diff options
Diffstat (limited to 'config')
| -rw-r--r-- | config/environment.rb | 1 | ||||
| -rw-r--r-- | config/environments/development.rb | 2 | ||||
| -rw-r--r-- | config/general.yml-example | 4 | ||||
| -rw-r--r-- | config/purge-varnish-debian.ugly | 81 | ||||
| -rw-r--r-- | config/test.yml | 1 | ||||
| -rw-r--r-- | config/varnish-alaveteli.vcl | 24 |
6 files changed, 108 insertions, 5 deletions
diff --git a/config/environment.rb b/config/environment.rb index e35194bc7..b958c6475 100644 --- a/config/environment.rb +++ b/config/environment.rb @@ -135,6 +135,7 @@ require 'i18n_fixes.rb' require 'rack_quote_monkeypatch.rb' require 'world_foi_websites.rb' require 'alaveteli_external_command.rb' +require 'quiet_opener.rb' ExceptionNotification::Notifier.sender_address = MySociety::Config::get('EXCEPTION_NOTIFICATIONS_FROM') ExceptionNotification::Notifier.exception_recipients = MySociety::Config::get('EXCEPTION_NOTIFICATIONS_TO') diff --git a/config/environments/development.rb b/config/environments/development.rb index d5f2f5772..a1e8133a8 100644 --- a/config/environments/development.rb +++ b/config/environments/development.rb @@ -1,5 +1,7 @@ # Settings specified here will take precedence over those in config/environment.rb +config.log_level = :info + # In the development environment your application's code is reloaded on # every request. This slows down response time but is perfect for development # since you don't have to restart the webserver when you make code changes. diff --git a/config/general.yml-example b/config/general.yml-example index ed04e0fd5..84980c353 100644 --- a/config/general.yml-example +++ b/config/general.yml-example @@ -142,3 +142,7 @@ EXCEPTION_NOTIFICATIONS_TO: # This rate limiting can be turned off per-user via the admin interface MAX_REQUESTS_PER_USER_PER_DAY: 6 + +# This is used to work out where to send purge requests. Should be +# unset if you aren't running behind varnish +VARNISH_HOST: localhost diff --git a/config/purge-varnish-debian.ugly b/config/purge-varnish-debian.ugly new file mode 100644 index 000000000..3e77c09c3 --- /dev/null +++ b/config/purge-varnish-debian.ugly @@ -0,0 +1,81 @@ +#!/bin/bash +# +### BEGIN INIT INFO +# Provides: purge-varnish +# Required-Start: $local_fs $syslog +# Required-Stop: $local_fs $syslog +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: purge-varnish is a daemon running the Alaveteli email alerts +# Description: purge-varnish send Alaveteli email alerts as required +### END INIT INFO +# +# !!(*= $daemon_name *)!! Start the Alaveteli email alert daemon + +NAME=!!(*= $daemon_name *)!! +DAEMON=/data/vhost/!!(*= $vhost *)!!/alaveteli/script/runner +DAEMON_ARGS="--daemon PurgeRequest.purge_all_loop" +PIDFILE=/data/vhost/!!(*= $vhost *)!!/purge-varnish.pid +LOGFILE=/data/vhost/!!(*= $vhost *)!!/logs/purge-varnish.log +DUSER=!!(*= $user *)!! + +trap "" 1 + +export PIDFILE LOGFILE + +quietly_start_daemon() { + /sbin/start-stop-daemon --quiet --start --pidfile "$PIDFILE" --chuid "$DUSER" --startas "$DAEMON" -- $DAEMON_ARGS +} + +start_daemon() { + /sbin/start-stop-daemon --start --pidfile "$PIDFILE" --chuid "$DUSER" --startas "$DAEMON" -- $DAEMON_ARGS +} + +stop_daemon() { + /sbin/start-stop-daemon --stop --oknodo --pidfile "$PIDFILE" +} + +restart() { stop; start; } + +case "$1" in + check) + quietly_start_daemon + if [ $? -ne 1 ] + then + echo "Alaveteli alert daemon was not running; now restarted" + exit 1 + else + exit 0 + fi + ;; + + start) + echo -n "Starting Alaveteli alert daemon: $NAME" + start_daemon + ;; + + stop) + echo -n "Stopping Alaveteli alert daemon: $NAME" + stop_daemon + ;; + + restart) + echo -n "Restarting Alaveteli alert daemon: $NAME" + stop_daemon + start_daemon + ;; + + *) + echo "Usage: /etc/init.d/$NAME {start|stop|restart|check}" + exit 1 + ;; +esac + +if [ $? -eq 0 ]; then + echo . + exit 0 +else + echo " failed" + exit 1 +fi + diff --git a/config/test.yml b/config/test.yml index 90689395a..c35001747 100644 --- a/config/test.yml +++ b/config/test.yml @@ -124,3 +124,4 @@ EXCEPTION_NOTIFICATIONS_TO: MAX_REQUESTS_PER_USER_PER_DAY: 2 +VARNISH_HOST: varnish.localdomain diff --git a/config/varnish-alaveteli.vcl b/config/varnish-alaveteli.vcl index 7eedf83fc..f81ec2295 100644 --- a/config/varnish-alaveteli.vcl +++ b/config/varnish-alaveteli.vcl @@ -9,12 +9,18 @@ backend default { .host = "127.0.0.1"; - .port = "80"; + .port = "3000"; .connect_timeout = 600s; .first_byte_timeout = 600s; .between_bytes_timeout = 600s; } +// set the servers alaveteli can issue a purge from +acl purge { + "localhost"; + "127.0.0.1"; +} + sub vcl_recv { # Handle IPv6 @@ -54,12 +60,13 @@ sub vcl_recv { req.request != "HEAD" && req.request != "POST" && req.request != "PUT" && + req.request != "PURGE" && req.request != "DELETE" ) { # We don't allow any other methods. error 405 "Method Not Allowed"; } - if (req.request != "GET" && req.request != "HEAD") { + if (req.request != "GET" && req.request != "HEAD" && req.request != "PURGE") { /* We only deal with GET and HEAD by default, the rest get passed direct to backend */ return (pass); } @@ -73,15 +80,21 @@ sub vcl_recv { if (req.http.Authorization || req.http.Cookie) { return (pass); } - # Let's have a little grace set req.grace = 30s; + # Handle PURGE requests + if (req.request == "PURGE") { + if (!client.ip ~ purge) { + error 405 "Not allowed."; + } + ban("obj.http.x-url ~ " + req.url); + error 200 "Banned"; + } return (lookup); } - sub vcl_fetch { - + set beresp.http.x-url = req.url; if (req.url ~ "\.(png|gif|jpg|jpeg|swf|css|js|rdf|ico|txt)(\?.*|)$") { # Ignore backend headers.. remove beresp.http.set-Cookie; @@ -94,3 +107,4 @@ sub vcl_fetch { return (deliver); } } + |