varnish 配置文件分享

前言：
   varnish 为目前新兴起来的软件，由于中文文档比较少，配置文件比较复杂，所以在运用起来也是特别的费劲。一个偶然的机会在一个群里，有位varnish高手（ sens杨 ）发表了一篇他对varnish配置文件理解的文档。对于学者来说很有价值。所以转载了过来。

原文如下：

varnish配置文件原文地址:http://groups.drupal.org/node/63203

注：红色字体是英文的直接翻译，有些地方翻译的不好

绿色部分是一些思考，这个配置对自身的业务配置的很详细，现在对除了cookie和TTL那部分外其他可以理解80%，慢慢学习体会

backend default {
  .host = "127.0.0.1";
  .port = "8008";
  .connect_timeout = 600s;
  .first_byte_timeout = 600s;
  .between_bytes_timeout = 600s;
}

backend lighttpd {
  .host = "127.0.0.1";
  .port = "81";
  .connect_timeout = 600s;
  .first_byte_timeout = 600s;
  .between_bytes_timeout = 600s;
}

acl techmission_internal {
  "localhost";
  "127.0.0.1";
}
sub vcl_recv {
  // Allow a grace period for offering "stale" data in case backend lags (http://varnish-cache.org/wiki/VCLExampleGrace)
// 如果backend数据滞后，允许为“过时”数据提供一个宽松期
  set req.grace = 5m;
  // block outside world from our test sites
// 阻止非自己说测试网站（的数据访问）
  if ((req.http.host ~ "www.domain1.org|www.domain2.org") && !(client.ip ~ techmission_internal) && !(req.url ~ "^/ad|^/files")) {
    error 403 "Forbidden";
  }
  if((req.url ~ "/server-status" || req.url ~ "/whm-server-status") && !(client.ip ~ techmission_internal)) {
  error 404 "Not Found";
  }
  // add ping url to test Varnish status
// 增加ping URL测试varnish状态（这个功能使用大部分vcl都没配置，可以增加一个监控状态）
  if (req.request == "GET" && req.url ~ "/varnish-ping") {
  error 200 "OK";
  }
/* Normalize host header to reduce variation in cache */
// 使host头规范化，以减少在cache中变化（这个为什么会说变化呢？）
if (req.http.host == "domain.org" && req.url !~ "^/blogs") {
  set req.http.host = "www.domain.org";
}

/* Normalize Accept-Encoding to reduce effects of Vary: Accept-Encoding
   (cf. http://varnish-cache.org/wiki/FAQ/Compression)
   Also note that Vary: User-Agent is considered harmful
   (cf. http://www.mail-archive.com/[email protected].no/msg03296.html) */
//规范化Accept-Encoding以减少Vary：Accept-Encoding影响（cf），也要注意Vary: User-Agent认为是有害的

  if (req.http.Accept-Encoding) {
//if先判断是否可以存在，是为了缩小处理范围？
//看到的其他大部分配置直接就下面了，没有先判断Accept-Encoding是否存在，这点可以再考虑考虑
//现在有req.can_gzip参数了，判断客户端是否接受压缩代码传输
    if (req.url ~ "\.(jpg|png|gif|gz|tgz|bz2|tbz|mp3|ogg)$") {
      // Don't compress already-compressed files
      remove req.http.Accept-Encoding;
    }
    elsif (req.http.Accept-Encoding ~ "gzip") {
        set req.http.Accept-Encoding = "gzip";
    }
    elsif (req.http.Accept-Encoding ~ "deflate") {
        set req.http.Accept-Encoding = "deflate";
    }
    else {
      // unknown algorithm
// 不了解运算
      remove req.http.Accept-Encoding;
    }
  }

  // Remove has_js and Google Analytics __* cookies. Also remove collapsiblock cookies.
//删除has_js和谷歌统计__*的cookies，同时删除collapsiblock cookies
  set req.http.Cookie = regsuball(req.http.Cookie, "(^|;\s*)(__[a-z]+|__utma_a2a|has_js|collapsiblock)=[^;]*", "");
  // Remove JSESSIONID cookie from ChristianVolunteering.org static files and pages that are same for all users
//从ChristianVolunteering.org静态文件和网页中删除JSESSIONID cookie，所有的用户是一样（处理）的
    if (req.http.host ~ "christianvolunteering.org" &&
         (req.url ~ "^/$" ||
          req.url ~ "(searchform|advancedsearch|shorttermmissions|recruitvolunteers|volunteergettingstarted|virtualvolunteer|organizationsearch|abs-bible-outreach|ab*ecutive-volunteers|abs-traveling-engagement-center|churchinstructions|sitemap|city|virtual|organizationlistings|orglistings7407|technology|volunteerlistings|forgotpassword|churchvolunteer|churchvolunteering|servicetrip|region|citysitemap|searchformadv|personalitytest|groupvolunteering|disasterreliefvolunteering|disasterrelief|internships|christiangapyear|about|FAQs|bookrecommendations|contact|pre***elease|training|volunteerstart|volunteerstories|articles)\.jsp$" ||
          req.url ~ "org/org[0-9]+\.jsp$" ||
          req.url ~ "org/opp[0-9]+\.jsp$" ||
          req.url ~ "orglistings[0-9]+\.jsp$" ||
          req.url ~ "org/[^/]+\.jsp$" ||
          req.url ~ "volunteer/[^/]+\.jsp$")
        ) {
    set req.http.Cookie = regsuball(req.http.Cookie, "(^|;\s*)(JSESSIONID)=[^;]*", "");
  }
  // Remove a ";" prefix, if present.
//如果有”;”前缀，则删除
  set req.http.Cookie = regsub(req.http.Cookie, "^;\s*", "");
  // Remove empty cookies.
// 删除空cookies
  if (req.http.Cookie ~ "^\s*$") {
    unset req.http.Cookie;
  }

  // exclude umjobs and gospelpedia test sites
// 排除umjos和gospelpedia测试站点
  if (req.http.host ~ "domain1.org" || req.http.host ~ "domain2.org") {
    return (pass);
  }

  // exclude the cron and supercron pages
// 排除cron和supercron网页
  if (req.url ~ "cron.php") {
    return (pass);
  }
  // exclude dynamic pages (as did Boost)
// 排除动态网页（也是提高（处理））
  if (req.http.host ~ "domain.org" && req.url ~ "^/(user/login|user/password|user/register|logout|cart|post-blog|site-feedback|cgi-bin/webscr|redirect-home|cv-enroll|recommended-content|node/8755|node/8830|node/8351|node/8757|node/8831|cart/(.*)|uc_paypal/(.*)|civicrm/(.*)|admin/(.*)|recommended-content/(.*)|comment/reply/(.*)|node/add/(.*))" ) {
    return (pass);
  }

  // exclude in case of Referer Theme
// 排除Referer的一些主题
  if (req.http.host ~ "domain.org" && req.http.referer ~ "www.christianvolunteering.org|worldvision.christianvolunteering.org|ccda.christianvolunteering.org|www.ccda.org|www.urbanresource.net|mobile.urbanministry.org|www.ministeriourbano.com") {
    return (pass);
  }
  /* Rules to fix Moodle (thanks, gchaix!) */
// 修复Moodle规则
   // Cache Moodle theme files
//缓存Moodle主题文件
   if (req.url ~ "/pix/.*\.gif$") {
     return (lookup);
   }

    // Moodle doesn't like to be cached, passing
//Moodle主题不能缓存的就pass
    if (req.http.Cookie ~ "(MoodleSession|MoodleSessionTest)") {
      return (pass);
    }
    if (req.http.host == "www.domain.edu" && req.url ~ "^/courses") {
      return (pass);
    }
    if (req.url ~ "file.php") {
      return (pass);
    }

    // WPMU themes are not playing well with static file caching
//WPMU主题使用静态文件缓存运行的不太好
    if (req.http.host == "domain.org" && req.url ~ "/blogs/(.*)/wp-content/themes") {
      return (pass);
    }
  /* Rules for static file caching */
  /* 静态文件缓存规则
  // static files get served by Lighttpd
// 使用Lightted服务静态文件
  if (req.http.host != "server2.techmission.org" && req.url ~ "\.(gif|jpg|swf|css|js|png|jpg|jpeg|gif|png|tiff|tif|svg|swf|ico|doc|ppt|pps|xls|odc|odb|odf|odg|odi|odp|ods|odt|sxc|sxd|sxi|sxw)$") {
     // Lighttpd does not require cookies
     unset req.http.Cookie;
     unset req.http.Authorization;
     set req.backend = lighttpd;
  }

  // large media files get piped directly to lighttpd, to avoid overfilling cache
// 大媒体文件直接使用pipe方式到lightted，避免缓存溢出
  if (req.url ~ "\.(mp3|mp4|m4a|ogg|mov|avi|wmv)$" && req.url !~ "audio/download") {
    set req.backend = lighttpd;
    pipe;
  }
  // pipe large media files that come from Drupal, also, but they can't go to lighty
// pipe从Drupal过来的大媒体文件，同时不去lighty
  if (req.url ~ "audio/play" || req.url ~ "audio/download") {
    pipe;
  }

}
sub vcl_hash {
  if (req.http.Cookie) {
    set req.hash += req.http.Cookie;
  }
  /* Have a separate object cache for mobile site based on User-Agent */
/* 基于User-Agent的移动网站有一个单独的对象缓存
  if (req.http.host == "www.domain.org" && req.http.User-Agent ~ "(iPhone|iPod)") {
    set req.hash += "mobile";
  }
}
sub vcl_fetch {
  // Grace to allow varnish to serve content if backend is lagged
// 如果backend滞后，允许varnish服务内容有一个缓冲期
  set obj.grace = 5m;

  // Add line showing what cookie is once stripped by regex in vcl_recv
//在vcl_recv中通过regex增加展示cookie一次被剥夺的行
  set obj.http.X-Stripped-Cookie = req.http.Cookie;
  set obj.http.X-Request-URL = req.url;

  /* removing Set-Cookie headers that prevent caching */
 //删除那些阻止缓存的Set-Cookie头
  // Don't have cookies on static files (gchaix says may cause loss of session; I haven't observed that)
    if (req.url ~ "\.(gif|jpg|swf|css|js|png|jpg|jpeg|gif|png|tiff|tif|svg|swf|ico|doc|ppt|pps|xls|odc|odb|odf|odg|odi|odp|ods|odt|sxc|sxd|sxi|sxw)$") {
    remove obj.http.Set-Cookie;
  }

  // Don't set session cookie on ChristianVolunteering.org static files or pages that are same for all users
//对于（头）ChristianVolunteering.org的静态文件和网页，对所有用户不设置session cookie
    if (req.http.host ~ "christianvolunteering.org" &&
         (req.url ~ "^/$" ||
          req.url ~ "(searchform|advancedsearch|shorttermmissions|recruitvolunteers|volunteergettingstarted|virtualvolunteer|organizationsearch|abs-bible-outreach|ab*ecutive-volunteers|abs-traveling-engagement-center|churchinstructions|sitemap|city|virtual|organizationlistings|orglistings7407|technology|volunteerlistings|forgotpassword|churchvolunteer|churchvolunteering|servicetrip|region|citysitemap|searchformadv|personalitytest|groupvolunteering|disasterreliefvolunteering|disasterrelief|internships|christiangapyear|about|FAQs|bookrecommendations|contact|pre***elease|training|volunteerstart|volunteerstories|articles)\.jsp$" ||
          req.url ~ "org/org[0-9]+\.jsp$" ||
          req.url ~ "org/opp[0-9]+\.jsp$" ||
          req.url ~ "orglistings[0-9]+\.jsp$" ||
  req.url ~ "org/[^/]+\.jsp$" ||
          req.url ~ "volunteer/[^/]+\.jsp$")
        ) {
    set obj.http.Set-Cookie = regsuball(req.http.Cookie, "(^|;\s*)(JSESSIONID)=[^;]*", "");
    // Remove empty set-cookie.
    if (obj.http.Set-Cookie ~ "^\s*$") {
      unset obj.http.Set-Cookie;
    }
  }

/* ttl extensions */
/* ttl 扩展 */
// If on www.urbanministry.org or static.urbanministry.org, extend TTL by default (pt. 1)
//对于www.urbanministry.org或static.urbanministry.org，默认情况下扩展TTL
  if (req.http.host == "www.domain.org" || req.http.host == "static.domain.org") {
    set obj.http.X-TTL-Extend = "YES";
  }

  // If on cityvision.edu, but not in Moodle, or if on blazinggrace.org, but not in forums, or if on techmission.org, change obj.ttl
//如果主机头是cityvision.edu但是不在Moodle中，或者主机头是blazinggrace.org，但不在forums中，或者主机头是techmission.org，更改obj.ttl
  if ((req.http.host ~ "domain.edu" && req.url !~ "/courses") || (req.http.host ~ "blazinggrace.org" && req.url !~ "/forums")  || (req.http.host ~ "techmission.org")) {
   set obj.ttl = 7d;
   set obj.http.X-Extended-TTL = "7d";
}

if (obj.status == 404) {
   set obj.ttl = 1s;
if (obj.http.X-TTL-Extend) { unset obj.http.X-TTL-Extend; }
}

  /* debugging of why a page was not cacheable */
/* debug为什么页面没有缓存 */
  if (!obj.cacheable) {
    set obj.http.X-Cacheable = "NO: Varnish says not cacheable " obj.http.X-Cacheable;
    if (obj.http.X-TTL-Extend) { unset obj.http.X-TTL-Extend; }
  }


  // exclude umjobs and gospelpedia test sites
// 排除umjobs和gospelpedia测试站点
  if (req.http.host ~ "domain1.org" || req.http.host ~ "domain2.org") {
    set obj.http.X-Cacheable = "NO: Test domain " obj.http.X-Cacheable;
    if (obj.http.X-TTL-Extend) { unset obj.http.X-TTL-Extend; }
  }

  if (obj.http.Set-Cookie) {
    set obj.http.X-Cacheable = "NO: Set-Cookie " obj.http.X-Cacheable;
    if (obj.http.X-TTL-Extend) { unset obj.http.X-TTL-Extend; }
  }

  if (req.http.Cookie ~ "DRUPAL_UID|SESS") {
    set obj.http.X-Cacheable = "NO: Got Session " obj.http.X-Cacheable;
    if (obj.http.X-TTL-Extend) { unset obj.http.X-TTL-Extend; }
  }

  if (obj.http.Cache-Control ~ "private" || obj.http.Cache-Control ~ "no-cache") {
    set obj.http.X-Cacheable = "NO: Cache-Control set to not cache " obj.http.X-Cacheable;
    if (obj.http.X-TTL-Extend) { unset obj.http.X-TTL-Extend; }
  }

  if (req.url ~ "cron.php") {
    set obj.http.X-Cacheable = "NO: Cron job " obj.http.X-Cacheable;
    if (obj.http.X-TTL-Extend) { unset obj.http.X-TTL-Extend; }
  }

  if (req.http.host ~ "domain.org" && req.url ~ "^/(user/login|user/password|user/register|logout|cart|post-blog|site-feedback|cgi-bin/webscr|redirect-home|cv-enroll|recommended-content|node/8755|node/8830|node/8351|node/8757|node/8831|cart/(.*)|uc_paypal/(.*)|civicrm/(.*)|admin/(.*)|recommended-content/(.*)|comment/reply/(.*)|node/add/(.*))" ) {
    set obj.http.X-Cacheable = "NO: Drupal un-cacheable path " obj.http.X-Cacheable;
    if (obj.http.X-TTL-Extend) { unset obj.http.X-TTL-Extend; }
  }

  if (req.http.host ~ "domain.org" && req.http.referer ~ "www.christianvolunteering.org|worldvision.christianvolunteering.org|ccda.christianvolunteering.org|www.ccda.org|www.urbanresource.net|mobile.urbanministry.org|www.ministeriourbano.com") {
    set obj.http.X-Cacheable = "NO: Referer Theme " obj.http.X-Cacheable;
    if (obj.http.X-TTL-Extend) { unset obj.http.X-TTL-Extend; }
  }

  if (req.request == "POST") {
    set obj.http.X-Cacheable = "NO: POST request " obj.http.X-Cacheable;
    if (obj.http.X-TTL-Extend) { unset obj.http.X-TTL-Extend; }
  }

  if (req.http.Authorization) {
    set obj.http.X-Cacheable = "NO: HTTP Authentication " obj.http.X-Cacheable;
    if (obj.http.X-TTL-Extend) { unset obj.http.X-TTL-Extend; }
  }

  // extend TTL for urbanministry.org objects (but not panels, views, or quicktabs); invalidation thru varnish.module + um_common.module
//为urbaministry.org对象扩展TTL（不是面板、视图，或者quicktabs）；经过varnish.module + um_common.module失效
  if((req.http.host == "www.domain.org" || req.http.host == "static.domain.org") && obj.http.X-TTL-Extend == "YES" && !obj.http.X-Cache-Type) {
    set obj.ttl = 7d;
    set obj.http.X-Extended-TTL = "7d";
  }

}
sub vcl_deliver {
# return (deliver);
  // add cache hit data
// 增加缓存命中数据
  if (obj.hits > 0) {
    // if hit add hit count
// 如果命中，增加命中数
    set resp.http.X-Cache = "HIT";
    set resp.http.X-Cache-Hits = obj.hits;
    // set resp.http.X-Cache-Served-URL = "SERVED " obj.http.X-Request-URL; // http headers are apparently not accessible in vcl_deliver
//在vcl_deliver中http头明显不可访问
    // set resp.http.X-Cache-TTL = obj.ttl; // string representation not implemented yet (currently on 2.0.5)
  }
  else {
    set resp.http.X-Cache = "MISS";
  }
}
/* custom error subroutine - to be a little friendlier to our users */
//指定error子程序，对用户有好些
sub vcl_error {
if(obj.status == 503) {
    set obj.http.Content-Type = "text/html; charset=utf-8";
    synthetic {"
"1.0" encoding="utf-8"?>
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">


    <span class="string">"} obj.status "</span><span> </span><span class="string">" obj.response {"</span><span>


    Error "} obj.status " " obj.response {"
    "} obj.response {"
Sorry we missed you!
We are currently upgrading our websites to serve you better. We should be up again soon.
If you still receive this message 30 minutes from now, please email [email protected].
    Guru Meditation:
    XID: "} req.xid {"


       Served by "http://www.varnish-cache.org/">Varnish cache server



"};
    return (deliver);
}
elsif(obj.status == 403) {
    set obj.http.Content-Type = "text/html; charset=utf-8";
    synthetic {"
"1.0" encoding="utf-8"?>
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">


    <span class="string">"} obj.status "</span><span> </span><span class="string">" obj.response {"</span><span>


    Error "} obj.status " " obj.response {"
    "} obj.response {"
TechMission Developer Access Only
This page is only accessible to our staff. Please visit our main websites www.techmission.org,www.urbanministry.org, and " title="www.christianvolunteering.org.
" style="color: rgb(2, 122, 198); font-weight: bold; text-decoration: none; ">www.christianvolunteering.org.
-- (If you should have access to this page, edit the VCL file to grant yourself access (by adding your current IP to the ACL) and then reload the VCL.) -->
    Guru Meditation:
    XID: "} req.xid {"


       Served by "http://www.varnish-cache.org/">Varnish cache server



"};
    return (deliver);
}
else {
    set obj.http.Content-Type = "text/html; charset=utf-8";
    synthetic {"
"1.0" encoding="utf-8"?>
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">


    <span class="string">"} obj.status "</span><span> </span><span class="string">" obj.response {"</span><span>


    Error "} obj.status " " obj.response {"
    "} obj.response {"
    Guru Meditation:
    XID: "} req.xid {"


       Served by "http://www.varnish-cache.org/">Varnish cache server



"};
    return (deliver);
}
}

在这里感谢 sens杨  同学对配置文档的解释。