Changeset View
Changeset View
Standalone View
Standalone View
site-modules/profile/templates/varnish/vhost.vcl.erb
# vhost_<%= @servername %>.vcl | # vhost_<%= @servername %>.vcl | ||||
# | # | ||||
# Settings for the <%= @servername %> vhost | # Settings for the <%= @servername %> vhost | ||||
# | # | ||||
# File managed by puppet. All modifications will be lost. | # File managed by puppet. All modifications will be lost. | ||||
sub vcl_recv { | sub vcl_recv { | ||||
if ( | if ( | ||||
<% @aliases.each do |alias_| -%> | <% @aliases.each do |alias_| -%> | ||||
req.http.host ~ "^(?i)<%= Regexp.escape(alias_) %>$" || | req.http.host ~ "^(?i)<%= Regexp.escape(alias_) %>(:[0-9]+)?$" || | ||||
<% end -%> | <% end -%> | ||||
req.http.host ~ "^(?i)<%= Regexp.escape(@servername) %>$" | req.http.host ~ "^(?i)<%= Regexp.escape(@servername) %>(:[0-9]+)?$" | ||||
) { | ) { | ||||
if (std.port(server.ip) == <%= scope['::profile::varnish::http_port'] %>) { | if (std.port(server.ip) == <%= scope['::profile::varnish::http_port'] %>) { | ||||
set req.http.x-redir = "https://" + req.http.host + req.url; | set req.http.x-redir = "https://" + req.http.host + req.url; | ||||
return(synth(850, "Moved permanently")); | return(synth(850, "Moved permanently")); | ||||
} else { | } else { | ||||
set req.http.X_FORWARDED_PROTO = "https"; | set req.http.X_FORWARDED_PROTO = "https"; | ||||
set req.backend_hint = <%= @backend_name %>; | set req.backend_hint = <%= @backend_name %>; | ||||
} | } | ||||
<% if @vcl_recv_extra -%> | <% if @vcl_recv_extra -%> | ||||
<%= @vcl_recv_extra %> | <%= @vcl_recv_extra %> | ||||
<% end -%> | <% end -%> | ||||
} | } | ||||
} | } | ||||
<% if @hsts_max_age or @vcl_deliver_extra -%> | <% if @hsts_max_age or @vcl_deliver_extra -%> | ||||
sub vcl_deliver { | sub vcl_deliver { | ||||
if ( | if ( | ||||
<% @aliases.each do |alias_| -%> | <% @aliases.each do |alias_| -%> | ||||
req.http.host ~ "^(?i)<%= Regexp.escape(alias_) %>$" || | req.http.host ~ "^(?i)<%= Regexp.escape(alias_) %>(:[0-9]+)?$" || | ||||
<% end -%> | <% end -%> | ||||
req.http.host ~ "^(?i)<%= Regexp.escape(@servername) %>$" | req.http.host ~ "^(?i)<%= Regexp.escape(@servername) %>(:[0-9]+)?$" | ||||
) { | ) { | ||||
<% if @hsts_max_age -%> | <% if @hsts_max_age -%> | ||||
if (std.port(server.ip) != <%= scope['::profile::varnish::http_port'] %>) { | if (std.port(server.ip) != <%= scope['::profile::varnish::http_port'] %>) { | ||||
set resp.http.Strict-Transport-Security = "max-age=<%= @hsts_max_age %>;"; | set resp.http.Strict-Transport-Security = "max-age=<%= @hsts_max_age %>;"; | ||||
} | } | ||||
<% end -%> | <% end -%> | ||||
<% if @vcl_deliver_extra -%> | <% if @vcl_deliver_extra -%> | ||||
<%= @vcl_deliver_extra %> | <%= @vcl_deliver_extra %> | ||||
<% end -%> | <% end -%> | ||||
} | } | ||||
} | } | ||||
<% end -%> | <% end -%> |