From 6659dddc6dddcead1ea5d2535ba879eead66332d Mon Sep 17 00:00:00 2001 From: "Ole Mathias Aa. Heggem" Date: Tue, 23 Jan 2018 22:22:10 +0100 Subject: Added varnish to ansible job --- ansible/roles/web/files/apache-virtualhost.conf | 40 +++++++++++++ ansible/roles/web/files/gondul.conf | 42 -------------- ansible/roles/web/files/varnish.service | 3 + ansible/roles/web/files/varnish.vcl | 76 +++++++++++++++++++++++++ 4 files changed, 119 insertions(+), 42 deletions(-) create mode 100644 ansible/roles/web/files/apache-virtualhost.conf delete mode 100644 ansible/roles/web/files/gondul.conf create mode 100644 ansible/roles/web/files/varnish.service create mode 100644 ansible/roles/web/files/varnish.vcl (limited to 'ansible/roles/web/files') diff --git a/ansible/roles/web/files/apache-virtualhost.conf b/ansible/roles/web/files/apache-virtualhost.conf new file mode 100644 index 0000000..d9fadbe --- /dev/null +++ b/ansible/roles/web/files/apache-virtualhost.conf @@ -0,0 +1,40 @@ + + ServerAdmin lol@example.com + ServerName gondul.gathering.org + ServerAlias gondul.gathering.org + + DocumentRoot /opt/gondul/web + ScriptAlias /api/write/ /opt/gondul/web/api/write/ + ScriptAlias /api/read/ /opt/gondul/web/api/read/ + ScriptAlias /api/public/ /opt/gondul/web/api/public/ + + AllowOverride None + Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch + + + AllowOverride None + Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch + + + AllowOverride None + Options +ExecCGI -MultiViews +Indexes +SymLinksIfOwnerMatch + Require all granted + + + AllowOverride None + Options Indexes FollowSymLinks MultiViews + AddDefaultCharset UTF-8 + Require all granted + + + + ErrorLog /var/log/apache2/error-nms.example.com.log + + # Possible values include: debug, info, notice, warn, error, crit, + # alert, emerg. + LogLevel warn + + CustomLog /var/log/apache2/access-nms.example.com.log combined + ServerSignature On + + diff --git a/ansible/roles/web/files/gondul.conf b/ansible/roles/web/files/gondul.conf deleted file mode 100644 index 3c6de86..0000000 --- a/ansible/roles/web/files/gondul.conf +++ /dev/null @@ -1,42 +0,0 @@ - - ServerAdmin lol@example.com - ServerName gondul.gathering.org - ServerAlias gondul.gathering.org - - DocumentRoot /opt/gondul/web - ScriptAlias /api/write/ /opt/gondul/web/api/write/ - ScriptAlias /api/read/ /opt/gondul/web/api/read/ - ScriptAlias /api/public/ /opt/gondul/web/api/public/ - - AllowOverride None - Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch - - - AllowOverride None - Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch - - - AllowOverride None - Options +ExecCGI -MultiViews +Indexes +SymLinksIfOwnerMatch - Require all granted - - - AllowOverride None - Options Indexes FollowSymLinks MultiViews - AddDefaultCharset UTF-8 - Require all granted - - - ProxyPass "/query" "http://localhost:8086/query" - ProxyPassReverse "/query" "http://localhost:8086/query" - - ErrorLog /var/log/apache2/error-nms.example.com.log - - # Possible values include: debug, info, notice, warn, error, crit, - # alert, emerg. - LogLevel warn - - CustomLog /var/log/apache2/access-nms.example.com.log combined - ServerSignature On - - diff --git a/ansible/roles/web/files/varnish.service b/ansible/roles/web/files/varnish.service new file mode 100644 index 0000000..82b012f --- /dev/null +++ b/ansible/roles/web/files/varnish.service @@ -0,0 +1,3 @@ +[Service] +ExecStart= +ExecStart=/usr/sbin/varnishd -a :80 -T localhost:6082 -f /etc/varnish/default.vcl -S /etc/varnish/secret -s malloc,256m diff --git a/ansible/roles/web/files/varnish.vcl b/ansible/roles/web/files/varnish.vcl new file mode 100644 index 0000000..b082971 --- /dev/null +++ b/ansible/roles/web/files/varnish.vcl @@ -0,0 +1,76 @@ +# vim: ts=8:expandtab:sw=4:softtabstop=4 + +vcl 4.0; + +backend default { + .host = "localhost"; + .port = "8080"; +} + +backend influx { + .host = "localhost"; + .port = "8086"; +} + +sub vcl_recv { + if (req.url ~ "^/where" || req.url ~ "^/location") { + set req.url = "/api/public/location"; + } + if (req.method != "GET" && + req.method != "HEAD" && + req.method != "PUT" && + req.method != "POST" && + req.method != "TRACE" && + req.method != "OPTIONS" && + req.method != "DELETE") { + # Vi hater alt som er gøy. + return (synth(418,"LOLOLOL")); + } + + if (req.url ~ "^/query") { + set req.backend_hint = influx; + } + + if (req.method != "GET" && req.method != "HEAD") { + /* We only deal with GET and HEAD by default */ + return (pass); + } + + # Brukes ikke. Cookies er for nubs. + unset req.http.Cookie; + + # Tvinges gjennom for å cache med authorization-skrot. + return (hash); +} + + +# Rosa magi +sub vcl_hash { + # Wheee. Legg til authorization-headeren i hashen. + hash_data(req.http.authorization); +} + +# Mauve magi. Hva nå enn det er. +# Dette er WIP - Skal flyttes til backend +sub vcl_backend_response { + set beresp.http.x-url = bereq.url; + if (beresp.http.x-ban) { + ban("obj.http.x-url ~ " + beresp.http.x-ban); + } + if (bereq.url ~ "/query") { + # Let's blindly cache influx requests for 5+10s + set beresp.http.Cache-Control = "max-age=5"; + unset beresp.http.Pragma; + set beresp.uncacheable = false; + set beresp.grace = 10s; + set beresp.ttl = 5s; + } + if (beresp.status != 200) { + set beresp.uncacheable = false; + set beresp.ttl = 5s; + } + if (bereq.url ~ "\.(html|css|js)") { + # Mainly for ease of development + set beresp.ttl = 10s; + } +} -- cgit v1.2.3