Configuration: Cache invalidation/purge
Origin shield configuration
Purge content based on tags: Varnish Cache
The following code snippet is an configuration example on how to configure
Varnish Cache six plus to cache an object based on Surrogate Header. The
backend (Apache web server) in this case generates the Surrogate header
my generating a MD5 hash of
Surrogate-Key: n=tears-of-steel, ot=v, usp=1.11.13, sf=d, br=401000, d=4000, st=v.
The following bash command is an example how the Surrogate Header is created
based on he Surrogate-Key.
#!/bin/bash
md5 -s "n=tears-of-steel, ot=v, usp=1.11.13, sf=d, br=401000, d=4000, st=v"
MD5 ("n=tears-of-steel, ot=v, usp=1.11.13, sf=d, br=401000, d=4000, st=v") = a0f430e2da90e5e2e123a57c5e986f9a
curl -v http://localhost:8080/tos/targets/tears-of-steel-video_eng\=401000-57600.dash > /dev/null ⏎
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0* Trying ::1...
* TCP_NODELAY set
* Connected to localhost (::1) port 8080 (#0)
> GET /tos/targets/tears-of-steel-video_eng=401000-57600.dash HTTP/1.1
> Host: localhost:8080
> User-Agent: curl/7.64.1
> Accept: */*
>
< HTTP/1.1 200 OK
< Date: Mon, 14 Mar 2022 14:57:21 GMT
< Server: Apache/2.4.52 (Unix)
< Last-Modified: Thu, 17 Feb 2022 13:44:09 GMT
< ETag: "2f5e0-5d836f5e85485"
< Accept-Ranges: bytes
< Content-Length: 194016
< X-Request-ID: Yi9X0dYuzTKaJmpYn5QnAAAAAAg
< Surrogate-Key: n=tears-of-steel, ot=v, usp=1.11.13, sf=d, br=401000, d=4000, st=v
< Surrogate: a0f430e2da90e5e2e123a57c5e986f9a
< Access-Control-Allow-Headers: origin, range
< Access-Control-Allow-Methods: GET, HEAD, OPTIONS
< Access-Control-Allow-Origin: *
< Access-Control-Expose-Headers: Server,range
< Cache-Control: max-age=20
<
{ [31833 bytes data]
100 189k 100 189k 0 0 7017k 0 --:--:-- --:--:-- --:--:-- 7017k
* Connection #0 to host localhost left intact
* Closing connection 0
import ykey;
acl purgers { "127.0.0.1"; }
# Default backend definition. Set this to point to your content server.
backend default {
.host = "${BACKEND_HOST}";
.port = "${BACKEND_PORT}";
}
sub vcl_recv {
if (req.method == "PURGE")
{
if (client.ip !~ purgers)
{
return (synth(403, "Forbidden"));
}
if (req.http.Ykey-Purge) {
set req.http.n-gone = ykey.purge_header(req.http.Ykey-Purge, sep=", ");
return (synth(200, "Invalidated "+req.http.n-gone+" objects"));
}
else {
return (purge);
}
}
}
sub vcl_backend_response {
# Cache the object using Surrogate header generated by the backend
if (beresp.http.Surrogate)
{
ykey.add_header(beresp.http.Surrogate, sep = ", ");
}
}
The following PURGE method request will remove all objects in cache
tha contain the same Surrogate header. The PURGE requires to be
generated from the local server hosting Varnish Cache Enterprise. The PURGE access is
indicated by the IP address 127.0.0.1.
#!/bin/bash
curl -v -X "PURGE" -H "Ykey-Purge: a0f430e2da90e5e2e123a57c5e986f9a" http://localhost/${ANY_FILE} > /dev/null