I recently started setting up a server with Varnish and realized that
our instructions for configuring Varnish look terrible. Specifically our
recommendations for Varnish 4.0.
https://www.mediawiki.org/wiki/Manual:Varnish_caching#Configuring_Varnish_4…
That said, while I know things look wrong, I'm not enough of a Varnish
expert to be confident changing the guide.
## Purging
The purge instructions look all wrong.
ban() is not equivalent to ban_url() so the invocations look broken.
Also the Varnish 4 instructions do purging with a `return (purge);` and
omit the vcl_hit and vcl_miss.
See:
https://www.varnish-cache.org/docs/trunk/users-guide/purging.html
## Gzip
The instructions still include Accept-Encoding handling. Varnish now
handles gzip natively.
From what I understand without this code Varnish will
natively prefer
requesting gzipped responses from the server and will handle
gunzipping
things for clients that don't support it.
I believe normalizing "gzip, deflate" -> "gzip,deflate" or just
"gzip,
deflate" -> "gzip" is also redundant now:
https://github.com/varnish/Varnish-Cache/blob/336f2eb8fe1c8f46dbf32a9bad387…
## XFF
The instructions include the setting of an X-Forwarded-For header to
client.ip as well.
This is redundant. Varnish implements XFF natively. And it does it
correctly, which is to append to XFF when already present. The guide
will end up stripping out information which CheckUser makes use of.
## Redundant and harmful vcl_recv overriding
Varnish's default vcl already does stuff like CONNECT piping,
Authorization and Cookie passing (and now it also handles the absence of
SPDY support).
https://github.com/varnish/Varnish-Cache/blob/master/bin/varnishd/builtin.v…
However the guide duplicates these things and ends with a
`return(hash);` making it so the default vcl is never run.
## If-None-Match
Someone is going to have to explain this block to me, because doing it
does not make sense to me:
if (req.http.If-None-Match)
{return(pass);}
--
~Daniel Friesen (Dantman, Nadir-Seen-Fire) [
http://danielfriesen.name/]