4 files changed, 119 insertions, 42 deletions
diff --git a/ansible/roles/web/files/apache-virtualhost.conf b/ansible/roles/web/files/apache-virtualhost.conf
new file mode 100644
index 0000000..d9fadbe
--- /dev/null
+++ b/ansible/roles/web/files/apache-virtualhost.conf
@@ -0,0 +1,40 @@
+<VirtualHost *:8080>
+  ServerAdmin lol@example.com
+  ServerName gondul.gathering.org
+  ServerAlias gondul.gathering.org
+
+  DocumentRoot /opt/gondul/web
+  ScriptAlias /api/write/ /opt/gondul/web/api/write/
+  ScriptAlias /api/read/ /opt/gondul/web/api/read/
+  ScriptAlias /api/public/ /opt/gondul/web/api/public/
+  <Directory "/opt/gondul/web/api/write/">
+    AllowOverride None
+    Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
+  </Directory>
+  <Directory "/opt/gondul/web/api/read/">
+    AllowOverride None
+    Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
+  </Directory>
+  <Directory "/opt/gondul/web/api/public/">
+    AllowOverride None
+    Options +ExecCGI -MultiViews +Indexes +SymLinksIfOwnerMatch
+    Require all granted
+  </Directory>
+  <Directory "/opt/gondul/web">
+    AllowOverride None
+    Options Indexes FollowSymLinks MultiViews
+    AddDefaultCharset UTF-8
+    Require all granted
+  </Directory>
+
+
+  ErrorLog /var/log/apache2/error-nms.example.com.log
+
+  # Possible values include: debug, info, notice, warn, error, crit,
+  # alert, emerg.
+  LogLevel warn
+
+  CustomLog /var/log/apache2/access-nms.example.com.log combined
+  ServerSignature On
+
+</VirtualHost>
diff --git a/ansible/roles/web/files/gondul.conf b/ansible/roles/web/files/gondul.conf
deleted file mode 100644
index 3c6de86..0000000
--- a/ansible/roles/web/files/gondul.conf
+++ /dev/null
@@ -1,42 +0,0 @@
-<VirtualHost *:80>
-        ServerAdmin lol@example.com
-        ServerName gondul.gathering.org
-        ServerAlias gondul.gathering.org
-
-        DocumentRoot /opt/gondul/web
-	ScriptAlias /api/write/ /opt/gondul/web/api/write/
-	ScriptAlias /api/read/ /opt/gondul/web/api/read/
-	ScriptAlias /api/public/ /opt/gondul/web/api/public/
-	<Directory "/opt/gondul/web/api/write/">
-		AllowOverride None
-		Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
-	</Directory>
-	<Directory "/opt/gondul/web/api/read/">
-		AllowOverride None
-		Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
-	</Directory>
-	<Directory "/opt/gondul/web/api/public/">
-		AllowOverride None
-		Options +ExecCGI -MultiViews +Indexes +SymLinksIfOwnerMatch
-		Require all granted
-	</Directory>
-        <Directory "/opt/gondul/web">
-                AllowOverride None
-                Options Indexes FollowSymLinks MultiViews
-                AddDefaultCharset UTF-8
-		Require all granted
-        </Directory>
-
-        ProxyPass "/query" "http://localhost:8086/query"
-        ProxyPassReverse "/query" "http://localhost:8086/query"
-        
-        ErrorLog /var/log/apache2/error-nms.example.com.log
-
-        # Possible values include: debug, info, notice, warn, error, crit,
-        # alert, emerg.
-        LogLevel warn
-
-        CustomLog /var/log/apache2/access-nms.example.com.log combined
-        ServerSignature On
-
-</VirtualHost>
diff --git a/ansible/roles/web/files/varnish.service b/ansible/roles/web/files/varnish.service
new file mode 100644
index 0000000..82b012f
--- /dev/null
+++ b/ansible/roles/web/files/varnish.service
@@ -0,0 +1,3 @@
+[Service]
+ExecStart=
+ExecStart=/usr/sbin/varnishd -a :80 -T localhost:6082 -f /etc/varnish/default.vcl -S /etc/varnish/secret -s malloc,256m
diff --git a/ansible/roles/web/files/varnish.vcl b/ansible/roles/web/files/varnish.vcl
new file mode 100644
index 0000000..b082971
--- /dev/null
+++ b/ansible/roles/web/files/varnish.vcl
@@ -0,0 +1,76 @@
+# vim: ts=8:expandtab:sw=4:softtabstop=4
+
+vcl 4.0;
+
+backend default {
+    .host = "localhost";
+    .port = "8080";
+}
+
+backend influx {
+    .host = "localhost";
+    .port = "8086";
+}
+
+sub vcl_recv {
+    if (req.url ~ "^/where" || req.url ~ "^/location") {
+        set req.url = "/api/public/location";
+    }
+    if (req.method != "GET" &&
+        req.method != "HEAD" &&
+        req.method != "PUT" &&
+        req.method != "POST" &&
+        req.method != "TRACE" &&
+        req.method != "OPTIONS" &&
+        req.method != "DELETE") {
+        # Vi hater alt som er gøy.
+        return (synth(418,"LOLOLOL"));
+    }
+
+    if (req.url ~ "^/query") {
+        set req.backend_hint = influx;
+    }
+
+    if (req.method != "GET" && req.method != "HEAD") {
+        /* We only deal with GET and HEAD by default */
+        return (pass);
+    }
+
+    # Brukes ikke. Cookies er for nubs.
+    unset req.http.Cookie;
+
+    # Tvinges gjennom for å cache med authorization-skrot.
+    return (hash);
+}
+
+
+# Rosa magi
+sub vcl_hash {
+    # Wheee. Legg til authorization-headeren i hashen.
+    hash_data(req.http.authorization);
+}
+
+# Mauve magi. Hva nå enn det er.
+# Dette er WIP - Skal flyttes til backend
+sub vcl_backend_response {
+    set beresp.http.x-url = bereq.url;
+    if (beresp.http.x-ban) {
+        ban("obj.http.x-url ~ " + beresp.http.x-ban);
+    }
+    if (bereq.url ~ "/query") {
+        # Let's blindly cache influx requests for 5+10s
+        set beresp.http.Cache-Control = "max-age=5";
+        unset beresp.http.Pragma;
+        set beresp.uncacheable = false;
+        set beresp.grace = 10s;
+        set beresp.ttl = 5s;
+    }
+    if (beresp.status != 200) {
+        set beresp.uncacheable = false;
+        set beresp.ttl = 5s;
+    }
+    if (bereq.url ~ "\.(html|css|js)") {
+        # Mainly for ease of development
+        set beresp.ttl = 10s;
+    }
+}