D7 on nginx/ssl+varnish+apache stack works, except when creating new content. I'm stumped.

By RandyK on 11 May 2012 at 05:14 UTC

I've tried to post this at the HighPerformance Group, where I suspect it's a better fit, but it's getting refused: "Your submission has triggered the spam filter and will not be accepted."

I recently set up a D7 server and have been migrating from my old DIY setup.

In currrent state, I can't add content; other functions -- admin, etc -- work.

We use a similar config to that discussed in this group in numerous places. I understand it's not an 'out of the box' config, and something in this config is probably causing this problem. That's why I'm asking here.

My high-level config is

	NGINX/SSL -> VARNISH -> APACHE/NO-SSL -> DRUPAL

In a little more detail - should be a start

nginx
	@listen -> 127.0.0.1:80,   redirect to 11.22.33.44:443
	@listen -> 127.0.0.1:443,  redirect to 11.22.33.44:443
	@listen -> 11.22.33.44:80, redirect to 11.22.33.44:443
	@listen -> 11.22.33.44:443

	upstream VARNISH {
	 server 127.0.0.1:9082  weight=10 max_fails=3 fail_timeout=60s; server 127.0.0.1:11100 weight=1 backup;
	}
	upstream APACHE  {
	 server 127.0.0.1:11100;
	}

	 proxy pass to http://VARNISH @ 127.0.0.1:9082
	 proxy_redirect   off;
	 proxy_set_header Host $host;
	 proxy_set_header X-Real-IP $remote_addr;
	 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	 proxy_set_header X-Client-Verify SUCCESS;
	 proxy_set_header X-SSL-Subject $ssl_client_s_dn;
	 proxy_set_header X-SSL-Issuer  $ssl_client_i_dn;
	 proxy_set_header HTTPS on;

varnish
	@exec -> -a 127.0.0.1:9082 -T 127.0.0.1:6082
	@vcl  -> backend default { .host = "127.0.0.1"; .port = "11000"; }

apache
	@listen     -> 127.0.0.1:11100               <-- NON-DRUPAL, LOCAL SITE
	@ServerName -> mylocal.server.int

	@listen     -> 127.0.0.1:11000               <-- DRUPAL SITE
	@ServerName -> drupal.server.int
	RewriteEngine on
	RewriteBase /
	RewriteRule "(^|/)\." - [F]
	RewriteCond $1 !(^index\.php|\.(gif|jpe?g|png|ico|css|js))$
	RewriteCond %{REQUEST_FILENAME} !-f
	RewriteCond %{REQUEST_FILENAME} !-d
	RewriteRule ^(.*)$ /index.php?q=$1 [L,QSA]

(DRUPAL)sites/default/setting.php
	$base_url = 'https://drupal.server.int';
	$cookie_domain = '.drupal.server.int';

With this config, I can login, logout, admin (add/delete/modify) modules, clear caches, theme, etc etc. No problems whatsoever.

When I try to add some simple content,

	@
	https://drupal.server.int/node/add/test
	click --> SAVE

the browser just cycles for quite awhile, fails to actually create the content, and then eventually returns (@ view source)

	-------------------------------------------------------
	<!--#set var="TITLE" value="Object not found!"
	--><!--#include virtual="include/top.html" -->

	    The requested URL was not found on this server.

	  <!--#if expr="-n v('HTTP_REFERER')" -->

	    The link on the
	    <a href="<!--#echo encoding="url" var="HTTP_REFERER" -->">referring
	    page</a> seems to be wrong or outdated. Please inform the author of
	    <a href="<!--#echo encoding="url" var="HTTP_REFERER" -->">that page</a>
	    about the error.

	  <!--#else -->

	    If you entered the URL manually please check your
	    spelling and try again.

	  <!--#endif -->

	<!--#include virtual="include/bottom.html" -->
	-------------------------------------------------------

My various logs

==> /var/log/nginx/error.log <==
2012/05/10 21:23:03 [error] 25789#0: *6 upstream timed out (110: Connection timed out) while reading response header from upstream, client: 10.2.11.17, server: drupal.server.int, request: "POST /node/add/test HTTP/1.1", upstream: "http://127.0.0.1:9082/node/add/test", host: "drupal.server.int", referrer: "https://drupal.server.int/node/add/test"

==> /var/log/apache2/drupal.server.int.11000.error_log <==
[Thu May 10 21:23:03.255512 2012] [auth_digest:info] [pid 26614:tid 139707156784896] [client 127.0.0.1:50876] AH01778: user auth_user: nonce expired (302.00 seconds old - max lifetime 300.00) - sending new nonce, referer: https://drupal.server.int/node/add/test
[Thu May 10 21:23:03.255815 2012] [auth_digest:info] [pid 26614:tid 139707156784896] [client 127.0.0.1:50876] AH01778: user auth_user: nonce expired (302.00 seconds old - max lifetime 300.00) - sending new nonce, referer: https://drupal.server.int/node/add/test

==> /var/log/apache2/drupal.server.int.11000.log <==
drupal.server.int 10.2.11.17 - auth_user [10/May/2012:21:23:03 -0700] "POST /node/add/test HTTP/1.0" 401 - "https://drupal.server.int/node/add/test" "Mozilla/5.0 (X11; Linux x86_64; rv:12.0) Gecko/20100101 Firefox/12.0"

==> /var/log/nginx/drupal.server.int.443.access.log <==
10.2.11.17 - - [10/May/2012:21:23:03 -0700] POST /node/add/test HTTP/1.1 "401" 533 "https://drupal.server.int/node/add/test" "Mozilla/5.0 (X11; Linux x86_64; rv:12.0) Gecko/20100101 Firefox/12.0" "-"

==> /var/log/messages <==
May 11 04:23:04 mylocal mylocal[25730]: CLI telnet 127.0.0.1 57202 127.0.0.1 6082 Rd PURGE /20 HTTP/1.1
May 11 04:23:04 mylocal mylocal[25730]: CLI telnet 127.0.0.1 57202 127.0.0.1 6082 Wr 101 Unknown request.#012Type 'help' for more info.#012all commands are in lower-case.
May 11 04:23:04 mylocal mylocal[25730]: CLI telnet 127.0.0.1 57202 127.0.0.1 6082 Rd Accept: */*
May 11 04:23:04 mylocal mylocal[25730]: CLI telnet 127.0.0.1 57202 127.0.0.1 6082 Wr 101 Unknown request.#012Type 'help' for more info.#012all commands are in lower-case.
May 11 04:23:04 mylocal mylocal[25730]: CLI telnet 127.0.0.1 57202 127.0.0.1 6082 Rd Host: drupal.server.intnode
May 11 04:23:04 mylocal mylocal[25730]: CLI telnet 127.0.0.1 57202 127.0.0.1 6082 Wr 101 Unknown request.#012Type 'help' for more info.#012all commands are in lower-case.

==> /var/log/nginx/error.log <==
2012/05/10 21:24:03 [error] 25789#0: *6 upstream timed out (110: Connection timed out) while reading response header from upstream, client: 10.2.11.17, server: drupal.server.int, request: "POST /node/add/test HTTP/1.1", upstream: "http://127.0.0.1:9082/node/add/test", host: "drupal.server.int", referrer: "https://drupal.server.int/node/add/test"

==> /var/log/messages <==
May 11 04:24:04 mylocal mylocal[25730]: CLI telnet 127.0.0.1 57217 127.0.0.1 6082 Rd PURGE /21 HTTP/1.1
May 11 04:24:04 mylocal mylocal[25730]: CLI telnet 127.0.0.1 57217 127.0.0.1 6082 Wr 101 Unknown request.#012Type 'help' for more info.#012all commands are in lower-case.
May 11 04:24:04 mylocal mylocal[25730]: CLI telnet 127.0.0.1 57217 127.0.0.1 6082 Rd Accept: */*
May 11 04:24:04 mylocal mylocal[25730]: CLI telnet 127.0.0.1 57217 127.0.0.1 6082 Wr 101 Unknown request.#012Type 'help' for more info.#012all commands are in lower-case.
May 11 04:24:04 mylocal mylocal[25730]: CLI telnet 127.0.0.1 57217 127.0.0.1 6082 Rd Host: drupal.server.intnode
May 11 04:24:04 mylocal mylocal[25730]: CLI telnet 127.0.0.1 57217 127.0.0.1 6082 Wr 101 Unknown request.#012Type 'help' for more info.#012all commands are in lower-case.

==> /var/log/nginx/error.log <==
2012/05/10 21:25:03 [error] 25789#0: *6 upstream timed out (110: Connection timed out) while reading response header from upstream, client: 10.2.11.17, server: drupal.server.int, request: "POST /node/add/test HTTP/1.1", upstream: "http://127.0.0.1:9082/node/add/test", host: "drupal.server.int", referrer: "https://drupal.server.int/node/add/test"

==> /var/log/apache2/mylocal.server.int.11100.error_log <==
[Thu May 10 21:25:03.289744 2012] [core:info] [pid 26614:tid 139707153626880] [client 127.0.0.1:51992] AH00128: File does not exist: /data/webapps/mylocal.server.int/node, referer: https://drupal.server.int/node/add/test

==> /var/log/apache2/mylocal.server.int.11100.log <==
mylocal.server.int 10.2.11.17 - auth_user [10/May/2012:21:25:03 -0700] "POST /node/add/test HTTP/1.0" 404 618 "https://drupal.server.int/node/add/test" "Mozilla/5.0 (X11; Linux x86_64; rv:12.0) Gecko/20100101 Firefox/12.0"

==> /var/log/nginx/drupal.server.int.443.access.log <==
10.2.11.17 - - [10/May/2012:21:25:03 -0700] POST /node/add/test HTTP/1.1 "404" 618 "https://drupal.server.int/node/add/test" "Mozilla/5.0 (X11; Linux x86_64; rv:12.0) Gecko/20100101 Firefox/12.0" "-"

Something in here is causing me this grief but I'm stumped.

I'm hoping somebody here might have some ideas.

Randy

Comments

If I remove Varnish from the

RandyK commented 11 May 2012 at 22:20

If I remove Varnish from the stack, the "Add content" step works. So, I suspect the problem's to do with Varnish, probably my config.

Something in here is causing this grief ... I'm hoping somebody here might have some ideas.

After chatting in #varnish IRC, I've added the varnishlog and my Varnish VCL from when this occurs.

Randy

varnishlog

	...
    0 CLI          - Rd ping
    0 CLI          - Wr 200 19 PONG 1336765179 1.0
    ...
    0 CLI          - Rd ping
    0 CLI          - Wr 200 19 PONG 1336765251 1.0
   18 BackendOpen  b default 127.0.0.1 51097 127.0.0.1 11000
   18 TxRequest    b POST
   18 TxURL        b /node/add/test
   18 TxProtocol   b HTTP/1.0
   18 TxHeader     b Host: drupal.server.int
   18 TxHeader     b X-Real-IP: 10.2.11.17
   18 TxHeader     b X-Forwarded-For: 10.2.11.17
   18 TxHeader     b X-Client-Verify: SUCCESS
   18 TxHeader     b HTTPS: on
   18 TxHeader     b User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:12.0) Gecko/20100101 Firefox/12.0
   18 TxHeader     b Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
   18 TxHeader     b Accept-Language: en,en-us;q=0.5
   18 TxHeader     b Accept-Encoding: gzip, deflate
   18 TxHeader     b DNT: 1
   18 TxHeader     b Referer: https://drupal.server.int/node/add/test
   18 TxHeader     b Cookie: has_js=1; SESS7f645a9a6812afbb8c0cfbe585c44de7=fhrc95jqphi9gbg84idgqv3rkjg1ef0v; NO_CACHE=Y
   18 TxHeader     b Authorization: Digest username="admin_hostauth", realm="AUTH server.int", nonce="NC0m1se/BAA=19098148ae654a708b4a21c6644952bd9ce0730b", uri="/node/add/test", algorithm=MD5, response="22fdcf9e5599f2bcbe84b41fc77deff9", qop=auth, nc=00000095, cnonce="2
   18 TxHeader     b Content-Type: application/x-www-form-urlencoded
   18 TxHeader     b Content-Length: 439
   18 TxHeader     b X-Varnish: 1821233386
   18 RxProtocol   b HTTP/1.1
   18 RxStatus     b 401
   18 RxResponse   b Authorization Required
   18 RxHeader     b Date: Fri, 11 May 2012 19:40:53 GMT
   18 RxHeader     b Server: Apache
   18 RxHeader     b WWW-Authenticate: Digest realm="AUTH server.int", nonce="DJcS6se/BAA=e1e6d71f6ee1ef40d19d23e33135454f3ab70734", algorithm=MD5, domain="/", stale=true, qop="auth", Digest realm="AUTH server.int", nonce="DJcS6se/BAA=e1e6d71f6ee1ef40d19d23e33135454f3ab
   18 RxHeader     b Content-Length: 533
   18 RxHeader     b Connection: close
   18 RxHeader     b Content-Type: text/html; charset=iso-8859-1
   18 Fetch_Body   b 4(length) cls 0 mklen 1
   18 Length       b 533
   18 BackendClose b default
   17 SessionOpen  c 127.0.0.1 55221 127.0.0.1:9080
   17 ReqStart     c 127.0.0.1 55221 1821233386
   17 RxRequest    c POST
   17 RxURL        c /node/add/test
   17 RxProtocol   c HTTP/1.0
   17 RxHeader     c Host: drupal.server.int
   17 RxHeader     c X-Real-IP: 10.2.11.17
   17 RxHeader     c X-Forwarded-For: 10.2.11.17
   17 RxHeader     c X-Client-Verify: SUCCESS
   17 RxHeader     c HTTPS: on
   17 RxHeader     c Connection: close
   17 RxHeader     c User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:12.0) Gecko/20100101 Firefox/12.0
   17 RxHeader     c Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
   17 RxHeader     c Accept-Language: en,en-us;q=0.5
   17 RxHeader     c Accept-Encoding: gzip, deflate
   17 RxHeader     c DNT: 1
   17 RxHeader     c Referer: https://drupal.server.int/node/add/test
   17 RxHeader     c Cookie: has_js=1; SESS7f645a9a6812afbb8c0cfbe585c44de7=fhrc95jqphi9gbg84idgqv3rkjg1ef0v; NO_CACHE=Y
   17 RxHeader     c Authorization: Digest username="admin_hostauth", realm="AUTH server.int", nonce="NC0m1se/BAA=19098148ae654a708b4a21c6644952bd9ce0730b", uri="/node/add/test", algorithm=MD5, response="22fdcf9e5599f2bcbe84b41fc77deff9", qop=auth, nc=00000095, cnonce="2
   17 RxHeader     c Content-Type: application/x-www-form-urlencoded
   17 RxHeader     c Content-Length: 439
   17 VCL_call     c recv pass
   17 VCL_call     c hash
   17 Hash         c has_js=1; SESS7f645a9a6812afbb8c0cfbe585c44de7=fhrc95jqphi9gbg84idgqv3rkjg1ef0v; NO_CACHE=Y
   17 VCL_return   c hash
   17 VCL_call     c pass pass
   17 Backend      c 18 default default
   17 TTL          c 1821233386 RFC -1 -1 -1 1336765253 0 1336765253 0 0
   17 VCL_call     c fetch
   17 TTL          c 1821233386 VCL -1 30 -1 1336765253 -0
   17 TTL          c 1821233386 VCL 120 30 -1 1336765253 -0
   17 VCL_return   c hit_for_pass
   17 ObjProtocol  c HTTP/1.1
   17 ObjResponse  c Authorization Required
   17 ObjHeader    c Date: Fri, 11 May 2012 19:40:53 GMT
   17 ObjHeader    c Server: Apache
   17 ObjHeader    c WWW-Authenticate: Digest realm="AUTH server.int", nonce="DJcS6se/BAA=e1e6d71f6ee1ef40d19d23e33135454f3ab70734", algorithm=MD5, domain="/", stale=true, qop="auth", Digest realm="AUTH server.int", nonce="DJcS6se/BAA=e1e6d71f6ee1ef40d19d23e33135454f3ab
   17 ObjHeader    c Content-Length: 533
   17 ObjHeader    c Content-Type: text/html; charset=iso-8859-1
   17 VCL_call     c deliver deliver
   17 TxProtocol   c HTTP/1.1
   17 TxStatus     c 401
   17 TxResponse   c Authorization Required
   17 TxHeader     c WWW-Authenticate: Digest realm="AUTH server.int", nonce="DJcS6se/BAA=e1e6d71f6ee1ef40d19d23e33135454f3ab70734", algorithm=MD5, domain="/", stale=true, qop="auth", Digest realm="AUTH server.int", nonce="DJcS6se/BAA=e1e6d71f6ee1ef40d19d23e33135454f3ab
   17 TxHeader     c Content-Type: text/html; charset=iso-8859-1
   17 TxHeader     c Content-Length: 533
   17 TxHeader     c Accept-Ranges: bytes
   17 TxHeader     c Date: Fri, 11 May 2012 19:40:53 GMT
   17 TxHeader     c X-Varnish: 1821233386
   17 TxHeader     c Age: 0
   17 TxHeader     c Via: 1.1 varnish
   17 TxHeader     c Connection: close
   17 TxHeader     c x-Varnish-Cache: MISS
   17 Length       c 533
   17 ReqEnd       c 1821233386 1336765253.325964212 1336765253.327671766 0.000122547 0.001666069 0.000041485
   17 SessionClose c Connection: close
   17 StatSess     c 127.0.0.1 55221 0 1 1 0 1 1 569 533
    0 CLI          - Rd ping
    0 CLI          - Wr 200 19 PONG 1336765254 1.0
    ...
    0 CLI          - Rd ping
    0 CLI          - Wr 200 19 PONG 1336765323 1.0
   14 BackendOpen  b default 127.0.0.1 51087 127.0.0.1 11000
   14 TxRequest    b POST
   14 TxURL        b /node/add/test
   14 TxProtocol   b HTTP/1.0
   14 TxHeader     b Host: drupal.server.int
   14 TxHeader     b X-Real-IP: 10.2.11.17
   14 TxHeader     b X-Forwarded-For: 10.2.11.17
   14 TxHeader     b X-Client-Verify: SUCCESS
   14 TxHeader     b HTTPS: on
   14 TxHeader     b User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:12.0) Gecko/20100101 Firefox/12.0
   14 TxHeader     b Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
   14 TxHeader     b Accept-Language: en,en-us;q=0.5
   14 TxHeader     b Accept-Encoding: gzip, deflate
   14 TxHeader     b DNT: 1
   14 TxHeader     b Referer: https://drupal.server.int/node/add/test
   14 TxHeader     b Cookie: has_js=1; SESS7f645a9a6812afbb8c0cfbe585c44de7=fhrc95jqphi9gbg84idgqv3rkjg1ef0v; NO_CACHE=Y
   14 TxHeader     b Authorization: Digest username="admin_hostauth", realm="AUTH server.int", nonce="NC0m1se/BAA=19098148ae654a708b4a21c6644952bd9ce0730b", uri="/node/add/test", algorithm=MD5, response="22fdcf9e5599f2bcbe84b41fc77deff9", qop=auth, nc=00000095, cnonce="2
   14 TxHeader     b Content-Type: application/x-www-form-urlencoded
   14 TxHeader     b Content-Length: 439
   14 TxHeader     b X-Varnish: 1821233384
   14 BackendClose b default
   12 SessionOpen  c 127.0.0.1 55211 127.0.0.1:9080
   12 ReqStart     c 127.0.0.1 55211 1821233384
   12 RxRequest    c POST
   12 RxURL        c /node/add/test
   12 RxProtocol   c HTTP/1.0
   12 RxHeader     c Host: drupal.server.int
   12 RxHeader     c X-Real-IP: 10.2.11.17
   12 RxHeader     c X-Forwarded-For: 10.2.11.17
   12 RxHeader     c X-Client-Verify: SUCCESS
   12 RxHeader     c HTTPS: on
   12 RxHeader     c Connection: close
   12 RxHeader     c User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:12.0) Gecko/20100101 Firefox/12.0
   12 RxHeader     c Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
   12 RxHeader     c Accept-Language: en,en-us;q=0.5
   12 RxHeader     c Accept-Encoding: gzip, deflate
   12 RxHeader     c DNT: 1
   12 RxHeader     c Referer: https://drupal.server.int/node/add/test
   12 RxHeader     c Cookie: has_js=1; SESS7f645a9a6812afbb8c0cfbe585c44de7=fhrc95jqphi9gbg84idgqv3rkjg1ef0v; NO_CACHE=Y
   12 RxHeader     c Authorization: Digest username="admin_hostauth", realm="AUTH server.int", nonce="NC0m1se/BAA=19098148ae654a708b4a21c6644952bd9ce0730b", uri="/node/add/test", algorithm=MD5, response="22fdcf9e5599f2bcbe84b41fc77deff9", qop=auth, nc=00000095, cnonce="2
   12 RxHeader     c Content-Type: application/x-www-form-urlencoded
   12 RxHeader     c Content-Length: 439
   12 VCL_call     c recv pass
   12 VCL_call     c hash
   12 Hash         c has_js=1; SESS7f645a9a6812afbb8c0cfbe585c44de7=fhrc95jqphi9gbg84idgqv3rkjg1ef0v; NO_CACHE=Y
   12 VCL_return   c hash
   12 VCL_call     c pass pass
   12 Backend      c 14 default default
   12 FetchError   c http first read error: -1 11 (Resource temporarily unavailable)
   12 VCL_call     c error deliver
   12 VCL_call     c deliver deliver
   12 TxProtocol   c HTTP/1.1
   12 TxStatus     c 503
   12 TxResponse   c Service Unavailable
   12 TxHeader     c Accept-Ranges: bytes
   12 TxHeader     c Date: Fri, 11 May 2012 19:46:53 GMT
   12 TxHeader     c X-Varnish: 1821233384
   12 TxHeader     c Age: 600
   12 TxHeader     c Via: 1.1 varnish
   12 TxHeader     c Connection: close
   12 TxHeader     c x-Varnish-Cache: MISS
   12 Length       c 0
   12 ReqEnd       c 1821233384 1336765013.231565714 1336765613.231446266 0.000112772 599.999776602 0.000103951
   12 SessionClose c error
   12 StatSess     c 127.0.0.1 55211 600 1 1 0 1 0 188 0
    0 CLI          - Rd ping
    0 CLI          - Wr 200 19 PONG 1336765615 1.0
    0 CLI          - Rd ping
    0 CLI          - Wr 200 19 PONG 1336765618 1.0
    0 CLI          - Rd ping
    0 CLI          - Wr 200 19 PONG 1336765621 1.0
    0 CLI          - Rd ping
    0 CLI          - Wr 200 19 PONG 1336765624 1.0

vcl
acl purge {"localhost"; "127.0.0.1"/24; "10.2.11.0"/24; } acl internal { "10.2.11.0"/24; } backend default { .port = "11000"; .host = "127.0.0.1"; .connect_timeout = 600s; .first_byte_timeout = 600s; .between_bytes_timeout = 600s; .max_connections = 250; }

sub vcl_recv {
if (req.request == "GET" && req.url ~ "^/varnishcheck$") { error 200 "Varnish is Ready"; }
if ( req.url ~ "^/(user/login|user/password|user/register|logout|admin/(.*)|node/add/(.*))" ) {return (pass);}
if (req.url ~ "^/status\.php$" ||
req.url ~ "^/update\.php$" ||
req.url ~ "^/ooyala/ping$" ||
req.url ~ "^/info/.*$" ||
req.url ~ "^/flag/.*$" ||
req.url ~ "^.*/ajax/.*$" ||
req.url ~ "^.*/ahah/.*$") { return (pass);}

if (!req.backend.healthy) {
unset req.http.Cookie;
if (req.http.X-Forwarded-Proto == "https") { set req.http.X-Forwarded-Proto = "http"; }
set req.grace = 30m;}
else { set req.grace = 15s; }

if (req.request == "PURGE") {
if (!client.ip ~ purge) { error 405 "This IP is not allowed to send PURGE requests."; }
return (lookup);
}

if (req.url ~ "^/misc/progress\.js\?[0-9]+$") { set req.url = "/misc/progress.js"; }
if (req.url ~ "^/(cron|install|update)\.php$" && !client.ip ~ internal) { error 404 "Page not found.";}

if (req.http.Accept-Encoding) {
if (req.url ~ "\.(jpg|png|gif|gz|tgz|bz2|tbz)$") { unset req.http.Accept-Encoding; }
elseif (req.http.Accept-Encoding ~ "deflate") { set req.http.Accept-Encoding = "deflate"; }
elseif (req.http.Accept-Encoding ~ "gzip") { set req.http.Accept-Encoding = "gzip"; }
else { unset req.http.Accept-Encoding;}
}
if (req.url ~ "(?i)\.(png|gif|jpeg|jpg|ico|css|js)(\?[a-z0-9]+)?$") { unset req.http.Cookie; }
if (req.http.Cookie) {
set req.http.Cookie = ";" + req.http.Cookie;
set req.http.Cookie = regsuball(req.http.Cookie, "; +", ";");
set req.http.Cookie = regsuball(req.http.Cookie, ";[^ ][^;]*", "");
set req.http.Cookie = regsuball(req.http.Cookie, "^[; ]+|[; ]+$", "");
set req.http.Cookie = regsuball(req.http.Cookie, "__qc.=[^;]+(; )?", "");
set req.http.Cookie = regsuball(req.http.Cookie, "has_js=[^;]+(; )?", "");
set req.http.Cookie = regsuball(req.http.Cookie, "Drupal.toolbar.collapsed=[^;]+(; )?", "");
set req.http.Cookie = regsuball(req.http.Cookie, ";(S{1,2}ESS[a-z0-9]+|NO_CACHE)=", "; \1=");
set req.http.Cookie = regsuball(req.http.Cookie, "Drupal.tableDrag.showWeight=[^;]+(; )?", "");

if (req.http.Cookie == "") { unset req.http.Cookie;}
else { return (pass);}
}

if (req.restarts == 0) {
if (req.http.x-forwarded-for) {
set req.http.X-Forwarded-For =
req.http.X-Forwarded-For + ", " +
regsub(client.ip, ":.*", ""); }
else {
set req.http.X-Forwarded-For =
regsub(client.ip, ":.*", ""); }
}

if (req.request != "GET" &&
req.request != "HEAD" &&
req.request != "PUT" &&
req.request != "POST" &&
req.request != "TRACE" &&
req.request != "OPTIONS" &&
req.request != "DELETE") { return (pipe);}
if (req.request != "GET" && req.request != "HEAD") {return (pass);}
if (req.http.Authorization || req.http.Cookie) {return (pass);}
return (lookup);
}

sub vcl_pipe { set bereq.http.connection = "close";}
sub vcl_hash {
if (req.http.Cookie) {hash_data(req.http.Cookie);}
return (hash);
}
sub vcl_hit { if (req.request == "PURGE") { purge; error 200 "Purged."; } }
sub vcl_miss { if (req.request == "PURGE") { purge; error 200 "Purged."; } }
sub vcl_fetch {
if (req.url ~ "\.(png|gif|jpg(e?)g|ico|css|js)(\?[a-z0-9]+)?$") { unset beresp.http.set-cookie; } elseif (beresp.http.Cache-Control) { unset beresp.http.Expires; }

if (beresp.status == 301) { set beresp.ttl = 1h; return(deliver); }
set beresp.grace = 30s;
}
sub vcl_deliver {
if (obj.hits > 0) { set resp.http.X-Varnish-Cache = "HIT"; set resp.http.X-Varnish-Hits = obj.hits; } else { set resp.http.x-Varnish-Cache = "MISS"; }
unset resp.http.X-Powered-By;
unset resp.http.Server;
}

Maybe you can just link to

Anthony Pero commented 11 May 2012 at 22:30

Maybe you can just link to this from the High Performance group?

Anthony Pero
Project Lead
Virtuosic Media
http://www.virtuosic.me/

I already had

RandyK commented 11 May 2012 at 22:35

I already had ...

http://groups.drupal.org/node/230043

Disabling EXPIRE & PURGE modules fixes inabilty to add content

RandyK commented 13 May 2012 at 14:20

As I'd reported, when exec'ing any 'add/delete content' I'm seeing

==> /var/log/messages <==
May 13 13:58:51 drupal drupal[11186]: CLI telnet 127.0.0.1 47570 127.0.0.1 6080 Rd PURGE /?q=node/23 HTTP/1.1
May 13 13:58:51 drupal drupal[11186]: CLI telnet 127.0.0.1 47570 127.0.0.1 6080 Wr 101 Unknown request.#012Type 'help' for more info.#012all commands are in lower-case.
May 13 13:58:51 drupal drupal[11186]: CLI telnet 127.0.0.1 47570 127.0.0.1 6080 Rd Accept: */*
May 13 13:58:51 drupal drupal[11186]: CLI telnet 127.0.0.1 47570 127.0.0.1 6080 Wr 101 Unknown request.#012Type 'help' for more info.#012all commands are in lower-case.

in my logs. Which appears to be an unsucessful purge.

But if I exec

	drush varnish-purge-all

I see

==> /var/log/messages <==
May 13 13:54:05 drupal drupal[9736]: CLI telnet 127.0.0.1 47487 127.0.0.1 6080 Rd auth 2f512582ff2b8cb4ffa80aa580b10b712e6ef8514c8fc681ed224d8ca11417fe
May 13 13:54:05 drupal drupal[9736]: CLI telnet 127.0.0.1 47487 127.0.0.1 6080 Wr 200 -----------------------------#012Varnish Cache CLI 1.0#012-----------------------------#012Linux,3.1.10-1.9-desktop,x86_64,-sfile,-smalloc,-hcritbit#012#012Type 'help' for command list.#012Type 'quit' to close CLI session.
May 13 13:54:05 drupal drupal[9736]: CLI telnet 127.0.0.1 47487 127.0.0.1 6080 Rd ban req.http.host ~ drupal.server.int && req.url ~ "/"
May 13 13:54:05 drupal drupal[9736]: CLI telnet 127.0.0.1 47487 127.0.0.1 6080 Wr 200

which looks OK.

Checking in sites/all/modules/contrib/varnish/varnish.module for purge code,

...
function varnish_expire_cache($paths) {
  $host = _varnish_get_host();
  $base = base_path();
  $purge = implode('$|^' . $base, $paths);
  $purge = '^'. $base . $purge .'$';
  varnish_purge($host, $purge);
}
...

So far, in this setup, 'VARNISH_SELECTIVE_CLEAR'=2, which requires the Expire module, and uses this code.

If I switch to using DrupalDefault caching

-	'VARNISH_SELECTIVE_CLEAR'=2
+	'VARNISH_SELECTIVE_CLEAR'=1

and

drush pm-disable expire purge

I can once again add/delete content with no timeout problems, with any of the VCLs I'd mentioned.

Now, I'm not sure what possibly breaks if I disable these modules :-/

Did you ever get this figured out?

bcreeves commented 13 August 2013 at 19:42

I'm looking to do something similar.

Speed up Server using nginx and Varnish

apachebooster commented 13 January 2015 at 10:42

Use Apachebooster which is an integration of Nginx and Varnish. It caches both static and dynamic contents and enhance the speed of the server.
You may find more details regarding apachebooster from here : http://ndimensionz.com/apachebooster/