ((long)0x0fff0000) >> 16) | 0x4000,
+(c & 0x0fff) | 0x8000,
+(c & (long)0xffff0000) >> 16,
+d
+);
+return;
+}
+}C
+import std;
+director default round-robin {
+{
+.backend = {
+.host = "166.78.178.9";
+.port = "8080";
+.probe = {
+.request =
+"GET /robots.txt HTTP/1.1"
+"Host: "
+"Connection: close";
+}
+.first_byte_timeout = 300s;
+.between_bytes_timeout = 300s;
+}
+}    {
+.backend = {
+.host = "166.78.135.159";
+.port = "8080";
+.probe = {
+.request =
+"GET /robots.txt HTTP/1.1"
+"Host: "
+"Connection: close";
+}
+.first_byte_timeout = 300s;
+.between_bytes_timeout = 300s;
+}
+}
+}
+director admin round-robin {
+{
+.backend = {
+.host = "166.78.178.9";
+.port = "8080";
+.probe = {
+.request =
+"GET /robots.txt HTTP/1.1"
+"Host: "
+"Connection: close";
+}
+.first_byte_timeout = 21600s;
+.between_bytes_timeout = 21600s;
+}
+}    {
+.backend = {
+.host = "166.78.135.159";
+.port = "8080";
+.probe = {
+.request =
+"GET /robots.txt HTTP/1.1"
+"Host: "
+"Connection: close";
+}
+.first_byte_timeout = 21600s;
+.between_bytes_timeout = 21600s;
+}
+}
+}
+acl crawler_acl {
+}
+acl debug_acl {
+}
+/* -- REMOVED
+sub generate_session {
+if (req.url ~ ".*[&?]SID=([^&]+).*") {
+set req.http.X-Varnish-Faked-Session = regsub(
+req.url, ".*[&?]SID=([^&]+).*", "frontend=\1");
+} else {
+C{
+char uuid_buf [50];
+generate_uuid(uuid_buf);
+static const struct gethdr_s VGC_HDR_REQ_VARNISH_FAKED_SESSION =
+{ HDR_REQ, "\030X-Varnish-Faked-Session:"};
+VRT_SetHdr(ctx,
+&VGC_HDR_REQ_VARNISH_FAKED_SESSION,
+uuid_buf,
+vrt_magic_string_end
+);
+}C
+}
+if (req.http.Cookie) {
+std.collect(req.http.Cookie);
+set req.http.Cookie = req.http.X-Varnish-Faked-Session +
+"; " + req.http.Cookie;
+} else {
+set req.http.Cookie = req.http.X-Varnish-Faked-Session;
+}
+}
+sub generate_session_expires {
+C{
+time_t now = time(NULL);
+struct tm now_tm = *gmtime(&now);
+now_tm.tm_sec += 3600;
+mktime(&now_tm);
+char date_buf [50];
+strftime(date_buf, sizeof(date_buf)-1, "%a, %d-%b-%Y %H:%M:%S %Z", &now_tm);
+static const struct gethdr_s VGC_HDR_RESP_COOKIE_EXPIRES =
+{ HDR_RESP, "\031X-Varnish-Cookie-Expires:"};
+VRT_SetHdr(ctx,
+&VGC_HDR_RESP_COOKIE_EXPIRES,
+date_buf,
+vrt_magic_string_end
+);
+}C
+}
+-- */
+sub vcl_recv {
+if (req.restarts == 0) {
+if (req.http.X-Forwarded-For) {
+set req.http.X-Forwarded-For =
+req.http.X-Forwarded-For + ", " + client.ip;
+} else {
+set req.http.X-Forwarded-For = client.ip;
+}
+}
+if (!true || req.http.Authorization ||
+req.method !~ "^(GET|HEAD|OPTIONS)$" ||
+req.http.Cookie ~ "varnish_bypass=1") {
+return (pipe);
+}
+if(false) {
+set req.http.X-Varnish-Origin-Url = req.url;
+}
+set req.url = regsuball(req.url, "(.*)//+(.*)", "\1/\2");
+if (req.http.Accept-Encoding) {
+if (req.http.Accept-Encoding ~ "gzip") {
+set req.http.Accept-Encoding = "gzip";
+} else if (req.http.Accept-Encoding ~ "deflate") {
+set req.http.Accept-Encoding = "deflate";
+} else {
+unset req.http.Accept-Encoding;
+}
+}
+if (req.http.User-Agent ~ "iP(?:hone|ad|od)|BlackBerry|Palm|Googlebot-Mobile|Mobile|mobile|mobi|Windows Mobile|Safari Mobile|Android|Opera (?:Mini|Mobi)") {
+set req.http.X-Normalized-User-Agent = "mobile";
+} else if (req.http.User-Agent ~ "MSIE") {
+set req.http.X-Normalized-User-Agent = "msie";
+} else if (req.http.User-Agent ~ "Firefox") {
+set req.http.X-Normalized-User-Agent = "firefox";
+} else if (req.http.User-Agent ~ "Chrome") {
+set req.http.X-Normalized-User-Agent = "chrome";
+} else if (req.http.User-Agent ~ "Safari") {
+set req.http.X-Normalized-User-Agent = "safari";
+} else if (req.http.User-Agent ~ "Opera") {
+set req.http.X-Normalized-User-Agent = "opera";
+} else {
+set req.http.X-Normalized-User-Agent = "other";
+}
+if (req.url ~ "^(/media/|/skin/|/js/|/)(?:(?:index|litespeed)\.php/)?") {
+set req.http.X-Turpentine-Secret-Handshake = "1";
+if (req.url ~ "^(/media/|/skin/|/js/|/)(?:(?:index|litespeed)\.php/)?admin") {
+set req.backend_hint = admin;
+return (pipe);
+}
+if (req.http.Cookie ~ "\bcurrency=") {
+set req.http.X-Varnish-Currency = regsub(
+req.http.Cookie, ".*\bcurrency=([^;]*).*", "\1");
+}
+if (req.http.Cookie ~ "\bstore=") {
+set req.http.X-Varnish-Store = regsub(
+req.http.Cookie, ".*\bstore=([^;]*).*", "\1");
+}
+if (req.url ~ "/turpentine/esi/get(?:Block|FormKey)/") {
+set req.http.X-Varnish-Esi-Method = regsub(
+req.url, ".*/method/(\w+)/.*", "\1");
+set req.http.X-Varnish-Esi-Access = regsub(
+req.url, ".*/access/(\w+)/.*", "\1");
+if (req.http.X-Varnish-Esi-Method == "esi" && req.esi_level == 0 &&
+!(true || client.ip ~ debug_acl)) {
+return (synth(403, "External ESI requests are not allowed"));
+}
+}
+if (req.http.Cookie !~ "frontend=" && !req.http.X-Varnish-Esi-Method) {
+if (client.ip ~ crawler_acl ||
+req.http.User-Agent ~ "^(?:ApacheBench/.*|.*Googlebot.*|JoeDog/.*Siege.*|magespeedtest\.com|Nexcessnet_Turpentine/.*)$") {
+set req.http.Cookie = "frontend=crawler-session";
+} else {
+return (pipe);
+}
+}
+if (true &&
+req.url ~ ".*\.(?:css|js|jpe?g|png|gif|ico|swf)(?=\?|&|$)") {
+unset req.http.Cookie;
+unset req.http.X-Varnish-Faked-Session;
+set req.http.X-Varnish-Static = 1;
+return (hash);
+}
+if (req.url ~ "^(/media/|/skin/|/js/|/)(?:(?:index|litespeed)\.php/)?(?:admin|api|jmsgate|admin|.cron\.php|adminturnto|adminhtml_emailcapture|adminhtml_abandonedcartreport|adminhtml_productattributes|chec
+kout|onepage|paypal/express/review/|wsalogger|amxnotif|remarketing|rewardpoints|onsale_admin|admin|catalog/quickview/minicartupdate|sales/|wishlist/|rma/|sendfriend|contacts|anattadesign_awesomecheckout|m
+extensionmanageradmin|rewardpoints/invitation|rewardpoints/rewardpoints|order-status|addchosenitem|mybuys|ixcbadv|mageworx_xsitemap|sitemap.xml)" ||
+req.url ~ "\?.*__from_store=") {
+return (pipe);
+}
+if (true &&
+req.url ~ "(?:[?&](?:__SID|XDEBUG_PROFILE|mw_reward)(?=[&=]|$))") {
+return (pass);
+}
+if (req.url ~ "[?&](utm_source|utm_medium|utm_campaign|gclid|cx|ie|cof|siteurl)=") {
+set req.url = regsuball(req.url, "(?:(\?)?|&)(?:utm_source|utm_medium|utm_campaign|gclid|cx|ie|cof|siteurl)=[^&]+", "\1");
+set req.url = regsuball(req.url, "(?:(\?)&|\?$)", "\1");
+}
+if (true && req.url ~ "[?&](utm_source|utm_medium|utm_campaign|utm_content|utm_term|gclid|cx|ie|cof|siteurl)=") {
+set req.url = regsuball(req.url, "(?:(\?)?|&)(?:utm_source|utm_medium|utm_campaign|utm_content|utm_term|gclid|cx|ie|cof|siteurl)=[^&]+", "\1");
+set req.url = regsuball(req.url, "(?:(\?)&|\?$)", "\1");
+}
+if(false) {
+set req.http.X-Varnish-Cache-Url = req.url;
+set req.url = req.http.X-Varnish-Origin-Url;
+unset req.http.X-Varnish-Origin-Url;
+}
+return (hash);
+}
+}
+sub vcl_pipe {
+unset bereq.http.X-Turpentine-Secret-Handshake;
+set bereq.http.Connection = "close";
+}
+sub vcl_hash {
+if (true && req.http.X-Varnish-Static) {
+hash_data(req.url);
+if (req.http.Accept-Encoding) {
+hash_data(req.http.Accept-Encoding);
+}
+return (lookup);
+}
+if(false && req.http.X-Varnish-Cache-Url) {
+hash_data(req.http.X-Varnish-Cache-Url);
+} else {
+hash_data(req.url);
+}
+if (req.http.Host) {
+hash_data(req.http.Host);
+} else {
+hash_data(server.ip);
+}
+hash_data(req.http.Ssl-Offloaded);
+if (req.http.X-Normalized-User-Agent) {
+hash_data(req.http.X-Normalized-User-Agent);
+}
+if (req.http.Accept-Encoding) {
+hash_data(req.http.Accept-Encoding);
+}
+if (req.http.X-Varnish-Store || req.http.X-Varnish-Currency) {
+hash_data("s=" + req.http.X-Varnish-Store + "&c=" + req.http.X-Varnish-Currency);
+}
+if (req.http.X-Varnish-Esi-Access == "private" &&
+req.http.Cookie ~ "frontend=") {
+hash_data(regsub(req.http.Cookie, "^.*?frontend=([^;]*);*.*$", "\1"));
+}
+return (lookup);
+}
+sub vcl_hit {
+}
+sub vcl_backend_response {
+set beresp.grace = 15s;
+set beresp.http.X-Varnish-Host = bereq.http.host;
+set beresp.http.X-Varnish-URL = bereq.url;
+if (bereq.url ~ "^(/media/|/skin/|/js/|/)(?:(?:index|litespeed)\.php/)?") {
+unset beresp.http.Vary;
+set beresp.do_gzip = true;
+if (beresp.status != 200 && beresp.status != 404) {
+set beresp.ttl = 15s;
+set beresp.uncacheable = true;
+return (deliver);
+} else {
+if (beresp.http.Set-Cookie) {
+set beresp.http.X-Varnish-Set-Cookie = beresp.http.Set-Cookie;
+unset beresp.http.Set-Cookie;
+}
+unset beresp.http.Cache-Control;
+unset beresp.http.Expires;
+unset beresp.http.Pragma;
+unset beresp.http.Cache;
+unset beresp.http.Age;
+if (beresp.http.X-Turpentine-Esi == "1") {
+set beresp.do_esi = true;
+}
+if (beresp.http.X-Turpentine-Cache == "0") {
+set beresp.ttl = 15s;
+set beresp.uncacheable = true;
+return (deliver);
+} else {
+if (true &&
+bereq.url ~ ".*\.(?:css|js|jpe?g|png|gif|ico|swf)(?=\?|&|$)") {
+set beresp.ttl = 2592000s;
+set beresp.http.Cache-Control = "max-age=2592000";
+} elseif (bereq.http.X-Varnish-Esi-Method) {
+if (bereq.http.X-Varnish-Esi-Access == "private" &&
+bereq.http.Cookie ~ "frontend=") {
+set beresp.http.X-Varnish-Session = regsub(bereq.http.Cookie,
+"^.*?frontend=([^;]*);*.*$", "\1");
+}
+if (bereq.http.X-Varnish-Esi-Method == "ajax" &&
+bereq.http.X-Varnish-Esi-Access == "public") {
+set beresp.http.Cache-Control = "max-age=" + regsub(
+bereq.url, ".*/ttl/(\d+)/.*", "\1");
+}
+set beresp.ttl = std.duration(
+regsub(
+bereq.url, ".*/ttl/(\d+)/.*", "\1s"),
+300s);
+if (beresp.ttl == 0s) {
+set beresp.ttl = 15s;
+set beresp.uncacheable = true;
+return (deliver);
+}
+} else {
+set beresp.ttl = 3600s;
+}
+}
+}
+return (deliver);
+}
+}
+sub vcl_deliver {
+if (req.http.X-Varnish-Faked-Session) {
+set resp.http.Set-Cookie = req.http.X-Varnish-Faked-Session +
+"; expires=" + resp.http.X-Varnish-Cookie-Expires + "; path=/";
+if (req.http.Host) {
+if (req.http.User-Agent ~ "^(?:ApacheBench/.*|.*Googlebot.*|JoeDog/.*Siege.*|magespeedtest\.com|Nexcessnet_Turpentine/.*)$") {
+set resp.http.Set-Cookie = resp.http.Set-Cookie +
+"; domain=" + regsub(req.http.Host, ":\d+$", "");
+} else {
+if(req.http.Host ~ "") {
+set resp.http.Set-Cookie = resp.http.Set-Cookie +
+"; domain=";
+} else {
+set resp.http.Set-Cookie = resp.http.Set-Cookie +
+"; domain=" + regsub(req.http.Host, ":\d+$", "");
+}
+}
+}
+set resp.http.Set-Cookie = resp.http.Set-Cookie + "; httponly";
+unset resp.http.X-Varnish-Cookie-Expires;
+}
+if (req.http.X-Varnish-Esi-Method == "ajax" && req.http.X-Varnish-Esi-Access == "private") {
+set resp.http.Cache-Control = "no-cache";
+}
+if (true || client.ip ~ debug_acl) {
+set resp.http.X-Varnish-Hits = obj.hits;
+set resp.http.X-Varnish-Esi-Method = req.http.X-Varnish-Esi-Method;
+set resp.http.X-Varnish-Esi-Access = req.http.X-Varnish-Esi-Access;
+set resp.http.X-Varnish-Currency = req.http.X-Varnish-Currency;
+set resp.http.X-Varnish-Store = req.http.X-Varnish-Store;
+} else {
+unset resp.http.X-Varnish;
+unset resp.http.Via;
+unset resp.http.X-Powered-By;
+unset resp.http.Server;
+unset resp.http.X-Turpentine-Cache;
+unset resp.http.X-Turpentine-Esi;
+unset resp.http.X-Turpentine-Flush-Events;
+unset resp.http.X-Turpentine-Block;
+unset resp.http.X-Varnish-Session;
+unset resp.http.X-Varnish-Host;
+unset resp.http.X-Varnish-URL;
+unset resp.http.X-Varnish-Set-Cookie;
+}
+}