Version compatibility : 5.2 / 5.3 = / 2013.07
Provided VCL example is given for Varnish 3.x only.
It needs Varnish Curl= Vmod to be installed.
A Varnish Vmod always needs to be built from source.
If you use Debi=
an, you may want to follow this tutorial for building Varnish Vmods.
The first thing is to configure Varnish to advertise ESI usage and to ac= tivate cache invalidation and Context aware HTTP cache.
# Varnish 3.x - eZ Publish 5.2/5.3 - Complete VCL
import curl;
# Our Backend - We assume that eZ Publish Web server listen on port 80
backend ezpublish {
.host =3D "127.0.0.1";
.port =3D "80";
}
=20
# ACL for purgers IP.
# Provide here IP addresses that are allowed to send PURGE requests.
# PURGE requests will be sent by the backend.
acl purgers {
"127.0.0.1";
"192.168.0.0"/16;
}
=20
# Called at the beginning of a request, after the complete request has been=
received
sub vcl_recv {
=20
# Set the backend
set req.backend =3D ezpublish;
=20
# Advertise Symfony for ESI support
set req.http.Surrogate-Capability =3D "abc=3DESI/1.0";
=20
# Add a unique header containing the client address (only for master re=
quest)
# Please note that /_fragment URI can change in Symfony configuration
if (!req.url ~ "^/_fragment") {
if (req.http.x-forwarded-for) {
set req.http.X-Forwarded-For =3D req.http.X-Forwarded-For + ", =
" + client.ip;
} else {
set req.http.X-Forwarded-For =3D client.ip;
}
}
=20
# Trigger purge if needed.
call ez_purge;
=20
# Normalize the Accept-Encoding headers
if (req.http.Accept-Encoding) {
if (req.http.Accept-Encoding ~ "gzip") {
set req.http.Accept-Encoding =3D "gzip";
} elsif (req.http.Accept-Encoding ~ "deflate") {
set req.http.Accept-Encoding =3D "deflate";
} else {
unset req.http.Accept-Encoding;
}
}
=20
# Don't cache Authenticate & Authorization
if (req.http.Authenticate || req.http.Authorization) {
return(pass);
}
# Don't cache requests other than GET and HEAD.
if (req.request !=3D "GET" && req.request !=3D "HEAD") {
return (pass);
}
# Do a standard lookup on assets
# Note that file extension list below is not extensive, so consider com=
pleting it to fit your needs.
if (req.request =3D=3D "GET" && req.url ~ "\.(css|js|gif|jpe?g|=
bmp|png|tiff?|ico|img|tga|wmf|svg|swf|ico|mp3|mp4|m4a|ogg|mov|avi|wmv|zip|g=
z|pdf|ttf|eot|wof)$") {
return (lookup);
}
# Retrieve client user hash and add it to the forwarded request.
call ez_user_hash;
# If it passes all these tests, do a lookup anyway;
return (lookup);
}
=20
# Called when the requested object has been retrieved from the backend
sub vcl_fetch {
=20
# Optimize to only parse the Response contents from Symfony
if (beresp.http.Surrogate-Control ~ "ESI/1.0") {
unset beresp.http.Surrogate-Control;
set beresp.do_esi =3D true;
}
=20
# Don't cache response with Set-Cookie
if ( beresp.http.Set-Cookie ) {
set beresp.ttl =3D 0s;
return (hit_for_pass);
}
=20
# Respect the Cache-Control=3Dprivate header from the backend
if (beresp.http.Cache-Control ~ "private") {
set beresp.ttl =3D 0s;
return (hit_for_pass);
}
=20
return (deliver);
}
# Handle purge
# Only works with "multiple_http" purge method
sub ez_purge {
# Handle purge
# Only works with "multiple_http" purge method
if (req.request =3D=3D "PURGE") {
if (!client.ip ~ purgers) {
error 405 "Method not allowed";
}
=20
if ( req.http.X-Location-Id =3D=3D "*" ) {
# Purge all locations
ban( "obj.http.X-Location-Id ~ ^[0-9]+$" );
error 200 "Purge all locations done.";
} elseif ( req.http.X-Location-Id ) {
# Purge location by its locationId
ban( "obj.http.X-Location-Id =3D=3D " + req.http.X-Location-Id =
);
error 200 "Purge of content connected to the location id(" + re=
q.http.X-Location-Id + ") done.";
}
}
}
# Sub-routine to get client user hash, for context-aware HTTP cache.
# Don't forget to correctly set the backend host for the Curl sub-request.
sub ez_user_hash {
if (req.request =3D=3D "GET") {
# Pre-authenticate request to get shared cache, even when authentic=
ated
if (req.http.Cookie !~ "eZSESSID" ) {
# User don't have session cookie =3D> Set a hardcoded anonym=
ous hash
set req.http.X-User-Hash =3D "38015b703d82206ebc01d17a39c727e5"=
;
} else {
# User is authenticated =3D> fetch user hash
curl.header_add("X-HTTP-Override: AUTHENTICATE");
curl.header_add("Accept: application/vnd.ez.UserHash+text");
curl.header_add("Cookie: " + req.http.Cookie);
# Customize with real backend host
# E.g. curl.get("http://www.metalfrance.net");
curl.get("http://" + req.http.host + "/");
if (curl.status() =3D=3D 200) {
set req.http.X-User-Hash =3D curl.header("X-User-Hash");
}
}
}
}
=20
You can of course add additional rules if you need.
The front controller can now be altered with environment variables, with=
out the need to modify index.php, this is reflected in the steps belo=
w.
By default your front controller (index.phpEzPublishCache, which ex=
tends SymfonyHTTPCache. In order to use Varnish, you need to d=
eactivate it and configure Varnish to be a trusted proxy so ESI continues t=
o work.
<VirthualHost *:80>
# Configure your VirtualHost with rewrite rules and stuff
# Force front controller NOT to use built-in reverse proxy.
SetEnv USE_HTTP_CACHE 0
=09# Configure IP of your Varnish server to be trusted proxy
SetEnv TRUSTED_PROXIES "193.22.44.22"
</VirtualHost>=20
fastcgi_param USE_HTTP_CACHE 0 fastcgi_param TRUSTED_PROXIES "193.22.44.22"=20
ezpublish:
http_cache:
# Before 5.4: Use "multiple_http" method for purging content
# As of 5.4 only use "http"
purge_type: http
system:
# Assuming that my_siteaccess_group your frontend AND backend sitea=
ccesses
my_siteaccess_group:
http_cache:
# Fill in your Varnish server(s) address(es).
purge_servers: [http://my.varnish.server:6081]=20
Et voil=C3=A0 !