Varnish with Nginx for a Rails application (issue with Devise authentication) -

-

i have following configuration varnish. when access application, doesn't ask login, login. i'm doing wrong?

default.vcl

backend default {  .host = "127.0.0.1";  .port = "80"; }   sub vcl_recv {       if(req.url ~ "sign_in" || req.url ~ "sign_out" || req.request == "post" || req.request == "put" || req.request == "delete") {     return (pass);     }     return (lookup); }  sub vcl_fetch { if(req.url ~ "logout" || req.url ~ "sign_out"){     unset beresp.http.set-cookie; } if (req.request == "get") {        unset beresp.http.set-cookie;        set beresp.ttl = 360m; }  if (req.url ~ "images/" || req.url ~ "javascripts" || req.url ~ "stylesheets" || req.url ~ "assets"){        set beresp.ttl = 360m; } }

/etc/default/varnish

daemon_opts="-a 192.241.136.37:80 \          -t localhost:6082 \          -f /etc/varnish/default.vcl \          -s /etc/varnish/secret \          -s malloc,256m"

/etc/nginx/sites-enabled/default

 upstream app {   server unix:/tmp/unicorn.socket fail_timeout=0; }  server { listen 80; client_max_body_size 2g; server_name localhost; keepalive_timeout 5; root /home/deploy/apps/wms/current/public; access_log  off; error_log off;  if ($request_method !~ ^(get|head|put|post|delete|options)$ ){     return 405; }  location ~ ^/(assets)/  {       gzip_static on;     expires     max;     add_header  cache-control public; }   location / {     try_files $uri/index.html $uri.html $uri @app;     error_page 404              /404.html;     error_page 422              /422.html;     error_page 500 502 503 504  /500.html;     error_page 403              /403.html; }  location @app {     proxy_pass http://app; }  location = /favicon.ico {     expires    max;     add_header cache-control public; }  location ~ \.php$ {     deny  all; }  }

you preventing backend delete session cookie, can't log out unless explicitly delete browsers' cookies.

looking @ fetch vcl (comment inline):

sub vcl_fetch {   # prevents server deleting cookie in browser when loging out   if(req.url ~ "logout" || req.url ~ "sign_out"){     unset beresp.http.set-cookie;   }   if (req.request == "get") {     unset beresp.http.set-cookie;     set beresp.ttl = 360m;   }   if (req.url ~ "images/" || req.url ~ "javascripts" || req.url ~ "stylesheets" || req.url ~ "assets"){     set beresp.ttl = 360m;   } }

so backend can't delete client's cookie unless result of post request.

imho shouldn't mess backend's set-cookie headers unless know (and test well) posible side effects


Comments

Post a Comment

Popular posts from this blog

Unable to remove the www from url on https using .htaccess -

-
i want remove www site url. ie. https://www.domainname.com.au https://domainname.com.au . i have tried various .htacces code nothing work me. here present code remove www http not work https. rewriteengine on rewritebase / rewritecond %{http_host} ^www\.(.*)$ [nc] rewriterule ^/(.*)$ http://%1/$1 [r=301,l] rewritecond %{https} off rewriterule ^(.*)$ https://domainname.com.au/$1 [r=301,l] rewriterule ^code-of-conducts/(.*)/$ code-of-conducts.php?type=$1 rewriterule ^parents/post-a-job/(.*)/edit/$ parents/post-a-job.php?action=edit&id=$1 rewriterule ^parents/post-a-job/(.*)/$ parents/post-a-job.php?job_type=$1 rewriterule ^parents/open-jobs/(.*)/delete/$ parents/open-jobs.php?action=delete&id=$1 rewriterule ^parent-profile/(.*)/$ parent-profile.php?id=$1 rewriterule ^parents/job-details/(.*)$ parents/job-details.php?applied_id=$1 rewriterule ^sitterprofile/(.*)/$ sitterprofile.php?id=$1 rewriterule ^sitter/job-board/state/(.*)/page/(.*)/$ sitter/job-board.ph...
Read more