diff options
| -rw-r--r-- | app/views/request/show.rhtml | 4 | ||||
| -rw-r--r-- | config/varnish-alaveteli.vcl | 96 | ||||
| -rw-r--r-- | doc/INSTALL.md | 3 |
3 files changed, 101 insertions, 2 deletions
diff --git a/app/views/request/show.rhtml b/app/views/request/show.rhtml index 7c3f79368..1993ee6b2 100644 --- a/app/views/request/show.rhtml +++ b/app/views/request/show.rhtml @@ -1,4 +1,4 @@ -<% @title = h(@info_request.title) %> +<% @title = "#{h(@info_request.title)} - a Freedom of Information request to #{h(@info_request.public_body.name)}" %> <% if @info_request.prominence == 'hidden' %> <p id="hidden_request"> @@ -23,7 +23,7 @@ <%= render :partial => 'sidebar' %> <div id="request_main"> - <h1><%=@title%></h1> + <h1><%=h(@info_request.title)%></h1> <% if @info_request.user.profile_photo %> <p class="user_photo_on_request"> diff --git a/config/varnish-alaveteli.vcl b/config/varnish-alaveteli.vcl new file mode 100644 index 000000000..3312c381b --- /dev/null +++ b/config/varnish-alaveteli.vcl @@ -0,0 +1,96 @@ +# This is a sample VCL configuration file for varnish running in front +# of Alaveteli. See the vcl(7) man page for details on VCL syntax and +# semantics. + +# +# Default backend definition. Set this to point to your content +# server. In this case, apache + Passenger running on port 80 +# + +backend default { + .host = "127.0.0.1"; + .port = "80"; + .connect_timeout = 600s; + .first_byte_timeout = 600s; + .between_bytes_timeout = 600s; +} + +sub vcl_recv { + + # Handle IPv6 + if (req.http.Host ~ "^ipv6.*") { + set req.http.host = regsub(req.http.host, "^ipv6\.(.*)","www\.\1"); + } + + + # Sanitise X-Forwarded-For... + remove req.http.X-Forwarded-For; + set req.http.X-Forwarded-For = client.ip; + + # Remove has_js and Google Analytics cookies. + set req.http.Cookie = regsuball(req.http.Cookie, "(^|;\s*)(__[a-z]+|has_js)=[^;]*", ""); + + # Normalize the Accept-Encoding header + if (req.http.Accept-Encoding) { + if (req.url ~ "\.(jpg|jpeg|png|gif|gz|tgz|bz2|tbz|mp3|ogg|swf|flv|pdf|ico)$") { + # No point in compressing these + remove req.http.Accept-Encoding; + } elsif (req.http.Accept-Encoding ~ "gzip") { + set req.http.Accept-Encoding = "gzip"; + } elsif (req.http.Accept-Encoding ~ "deflate") { + set req.http.Accept-Encoding = "deflate"; + } else { + # unknown algorithm + remove req.http.Accept-Encoding; + } + } + + # Ignore empty cookies + if (req.http.Cookie ~ "^\s*$") { + remove req.http.Cookie; + } + + if (req.request != "GET" && + req.request != "HEAD" && + req.request != "POST" && + req.request != "PUT" && + req.request != "DELETE" ) { + # We don't allow any other methods. + error 405 "Method Not Allowed"; + } + + if (req.request != "GET" && req.request != "HEAD") { + /* We only deal with GET and HEAD by default, the rest get passed direct to backend */ + return (pass); + } + + # Ignore Cookies on images... + if (req.url ~ "\.(png|gif|jpg|jpeg|swf|css|js|rdf|ico|txt)(\?.*|)$") { + remove req.http.Cookie; + return (lookup); + } + + if (req.http.Authorization || req.http.Cookie) { + return (pass); + } + + # Let's have a little grace + set req.grace = 30s; + return (lookup); +} + + +sub vcl_fetch { + + if (req.url ~ "\.(png|gif|jpg|jpeg|swf|css|js|rdf|ico|txt)(\?.*|)$") { + # Ignore backend headers.. + remove beresp.http.set-Cookie; + set beresp.ttl = 3600s; + return (deliver); + } + + if (beresp.status == 404 || beresp.status == 301 || beresp.status == 500) { + set beresp.ttl = 1m; + return (deliver); + } +} diff --git a/doc/INSTALL.md b/doc/INSTALL.md index 19f31fc40..e6f7caec7 100644 --- a/doc/INSTALL.md +++ b/doc/INSTALL.md @@ -230,6 +230,9 @@ http://rubyonrails.org/deploy We usually use Passenger / mod_rails. +Under all but light loads, it is strongly recommended to run the +server behind an http accelerator like Varnish. A sample varnish VCL +is supplied in `../conf/varnish-alaveteli.vcl`. # Troubleshooting |