Navigation
eZ Documentation Center
 

This is outdated documentation made for eZ Publish Platform 5.2. It is being moved into the eZ Publish 5.x documentation, so please go there for most up-to-date documentation.

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: small improvements to comments in code

...

Code Block
languageperl
titleezpublish5.vcl
# Varnish 3.x - eZ Publish 5 - Complete VCL
 
import curl;
 
# Our Backend - We assume that eZ Publish Web server listenlistens on port 80
backend ezpublish {
    .host = "127.0.0.1";
    .port = "80";
}
 
# ACL for purgers - based on IP.
# Provide here IP addresses that are allowed to send PURGE requests.
# PURGE requests will be sent by the backend. It is not a good idea to allow end-users to invalidate caches.
acl purgers {
    "127.0.0.1";
    "192.168.0.0"/16;
}
 
# Called at the beginning of a request, after the complete request has been received
sub vcl_recv {
 
    # Set the backend
    set req.backend = ezpublish;
 
    # Advertise Symfony for ESI support to Symfony
    set req.http.Surrogate-Capability = "abc=ESI/1.0";
 
    # Add a unique header containing the client address
    if (req.http.x-forwarded-for) {
        set req.http.X-Forwarded-For = req.http.X-Forwarded-For + ", " + client.ip;
    } else {
        set req.http.X-Forwarded-For = client.ip;
    }
 
    # Trigger purge if needed.
    call ez_purge;
 
    # Normalize the Accept-Encoding headers
    if (req.http.Accept-Encoding) {
        if (req.http.Accept-Encoding ~ "gzip") {
            set req.http.Accept-Encoding = "gzip";
        } elsif (req.http.Accept-Encoding ~ "deflate") {
            set req.http.Accept-Encoding = "deflate";
        } else {
            unset req.http.Accept-Encoding;
        }
    }
 
    # Don't cache Authenticate & Authorization
    if (req.http.Authenticate || req.http.Authorization) {
        return(pass);
    }
 
    # Do a standard lookup on assets
    # Note that file extension list below is not extensive, so consider completing it to fit your needs.
    if (req.request == "GET" && req.url ~ "\.(css|js|gif|jpe?g|bmp|png|tiff?|ico|img|tga|wmf|svg|swf|ico|mp3|mp4|m4a|ogg|mov|avi|wmv|zip|gz|pdf|ttf|eot|wof)$") {
        return (lookup);
    }

    # Retrieve client user hash and add it to the forwarded request.
    call ez_user_hash;

    # If it passes all these tests, do a lookup anyway;
    return (lookup);
}
 
# Called when the requested object has been retrieved from the backend
sub vcl_fetch {
 
    # Optimize to only parse the Response contents from Symfony
    if (beresp.http.Surrogate-Control ~ "ESI/1.0") {
        unset beresp.http.Surrogate-Control;
        set beresp.do_esi = true;
    }
 
    # Don't cache response with Set-Cookie
    if ( beresp.http.Set-Cookie ) {
        set beresp.ttl = 0s;
        return (hit_for_pass);
    }
 
    # Respect the Cache-Control=private header from the backend
    if (beresp.http.Cache-Control ~ "private") {
        set beresp.ttl = 0s;
        return (hit_for_pass);
    }
 
    return (deliver);
}


# Handle purge
# Only works with "multiple_http" purge method
sub ez_purge {

    # Handle purge
    # Only works with "multiple_http" purge method
    if (req.request == "PURGE") {
        if (!client.ip ~ purgers) {
            error 405 "Method not allowed";
        }
 
        if ( req.http.X-Location-Id == "*" ) {
            # Purge all locations
            ban( "obj.http.X-Location-Id ~ ^[0-9]+$" );
            error 200 "Purge all locations done.";
        } elseif ( req.http.X-Location-Id ) {
            # Purge location by its locationId
            ban( "obj.http.X-Location-Id == " + req.http.X-Location-Id );
            error 200 "Purge of content connected to the location id(" + req.http.X-Location-Id + ") done.";
        }
    }
}

# Sub-routine to get client user hash, for context-aware HTTP cache.
# Don't forget to correctly set the backend host for the Curl sub-request.
sub ez_user_hash {

    if (req.request == "GET") {
        # Pre-authenticate request to get shared cache, even when authenticated
        if (req.http.Cookie !~ "is_logged_in=" ) {
            # User dondoesn't have "is_logged_in" cookie => Set a hardcoded anonymous hash
            set req.http.X-User-Hash = "38015b703d82206ebc01d17a39c727e5";
        } else {
            # User is authenticated => fetch user hash
            curl.header_add("X-HTTP-Override: AUTHENTICATE");
            curl.header_add("Accept: application/vnd.ez.UserHash+text");
            curl.header_add("Cookie: " + req.http.Cookie);
            # Customize with real backend host
            # E.g. curl.get("http://www.metalfrance.net");
            curl.get("http://<host_of_your_backend>/");
            if (curl.status() == 200) {
                set req.http.X-User-Hash = curl.header("X-User-Hash");
            }
        }
    }
}

...