Include Varnish configuration files.

slapos/recipe/apache/template/varnish.vcl.in

+# This is a basic VCL configuration file for varnish.  See the vcl(7)
+# man page for details on VCL syntax and semantics.
+# 
+# Default backend definition.  Set this to point to your content
+# server.
+# 
+backend default {
+    .host = "${:backend_host}";
+    .port = "${:backend_port}";
+    .probe = { 
+        .url = "/";
+        .timeout = 10s;
+        .interval = 10s;
+        .window = 4;
+        .threshold = 3;
+    }
+}
+# 
+# Below is a commented-out copy of the default VCL logic.  If you
+# redefine any of these subroutines, the built-in logic will be
+# appended to your code.
+# 
+# sub vcl_recv {
+#     if (req.http.x-forwarded-for) {
+#   set req.http.X-Forwarded-For =
+#       req.http.X-Forwarded-For ", " client.ip;
+#     } else {
+#   set req.http.X-Forwarded-For = client.ip;
+#     }
+#     if (req.request != "GET" &&
+#       req.request != "HEAD" &&
+#       req.request != "PUT" &&
+#       req.request != "POST" &&
+#       req.request != "TRACE" &&
+#       req.request != "OPTIONS" &&
+#       req.request != "DELETE") {
+#         /* Non-RFC2616 or CONNECT which is weird. */
+#         return (pipe);
+#     }
+#     if (req.request != "GET" && req.request != "HEAD") {
+#         /* We only deal with GET and HEAD by default */
+#         return (pass);
+#     }
+#     if (req.http.Authorization || req.http.Cookie) {
+#         /* Not cacheable by default */
+#         return (pass);
+#     }
+#     return (lookup);
+# }
+sub vcl_recv {
+    if (req.http.cache-control ~ "no-cache") {
+        purge_url(req.url);
+    }
+
+    if (req.url ~ "\.(css|js|ico)$") {
+        unset req.http.cookie;
+    }
+
+    # remove bogus cookies
+    if (req.http.Cookie) {
+        set req.http.Cookie = regsuball(req.http.Cookie, "(^|; ) *__utm.=[^;]+;? *", "\1");
+        set req.http.Cookie = regsuball(req.http.Cookie, "(^|; ) *__ac_name=\x22\x22;? *", "\1");
+        set req.http.Cookie = regsuball(req.http.Cookie, "(^|; ) *__ac=\x22Og.3D.3D\x22;? *", "\1");
+    }
+    if (req.http.Cookie == "") {
+        remove req.http.Cookie;
+    }
+
+    if (req.http.x-forwarded-for) {
+  set req.http.X-Forwarded-For =
+      req.http.X-Forwarded-For ", " client.ip;
+    } else {
+  set req.http.X-Forwarded-For = client.ip;
+    }
+    if (req.request != "GET" &&
+      req.request != "HEAD" &&
+      req.request != "PUT" &&
+      req.request != "POST" &&
+      req.request != "TRACE" &&
+      req.request != "OPTIONS" &&
+      req.request != "DELETE") {
+        /* Non-RFC2616 or CONNECT which is weird. */
+        return (pipe);
+    }
+    if (req.request != "GET" && req.request != "HEAD") {
+        /* We only deal with GET and HEAD by default */
+        return (pass);
+    }
+    if (req.http.Authorization) {
+        /* Not cacheable by default */
+        return (pass);
+    }
+    if (req.http.Cookie && req.http.Cookie ~ "(^|; ) *__ac=") {
+        /* Not cacheable for authorised users,
+     but KM images are cacheable */
+  if (!(req.url ~ "/km_img/.*\.(png|gif)$")) {
+    return (pass);
+  }
+    }
+    # XXX login form can defer based on __ac_name cookie value
+    if (req.url ~ "/(login_form|WebSite_viewLoginDialog)($|\?)") {
+        return (pass);
+    }
+    if (req.backend.healthy) {
+        set req.grace = 1h;
+    } else {
+        set req.grace = 1w;
+    }
+    return (lookup);
+}
+# 
+# sub vcl_pipe {
+#     # Note that only the first request to the backend will have
+#     # X-Forwarded-For set.  If you use X-Forwarded-For and want to
+#     # have it set for all requests, make sure to have:
+#     # set req.http.connection = "close";
+#     # here.  It is not set by default as it might break some broken web
+#     # applications, like IIS with NTLM authentication.
+#     return (pipe);
+# }
+# 
+# sub vcl_pass {
+#     return (pass);
+# }
+# 
+# sub vcl_hash {
+#     set req.hash += req.url;
+#     if (req.http.host) {
+#         set req.hash += req.http.host;
+#     } else {
+#         set req.hash += server.ip;
+#     }
+#     return (hash);
+# }
+# 
+# sub vcl_hit {
+#     if (!obj.cacheable) {
+#         return (pass);
+#     }
+#     return (deliver);
+# }
+# 
+# sub vcl_miss {
+#     return (fetch);
+# }
+# 
+# sub vcl_fetch {
+#     if (!beresp.cacheable) {
+#         return (pass);
+#     }
+#     if (beresp.http.Set-Cookie) {
+#         return (pass);
+#     }
+#     return (deliver);
+# }
+sub vcl_fetch {
+    # we only cache 200 (OK) and 304 (Not Modified) responses.
+    if (beresp.status != 200 && beresp.status != 304) {
+        set beresp.cacheable = false;
+    }
+
+    if (beresp.http.cache-control ~ "no-cache") {
+        set beresp.cacheable = false;
+    }
+
+    if (!beresp.cacheable) {
+        unset beresp.http.expires;
+        set beresp.http.cache-control = "no-cache";
+        return (pass);
+    }
+
+    # we don't care haproxy's cookie.
+    if (beresp.http.Set-Cookie && beresp.http.Set-Cookie !~ "^SERVERID=[^;]+; path=/$") {
+        return (pass);
+    }
+
+    if (req.url ~ "\.(css|js|ico)$") {
+        unset beresp.http.set-cookie;
+        set beresp.http.cache-control = regsub(beresp.http.cache-control, "^", "public,");
+        set beresp.http.cache-control = regsub(beresp.http.cache-control, ",$", "");
+    }
+
+    # remove some headers added by caching policy manager to avoid
+    # '304 Not Modified' in case of login <-> logout switching.
+    if (beresp.http.content-type ~ "^text/html") {
+  unset beresp.http.last-modified;
+    }
+
+    if (beresp.cacheable) {
+        /* Remove Expires from backend, it's not long enough */
+        unset beresp.http.expires;
+        /* Set the clients TTL on this object */
+        set beresp.http.cache-control = "max-age = 900";
+        /* Set how long Varnish will keep it */
+        set beresp.ttl = 1w;
+        /* marker for vcl_deliver to reset Age: */
+        set beresp.http.magicmarker = "1";
+    }
+
+    set beresp.grace = 1w;
+
+    return (deliver);
+}
+# 
+# sub vcl_deliver {
+#     return (deliver);
+# }
+sub vcl_deliver {
+    if (resp.http.magicmarker) {
+        /* Remove the magic marker */
+        unset resp.http.magicmarker;
+        /* By definition we have a fresh object */
+        set resp.http.age = "0";
+    }
+    if (obj.hits > 0) {
+        set resp.http.X-Cache = obj.hits;
+    } else {
+      set resp.http.X-Cache = "MISS";
+    }
+    return (deliver);
+}
+
+# 
+# sub vcl_error {
+#     set obj.http.Content-Type = "text/html; charset=utf-8";
+#     synthetic {"
+# <?xml version="1.0" encoding="utf-8"?>
+# <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
+#  "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+# <html>
+#   <head>
+#     <title>"} obj.status " " obj.response {"</title>
+#   </head>
+#   <body>
+#     <h1>Error "} obj.status " " obj.response {"</h1>
+#     <p>"} obj.response {"</p>
+#     <h3>Guru Meditation:</h3>
+#     <p>XID: "} req.xid {"</p>
+#     <hr>
+#     <p>Varnish cache server</p>
+#   </body>
+# </html>
+# "};
+#     return (deliver);
+# }

slapos/recipe/apache/template/varnishd.in

+#!/bin/sh
+exec %(varnishd_binary)s -F -n $(directory)s -P $(pid)s -f $(configuration_file) -a %(port)s -T %(control_port) -s $(storage)s