Configuration: Redundant Origin shield cache

Origin shield configuration

Varnish cache

vcl 4.1;

import utils;
import std;
import saintmode;
import directors;

# Default backend definition. Set this to point to your content server.
backend tile1 {
    .host = "${ORIGIN1}";
    .port = "8080";
}
backend tile2 {
    .host = "${ORIGIN2}";
    .port = "8081";
}


sub vcl_init {
    new sm1 = saintmode.saintmode(tile1, 10);
    new sm2 = saintmode.saintmode(tile2, 10);

    new imagedirector = directors.random();
    imagedirector.add_backend(sm1.backend(), 1);
    imagedirector.add_backend(sm2.backend(), 1);
}

sub vcl_backend_fetch {
    set bereq.backend = imagedirector.backend();
}

sub vcl_backend_response {

    if (beresp.status != 200) {
        # The backend response code is not acceptable, so try another backend.
        return(retry);
    }

    if (beresp.http.content-type == "application/vnd.apple.mpegurl" &&
        bereq.http.X-Url  ~ "^.*isml\/.+-(video|audio)=[0-9]+\.m3u8")
    {
        set beresp.http.X-Url = bereq.http.X-Url;
        ## Origin produces Last-Modfified in GMT time
        ## Example: Last-Modified: Fri, 25 Mar 2022 11:20:58 GMT
        set beresp.http.X-Now-10 = now - 10s;
        if (std.time(beresp.http.Last-Modified, now - 5s) < std.time(beresp.http.X-Now-10, now )) {
            # The manifest is older than 10 seconds
            set beresp.http.X-saintmode = "Manifest invalid";

            # Mark this backend as sick for this particular object for the next 20 seconds
            saintmode.blacklist(20s);
            return(retry);
        }
    }
}