Configuration: Cache invalidation/purge

Origin shield configuration

Purge content based on tags: Varnish Cache

The following code snippet is an configuration example on how to configure Varnish Cache six plus to cache an object based on Surrogate Header. The backend (Apache web server) in this case generates the Surrogate header my generating a MD5 hash of Surrogate-Key: n=tears-of-steel, ot=v, usp=1.11.13, sf=d, br=401000, d=4000, st=v.

The following bash command is an example how the Surrogate Header is created based on he Surrogate-Key.

#!/bin/bash

md5 -s "n=tears-of-steel, ot=v, usp=1.11.13, sf=d, br=401000, d=4000, st=v"
MD5 ("n=tears-of-steel, ot=v, usp=1.11.13, sf=d, br=401000, d=4000, st=v") = a0f430e2da90e5e2e123a57c5e986f9a
curl -v  http://localhost:8080/tos/targets/tears-of-steel-video_eng\=401000-57600.dash > /dev/null                                                                                                           ⏎

  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0*   Trying ::1...
* TCP_NODELAY set
* Connected to localhost (::1) port 8080 (#0)
> GET /tos/targets/tears-of-steel-video_eng=401000-57600.dash HTTP/1.1
> Host: localhost:8080
> User-Agent: curl/7.64.1
> Accept: */*
>
< HTTP/1.1 200 OK
< Date: Mon, 14 Mar 2022 14:57:21 GMT
< Server: Apache/2.4.52 (Unix)
< Last-Modified: Thu, 17 Feb 2022 13:44:09 GMT
< ETag: "2f5e0-5d836f5e85485"
< Accept-Ranges: bytes
< Content-Length: 194016
< X-Request-ID: Yi9X0dYuzTKaJmpYn5QnAAAAAAg
< Surrogate-Key: n=tears-of-steel, ot=v, usp=1.11.13, sf=d, br=401000, d=4000, st=v
< Surrogate: a0f430e2da90e5e2e123a57c5e986f9a
< Access-Control-Allow-Headers: origin, range
< Access-Control-Allow-Methods: GET, HEAD, OPTIONS
< Access-Control-Allow-Origin: *
< Access-Control-Expose-Headers: Server,range
< Cache-Control: max-age=20
<
{ [31833 bytes data]
100  189k  100  189k    0     0  7017k      0 --:--:-- --:--:-- --:--:-- 7017k
* Connection #0 to host localhost left intact
* Closing connection 0
import ykey;

acl purgers { "127.0.0.1"; }

# Default backend definition. Set this to point to your content server.
backend default {
    .host = "${BACKEND_HOST}";
    .port = "${BACKEND_PORT}";
}

sub vcl_recv {
  if (req.method == "PURGE")
  {
    if (client.ip !~ purgers)
    {
      return (synth(403, "Forbidden"));
    }
    if (req.http.Ykey-Purge) {
        set req.http.n-gone = ykey.purge_header(req.http.Ykey-Purge, sep=", ");

        return (synth(200, "Invalidated "+req.http.n-gone+" objects"));
    }
    else {
      return (purge);
    }
  }
}

sub vcl_backend_response {

  # Cache the object using  Surrogate header generated by the backend
  if (beresp.http.Surrogate)
  {
    ykey.add_header(beresp.http.Surrogate, sep = ", ");
  }

}

The following PURGE method request will remove all objects in cache tha contain the same Surrogate header. The PURGE requires to be generated from the local server hosting Varnish Cache Enterprise. The PURGE access is indicated by the IP address 127.0.0.1.

#!/bin/bash

curl -v -X "PURGE" -H "Ykey-Purge: a0f430e2da90e5e2e123a57c5e986f9a" http://localhost/${ANY_FILE} > /dev/null