external/HyperProxmox
1
0
Fork 0
mirror of https://github.com/ThomasGsp/HyperProxmox.git synced 2025-03-09 15:40:18 +00:00
Code Issues Releases Wiki Activity

first commit

Browse source
This commit is contained in:
thomas.guiseppin 2017-10-21 22:04:42 +02:00
commit 5352a2b94a
396 changed files with 10008 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

0
system/BASE_SOFT/VARNISH/4.1/README.md Normal file
View file

0
system/BASE_SOFT/VARNISH/4.1/conf/README.md Normal file
View file

0
system/BASE_SOFT/VARNISH/4.1/conf/VMODS/README.md Normal file
View file

BIN
system/BASE_SOFT/VARNISH/4.1/conf/VMODS/libvmod_shield.so Normal file
View file

Binary file not shown.

BIN
system/BASE_SOFT/VARNISH/4.1/conf/VMODS/libvmod_vsthrottle.so Normal file
View file

Binary file not shown.

0
system/BASE_SOFT/VARNISH/4.1/conf/includes/README.md Normal file
View file

6
system/BASE_SOFT/VARNISH/4.1/conf/includes/acls.vcl Normal file
View file

@ -0,0 +1,6 @@
acl debug {
"127.0.0.1";
}
acl purge {
"127.0.0.1";
}

7
system/BASE_SOFT/VARNISH/4.1/conf/includes/backends.vcl Normal file
View file

@ -0,0 +1,7 @@
backend default_backend {
.host = "127.0.0.1";
.port = "81";
.connect_timeout = 5s;
.first_byte_timeout = 30s;
.probe = default_probe;
}

6
system/BASE_SOFT/VARNISH/4.1/conf/includes/directors.vcl Normal file
View file

@ -0,0 +1,6 @@
sub vcl_init {
new default_director = directors.round_robin();
default_director.add_backend(default_backend);
return (ok);
}

37
system/BASE_SOFT/VARNISH/4.1/conf/includes/error-404.vcl Normal file
View file

@ -0,0 +1,37 @@
# The vcl_error() procedure
set obj.http.Content-Type = "text/html; charset=utf-8";
set obj.http.Retry-After = "5";
synthetic {"
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>"} + obj.status + " " + obj.response + {"</title>
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta name="description" content="Backend Error page">
<meta name="author" content="Pascal A.">
<meta name="generator" content="vim">
<meta http-equiv="Content-Type" content="text/html;charset=utf-8" >
<!-- Le styles -->
<link href="//netdna.bootstrapcdn.com/twitter-bootstrap/2.2.1/css/bootstrap-combined.min.css" rel="stylesheet">
<style>
body {
padding-top: 60px; /* 60px to make the container go all the way to the bottom of the topbar */
}
</style>
<!-- Le HTML5 shim, for IE6-8 support of HTML5 elements -->
<!--[if lt IE 9]>
<script src="//html5shim.googlecode.com/svn/trunk/html5.js"></script>
<![endif]-->
</head>
<body>
<div class="container">
<div class="page-header">
<h1 class="pagination-centered">Error "} + obj.status + " " + obj.response + {"</h1>
</div>
</div>
<script src="//netdna.bootstrapcdn.com/twitter-bootstrap/2.2.1/js/bootstrap.min.js"></script>
</body>
</html>
"};

138
system/BASE_SOFT/VARNISH/4.1/conf/includes/error.vcl Normal file
View file

@ -0,0 +1,138 @@
# The vcl_error() procedure
set obj.http.Content-Type = "text/html; charset=utf-8";
set obj.http.Retry-After = "5";
synthetic {"
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>"} + obj.status + " " + obj.response + {"</title>
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta name="description" content="Backend Error page">
<meta name="author" content="Pascal A.">
<meta name="generator" content="vim">
<meta http-equiv="Content-Type" content="text/html;charset=utf-8" >
<!-- Le styles -->
<link href="//netdna.bootstrapcdn.com/twitter-bootstrap/2.2.1/css/bootstrap-combined.min.css" rel="stylesheet">
<style>
body {
padding-top: 60px; /* 60px to make the container go all the way to the bottom of the topbar */
}
</style>
<!-- Le HTML5 shim, for IE6-8 support of HTML5 elements -->
<!--[if lt IE 9]>
<script src="//html5shim.googlecode.com/svn/trunk/html5.js"></script>
<![endif]-->
</head>
<body>
<div class="container">
<div class="page-header">
<h1 class="pagination-centered">Error "} + obj.status + " " + obj.response + {"</h1>
</div>
<div class="alert alert-error pagination-centered">
<i class="icon-warning-sign"></i>
We're very sorry, but the page could not be loaded properly.
<i class="icon-warning-sign"></i>
</div>
<blockquote>This should be fixed very soon, and we apologize for any inconvenience.</blockquote>
<div class="accordion-heading pagination-centered">
<button class="btn accordion-toggle" data-toggle="collapse" href="#debug">
Show debug
</button>
</div>
<div id="debug" class="accordion-body collapse">
<div class="accordion-inner">
<table class="table table-striped table-bordered table-condensed"><caption><h2 class="pagination-centered">Debug Information</h2></caption>
<tr>
<th>Variable</th>
<th>Value</th>
</tr>
<tr>
<td colspan="2">General</td>
</tr>
<tr>
<td width="20%">XID</td>
<td>"} + req.xid + {"</td>
</tr>
<tr>
<td>Time</td>
<td>"} + now + {"</td>
</tr>
<tr>
<td colspan="2">Request</td>
</tr>
<tr>
<td>HTTP host</td>
<td>"} + req.http.Host + {"</td>
</tr>
<tr>
<td>Request type</td>
<td>"} + req.request + {"</td>
</tr>
<tr>
<td>HTTP Protocol version</td>
<td>"} + req.proto + {"</td>
</tr>
<tr>
<td>URL</td>
<td>"} + req.url + {"</td>
</tr>
<tr>
<td>Cookies</td>
<td>"} + regsuball(req.http.cookie, "; ", "<br />") + {"</td>
</tr>
<tr>
<td>Accept-Encoding</td>
<td>"} + req.http.Accept-Encoding + {"</td>
</tr>
<tr>
<td>Cache-Control</td>
<td>"} + req.http.Cache-Control + {"</td>
</tr>
<tr>
<td>HTTP header</td>
<td>"} + req.http.header + {"</td>
</tr>
<tr>
<td>GZIP supported</td>
<td>"} + req.can_gzip + {"</td>
</tr>
<tr>
<td>Backend</td>
<td>"} + req.backend + {"</td>
</tr>
<tr>
<td colspan="2">Server</td>
</tr>
<tr>
<td>Identity</td>
<td>"} + server.identity + {"</td>
</tr>
<tr>
<td>IP:port</td>
<td>"} + server.ip + {":"} + server.port + {"</td>
</tr>
<tr>
<td colspan="2">Client</td>
</tr>
<tr>
<td>IP</td>
<td>"} + client.ip + {"</td>
</tr>
</table>
</div>
</div>
</div>
<footer class="container pagination-centered">
</footer>
<script src="//ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js"></script>
<script src="//netdna.bootstrapcdn.com/twitter-bootstrap/2.2.1/js/bootstrap.min.js"></script>
</body>
</html>
"};

8
system/BASE_SOFT/VARNISH/4.1/conf/includes/probes.vcl Normal file
View file

@ -0,0 +1,8 @@
probe default_probe {
.url = "/";
.expected_response = 200;
.timeout = 15s;
.interval = 15s;
.window = 5;
.threshold = 2;
}

16
system/BASE_SOFT/VARNISH/4.1/conf/includes/wp-protection.vcl Normal file
View file

@ -0,0 +1,16 @@
set req.http.X-Actual-IP = regsub(req.http.X-Forwarded-For, "[, ].*$", "");
#Prevent hammering on wp-login page and users doing excessive searches (2 per second)
if(vsthrottle.is_denied(req.http.X-Actual-IP, 10, 20s) && (req.url ~ "xmlrpc|wp-login.php|\?s\=")) {
return (synth(429, "Too Many Request - Calm down"));
# Use shield vmod to reset connection
shield.conn_reset();
}
#Prevent users from making excessive POST requests that aren't for admin-ajax
if(vsthrottle.is_denied(req.http.X-Actual-IP, 15, 10s) && ((!req.url ~ "\/wp-admin\/|(xmlrpc|admin-ajax)\.php") && (req.method == "POST"))){
return (synth(429, "Too Many Requests"));
# Use shield vmod to reset connection
shield.conn_reset();
}

311
system/BASE_SOFT/VARNISH/4.1/conf/production.vcl Normal file
View file

@ -0,0 +1,311 @@
vcl 4.0;
import vsthrottle;
import shield;
import std;
import directors;
### {{{ PROBES, BACKENDS , ACLS , DIRECTORS
## Probes
include "includes/probes.vcl";
## Backends
include "includes/backends.vcl";
## ACLs
include "includes/acls.vcl";
## Directors
include "includes/directors.vcl";
### }}} PROBES, BACKENDS , ACLS , DIRECTORS
### {{{ RECV
sub vcl_recv {
include "includes/wp-protection.vcl";
if (req.restarts == 0) {
if (req.http.X-Forwarded-For) {
set req.http.X-Forwarded-For = req.http.X-Forwarded-For + ", " + client.ip;
} else {
set req.http.X-Forwarded-For = client.ip;
}
}
# Normalisation des headers, suppression du port (si on utilise plusieurs ports TCP)
set req.http.Host = regsub(req.http.Host, ":[0-9]+", "");
# Normalisation des arguments
# Mis en commentaire : probleme sur les cms wp, drupal etc
# http://stackoverflow.com/questions/29929164/issue-with-wordpress-and-varnish-breaking-loadscript-php
# set req.url = std.querysort(req.url);
# Bye Bye w00tw00t
if (req.url ~ "^/w00tw00t") {
return (synth(404, "Not Found"));
}
# Authorisation pour les purge
if (req.method == "PURGE") {
if (!client.ip ~ purge) {
# Non autorisé ! On lui fourni l'erreur 405 avec le message qui va bien,
return (synth(405, "This IP is not allowed to send PURGE requests."));
}
# Autorisé on purge le cache demandé
return (purge);
}
# Ne traiter que les type normaux, tout le reste est à passer directement aux backends
if (req.method != "GET" &&
req.method != "HEAD" &&
req.method != "PUT" &&
req.method != "POST" &&
req.method != "TRACE" &&
req.method != "OPTIONS" &&
req.method != "PATCH" &&
req.method != "DELETE") {
return (pipe);
}
# Ne mettre en cache que les requetes de type GET ou HEAD. Ceci permet de s'assurer que les requetes POST sont transmises directement aux backends
if (req.method != "GET" && req.method != "HEAD") {
return (pass);
}
# Support de websocket , plus d'infos => https://www.varnish-cache.org/docs/4.0/users-guide/vcl-example-websockets.html
if (req.http.Upgrade ~ "(?i)websocket") {
return (pipe);
}
# Suppression des parametres ajouté par Google Analytics, inutile pour les backends
if (req.url ~ "(\?|&)(utm_source|utm_medium|utm_campaign|gclid|cx|ie|cof|siteurl)=") {
set req.url = regsuball(req.url, "&(utm_source|utm_medium|utm_campaign|gclid|cx|ie|cof|siteurl)=([A-z0-9_\-\.%25]+)", "");
set req.url = regsuball(req.url, "\?(utm_source|utm_medium|utm_campaign|gclid|cx|ie|cof|siteurl)=([A-z0-9_\-\.%25]+)", "?");
set req.url = regsub(req.url, "\?&", "?");
set req.url = regsub(req.url, "\?$", "");
}
# Suppression des # envoyés pour le backend.
if (req.url ~ "\#") {
set req.url = regsub(req.url, "\#.*$", "");
}
# Suppression des / à la fin des Urls pour eviter le duplicate content
if (req.url ~ "\?$") {
set req.url = regsub(req.url, "\?$", "");
}
# Suppression de "has_js" cookie si present
set req.http.Cookie = regsuball(req.http.Cookie, "has_js=[^;]+(; )?", "");
# Suppression de tous les cookies basés sur Google Analytics
set req.http.Cookie = regsuball(req.http.Cookie, "__utm.=[^;]+(; )?", "");
set req.http.Cookie = regsuball(req.http.Cookie, "_ga=[^;]+(; )?", "");
set req.http.Cookie = regsuball(req.http.Cookie, "utmctr=[^;]+(; )?", "");
set req.http.Cookie = regsuball(req.http.Cookie, "utmcmd.=[^;]+(; )?", "");
set req.http.Cookie = regsuball(req.http.Cookie, "utmccn.=[^;]+(; )?", "");
# Remove DoubleClick offensive cookies
set req.http.Cookie = regsuball(req.http.Cookie, "__gads=[^;]+(; )?", "");
# Suppression des cookies de Quant Capital (ajoutés par certains plugin, all __qca)
set req.http.Cookie = regsuball(req.http.Cookie, "__qc.=[^;]+(; )?", "");
# Suppression des cookies AddThis
set req.http.Cookie = regsuball(req.http.Cookie, "__atuvc=[^;]+(; )?", "");
# Suppression du prefix ";" du cookies si present
set req.http.Cookie = regsuball(req.http.Cookie, "^;\s*", "");
# Cookies vides ou seulement avec des espaces ?
if (req.http.cookie ~ "^\s*$") {
unset req.http.cookie;
}
# Normalisation Accept-Encoding header
# Cf manuel => https://www.varnish-cache.org/docs/3.0/tutorial/vary.html
if (req.http.Accept-Encoding) {
if (req.url ~ "\.(jpg|png|gif|gz|tgz|bz2|tbz|mp3|ogg)$") {
unset req.http.Accept-Encoding;
} elsif (req.http.Accept-Encoding ~ "gzip") {
set req.http.Accept-Encoding = "gzip";
} elsif (req.http.Accept-Encoding ~ "deflate") {
set req.http.Accept-Encoding = "deflate";
} else {
# algorithm non connu
unset req.http.Accept-Encoding;
}
}
# On passe les gros fichiers directements aux backends pour eviter les resets de connexions | CF vcl_backend_response
if (req.url ~ "^[^?]*\.(mp[34]|rar|tar|tgz|gz|wav|zip)(\?.*)?$") {
unset req.http.Cookie;
return (hash);
}
# Suppression des cookies sur les fichiers static
if (req.url ~ "^[^?]*\.(bmp|bz2|css|doc|eot|flv|gif|gz|ico|jpeg|jpg|js|less|pdf|png|rtf|swf|txt|woff|xml)(\?.*)?$") {
unset req.http.Cookie;
return (hash);
}
# Envoie de Surrogate-Capability headers pour le support des ESI au niveau des backend
set req.http.Surrogate-Capability = "key=ESI/1.0";
if (req.http.Authorization) {
# Ne pas mettre en cache par defaut
return (pass);
}
return (hash);
}
### }}} RECV
### {{{ PIPE :: PASS
sub vcl_pipe {
# On renvoie toujours le X-Forwarded-For , pas uniquement sur la première requete envoyé aux backends
set bereq.http.Connection = "Close";
# Support de websocket , plus d'infos => https://www.varnish-cache.org/docs/4.0/users-guide/vcl-example-websockets.html
if (req.http.upgrade) {
set bereq.http.upgrade = req.http.upgrade;
}
return (pipe);
}
sub vcl_pass {
# return (pass);
}
### }}} PIPE :: PASS
### {{{ HASH :: HIT :: MISS
sub vcl_hash {
hash_data(req.url);
if (req.http.host) {
hash_data(req.http.host);
} else {
hash_data(server.ip);
}
if (req.http.Cookie) {
hash_data(req.http.Cookie);
}
}
sub vcl_hit {
if (obj.ttl >= 0s) {
return (deliver);
}
if (std.healthy(req.backend_hint)) {
if (obj.ttl + 10s > 0s) {
return (deliver);
} else {
return(fetch);
}
} else {
if (obj.ttl + obj.grace > 0s) {
return (deliver);
} else {
return (fetch);
}
}
return (fetch);
}
sub vcl_miss {
return (fetch);
}
### }}} HASH :: HIT :: MISS
### {{{ BACKEND RESPONSE
sub vcl_backend_response {
# Parse des requetes ESI et suppression des headers Surrogate-Control
if (beresp.http.Surrogate-Control ~ "ESI/1.0") {
unset beresp.http.Surrogate-Control;
set beresp.do_esi = true;
}
if (bereq.url ~ "^[^?]*\.(bmp|bz2|css|doc|eot|flv|gif|gz|ico|jpeg|jpg|js|less|mp[34]|pdf|png|rar|rtf|swf|tar|tgz|txt|wav|woff|xml|zip)(\?.*)?$") {
unset beresp.http.set-cookie;
}
if (bereq.url ~ "^[^?]*\.(mp[34]|rar|tar|tgz|gz|wav|zip|bz2|xz|7z|avi|mov|ogm|mpe?g|mk[av])(\?.*)?$") {
unset beresp.http.set-cookie;
set beresp.do_stream = true;
set beresp.do_gzip = false;
}
# On s'assure que s'il y a des 301 ou des 302 , les port TCP sont remis en place.
if (beresp.status == 301 || beresp.status == 302) {
set beresp.http.Location = regsub(beresp.http.Location, ":[0-9]+", "");
}
# On affiche le contenu en cache (Périmé) si les backends sont downs
set beresp.grace = 6h;
return (deliver);
}
### }}} BACKEND RESPONSE
### {{{ DELIVER
sub vcl_deliver {
if (obj.hits > 0) {
set resp.http.X-Cache = "HIT";
} else {
set resp.http.X-Cache = "MISS";
}
#if (resp.http.X-marker == "pass" ) {
# remove resp.http.X-marker;
# set resp.http.X-Varnish-Cache = "PASS";
#}
set resp.http.X-Cache-Hits = obj.hits;
if (client.ip ~ debug) {
set resp.http.X-Served-By = server.hostname;
set resp.http.X-Varnish-Ip = server.ip;
set resp.http.X-Varnish-Port = std.port(server.ip);
} else {
# Suppression des headers: PHP version, Apache , OS ...
unset resp.http.X-Powered-By;
unset resp.http.Server;
unset resp.http.X-Varnish;
unset resp.http.Via;
unset resp.http.Link;
}
return (deliver);
}
### }}} DELIVER
### {{{ SYNTH
sub vcl_synth {
if (resp.status == 720) {
set resp.http.Location = resp.reason;
set resp.status = 301;
set resp.reason = "Moved Permanently";
} elseif (resp.status == 721) {
set resp.http.Location = resp.reason;
set resp.status = 302;
set resp.reason = "Moved Temporary";
}
return (deliver);
}
### }}} SYNTH
### {{{ INIT
sub vcl_init {
return (ok);
}
sub vcl_fini {
return (ok);
}
### }}} INIT :: FINI

15
system/BASE_SOFT/VARNISH/4.1/varnish Normal file
View file

@ -0,0 +1,15 @@
START=True
NFILES=131072
MEMLOCK=82000
DAEMON_OPTS="-a 127.0.0.1:81 \
-f /etc/varnish/production.vcl \
-T 127.0.0.1:6082 \
-S /etc/varnish/secret \
-s default=malloc,1g \
-p thread_pool_min=200 \
-p thread_pool_max=4000 \
-p thread_pool_timeout=300 \
-p default_grace=300 \
-p default_ttl=604800 \
-p ban_lurker_sleep=1"

0
system/BASE_SOFT/VARNISH/5.0/README.md Normal file
View file

0
system/BASE_SOFT/VARNISH/README.md Normal file
View file