From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <e@80x24.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on dcvr.yhbt.net
X-Spam-Level: 
X-Spam-ASN:  
X-Spam-Status: No, score=-4.0 required=3.0 tests=ALL_TRUSTED,BAYES_00
	shortcircuit=no autolearn=ham autolearn_force=no version=3.4.0
Received: from localhost (dcvr.yhbt.net [127.0.0.1])
	by dcvr.yhbt.net (Postfix) with ESMTP id 7AC9420FD2
	for <meta@public-inbox.org>; Fri,  1 Jul 2016 15:42:25 +0000 (UTC)
From: Eric Wong <e@80x24.org>
To: meta@public-inbox.org
Subject: [PATCH 2/2] examples: add varnish-4.vcl
Date: Fri,  1 Jul 2016 15:42:23 +0000
Message-Id: <20160701154223.3892-3-e@80x24.org>
In-Reply-To: <20160701154223.3892-1-e@80x24.org>
References: <20160701154223.3892-1-e@80x24.org>
List-Id: <meta@public-inbox.org>

Well, I'm fumbling along with this config.  Might as well
fumble along with it publically :)
---
 examples/varnish-4.vcl | 74 ++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 74 insertions(+)
 create mode 100644 examples/varnish-4.vcl

diff --git a/examples/varnish-4.vcl b/examples/varnish-4.vcl
new file mode 100644
index 0000000..7439679
--- /dev/null
+++ b/examples/varnish-4.vcl
@@ -0,0 +1,74 @@
+# Example VCL for Varnish 4.0 with public-inbox WWW code
+# This is based on what shipped for 3.x a long time ago (I think)
+# and I'm hardly an expert in VCL (nor should we expect anybody
+# who maintains a public-inbox HTTP interface to be).
+#
+# It seems to work for providing some protection from traffic
+# bursts; but perhaps the public-inbox WWW interface can someday
+# provide enough out-of-the-box performance that configuration
+# of an extra component is pointless.
+
+vcl 4.0;
+backend default {
+	.host = "127.0.0.1";
+	.port = "280";
+}
+
+sub vcl_recv {
+	if (req.restarts == 0) {
+		if (req.http.x-forwarded-for) {
+			set req.http.X-Forwarded-For =
+			req.http.X-Forwarded-For + ", " + client.ip;
+		} else {
+			set req.http.X-Forwarded-For = client.ip;
+		}
+	}
+	if (req.method != "GET" &&
+			req.method != "HEAD" &&
+			req.method != "PUT" &&
+			req.method != "POST" &&
+			req.method != "TRACE" &&
+			req.method != "OPTIONS" &&
+			req.method != "DELETE") {
+		/* Non-RFC2616 or CONNECT which is weird. */
+		return (pipe);
+	}
+	if (req.method != "GET" && req.method != "HEAD") {
+		/* We only deal with GET and HEAD by default */
+		return (pass);
+	}
+	if (req.http.Authorization || req.http.Cookie) {
+		/* Not cacheable by default */
+		return (pass);
+	}
+	return (hash);
+}
+
+sub vcl_hash {
+	hash_data(req.url);
+	if (req.http.host) {
+		hash_data(req.http.host);
+	} else {
+		hash_data(server.ip);
+	}
+	if (req.http.X-Forwarded-Proto) {
+		hash_data(req.http.X-Forwarded-Proto);
+	}
+	return (lookup);
+}
+
+sub vcl_backend_response {
+	set beresp.grace = 60s;
+	set beresp.do_stream = true;
+	if (beresp.ttl <= 0s ||
+		beresp.http.Set-Cookie ||
+		beresp.http.Vary == "*") {
+		/* Mark as "Hit-For-Pass" for the next 2 minutes */
+		set beresp.ttl = 120 s;
+		set beresp.uncacheable = true;
+		return (deliver);
+	} else {
+		set beresp.ttl = 10s;
+	}
+	return (deliver);
+}
-- 
EW