diff options
Diffstat (limited to 'config')
| -rw-r--r-- | config/boot.rb | 9 | ||||
| -rw-r--r-- | config/crontab.ugly | 5 | ||||
| -rw-r--r-- | config/environment.rb | 17 | ||||
| -rw-r--r-- | config/environments/development.rb | 3 | ||||
| -rw-r--r-- | config/environments/test.rb | 2 | ||||
| -rw-r--r-- | config/general.yml-example | 23 | ||||
| -rw-r--r-- | config/initializers/fast_gettext.rb | 1 | ||||
| -rw-r--r-- | config/initializers/session_store.rb | 2 | ||||
| -rw-r--r-- | config/initializers/strip_nil_parameters_patch.rb | 51 | ||||
| -rw-r--r-- | config/initializers/theme_loader.rb | 14 | ||||
| -rw-r--r-- | config/packages | 28 | ||||
| -rw-r--r-- | config/preinitializer.rb | 20 | ||||
| -rw-r--r-- | config/purge-varnish-debian.ugly | 81 | ||||
| -rw-r--r-- | config/routes.rb | 21 | ||||
| -rw-r--r-- | config/test.yml | 2 | ||||
| -rw-r--r-- | config/varnish-alaveteli.vcl | 24 |
16 files changed, 252 insertions, 51 deletions
diff --git a/config/boot.rb b/config/boot.rb index 0f5e661ed..906a2bace 100644 --- a/config/boot.rb +++ b/config/boot.rb @@ -6,7 +6,7 @@ # better. Look for a config/rails_env file, and read stuff from there if # it exists. Put just a line like this in there: # ENV['RAILS_ENV'] = 'production' -rails_env_file = File.join(File.dirname(__FILE__), 'rails_env.rb') +rails_env_file = File.expand_path(File.join(File.dirname(__FILE__), 'rails_env.rb')) if File.exists?(rails_env_file) require rails_env_file end @@ -46,6 +46,13 @@ module Rails class Boot def run load_initializer + + Rails::Initializer.class_eval do + def load_gems + @bundler_loaded ||= Bundler.require :default, Rails.env + end + end + Rails::Initializer.run(:set_load_path) end end diff --git a/config/crontab.ugly b/config/crontab.ugly index a22d5afd7..dc660e18f 100644 --- a/config/crontab.ugly +++ b/config/crontab.ugly @@ -13,9 +13,9 @@ MAILTO=cron-!!(*= $site *)!!@mysociety.org */5 * * * * !!(*= $user *)!! run-with-lockfile -n /data/vhost/!!(*= $vhost *)!!/change-xapian-database.lock "/data/vhost/!!(*= $vhost *)!!/!!(*= $vcspath *)!!/script/update-xapian-index verbose=true" >> /data/vhost/!!(*= $vhost *)!!/logs/update-xapian-index.log || echo "stalled?" # Every 10 minutes 5,15,25,35,45,55 * * * * !!(*= $user *)!! /etc/init.d/foi-alert-tracks check +5,15,25,35,45,55 * * * * !!(*= $user *)!! /etc/init.d/foi-purge-varnish check # Once an hour -39 * * * * !!(*= $user *)!! run-with-lockfile -n /data/vhost/!!(*= $vhost *)!!/alert-overdue-requests.lock /data/vhost/!!(*= $vhost *)!!/!!(*= $vcspath *)!!/script/alert-overdue-requests || echo "stalled?" 09 * * * * !!(*= $user *)!! run-with-lockfile -n /data/vhost/!!(*= $vhost *)!!/alert-comment-on-request.lock /data/vhost/!!(*= $vhost *)!!/!!(*= $vcspath *)!!/script/alert-comment-on-request || echo "stalled?" # Only root can read the exim log files @@ -23,7 +23,8 @@ MAILTO=cron-!!(*= $site *)!!@mysociety.org # Once a day, early morning 23 4 * * * !!(*= $user *)!! run-with-lockfile -n /data/vhost/!!(*= $vhost *)!!/delete-old-things.lock /data/vhost/!!(*= $vhost *)!!/!!(*= $vcspath *)!!/script/delete-old-things || echo "stalled?" -0 8 * * * !!(*= $user *)!! run-with-lockfile -n /data/vhost/!!(*= $vhost *)!!/alert-new-response-reminders.lock /data/vhost/!!(*= $vhost *)!!/!!(*= $vcspath *)!!/script/alert-new-response-reminders || echo "stalled?" +0 6 * * * !!(*= $user *)!! run-with-lockfile -n /data/vhost/!!(*= $vhost *)!!/alert-overdue-requests.lock /data/vhost/!!(*= $vhost *)!!/!!(*= $vcspath *)!!/script/alert-overdue-requests || echo "stalled?" +0 7 * * * !!(*= $user *)!! run-with-lockfile -n /data/vhost/!!(*= $vhost *)!!/alert-new-response-reminders.lock /data/vhost/!!(*= $vhost *)!!/!!(*= $vcspath *)!!/script/alert-new-response-reminders || echo "stalled?" 0 8 * * * !!(*= $user *)!! run-with-lockfile -n /data/vhost/!!(*= $vhost *)!!/alert-not-clarified-request.lock /data/vhost/!!(*= $vhost *)!!/!!(*= $vcspath *)!!/script/alert-not-clarified-request || echo "stalled?" 2 4 * * * !!(*= $user *)!! run-with-lockfile -n /data/vhost/!!(*= $vhost *)!!/check-recent-requests-sent.lock /data/vhost/!!(*= $vhost *)!!/!!(*= $vcspath *)!!/script/check-recent-requests-sent || echo "stalled?" 45 3 * * * !!(*= $user *)!! run-with-lockfile -n /data/vhost/!!(*= $vhost *)!!/stop-new-responses-on-old-requests.lock /data/vhost/!!(*= $vhost *)!!/!!(*= $vcspath *)!!/script/stop-new-responses-on-old-requests || echo "stalled?" diff --git a/config/environment.rb b/config/environment.rb index f2164f1c8..b958c6475 100644 --- a/config/environment.rb +++ b/config/environment.rb @@ -17,12 +17,8 @@ $:.push(File.join(File.dirname(__FILE__), '../commonlib/rblib')) # (type "git submodule update --init" in the whatdotheyknow directory) # ruby-ole and ruby-msg. We use a custom ruby-msg to avoid a name conflict -$:.unshift(File.join(File.dirname(__FILE__), '../vendor/ruby-ole/lib')) -$:.unshift(File.join(File.dirname(__FILE__), '../vendor/ruby-msg/lib')) $:.unshift(File.join(File.dirname(__FILE__), '../vendor/plugins/globalize2/lib')) -require 'memcache' - load "validate.rb" load "config.rb" load "format.rb" @@ -53,7 +49,7 @@ Rails::Initializer.run do |config| # config.plugins = %W( exception_notification ssl_requirement ) # Add additional load paths for your own custom dirs - # config.load_paths += %W( #{RAILS_ROOT}/extras ) + # config.load_paths += %W( #{Rails.root}/extras ) # Force all environments to use the same logger level # (by default production uses :info, the others :debug) @@ -61,16 +57,6 @@ Rails::Initializer.run do |config| # config.log_level = :debug # # Specify gems that this application depends on and have them installed with rake gems:install - config.gem "locale", :version => '>=2.0.5' - config.gem "gettext", :version => '>=1.9.3' - config.gem "fast_gettext", :version => '>=0.4.8' - config.gem "rack", :version => '1.1.0' - config.gem "rdoc", :version => '>=2.4.3' - config.gem "recaptcha", :lib => "recaptcha/rails" - config.gem 'rspec', :lib => false, :version => '1.3.1' - config.gem 'rspec-rails', :lib => false, :version => '1.3.3' - config.gem 'routing-filter' - config.gem 'will_paginate', :version => '~> 2.3.11', :source => 'http://gemcutter.org' #GettextI18nRails.translations_are_html_safe = true # Use SQL instead of Active Record's schema dumper when creating the test database. @@ -149,6 +135,7 @@ require 'i18n_fixes.rb' require 'rack_quote_monkeypatch.rb' require 'world_foi_websites.rb' require 'alaveteli_external_command.rb' +require 'quiet_opener.rb' ExceptionNotification::Notifier.sender_address = MySociety::Config::get('EXCEPTION_NOTIFICATIONS_FROM') ExceptionNotification::Notifier.exception_recipients = MySociety::Config::get('EXCEPTION_NOTIFICATIONS_TO') diff --git a/config/environments/development.rb b/config/environments/development.rb index d5f2f5772..cfb727695 100644 --- a/config/environments/development.rb +++ b/config/environments/development.rb @@ -1,5 +1,7 @@ # Settings specified here will take precedence over those in config/environment.rb +config.log_level = :info + # In the development environment your application's code is reloaded on # every request. This slows down response time but is perfect for development # since you don't have to restart the webserver when you make code changes. @@ -15,6 +17,7 @@ config.action_view.debug_rjs = true # Don't care if the mailer can't send config.action_mailer.raise_delivery_errors = false +config.action_mailer.perform_deliveries = false config.action_mailer.delivery_method = :sendmail # so is queued, rather than giving immediate errors # Writes useful log files to debug memory leaks, of the sort where have diff --git a/config/environments/test.rb b/config/environments/test.rb index be28c3df6..32dc2b1ec 100644 --- a/config/environments/test.rb +++ b/config/environments/test.rb @@ -19,8 +19,6 @@ config.action_controller.perform_caching = false # The :test delivery method accumulates sent emails in the # ActionMailer::Base.deliveries array. config.action_mailer.delivery_method = :test -config.gem 'rspec-rails', :version => '>= 1.3.3', :lib => false unless File.directory?(File.join(Rails.root, 'vendor/plugins/rspec-rails')) -config.gem 'fakeweb', :version => '>=1.3.0' # Disable request forgery protection in test environment config.action_controller.allow_forgery_protection = false diff --git a/config/general.yml-example b/config/general.yml-example index ed04e0fd5..019eb7ada 100644 --- a/config/general.yml-example +++ b/config/general.yml-example @@ -1,7 +1,7 @@ # general.yml-example: # Example values for the "general" config file. # -# Configuration parameters, in YAML syntax. +# Configuration parameters, in YAML syntax. # # Copy this file to one called "general.yml" in the same directory. Or # have multiple config files and use a symlink to change between them. @@ -34,8 +34,12 @@ SPECIAL_REPLY_VERY_LATE_AFTER_DAYS: 60 # example public bodies for the home page, semicolon delimited - short_names FRONTPAGE_PUBLICBODY_EXAMPLES: 'tgq' -# URL of theme to install (when running rails-post-deploy script) -THEME_URL: 'git://github.com/sebbacon/alavetelitheme.git' +# URLs of themes to download and use (when running rails-post-deploy +# script). Earlier in the list means the templates have a higher +# priority. +THEME_URLS: + - 'git://github.com/sebbacon/adminbootstraptheme.git' + - 'git://github.com/sebbacon/alavetelitheme.git' # Whether a user needs to sign in to start the New Request process FORCE_REGISTRATION_ON_NEW_REQUEST: false @@ -56,10 +60,13 @@ BLACKHOLE_PREFIX: 'do-not-reply-to-this-address' ## Administration -# Leave these two blank to skip admin authorisation +# The emergency user ADMIN_USERNAME: 'adminxxxx' ADMIN_PASSWORD: 'passwordx' +# Set this to true, and the admin interface will be available to anonymous users +SKIP_ADMIN_AUTH: false + # Email "from" details CONTACT_EMAIL: 'postmaster@localhost' CONTACT_NAME: 'Alaveteli Webmaster' @@ -142,3 +149,11 @@ EXCEPTION_NOTIFICATIONS_TO: # This rate limiting can be turned off per-user via the admin interface MAX_REQUESTS_PER_USER_PER_DAY: 6 + + +# This is used to work out where to send purge requests. Should be +# unset if you aren't running behind varnish +VARNISH_HOST: localhost + +# Adding a value here will enable Google Analytics on all non-admin pages. +GA_CODE: '' diff --git a/config/initializers/fast_gettext.rb b/config/initializers/fast_gettext.rb index 63cf6b50d..9049fd8ed 100644 --- a/config/initializers/fast_gettext.rb +++ b/config/initializers/fast_gettext.rb @@ -1,2 +1,3 @@ +Encoding.default_external = 'UTF-8' if RUBY_VERSION.to_f >= 1.9 FastGettext.add_text_domain 'app', :path => File.join(Rails.root, 'locale'), :type => :po FastGettext.default_text_domain = 'app' diff --git a/config/initializers/session_store.rb b/config/initializers/session_store.rb index 9ef2dddc1..bf40e99c1 100644 --- a/config/initializers/session_store.rb +++ b/config/initializers/session_store.rb @@ -12,6 +12,6 @@ ActionController::Base.session = { ActionController::Base.session_store = :cookie_store # Insert a bit of middleware code to prevent uneeded cookie setting. -require "#{RAILS_ROOT}/lib/whatdotheyknow/strip_empty_sessions" +require "#{Rails.root}/lib/whatdotheyknow/strip_empty_sessions" ActionController::Dispatcher.middleware.insert_before ActionController::Base.session_store, WhatDoTheyKnow::StripEmptySessions, :key => '_wdtk_cookie_session', :path => "/", :httponly => true diff --git a/config/initializers/strip_nil_parameters_patch.rb b/config/initializers/strip_nil_parameters_patch.rb new file mode 100644 index 000000000..35d0a28c5 --- /dev/null +++ b/config/initializers/strip_nil_parameters_patch.rb @@ -0,0 +1,51 @@ +# Stolen from https://raw.github.com/mysociety/fixmytransport/fa9b014eb2628c300693e055f129cb8959772082/config/initializers/strip_nil_parameters_patch.rb + +# Monkey patch for CVE-2012-2660 on Rails 2.3.14 + +# Strip [nil] from parameters hash +# based on a pull request from @sebbacon +# https://github.com/rails/rails/pull/6580 + +module ActionController + class Request < Rack::Request + protected + def deep_munge(hash) + hash.each_value do |v| + case v + when Array + v.grep(Hash) { |x| deep_munge(x) } + when Hash + deep_munge(v) + end + end + + keys = hash.keys.find_all { |k| hash[k] == [nil] } + keys.each { |k| hash[k] = nil } + hash + end + + private + + def normalize_parameters(value) + case value + when Hash + if value.has_key?(:tempfile) + upload = value[:tempfile] + upload.extend(UploadedFile) + upload.original_path = value[:filename] + upload.content_type = value[:type] + upload + else + h = {} + value.each { |k, v| h[k] = normalize_parameters(v) } + deep_munge(h.with_indifferent_access) + end + when Array + value.map { |e| normalize_parameters(e) } + else + value + end + end + + end +end diff --git a/config/initializers/theme_loader.rb b/config/initializers/theme_loader.rb new file mode 100644 index 000000000..8908dc07e --- /dev/null +++ b/config/initializers/theme_loader.rb @@ -0,0 +1,14 @@ +# This is a global array of route extensions. Alaveteli modules may add to it. +# It is used by our config/routes.rb to decide which route extension files to load. +$alaveteli_route_extensions = [] + +theme_urls = MySociety::Config.get("THEME_URLS", []) +if ENV["RAILS_ENV"] != "test" # Don't let the themes interfere with Alaveteli specs + for url in theme_urls.reverse + theme_name = url.sub(/.*\/(.*).git/, "\\1") + theme_main_include = File.expand_path "../../../vendor/plugins/#{theme_name}/lib/alavetelitheme.rb", __FILE__ + if File.exists? theme_main_include + require theme_main_include + end + end +end diff --git a/config/packages b/config/packages index 76a5c29d6..b59c61b47 100644 --- a/config/packages +++ b/config/packages @@ -2,13 +2,12 @@ # mysociety deployment infrastructure -- please discuss on the # alavateli mailing list if you want to change it ruby1.8 -libpgsql-ruby1.8 -libopenssl-ruby1.8 -rake (>= 0.8.4-1) +ruby +libopenssl-ruby1.8 # needed for Ubuntu 10.04 TLS; included in libruby1.8 in Squeeze +rdoc irb wv poppler-utils -# poppler-utils (>= 0.12.0) # this is much better when it is available in Debian stable pdftk (> 1.41+dfsg-1) | pdftk (< 1.41+dfsg-1) # that version has a non-functionining uncompress option gs-gpl catdoc @@ -16,29 +15,22 @@ links elinks unrtf xlhtml -libxapian-ruby1.8 xapian-tools gnuplot-nox php5-cli -# ttf-bitstream-vera sharutils unzip -libzip-ruby1.8 -libzlib-ruby -mahoro-ruby1.8 | libmahoro-ruby1.8 wdg-html-validator -# libapache2-mod-passenger mutt -librack-ruby1.8 (>= 1.0.1-1) -librmagick-ruby1.8 -libxml-simple-ruby -libfcgi-ruby1.8 -vpim tnef (>= 1.4.5) -libmemcache-client-ruby (>= 1.7.8-2) memcached -rubygems -libfcgi-dev gettext python-yaml wkhtmltopdf-static +libmagic-dev +libmagickwand-dev +libpq-dev +uuid-dev +ruby1.8-dev +build-essential +bundler diff --git a/config/preinitializer.rb b/config/preinitializer.rb new file mode 100644 index 000000000..3ad02415d --- /dev/null +++ b/config/preinitializer.rb @@ -0,0 +1,20 @@ +begin + require "rubygems" + require "bundler" +rescue LoadError + raise "Could not load the bundler gem. Install it with `gem install bundler`." +end + +if Gem::Version.new(Bundler::VERSION) <= Gem::Version.new("0.9.24") + raise RuntimeError, "Your bundler version is too old for Rails 2.3." + + "Run `gem install bundler` to upgrade." +end + +begin + # Set up load paths for all bundled gems + ENV["BUNDLE_GEMFILE"] = File.expand_path("../../Gemfile", __FILE__) + Bundler.setup +rescue Bundler::GemNotFound + raise RuntimeError, "Bundler couldn't find some gems." + + "Did you run `bundle install`?" +end diff --git a/config/purge-varnish-debian.ugly b/config/purge-varnish-debian.ugly new file mode 100644 index 000000000..1a9259da8 --- /dev/null +++ b/config/purge-varnish-debian.ugly @@ -0,0 +1,81 @@ +#!/bin/bash +# +### BEGIN INIT INFO +# Provides: purge-varnish +# Required-Start: $local_fs $syslog +# Required-Stop: $local_fs $syslog +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: purge-varnish is a daemon purging the Alaveteli varnish cache +# Description: purge-varnish purge the Alaveteli varnish cache +### END INIT INFO +# +# !!(*= $daemon_name *)!! Start the Alaveteli email purge-varnish daemon + +NAME=!!(*= $daemon_name *)!! +DAEMON=/data/vhost/!!(*= $vhost *)!!/alaveteli/script/runner +DAEMON_ARGS="--daemon PurgeRequest.purge_all_loop" +PIDFILE=/data/vhost/!!(*= $vhost *)!!/purge-varnish.pid +LOGFILE=/data/vhost/!!(*= $vhost *)!!/logs/purge-varnish.log +DUSER=!!(*= $user *)!! + +trap "" 1 + +export PIDFILE LOGFILE + +quietly_start_daemon() { + /sbin/start-stop-daemon --quiet --start --pidfile "$PIDFILE" --chuid "$DUSER" --startas "$DAEMON" -- $DAEMON_ARGS +} + +start_daemon() { + /sbin/start-stop-daemon --start --pidfile "$PIDFILE" --chuid "$DUSER" --startas "$DAEMON" -- $DAEMON_ARGS +} + +stop_daemon() { + /sbin/start-stop-daemon --stop --oknodo --pidfile "$PIDFILE" +} + +restart() { stop; start; } + +case "$1" in + check) + quietly_start_daemon + if [ $? -ne 1 ] + then + echo "Alaveteli purge-varnish daemon was not running; now restarted" + exit 1 + else + exit 0 + fi + ;; + + start) + echo -n "Starting Alaveteli purge-varnish daemon: $NAME" + start_daemon + ;; + + stop) + echo -n "Stopping Alaveteli purge-varnish daemon: $NAME" + stop_daemon + ;; + + restart) + echo -n "Restarting Alaveteli purge-varnish daemon: $NAME" + stop_daemon + start_daemon + ;; + + *) + echo "Usage: /etc/init.d/$NAME {start|stop|restart|check}" + exit 1 + ;; +esac + +if [ $? -eq 0 ]; then + echo . + exit 0 +else + echo " failed" + exit 1 +fi + diff --git a/config/routes.rb b/config/routes.rb index fa387a106..814deb760 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -6,6 +6,11 @@ # # $Id: routes.rb,v 1.92 2009-10-14 22:01:27 francis Exp $ +# Allow easy extension from themes. Note these will have the highest priority. +$alaveteli_route_extensions.each do |f| + load File.join('config', f) +end + ActionController::Routing::Routes.draw do |map| # The priority is based upon order of creation: first created -> highest priority. @@ -14,14 +19,12 @@ ActionController::Routing::Routes.draw do |map| # map.connect 'products/:id', :controller => 'catalog', :action => 'view' # Keep in mind you can assign values other than :controller and :action - # Allow easy extension from themes. Note these will have the highest priority. - require File.join('config', 'custom-routes') - map.with_options :controller => 'general' do |general| general.frontpage '/', :action => 'frontpage' general.blog '/blog', :action => 'blog' general.custom_css '/stylesheets/custom.css', :action => 'custom_css' general.search_redirect '/search', :action => 'search_redirect' + general.search_redirect '/search/all', :action => 'search_redirect' # XXX combined is the search query, and then if sorted a "/newest" at the end. # Couldn't find a way to do this in routes which also picked up multiple other slashes # and dots and other characters that can appear in search query. So we sort it all @@ -65,6 +68,13 @@ ActionController::Routing::Routes.draw do |map| request.upload_response "/upload/request/:url_title", :action => 'upload_response' request.download_entire_request '/request/:url_title/download', :action => 'download_entire_request' + + # It would be nice to add :conditions => { :method => :post } to this next one, + # because it ought not really to be available as a GET request since it changes + # the server state. Unfortunately this doesn’t play well with the PostRedirect + # mechanism, which assumes all post-login actions are available via GET, so we + # refrain. + request.report '/request/:url_title/report', :action => 'report_request' end @@ -80,6 +90,7 @@ ActionController::Routing::Routes.draw do |map| user.show_user '/user/:url_name.:format', :action => 'show' user.show_user_profile '/user/:url_name/profile.:format', :action => 'show', :view => 'profile' user.show_user_requests '/user/:url_name/requests.:format', :action => 'show', :view => 'requests' + user.show_user_wall '/user/:url_name/wall.:format', :action => 'wall' user.contact_user '/user/contact/:id', :action => 'contact' user.signchangepassword '/profile/change_password', :action => 'signchangepassword' @@ -90,7 +101,7 @@ ActionController::Routing::Routes.draw do |map| user.get_profile_photo '/user/:url_name/photo.png', :action => 'get_profile_photo' user.get_draft_profile_photo '/profile/draft_photo/:id.png', :action => 'get_draft_profile_photo' user.set_profile_about_me '/profile/set_about_me', :action => 'set_profile_about_me' - + user.set_receive_email_alerts '/profile/set_receive_alerts', :action => 'set_receive_email_alerts' user.river '/profile/river', :action => 'river' end @@ -117,6 +128,7 @@ ActionController::Routing::Routes.draw do |map| map.with_options :controller => 'services' do |service| service.other_country_message "/country_message", :action => 'other_country_message' + service.hidden_user_explanation "/hidden_user_explanation", :action => 'hidden_user_explanation' end map.with_options :controller => 'track' do |track| @@ -200,6 +212,7 @@ ActionController::Routing::Routes.draw do |map| admin.admin_request_show_raw_email '/admin/request/show_raw_email/:id', :action => 'show_raw_email' admin.admin_request_download_raw_email '/admin/request/download_raw_email/:id', :action => 'download_raw_email' admin.admin_request_clarification '/admin/request/mark_event_as_clarification', :action => 'mark_event_as_clarification' + admin.admin_request_hide '/admin/request/hide/:id', :action => 'hide_request' end map.with_options :controller => 'admin_user' do |user| diff --git a/config/test.yml b/config/test.yml index 90689395a..460d7c6c1 100644 --- a/config/test.yml +++ b/config/test.yml @@ -124,3 +124,5 @@ EXCEPTION_NOTIFICATIONS_TO: MAX_REQUESTS_PER_USER_PER_DAY: 2 +VARNISH_HOST: varnish.localdomain +SKIP_ADMIN_AUTH: true
\ No newline at end of file diff --git a/config/varnish-alaveteli.vcl b/config/varnish-alaveteli.vcl index 7eedf83fc..452a956da 100644 --- a/config/varnish-alaveteli.vcl +++ b/config/varnish-alaveteli.vcl @@ -15,6 +15,12 @@ backend default { .between_bytes_timeout = 600s; } +// set the servers alaveteli can issue a purge from +acl purge { + "localhost"; + "127.0.0.1"; +} + sub vcl_recv { # Handle IPv6 @@ -54,12 +60,13 @@ sub vcl_recv { req.request != "HEAD" && req.request != "POST" && req.request != "PUT" && + req.request != "PURGE" && req.request != "DELETE" ) { # We don't allow any other methods. error 405 "Method Not Allowed"; } - if (req.request != "GET" && req.request != "HEAD") { + if (req.request != "GET" && req.request != "HEAD" && req.request != "PURGE") { /* We only deal with GET and HEAD by default, the rest get passed direct to backend */ return (pass); } @@ -73,15 +80,23 @@ sub vcl_recv { if (req.http.Authorization || req.http.Cookie) { return (pass); } - # Let's have a little grace set req.grace = 30s; + # Handle PURGE requests + if (req.request == "PURGE") { + if (!client.ip ~ purge) { + error 405 "Not allowed."; + } + # XXX in Varnish 2.x, the following would be + # purge("obj.http.x-url ~ " req.url); + ban("obj.http.x-url ~ " + req.url); + error 200 "Banned"; + } return (lookup); } - sub vcl_fetch { - + set beresp.http.x-url = req.url; if (req.url ~ "\.(png|gif|jpg|jpeg|swf|css|js|rdf|ico|txt)(\?.*|)$") { # Ignore backend headers.. remove beresp.http.set-Cookie; @@ -94,3 +109,4 @@ sub vcl_fetch { return (deliver); } } + |