varnish 配置文件分享

前言：
   varnish 爲目前新興起來的軟件，由於中文文檔比較少，配置文件比較複雜，所以在運用起來也是特別的費勁。一個偶然的機會在一個羣裏，有位varnish高手（ sens楊 ）發表了一篇他對varnish配置文件理解的文檔。對於學者來說很有價值。所以轉載了過來。

原文如下：

varnish配置文件原文地址:http://groups.drupal.org/node/63203

注：紅色字體是英文的直接翻譯，有些地方翻譯的不好

綠色部分是一些思考，這個配置對自身的業務配置的很詳細，現在對除了cookie和TTL那部分外其他可以理解80%，慢慢學習體會

backend default {
  .host = "127.0.0.1";
  .port = "8008";
  .connect_timeout = 600s;
  .first_byte_timeout = 600s;
  .between_bytes_timeout = 600s;
}

backend lighttpd {
  .host = "127.0.0.1";
  .port = "81";
  .connect_timeout = 600s;
  .first_byte_timeout = 600s;
  .between_bytes_timeout = 600s;
}

acl techmission_internal {
  "localhost";
  "127.0.0.1";
}
sub vcl_recv {
  // Allow a grace period for offering "stale" data in case backend lags (http://varnish-cache.org/wiki/VCLExampleGrace)
// 如果backend數據滯後，允許爲“過時”數據提供一個寬鬆期
  set req.grace = 5m;
  // block outside world from our test sites
// 阻止非自己說測試網站（的數據訪問）
  if ((req.http.host ~ "www.domain1.org|www.domain2.org") && !(client.ip ~ techmission_internal) && !(req.url ~ "^/ad|^/files")) {
    error 403 "Forbidden";
  }
  if((req.url ~ "/server-status" || req.url ~ "/whm-server-status") && !(client.ip ~ techmission_internal)) {
  error 404 "Not Found";
  }
  // add ping url to test Varnish status
// 增加ping URL測試varnish狀態（這個功能使用大部分vcl都沒配置，可以增加一個監控狀態）
  if (req.request == "GET" && req.url ~ "/varnish-ping") {
  error 200 "OK";
  }
/* Normalize host header to reduce variation in cache */
// 使host頭規範化，以減少在cache中變化（這個爲什麼會說變化呢？）
if (req.http.host == "domain.org" && req.url !~ "^/blogs") {
  set req.http.host = "www.domain.org";
}

/* Normalize Accept-Encoding to reduce effects of Vary: Accept-Encoding
   (cf. http://varnish-cache.org/wiki/FAQ/Compression)
   Also note that Vary: User-Agent is considered harmful
   (cf. http://www.mail-archive.com/[email protected].no/msg03296.html) */
//規範化Accept-Encoding以減少Vary：Accept-Encoding影響（cf），也要注意Vary: User-Agent認爲是有害的

  if (req.http.Accept-Encoding) {
//if先判斷是否可以存在，是爲了縮小處理範圍？
//看到的其他大部分配置直接就下面了，沒有先判斷Accept-Encoding是否存在，這點可以再考慮考慮
//現在有req.can_gzip參數了，判斷客戶端是否接受壓縮代碼傳輸
    if (req.url ~ "\.(jpg|png|gif|gz|tgz|bz2|tbz|mp3|ogg)$") {
      // Don't compress already-compressed files
      remove req.http.Accept-Encoding;
    }
    elsif (req.http.Accept-Encoding ~ "gzip") {
        set req.http.Accept-Encoding = "gzip";
    }
    elsif (req.http.Accept-Encoding ~ "deflate") {
        set req.http.Accept-Encoding = "deflate";
    }
    else {
      // unknown algorithm
// 不瞭解運算
      remove req.http.Accept-Encoding;
    }
  }

  // Remove has_js and Google Analytics __* cookies. Also remove collapsiblock cookies.
//刪除has_js和谷歌統計__*的cookies，同時刪除collapsiblock cookies
  set req.http.Cookie = regsuball(req.http.Cookie, "(^|;\s*)(__[a-z]+|__utma_a2a|has_js|collapsiblock)=[^;]*", "");
  // Remove JSESSIONID cookie from ChristianVolunteering.org static files and pages that are same for all users
//從ChristianVolunteering.org靜態文件和網頁中刪除JSESSIONID cookie，所有的用戶是一樣（處理）的
    if (req.http.host ~ "christianvolunteering.org" &&
         (req.url ~ "^/$" ||
          req.url ~ "(searchform|advancedsearch|shorttermmissions|recruitvolunteers|volunteergettingstarted|virtualvolunteer|organizationsearch|abs-bible-outreach|ab*ecutive-volunteers|abs-traveling-engagement-center|churchinstructions|sitemap|city|virtual|organizationlistings|orglistings7407|technology|volunteerlistings|forgotpassword|churchvolunteer|churchvolunteering|servicetrip|region|citysitemap|searchformadv|personalitytest|groupvolunteering|disasterreliefvolunteering|disasterrelief|internships|christiangapyear|about|FAQs|bookrecommendations|contact|pre***elease|training|volunteerstart|volunteerstories|articles)\.jsp$" ||
          req.url ~ "org/org[0-9]+\.jsp$" ||
          req.url ~ "org/opp[0-9]+\.jsp$" ||
          req.url ~ "orglistings[0-9]+\.jsp$" ||
          req.url ~ "org/[^/]+\.jsp$" ||
          req.url ~ "volunteer/[^/]+\.jsp$")
        ) {
    set req.http.Cookie = regsuball(req.http.Cookie, "(^|;\s*)(JSESSIONID)=[^;]*", "");
  }
  // Remove a ";" prefix, if present.
//如果有”;”前綴，則刪除
  set req.http.Cookie = regsub(req.http.Cookie, "^;\s*", "");
  // Remove empty cookies.
// 刪除空cookies
  if (req.http.Cookie ~ "^\s*$") {
    unset req.http.Cookie;
  }

  // exclude umjobs and gospelpedia test sites
// 排除umjos和gospelpedia測試站點
  if (req.http.host ~ "domain1.org" || req.http.host ~ "domain2.org") {
    return (pass);
  }

  // exclude the cron and supercron pages
// 排除cron和supercron網頁
  if (req.url ~ "cron.php") {
    return (pass);
  }
  // exclude dynamic pages (as did Boost)
// 排除動態網頁（也是提高（處理））
  if (req.http.host ~ "domain.org" && req.url ~ "^/(user/login|user/password|user/register|logout|cart|post-blog|site-feedback|cgi-bin/webscr|redirect-home|cv-enroll|recommended-content|node/8755|node/8830|node/8351|node/8757|node/8831|cart/(.*)|uc_paypal/(.*)|civicrm/(.*)|admin/(.*)|recommended-content/(.*)|comment/reply/(.*)|node/add/(.*))" ) {
    return (pass);
  }

  // exclude in case of Referer Theme
// 排除Referer的一些主題
  if (req.http.host ~ "domain.org" && req.http.referer ~ "www.christianvolunteering.org|worldvision.christianvolunteering.org|ccda.christianvolunteering.org|www.ccda.org|www.urbanresource.net|mobile.urbanministry.org|www.ministeriourbano.com") {
    return (pass);
  }
  /* Rules to fix Moodle (thanks, gchaix!) */
// 修復Moodle規則
   // Cache Moodle theme files
//緩存Moodle主題文件
   if (req.url ~ "/pix/.*\.gif$") {
     return (lookup);
   }

    // Moodle doesn't like to be cached, passing
//Moodle主題不能緩存的就pass
    if (req.http.Cookie ~ "(MoodleSession|MoodleSessionTest)") {
      return (pass);
    }
    if (req.http.host == "www.domain.edu" && req.url ~ "^/courses") {
      return (pass);
    }
    if (req.url ~ "file.php") {
      return (pass);
    }

    // WPMU themes are not playing well with static file caching
//WPMU主題使用靜態文件緩存運行的不太好
    if (req.http.host == "domain.org" && req.url ~ "/blogs/(.*)/wp-content/themes") {
      return (pass);
    }
  /* Rules for static file caching */
  /* 靜態文件緩存規則
  // static files get served by Lighttpd
// 使用Lightted服務靜態文件
  if (req.http.host != "server2.techmission.org" && req.url ~ "\.(gif|jpg|swf|css|js|png|jpg|jpeg|gif|png|tiff|tif|svg|swf|ico|doc|ppt|pps|xls|odc|odb|odf|odg|odi|odp|ods|odt|sxc|sxd|sxi|sxw)$") {
     // Lighttpd does not require cookies
     unset req.http.Cookie;
     unset req.http.Authorization;
     set req.backend = lighttpd;
  }

  // large media files get piped directly to lighttpd, to avoid overfilling cache
// 大媒體文件直接使用pipe方式到lightted，避免緩存溢出
  if (req.url ~ "\.(mp3|mp4|m4a|ogg|mov|avi|wmv)$" && req.url !~ "audio/download") {
    set req.backend = lighttpd;
    pipe;
  }
  // pipe large media files that come from Drupal, also, but they can't go to lighty
// pipe從Drupal過來的大媒體文件，同時不去lighty
  if (req.url ~ "audio/play" || req.url ~ "audio/download") {
    pipe;
  }

}
sub vcl_hash {
  if (req.http.Cookie) {
    set req.hash += req.http.Cookie;
  }
  /* Have a separate object cache for mobile site based on User-Agent */
/* 基於User-Agent的移動網站有一個單獨的對象緩存
  if (req.http.host == "www.domain.org" && req.http.User-Agent ~ "(iPhone|iPod)") {
    set req.hash += "mobile";
  }
}
sub vcl_fetch {
  // Grace to allow varnish to serve content if backend is lagged
// 如果backend滯後，允許varnish服務內容有一個緩衝期
  set obj.grace = 5m;

  // Add line showing what cookie is once stripped by regex in vcl_recv
//在vcl_recv中通過regex增加展示cookie一次被剝奪的行
  set obj.http.X-Stripped-Cookie = req.http.Cookie;
  set obj.http.X-Request-URL = req.url;

  /* removing Set-Cookie headers that prevent caching */
 //刪除那些阻止緩存的Set-Cookie頭
  // Don't have cookies on static files (gchaix says may cause loss of session; I haven't observed that)
    if (req.url ~ "\.(gif|jpg|swf|css|js|png|jpg|jpeg|gif|png|tiff|tif|svg|swf|ico|doc|ppt|pps|xls|odc|odb|odf|odg|odi|odp|ods|odt|sxc|sxd|sxi|sxw)$") {
    remove obj.http.Set-Cookie;
  }

  // Don't set session cookie on ChristianVolunteering.org static files or pages that are same for all users
//對於（頭）ChristianVolunteering.org的靜態文件和網頁，對所有用戶不設置session cookie
    if (req.http.host ~ "christianvolunteering.org" &&
         (req.url ~ "^/$" ||
          req.url ~ "(searchform|advancedsearch|shorttermmissions|recruitvolunteers|volunteergettingstarted|virtualvolunteer|organizationsearch|abs-bible-outreach|ab*ecutive-volunteers|abs-traveling-engagement-center|churchinstructions|sitemap|city|virtual|organizationlistings|orglistings7407|technology|volunteerlistings|forgotpassword|churchvolunteer|churchvolunteering|servicetrip|region|citysitemap|searchformadv|personalitytest|groupvolunteering|disasterreliefvolunteering|disasterrelief|internships|christiangapyear|about|FAQs|bookrecommendations|contact|pre***elease|training|volunteerstart|volunteerstories|articles)\.jsp$" ||
          req.url ~ "org/org[0-9]+\.jsp$" ||
          req.url ~ "org/opp[0-9]+\.jsp$" ||
          req.url ~ "orglistings[0-9]+\.jsp$" ||
  req.url ~ "org/[^/]+\.jsp$" ||
          req.url ~ "volunteer/[^/]+\.jsp$")
        ) {
    set obj.http.Set-Cookie = regsuball(req.http.Cookie, "(^|;\s*)(JSESSIONID)=[^;]*", "");
    // Remove empty set-cookie.
    if (obj.http.Set-Cookie ~ "^\s*$") {
      unset obj.http.Set-Cookie;
    }
  }

/* ttl extensions */
/* ttl 擴展 */
// If on www.urbanministry.org or static.urbanministry.org, extend TTL by default (pt. 1)
//對於www.urbanministry.org或static.urbanministry.org，默認情況下擴展TTL
  if (req.http.host == "www.domain.org" || req.http.host == "static.domain.org") {
    set obj.http.X-TTL-Extend = "YES";
  }

  // If on cityvision.edu, but not in Moodle, or if on blazinggrace.org, but not in forums, or if on techmission.org, change obj.ttl
//如果主機頭是cityvision.edu但是不在Moodle中，或者主機頭是blazinggrace.org，但不在forums中，或者主機頭是techmission.org，更改obj.ttl
  if ((req.http.host ~ "domain.edu" && req.url !~ "/courses") || (req.http.host ~ "blazinggrace.org" && req.url !~ "/forums")  || (req.http.host ~ "techmission.org")) {
   set obj.ttl = 7d;
   set obj.http.X-Extended-TTL = "7d";
}

if (obj.status == 404) {
   set obj.ttl = 1s;
if (obj.http.X-TTL-Extend) { unset obj.http.X-TTL-Extend; }
}

  /* debugging of why a page was not cacheable */
/* debug爲什麼頁面沒有緩存 */
  if (!obj.cacheable) {
    set obj.http.X-Cacheable = "NO: Varnish says not cacheable " obj.http.X-Cacheable;
    if (obj.http.X-TTL-Extend) { unset obj.http.X-TTL-Extend; }
  }


  // exclude umjobs and gospelpedia test sites
// 排除umjobs和gospelpedia測試站點
  if (req.http.host ~ "domain1.org" || req.http.host ~ "domain2.org") {
    set obj.http.X-Cacheable = "NO: Test domain " obj.http.X-Cacheable;
    if (obj.http.X-TTL-Extend) { unset obj.http.X-TTL-Extend; }
  }

  if (obj.http.Set-Cookie) {
    set obj.http.X-Cacheable = "NO: Set-Cookie " obj.http.X-Cacheable;
    if (obj.http.X-TTL-Extend) { unset obj.http.X-TTL-Extend; }
  }

  if (req.http.Cookie ~ "DRUPAL_UID|SESS") {
    set obj.http.X-Cacheable = "NO: Got Session " obj.http.X-Cacheable;
    if (obj.http.X-TTL-Extend) { unset obj.http.X-TTL-Extend; }
  }

  if (obj.http.Cache-Control ~ "private" || obj.http.Cache-Control ~ "no-cache") {
    set obj.http.X-Cacheable = "NO: Cache-Control set to not cache " obj.http.X-Cacheable;
    if (obj.http.X-TTL-Extend) { unset obj.http.X-TTL-Extend; }
  }

  if (req.url ~ "cron.php") {
    set obj.http.X-Cacheable = "NO: Cron job " obj.http.X-Cacheable;
    if (obj.http.X-TTL-Extend) { unset obj.http.X-TTL-Extend; }
  }

  if (req.http.host ~ "domain.org" && req.url ~ "^/(user/login|user/password|user/register|logout|cart|post-blog|site-feedback|cgi-bin/webscr|redirect-home|cv-enroll|recommended-content|node/8755|node/8830|node/8351|node/8757|node/8831|cart/(.*)|uc_paypal/(.*)|civicrm/(.*)|admin/(.*)|recommended-content/(.*)|comment/reply/(.*)|node/add/(.*))" ) {
    set obj.http.X-Cacheable = "NO: Drupal un-cacheable path " obj.http.X-Cacheable;
    if (obj.http.X-TTL-Extend) { unset obj.http.X-TTL-Extend; }
  }

  if (req.http.host ~ "domain.org" && req.http.referer ~ "www.christianvolunteering.org|worldvision.christianvolunteering.org|ccda.christianvolunteering.org|www.ccda.org|www.urbanresource.net|mobile.urbanministry.org|www.ministeriourbano.com") {
    set obj.http.X-Cacheable = "NO: Referer Theme " obj.http.X-Cacheable;
    if (obj.http.X-TTL-Extend) { unset obj.http.X-TTL-Extend; }
  }

  if (req.request == "POST") {
    set obj.http.X-Cacheable = "NO: POST request " obj.http.X-Cacheable;
    if (obj.http.X-TTL-Extend) { unset obj.http.X-TTL-Extend; }
  }

  if (req.http.Authorization) {
    set obj.http.X-Cacheable = "NO: HTTP Authentication " obj.http.X-Cacheable;
    if (obj.http.X-TTL-Extend) { unset obj.http.X-TTL-Extend; }
  }

  // extend TTL for urbanministry.org objects (but not panels, views, or quicktabs); invalidation thru varnish.module + um_common.module
//爲urbaministry.org對象擴展TTL（不是面板、視圖，或者quicktabs）；經過varnish.module + um_common.module失效
  if((req.http.host == "www.domain.org" || req.http.host == "static.domain.org") && obj.http.X-TTL-Extend == "YES" && !obj.http.X-Cache-Type) {
    set obj.ttl = 7d;
    set obj.http.X-Extended-TTL = "7d";
  }

}
sub vcl_deliver {
# return (deliver);
  // add cache hit data
// 增加緩存命中數據
  if (obj.hits > 0) {
    // if hit add hit count
// 如果命中，增加命中數
    set resp.http.X-Cache = "HIT";
    set resp.http.X-Cache-Hits = obj.hits;
    // set resp.http.X-Cache-Served-URL = "SERVED " obj.http.X-Request-URL; // http headers are apparently not accessible in vcl_deliver
//在vcl_deliver中http頭明顯不可訪問
    // set resp.http.X-Cache-TTL = obj.ttl; // string representation not implemented yet (currently on 2.0.5)
  }
  else {
    set resp.http.X-Cache = "MISS";
  }
}
/* custom error subroutine - to be a little friendlier to our users */
//指定error子程序，對用戶有好些
sub vcl_error {
if(obj.status == 503) {
    set obj.http.Content-Type = "text/html; charset=utf-8";
    synthetic {"
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
  <head>
    <title>"} obj.status " " obj.response {"</title>
</head>
  <body>
    <h1>Error "} obj.status " " obj.response {"</h1>
    <p>"} obj.response {"</p>
<p>Sorry we missed you!</p>
<p>We are currently upgrading our websites to serve you better. We should be up again soon.</p>
<p>If you still receive this message 30 minutes from now, please email [email protected].</p>
    <h3>Guru Meditation:</h3>
    <p>XID: "} req.xid {"</p>
    <hr>
    <address>
       Served by <a href="http://www.varnish-cache.org/">Varnish cache server</a>
    </address>
  </body>
</html>
"};
    return (deliver);
}
elsif(obj.status == 403) {
    set obj.http.Content-Type = "text/html; charset=utf-8";
    synthetic {"
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
  <head>
    <title>"} obj.status " " obj.response {"</title>
</head>
  <body>
    <h1>Error "} obj.status " " obj.response {"</h1>
    <p>"} obj.response {"</p>
<h2>TechMission Developer Access Only</h2>
<p>This page is only accessible to our staff. Please visit our main websites www.techmission.org,www.urbanministry.org, and " title="www.christianvolunteering.org.
" style="color: rgb(2, 122, 198); font-weight: bold; text-decoration: none; ">www.christianvolunteering.org.</p>
<!-- (If you should have access to this page, edit the VCL file to grant yourself access (by adding your current IP to the ACL) and then reload the VCL.) -->
    <h3>Guru Meditation:</h3>
    <p>XID: "} req.xid {"</p>
    <hr>
    <address>
       Served by <a href="http://www.varnish-cache.org/">Varnish cache server</a>
    </address>
  </body>
</html>
"};
    return (deliver);
}
else {
    set obj.http.Content-Type = "text/html; charset=utf-8";
    synthetic {"
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
  <head>
    <title>"} obj.status " " obj.response {"</title>
</head>
  <body>
    <h1>Error "} obj.status " " obj.response {"</h1>
    <p>"} obj.response {"</p>
    <h3>Guru Meditation:</h3>
    <p>XID: "} req.xid {"</p>
    <hr>
    <address>
       Served by <a href="http://www.varnish-cache.org/">Varnish cache server</a>
    </address>
  </body>
</html>
"};
    return (deliver);
}
}

在這裏感謝 sens楊  同學對配置文檔的解釋。