now with generated secret, and can bind mount in the params and vcl
This commit is contained in:
parent
ba65a6e172
commit
bd5bc5b41e
4 changed files with 173 additions and 4 deletions
|
@ -1,9 +1,9 @@
|
|||
FROM fedora
|
||||
|
||||
RUN yum install -y --setopt=override_install_langs=en --setopt=tsflags=nodocs varnish /usr/lib/rpm/redhat/redhat-hardened-cc1 && rm -rf /var/cache/yum
|
||||
ADD run.sh /srv/run.sh
|
||||
RUN yum install -y --setopt=override_install_langs=en --setopt=tsflags=nodocs varnish redhat-rpm-config && rm -rf /var/cache/yum
|
||||
ADD . /srv/
|
||||
|
||||
VOLUME ["/etc/varnish","/var/lib/varnish"]
|
||||
VOLUME ["/var/lib/varnish"]
|
||||
|
||||
EXPOSE 6081 6082
|
||||
CMD ["/srv/run.sh"]
|
||||
|
|
124
fedora-varnish/default.vcl
Normal file
124
fedora-varnish/default.vcl
Normal file
|
@ -0,0 +1,124 @@
|
|||
# This is a basic VCL configuration file for varnish. See the vcl(7)
|
||||
# man page for details on VCL syntax and semantics.
|
||||
#
|
||||
# Default backend definition. Set this to point to your content
|
||||
# server.
|
||||
#
|
||||
backend default {
|
||||
.host = "127.0.0.1";
|
||||
.port = "80";
|
||||
}
|
||||
#
|
||||
# Below is a commented-out copy of the default VCL logic. If you
|
||||
# redefine any of these subroutines, the built-in logic will be
|
||||
# appended to your code.
|
||||
# sub vcl_recv {
|
||||
# if (req.restarts == 0) {
|
||||
# if (req.http.x-forwarded-for) {
|
||||
# set req.http.X-Forwarded-For =
|
||||
# req.http.X-Forwarded-For + ", " + client.ip;
|
||||
# } else {
|
||||
# set req.http.X-Forwarded-For = client.ip;
|
||||
# }
|
||||
# }
|
||||
# if (req.request != "GET" &&
|
||||
# req.request != "HEAD" &&
|
||||
# req.request != "PUT" &&
|
||||
# req.request != "POST" &&
|
||||
# req.request != "TRACE" &&
|
||||
# req.request != "OPTIONS" &&
|
||||
# req.request != "DELETE") {
|
||||
# /* Non-RFC2616 or CONNECT which is weird. */
|
||||
# return (pipe);
|
||||
# }
|
||||
# if (req.request != "GET" && req.request != "HEAD") {
|
||||
# /* We only deal with GET and HEAD by default */
|
||||
# return (pass);
|
||||
# }
|
||||
# if (req.http.Authorization || req.http.Cookie) {
|
||||
# /* Not cacheable by default */
|
||||
# return (pass);
|
||||
# }
|
||||
# return (lookup);
|
||||
# }
|
||||
#
|
||||
# sub vcl_pipe {
|
||||
# # Note that only the first request to the backend will have
|
||||
# # X-Forwarded-For set. If you use X-Forwarded-For and want to
|
||||
# # have it set for all requests, make sure to have:
|
||||
# # set bereq.http.connection = "close";
|
||||
# # here. It is not set by default as it might break some broken web
|
||||
# # applications, like IIS with NTLM authentication.
|
||||
# return (pipe);
|
||||
# }
|
||||
#
|
||||
# sub vcl_pass {
|
||||
# return (pass);
|
||||
# }
|
||||
#
|
||||
# sub vcl_hash {
|
||||
# hash_data(req.url);
|
||||
# if (req.http.host) {
|
||||
# hash_data(req.http.host);
|
||||
# } else {
|
||||
# hash_data(server.ip);
|
||||
# }
|
||||
# return (hash);
|
||||
# }
|
||||
#
|
||||
# sub vcl_hit {
|
||||
# return (deliver);
|
||||
# }
|
||||
#
|
||||
# sub vcl_miss {
|
||||
# return (fetch);
|
||||
# }
|
||||
#
|
||||
# sub vcl_fetch {
|
||||
# if (beresp.ttl <= 0s ||
|
||||
# beresp.http.Set-Cookie ||
|
||||
# beresp.http.Vary == "*") {
|
||||
# /*
|
||||
# * Mark as "Hit-For-Pass" for the next 2 minutes
|
||||
# */
|
||||
# set beresp.ttl = 120 s;
|
||||
# return (hit_for_pass);
|
||||
# }
|
||||
# return (deliver);
|
||||
# }
|
||||
#
|
||||
# sub vcl_deliver {
|
||||
# return (deliver);
|
||||
# }
|
||||
#
|
||||
# sub vcl_error {
|
||||
# set obj.http.Content-Type = "text/html; charset=utf-8";
|
||||
# set obj.http.Retry-After = "5";
|
||||
# synthetic {"
|
||||
# <?xml version="1.0" encoding="utf-8"?>
|
||||
# <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
|
||||
# "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
|
||||
# <html>
|
||||
# <head>
|
||||
# <title>"} + obj.status + " " + obj.response + {"</title>
|
||||
# </head>
|
||||
# <body>
|
||||
# <h1>Error "} + obj.status + " " + obj.response + {"</h1>
|
||||
# <p>"} + obj.response + {"</p>
|
||||
# <h3>Guru Meditation:</h3>
|
||||
# <p>XID: "} + req.xid + {"</p>
|
||||
# <hr>
|
||||
# <p>Varnish cache server</p>
|
||||
# </body>
|
||||
# </html>
|
||||
# "};
|
||||
# return (deliver);
|
||||
# }
|
||||
#
|
||||
# sub vcl_init {
|
||||
# return (ok);
|
||||
# }
|
||||
#
|
||||
# sub vcl_fini {
|
||||
# return (ok);
|
||||
# }
|
|
@ -2,7 +2,13 @@
|
|||
|
||||
set -e
|
||||
|
||||
source /etc/varnish/varnish.params
|
||||
source /srv/varnish.params
|
||||
|
||||
if [ ! -f ${VARNISH_SECRET_FILE} ] ; then
|
||||
mkdir -p $(dirname ${VARNISH_SECRET_FILE})
|
||||
uuidgen > ${VARNISH_SECRET_FILE}
|
||||
echo "Generataed a new ${VARNISH_SECRET_FILE}"
|
||||
fi
|
||||
|
||||
/usr/sbin/varnishd \
|
||||
-F \
|
||||
|
|
39
fedora-varnish/varnish.params
Normal file
39
fedora-varnish/varnish.params
Normal file
|
@ -0,0 +1,39 @@
|
|||
# Varnish environment configuration description. This was derived from
|
||||
# the old style sysconfig/defaults settings
|
||||
|
||||
# Set this to 1 to make systemd reload try to switch vcl without restart.
|
||||
RELOAD_VCL=1
|
||||
|
||||
# Main configuration file. You probably want to change it.
|
||||
VARNISH_VCL_CONF=/srv/default.vcl
|
||||
|
||||
# Default address and port to bind to. Blank address means all IPv4
|
||||
# and IPv6 interfaces, otherwise specify a host name, an IPv4 dotted
|
||||
# quad, or an IPv6 address in brackets.
|
||||
# VARNISH_LISTEN_ADDRESS=192.168.1.5
|
||||
VARNISH_LISTEN_PORT=6081
|
||||
|
||||
# Admin interface listen address and port
|
||||
VARNISH_ADMIN_LISTEN_ADDRESS=127.0.0.1
|
||||
VARNISH_ADMIN_LISTEN_PORT=6082
|
||||
|
||||
# Shared secret file for admin interface
|
||||
VARNISH_SECRET_FILE=/srv/secret
|
||||
|
||||
# The minimum and maximum number of worker threads to start
|
||||
VARNISH_MIN_THREADS=5
|
||||
VARNISH_MAX_THREADS=1000
|
||||
|
||||
# Idle timeout for worker threads
|
||||
VARNISH_THREAD_TIMEOUT=120
|
||||
|
||||
# Backend storage specification, see Storage Types in the varnishd(5)
|
||||
# man page for details.
|
||||
VARNISH_STORAGE="file,/var/lib/varnish/varnish_storage.bin,1G"
|
||||
|
||||
# Default TTL used when the backend does not specify one
|
||||
VARNISH_TTL=120
|
||||
|
||||
# User and group for the varnishd worker processes
|
||||
VARNISH_USER=varnish
|
||||
VARNISH_GROUP=varnish
|
Loading…
Reference in a new issue