Actions
Feature #4489
closedAdd Varnish 4 Plugin
Status:
Needs Patch
Priority:
Normal
Assignee:
-
Category:
-
Target version:
-
Start date:
03/05/2015
Due date:
% Done:
0%
Estimated time:
Plus Target Version:
Description
I request we add an plugin for www/varnish4 (added to the ports tree 3/3/2015).
VCL changes from varnish3 to varnish4 are noted here.
https://www.varnish-cache.org/docs/trunk/whats-new/upgrading.html#changes-to-vcl
- varnish4, by default, handles compression accept-encoding sanely. https://www.varnish-cache.org/docs/trunk/users-guide/compression.html We should remove the option to "Fix gzip compression" and instead have a dropdown to..
- let backends handle compression (default)
- always compress content (https://www.varnish-cache.org/docs/trunk/users-guide/compression.html#compressing-content-if-backends-don-t)
- always uncompress content (https://www.varnish-cache.org/docs/trunk/users-guide/compression.html#uncompressing-content-before-entering-the-cache)
- varnish4 sets X-Forward-For before vcl_recv.
- The option "SSL Offload server ACL" should overwrite the X-Forwarded-For header instead of X-Forwarded-Varnish, and it no longer needs to set anything using the client.ip. I don't know who actually uses X-Forwarded-Varnish, but x-Forwarded-For is the current norm, and makes things simpler because that's what varnish4 has built in.
- We should also have an option to unset the X-Forwarded-Proto header if not coming from the trusted "SSL Offload server ACL"
- We might want to add the X-Forwarded-Proto header to the vcl_hash for non-text objects. This way we don't serve an HTML/JS/CSS page with mixed content for a site that allows both HTTP and HTTPS access.
if (req.http.X-Forwarded-Proto && !req.url ~ "\.(zip|pdf|rtf|flv|swf|gif|jpg|jpeg|bmp|png|ico|img|tga|wmf|mp3|ogg)$") { hash_data(req.http.X-Forwarded-Proto); }
- We should add a "Purge ACL" option. Enabling purging in varnish4 is described here. https://www.varnish-cache.org/docs/trunk/users-guide/purging.html#http-purging
Tell me if you need any help making this feature request a reality. Thanks!
Actions