Example varnish and hitch config (#2655)
Varnish is a http caching server, hitch is a tls terminating proxy.
This commit is contained in:
parent
0d705aa549
commit
1bd291c7fe
32
contrib/varnish/hitch.conf
Normal file
32
contrib/varnish/hitch.conf
Normal file
@ -0,0 +1,32 @@
|
|||||||
|
# Run 'man hitch.conf' for a description of all options.
|
||||||
|
|
||||||
|
frontend = {
|
||||||
|
host = "*"
|
||||||
|
port = "443"
|
||||||
|
}
|
||||||
|
backend = "[127.0.0.1]:8443"
|
||||||
|
workers = 4 # number of CPU cores
|
||||||
|
|
||||||
|
daemon = on
|
||||||
|
|
||||||
|
# We strongly recommend you create a separate non-privileged hitch
|
||||||
|
# user and group
|
||||||
|
user = "hitch"
|
||||||
|
group = "hitch"
|
||||||
|
|
||||||
|
# Enable to let clients negotiate HTTP/2 with ALPN. (default off)
|
||||||
|
# alpn-protos = "h2, http/1.1"
|
||||||
|
|
||||||
|
# run Varnish as backend over PROXY; varnishd -a :80 -a localhost:6086,PROXY ..
|
||||||
|
write-proxy-v2 = on # Write PROXY header
|
||||||
|
|
||||||
|
## ssl config
|
||||||
|
pem-dir = "/etc/tls/private"
|
||||||
|
tls-protos = TLSv1.2 TLSv1.3
|
||||||
|
# ocsp
|
||||||
|
ocsp-dir = "/etc/hitch/ocsp"
|
||||||
|
ocsp-verify-staple = on
|
||||||
|
|
||||||
|
syslog = on
|
||||||
|
log-level = 1
|
||||||
|
tcp-fastopen = on
|
38
contrib/varnish/vanish.vcl
Normal file
38
contrib/varnish/vanish.vcl
Normal file
@ -0,0 +1,38 @@
|
|||||||
|
vcl 4.0;
|
||||||
|
|
||||||
|
backend default {
|
||||||
|
.host = "localhost";
|
||||||
|
.port = "8080";
|
||||||
|
}
|
||||||
|
|
||||||
|
sub vcl_recv {
|
||||||
|
# Implementing websocket support (https://www.varnish-cache.org/docs/4.0/users-guide/vcl-example-websockets.html)
|
||||||
|
if (req.http.Upgrade ~ "(?i)websocket") {
|
||||||
|
return (pipe);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
sub vcl_pipe {
|
||||||
|
if (req.http.upgrade) {
|
||||||
|
set bereq.http.upgrade = req.http.upgrade;
|
||||||
|
set bereq.http.connection = req.http.connection;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
sub vcl_backend_response {
|
||||||
|
# Set 1s ttl if origin response HTTP status code is anything other than 200
|
||||||
|
if (beresp.status != 200) {
|
||||||
|
set beresp.ttl = 1s;
|
||||||
|
set beresp.uncacheable = true;
|
||||||
|
return (deliver);
|
||||||
|
}
|
||||||
|
if (bereq.url ~ "m3u8") {
|
||||||
|
# assuming chunks are 2 seconds long
|
||||||
|
set beresp.ttl = 1s;
|
||||||
|
set beresp.grace = 0s;
|
||||||
|
}
|
||||||
|
if (bereq.url ~ "ts") {
|
||||||
|
set beresp.ttl = 10m;
|
||||||
|
set beresp.grace = 5m;
|
||||||
|
}
|
||||||
|
}
|
Loading…
Reference in New Issue
Block a user