Varnish configuration

1. Install Varnish (apt-get)

2. Put this in /etc/varnish/default.vcl :

#Configure Varnish to see both of the Plone ZEO clients for load balancing
#backend backend_0 {
#.host = "127.0.0.1";
#.port = "6080";
#}
#backend backend_1 {
#.host = "127.0.0.1";
#.port = "8081";
#}

# configure Varnish for to load balance between the two ZEO clients
#director director_0 round-robin {
# {
# .backend = backend_0;
# }
# {
# .backend = backend_1;
# }
#}

backend default {
.host = "127.0.0.1";
.port = "6080";
}

acl purge {
 "localhost";
}

# configure Varnish to look for HTTP headers indicating the protocol (HTTPS or HTTP) and respond accordingly
sub vcl_recv {
 set req.grace = 120s;
 set req.backend = default;
 if (req.http.X-Forwarded-Proto == "https" ) {
 set req.http.X-Forwarded-Port = "443";
 } else {
 set req.http.X-Forwarded-Port = "80";
 set req.http.X-Forwarded-Proto = "http";
 }

# Here is the magic: configure Varnish to rewrite incoming requests into Zope VirtualHostMonster URLs 
# where you see "(www\.|ipv6\.|dev\.)" each of "www" "ipv6" and "dev" are possible subdomains that 
# apply to your site. For instance, this allows people to access your site as both 
# http://mydomain.com/ AND as http://www.mydomain.com/ (or http://ipv6. . . . or http://dev. . . .)
# If your site has more than 2 or 3 DNS components (e.g., mysever.mydepartment.mycompany.com has 4 
# components, you'll need to adjust the Regex strings.
# note that the basis for this section was gracelessly lifted from the following site:
#  http://varnish.projects.linpro.no/ticket/536
if (req.http.host ~ "^(www\.|ipv6\.|dev\.)?([-0-9a-zA-Z]+)\.([a-zA-Z]+)$") {
 set req.http.host = regsub(req.http.host, "^(www\.|ipv6\.|dev\.)?([-0-9a-zA-Z]+)\.([a-zA-Z]+)$", "\1\2.\3");
 set req.url = "/VirtualHostBase/" req.http.X-Forwarded-Proto
 regsub(req.http.host, "^(www\.|ipv6\.|dev\.)?([-0-9a-zA-Z]+)\.([a-zA-Z]+)$", "/\1\2.\3:")
 req.http.X-Forwarded-Port
#You may want to UNcomment the line below (starting "regsub( . . ." and comment out the line starting 
# "/Plone/ . . .". The default Plone Unified Installer configuration creates your Plone site inside
# the Zope root as "/Plone". If you are serving multiple Plone sites, the commented-out line will allow 
# you to put them in the Zope root as "mysite.com" and "myothersite.com". If you're using the default,
# leave it as is.
 regsub(req.http.host, "^(www\.|ipv6\.|dev\.)?([-0-9a-zA-Z]+)\.([a-zA-Z]+)$", "/\1\2.\3/VirtualHostRoot")
# "/Plone/VirtualHostRoot"
 req.url;
 }


# Everything below here is "stock" from the plone.recipe.varnish package available on PyPi:
# http://pypi.python.org/pypi/plone.recipe.varnish

 if (req.request == "PURGE") {
 if (!client.ip ~ purge) {
 error 405 "Not allowed.";
 }
 lookup;
 }

 if (req.request != "GET" &&
 req.request != "HEAD" &&
 req.request != "PUT" &&
 req.request != "POST" &&
 req.request != "TRACE" &&
 req.request != "OPTIONS" &&
 req.request != "DELETE") {
 /* Non-RFC2616 or CONNECT which is weird. */
 pipe;
 }

 if (req.request != "GET" && req.request != "HEAD") {
 /* We only deal with GET and HEAD by default */
 pass;
 }

 if (req.http.If-None-Match) {
 pass;
 }

 if (req.url ~ "createObject") {
 pass;
 }

 remove req.http.Accept-Encoding;

 lookup;
}

sub vcl_pipe {
 # This is not necessary if you do not do any request rewriting.
 set req.http.connection = "close";
}

sub vcl_hit {
 if (req.request == "PURGE") {
 purge_url(req.url);
 error 200 "Purged";
 }

 if (!obj.cacheable) {
 pass;
 }
}

sub vcl_miss {
 if (req.request == "PURGE") {
 error 404 "Not in cache";
 }

}

sub vcl_fetch {
 set obj.grace = 120s;
 if (!obj.cacheable) {
 pass;
 }
 if (obj.http.Set-Cookie) {
 pass;
 }
 if (obj.http.Cache-Control ~ "(private|no-cache|no-store)") {
 pass;
 }
 if (req.http.Authorization && !obj.http.Cache-Control ~ "public") {
 pass;
 }

}